N-BYTE Network Watcher is a single-machine version of the network security tool, in short, is a personal version of the personal version of the. In the development of N-BYTE Network Watcher 1.0, Ndis Hook Driver technology uses NDIS Hook Driver technology to implement network packet filtering, which enables N-BYTE network watchmakers to filter network packages in the network layer, thereby achieving powerful functions. Since the main program of the software is written in C #, there is no drive device control function with similar Deviceiocontrol function functions in C #, and the driver under Ndis Hook Driver technology is written in the C language under DDK, in order to enable the main program The control and mutual communication of the driver uses the following design: In the above scheme, a module DriverDll.dll responsible for the main program and the NDIS Hook Driver driver communication and control, and encapsulated by a package driver written in C # The module of the information can send this driver information to the main program, the main program can identify and operate the data type in the module. On the .NET application uses drivers, face two questions: 1. How to implement the .NET application to control the function of the driver? 2. How to pass unmanaged data types from the driver to the .NET application? The following is a detailed solution we have these issues: How to implement the "Net application control the function of the driver? DRIVERDLL.DLL written in hosted C implements direct control of the driver, and the main program implements indirect control over the driver by calling the method. For example, in the NByte.h file, the Start_IP_HOOK constant is used as a parameter to turn on the driver package to open the driver package filter, which defines the IOCTRL hosted class in the managed C module and defines the following to the buffer write. Method of parameters: // Write data to the buffer. DWORD WriteIo (DWORD code, PVOID buffer, DWORD count) {if (hDriverHandle == NULL) return ERROR_DRIVER_HANDLE; DWORD bytesReturned; BOOL returnCode = DeviceIoControl (hDriverHandle, code, buffer, count, NULL, 0, & bytesReturned, NULL); if ( ReturnCode) Return Error_io_ctrl; Return Success;} Of course, use this method is not convenient, so defined a public function to provide the main program call: // Start the package filter Bool Startiphook () {Return (Writeio (Writeio (START_IP_HOOK, NULL, 0) == Success);} This, as long as the object IC of IOCTRL is declared in the main program, it is possible to implement the opening of the driver filtering function by Ic.Startiphook (), and the same method can also be implemented. Drivers do other operations, such as adding, modifying packet filtering rules. How to pass unmanaged data types from the driver to the .NET application? In order to be able to output a security log, you must give the main program to get the package information in the driver. Use the semaphore mechanism that can easily implement the information transfer between the drivers and the non-hosting code, then? This requires the .NET application to deliver unmanaged data types access_info.
In nbyte.h, this is the Access_info structure: typedef struct _access_info {ushort protocol; ulong sourceip; ulong destinationip; ushort sourceport; ushort destinationport;} access_info; Obviously, directly transmit non-managed data type is not possible, need Convert. First, in the ioctrl class, a few packet information parameters to be passed: public __gc class ioCtrl {public: ushort protocol; // Internet protocol type ulong sourceip; // Source IP address ulong destinationip; // Destination IP address USHORT SOURCEPORT // Source port Ushort destinationPort; // destination port ..................} then assign these parameters to these parameters in the getAccessinfo () function: void getaccessinfo () {Access_info ai; bool result = (Readio (Get_info, & ai) , SIZEOF (AI)) == Success); this-> protocol = ai.protocol; this-> sourceip = ai.Sourceip; this-> destinationip = ai.destinationip; this-> sourceport = ai.sourceport; this-> DestinationPort;} Since this information is obtained in the ioctrl class, it is necessary to encapsulate the data types that are easy to handle in a master program, so that the infoEvent class is implemented with C # to encapsulate this information: // This type package Details of the packet can be passed between the modules of it by event implementation. Public class infoEvent: Eventargs {string sinfo; // Used to store the private member of the output information public INT PLENGTH; //commonfunction.sport array length public ushort protocol; // network communication protocol type public uint source sourceIP; // data packet Source IP Public Uint DestinationIP; // Package Destination IP Public Ushort SourcePort; // Packet Source Port Public Ushort DestinationPort; // Destination Port of Packet ................................... The InfoProvider Driver Information Provider class implemented by hosted C is passed to the main program, which requires an entrusted to generate an event: // Declare a commissioned event to transfer data to the main program. __delegate void driverinfo (Object * sender, infoEvent * e); // declare the response event function. __event driverinfo * OnDriverInfo; then define a method in the InfoProvider driver information provider class, run this method in the main program, using the event function ondriverinfo: // in this method to get the driver information The process will turn on the process in the main program.
