2

我正在尝试使用 c# 挂钩传出连接。我发现了这个问题: Windows Filtering Platform - How can I block incoming connections based on local port?

但是在示例代码中出现了一些错误,并且缺少一些要使用的类。

我正在尝试使用 p/invoke 签名工具包生成结构,但我有一些非常大的类生成代码,其中 90% 调用依赖。

所以我想我必须实现外部原型,然后调用它们。这是我的代码:

public static class WpfProvider
{
    private static void Test()
    {
        var RemotePort = 8080; //port to block

        // connect to engine
        var session = new FWPM_SESSION0_();
        session.flags = 0xFFF;
        IntPtr engineHandle;
        FwpmEngineOpen0(null, RPC.RPC_C_AUTHN_WINNT, IntPtr.Zero, session, ref engineHandle);

        // create a subLayer to attach filters to
        var subLayerGuid = Guid.NewGuid();
        var subLayer = new FWPM_SUBLAYER0_();
        subLayer.subLayerKey = subLayerGuid;
        subLayer.displayData.name = DisplayName;
        subLayer.displayData.description = DisplayName;
        subLayer.flags = 0;
        subLayer.weight = 0x100;

        FwpmSubLayerAdd0(engineHandle, subLayer, IntPtr.Zero);

        var condition = new FWPM_FILTER_CONDITION0
        {
            fieldKey = Fwpm.FWPM_CONDITION_IP_REMOTE_PORT,
            matchType = Fwpm.FWP_MATCH_TYPE.FWP_MATCH_EQUAL,
            conditionValue =
            {
                type = Fwpm.FWP_DATA_TYPE.FWP_UINT16,
                uint16 = RemotePort
            }
        };

        // create the filter itself
        var fwpFilter = new FWPM_FILTER0();
        fwpFilter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
        fwpFilter.action.type = FWP_ACTION_BLOCK;
        fwpFilter.subLayerKey = subLayerGuid;

        fwpFilter.weight.type = Fwpm.FWP_DATA_TYPE.FWP_EMPTY; // auto-weight.
        fwpFilter.numFilterConditions = (uint)1;

        var condsArray = new[] { condition };
        var condsPtr = SafeNativeMethods.MarshalArray(condsArray); // helper to create a native array from a C# one
        fwpFilter.filterCondition = condsPtr;

        fwpFilter.displayData.name = DisplayName;
        fwpFilter.displayData.description = DisplayName;

        Microsoft.Win32.UnsaveNativeMethods

        // add the filter
        UInt64 filterId = 0L;
        FwpmFilterAdd0(engineHandle, ref fwpFilter, IntPtr.Zero, out filterId));
    }

    /// Return Type: DWORD->unsigned int
    ///serverName: wchar_t*
    ///authnService: UINT32->unsigned int
    ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
    ///session: FWPM_SESSION0*
    ///engineHandle: HANDLE*
    [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmEngineOpen0")]
    public static extern uint FwpmEngineOpen0([System.Runtime.InteropServices.In()] [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)] string serverName, uint authnService, [System.Runtime.InteropServices.In()] IntPtr authIdentity, [System.Runtime.InteropServices.In()] IntPtr session, ref IntPtr engineHandle);

    /// Return Type: DWORD->unsigned int
    ///engineHandle: HANDLE->void*
    ///subLayer: FWPM_SUBLAYER0*
    ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
    [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmSubLayerAdd0")]
    public static extern uint FwpmSubLayerAdd0([System.Runtime.InteropServices.In()] IntPtr engineHandle, [System.Runtime.InteropServices.In()] ref FWPM_SUBLAYER0 subLayer, [System.Runtime.InteropServices.In()] IntPtr sd);

    /// Return Type: DWORD->unsigned int
    ///engineHandle: HANDLE->void*
    ///filter: FWPM_FILTER0*
    ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
    ///id: UINT64*->UInt64
    [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmFilterAdd0")]
    public static extern uint FwpmFilterAdd0([System.Runtime.InteropServices.In()] IntPtr engineHandle, [System.Runtime.InteropServices.In()] ref FWPM_FILTER0 filter, [System.Runtime.InteropServices.In()] IntPtr sd, UInt64 id);
}

static class RPC
{
    public static uint RPC_C_AUTHN_NONE = 0;//No authentication.
    public static uint RPC_C_AUTHN_DCE_PRIVATE = 1;//DCE private key authentication.
    public static uint RPC_C_AUTHN_DCE_PUBLIC = 2;//DCE public key authentication.
    public static uint RPC_C_AUTHN_DEC_PUBLIC = 4;//DEC public key authentication.Reserved for future use.
    public static uint RPC_C_AUTHN_GSS_NEGOTIATE = 9;//Snego security support provider.
    public static uint RPC_C_AUTHN_WINNT = 10;//NTLMSSP
    public static uint RPC_C_AUTHN_GSS_SCHANNEL = 14;//Schannel security support provider. This authentication service supports SSL 2.0, SSL 3.0, TLS, and PCT.
    public static uint RPC_C_AUTHN_GSS_KERBEROS = 16;//Kerberos security support provider.
    public static uint RPC_C_AUTHN_DPA = 17;//DPA security support provider.
    public static uint RPC_C_AUTHN_MSN = 18;//MSN security support provider.
    public static uint RPC_C_AUTHN_KERNEL = 20;//Kernel security support provider.
    public static uint RPC_C_AUTHN_DIGEST = 21;//Digest security support provider.
    public static uint RPC_C_AUTHN_NEGO_EXTENDER = 30;//NEGO extender security support provider.
    public static uint RPC_C_AUTHN_PKU2U = 31;//PKU2U security support provider.
    public static uint RPC_C_AUTHN_MQ = 100;//MQ security support provider.
    public static uint RPC_C_AUTHN_DEFAULT = 0xFFFFFFFF; //The system default authentication service. When this value is specified, COM uses its normal security blanket negotiation algorithm to pick an authentication service.For more information, see Security Blanket Negotiation. 
}

#region WPF imports
[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
public struct GUID
{  
    public uint Data1;/// unsigned int
    public ushort Data2;/// unsigned short
    public ushort Data3;/// unsigned short
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = 8)]
    public string Data4;// unsigned char[8]
}

[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct SID_IDENTIFIER_AUTHORITY
{
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 6, ArraySubType = System.Runtime.InteropServices.UnmanagedType.I1)]
    public byte[] Value;// BYTE[6]
}

[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct SID
{
    public byte Revision;/// BYTE->unsigned char
    public byte SubAuthorityCount;/// BYTE->unsigned char
    public SID_IDENTIFIER_AUTHORITY IdentifierAuthority;/// SID_IDENTIFIER_AUTHORITY->_SID_IDENTIFIER_AUTHORITY
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 1, ArraySubType = System.Runtime.InteropServices.UnmanagedType.U4)]
    public uint[] SubAuthority;// DWORD[1]
}


[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct SEC_WINNT_AUTH_IDENTITY_W
{
    public IntPtr User;/// unsigned short*
    public uint UserLength;/// unsigned int
    public IntPtr Domain;/// unsigned short*
    public uint DomainLength;/// unsigned int
    public IntPtr Password;/// unsigned short*
    public uint PasswordLength;/// unsigned int
    public uint Flags;// unsigned int
}

[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct FWP_BYTE_BLOB
{
    public uint size; /// UINT32->unsigned int
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPStr)]
    public string data;// UINT8*
}

[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct FWPM_DISPLAY_DATA0
{    
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
    public string name;// wchar_t*
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
    public string description;// wchar_t*
}

[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct FWPM_SESSION0
{
    public GUID sessionKey;/// GUID->_GUID
    public FWPM_DISPLAY_DATA0 displayData;/// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
    public uint flags;/// UINT32->unsigned int
    public uint txnWaitTimeoutInMSec;/// UINT32->unsigned int
    public uint processId;/// DWORD->unsigned int
    public IntPtr sid;/// SID*
    [System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
    public string username;/// wchar_t*
    public int kernelMode;// BOOL->int
}

[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
public struct FWPM_SUBLAYER0
{   
    public GUID subLayerKey;/// GUID->_GUID 
    public FWPM_DISPLAY_DATA0 displayData;/// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
    public ushort flags;/// UINT16->unsigned short
    public IntPtr providerKey;/// GUID*
    public FWP_BYTE_BLOB providerData;/// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
    public ushort weight;// UINT16->unsigned short
}

谢谢

4

0 回答 0