logo标签列表

Windows Filtering Platform的.NET封装器?

c#wfp
7

是否有适用于Windows Filtring Platform的.NET包装器?我正在寻找在我的C#应用程序中使用WFP观察应用程序级网络流量。

谢谢!

3个回答
1
你完成了包装器吗?你愿意分享吗? - jjxtra
1

不,我不认为有这样的东西,尽管很多人似乎想要一个。我认为你必须退回到使用Win32 API。

0
你可以使用nuget包vanara.PInvoke来完成这个任务。
可以参考他的GitHub
实现可以通过单元测试来“借鉴”。
[Test]
public void FwpmCalloutEnum0Test()
{
    FWPM_CALLOUT_ENUM_TEMPLATE0 template = new() { layerKey = FWPM_LAYER_DATAGRAM_DATA_V4 };
    using SafeCoTaskMemStruct<FWPM_CALLOUT_ENUM_TEMPLATE0> pTemplate = template;
    FWPM_CALLOUT_SUBSCRIPTION0 subscr = new()
    {
        flags = FWPM_SUBSCRIPTION_FLAG.FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD,
        //sessionKey = Guid.NewGuid(),
        enumTemplate = pTemplate
    };
    var changed = 0;
    using var pchng = new PinnedObject(changed);

    static void callback(IntPtr context, in FWPM_CALLOUT_CHANGE0 change) { unsafe { *(int*)context = 1; } }
    Assert.That(FwpmCalloutSubscribeChanges0(fwpEngineHandle, subscr, callback, pchng, out HFWPCALLOUTCHANGE hChange), ResultIs.Successful);

    Assert.That(FwpmCalloutSubscriptionsGet0(fwpEngineHandle, out SafeFwpmArray<FWPM_CALLOUT_SUBSCRIPTION0> subs), ResultIs.Successful);
    Assert.That(subs.Count, Is.EqualTo(1));

    FWPM_DISPLAY_DATA0 dd = new() { name = "Datagram-Data Proxy Callout", description = "Datagram-Data Proxy Callout" };
    FWPM_CALLOUT0 callout = new() { calloutKey = Guid.NewGuid(), displayData = dd, applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4 };
    Assert.That(FwpmCalloutAdd0(fwpEngineHandle, callout, default, out var id), ResultIs.Successful);

    //System.Threading.Thread.SpinWait(200);
    //Assert.That(changed, Is.Not.Zero);
    Assert.That(FwpmCalloutUnsubscribeChanges0(fwpEngineHandle, hChange), ResultIs.Successful);

    Assert.That(FwpmCalloutGetById0(fwpEngineHandle, id, out SafeFwpmStruct<FWPM_CALLOUT0> byId), ResultIs.Successful);
    Assert.True(byId.Value.HasValue && byId.Value.Value.calloutId == id);
    Assert.That(FwpmCalloutGetByKey0(fwpEngineHandle, callout.calloutKey, out SafeFwpmStruct<FWPM_CALLOUT0> byKey), ResultIs.Successful);
    Assert.True(byKey.Value.HasValue && byKey.Value.Value.calloutId == id);
    Assert.That(FwpmCalloutGetSecurityInfoByKey0(fwpEngineHandle, callout.calloutKey,
        SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION|SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION|SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
        out PSID sOwn, out PSID sGrp, out PACL dacl, out PACL sacl, out SafeFwpmMem sd), ResultIs.Successful);
    Assert.True(!sOwn.IsNull && !sGrp.IsNull && !dacl.IsNull);
    Assert.True(sOwn.IsValidSid() && sGrp.IsValidSid() && dacl.IsValidAcl());

    Assert.That(FwpmCalloutDeleteById0(fwpEngineHandle, id), ResultIs.Successful);

    //-----------------------------------------
    // Get the events from enumeration
    Assert.That(FwpmCalloutEnum0(fwpEngineHandle, out SafeFwpmArray<FWPM_CALLOUT0> h), ResultIs.Successful);
    foreach (FWPM_CALLOUT0 e in h)
    {
        TestContext.WriteLine($"{e.calloutKey}=({e.flags})=========");
        TestContext.WriteLine($"{e.displayData.name ?? nullStr} ({e.displayData.description ?? nullStr})");
        TestContext.WriteLine($"Prov={GetNameOf(e.providerKey.Value.GetValueOrDefault()) ?? nullStr}; Layer={GetNameOf(e.applicableLayer)}");
    }
}
天哪,那真是看不懂的东西! - undefined
@CodeJunkie,嗯,这不是我的测试,我只是展示了你可以用来逐步执行的代码。 - undefined
我知道,只是觉得我必须指出它看起来有多糟糕 :) - undefined
@CodeJunkie,这是一个展示你可以使用C#进行WFP的答案,还有一个与之配套的NuGet包和GitHub库。 - undefined
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接