IP跳转,驱动级IP重定向,驱动级IP跳转,IP转向实现代码及流程!
有一些应用环境下,比如:
某程序作者停止更新了,我们又没有源码,如果要继续用程序,那就得用IP重定向功能了。
以前是可以用API HOOK和LSP来做的,现在的程序或者游戏好多都有保护,所以以前的方法不可行了,最好的办法是用TDI及WFP驱动来实现IP重定向功能!
WFP及TDI拦截网络数据,然后R3应用层来取得IP实现IP重定向功能。
最终就实把了把目标进程中的某个IP或者全部网络数据,转发到指定的IP上。
下载地址:https://download.csdn.net/download/qq1289671197/11870876
驱动加载部分:
bool InstDrvInit()
{
//
// get the handle to sc manager
//
TCHAR buff[MAX_PATH];
DWORD dwErrCode;
LPTSTR lpErrMsg;
g_schManager = OpenSCManager(
NULL,
NULL,
SC_MANAGER_CREATE_SERVICE | SERVICE_START | SERVICE_STOP | DELETE | SC_MANAGER_ENUMERATE_SERVICE
);
if (g_schManager == NULL)
{
InstDrvGetErrMsg(&dwErrCode, (LPTSTR)&lpErrMsg);
wsprintf(buff, "[InstDrv]OpenSCManager failed(0x%4x)!%s", GetLastError(), lpErrMsg);
SetDlgItemText(( g_hwndDlg, IDC_STATE, buff );
return false;
}
return true;
}
bool InstDrvInstall(
LPTSTR ServiceName,
LPTSTR DriverPath
)
{
// install the driver
TCHAR buff[MAX_PATH];
HANDLE hFile;
SC_HANDLE schService;
DWORD dwErrCode;
LPTSTR lpErrMsg;
hFile = CreateFile(
DriverPath,
GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
0);
if (hFile == INVALID_HANDLE_VALUE)
{
SetDlgItemText(( g_hwndDlg, IDC_STATE, "[InstDrv]The file driverpath assigned do not exist!" );
return false;
}
CloseHandle(hFile);
schService = CreateService(
g_schManager,
ServiceName,
ServiceName,
SERVICE_START | SERVICE_STOP | DELETE,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
DriverPath,
0, 0, 0, 0, 0
);
if (schService == NULL)
{
InstDrvGetErrMsg(&dwErrCode, (LPTSTR)&lpErrMsg);
wsprintf(buff, "[InstDrv]CreateService failed(0x%4x)!%s", GetLastError(), lpErrMsg);
SetDlgItemText(( g_hwndDlg, IDC_STATE, buff );
return false;
}
CloseServiceHandle(schService);
return true;
}
驱动部分:
DriverEntry(
IN PDRIVER_OBJECT driverObject,
IN PUNICODE_STRING registryPath
)
{
int i;
NTSTATUS status;
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
{
driverObject->MajorFunction[i] = (PDRIVER_DISPATCH)devctrl_dispatch;
}
driverObject->DriverUnload = driverUnload;
do
{
status = devctrl_init(driverObject, registryPath);
if (!NT_SUCCESS(status))
{
KdPrint((DPREFIX"devctrl_init failed, status=%x\n", status));
break;
}
#ifdef _WPPTRACE
WPP_SYSTEMCONTROL(driverObject);
WPP_INIT_TRACING(devctrl_getDeviceObject(), registryPath);
#endif
status = rules_init();
if (!NT_SUCCESS(status))
{
KdPrint((DPREFIX"rules_init failed, status=%x\n", status));
break;
}
status = tcpctx_init();
if (!NT_SUCCESS(status))
{
KdPrint((DPREFIX"tcpctx_init failed, status=%x\n", status));
break;
}
status = udpctx_init();
if (!NT_SUCCESS(status))
{
KdPrint((DPREFIX"udpctx_init failed, status=%x\n", status));
break;
}
if (FwpmBfeStateGet() == FWPM_SERVICE_RUNNING)
{
status = callouts_init(devctrl_getDeviceObject());
if (!NT_SUCCESS(status))
{
KdPrint((DPREFIX"callouts_init failed, status=%x\n", status));
break;
}
} else
{
status = FwpmBfeStateSubscribeChanges(
devctrl_getDeviceObject(),
bfeStateCallback,
NULL,
&g_bfeStateSunscribeHandle);
if (!NT_SUCCESS(status))
{
KdPrint((DPREFIX"FwpmBfeStateSubscribeChanges failed, status=%x\n", status));
break;
}
}
} while (FALSE);
if (!NT_SUCCESS(status))
{
cleanup();
}
return status;
}