UINT32 PrvScenarioProxyAddFwpmObjects(_In_ const FWPM_FILTER* pFilter, _In_ const PC_PROXY_DATA* pPCProxyData) { ASSERT(pFilter); ASSERT(pPCProxyData); UINT32 status = NO_ERROR; HANDLE engineHandle = 0; FWP_BYTE_BLOB byteBlob = {0}; FWPM_PROVIDER_CONTEXT providerContext = {0}; FWPM_CALLOUT callout = {0}; FWPM_FILTER filter = {0}; RtlCopyMemory(&filter, pFilter, sizeof(FWPM_FILTER)); status = HlprGUIDPopulate(&(providerContext.providerContextKey)); HLPR_BAIL_ON_FAILURE(status); providerContext.displayData.name = L"WFPSampler's Proxy ProviderContext"; providerContext.displayData.description = L"Instructs the driver where to proxy the socket or connection"; providerContext.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; providerContext.type = FWPM_GENERAL_CONTEXT; providerContext.dataBuffer = &byteBlob; providerContext.dataBuffer->size = sizeof(PC_PROXY_DATA); providerContext.dataBuffer->data = (UINT8*)pPCProxyData; #if(NTDDI_VERSION >= NTDDI_WIN7) if(pFilter->layerKey == FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 || pFilter->layerKey == FWPM_LAYER_ALE_CONNECT_REDIRECT_V6 || pFilter->layerKey == FWPM_LAYER_ALE_BIND_REDIRECT_V4 || pFilter->layerKey == FWPM_LAYER_ALE_BIND_REDIRECT_V6) callout.calloutKey = WFPSAMPLER_CALLOUT_PROXY_BY_ALE_REDIRECT; else #endif /// (NTDDI_VERSION >= NTDDI_WIN7) callout.calloutKey = WFPSAMPLER_CALLOUT_PROXY_BY_INJECTION; callout.calloutKey.Data4[7] = HlprFwpmLayerGetIDByKey(&(filter.layerKey)); /// Uniquely identifies the callout used callout.displayData.name = L"WFPSampler's Proxy Callout"; callout.displayData.description = L"Proxies the socket or connection to the designated destination"; callout.flags = FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT; callout.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; callout.applicableLayer = filter.layerKey; status = HlprGUIDPopulate(&(filter.filterKey)); HLPR_BAIL_ON_FAILURE(status); filter.flags |= FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT; filter.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; filter.subLayerKey = WFPSAMPLER_SUBLAYER; filter.weight.type = FWP_UINT8; filter.weight.uint8 = 0xF; filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN; filter.action.calloutKey = callout.calloutKey; filter.providerContextKey = providerContext.providerContextKey; if(filter.flags & FWPM_FILTER_FLAG_BOOTTIME || filter.flags & FWPM_FILTER_FLAG_PERSISTENT) { providerContext.flags |= FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT; callout.flags |= FWPM_CALLOUT_FLAG_PERSISTENT; } status = HlprFwpmEngineOpen(&engineHandle); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmTransactionBegin(engineHandle); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmProviderContextAdd(engineHandle, &providerContext); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmCalloutAdd(engineHandle, &callout); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmFilterAdd(engineHandle, &filter); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmTransactionCommit(engineHandle); HLPR_BAIL_ON_FAILURE(status); HLPR_BAIL_LABEL: if(engineHandle) { if(status != NO_ERROR) HlprFwpmTransactionAbort(engineHandle); HlprFwpmEngineClose(&engineHandle); } return status; }
UINT32 PrvBasicPacketModificationScenarioAddFwpmObjects(_In_ const FWPM_FILTER* pFilter, _In_ const PC_BASIC_PACKET_MODIFICATION_DATA* pPCBasicPacketModificationData) { ASSERT(pFilter); ASSERT(pPCBasicPacketModificationData); UINT32 status = NO_ERROR; HANDLE engineHandle = 0; FWP_BYTE_BLOB byteBlob = {0}; FWPM_PROVIDER_CONTEXT providerContext = {0}; FWPM_CALLOUT callout = {0}; FWPM_FILTER filter = {0}; RtlCopyMemory(&filter, pFilter, sizeof(FWPM_FILTER)); status = HlprGUIDPopulate(&(providerContext.providerContextKey)); HLPR_BAIL_ON_FAILURE(status); providerContext.displayData.name = L"WFPSampler's Basic Packet Modification Provider Context"; providerContext.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; providerContext.type = FWPM_GENERAL_CONTEXT; providerContext.dataBuffer = &byteBlob; providerContext.dataBuffer->size = sizeof(PC_BASIC_PACKET_MODIFICATION_DATA); providerContext.dataBuffer->data = (UINT8*)pPCBasicPacketModificationData; callout.calloutKey = WFPSAMPLER_CALLOUT_BASIC_PACKET_MODIFICATION; callout.calloutKey.Data4[7] = HlprFwpmLayerGetIDByKey(&(filter.layerKey)); /// Uniquely identifies the callout used callout.displayData.name = L"WFPSampler's Basic Packet Modification Callout"; callout.displayData.description = L"Causes callout invocation which modifies the headers and injects traffic back"; callout.flags = FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT; callout.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; callout.applicableLayer = filter.layerKey; status = HlprGUIDPopulate(&(filter.filterKey)); HLPR_BAIL_ON_FAILURE(status); filter.flags |= FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT; filter.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; filter.subLayerKey = WFPSAMPLER_SUBLAYER; filter.weight.type = FWP_UINT8; filter.weight.uint8 = 0xF; filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN; filter.action.calloutKey = callout.calloutKey; filter.providerContextKey = providerContext.providerContextKey; if(filter.flags & FWPM_FILTER_FLAG_BOOTTIME || filter.flags & FWPM_FILTER_FLAG_PERSISTENT) { providerContext.flags |= FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT; callout.flags |= FWPM_CALLOUT_FLAG_PERSISTENT; } status = HlprFwpmEngineOpen(&engineHandle); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmTransactionBegin(engineHandle); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmProviderContextAdd(engineHandle, &providerContext); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmCalloutAdd(engineHandle, &callout); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmFilterAdd(engineHandle, &filter); HLPR_BAIL_ON_FAILURE(status); status = HlprFwpmTransactionCommit(engineHandle); HLPR_BAIL_ON_FAILURE(status); HLPR_BAIL_LABEL: if(engineHandle) { if(status != NO_ERROR) HlprFwpmTransactionAbort(engineHandle); HlprFwpmEngineClose(&engineHandle); } return status; }