UINT32 PrvScenarioProxyAddFwpmObjects(_In_ const FWPM_FILTER* pFilter,
_In_ const PC_PROXY_DATA* pPCProxyData)
{
ASSERT(pFilter);
ASSERT(pPCProxyData);
UINT32 status = NO_ERROR;
HANDLE engineHandle = 0;
FWP_BYTE_BLOB byteBlob = {0};
FWPM_PROVIDER_CONTEXT providerContext = {0};
FWPM_CALLOUT callout = {0};
FWPM_FILTER filter = {0};
RtlCopyMemory(&filter,
pFilter,
sizeof(FWPM_FILTER));
status = HlprGUIDPopulate(&(providerContext.providerContextKey));
HLPR_BAIL_ON_FAILURE(status);
providerContext.displayData.name = L"WFPSampler's Proxy ProviderContext";
providerContext.displayData.description = L"Instructs the driver where to proxy the socket or connection";
providerContext.providerKey = (GUID*)&WFPSAMPLER_PROVIDER;
providerContext.type = FWPM_GENERAL_CONTEXT;
providerContext.dataBuffer = &byteBlob;
providerContext.dataBuffer->size = sizeof(PC_PROXY_DATA);
providerContext.dataBuffer->data = (UINT8*)pPCProxyData;
#if(NTDDI_VERSION >= NTDDI_WIN7)
if(pFilter->layerKey == FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 ||
pFilter->layerKey == FWPM_LAYER_ALE_CONNECT_REDIRECT_V6 ||
pFilter->layerKey == FWPM_LAYER_ALE_BIND_REDIRECT_V4 ||
pFilter->layerKey == FWPM_LAYER_ALE_BIND_REDIRECT_V6)
callout.calloutKey = WFPSAMPLER_CALLOUT_PROXY_BY_ALE_REDIRECT;
else
#endif /// (NTDDI_VERSION >= NTDDI_WIN7)
callout.calloutKey = WFPSAMPLER_CALLOUT_PROXY_BY_INJECTION;
callout.calloutKey.Data4[7] = HlprFwpmLayerGetIDByKey(&(filter.layerKey)); /// Uniquely identifies the callout used
callout.displayData.name = L"WFPSampler's Proxy Callout";
callout.displayData.description = L"Proxies the socket or connection to the designated destination";
callout.flags = FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT;
callout.providerKey = (GUID*)&WFPSAMPLER_PROVIDER;
callout.applicableLayer = filter.layerKey;
status = HlprGUIDPopulate(&(filter.filterKey));
HLPR_BAIL_ON_FAILURE(status);
filter.flags |= FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.providerKey = (GUID*)&WFPSAMPLER_PROVIDER;
filter.subLayerKey = WFPSAMPLER_SUBLAYER;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = 0xF;
filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
filter.action.calloutKey = callout.calloutKey;
filter.providerContextKey = providerContext.providerContextKey;
if(filter.flags & FWPM_FILTER_FLAG_BOOTTIME ||
filter.flags & FWPM_FILTER_FLAG_PERSISTENT)
{
providerContext.flags |= FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT;
callout.flags |= FWPM_CALLOUT_FLAG_PERSISTENT;
}
status = HlprFwpmEngineOpen(&engineHandle);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmTransactionBegin(engineHandle);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmProviderContextAdd(engineHandle,
&providerContext);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmCalloutAdd(engineHandle,
&callout);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmFilterAdd(engineHandle,
&filter);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmTransactionCommit(engineHandle);
HLPR_BAIL_ON_FAILURE(status);
HLPR_BAIL_LABEL:
if(engineHandle)
{
if(status != NO_ERROR)
HlprFwpmTransactionAbort(engineHandle);
HlprFwpmEngineClose(&engineHandle);
}
return status;
}
UINT32 PrvBasicPacketModificationScenarioAddFwpmObjects(_In_ const FWPM_FILTER* pFilter,
_In_ const PC_BASIC_PACKET_MODIFICATION_DATA* pPCBasicPacketModificationData)
{
ASSERT(pFilter);
ASSERT(pPCBasicPacketModificationData);
UINT32 status = NO_ERROR;
HANDLE engineHandle = 0;
FWP_BYTE_BLOB byteBlob = {0};
FWPM_PROVIDER_CONTEXT providerContext = {0};
FWPM_CALLOUT callout = {0};
FWPM_FILTER filter = {0};
RtlCopyMemory(&filter,
pFilter,
sizeof(FWPM_FILTER));
status = HlprGUIDPopulate(&(providerContext.providerContextKey));
HLPR_BAIL_ON_FAILURE(status);
providerContext.displayData.name = L"WFPSampler's Basic Packet Modification Provider Context";
providerContext.providerKey = (GUID*)&WFPSAMPLER_PROVIDER;
providerContext.type = FWPM_GENERAL_CONTEXT;
providerContext.dataBuffer = &byteBlob;
providerContext.dataBuffer->size = sizeof(PC_BASIC_PACKET_MODIFICATION_DATA);
providerContext.dataBuffer->data = (UINT8*)pPCBasicPacketModificationData;
callout.calloutKey = WFPSAMPLER_CALLOUT_BASIC_PACKET_MODIFICATION;
callout.calloutKey.Data4[7] = HlprFwpmLayerGetIDByKey(&(filter.layerKey)); /// Uniquely identifies the callout used
callout.displayData.name = L"WFPSampler's Basic Packet Modification Callout";
callout.displayData.description = L"Causes callout invocation which modifies the headers and injects traffic back";
callout.flags = FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT;
callout.providerKey = (GUID*)&WFPSAMPLER_PROVIDER;
callout.applicableLayer = filter.layerKey;
status = HlprGUIDPopulate(&(filter.filterKey));
HLPR_BAIL_ON_FAILURE(status);
filter.flags |= FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT;
filter.providerKey = (GUID*)&WFPSAMPLER_PROVIDER;
filter.subLayerKey = WFPSAMPLER_SUBLAYER;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = 0xF;
filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
filter.action.calloutKey = callout.calloutKey;
filter.providerContextKey = providerContext.providerContextKey;
if(filter.flags & FWPM_FILTER_FLAG_BOOTTIME ||
filter.flags & FWPM_FILTER_FLAG_PERSISTENT)
{
providerContext.flags |= FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT;
callout.flags |= FWPM_CALLOUT_FLAG_PERSISTENT;
}
status = HlprFwpmEngineOpen(&engineHandle);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmTransactionBegin(engineHandle);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmProviderContextAdd(engineHandle,
&providerContext);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmCalloutAdd(engineHandle,
&callout);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmFilterAdd(engineHandle,
&filter);
HLPR_BAIL_ON_FAILURE(status);
status = HlprFwpmTransactionCommit(engineHandle);
HLPR_BAIL_ON_FAILURE(status);
HLPR_BAIL_LABEL:
if(engineHandle)
{
if(status != NO_ERROR)
HlprFwpmTransactionAbort(engineHandle);
HlprFwpmEngineClose(&engineHandle);
}
return status;
}
