IPv6EnableFirewallHook.C

/*
文件名：IPv6EnableFirewallHook.C

这是一项过时的技术：Available on Microsoft Windows XP with Service Pack 2 (SP2) and Windows Server 2003 with Service Pack 1 (SP1).
而且编译平台只有：XP和2003，因为：只有这个有Tcpip6.lib。
运行平台，那你就测试吧！

不过，有时还是必不可少的技术。

前提条件：安装IPV6协议，
非正式的办法是加载并运行Tcpip6.SYS。
其中的一个检测办法是查看：sc query tcpip6是否运行。
否则本驱动启动失败，返回错误值2，找不到文件，这个文件肯定是Tcpip6.SYS，不信看这两个文件的导出依赖信息。
也就是说Tcpip6.SYS本身是存在的，但是默认没有安装，更不用说启动了。

made by correy
made at 2017.01.13.
homepage:http://correy.webs.com
*/

#include <ntifs.h>
#include <windef.h>
#include <ntddk.h>
#include <ntstrsafe.h>
#include <assert.h>
#include <ipexport.h>
#include <Ip6firewall.h> //编译版本不能超过：NTDDI_LONGHORN。

#pragma warning(disable:4100) //未引用的形参
#pragma warning(disable:4214) //整形以外的位域类型
#pragma warning(disable:4121) //封装要区分成员对齐方式
#pragma warning(disable:4189) //局部变量已初始化但不引用

KEVENT DisableCompleteEvent;// Event to indicate when the disable is complete

#define DATA_ALIGNMENT  4// Alignment for packet data


// Driver's FirewallHook function
IPv6Action
FirewallHook(
const IPv6Addr  *SourceAddress,
const IPv6Addr  *DestinationAddress,
uint  PayloadLength,
uchar  HeaderType,
const uchar  *HeaderData,
const void  *PacketContext,
uint  DataLength,
uint  InterfaceIndex,
IPv6Direction  Direction,
BOOLEAN  IsLoopBack
)
{
    const uchar *PacketData;
    IP6RouteEntry SourceRoute;
    IP6RouteEntry DestinationRoute;
    IP_STATUS Status;

    // Obtain a pointer to the packet data
    PacketData = IPv6ObtainPacketData(PacketContext, DataLength, DATA_ALIGNMENT);
    if (!PacketData)// Check result
    {
        return ActionDrop;// Drop the packet to be safe
    }

    // Get the source route information
    Status = IPv6GetBestRouteInfo(
        SourceAddress,
        0, // Global scope
        0, // No interface constraint
        &SourceRoute
        );
    if (Status != IP_SUCCESS)// Check result
    {
        return ActionDrop;// Drop the packet to be safe
    }

    // Get the destination route information
    Status = IPv6GetBestRouteInfo(
        DestinationAddress,
        0, // Global scope
        0, // No interface constraint
        &DestinationRoute
        );
    if (Status != IP_SUCCESS)// Check result
    {
        return ActionDrop;// Drop the packet to be safe
    }

    // Inspect the various data sources to determine
    // the action to be taken on the packet
    //...

        // If there is a reason why the packet should be dropped...
        //if (...)
        {
            // Drop the packet
            //return ActionDrop;
        }

    return ActionAccept;// Accept the packet
}


// Disable completion routine
VOID DisableComplete(VOID)
{
    KeSetEvent(&DisableCompleteEvent, 0, FALSE);// Set the disable complete event
}


DRIVER_UNLOAD Unload;
VOID Unload(__in PDRIVER_OBJECT DriverObject)
{
    KeInitializeEvent(&DisableCompleteEvent, NotificationEvent, FALSE);// Initialize the disable complete event
    IPv6DisableFirewallHook(DisableComplete);// Disable the firewall hook
    KeWaitForSingleObject(&DisableCompleteEvent, Executive, KernelMode, FALSE, NULL);// Wait for the disable complete event to be signaled
}


NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT  * DriverObject, __in PUNICODE_STRING  RegistryPath)
{
    NTSTATUS status = STATUS_SUCCESS;

    //KdBreakPoint();
    __debugbreak();

    DriverObject->DriverUnload = Unload;

    status = IPv6EnableFirewallHook(FirewallHook);// Enable the FirewallHook callback function

    return status;
}