行勝于言

于無聲處

My Links

Blog Stats

Posts - 6
Stories - 2
Comments - 10
Trackbacks - 0

常用鏈接

留言簿(2)

隨筆檔案

文章檔案

我的站點(diǎn)

漢迪技術(shù)網(wǎng)

搜索

閱讀排行榜

評(píng)論排行榜

如何讓你的程序安全通過windows防火墻

大家開發(fā)網(wǎng)絡(luò)程序,經(jīng)常要連接其他主機(jī),如果在xp上運(yùn)行,一定會(huì)提示你,只有選擇解除阻止才能實(shí)現(xiàn)正常的網(wǎng)絡(luò)連接.那么有沒有辦法在防火墻的例外列表里面通過編程的方式加入自己的程序呢?
?當(dāng)然有了,不然就不要介紹了
xp的系統(tǒng)目錄下面有個(gè)hnetcfg.dll就是這個(gè)編程接口,頭文件是netfw.h,初始化代碼如下:
INetFwProfile* m_pFireWallProfile=NULL;

HRESULT?hr? = ?S_FALSE;

????INetFwMgr * ?fwMgr? = ?NULL;

????INetFwPolicy * ?fwPolicy? = ?NULL;

????FW_ERROR_CODE?ret? = ?FW_NOERROR;

???? try

???? {

???????? if (?m_pFireWallProfile?)

???????????? throw ?FW_ERR_INITIALIZED;

???????? // ?Create?an?instance?of?the?firewall?settings?manager.

????????hr? = ?CoCreateInstance(?__uuidof(NetFwMgr),?NULL,?CLSCTX_INPROC_SERVER,?__uuidof(?INetFwMgr),?( void ** ) & fwMgr?);

???????? if (?FAILED(?hr?))

???????????? throw ?FW_ERR_CREATE_SETTING_MANAGER;

???????? // ?Retrieve?the?local?firewall?policy.

????????hr? = ?fwMgr -> get_LocalPolicy(? & fwPolicy?);

???????? if (?FAILED(?hr?))

???????????? throw ?FW_ERR_LOCAL_POLICY;

???????? // ?Retrieve?the?firewall?profile?currently?in?effect

????????hr? = ?fwPolicy -> get_CurrentProfile(? & m_pFireWallProfile?);

???????? if (?FAILED(?hr?))

???????????? throw ?FW_ERR_PROFILE;

????}

???? catch (?FW_ERROR_CODE?nError)

???? {

????????ret? = ?nError;

????}

???? if (?fwPolicy?)

????????fwPolicy -> Release();

???? if (?fwMgr?)

????????fwMgr -> Release();

???? return ?ret;

將程序名稱加入例外列表:

WinXPSP2FireWall::AddApplication(?const?wchar_t*?lpszProcessImageFileName,?const?wchar_t*?lpszRegisterName?)

{

????FW_ERROR_CODE?ret?=?FW_NOERROR;

????HRESULT?hr;

????BOOL?bAppEnable;

????BSTR?bstrProcessImageFileName?=?NULL;

????BSTR?bstrRegisterName?=?NULL;

????INetFwAuthorizedApplication*?pFWApp?=?NULL;

????INetFwAuthorizedApplications*?pFWApps?=?NULL;

????try

????{

????????if(?m_pFireWallProfile?==?NULL?)

????????????throw?FW_ERR_INITIALIZED;

????????if(?lpszProcessImageFileName?==?NULL?||?lpszRegisterName??==?NULL?)

????????????throw?FW_ERR_INVALID_ARG;

????????//?First?of?all,?check?the?application?is?already?authorized;

????????FW_ERROR_CODE??nError?=?this->IsAppEnabled(?lpszProcessImageFileName,?bAppEnable?);

????????if(?nError?!=?FW_NOERROR?)

????????????throw?nError;

????????//?Only?add?the?application?if?it?isn't?authorized

????????if(?bAppEnable?==?FALSE?)

????????{

????????????//?Retrieve?the?authorized?application?collection

????????????hr?=?m_pFireWallProfile->get_AuthorizedApplications(?&pFWApps?);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_AUTH_APPLICATIONS;

????????????//?Create?an?instance?of?an?authorized?application

????????????hr?=?CoCreateInstance(?__uuidof(NetFwAuthorizedApplication),?NULL,?CLSCTX_INPROC_SERVER,?__uuidof(INetFwAuthorizedApplication),?(void**)&pFWApp);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_CREATE_APP_INSTANCE;

????????????//?Allocate?a?BSTR?for?the?Process?Image?FileName

????????????bstrProcessImageFileName?=?SysAllocString(?lpszProcessImageFileName?);

????????????if(?SysStringLen(?bstrProcessImageFileName?)?==?0)

????????????????throw?FW_ERR_SYS_ALLOC_STRING;

????????????//?Set?the?process?image?file?name

????????????hr?=?pFWApp->put_ProcessImageFileName(?bstrProcessImageFileName?);

????????????if(?FAILED(?hr?)?)

????????????????throw?FW_ERR_PUT_PROCESS_IMAGE_NAME;

????????????//?Allocate?a?BSTR?for?register?name

????????????bstrRegisterName?=?SysAllocString(?lpszRegisterName?);

????????????if(?SysStringLen(?bstrRegisterName?)?==?0)

????????????????throw?FW_ERR_SYS_ALLOC_STRING;

????????????//?Set?a?registered?name?of?the?process

????????????hr?=?pFWApp->put_Name(?bstrRegisterName?);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_PUT_REGISTER_NAME;

????????????

????????????//?Add?the?application?to?the?collection

????????????hr?=?pFWApps->Add(?pFWApp?);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_ADD_TO_COLLECTION;

????????}

????}

????catch(?FW_ERROR_CODE?nError?)

????{

????????ret?=?nError;

????}

????SysFreeString(?bstrProcessImageFileName?);

????SysFreeString(?bstrRegisterName?);

????if(?pFWApp?)

????????pFWApp->Release();

????if(?pFWApps?)

????????pFWApps->Release();

????return?ret;

}

posted on 2006-07-24 16:01 行勝于言閱讀(2345) 評(píng)論(3) 編輯收藏引用

Feedback

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 16:59 小明

這種方法需要有管理員的權(quán)限么？

如果以普通用戶login，或者以普通用戶的角色來運(yùn)行程序，ok? 回復(fù) 更多評(píng)論

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 17:53 行勝于言

我不知道你的應(yīng)用場(chǎng)景是什么?至于說調(diào)用權(quán)限,并非一定是管理員,普通用戶只要CoInitialize返回不是E_FAIL應(yīng)該都有權(quán)限!
這段代碼不是做后門用的,請(qǐng)大家用在正確的方向上! 回復(fù) 更多評(píng)論

# re: 如何讓你的程序安全通過windows防火墻 2006-07-25 08:29 fiestay

也可以直接將例外的程序?qū)懙阶?cè)表中，windows自帶的防火墻中所有例外都存在注冊(cè)表中了，只要將需要例外處理的程序?qū)懙綄?duì)應(yīng)的鍵下面即可。回復(fù) 更多評(píng)論

刷新評(píng)論列表

只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。




網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理

青青草原综合久久大伊人导航_色综合久久天天综合_日日噜噜夜夜狠狠久久丁香五月_热久久这里只有精品

行勝于言

My Links

Blog Stats

常用鏈接

留言簿(2)

隨筆檔案

文章檔案

我的站點(diǎn)

搜索

最新評(píng)論

閱讀排行榜

評(píng)論排行榜

如何讓你的程序安全通過windows防火墻

Feedback

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 16:59 小明

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 17:53 行勝于言

# re: 如何讓你的程序安全通過windows防火墻 2006-07-25 08:29 fiestay