行勝于言

于無聲處

My Links

Blog Stats

Posts - 6
Stories - 2
Comments - 10
Trackbacks - 0

常用鏈接

留言簿(2)

隨筆檔案

文章檔案

我的站點

漢迪技術網

搜索

閱讀排行榜

評論排行榜

如何讓你的程序安全通過windows防火墻

大家開發網絡程序,經常要連接其他主機,如果在xp上運行,一定會提示你,只有選擇解除阻止才能實現正常的網絡連接.那么有沒有辦法在防火墻的例外列表里面通過編程的方式加入自己的程序呢?
?當然有了,不然就不要介紹了
xp的系統目錄下面有個hnetcfg.dll就是這個編程接口,頭文件是netfw.h,初始化代碼如下:
INetFwProfile* m_pFireWallProfile=NULL;

HRESULT?hr? = ?S_FALSE;

????INetFwMgr * ?fwMgr? = ?NULL;

????INetFwPolicy * ?fwPolicy? = ?NULL;

????FW_ERROR_CODE?ret? = ?FW_NOERROR;

???? try

???? {

???????? if (?m_pFireWallProfile?)

???????????? throw ?FW_ERR_INITIALIZED;

???????? // ?Create?an?instance?of?the?firewall?settings?manager.

????????hr? = ?CoCreateInstance(?__uuidof(NetFwMgr),?NULL,?CLSCTX_INPROC_SERVER,?__uuidof(?INetFwMgr),?( void ** ) & fwMgr?);

???????? if (?FAILED(?hr?))

???????????? throw ?FW_ERR_CREATE_SETTING_MANAGER;

???????? // ?Retrieve?the?local?firewall?policy.

????????hr? = ?fwMgr -> get_LocalPolicy(? & fwPolicy?);

???????? if (?FAILED(?hr?))

???????????? throw ?FW_ERR_LOCAL_POLICY;

???????? // ?Retrieve?the?firewall?profile?currently?in?effect

????????hr? = ?fwPolicy -> get_CurrentProfile(? & m_pFireWallProfile?);

???????? if (?FAILED(?hr?))

???????????? throw ?FW_ERR_PROFILE;

????}

???? catch (?FW_ERROR_CODE?nError)

???? {

????????ret? = ?nError;

????}

???? if (?fwPolicy?)

????????fwPolicy -> Release();

???? if (?fwMgr?)

????????fwMgr -> Release();

???? return ?ret;

將程序名稱加入例外列表:

WinXPSP2FireWall::AddApplication(?const?wchar_t*?lpszProcessImageFileName,?const?wchar_t*?lpszRegisterName?)

{

????FW_ERROR_CODE?ret?=?FW_NOERROR;

????HRESULT?hr;

????BOOL?bAppEnable;

????BSTR?bstrProcessImageFileName?=?NULL;

????BSTR?bstrRegisterName?=?NULL;

????INetFwAuthorizedApplication*?pFWApp?=?NULL;

????INetFwAuthorizedApplications*?pFWApps?=?NULL;

????try

????{

????????if(?m_pFireWallProfile?==?NULL?)

????????????throw?FW_ERR_INITIALIZED;

????????if(?lpszProcessImageFileName?==?NULL?||?lpszRegisterName??==?NULL?)

????????????throw?FW_ERR_INVALID_ARG;

????????//?First?of?all,?check?the?application?is?already?authorized;

????????FW_ERROR_CODE??nError?=?this->IsAppEnabled(?lpszProcessImageFileName,?bAppEnable?);

????????if(?nError?!=?FW_NOERROR?)

????????????throw?nError;

????????//?Only?add?the?application?if?it?isn't?authorized

????????if(?bAppEnable?==?FALSE?)

????????{

????????????//?Retrieve?the?authorized?application?collection

????????????hr?=?m_pFireWallProfile->get_AuthorizedApplications(?&pFWApps?);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_AUTH_APPLICATIONS;

????????????//?Create?an?instance?of?an?authorized?application

????????????hr?=?CoCreateInstance(?__uuidof(NetFwAuthorizedApplication),?NULL,?CLSCTX_INPROC_SERVER,?__uuidof(INetFwAuthorizedApplication),?(void**)&pFWApp);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_CREATE_APP_INSTANCE;

????????????//?Allocate?a?BSTR?for?the?Process?Image?FileName

????????????bstrProcessImageFileName?=?SysAllocString(?lpszProcessImageFileName?);

????????????if(?SysStringLen(?bstrProcessImageFileName?)?==?0)

????????????????throw?FW_ERR_SYS_ALLOC_STRING;

????????????//?Set?the?process?image?file?name

????????????hr?=?pFWApp->put_ProcessImageFileName(?bstrProcessImageFileName?);

????????????if(?FAILED(?hr?)?)

????????????????throw?FW_ERR_PUT_PROCESS_IMAGE_NAME;

????????????//?Allocate?a?BSTR?for?register?name

????????????bstrRegisterName?=?SysAllocString(?lpszRegisterName?);

????????????if(?SysStringLen(?bstrRegisterName?)?==?0)

????????????????throw?FW_ERR_SYS_ALLOC_STRING;

????????????//?Set?a?registered?name?of?the?process

????????????hr?=?pFWApp->put_Name(?bstrRegisterName?);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_PUT_REGISTER_NAME;

????????????

????????????//?Add?the?application?to?the?collection

????????????hr?=?pFWApps->Add(?pFWApp?);

????????????if(?FAILED(?hr?))

????????????????throw?FW_ERR_ADD_TO_COLLECTION;

????????}

????}

????catch(?FW_ERROR_CODE?nError?)

????{

????????ret?=?nError;

????}

????SysFreeString(?bstrProcessImageFileName?);

????SysFreeString(?bstrRegisterName?);

????if(?pFWApp?)

????????pFWApp->Release();

????if(?pFWApps?)

????????pFWApps->Release();

????return?ret;

}

posted on 2006-07-24 16:01 行勝于言閱讀(2350) 評論(3) 編輯收藏引用

Feedback

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 16:59 小明

這種方法需要有管理員的權限么？

如果以普通用戶login，或者以普通用戶的角色來運行程序，ok? 回復更多評論

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 17:53 行勝于言

我不知道你的應用場景是什么?至于說調用權限,并非一定是管理員,普通用戶只要CoInitialize返回不是E_FAIL應該都有權限!
這段代碼不是做后門用的,請大家用在正確的方向上! 回復更多評論

# re: 如何讓你的程序安全通過windows防火墻 2006-07-25 08:29 fiestay

也可以直接將例外的程序寫到注冊表中，windows自帶的防火墻中所有例外都存在注冊表中了，只要將需要例外處理的程序寫到對應的鍵下面即可。回復更多評論

刷新評論列表

只有注冊用戶登錄后才能發表評論。




網站導航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理

青青草原综合久久大伊人导航_色综合久久天天综合_日日噜噜夜夜狠狠久久丁香五月_热久久这里只有精品

行勝于言

My Links

Blog Stats

常用鏈接

留言簿(2)

隨筆檔案

文章檔案

我的站點

搜索

最新評論

閱讀排行榜

評論排行榜

如何讓你的程序安全通過windows防火墻

Feedback

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 16:59 小明

# re: 如何讓你的程序安全通過windows防火墻 2006-07-24 17:53 行勝于言

# re: 如何讓你的程序安全通過windows防火墻 2006-07-25 08:29 fiestay