DRIVERS
NDIS hooking
Simple NDIS Hooking Based Firewall for NT4/2000
[download] (78K, full sources included, version 1.01, updated 2003-06-11)
[view] Doxygen NDIS hooking
driver documentation
Currently all my working on ndis_fw project is stopped probably until the
end of 2004. More stable version of NDIS hooking driver is included as a
part of TdiFw project. See
tdifw-1.3.2\addon\ndis_hk\src in downloaded zip-file.
ABSTRACT
This is simple packet filter firewall based on NDIS hooking. It contains
generic NDIS hooking driver (ndis_hk) and packet filtering driver
(ndis_flt). NDIS hooking driver allows to get interface list and install
kernel-mode callback functions to allow or deny packets outgoing or coming
from TCP/IP protocol driver. Packet filtering driver parses rules file
and contains callbacks for packet filtering.
Packet filtering driver is very simple. It doesn't do stateful inspection.
But I have plans to extend its functionality. By the way it can send TCP
RST packet for TCP DENY. Rules language is also very simple.
HOT NEWS!
2003-06-11
* ndis_hk\hooked_fn.c: fixed bug with BSOD on XP/2003 startup
Thanks to OlegP
See CHANGELOG section below.
INSTALLATION
1. Run install_2k.bat for Windows 2000 or install_nt4.bat for NT4
2. Edit %SystemRoot%\system32\drivers\etc\ndis_fw.conf for your taste
3. Restart Windows
I must warn you the current version is very raw and get ready for
any unexpected behavior
on your system!
RULES
Edit file %SystemRoot%\system32\drivers\etc\ndis_fw.conf
Description of file format is in it.
Rules can be automatically reload in 5-10 sec after you change the file.
Errors are written in log (see below).
LOGS
Logs are text files. They're in %SystemRoot%\system32\LogFiles\ndis_fw directory.
File name consists of year, month and date: YYYYMMDD.log
Numeric value after ALLOW or DENY is number of line in rules file with
applied rule.
CHANGELOG
2003-06-11
* ndis_hk\hooked_fn.c: fixed bug with BSOD on XP/2003 startup
Thanks to OlegP
2003-05-21: new version released!
What's new? Not so much. I tried to make ndis_hk driver as generic hooking
engine. Filter drivers can attach to hooking driver several times using
"layered" architecture.
A lot of changes in ndis_hk.
Few changes in ndis_flt. One of the most important thing is ability to
send network packets to network or to TCP/IP protocol driver. As example
TCP RST on DENY can be sent. See ndis_flt\packet.c
Thanks to Jan, Igor and all who interested in this project!
2003-01-09
* install_*.reg: fixed STUPID bug with driver name in registry. Thanks to
Moonchang Chae;
* ndis_hk\hooked_fn.c: fixed bug with resources leak on NdisSendPackets.
Thanks to Big Boss;
* ndis_flt\flt_rule.c: fixed bug with network mask processing. Before it
correctly worked only /0, /16, /24, /32 masks. Thanks to Junhee Shin.
2002-12-15: Initial release of version 1.0
AUTHOR
see readme.txt file in downloaded ndis_fw.zip
|
