├── installer ├── res │ ├── sys.txt │ ├── user.txt │ ├── except.txt │ ├── segmdl2.ttf │ └── adfilter.vshost.exe.manifest ├── installer.vcxproj.filters ├── readme.md ├── readme.txt └── installer.vcxproj ├── exe ├── adfilter │ ├── Properties │ │ ├── Resources.zh-CN.Designer.cs │ │ ├── Settings.settings │ │ ├── Settings.Designer.cs │ │ ├── AssemblyInfo.cs │ │ ├── Resources1.Designer.cs │ │ ├── Resources.zh-CN.resx │ │ └── Resources.resx │ ├── segmdl2.ttf │ ├── res │ │ └── segmdl2.ttf │ ├── packages.config │ ├── Model │ │ ├── HostList.cs │ │ ├── Msg.cs │ │ └── BaseCommand.cs │ ├── View │ │ ├── About.xaml │ │ ├── Host.xaml.cs │ │ ├── About.xaml.cs │ │ ├── Driver.xaml.cs │ │ ├── Driver.xaml │ │ ├── Host.xaml │ │ ├── HostEdit.xaml │ │ ├── HamburgerMenu.xaml │ │ ├── HostEdit.xaml.cs │ │ └── WindowStyle.xaml │ ├── App.xaml.cs │ ├── App.config │ ├── MainWindow.xaml.cs │ ├── App.xaml │ ├── ViewModel │ │ ├── DriverViewModel.cs │ │ └── HostViewModel.cs │ ├── Adf.cs │ ├── app.manifest │ └── MainWindow.xaml └── adfcon │ ├── remove.bat │ ├── install.bat │ ├── adfcon.vcxproj.filters │ ├── app.c │ ├── adf.c │ ├── adf.h │ └── adfcon.vcxproj ├── img └── regexp.png ├── note ├── driver.vsdx └── read file.JPG ├── sys ├── tdi_fw │ ├── src │ │ ├── packet.h │ │ ├── pid_pname.h │ │ ├── sids.h │ │ ├── sock.c │ │ ├── dispatch.h │ │ ├── filter.h │ │ ├── memtrack.h │ │ ├── events.c │ │ ├── conn_state.h │ │ ├── dispatch.c │ │ ├── events.h │ │ ├── net.h │ │ ├── tdi_fw_lib.h │ │ ├── sock.h │ │ ├── obj_tbl.h │ │ ├── disp_sr.c │ │ ├── tdi_fw.h │ │ ├── ndis_hk_ioctl.h │ │ ├── memtrack.c │ │ ├── ev_dg.c │ │ ├── disp_ev.c │ │ ├── ipc.c │ │ ├── sids.c │ │ ├── ipc.h │ │ └── pid_pname.c │ ├── tdi_fw.inf │ ├── readme.md │ └── tdi_fw.vcxproj.filters ├── adfilter │ ├── readme.md │ ├── adfilter.vcxproj.filters │ ├── driver.c │ ├── list.c │ ├── adfilter.h │ ├── filter.c │ ├── dispatch.c │ ├── adfilter.c │ └── adfilter.vcxproj └── slre │ ├── README.md │ └── slre.h ├── .gitattributes ├── readme.md └── .gitignore /installer/res/sys.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/res/user.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/res/except.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /exe/adfilter/Properties/Resources.zh-CN.Designer.cs: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /img/regexp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xue-blood/adfilter/HEAD/img/regexp.png -------------------------------------------------------------------------------- /note/driver.vsdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xue-blood/adfilter/HEAD/note/driver.vsdx -------------------------------------------------------------------------------- /note/read file.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xue-blood/adfilter/HEAD/note/read file.JPG -------------------------------------------------------------------------------- /exe/adfilter/segmdl2.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xue-blood/adfilter/HEAD/exe/adfilter/segmdl2.ttf -------------------------------------------------------------------------------- /exe/adfcon/remove.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | del /F C:\Windows\System32\Drivers\adfilter.sys 3 | sc delete adfilter -------------------------------------------------------------------------------- /installer/res/segmdl2.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xue-blood/adfilter/HEAD/installer/res/segmdl2.ttf -------------------------------------------------------------------------------- /exe/adfilter/res/segmdl2.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xue-blood/adfilter/HEAD/exe/adfilter/res/segmdl2.ttf -------------------------------------------------------------------------------- /exe/adfilter/packages.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/packet.h: -------------------------------------------------------------------------------- 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 2 | // 3 | // $Id: packet.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 4 | 5 | #ifndef _packet_h_ 6 | #define _packet_h_ 7 | 8 | NTSTATUS init_packet(void); 9 | void free_packet(void); 10 | 11 | #endif 12 | -------------------------------------------------------------------------------- /exe/adfilter/Model/HostList.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace adfilter.Model 8 | { 9 | class HostList 10 | { 11 | public string Host { get; set; } 12 | 13 | public HostList(string host) 14 | { 15 | Host = host; 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /exe/adfilter/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | blue 7 | 8 | 9 | -------------------------------------------------------------------------------- /sys/tdi_fw/tdi_fw.inf: -------------------------------------------------------------------------------- 1 | ; 2 | ; tdi_fw.inf 3 | ; 4 | 5 | [Version] 6 | Signature="$WINDOWS NT$" 7 | Class= 8 | ClassGuid= 9 | Provider= 10 | DriverVer= 11 | CatalogFile= 12 | 13 | [DestinationDirs] 14 | DefaultDestDir = 12 15 | 16 | 17 | [SourceDisksNames] 18 | 1 = %DiskName%,,,"" 19 | 20 | [SourceDisksFiles] 21 | 22 | 23 | [Manufacturer] 24 | %ManufacturerName%=Standard,NT$ARCH$ 25 | 26 | [Standard.NT$ARCH$] 27 | 28 | 29 | [Strings] 30 | ManufacturerName="" 31 | ClassName="" 32 | DiskName="tdi_fw Source Disk" 33 | -------------------------------------------------------------------------------- /installer/installer.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /sys/tdi_fw/readme.md: -------------------------------------------------------------------------------- 1 | # build config setting 2 | * first change the `General -> Project Defaults -> Configuration Type` to `Static library (.lib)`
3 | `Target Extension` to `.lib` 4 | * change `C/C++ -> Treat Warnings As Erros` to `NO(/WX)` 5 | * **Add** a new Macro `USE_PACKET_ENGINE` in `C/C++ -> PreProcessor -> Preprocessor Definitions` 6 | 7 | 8 | ## option 9 | * the driver default can't unload dynamic, if you want to enable it Add a new Macro `CAN_UNLOAD` in `C/C++ -> PreProcessor -> Preprocessor Definitions`,but **it's not stable and not recommented** -------------------------------------------------------------------------------- /exe/adfilter/View/About.xaml: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/pid_pname.h: -------------------------------------------------------------------------------- 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 2 | // 3 | // $Id: pid_pname.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 4 | 5 | #ifndef _pid_pname_h_ 6 | #define _pid_pname_h_ 7 | 8 | void pid_pname_init(void); 9 | void pid_pname_free(void); 10 | 11 | BOOLEAN pid_pname_resolve(ULONG pid, char *buf, int buf_size); 12 | 13 | NTSTATUS pid_pname_set_event(ULONG pid, KEVENT *event); 14 | 15 | NTSTATUS pid_pname_set(ULONG pid, const char *pname, int context); 16 | int pid_pname_get_context(ULONG pid); 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /exe/adfilter/App.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Configuration; 4 | using System.Data; 5 | using System.Linq; 6 | using System.Threading.Tasks; 7 | using System.Windows; 8 | 9 | namespace adfilter 10 | { 11 | /// 12 | /// Interaction logic for App.xaml 13 | /// 14 | public partial class App : Application 15 | { 16 | App() 17 | { 18 | //System.Threading.Thread.CurrentThread.CurrentUICulture = 19 | //new System.Globalization.CultureInfo("zh-CN"); 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /exe/adfcon/install.bat: -------------------------------------------------------------------------------- 1 | echo off 2 | copy /Y adfilter.sys C:\Windows\System32\Drivers\adfilter.sys 3 | 4 | sc create adfilter binpath= system32\drivers\adfilter.sys start= auto type= kernel 5 | 6 | reg add HKLM\SYSTEM\CurrentControlSet\services\adfilter /v Pause /t REG_DWORD /d 0 /f 7 | reg add HKLM\SYSTEM\CurrentControlSet\services\adfilter /v SysFilePath /t REG_SZ /d %~dp0sys.txt /f 8 | reg add HKLM\SYSTEM\CurrentControlSet\services\adfilter /v UserFilePath /t REG_SZ /d %~dp0user.txt /f 9 | reg add HKLM\SYSTEM\CurrentControlSet\services\adfilter /v ExceptFilePath /t REG_SZ /d %~dp0except.txt /f 10 | 11 | 12 | net start adfilter -------------------------------------------------------------------------------- /sys/adfilter/readme.md: -------------------------------------------------------------------------------- 1 | # build config setting 2 | * To build this driver, you need build the **tdi_fw** lib first. 3 | * change `C/C++ -> Treat Warnings As Erros` to `NO(/WX)` 4 | 5 | * if build for x64 pc, change the `General -> Target Name` to `adfilter64` 6 | 7 | * add **header path** `$(SolutionDir)sys/tdi_fw/src;$(IncludePath)` in `VC++ Directories -> Include Directories` 8 | * add **lib path** `$(SolutionDir)sys/tdi_fw/src;$(IncludePath)` in `VC++ Directories -> Include Directories` 9 | 10 | * in `Linker -> Input ` add the `tdi.lib` and `tdi_fw.lib` 11 | 12 | * for installer add a post script `copy "$(TargetPath)" "$(SolutionDir)installer\res\$(TargetFileName)" /Y` to `Build Events -> Post Build Event -> Command Line` 13 | 14 | -------------------------------------------------------------------------------- /exe/adfilter/View/Host.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace adfilter.View 17 | { 18 | /// 19 | /// Interaction logic for Host.xaml 20 | /// 21 | public partial class Host : UserControl 22 | { 23 | public Host() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /exe/adfilter/View/About.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace adfilter.View 17 | { 18 | /// 19 | /// Interaction logic for About.xaml 20 | /// 21 | public partial class About : UserControl 22 | { 23 | public About() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /exe/adfilter/View/Driver.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | 17 | namespace adfilter.View 18 | { 19 | /// 20 | /// Interaction logic for Driver.xaml 21 | /// 22 | public partial class Driver : UserControl 23 | { 24 | public Driver() 25 | { 26 | InitializeComponent(); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /installer/readme.md: -------------------------------------------------------------------------------- 1 | editor 2 | ====== 3 | * [visual studio code](https://code.visualstudio.com) + NSIS(externsion) 4 | * [Unicode NSIS](http://www.scratchpaper.com) 5 | 6 | build 7 | ===== 8 | * add `copy "$(TargetPath)" "$(SolutionDir)installer\res\$(TargetFileName)" /Y` 9 | to *vs project setting* -- *post build event* 10 | 11 | * build project in visual code, 12 | * open adfilter.nsi in vs code build the installer. 13 | * or use `makensis adfilter.nsi` command line tool 14 | * this file should in res directory: 15 |
`adf.dll` 16 |
`adfilter.exe` 17 |
`adfilter.sys` 18 |
`adfilter64.exe` 19 |
`dotnetfx45_full_setup.exe` 20 |
`except.txt` 21 |
`MahApps.Metro.dll` 22 |
`segmdl2.ttf` 23 |
`sys.txt` 24 |
`System.Windows.Interactivity.dll` 25 |
`user.txt` -------------------------------------------------------------------------------- /exe/adfilter/Model/Msg.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows.Controls; 7 | using System.Windows.Media.Animation; 8 | 9 | namespace adfilter.Model 10 | { 11 | class Msg 12 | { 13 | 14 | private static Msg instance; 15 | public static Msg Instance 16 | { 17 | get { return instance ?? (instance = new Msg()); } 18 | } 19 | 20 | public TextBlock MsgHost { get; set; } 21 | public void Show(string msg,bool warring = false) 22 | { 23 | MsgHost.Text = msg; 24 | string key = warring ? "Msg_Animate_Warring" : "Msg_Animate"; 25 | Storyboard sb = MsgHost.Resources[key] as Storyboard; 26 | if (sb != null) 27 | MsgHost.BeginStoryboard(sb); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /exe/adfilter/Model/BaseCommand.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows.Input; 7 | 8 | namespace adfilter.Model 9 | { 10 | class BaseCommand : ICommand 11 | { 12 | public Action ExecuteDelegate { get; set; } 13 | 14 | public Predicate CanExecuteDelegate { get; set; } 15 | 16 | public bool CanExecute(object parameter) 17 | { 18 | if (CanExecuteDelegate != null) 19 | return CanExecuteDelegate(parameter); 20 | else 21 | return true; 22 | } 23 | 24 | public event EventHandler CanExecuteChanged; 25 | 26 | public void Execute(object parameter) 27 | { 28 | if (ExecuteDelegate != null) 29 | ExecuteDelegate(parameter); 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /exe/adfilter/App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | blue 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /sys/slre/README.md: -------------------------------------------------------------------------------- 1 | [SLRE](https://github.com/cesanta/slre): Super Light Regular Expression library 2 | ============================================ 3 | 4 | Documentation and API reference are at 5 | [docs.cesanta.com/slre](https://docs.cesanta.com/slre) 6 | 7 | # Contributions 8 | 9 | To submit contributions, sign 10 | [Cesanta CLA](https://docs.cesanta.com/contributors_la.shtml) 11 | and send GitHub pull request. You retain the copyright on your contributions. 12 | 13 | # Licensing 14 | 15 | SLRE is released under commercial and 16 | [GNU GPL v.2](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) 17 | open source licenses. 18 | 19 | Commercial Projects: 20 | Once your project becomes commercialised GPLv2 licensing dictates that you need to either open your source fully or purchase a commercial license. Cesanta offer full, royalty-free commercial licenses without any GPL restrictions. If your needs require a custom license, we’d be happy to work on a solution with you. [Contact us for pricing.] (https://www.cesanta.com/contact) 21 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/sids.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov. 2 | * 3 | * Redistribution and use in source forms, with and without modification, 4 | * are permitted provided that this entire comment appears intact. 5 | * 6 | * Redistribution in binary form may occur without any restrictions. 7 | * 8 | * This software is provided ``AS IS'' without any warranties of any kind. 9 | */ 10 | 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 12 | // 13 | // $Id: sids.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 14 | 15 | #ifndef _sids_h_ 16 | #define _sids_h_ 17 | 18 | /* SID stuff */ 19 | 20 | struct _SID_AND_ATTRIBUTES *get_current_sid_a(ULONG *sid_a_size); 21 | struct _SID_AND_ATTRIBUTES *copy_sid_a(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size); 22 | 23 | void sids_init(void); 24 | 25 | int get_sid_id(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size); 26 | 27 | /* size can be NULL; buf is ULONG sid_len; SID ... */ 28 | NTSTATUS set_sid_list(char *buf, ULONG size); 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /exe/adfilter/View/Driver.xaml: -------------------------------------------------------------------------------- 1 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 19 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/sock.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov. 2 | * 3 | * Redistribution and use in source forms, with and without modification, 4 | * are permitted provided that this entire comment appears intact. 5 | * 6 | * Redistribution in binary form may occur without any restrictions. 7 | * 8 | * This software is provided ``AS IS'' without any warranties of any kind. 9 | */ 10 | 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 12 | // 13 | // $Id: sock.c,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 14 | 15 | /* 16 | * Some helpers from sockets 17 | */ 18 | 19 | #include 20 | #include 21 | #include "sock.h" 22 | 23 | u_long 24 | ntohl (u_long netlong) 25 | { 26 | u_long result = 0; 27 | ((char *)&result)[0] = ((char *)&netlong)[3]; 28 | ((char *)&result)[1] = ((char *)&netlong)[2]; 29 | ((char *)&result)[2] = ((char *)&netlong)[1]; 30 | ((char *)&result)[3] = ((char *)&netlong)[0]; 31 | return result; 32 | } 33 | 34 | u_short 35 | ntohs (u_short netshort) 36 | { 37 | u_short result = 0; 38 | ((char *)&result)[0] = ((char *)&netshort)[1]; 39 | ((char *)&result)[1] = ((char *)&netshort)[0]; 40 | return result; 41 | } 42 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/dispatch.h: -------------------------------------------------------------------------------- 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 2 | // 3 | // $Id: dispatch.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $ 4 | 5 | #ifndef _dispatch_h_ 6 | #define _dispatch_h_ 7 | 8 | // information about completion routine 9 | struct completion { 10 | PIO_COMPLETION_ROUTINE routine; 11 | PVOID context; 12 | }; 13 | 14 | /* 15 | * TDI ioctl dispatcher function 16 | * returns FILTER_xxx 17 | */ 18 | typedef int tdi_ioctl_fn_t(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion); 19 | 20 | // IRP_MJ_CREATE, IRP_MJ_CLEANUP dispatch routines 21 | extern tdi_ioctl_fn_t tdi_create, tdi_cleanup; 22 | 23 | // IRP_MJ_INTERNAL_DEVICE_CONTROL ioctl dispatch routines 24 | extern tdi_ioctl_fn_t 25 | tdi_associate_address, 26 | tdi_connect, 27 | tdi_disassociate_address, 28 | tdi_set_event_handler, 29 | tdi_send_datagram, 30 | tdi_receive_datagram, 31 | tdi_disconnect, 32 | tdi_send, 33 | tdi_receive, 34 | tdi_deny_stub; 35 | 36 | // helper struct for calling of TDI ioctls 37 | struct tdi_ioctl { 38 | UCHAR MinorFunction; 39 | tdi_ioctl_fn_t *fn; 40 | 41 | #if DBG 42 | // for debugging 43 | const char *desc; 44 | #endif 45 | }; 46 | 47 | extern struct tdi_ioctl g_tdi_ioctls[]; 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/filter.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov. 2 | * 3 | * Redistribution and use in source forms, with and without modification, 4 | * are permitted provided that this entire comment appears intact. 5 | * 6 | * Redistribution in binary form may occur without any restrictions. 7 | * 8 | * This software is provided ``AS IS'' without any warranties of any kind. 9 | */ 10 | 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 12 | // 13 | // $Id: filter.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 14 | 15 | #ifndef _filter_h_ 16 | #define _filter_h_ 17 | 18 | #include "ipc.h" 19 | 20 | NTSTATUS filter_init(void); 21 | NTSTATUS filter_init_2(void); 22 | 23 | void filter_free(void); 24 | void filter_free_2(void); 25 | 26 | NTSTATUS add_flt_rule(int chain, const struct flt_rule *rule); 27 | NTSTATUS clear_flt_chain(int chain); 28 | NTSTATUS activate_flt_chain(int chain); 29 | NTSTATUS set_chain_pname(int chain, char *pname); 30 | NTSTATUS set_pid_pname(ULONG pid, char *pname); 31 | 32 | BOOLEAN default_chain_only(void); 33 | 34 | int quick_filter(struct flt_request *request, struct flt_rule *rule); 35 | 36 | BOOLEAN log_request(struct flt_request *request); 37 | ULONG get_request(char *buf, ULONG buf_size); 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/memtrack.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov. 2 | * 3 | * Redistribution and use in source forms, with and without modification, 4 | * are permitted provided that this entire comment appears intact. 5 | * 6 | * Redistribution in binary form may occur without any restrictions. 7 | * 8 | * This software is provided ``AS IS'' without any warranties of any kind. 9 | */ 10 | 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 12 | // 13 | // $Id: memtrack.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 14 | 15 | #ifndef _memtrack_h_ 16 | #define _memtrack_h_ 17 | 18 | #define MEM_TAG '1VRD' 19 | 20 | #if DBG 21 | 22 | void memtrack_init(void); 23 | void memtrack_free(void); 24 | 25 | void *mt_malloc(ULONG size, const char *file, ULONG line); 26 | 27 | // allocate memory from nonpaged pool 28 | #define malloc_np(size) mt_malloc((size), __FILE__, __LINE__) 29 | 30 | void free(void *ptr); 31 | 32 | // debug macro 33 | #define _TEST_ME_ __asm int 3 34 | 35 | #else /* DBG */ 36 | 37 | #define memtrack_init() 38 | #define memtrack_free() 39 | 40 | #define malloc_np(size) ExAllocatePoolWithTag(NonPagedPool, (size), MEM_TAG) 41 | #define free(ptr) ExFreePool(ptr) 42 | 43 | 44 | #define _TEST_ME_ 45 | 46 | #endif /* DBG */ 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /exe/adfcon/adfcon.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {19a03d41-e6d7-431a-83d1-bbc31a61432c} 14 | 15 | 16 | 17 | 18 | Header Files 19 | 20 | 21 | 22 | 23 | Source Files 24 | 25 | 26 | Source Files 27 | 28 | 29 | 30 | 31 | res 32 | 33 | 34 | res 35 | 36 | 37 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/events.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov. 2 | * 3 | * Redistribution and use in source forms, with and without modification, 4 | * are permitted provided that this entire comment appears intact. 5 | * 6 | * Redistribution in binary form may occur without any restrictions. 7 | * 8 | * This software is provided ``AS IS'' without any warranties of any kind. 9 | */ 10 | 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 12 | // 13 | // $Id: events.c,v 1.1 2009/04/28 12:53:27 tanwen Exp $ 14 | 15 | /* 16 | * Replaced event handlers for TDI events 17 | */ 18 | 19 | #include 20 | #include 21 | #include "sock.h" 22 | 23 | #include "events.h" 24 | #include "memtrack.h" 25 | 26 | // to simplify processing don't use chained handlers for datagrams 27 | struct tdi_event_handler g_tdi_event_handlers[]= { 28 | {TDI_EVENT_CONNECT, tdi_event_connect}, 29 | {TDI_EVENT_DISCONNECT, tdi_event_disconnect}, 30 | {TDI_EVENT_RECEIVE_DATAGRAM, tdi_event_receive_datagram}, 31 | {TDI_EVENT_CHAINED_RECEIVE_DATAGRAM, NULL}, 32 | {TDI_EVENT_RECEIVE, tdi_event_receive}, 33 | {TDI_EVENT_RECEIVE_EXPEDITED, tdi_event_receive}, 34 | {TDI_EVENT_CHAINED_RECEIVE, tdi_event_chained_receive}, 35 | {TDI_EVENT_CHAINED_RECEIVE_EXPEDITED, tdi_event_chained_receive}, 36 | {(ULONG)-1, NULL} 37 | }; 38 | -------------------------------------------------------------------------------- /exe/adfilter/MainWindow.xaml.cs: -------------------------------------------------------------------------------- 1 | using adfilter.Model; 2 | using MahApps.Metro.Controls; 3 | using System; 4 | using System.Collections.Generic; 5 | using System.Linq; 6 | using System.Text; 7 | using System.Threading.Tasks; 8 | using System.Windows; 9 | using System.Windows.Controls; 10 | using System.Windows.Data; 11 | using System.Windows.Documents; 12 | using System.Windows.Input; 13 | using System.Windows.Media; 14 | using System.Windows.Media.Imaging; 15 | using System.Windows.Navigation; 16 | using System.Windows.Shapes; 17 | 18 | using Res = adfilter.Properties.Resources; 19 | namespace adfilter 20 | { 21 | /// 22 | /// Interaction logic for MainWindow.xaml 23 | /// 24 | public partial class MainWindow : MetroWindow 25 | { 26 | public MainWindow() 27 | { 28 | InitializeComponent(); 29 | 30 | if (Adf.Instance.Invalid) 31 | { 32 | MessageBox.Show(Res.msg_driver_no_access); 33 | //App.Current.Shutdown(); 34 | } 35 | 36 | Msg.Instance.MsgHost = msg; 37 | } 38 | 39 | 40 | private void HamburgerMenu_ItemClick(object sender, ItemClickEventArgs e) 41 | { 42 | HamburgerMenu hm = sender as HamburgerMenu; 43 | 44 | hm.Content = e.ClickedItem; 45 | hm.IsPaneOpen = false; 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/conn_state.h: -------------------------------------------------------------------------------- 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 2 | // 3 | // $Id: conn_state.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $ 4 | 5 | #ifndef _conn_state_h_ 6 | #define _conn_state_h_ 7 | 8 | #include "ipc.h" 9 | 10 | NTSTATUS conn_state_init(void); 11 | void conn_state_free(void); 12 | 13 | /* work with listening ports for all protocols */ 14 | 15 | NTSTATUS add_listen(struct ot_entry *ote_addr); 16 | 17 | void del_listen_obj(struct listen_entry *le, BOOLEAN no_guard); 18 | 19 | BOOLEAN is_listen(ULONG addr, USHORT port, int ipproto); 20 | 21 | BOOLEAN is_bcast_listen(ULONG addr, USHORT port, int ipproto); 22 | 23 | NTSTATUS enum_listen(struct listen_nfo *buf, ULONG *buf_len, ULONG buf_size); 24 | 25 | /* work with TCP only connections */ 26 | 27 | NTSTATUS add_tcp_conn(struct ot_entry *ote_conn, int tcp_state); 28 | void del_tcp_conn(PFILE_OBJECT connobj, BOOLEAN is_disconnect); 29 | 30 | void del_tcp_conn_obj(struct conn_entry *ce, BOOLEAN no_guard); 31 | void log_disconnect(struct ot_entry *ote_conn); 32 | 33 | NTSTATUS set_tcp_conn_state(PFILE_OBJECT connobj, int state); 34 | NTSTATUS set_tcp_conn_local(PFILE_OBJECT connobj, TA_ADDRESS *local); 35 | 36 | int get_tcp_conn_state(ULONG laddr, USHORT lport, ULONG raddr, USHORT rport); 37 | int get_tcp_conn_state_by_obj(PFILE_OBJECT connobj); 38 | 39 | NTSTATUS enum_tcp_conn(struct tcp_conn_nfo *buf, ULONG *buf_len, ULONG buf_size); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # ADFilter 2 | Filter AD in windows kernel. 3 | 4 | ![demo](https://user-images.githubusercontent.com/18024882/28399960-dc6acb18-6d42-11e7-9725-dc71e34e7927.png) 5 | 6 | ## How to use 7 | just add host any you want to filter. 8 | 9 | ## How to build 10 | To build driver and application, you need [Visual Studio 2013]() and [WDK8.1]()
11 | To build installer package, you need [nsis](). 12 | 13 | This is repository contain those projects: 14 | * [Tdi fw](./sys/tdi_fw)
15 | A *kernel lib* implement the commuication with windows **TDI** Driver,
16 | and provide a interface for handling network packet. 17 | * [ADFilter driver](./sys/adfilter)
18 | This is the driver we write for filter dns message in kernel. 19 | * [ADFCon](./exe/adfcon)
20 | This project provides a *C dll* for User Application access to the driver. 21 | (It also has a command line interface,but not recommended) 22 | * [ADFilter application](./exe/adfilter)
23 | This is a WPF application for control the driver.(make sure it has administrator privalge) 24 | * [Installer](./installer)
25 | You can use the nsis script use build a package for install and uninstall,for more information please see this [document](./installer/readme.md) 26 | 27 | ## Update 28 | 2017.7.29: 29 | * add a project to build nsis installer in visual studio. 30 | * use Regular Expression [SLRE](https://github.com/cesanta/slre) replace the absolute compare. 31 | ![regexp](./img/regexp.png) -------------------------------------------------------------------------------- /sys/adfilter/adfilter.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | 14 | 15 | Source Files 16 | 17 | 18 | Source Files 19 | 20 | 21 | Source Files 22 | 23 | 24 | Source Files 25 | 26 | 27 | Source Files 28 | 29 | 30 | Source Files 31 | 32 | 33 | 34 | 35 | Header Files 36 | 37 | 38 | Header Files 39 | 40 | 41 | -------------------------------------------------------------------------------- /installer/readme.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | MAKEFILE PROJECT : installer Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this installer project for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your installer project. 9 | 10 | 11 | installer.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | installer.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input 25 | in the wizard. The build command can be nmake or any other tool you use. 26 | 27 | This project does not contain any files, so there are none displayed in Solution Explorer. 28 | 29 | ///////////////////////////////////////////////////////////////////////////// 30 | -------------------------------------------------------------------------------- /exe/adfilter/View/Host.xaml: -------------------------------------------------------------------------------- 1 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/dispatch.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov. 2 | * 3 | * Redistribution and use in source forms, with and without modification, 4 | * are permitted provided that this entire comment appears intact. 5 | * 6 | * Redistribution in binary form may occur without any restrictions. 7 | * 8 | * This software is provided ``AS IS'' without any warranties of any kind. 9 | */ 10 | 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 12 | // 13 | // $Id: dispatch.c,v 1.1 2009/04/28 12:53:27 tanwen Exp $ 14 | 15 | /* 16 | * Dispatch routines for TDI ioctls 17 | */ 18 | 19 | #include 20 | #include 21 | #include "sock.h" 22 | 23 | #include "dispatch.h" 24 | 25 | #if DBG 26 | # define ENTRY(code, fn) {code, fn, #code} 27 | # define LAST_ENTRY {0, NULL, NULL} 28 | #else 29 | # define ENTRY(code, fn) {code, fn} 30 | # define LAST_ENTRY {0, NULL} 31 | #endif 32 | 33 | struct tdi_ioctl g_tdi_ioctls[] = { 34 | ENTRY(TDI_ASSOCIATE_ADDRESS, tdi_associate_address), 35 | ENTRY(TDI_CONNECT, tdi_connect), 36 | ENTRY(TDI_DISASSOCIATE_ADDRESS, tdi_disassociate_address), 37 | ENTRY(TDI_SET_EVENT_HANDLER, tdi_set_event_handler), 38 | ENTRY(TDI_SEND_DATAGRAM, tdi_send_datagram), 39 | ENTRY(TDI_RECEIVE_DATAGRAM, tdi_receive_datagram), 40 | ENTRY(TDI_DISCONNECT, tdi_disconnect), 41 | ENTRY(TDI_SEND, tdi_send), 42 | ENTRY(TDI_RECEIVE, tdi_receive), 43 | #if 1 // for now only deny stubs for security reasons 44 | ENTRY(TDI_ACCEPT, tdi_deny_stub), 45 | ENTRY(TDI_LISTEN, tdi_deny_stub), 46 | #endif 47 | LAST_ENTRY 48 | }; 49 | -------------------------------------------------------------------------------- /exe/adfilter/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace adfilter.Properties { 12 | 13 | 14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "12.0.0.0")] 16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { 17 | 18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 19 | 20 | public static Settings Default { 21 | get { 22 | return defaultInstance; 23 | } 24 | } 25 | 26 | [global::System.Configuration.UserScopedSettingAttribute()] 27 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 28 | [global::System.Configuration.DefaultSettingValueAttribute("blue")] 29 | public string text { 30 | get { 31 | return ((string)(this["text"])); 32 | } 33 | set { 34 | this["text"] = value; 35 | } 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /exe/adfilter/App.xaml: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /exe/adfilter/ViewModel/DriverViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Linq; 5 | using System.Runtime.CompilerServices; 6 | using System.Text; 7 | using System.Threading.Tasks; 8 | 9 | using adfilter.Model; 10 | using System.Windows.Input; 11 | 12 | using Res = adfilter.Properties.Resources; 13 | 14 | namespace adfilter.ViewModel 15 | { 16 | class DriverViewModel : INotifyPropertyChanged 17 | { 18 | public event PropertyChangedEventHandler PropertyChanged; 19 | 20 | void RaisePropertyChanged([CallerMemberName] string name=null) 21 | { 22 | if (PropertyChanged != null) 23 | PropertyChanged(this, new PropertyChangedEventArgs(name)); 24 | } 25 | 26 | private ICommand startCommand; 27 | public ICommand StartCommand 28 | { 29 | get 30 | { 31 | return startCommand ?? (startCommand = new BaseCommand 32 | { 33 | ExecuteDelegate = x => 34 | { 35 | Adf.Instance.Pause = false; 36 | Msg.Instance.Show(Res.msg_driver_started); 37 | } 38 | }); 39 | } 40 | } 41 | 42 | private ICommand stopCommand; 43 | public ICommand StopCommand 44 | { 45 | get 46 | { 47 | return stopCommand ?? (stopCommand = new BaseCommand 48 | { 49 | ExecuteDelegate = x => 50 | { 51 | Adf.Instance.Pause = true; 52 | Msg.Instance.Show(Res.msg_driver_stoped, true); 53 | } 54 | }); 55 | } 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /exe/adfcon/app.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define ADF_STATIC 4 | #include "adf.h" 5 | 6 | HANDLE h; 7 | 8 | void promot() 9 | { 10 | char s[] = \ 11 | "Usage:\n\ 12 | adfcon start/stop : start or stop the driver.\n\ 13 | adfcon show : show the status of driver.\n\ 14 | adfcon add/del (hostname): add or delete host.\n\ 15 | adfcon addE/delE (hostname): add or delete a host which will not be filtered."; 16 | 17 | printf("%s",s); 18 | } 19 | 20 | #define Cmd(name,func) \ 21 | if (strcmp(cmd, name) == 0) \ 22 | { \ 23 | func; \ 24 | break; \ 25 | } 26 | 27 | int main(int argc, char** argv) 28 | { 29 | if (argc == 1) 30 | { 31 | promot(); 32 | return 0; 33 | } 34 | 35 | char *cmd = argv[1]; 36 | do 37 | { 38 | // argc == 2 39 | h = adf_open(); 40 | printf("open device %s\n", h == INVALID_HANDLE_VALUE ? "failed." : "success."); 41 | if (h == INVALID_HANDLE_VALUE) return -1; 42 | 43 | Cmd("start", adf_set_pause(h, false)); 44 | Cmd("stop", adf_set_pause(h, true)); 45 | Cmd("show", printf("driver is %s\n", 46 | adf_get_pause(h) ?"paused" : "not paused")); 47 | 48 | // argc == 3 49 | if (argc != 3) printf("please input the host name\n"); 50 | Cmd("add", printf("add host %s.\n", 51 | adf_host(h,argv[2],strlen(argv[2]),true,false)?"success":"failed")); 52 | Cmd("del", printf("delete host %s.\n", 53 | adf_host(h, argv[2], strlen(argv[2]),false,false) ? "success" : "failed")); 54 | 55 | Cmd("addE", printf("add host %s.\n", 56 | adf_host(h, argv[2], strlen(argv[2]),true,true) ? "success" : "failed")); 57 | Cmd("delE", printf("delete host %s.\n", 58 | adf_host(h, argv[2], strlen(argv[2]),false,true) ? "success" : "failed")); 59 | 60 | 61 | // invalid command 62 | printf("parameter is invalid\n"); 63 | promot(); 64 | return 0; 65 | 66 | 67 | } while (0); 68 | 69 | printf("command success.\n"); 70 | adf_close(h); 71 | 72 | return 1; 73 | } -------------------------------------------------------------------------------- /sys/slre/slre.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2004-2013 Sergey Lyubka 3 | * Copyright (c) 2013 Cesanta Software Limited 4 | * All rights reserved 5 | * 6 | * This library is dual-licensed: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License version 2 as 8 | * published by the Free Software Foundation. For the terms of this 9 | * license, see . 10 | * 11 | * You are free to use this library under the terms of the GNU General 12 | * Public License, but WITHOUT ANY WARRANTY; without even the implied 13 | * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 | * See the GNU General Public License for more details. 15 | * 16 | * Alternatively, you can license this library under a commercial 17 | * license, as set out in . 18 | */ 19 | 20 | /* 21 | * This is a regular expression library that implements a subset of Perl RE. 22 | * Please refer to README.md for a detailed reference. 23 | */ 24 | 25 | #ifndef CS_SLRE_SLRE_H_ 26 | #define CS_SLRE_SLRE_H_ 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | struct slre_cap { 33 | const char *ptr; 34 | int len; 35 | }; 36 | 37 | 38 | int slre_match(const char *regexp, const char *buf, int buf_len, 39 | struct slre_cap *caps, int num_caps, int flags); 40 | 41 | /* Possible flags for slre_match() */ 42 | enum { SLRE_IGNORE_CASE = 1 }; 43 | 44 | 45 | /* slre_match() failure codes */ 46 | #define SLRE_NO_MATCH -1 47 | #define SLRE_UNEXPECTED_QUANTIFIER -2 48 | #define SLRE_UNBALANCED_BRACKETS -3 49 | #define SLRE_INTERNAL_ERROR -4 50 | #define SLRE_INVALID_CHARACTER_SET -5 51 | #define SLRE_INVALID_METACHARACTER -6 52 | #define SLRE_CAPS_ARRAY_TOO_SMALL -7 53 | #define SLRE_TOO_MANY_BRANCHES -8 54 | #define SLRE_TOO_MANY_BRACKETS -9 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif /* CS_SLRE_SLRE_H_ */ 61 | -------------------------------------------------------------------------------- /exe/adfilter/Adf.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Runtime.InteropServices; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | 8 | namespace adfilter 9 | { 10 | public class Adf : IDisposable 11 | { 12 | 13 | #region c function 14 | [DllImport("adf.dll")] 15 | static extern IntPtr adf_open(); 16 | 17 | [DllImport("adf.dll")] 18 | static extern void adf_close(IntPtr handle); 19 | 20 | [DllImport("adf.dll")] 21 | static extern bool adf_set_pause(IntPtr handle, bool pause); 22 | 23 | [DllImport("adf.dll")] 24 | static extern bool adf_get_pause(IntPtr handle); 25 | 26 | 27 | [DllImport("adf.dll")] 28 | static extern bool adf_host(IntPtr handle, [MarshalAs(UnmanagedType.LPStr)] string host, int host_len, bool add, bool except); 29 | 30 | 31 | #endregion 32 | 33 | static Adf instance = null; 34 | public static Adf Instance 35 | { 36 | get { return instance ?? ( instance = new Adf()); } 37 | } 38 | 39 | IntPtr handle; 40 | 41 | public Adf() 42 | { 43 | handle = adf_open(); 44 | } 45 | 46 | public bool Invalid 47 | { 48 | get { return (handle.ToInt32() == -1); } 49 | } 50 | 51 | public bool Pause 52 | { 53 | get { return adf_get_pause(handle); } 54 | set { adf_set_pause(handle, value); } 55 | } 56 | 57 | 58 | public bool AddHost(string host,bool allow) 59 | { 60 | if (host.Length <= 1) return false; 61 | return adf_host(handle, host, host.Length, true, allow); 62 | } 63 | 64 | public bool DelHost(string host,bool allow) 65 | { 66 | if (host.Length <= 1) return false; 67 | return adf_host(handle, host, host.Length, false, allow); 68 | } 69 | 70 | public void Dispose() 71 | { 72 | adf_close(handle); 73 | } 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/events.h: -------------------------------------------------------------------------------- 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 2 | // 3 | // $Id: events.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $ 4 | 5 | #ifndef _events_h_ 6 | #define _events_h_ 7 | 8 | #include "obj_tbl.h" 9 | 10 | NTSTATUS tdi_event_connect( 11 | IN PVOID TdiEventContext, 12 | IN LONG RemoteAddressLength, 13 | IN PVOID RemoteAddress, 14 | IN LONG UserDataLength, 15 | IN PVOID UserData, 16 | IN LONG OptionsLength, 17 | IN PVOID Options, 18 | OUT CONNECTION_CONTEXT *ConnectionContext, 19 | OUT PIRP *AcceptIrp); 20 | 21 | NTSTATUS tdi_event_disconnect( 22 | IN PVOID TdiEventContext, 23 | IN CONNECTION_CONTEXT ConnectionContext, 24 | IN LONG DisconnectDataLength, 25 | IN PVOID DisconnectData, 26 | IN LONG DisconnectInformationLength, 27 | IN PVOID DisconnectInformation, 28 | IN ULONG DisconnectFlags); 29 | 30 | NTSTATUS tdi_event_receive_datagram( 31 | IN PVOID TdiEventContext, 32 | IN LONG SourceAddressLength, 33 | IN PVOID SourceAddress, 34 | IN LONG OptionsLength, 35 | IN PVOID Options, 36 | IN ULONG ReceiveDatagramFlags, 37 | IN ULONG BytesIndicated, 38 | IN ULONG BytesAvailable, 39 | OUT ULONG *BytesTaken, 40 | IN PVOID Tsdu, 41 | OUT PIRP *IoRequestPacket); 42 | 43 | NTSTATUS tdi_event_receive( 44 | IN PVOID TdiEventContext, 45 | IN CONNECTION_CONTEXT ConnectionContext, 46 | IN ULONG ReceiveFlags, 47 | IN ULONG BytesIndicated, 48 | IN ULONG BytesAvailable, 49 | OUT ULONG *BytesTaken, 50 | IN PVOID Tsdu, 51 | OUT PIRP *IoRequestPacket); 52 | 53 | NTSTATUS tdi_event_chained_receive( 54 | IN PVOID TdiEventContext, 55 | IN CONNECTION_CONTEXT ConnectionContext, 56 | IN ULONG ReceiveFlags, 57 | IN ULONG ReceiveLength, 58 | IN ULONG StartingOffset, 59 | IN PMDL Tsdu, 60 | IN PVOID TsduDescriptor); 61 | 62 | // helper struct for calling one of the handlers 63 | struct tdi_event_handler { 64 | LONG event; 65 | PVOID handler; 66 | }; 67 | 68 | extern struct tdi_event_handler g_tdi_event_handlers[]; 69 | 70 | #endif 71 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/net.h: -------------------------------------------------------------------------------- 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs) 2 | // 3 | // $Id: net.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $ 4 | 5 | #ifndef _net_h_ 6 | #define _net_h_ 7 | 8 | /* 9 | * network definitions 10 | */ 11 | 12 | #pragma pack(1) 13 | 14 | struct ether_hdr { 15 | UCHAR ether_dhost[6]; 16 | UCHAR ether_shost[6]; 17 | USHORT ether_type; 18 | }; 19 | 20 | #define ETHERTYPE_IP 0x0800 /* IP protocol */ 21 | 22 | #define IP_DF 0x4000 /* dont fragment flag */ 23 | #define IP_MF 0x2000 /* more fragments flag */ 24 | #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ 25 | 26 | struct ip_hdr { 27 | UCHAR ip_hl:4; /* header length */ 28 | UCHAR ip_v:4; /* version */ 29 | UCHAR ip_tos; /* type of service */ 30 | USHORT ip_len; /* total length */ 31 | USHORT ip_id; /* identification */ 32 | USHORT ip_off; /* fragment offset field */ 33 | UCHAR ip_ttl; /* time to live */ 34 | UCHAR ip_p; /* protocol */ 35 | USHORT ip_sum; /* checksum */ 36 | ULONG ip_src; /* source address */ 37 | ULONG ip_dst; /* dest address */ 38 | }; 39 | 40 | struct icmp_hdr { 41 | UCHAR icmp_type; /* type of message */ 42 | UCHAR icmp_code; /* type sub code */ 43 | USHORT icmp_cksum; /* ones complement cksum of struct */ 44 | }; 45 | 46 | struct udp_hdr { 47 | USHORT uh_sport; /* source port */ 48 | USHORT uh_dport; /* destination port */ 49 | USHORT uh_ulen; /* udp length */ 50 | USHORT uh_sum; /* udp checksum */ 51 | }; 52 | 53 | #define TH_FIN 0x01 54 | #define TH_SYN 0x02 55 | #define TH_RST 0x04 56 | #define TH_PUSH 0x08 57 | #define TH_ACK 0x10 58 | #define TH_URG 0x20 59 | 60 | struct tcp_hdr { 61 | USHORT th_sport; /* source port */ 62 | USHORT th_dport; /* destination port */ 63 | ULONG th_seq; /* sequence number */ 64 | ULONG th_ack; /* acknowledgement number */ 65 | 66 | UCHAR th_x2:4; /* (unused) */ 67 | UCHAR th_off:4; /* data offset */ 68 | UCHAR th_flags; 69 | 70 | USHORT th_win; /* window */ 71 | USHORT th_sum; /* checksum */ 72 | USHORT th_urp; /* urgent pointer */ 73 | }; 74 | 75 | #pragma pack() 76 | 77 | #endif 78 | -------------------------------------------------------------------------------- /exe/adfcon/adf.c: -------------------------------------------------------------------------------- 1 | #define ADF_IMPLEMENT 2 | #include "adf.h" 3 | 4 | // flush dns cache 5 | // doc:http://blog.csdn.net/chenlycly/article/details/26254007 6 | BOOL __stdcall DnsFlushResolverCache() 7 | { 8 | BOOL bRet = FALSE; 9 | 10 | typedef BOOL(WINAPI *PfuncDnsFlushResolverCache)(VOID); 11 | HMODULE hDnsModule = LoadLibrary(TEXT("dnsapi.dll")); 12 | if (hDnsModule != NULL) 13 | { 14 | PfuncDnsFlushResolverCache pFlushFun = GetProcAddress(hDnsModule, "DnsFlushResolverCache"); 15 | if (pFlushFun != NULL) 16 | { 17 | pFlushFun(); 18 | bRet = TRUE; 19 | } 20 | 21 | FreeLibrary(hDnsModule); 22 | } 23 | 24 | return bRet; 25 | } 26 | 27 | ADF_API HANDLE adf_open() 28 | { 29 | HANDLE h = CreateFile(ADF_DEVICE_NAME, GENERIC_ALL, 30 | 0, NULL, OPEN_EXISTING, 31 | 0, NULL); 32 | return h; 33 | } 34 | 35 | ADF_API void adf_close(HANDLE h) 36 | { 37 | if (h != INVALID_HANDLE_VALUE) 38 | CloseHandle(h); 39 | } 40 | 41 | 42 | ADF_API bool adf_set_pause(HANDLE h,bool pause) 43 | { 44 | if (h == INVALID_HANDLE_VALUE) return false; 45 | 46 | DWORD ret; 47 | bool status = DeviceIoControl(h, IOCTL_ADF_SET_PAUSE, 48 | &pause, sizeof(pause), // IN 49 | NULL, 0, // OUT 50 | &ret, NULL); 51 | 52 | return status; 53 | } 54 | 55 | ADF_API bool adf_get_pause(HANDLE h) 56 | { 57 | if (h == INVALID_HANDLE_VALUE) return false; 58 | 59 | DWORD ret; 60 | bool pause = true; 61 | bool status = DeviceIoControl(h, IOCTL_ADF_GET_PAUSE, 62 | NULL, 0, // IN 63 | &pause, sizeof(bool), // OUT 64 | &ret, NULL); 65 | 66 | return status && pause; 67 | } 68 | 69 | 70 | ADF_API bool adf_host(HANDLE h, char* host, int len, bool add, bool except) 71 | { 72 | if (len > ADF_HOST_MAX_LEN || !host) return false; 73 | 74 | DWORD code = (except ? ( add ? IOCTL_ADF_ADD_EXCEPT_HOST : IOCTL_ADF_DEL_EXCEPT_HOST) : 75 | ( add ? IOCTL_ADF_ADD_USER_HOST : IOCTL_ADF_DEL_USER_HOST)); 76 | 77 | DWORD ret; 78 | bool status = DeviceIoControl(h, code, 79 | host, len + 1, // IN 80 | NULL, 0, // OUT 81 | &ret, NULL); 82 | 83 | 84 | if (add) DnsFlushResolverCache(); 85 | 86 | 87 | return status; 88 | } 89 | -------------------------------------------------------------------------------- /exe/adfcon/adf.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #ifndef bool 5 | #define true 1 6 | #define false 0 7 | #define bool long 8 | #endif 9 | 10 | 11 | #ifdef ADF_STATIC // is use static library 12 | #define ADF_API 13 | #else 14 | #ifdef ADF_IMPLEMENT 15 | #define ADF_API __declspec(dllexport) 16 | #else 17 | #define ADF_API __declspec(dllimport) 18 | #endif 19 | #endif 20 | 21 | #define ADF_DEVICE_NAME L"\\\\.\\Ad_filter_control_device" 22 | 23 | 24 | 25 | // pause 26 | #define IOCTL_ADF_GET_PAUSE CTL_CODE(FILE_DEVICE_CONTROLLER,0x801,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 27 | #define IOCTL_ADF_SET_PAUSE CTL_CODE(FILE_DEVICE_CONTROLLER,0x802,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 28 | 29 | // host list 30 | #define IOCTL_ADF_ADD_USER_HOST CTL_CODE(FILE_DEVICE_CONTROLLER,0x803,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 31 | #define IOCTL_ADF_DEL_USER_HOST CTL_CODE(FILE_DEVICE_CONTROLLER,0x804,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 32 | 33 | #define IOCTL_ADF_ADD_EXCEPT_HOST CTL_CODE(FILE_DEVICE_CONTROLLER,0x805,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 34 | #define IOCTL_ADF_DEL_EXCEPT_HOST CTL_CODE(FILE_DEVICE_CONTROLLER,0x806,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 35 | 36 | // statistic 37 | #define IOCTL_ADF_SYS_HOST CTL_CODE(FILE_DEVICE_CONTROLLER,0x807,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 38 | #define IOCTL_ADF_STATISTIC CTL_CODE(FILE_DEVICE_CONTROLLER,0x808,METHOD_BUFFERED,FILE_READ_ACCESS|FILE_WRITE_ACCESS) 39 | 40 | #if _DEBUG 41 | #define log printf 42 | #else 43 | #define log 44 | #endif 45 | 46 | #define ADF_HOST_MAX_LEN 128 47 | 48 | 49 | ADF_API HANDLE adf_open(); 50 | ADF_API void adf_close(HANDLE h); 51 | 52 | 53 | ADF_API bool adf_set_pause(HANDLE h,bool pause); 54 | ADF_API bool adf_get_pause(HANDLE h); 55 | 56 | ADF_API bool adf_host(HANDLE h, char* host, int len,bool add,bool except); 57 | 58 | #define adf_add_user_host(h,host,len) adf_host(h,host,len,1,0) 59 | #define adf_del_user_host(h,host,len) adf_host(h,host,len,0,0) 60 | 61 | #define adf_add_except_host(h,host,len) adf_host(h,host,len,1,1) 62 | #define adf_del_except_host(h,host,len) adf_host(h,host,len,0,1) 63 | -------------------------------------------------------------------------------- /sys/adfilter/driver.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "tdi_fw_lib.h" 7 | 8 | #include "adfilter.h" 9 | 10 | 11 | 12 | NTSTATUS create_device(PDRIVER_OBJECT driver) 13 | { 14 | // create device 15 | UNICODE_STRING name; 16 | RtlInitUnicodeString(&name, CONTROL_DEVICE_NAME); 17 | 18 | NTSTATUS status = IoCreateDevice(driver, 0, &name, FILE_DEVICE_CONTROLLER, 19 | 0, false, &Adf.device); 20 | chk("Create device failed.\n"); 21 | 22 | Adf.device->Flags |= DO_BUFFERED_IO; 23 | 24 | // add to tdifw engine 25 | if (!tdifw_register_user_device(Adf.device)) 26 | { 27 | log("Registry device failed.\n"); 28 | IoDeleteDevice(Adf.device); 29 | return status; 30 | } 31 | 32 | // create symbol link 33 | UNICODE_STRING symb; 34 | RtlInitUnicodeString(&symb, CONTROL_DEVICE_SYMB); 35 | 36 | status = IoCreateSymbolicLink(&symb, &name); 37 | fail 38 | { 39 | log("Create symbol link failed.\n"); 40 | IoDeleteDevice(Adf.device); 41 | return status; 42 | }; 43 | 44 | KdPrint((APP"Create device: %wZ\n", &symb)); 45 | 46 | return status; 47 | } 48 | 49 | void delete_device() 50 | { 51 | // delete symbol link 52 | UNICODE_STRING symb; 53 | RtlInitUnicodeString(&symb, CONTROL_DEVICE_SYMB); 54 | 55 | IoDeleteSymbolicLink(&symb); 56 | 57 | // delete device 58 | IoDeleteDevice(Adf.device); 59 | } 60 | 61 | NTSTATUS 62 | tdifw_driver_entry( 63 | IN PDRIVER_OBJECT theDriverObject, 64 | IN PUNICODE_STRING theRegistryPath) 65 | { 66 | KdPrint(("[adf] driver start.(%wZ)\n", theRegistryPath)); 67 | 68 | KeInitializeSpinLock(&Adf.lock); 69 | NTSTATUS status = STATUS_SUCCESS; 70 | 71 | status = load_cfg(theRegistryPath); 72 | // if (!NT_SUCCESS(status)) 73 | // { 74 | // KdPrint(("[adf] load config failed.\n")); 75 | // unload_cfg(); 76 | // return status; 77 | // } 78 | 79 | status = create_device(theDriverObject); 80 | if (!NT_SUCCESS(status)) 81 | { 82 | KdPrint(("[adf] create device failed.\n")); 83 | unload_cfg(); 84 | return status; 85 | } 86 | 87 | 88 | return STATUS_SUCCESS; 89 | } 90 | 91 | VOID 92 | tdifw_driver_unload( 93 | IN PDRIVER_OBJECT DriverObject) 94 | { 95 | 96 | delete_device(); 97 | unload_cfg(); 98 | 99 | return; 100 | } 101 | 102 | -------------------------------------------------------------------------------- /exe/adfilter/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Resources; 3 | using System.Runtime.CompilerServices; 4 | using System.Runtime.InteropServices; 5 | using System.Windows; 6 | 7 | // General Information about an assembly is controlled through the following 8 | // set of attributes. Change these attribute values to modify the information 9 | // associated with an assembly. 10 | [assembly: AssemblyTitle("adfilter")] 11 | [assembly: AssemblyDescription("")] 12 | [assembly: AssemblyConfiguration("")] 13 | [assembly: AssemblyCompany("")] 14 | [assembly: AssemblyProduct("adfilter")] 15 | [assembly: AssemblyCopyright("Copyright © 2017")] 16 | [assembly: AssemblyTrademark("")] 17 | [assembly: AssemblyCulture("")] 18 | 19 | // Setting ComVisible to false makes the types in this assembly not visible 20 | // to COM components. If you need to access a type in this assembly from 21 | // COM, set the ComVisible attribute to true on that type. 22 | [assembly: ComVisible(false)] 23 | 24 | //In order to begin building localizable applications, set 25 | //CultureYouAreCodingWith in your .csproj file 26 | //inside a . For example, if you are using US english 27 | //in your source files, set the to en-US. Then uncomment 28 | //the NeutralResourceLanguage attribute below. Update the "en-US" in 29 | //the line below to match the UICulture setting in the project file. 30 | 31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)] 32 | 33 | 34 | [assembly: ThemeInfo( 35 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located 36 | //(used if a resource is not found in the page, 37 | // or application resource dictionaries) 38 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located 39 | //(used if a resource is not found in the page, 40 | // app, or any theme specific resource dictionaries) 41 | )] 42 | 43 | 44 | // Version information for an assembly consists of the following four values: 45 | // 46 | // Major Version 47 | // Minor Version 48 | // Build Number 49 | // Revision 50 | // 51 | // You can specify all the values or you can default the Build and Revision Numbers 52 | // by using the '*' as shown below: 53 | // [assembly: AssemblyVersion("1.0.*")] 54 | [assembly: AssemblyVersion("1.0.0.0")] 55 | [assembly: AssemblyFileVersion("1.0.0.0")] 56 | -------------------------------------------------------------------------------- /sys/tdi_fw/src/tdi_fw_lib.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file tdi_fw_lib 3 | * @author tan wen 4 | * @brief I add this file to simplise the including of tdi_fw.lib's 5 | * header file. tdi_fw.lib is a library based on tdi_fw. You 6 | * can link this library to build a tdi filter driver easily. 7 | */ 8 | 9 | #ifndef _TDI_FW_LIB_HEADER_ 10 | #define _TDI_FW_LIB_HEADER_ 11 | 12 | #include 13 | #include 14 | #include "net.h" 15 | #include "sock.h" 16 | #include "ipc.h" 17 | 18 | /** If you use tdi_fw.lib to build your tdi filter driver, you must write 19 | * tdifw_driver_entry(), tdifw_driver_unload(), tdifw_user_device_dispatch(), 20 | * tdifw_filter(). You can't change these function's name or use their name 21 | * to define other functions or vals. These functions' prototypes are as below. 22 | */ 23 | 24 | /** tdifw_driver_entry is just like DriverEntry. tdi_fw.lib already havs the 25 | * function which named DriverEntry. So when you is using tdi_fw.lib to develop 26 | * a tdi neckwork filter, use tdifw_driver_entry instead. Don't to set driver's 27 | * dispatch function here. tdi_fw has used them. But if you create any device 28 | * here, you may use tdifw_register_user_device() to resigter them. When any 29 | * irp is sending to your devices, tdifw_user_device_dispatch() will be called. 30 | * You can dispatch your irp here. 31 | */ 32 | extern NTSTATUS 33 | tdifw_driver_entry( 34 | IN PDRIVER_OBJECT theDriverObject, 35 | IN PUNICODE_STRING theRegistryPath); 36 | 37 | /** tdifw_driver_unload is just like DriverUnload. It will be called when this 38 | * driver is unloading. Delete all devices you created and free memory you 39 | * allocated here. 40 | */ 41 | extern VOID 42 | tdifw_driver_unload( 43 | IN PDRIVER_OBJECT DriverObject); 44 | 45 | /** tdifw_user_device_dispatch() will be called when any device which you 46 | * have created and used tdifw_register_user_device() to register got any 47 | * irp. You should complete any such irp here. Don't passthru. 48 | */ 49 | extern NTSTATUS tdifw_user_device_dispatch( 50 | IN PDEVICE_OBJECT DeviceObject, IN PIRP irp); 51 | 52 | /** These function will be call when any network event happends. You can choose 53 | * interested event to filter. return FLT_ALLOW to passthru or FLT_DENY to 54 | * refuse this event. See the strcut flt_request for more details. 55 | */ 56 | extern int tdifw_filter(struct flt_request *request); 57 | 58 | BOOLEAN tdifw_register_user_device(PDEVICE_OBJECT dev); 59 | 60 | #endif // _TDI_FW_LIB_HEADER_ 61 | -------------------------------------------------------------------------------- /exe/adfilter/View/HostEdit.xaml: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 11 | 12 | pack://application:,,,/res/#segmdl2 13 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |