阻止 Win32 应用程序的所有 Windows Internet 访问

发布于 2024-08-22 07:33:07 字数 652 浏览 3 评论 0原文

对于我正在编写的应用程序来说,阻止 Windows 计算机上的所有 Internet 访问的最简单方法是什么?

更多详细信息:

Windows:XP 或更高版本

应用程序:用 C/C++ 编写的基本 Win32 应用程序。

阻止:它需要能够随意阻止和解除阻止,最好以用户无法轻易逆转的方式进行。 (例如,右键单击系统托盘中的网络连接图标。)另外,理想情况下,我希望它使用的方法可以在用户重新启动 Windows 或重置计算机时恢复访问,尽管我会如果计算机在处于阻止状态时重置,还愿意让应用程序随 Windows 自动启动并在启动时解锁访问。

互联网访问:首先,我想阻止传统浏览器访问传统的 http/https 网站。其次,最好阻止 IM 客户端和客户端社交网络应用程序。仍然允许本地网络进行文件共享等也很好,但不是必需的。(请注意,只有第一个要求是绝对的。)

最后注意事项:这并不意味着是一个安全实用程序,也不是与用户是敌对的(例如,使用家长控制实用程序),因此使用无法被确定的用户解决的方案并不重要。 (考虑到我打算重新启动或重置以清除阻止。这意味着用户可能发现的任何解决方法都需要比这更多的努力。)

谢谢!

ps 我怀疑 Windows 防火墙 API 不适用于我,因为这需要适用于未启用防火墙或没有管理员权限的用户,但如果我能纠正这一点,我会很高兴。

What would be the simplest way for an application I'm writing to block all Internet access on a Windows machine?

More details:

Windows: XP or higher

Application: A basic Win32 app written in C/C++.

Blocking: It needs to be able to block and unblock at will, ideally in a way that the user can't easily reverse. (By, say, right clicking on a network connection icon in the system tray.) Also, ideally, I'd like the method it uses to allow access to be restored should the user restart Windows or reset the machine, though I'd also be willing to have the app auto launch with Windows and unblock access upon startup if the machine was reset while in a blocked state.

Internet access: Primarily, I'd like to block conventional browsers from hitting conventional http/https sites. Secondarily, it would be nice to block IM clients and client-side social networking apps. It would also be nice, but not required, to still allow local networking for file sharing, etc. (Note that only the first requirement is absolute.)

Final notes: This is not meant to be a security utility, nor will its relationship to the user be adversarial (as, for example, with a parental control utility) so it's not important for it to use a scheme that can't be worked around by a determined user. (Consider that I intend for a reboot or reset to clear the blocking. This means that any workaround a user might discover that would take more effort than this is okay.)

Thanks!

p.s. I suspect that the Windows Firewall API won't work for me because this needs to work for users that haven't enabled the firewall or don't have admin privileges, but I'll be thrilled if I'm corrected on this.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

难如初 2024-08-29 07:33:07

听起来您打算运行您不希望访问互联网的应用程序。也许您可以在禁用网络的虚拟机(例如 VirtualBox)中运行它们。

It sounds like you're intending to run applications that you don't want to access the internet. Perhaps you could run them inside a virtual machine such as VirtualBox with networking disabled.

忆梦 2024-08-29 07:33:07

您可以使用 Winsock SPI 来完成此操作。 Windows SDK 有一个示例(位于 Samples\netds\winsock\lsp 下),它实现了所谓的分层服务提供程序,该提供程序允许您挂钩 Winsock 提供的所有用户模式功能,并拒绝/修改调用以阻止网络访问或将流量重定向到不同的地点。所有已安装的winsock应用程序都将受到影响,因此在您的代码中,您可以制定哪些应用程序可以退出等以及动态禁用/启用的策略。现在,一个有决心的人可以找到解决这个问题的方法,但这将是一个痛苦。

也就是说,这并不是一件简单的事,但示例应该可以帮助您完成大部分工作。

You could do it with a Winsock SPI. The Windows SDK has a sample (under Samples\netds\winsock\lsp) which implements what is called a layered service provider which allows you to hook all the user mode functions provided by Winsock and reject/modify the calls to block network access or redirect traffic to different locations. All installed winsock applications will be affected, so in your code you could have policys for what applications can go out and the like and disabled/enable on the fly. Now a determined person could find ways around this but it would be a pain.

That said this isn't trivial to do but the sample should get you most of the way there.

为你鎻心 2024-08-29 07:33:07

仅使用用户模式应用程序无法有效或实用地编写工具。

您需要编写的是网络 I/O 堆栈过滤器驱动程序。这是通过编写 Windows 驱动程序来完成的。这与 Windows Win32 应用程序不同。驱动程序在内核模式下运行,应用程序在用户模式下运行。

在 Windows Vista 及更高版本上,内核模式网络编程接口 (NPI) 就是为此而设计的。这与 Windows 防火墙使用的 API 相同。这些有时称为 Winsock 内核 (WSK) API。

实际上,您正在编写一个网络防火墙(或多或少),

这里有一些链接

请注意,您可能需要至少两个组件

  1. 您的驱动程序
  2. 一个图形应用程序人们可以用来控制您的工具

如果您想要进行任何监视,您可能需要一个从驱动程序收集数据的用户模式服务。这比尝试在驱动程序中执行此操作效果更好。一般来说,您应该在驱动程序中执行最少的工作。

一些注意事项:

  1. 在编写此类软件时,您需要非常注意安全性。这非常重要。面向网络的软件具有最高的安全要求。
  2. 了解绩效。
  3. 您的驱动程序和/或服务必须了解调用应用程序的上下文。这也是一个安全边界。例如,不以管理员身份运行的应用程序不应该能够控制您的驱动程序。

You cannot effectively or practically write your tool with only a user mode application.

What you need to write is a network I/O stack filter driver. This done by writing a Windows Driver. This is different from a Windows Win32 application. Drivers run in kernel mode and applications run in user mode.

On Windows Vista and later, the kernel mode Network Programming Interface (NPI) is designed for this. This is the same API that Windows Firewalls use. These are sometimes called the Winsock kernel (WSK) APIs.

In effect, you are writing a network firewall (more or less)

here are some links

Note, your will likely need at least two components

  1. Your driver
  2. A Graphical application that a person can use to control your tool

If you want to do any monitoring, you will likely need a user mode service that collects data from your driver. This works better than trying to do this in the driver. In general, you should do the minimal amount of work in the driver.

A few notes:

  1. You need to be very conscious of security when writing this kind of software. This is very much non trivial. Software that is network facing has the highest security requirements.
  2. Be cognizant of performance.
  3. Your driver and/or service must be aware of the context of a calling application. This is also a security boundary. For example, an application not running as administrator should not be able to control your driver.
你曾走过我的故事 2024-08-29 07:33:07

查看防火墙源代码

take a look at firewall sourcecodes

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文