1. 技术文章
  2. How to use .sys driver functions in delphi

How to use .sys driver functions in delphi

依然范特西╮ 提交于 2021-02-05 09:08:01

问题


I have a specific driver(a firewall driver) which i managed to load with delphi but i dont know how to call his function inside my program. The specification for this functions on driver are like folows : Firewall functions can be called with DeviceIoControl (DDoSflt) IoControl codes (needed for DeviceIoControl) are as following:

0x2220c0 = IOCTL_START
Input:  none
Output: none

After loading the driver, call this function to install firewall hook.

0x2220c4 = IOCTL_STOP
Input:  none
Output: none

Call this function to disable the firewall without unloading it.

0x2220c8 = IOCTL_DDOSADDIP
Input:  a DWORD containing an IP address
Output: none

This function notifies the firewall that a DDoS attack is in progress and adds an IP to DDoS filter. Until IOCTL_DDOSSTOP is called, all the traffic from IPs that are in DDoS filter will be filtered.

0x2220cc = IOCTL_DDOSSTOP
Input:  none
Output: none

This function notifies the firewall that DDoS attack was stopped, the function will delete the DDoS filter.

0x2220d0 = IOCTL_BAN0
Input:  two DWORDs containing an IP range
Output: none

This function sets a ban on an IP range.

0x2220d4 = IOCTL_GETFLT
Input:  none
Output: DWORD

This function returns the number of filtered TCP/SYN packets that were sent from IPs found in DDoS filter. 2. Structures used by firewall

2.1. FirewallParametersInfo

typedef struct _FirewallParametersInfo{
    WORD    pcapFlags;  // bit 0 = WinPCap is enabled, bit 1 = detection of adapters was completed (this WORD is not used by version 1.03 of DDoSflt)
    WORD    pcapAdapters;   // mask of enabled / disabled adapters used by WinPCap procedures (this WORD is not used by version 1.03 of DDoSflt)
    DWORD   pcapTimer;  // timeout for capturing packets using WinPCap procedures (not used by version 1.03 of DDoSflt)
    BYTE    pcapSyn;    // maximum number of TCP/SYN packets per second allowed from one IP
    BYTE    pcapUdp;    // maximum number of UDP packets per second allowed from one IP
    BYTE    pcapIcmp;   // maximum number of ICMP packets per second allowed from one IP
    BYTE    firewallFlags;  // bit 0 = firewall is registered
                // bit 1 = firewall is started
                // bit 2 = maximum SYN/second on hub's registered ports will be checked
                // bit 3 = maximum SYN/second on unregistered ports will be checked
                // bit 4 = ICMP traffic will be blocked
                // bit 5 = TCP/RST packets will not be sent (will be filtered)
                // bit 6 = if flood is detected, the application will call the firewall to set a _ban0_ (not used by firewall)
                // bit 7 = if flood is detected, a notification message will be sent in opchat (not used by firewall)
    WORD    hubSyn;     // maximum SYN rate allowed for one of registered hub's ports
    WORD    otherSyn;   // maximum SYN rate allowed for non-registered ports
} FirewallParametersInfo;

2.2. port_info

typedef struct _port_info{
    WORD    port;       // port value in network byte order
    int synRate;    // maximum number of TCP/SYN packets per second allowed from all users
} port_info;

This is ...


回答1:


You need to open a handle to the driver using CreateFile API then you will be able to send commands to the driver using DeviceIoControl. 

    function InstallAndStartDriver(DriverPath,DriverName: WideString; out DriverDevice : THandle): Boolean;
    var
      hSCManager, hService: THandle;
      lpServiceArgVectors: PWideChar;
    begin
      Result := False;
      hSCManager := 0;
      hSCManager := OpenSCManagerW(nil, nil, SC_MANAGER_ALL_ACCESS);
      if hSCManager <> 0 then
      begin
        try
          hService := 0;
          hService := CreateServiceW(hSCManager, DriverName, DriverName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, PWideChar(DriverPath), nil, nil, nil, nil, nil);
          hService := 0;
          lpServiceArgVectors := nil;
          hService := OpenServiceW(hSCManager, DriverName, SERVICE_ALL_ACCESS);
          if hService <> 0 then
          begin
            try
              if StartServiceW(hService, 0, PWideChar(lpServiceArgVectors)) then
              begin
                Result := True;
              end;
            finally
              CloseServiceHandle(hService);
            end;
          end;
        finally
          CloseServiceHandle(hSCManager);
        end;
      end;
      if Result then
      begin
      DriverDevice := CreateFileW(PWideChar('\\.\' + DriverName), GENERIC_READ or GENERIC_WRITE, 0, PSECURITY_DESCRIPTOR(nil), OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
      Result := GetLastError() = ERROR_SUCCESS;
      end;
    end;


procedure TForm1.Button2Click(Sender: TObject);
var
  driver : THandle;
begin
  if InstallAndStartDriver('D:\mydriver.sys','Firewall',driver) then
    DeviceIoControl(...)
end;


来源:https://stackoverflow.com/questions/11115286/how-to-use-sys-driver-functions-in-delphi

标签
Delphi
delphi-7
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!