I want to have an application or service that is running that, on some schedule, can disable access to the internet for all applications except for specific ones.
我希望有一个正在运行的应用程序或服务,在某些时间表上,可以禁用除特定应用程序之外的所有应用程序的Internet访问。
I'm trying to create a filter that can be turned on or off under programmatic control. Not just IP addresses and ports, but I want to be able to block specific applications as well, much like Zone Alarm and other software firewalls let you block.
我正在尝试创建一个可以在程序控制下打开或关闭的过滤器。不仅仅是IP地址和端口,而且我希望能够阻止特定的应用程序,就像区域警报和其他软件防火墙让你阻止一样。
For example, iexplore.exe, skype.exe, firefox.exe, aim.exe. But still need to allow other applications to connect as needed.
例如,iexplore.exe,skype.exe,firefox.exe,aim.exe。但仍需要允许其他应用程序根据需要进行连接。
It has to work on Vista as well as XP, but I kind of expect that the method will be different on each of those platforms.
它必须在Vista和XP上运行,但我希望这些方法在每个平台上都有所不同。
Basically, the filter has to tie the network communication back to the executable that is making the request and then allow or deny it.
基本上,过滤器必须将网络通信绑定到发出请求的可执行文件,然后允许或拒绝它。
Update:
On Vista at least, it looks like I want to use filters in the ALE layers of the WFP.
至少在Vista上,看起来我想在WFP的ALE层使用过滤器。
On XP, I'm still looking for the best way to do it. Do I really need to be writing device drivers and dealing with kernel stuff? I'm just a lowly application developer. Kill me now.
在XP上,我仍然在寻找最好的方法。我真的需要编写设备驱动程序和处理内核的东西吗?我只是一个卑微的应用程序开发人员。现在杀了我。
Update 2:
Currently looking at the PfCreateInterface and related Pf* API's for pre-Vista systems.
目前正在查看PfCreateInterface和相关的Pf * API用于Vista之前的系统。
6 个解决方案
#1
You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.
您可以使用Windows防火墙API中的INetFwAuthorizedApplications界面动态更改Vista和XP的防火墙策略。
Also see this question.
另见这个问题。
#2
You'll have to write a device driver that filters traffic based on the executable requesting the traffic.
您必须编写一个设备驱动程序,根据请求流量的可执行文件过滤流量。
#3
by limiting its access to internet using firewall. go to firewall setting advanced tab (win 7) and do that
通过使用防火墙限制其对Internet的访问。转到防火墙设置高级选项卡(win 7)并执行此操作
#4
I'm not sure, but I think you'd need to do it by getting the program to run as a user that has limited permissions, the question is, can you make a user account that stops such things?
我不确定,但我认为您需要通过让程序以具有有限权限的用户身份运行来实现,问题是,您是否可以创建一个停止此类操作的用户帐户?
#5
You'll need to redirect all (or at least many) calls to the WinSock API functions of any running program to your own replacement functions. That means getting into the memory of each running program and hijacking those functions, which is an... interesting... exercise. :-)
您需要将对所有正在运行的程序的WinSock API函数的所有(或至少很多)调用重定向到您自己的替换函数。这意味着进入每个正在运行的程序的记忆并劫持这些功能,这是一个......有趣的......练习。 :-)
That might be enough of a pointer to get you started, or at least to suggest some more specific questions to ask.
这可能足以让你开始,或至少提出一些更具体的问题。
#6
Could you move aside (ie rename) the system's winsock DLL and replace it with your own ? Yours should provide the same API, but check the the process name of incoming requests... return an error code to blocked applications and forward the calls from allowed apps onto the real DLL.
你可以放弃(即重命名)系统的winsock DLL并用你自己的DLL替换它吗?您应该提供相同的API,但检查传入请求的进程名称...将错误代码返回给被阻止的应用程序,并将允许的应用程序的调用转发到真正的DLL上。
#1
You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.
您可以使用Windows防火墙API中的INetFwAuthorizedApplications界面动态更改Vista和XP的防火墙策略。
Also see this question.
另见这个问题。
#2
You'll have to write a device driver that filters traffic based on the executable requesting the traffic.
您必须编写一个设备驱动程序,根据请求流量的可执行文件过滤流量。
#3
by limiting its access to internet using firewall. go to firewall setting advanced tab (win 7) and do that
通过使用防火墙限制其对Internet的访问。转到防火墙设置高级选项卡(win 7)并执行此操作
#4
I'm not sure, but I think you'd need to do it by getting the program to run as a user that has limited permissions, the question is, can you make a user account that stops such things?
我不确定,但我认为您需要通过让程序以具有有限权限的用户身份运行来实现,问题是,您是否可以创建一个停止此类操作的用户帐户?
#5
You'll need to redirect all (or at least many) calls to the WinSock API functions of any running program to your own replacement functions. That means getting into the memory of each running program and hijacking those functions, which is an... interesting... exercise. :-)
您需要将对所有正在运行的程序的WinSock API函数的所有(或至少很多)调用重定向到您自己的替换函数。这意味着进入每个正在运行的程序的记忆并劫持这些功能,这是一个......有趣的......练习。 :-)
That might be enough of a pointer to get you started, or at least to suggest some more specific questions to ask.
这可能足以让你开始,或至少提出一些更具体的问题。
#6
Could you move aside (ie rename) the system's winsock DLL and replace it with your own ? Yours should provide the same API, but check the the process name of incoming requests... return an error code to blocked applications and forward the calls from allowed apps onto the real DLL.
你可以放弃(即重命名)系统的winsock DLL并用你自己的DLL替换它吗?您应该提供相同的API,但检查传入请求的进程名称...将错误代码返回给被阻止的应用程序,并将允许的应用程序的调用转发到真正的DLL上。