/// <summary> /// </summary> /// <param name="filter"> /// The packet filter string to be evaluated. /// </param> /// <param name="layer"> /// The layer. /// </param> /// <param name="packet"> /// The packet. /// </param> /// <param name="packetLen"> /// The total length of the packet. /// </param> /// <param name="address"> /// The <seealso cref="WinDivertAddress" /> of the packet pPacket. /// </param> /// <returns> /// TRUE if the packet matches the filter string, FALSE otherwise. /// </returns> /// <remarks> /// Evaluates the given packet against the given packet filter string. This function returns /// TRUE if the packet matches, and returns FALSE otherwise. /// /// This function also returns FALSE if an error occurs, in which case /// <seealso cref="Marshal.GetLastWin32Error" /> can be used to get the reason for the /// error.Otherwise, if no error occurred, GetLastError() will return 0. /// /// Note that this function is relatively slow since the packet filter string will be (re) /// compiled for each call. This function is mainly intended for debugging or testing purposes. /// </remarks> public static bool WinDivertHelperEvalFilter(string filter, WinDivertLayer layer, WinDivertBuffer packet, uint packetLen, ref WinDivertAddress address) { fixed (WinDivertAddress* pAddress = &address) { var retVal = WinDivertNative.WinDivertHelperEvalFilter(filter, layer, packet.BufferPointer, packetLen, ref address); return retVal; } }
/// <summary> /// Checks if the given packet filter string is valid with respect to the filter language. If /// the filter is invalid, then a human readable description of the error is returned by /// errorStr (if non-NULL), and the error's position is returned by errorPos (if non-NULL). /// </summary> /// <param name="filter"> /// The packet filter string to be checked. /// </param> /// <param name="layer"> /// The layer. /// </param> /// <param name="errorMessage"> /// The error description. /// </param> /// <param name="errorPosition"> /// The error position. /// </param> /// <returns> /// TRUE if the packet filter string is valid, FALSE otherwise. /// </returns> public static bool WinDivertHelperCheckFilter(string filter, WinDivertLayer layer, out string errorMessage, ref uint errorPosition) { errorMessage = null; errorPosition = 0; char* pErrorString = null; uint errPosTmp = 0; var retVal = WinDivertNative.WinDivertHelperCheckFilter(filter, layer, &pErrorString, ref errorPosition); if (pErrorString != null) { errorMessage = Marshal.PtrToStringAnsi((IntPtr)pErrorString); errorPosition = errPosTmp; } return retVal; }
/// <summary> /// Opens a WinDivert handle for the given filter. Unless otherwise specified by flags, any /// packet that matches the filter will be diverted to the handle. Diverted packets can be /// read by the application with <seealso cref="WinDivertRecv(IntPtr, WinDivertBuffer, ref WinDivertAddress, ref uint)" /> /// </summary> /// <param name="filter"> /// A packet filter string specified in the WinDivert filter language. /// </param> /// <param name="layer"> /// The layer. /// </param> /// <param name="priority"> /// The priority of the handle. /// </param> /// <param name="flags"> /// Additional flags. /// </param> /// <returns> /// A valid WinDivert handle on success, or IntPtr.Zero if an error occurred. Use /// <see cref="Marshal.GetLastWin32Error" /> to get the reason for the error. /// </returns> /// <remarks> /// A typical application is only interested in a subset of all network traffic. In this case /// the filter should match as closely as possible to the subset of interest. This avoids /// unnecessary overheads introduced by diverting packets to the user-mode application. See /// the filter language section for more information. The layer of the WinDivert handle is /// determined by the layer parameter. /// </remarks> public static IntPtr WinDivertOpen(string filter, WinDivertLayer layer, short priority, WinDivertOpenFlags flags) { return WinDivertNative.WinDivertOpen(filter, layer, priority, (ulong)flags); }
internal static extern IntPtr WinDivertOpen([MarshalAs(UnmanagedType.LPStr)] string filter, WinDivertLayer layer, short priority, ulong flags);
internal static extern bool WinDivertHelperCompileFilter([MarshalAs(UnmanagedType.LPStr)] string filter, WinDivertLayer layer, IntPtr obj, uint objLen, out IntPtr errorStr, out uint errorPos);
public static extern bool WinDivertHelperCheckFilter([In()][MarshalAs(UnmanagedType.LPStr)] string filter, WinDivertLayer layer, char **errorStr, ref uint errorPos);
public static extern bool WinDivertHelperEvalFilter([In()][MarshalAs(UnmanagedType.LPStr)] string filter, WinDivertLayer layer, [In()] IntPtr pPacket, uint packetLen, [In()] ref WinDivertAddress pAddr);
public static extern IntPtr WinDivertOpen(byte[] rule, WinDivertLayer layer, short priority, WinDivertFlag flags);
public static extern bool WinDivertHelperCheckFilter([In][MarshalAs(UnmanagedType.LPStr)] string filter, WinDivertLayer layer, ref IntPtr errorStr, IntPtr errorPos);
public static extern WinDivertSafeHandle WinDivertOpen([In][MarshalAs(UnmanagedType.LPStr)] string filter, WinDivertLayer layer, short priority, ulong flags);
private static WinDivertHandle OpenHandle(byte[] ruleBuffer, FilterDefinition filter, WinDivertLayer layer, short priority, WinDivertFlag flags) { LibraryMode mode = GetSafeLibraryMode(); if (filter._stringValue != null) { int count = Encoding.ASCII.GetBytes(filter._stringValue, 0, filter._stringValue.Length, ruleBuffer, 0); } else { DivertFilterStringBuilder.WriteFilter(ruleBuffer, filter._filterExpression); } switch (mode) { case LibraryMode.Standard: //var rule=DivertFilterStringBuilder.MakeFilter(filter); //IntPtr rawHandle = Interop.NativeMethods.WinDivert.WinDivertOpen(rule, layer,priority,flags); IntPtr rawHandle = Interop.NativeMethods.WinDivert.WinDivertOpen(ruleBuffer, layer, priority, flags); WinDivertLibHandle wh = rawHandle; if (wh.IsInvalid) { var error = NativeMethods.Kernel32.GetLastError(); switch (error) { case 2: throw new Exception("Driver WinDivert32.sys or WinDivert64.sys is not found"); case 5: throw new UnauthorizedAccessException("Need Admin"); case 87: throw new ArgumentException("filter expression is invalid", nameof(filter)); case 577: throw new UnauthorizedAccessException("Driver signature verification failed"); case 654: throw new InvalidOperationException("An incompatible version of the WinDivert driver is currently loaded"); case 1060: throw new InvalidOperationException("The handle was opened with the WINDIVERT_FLAG_NO_INSTALL flag and the WinDivert driver is not already installed."); case 1275: throw new UnauthorizedAccessException("Driver is blocked by other software"); case 1753: throw new InvalidOperationException("Base Filtering Engine service has been disabled"); } } return(wh); case LibraryMode.ManagedOnly: default: throw new InvalidOperationException(); } }
public static WinDivertHandle OpenHandle(FilterDefinition filter, WinDivertLayer layer, short priority, WinDivertFlag flags) { byte[] ruleBuffer = new byte[10240]; return(OpenHandle(ruleBuffer, filter, layer, priority, flags)); }