private bool createAllowRule(CurrentConn activeConn, string[] services, bool isTemp) { int Profiles = _optionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile(); FirewallHelper.CustomRule newRule = new FirewallHelper.CustomRule(activeConn.RuleName, activeConn.CurrentPath, _optionsView.IsAppChecked? activeConn.CurrentAppPkgId : null, activeConn.CurrentLocalUserOwner, services, _optionsView.IsProtocolChecked? activeConn.Protocol : -1, _optionsView.IsTargetIPChecked? activeConn.Target: null, _optionsView.IsTargetPortChecked? activeConn.TargetPort: null, _optionsView.IsLocalPortChecked? activeConn.LocalPort: null, Profiles, "A"); return(newRule.ApplyIndirect(isTemp)); }
private bool createBlockRule(CurrentConn activeConn, string[] services, bool isTemp) { bool success = false; if (!isTemp) { if (Settings.Default.UseBlockRules) { int Profiles = _optionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile(); FirewallHelper.CustomRule newRule = new FirewallHelper.CustomRule(activeConn.RuleName, activeConn.CurrentPath, _optionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null, activeConn.CurrentLocalUserOwner, services, _optionsView.IsProtocolChecked ? activeConn.Protocol : -1, _optionsView.IsTargetIPChecked ? activeConn.Target : null, _optionsView.IsTargetPortChecked ? activeConn.TargetPort : null, _optionsView.IsLocalPortChecked ? activeConn.LocalPort : null, Profiles, "B"); success = newRule.ApplyIndirect(isTemp); if (!success) { MessageBox.Show(Common.Properties.Resources.MSG_RULE_FAILED, Common.Properties.Resources.MSG_DLG_ERR_TITLE, MessageBoxButton.OK, MessageBoxImage.Error); } } else { string entry = (!_optionsView.IsServiceRuleChecked || String.IsNullOrEmpty(activeConn.CurrentService) ? activeConn.CurrentPath : activeConn.CurrentService) + (_optionsView.IsLocalPortChecked ? ";" + activeConn.LocalPort : ";") + (_optionsView.IsTargetIPChecked ? ";" + activeConn.Target : ";") + (_optionsView.IsTargetPortChecked ? ";" + activeConn.TargetPort : ";"); //FIXME: Need to add more? using (StreamWriter sw = new StreamWriter(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "exclusions.set"), true)) { sw.WriteLine(entry); } success = true; } } return(success); }
private bool createAllowRule(CurrentConn activeConn, string[] services, bool createWithAdvancedOptions, bool createTempRule, string ruleName) { int Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile(); string finalRuleName = createTempRule ? Messages.RULE_TEMP_PREFIX + ruleName : ruleName; var newRule = new CustomRule(finalRuleName, createWithAdvancedOptions || OptionsView.IsPathChecked ? activeConn.Path : null, !createWithAdvancedOptions && OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null, activeConn.CurrentLocalUserOwner, services, !createWithAdvancedOptions && OptionsView.IsProtocolChecked ? activeConn.RawProtocol : -1, !createWithAdvancedOptions && OptionsView.IsTargetIPChecked ? activeConn.TargetIP : null, !createWithAdvancedOptions && OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null, !createWithAdvancedOptions && OptionsView.IsLocalPortChecked ? activeConn.SourcePort : null, Profiles, CustomRule.CustomRuleAction.Allow); bool success = FirewallHelper.AddRule(newRule.GetPreparedRule(createTempRule)); // does not use RuleManager if (success && createTempRule) { CreateTempRuleNotifyIcon(newRule); } return(success); }
private bool createBlockRule(CurrentConn activeConn, string[] services, bool createWithAdvancedOptions, bool createTempRule, string ruleName) { bool success; if (Settings.Default.UseBlockRules) { int Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile(); string finalRuleName = (createTempRule) ? Messages.RULE_TEMP_PREFIX + ruleName : ruleName; var newRule = new CustomRule(finalRuleName, createWithAdvancedOptions || OptionsView.IsPathChecked ? activeConn.Path : null, !createWithAdvancedOptions && OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null, activeConn.CurrentLocalUserOwner, services, !createWithAdvancedOptions && OptionsView.IsProtocolChecked ? activeConn.RawProtocol : -1, !createWithAdvancedOptions && OptionsView.IsTargetIPChecked ? activeConn.TargetIP : null, !createWithAdvancedOptions && OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null, !createWithAdvancedOptions && OptionsView.IsLocalPortChecked ? activeConn.SourcePort : null, Profiles, CustomRule.CustomRuleAction.Block); success = FirewallHelper.AddRule(newRule.GetPreparedRule(createTempRule)); // does not use RuleManager if (success && createTempRule) { CreateTempRuleNotifyIcon(newRule); } if (!success) { MessageBox.Show(Messages.MSG_RULE_FAILED, Messages.MSG_DLG_ERR_TITLE, MessageBoxButton.OK, MessageBoxImage.Error); } } else { // FIXME: Remove and always use Global Rules? throw new ArgumentException("Only global block rules can be used - check options"); string entry = (!OptionsView.IsServiceRuleChecked || String.IsNullOrEmpty(activeConn.CurrentService) ? activeConn.Path : activeConn.CurrentService) + (OptionsView.IsLocalPortChecked ? ";" + activeConn.SourcePort : ";") + (OptionsView.IsTargetIPChecked ? ";" + activeConn.TargetIP : ";") + (OptionsView.IsTargetPortChecked ? ";" + activeConn.TargetPort : ";"); //FIXME: Need to add more? using (StreamWriter sw = new StreamWriter(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "exclusions.set"), true)) { sw.WriteLine(entry); } success = true; } return(success); }
private bool createAllowRule(CurrentConn activeConn, string[] services, bool isTemp) { int Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile(); string ruleName = isTemp ? Messages.RULE_TEMP_PREFIX + activeConn.RuleName : activeConn.RuleName; CustomRule newRule = new CustomRule(ruleName, activeConn.CurrentPath, OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null , activeConn.CurrentLocalUserOwner, services, OptionsView.IsProtocolChecked ? activeConn.Protocol : -1, OptionsView.IsTargetIPChecked ? activeConn.Target : null , OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null, OptionsView.IsLocalPortChecked ? activeConn.LocalPort : null, Profiles , CustomRule.CustomRuleAction.A); bool success = FirewallHelper.AddRule(newRule.GetPreparedRule(isTemp)); // does not use RuleManager if (success && isTemp) { CreateTempRuleNotifyIcon(newRule); } return(success); }
public static void GetService(int pid, int threadid, string path, int protocol, int localport, string target, int remoteport, out string[] svc, out string[] svcdsc, out bool unsure) { // Try to lookup details about connection to localport. //@wokhan: how is this supposed to work since connection is blocked by firewall?? LogHelper.Info("Trying to retrieve service name through connection information."); var ret = IPHelper.GetOwner(pid, localport); if (ret != null && !String.IsNullOrEmpty(ret.ModuleName)) { // Returns the owner only if it's indeed a service. string ServiceDesc = getServiceDesc(ret.ModuleName); if (String.IsNullOrEmpty(ServiceDesc)) { LogHelper.Debug("But no service description matches..."); svc = new string[0]; svcdsc = new string[0]; unsure = false; } else { svc = new[] { ret.ModuleName }; svcdsc = new[] { getServiceDesc(ret.ModuleName) }; unsure = false; LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc)); } return; } // Try to retrieve the module name from the calling thread id. LogHelper.Info("Trying to retrieve service name through thread information."); if (threadid != 0) { Process p; try { p = Process.GetProcessById(pid); } catch (ArgumentException) { p = null; } if (p != null) { var thread = p.Threads.Cast <ProcessThread>().SingleOrDefault(t => t.Id == threadid); if (thread == null) { LogHelper.Debug("The thread " + threadid + " has not been found for PID " + pid); } else { var thaddr = thread.StartAddress.ToInt64(); var module = p.Modules.Cast <ProcessModule>().FirstOrDefault(m => thaddr >= (m.BaseAddress.ToInt64() + m.ModuleMemorySize)); if (module == null) { LogHelper.Debug("The thread has been found, but no module matches."); } else { LogHelper.Debug("The thread has been found for module " + module.ModuleName); string ServiceDesc = getServiceDesc(module.ModuleName); if (String.IsNullOrEmpty(ServiceDesc)) { LogHelper.Debug("But no service description matches..."); svc = new string[0]; svcdsc = new string[0]; unsure = false; } else { svc = new[] { module.ModuleName }; svcdsc = new[] { ServiceDesc }; unsure = false; LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc)); } return; } } } } LogHelper.Info("Trying to retrieve service name through process information."); string[] svcs = GetAllServices(pid); //int protocol = (int)Enum.Parse(typeof(NET_FW_IP_PROTOCOL_), protocolStr); if (svcs == null) { LogHelper.Debug("No services running in process " + pid.ToString() + " found!"); svc = new string[0]; svcdsc = new string[0]; unsure = false; return; } //Only one service? Then we've probably found our guy! if (svcs.Length == 1) { svc = svcs; svcdsc = svcs.Select(s => getServiceDesc(s)).ToArray(); unsure = true; LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc)); return; } svc = new string[0]; // And if it still fails, fall backs to the most ugly way ever I am not able to get rid of :-P // Retrieves corresponding existing rules LogHelper.Info("Trying to retrieve service name through rule information."); int profile = FirewallHelper.GetCurrentProfile(); var cRules = FirewallHelper.GetMatchingRules(path, getAppPkgId(pid), protocol, target, remoteport.ToString(), localport.ToString(), svc, getLocalUserOwner(pid), false, false) .Select(r => r.ServiceName) .Distinct() .ToList(); // Trying to guess the corresponding service if not found with the previous method and if not already filtered svcs = svcs.Except(cRules, StringComparer.CurrentCultureIgnoreCase) .ToArray(); LogHelper.Debug("Excluding " + String.Join(",", cRules) + " // Remains " + String.Join(",", svcs)); if (svcs.Length > 0) { svc = svcs; svcdsc = svcs.Select(s => getServiceDesc(s)).ToArray(); unsure = true; LogHelper.Debug("Identified service as: " + String.Join(",", svcdsc) + " (unsure)"); } else { svcdsc = new string[0]; unsure = false; LogHelper.Debug("No service found!" + String.Join(",", svcdsc)); } return; }