Пример #1
0
 public void ComplexFiltersTests()
 {
     Assert.AreEqual("inbound and ((tcp.SrcPort == 80) or (tcp.SrcPort == 443))", DivertFilterStringBuilder.MakeFilter(x => x.Inbound && ((x.Tcp.SrcPort == 80) || x.Tcp.SrcPort == 443)));
     //maybe optimize ()?
     Assert.AreEqual("inbound and (((tcp.SrcPort == 80) or (tcp.SrcPort == 443)) or (tcp.SrcPort == 81))",
                     DivertFilterStringBuilder.MakeFilter(x => x.Inbound && ((x.Tcp.SrcPort == 80) || x.Tcp.SrcPort == 443 || x.Tcp.SrcPort == 81)));
 }
Пример #2
0
        private static WinDivertHandle OpenHandle(byte[] ruleBuffer, FilterDefinition filter, WinDivertLayer layer, short priority, WinDivertFlag flags)
        {
            LibraryMode mode = GetSafeLibraryMode();

            if (filter._stringValue != null)
            {
                int count = Encoding.ASCII.GetBytes(filter._stringValue, 0, filter._stringValue.Length, ruleBuffer, 0);
            }
            else
            {
                DivertFilterStringBuilder.WriteFilter(ruleBuffer, filter._filterExpression);
            }



            switch (mode)
            {
            case LibraryMode.Standard:
                //var rule=DivertFilterStringBuilder.MakeFilter(filter);
                //IntPtr rawHandle = Interop.NativeMethods.WinDivert.WinDivertOpen(rule, layer,priority,flags);
                IntPtr             rawHandle = Interop.NativeMethods.WinDivert.WinDivertOpen(ruleBuffer, layer, priority, flags);
                WinDivertLibHandle wh        = rawHandle;
                if (wh.IsInvalid)
                {
                    var error = NativeMethods.Kernel32.GetLastError();
                    switch (error)
                    {
                    case 2:
                        throw new Exception("Driver WinDivert32.sys or WinDivert64.sys is not found");

                    case 5:
                        throw new UnauthorizedAccessException("Need Admin");

                    case 87:
                        throw new ArgumentException("filter expression is invalid", nameof(filter));

                    case 577:
                        throw new UnauthorizedAccessException("Driver signature verification failed");

                    case 654:
                        throw new InvalidOperationException("An incompatible version of the WinDivert driver is currently loaded");

                    case 1060:
                        throw new InvalidOperationException("The handle was opened with the WINDIVERT_FLAG_NO_INSTALL flag and the WinDivert driver is not already installed.");

                    case 1275:
                        throw new UnauthorizedAccessException("Driver is blocked by other software");

                    case 1753:
                        throw new InvalidOperationException("Base Filtering Engine service has been disabled");
                    }
                }
                return(wh);

            case LibraryMode.ManagedOnly:
            default:
                throw new InvalidOperationException();
            }
        }
Пример #3
0
 public void SimpleFiltersTest()
 {
     Assert.AreEqual("inbound", DivertFilterStringBuilder.MakeFilter(x => x.Inbound));
     Assert.AreEqual("outbound", DivertFilterStringBuilder.MakeFilter(x => x.Outbound));
     Assert.AreEqual("tcp", DivertFilterStringBuilder.MakeFilter(x => x.IsTcp));
     Assert.AreEqual("udp", DivertFilterStringBuilder.MakeFilter(x => x.IsUdp));
     Assert.AreEqual("tcp.SrcPort == 80", DivertFilterStringBuilder.MakeFilter(x => (x.Tcp.SrcPort == 80)));
     Assert.AreEqual("not tcp", DivertFilterStringBuilder.MakeFilter(x => !x.IsTcp));
 }
Пример #4
0
        public void FiltersWithConstantsTest()
        {
            IPAddress ip = IPAddress.Parse("8.8.8.8");

            Assert.AreEqual("(inbound and (ip.SrcAddr == 8.8.8.8)) or (outbound and (ip.DstAddr == 8.8.8.8))", DivertFilterStringBuilder.MakeFilter(x => (x.Inbound && (x.Ip.SrcAddr == IPAddress.Parse("8.8.8.8"))) || (x.Outbound && (x.Ip.DstAddr == IPAddress.Parse("8.8.8.8")))));
            Assert.AreEqual("(inbound and (ip.SrcAddr == 8.8.8.8)) or (outbound and (ip.DstAddr == 8.8.8.8))", DivertFilterStringBuilder.MakeFilter(x => (x.Inbound && (x.Ip.SrcAddr == ip)) || (x.Outbound && (x.Ip.DstAddr == ip))));
        }