public unsafe void SendPacket(Packets.Packet pkt)
{
bool worked = false;
if (pkt.Outbound)
{
ETH_REQUEST Request = new ETH_REQUEST();
INTERMEDIATE_BUFFER *ib = pkt.IB;
Request.EthPacket.Buffer = (IntPtr)ib;
Request.hAdapterHandle = adapterHandle;
if (!Ndisapi.SendPacketToAdapter(hNdisapi, ref Request))
{
worked = false;
}
else
{
worked = true;
}
}
else
{
ETH_REQUEST Request = new ETH_REQUEST();
INTERMEDIATE_BUFFER *ib = pkt.IB;
Request.EthPacket.Buffer = (IntPtr)ib;
Request.hAdapterHandle = adapterHandle;
worked = Ndisapi.SendPacketToMstcp(hNdisapi, ref Request);
}
if (pkt.CodeGenerated)
{
pkt.ClearGeneratedPacket();
}
}
void NewAdaptersLoop()
{
try
{
while (true)
{
Thread.Sleep(5000);
if (!isNdisFilterDriverOpen)
{
OpenDriver();
}
allAdapters = NetworkInterface.GetAllNetworkInterfaces();
TCP_AdapterList adList = new TCP_AdapterList();
Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList);
for (int x = 0; x < currentAdapters.Count; x++)
{
for (int y = 0; y < adList.m_nAdapterCount; y++)
{
if (adList.m_nAdapterHandle[y] == currentAdapters[x].adapterHandle)
{
string name = Encoding.ASCII.GetString(adList.m_szAdapterNameList, y * 256, 256);
currentAdapters[x].UpdateNetworkInterface(name.Substring(0, name.IndexOf((char)0x00)));
}
}
}
for (int x = 0; x < adList.m_nAdapterCount; x++)
{
bool found = false;
for (int y = 0; y < currentAdapters.Count; y++)
{
if (adList.m_nAdapterHandle[x] == currentAdapters[y].adapterHandle)
{
found = true;
}
}
if (!found)
{
WinpkFilter newAdapter = new WinpkFilter(hNdisapi, adList.m_nAdapterHandle[x], Encoding.ASCII.GetString(adList.m_szAdapterNameList, x * 256, 256));
if (newAdapter.GetAdapterInformation() != null && !string.IsNullOrEmpty(newAdapter.GetAdapterInformation().Name))
{
//lock (newAdapters)
//{
newAdapters.Add(newAdapter);
//}
}
}
}
}
}
catch (ThreadAbortException) { }
catch (Exception e)
{
LogCenter.Instance.LogException(e);
}
}
void NewAdaptersLoop()
{
try
{
while (true)
{
Thread.Sleep(1000);
if (!isNdisFilterDriverOpen)
{
OpenDriver();
}
TCP_AdapterList adList = new TCP_AdapterList();
Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList);
for (int x = 0; x < currentAdapters.Count; x++)
{
for (int y = 0; y < adList.m_nAdapterCount; y++)
{
if (adList.m_nAdapterHandle[y] == currentAdapters[x].adapterHandle)
{
currentAdapters[x].UpdateNetworkInterface(Encoding.ASCII.GetString(adList.m_szAdapterNameList, y * 256, 256));
}
}
}
for (int x = 0; x < adList.m_nAdapterCount; x++)
{
bool found = false;
for (int y = 0; y < currentAdapters.Count; y++)
{
if (adList.m_nAdapterHandle[x] == currentAdapters[y].adapterHandle)
{
found = true;
}
}
if (!found)
{
WinpkFilter newAdapter = new WinpkFilter(hNdisapi, adList.m_nAdapterHandle[x], Encoding.ASCII.GetString(adList.m_szAdapterNameList, x * 256, 256));
if (newAdapter.GetAdapterInformation() != null && !string.IsNullOrEmpty(newAdapter.GetAdapterInformation().Name))
{
lock (newAdapters)
{
newAdapters.Add(newAdapter);
}
}
}
}
}
}
catch (ThreadAbortException tae) { }
}
public static unsafe string ConvertAdapterName(byte *bAdapterName, uint dwPlatformId, uint dwMajorVersion)
{
byte[] szAdapterName = new byte[256];
bool success = false;
string res = null;
fixed(byte *pbFriendlyName = szAdapterName)
{
if (dwPlatformId == 2 /*VER_PLATFORM_WIN32_NT*/)
{
if (dwMajorVersion > 4)
{
// Windows 2000 or XP
success = Ndisapi.ConvertWindows2000AdapterName(bAdapterName, pbFriendlyName, (uint)szAdapterName.Length);
}
else if (dwMajorVersion == 4)
{
// Windows NT 4.0
success = Ndisapi.ConvertWindowsNTAdapterName(bAdapterName, pbFriendlyName, (uint)szAdapterName.Length);
}
}
else
{
// Windows 9x/ME
success = Ndisapi.ConvertWindows9xAdapterName(bAdapterName, pbFriendlyName, (uint)szAdapterName.Length);
}
if (success)
{
int zero_index = 0;
while (zero_index < 256 && szAdapterName[zero_index] != 0)
{
++zero_index;
}
res = System.Text.Encoding.ASCII.GetString(szAdapterName, 0, zero_index);
}
}
return(res);
}
public void OpenDriver()
{
if (hNdisapi != IntPtr.Zero)
{
LogCenter.Instance.LogDebugMessage("Bad state was found, attempting to open the NDIS Filter Driver while the IntPtr != IntPtr.Zero, continuing");
}
hNdisapi = Ndisapi.OpenFilterDriver(Ndisapi.NDISRD_DRIVER_NAME);
TCP_AdapterList adList = new TCP_AdapterList();
Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList);
if (adList.m_nAdapterCount == 0)
{
LogCenter.Instance.LogDebugMessage("No adapters found on this driver interface");
return;
}
isNdisFilterDriverOpen = true;
if (updateThread == null)
{
updateThread = new Thread(NewAdaptersLoop);
updateThread.Name = "WinpkFilterList New Adapters Loop";
updateThread.Start();
}
}
public void CloseDriver()
{
Ndisapi.CloseFilterDriver(hNdisapi);
isNdisFilterDriverOpen = false;
}
void UpdateCurrentAdapters()
{
bool succeeded = false;
while (!succeeded)
{
if (!isNdisFilterDriverOpen)
{
OpenDriver();
}
TCP_AdapterList adList = new TCP_AdapterList();
Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList);
List <WinpkFilter> tempList = new List <WinpkFilter>();
//Populate with current adapters
List <WinpkFilter> notFound = new List <WinpkFilter>();
for (int x = 0; x < currentAdapters.Count; x++)
{
bool found = false;
for (int y = 0; y < adList.m_nAdapterCount; y++)
{
if (adList.m_nAdapterHandle[y] == currentAdapters[x].adapterHandle)
{
currentAdapters[x].UpdateNetworkInterface(Encoding.ASCII.GetString(adList.m_szAdapterNameList, y * 256, 256));
tempList.Add(currentAdapters[x]);
found = true;
}
}
if (!found)
{
notFound.Add(currentAdapters[x]);
}
}
//Deal with no longer existant adapters
for (int x = 0; x < notFound.Count; x++)
{
notFound[x].StopProcessing();
}
//Adding any new adapters
for (int x = 0; x < adList.m_nAdapterCount; x++)
{
bool found = false;
for (int y = 0; y < currentAdapters.Count; y++)
{
if (adList.m_nAdapterHandle[x] == currentAdapters[y].adapterHandle)
{
found = true;
}
}
if (!found)
{
WinpkFilter newAdapter = new WinpkFilter(hNdisapi, adList.m_nAdapterHandle[x], Encoding.ASCII.GetString(adList.m_szAdapterNameList, x * 256, 256));
if (newAdapter.GetAdapterInformation() != null && !string.IsNullOrEmpty(newAdapter.GetAdapterInformation().Name))
{
tempList.Add(newAdapter);
}
}
}
currentAdapters = new List <WinpkFilter>(tempList);
succeeded = true;
}
}
void SetPacketEvent()
{
hEvent = new ManualResetEvent(false);
Ndisapi.SetPacketEvent(hNdisapi, adapterHandle, hEvent.SafeWaitHandle);
}
void SetAdapterMode()
{
mode.dwFlags = Ndisapi.MSTCP_FLAG_SENT_TUNNEL | Ndisapi.MSTCP_FLAG_RECV_TUNNEL;
mode.hAdapterHandle = adapterHandle;
Ndisapi.SetAdapterMode(hNdisapi, ref mode);
}
public unsafe void ProcessLoop()
{
// Allocate and initialize packet structures
ETH_REQUEST Request = new ETH_REQUEST();
INTERMEDIATE_BUFFER PacketBuffer = new INTERMEDIATE_BUFFER();
IntPtr PacketBufferIntPtr = Marshal.AllocHGlobal(Marshal.SizeOf(PacketBuffer));
try
{
win32api.ZeroMemory(PacketBufferIntPtr, Marshal.SizeOf(PacketBuffer));
Request.hAdapterHandle = adapterHandle;
Request.EthPacket.Buffer = PacketBufferIntPtr;
Modules = new ModuleList(this);
Modules.LoadExternalModules();
Modules.UpdateModuleOrder();
string folder = Configuration.ConfigurationManagement.Instance.ConfigurationPath;
folder = folder + System.IO.Path.DirectorySeparatorChar + "pcapLogs";
if (!System.IO.Directory.Exists(folder))
{
System.IO.Directory.CreateDirectory(folder);
}
string f = folder + System.IO.Path.DirectorySeparatorChar + "blocked-" + inter.Name + "-" + DateTime.Now.ToBinary() + ".pcap";
pcaplog = new PcapFileWriter(f);
INTERMEDIATE_BUFFER *PacketPointer;
while (true)
{
hEvent.WaitOne();
while (Ndisapi.ReadPacket(hNdisapi, ref Request))
{
PacketPointer = (INTERMEDIATE_BUFFER *)PacketBufferIntPtr;
Packet pkt = new EthPacket(PacketPointer).MakeNextLayerPacket();
if (pkt.Outbound)
{
inter.DataOut.AddBits(pkt.Length());
}
else
{
inter.DataIn.AddBits(pkt.Length());
}
bool drop = false;
bool log = false;
if (this.Filtering)
{
for (int x = 0; x < Modules.Count; x++)
{
NDISModule fm = Modules.GetModule(x);
int pmr = fm.PacketMain(ref pkt);
if (pmr == null)
{
continue;
}
if ((pmr & (int)PacketMainReturnType.LogPacket) == (int)PacketMainReturnType.LogPacket)
{
log = true;
}
if ((pmr & (int)PacketMainReturnType.Drop) == (int)PacketMainReturnType.Drop)
{
drop = true;
break;
}
}
}
if (!drop && !DropAll)
{
if (pkt.Outbound)
{
Ndisapi.SendPacketToAdapter(hNdisapi, ref Request);
}
else
{
Ndisapi.SendPacketToMstcp(hNdisapi, ref Request);
}
}
if (log)
{
pcaplog.AddPacket(pkt.Data(), (int)pkt.Length());
}
}
//OM NOM NOM PASTA!
while (processQueue.Count != 0)
{
Packet pkt = processQueue.Dequeue().MakeNextLayerPacket();
if (pkt.Outbound)
{
inter.DataOut.AddBits(pkt.Length());
}
else
{
inter.DataIn.AddBits(pkt.Length());
}
bool drop = false;
bool log = false;
if (this.Filtering)
{
for (int x = 0; x < Modules.Count; x++)
{
NDISModule fm = Modules.GetModule(x);
int pmr = fm.PacketMain(ref pkt);
if (pmr == 0)
{
continue;
}
if ((pmr & (int)PacketMainReturnType.LogPacket) == (int)PacketMainReturnType.LogPacket)
{
log = true;
}
if ((pmr & (int)PacketMainReturnType.Drop) == (int)PacketMainReturnType.Drop)
{
drop = true;
break;
}
}
}
if (!drop && !DropAll)
{
if (pkt.Outbound)
{
Ndisapi.SendPacketToAdapter(hNdisapi, ref Request);
}
else
{
Ndisapi.SendPacketToMstcp(hNdisapi, ref Request);
}
}
if (log)
{
pcaplog.AddPacket(pkt.Data(), (int)pkt.Length());
}
}
hEvent.Reset();
}
}
catch (Exception tae)
{
Marshal.FreeHGlobal(PacketBufferIntPtr);
}
}