| 运用Hook技术实现的软件防火墙 |
| |
| 引用本文: | 周剑岚,冯珊.运用Hook技术实现的软件防火墙[J].华中科技大学学报(自然科学版),2004,32(3):83-85. |
| |
| 作者姓名: | 周剑岚 冯珊 |
| |
| 作者单位: | 华中科技大学,系统工程研究所,湖北,武汉,430074;华中科技大学,系统工程研究所,湖北,武汉,430074 |
| |
| 基金项目: | 国家自然科学基金九五重大项目 (79990 5 80 ) |
| |
| 摘 要: | 提出利用Hook系统核心函数方法来实现软件防火墙.操作系统在加载NDIS驱动程序时,将NDIS协议特征结构表中的API函数映射到内存中.通过在内存中定位这些API地址,按照PE格式将导出表中的函数地址替换成自定义的函数地址,在操作系统调用系统自身API函数前,先进行自定义函数的处理,实现对数据包的过滤.
|
| 关 键 词: | 挂钩技术 网络驱动接口规范 软件防火墙 |
| 文章编号: | 1671-4512(2004)03-0083-03 |
| 修稿时间: | 2003年7月28日 |
The implementation of software firewall based on Hook technology |
| |
| Zhou Jianlan Feng Shan Zhou Jianlan Doctoral Candidate, Inst. of Systems Eng.,Huazhong Univ. of Sci. & Tech.,Wuhan ,China..The implementation of software firewall based on Hook technology[J].JOURNAL OF HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY.NATURE SCIENCE,2004,32(3):83-85. |
| |
| Authors: | Zhou Jianlan Feng Shan Zhou Jianlan Doctoral Candidate Inst of Systems Eng Huazhong Univ of Sci & Tech Wuhan China |
| |
| Institution: | Zhou Jianlan Feng Shan Zhou Jianlan Doctoral Candidate, Inst. of Systems Eng.,Huazhong Univ. of Sci. & Tech.,Wuhan 430074,China. |
| |
| Abstract: | A new method to implement software firewall based on hooking system kernel functions was brought forward. When operating system uploads NDIS driver, it reflects API functions of NDIS protocol characteristics table into memory. By orienting these API addresses in memory, replacing them in export table by user-defined functions addresses according to PE rule, it can deal with theses user-defined functions before operating system manages its API functions, so filter net packets. |
| |
| Keywords: | Hook technology Network Driver Interface Specification (NDIS) software firewall |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
