Windows驱动程序技术的研究及在DFW中的应用

W indows传输驱动程序接口(Transport D river Interface,TD I)技术是实现分布式防火墙的主要技术之一。由于W indows系统不是一个开放系统,因此在TD I上实现封包截获的驱动程序存在较大困难。研究了W indows的TD I技术,包括输入输出请求包的结构和处理过程、几种重要的内核模式驱动对象及它们之间的联系,介绍了如何在TD I上设计驱动程序及其调试方法。在设计基于W in-dows平台的分布式防火墙系统中,采用TD I技术实现了数据包的截获,为今后对数据包进行分析、过滤和加解密打下了基础。

The Research on the Windows' Driver Technology and Its Application to the Distributed Firewall

The Transport Driver Interface(TDI) in the Windows operating system is one of the primary technologies implementing Distributed Firewalls.Because the Windows operating system is not of open-source,the implementation of driver of packet-interception on TDI has a lot of obstacles.This paper analyzes some technologies of TDI in the Windows,including the structure of Input/Output Request Packet and its procedures of processing,some major kernel-mode driver objects and the relationships among them.It introduces the design of driver and its debugging methods.In the design process of Distributed Firewall systems based on Windows,we adopt the TDI technology to implement the interception of data packets,which can be used for the analysis,filtering,encoding and decoding of data packets.