API tools faq
paste
Advertisement
Guest User

WFP Invalid Enumerator

a guest
May 29th, 2016
688
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 26.99 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2.  
  3. namespace WFP
  4. {
  5.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  6.     public struct SID_IDENTIFIER_AUTHORITY
  7.     {
  8.  
  9.         /// BYTE[6]
  10.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 6, ArraySubType = System.Runtime.InteropServices.UnmanagedType.I1)]
  11.         public byte[] Value;
  12.     }
  13.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  14.     public struct SID
  15.     {
  16.  
  17.         /// BYTE->unsigned char
  18.         public byte Revision;
  19.  
  20.         /// BYTE->unsigned char
  21.         public byte SubAuthorityCount;
  22.  
  23.         /// SID_IDENTIFIER_AUTHORITY->_SID_IDENTIFIER_AUTHORITY
  24.         public SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
  25.  
  26.         /// DWORD[1]
  27.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 1, ArraySubType = System.Runtime.InteropServices.UnmanagedType.U4)]
  28.         public uint[] SubAuthority;
  29.     }
  30.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  31.     public struct SEC_WINNT_AUTH_IDENTITY_W
  32.     {
  33.  
  34.         /// unsigned short*
  35.         public System.IntPtr User;
  36.  
  37.         /// unsigned int
  38.         public uint UserLength;
  39.  
  40.         /// unsigned short*
  41.         public System.IntPtr Domain;
  42.  
  43.         /// unsigned int
  44.         public uint DomainLength;
  45.  
  46.         /// unsigned short*
  47.         public System.IntPtr Password;
  48.  
  49.         /// unsigned int
  50.         public uint PasswordLength;
  51.  
  52.         /// unsigned int
  53.         public uint Flags;
  54.     }
  55.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  56.     public struct FWP_BYTE_BLOB_
  57.     {
  58.  
  59.         /// UINT32->unsigned int
  60.         public uint size;
  61.  
  62.         /// UINT8*
  63.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPStr)]
  64.         public string data;
  65.     }
  66.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  67.     public struct FWPM_DISPLAY_DATA0_
  68.     {
  69.  
  70.         /// wchar_t*
  71.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
  72.         public string name;
  73.  
  74.         /// wchar_t*
  75.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
  76.         public string description;
  77.     }
  78.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  79.     public struct FWPM_SESSION0_
  80.     {
  81.  
  82.         /// GUID->_GUID
  83.         public Guid sessionKey;
  84.  
  85.         /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
  86.         public FWPM_DISPLAY_DATA0_ displayData;
  87.  
  88.         /// UINT32->unsigned int
  89.         public uint flags;
  90.  
  91.         /// UINT32->unsigned int
  92.         public uint txnWaitTimeoutInMSec;
  93.  
  94.         /// DWORD->unsigned int
  95.         public uint processId;
  96.  
  97.         /// SID*
  98.         public System.IntPtr sid;
  99.  
  100.         /// wchar_t*
  101.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
  102.         public string username;
  103.  
  104.         /// BOOL->int
  105.         public int kernelMode;
  106.     }
  107.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  108.     public struct FWPM_SUBLAYER0_
  109.     {
  110.  
  111.         /// GUID->_GUID
  112.         //public GUID subLayerKey;
  113.         public Guid subLayerKey;
  114.  
  115.         /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
  116.         public FWPM_DISPLAY_DATA0_ displayData;
  117.  
  118.         /// UINT16->unsigned short
  119.         public ushort flags;
  120.  
  121.         /// GUID*
  122.         public System.IntPtr providerKey;
  123.  
  124.         /// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
  125.         public FWP_BYTE_BLOB_ providerData;
  126.  
  127.         /// UINT16->unsigned short
  128.         public ushort weight;
  129.     }
  130.  
  131.     public enum FWP_DATA_TYPE_
  132.     {
  133.         /// FWP_EMPTY -> 0
  134.         FWP_EMPTY = 0,
  135.         FWP_UINT8 = (FWP_EMPTY + 1),
  136.         FWP_UINT16 = (FWP_UINT8 + 1),
  137.         FWP_UINT32 = (FWP_UINT16 + 1),
  138.         FWP_UINT64 = (FWP_UINT32 + 1),
  139.         FWP_INT8 = (FWP_UINT64 + 1),
  140.         FWP_INT16 = (FWP_INT8 + 1),
  141.         FWP_INT32 = (FWP_INT16 + 1),
  142.         FWP_INT64 = (FWP_INT32 + 1),
  143.         FWP_FLOAT = (FWP_INT64 + 1),
  144.         FWP_DOUBLE = (FWP_FLOAT + 1),
  145.         FWP_BYTE_ARRAY16_TYPE = (FWP_DOUBLE + 1),
  146.         FWP_BYTE_BLOB_TYPE = (FWP_BYTE_ARRAY16_TYPE + 1),
  147.         FWP_SID = (FWP_BYTE_BLOB_TYPE + 1),
  148.         FWP_SECURITY_DESCRIPTOR_TYPE = (FWP_SID + 1),
  149.         FWP_TOKEN_INFORMATION_TYPE = (FWP_SECURITY_DESCRIPTOR_TYPE + 1),
  150.         FWP_TOKEN_ACCESS_INFORMATION_TYPE = (FWP_TOKEN_INFORMATION_TYPE + 1),
  151.         FWP_UNICODE_STRING_TYPE = (FWP_TOKEN_ACCESS_INFORMATION_TYPE + 1),
  152.         FWP_BYTE_ARRAY6_TYPE = (FWP_UNICODE_STRING_TYPE + 1),
  153.         FWP_SINGLE_DATA_TYPE_MAX = 0xff,
  154.         FWP_V4_ADDR_MASK = (FWP_SINGLE_DATA_TYPE_MAX + 1),
  155.         FWP_V6_ADDR_MASK = (FWP_V4_ADDR_MASK + 1),
  156.         FWP_RANGE_TYPE = (FWP_V6_ADDR_MASK + 1),
  157.         FWP_DATA_TYPE_MAX = (FWP_RANGE_TYPE + 1)
  158.     }
  159.     public enum FWP_MATCH_TYPE_
  160.     {
  161.         FWP_MATCH_EQUAL = 0,
  162.         FWP_MATCH_GREATER = (FWP_MATCH_EQUAL + 1),
  163.         FWP_MATCH_LESS = (FWP_MATCH_GREATER + 1),
  164.         FWP_MATCH_GREATER_OR_EQUAL = (FWP_MATCH_LESS + 1),
  165.         FWP_MATCH_LESS_OR_EQUAL = (FWP_MATCH_GREATER_OR_EQUAL + 1),
  166.         FWP_MATCH_RANGE = (FWP_MATCH_LESS_OR_EQUAL + 1),
  167.         FWP_MATCH_FLAGS_ALL_SET = (FWP_MATCH_RANGE + 1),
  168.         FWP_MATCH_FLAGS_ANY_SET = (FWP_MATCH_FLAGS_ALL_SET + 1),
  169.         FWP_MATCH_FLAGS_NONE_SET = (FWP_MATCH_FLAGS_ANY_SET + 1),
  170.         FWP_MATCH_EQUAL_CASE_INSENSITIVE = (FWP_MATCH_FLAGS_NONE_SET + 1),
  171.         FWP_MATCH_NOT_EQUAL = (FWP_MATCH_EQUAL_CASE_INSENSITIVE + 1),
  172.         FWP_MATCH_TYPE_MAX = (FWP_MATCH_NOT_EQUAL + 1)
  173.     }
  174.  
  175.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
  176.     public struct FWP_BYTE_ARRAY16_
  177.     {
  178.  
  179.         /// UINT8[16]
  180.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = 16)]
  181.         public string byteArray16;
  182.     }
  183.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  184.     public struct SID_AND_ATTRIBUTES
  185.     {
  186.  
  187.         /// PSID->PVOID->void*
  188.         public System.IntPtr Sid;
  189.  
  190.         /// DWORD->unsigned int
  191.         public uint Attributes;
  192.     }
  193.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  194.     public struct FWP_TOKEN_INFORMATION
  195.     {
  196.  
  197.         /// ULONG->unsigned int
  198.         public uint sidCount;
  199.  
  200.         /// PSID_AND_ATTRIBUTES->_SID_AND_ATTRIBUTES*
  201.         public System.IntPtr sids;
  202.  
  203.         /// ULONG->unsigned int
  204.         public uint restrictedSidCount;
  205.  
  206.         /// PSID_AND_ATTRIBUTES->_SID_AND_ATTRIBUTES*
  207.         public System.IntPtr restrictedSids;
  208.     }
  209.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
  210.     public struct FWP_BYTE_ARRAY6_
  211.     {
  212.  
  213.         /// UINT8[6]
  214.         [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = 6)]
  215.         public string byteArray6;
  216.     }
  217.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  218.     public struct FWP_V4_ADDR_AND_MASK_
  219.     {
  220.  
  221.         /// UINT32->unsigned int
  222.         public uint addr;
  223.  
  224.         /// UINT32->unsigned int
  225.         public uint mask;
  226.     }
  227.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
  228.     public struct FWP_V6_ADDR_AND_MASK_
  229.     {
  230.  
  231.         /// UINT8[]
  232.         //[System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = -1)]
  233.         public string addr;
  234.  
  235.         /// UINT8->unsigned char
  236.         public byte prefixLength;
  237.     }
  238.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  239.     public struct FWP_RANGE0_
  240.     {
  241.  
  242.         /// FWP_VALUE0->FWP_VALUE0_
  243.         public FWP_VALUE0_ valueLow;
  244.  
  245.         /// FWP_VALUE0->FWP_VALUE0_
  246.         public FWP_VALUE0_ valueHigh;
  247.     }
  248.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  249.     public struct FWP_VALUE0_
  250.     {
  251.  
  252.         /// FWP_DATA_TYPE->FWP_DATA_TYPE_
  253.         public FWP_DATA_TYPE_ type;
  254.  
  255.         /// Anonymous_f2ca3d24_487b_42ae_9460_d9780fa4b512
  256.         /// UINT8->unsigned char
  257.         public byte uint8;
  258.  
  259.         /// UINT16->unsigned short
  260.         public ushort uint16;
  261.  
  262.         /// UINT32->unsigned int
  263.         public uint uint32;
  264.  
  265.         /// UINT64*
  266.         public System.IntPtr uint64;
  267.  
  268.         /// INT8->char
  269.         public byte int8;
  270.  
  271.         /// INT16->short
  272.         public short int16;
  273.  
  274.         /// INT32->int
  275.         public int int32;
  276.  
  277.         /// INT64*
  278.         public System.IntPtr int64;
  279.  
  280.         /// float
  281.         public float float32;
  282.  
  283.         /// double*
  284.         public System.IntPtr double64;
  285.  
  286.         /// FWP_BYTE_ARRAY16*
  287.         public System.IntPtr byteArray16;
  288.  
  289.         /// FWP_BYTE_BLOB*
  290.         public System.IntPtr byteBlob;
  291.  
  292.         /// SID*
  293.         public System.IntPtr sid;
  294.  
  295.         /// FWP_BYTE_BLOB*
  296.         public System.IntPtr sd;
  297.  
  298.         /// FWP_TOKEN_INFORMATION*
  299.         public System.IntPtr tokenInformation;
  300.  
  301.         /// FWP_BYTE_BLOB*
  302.         public System.IntPtr tokenAccessInformation;
  303.  
  304.         /// LPWSTR->WCHAR*
  305.         public System.IntPtr unicodeString;
  306.  
  307.         /// FWP_BYTE_ARRAY6*
  308.         public System.IntPtr byteArray6;
  309.     }
  310.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  311.     public struct FWP_CONDITION_VALUE0_
  312.     {
  313.  
  314.         /// FWP_DATA_TYPE->FWP_DATA_TYPE_
  315.         public FWP_DATA_TYPE_ type;
  316.  
  317.         /// Anonymous_996a93aa_94af_41d2_b6f5_471cbd2cf098
  318.         /// UINT8->unsigned char
  319.         public byte uint8;
  320.  
  321.         /// UINT16->unsigned short
  322.         public ushort uint16;
  323.  
  324.         /// UINT32->unsigned int
  325.         public uint uint32;
  326.  
  327.         /// UINT64*
  328.         public System.IntPtr uint64;
  329.  
  330.         /// INT8->char
  331.         public byte int8;
  332.  
  333.         /// INT16->short
  334.         public short int16;
  335.  
  336.         /// INT32->int
  337.         public int int32;
  338.  
  339.         /// INT64*
  340.         public System.IntPtr int64;
  341.  
  342.         /// float
  343.         public float float32;
  344.  
  345.         /// double*
  346.         public System.IntPtr double64;
  347.  
  348.         /// FWP_BYTE_ARRAY16*
  349.         public System.IntPtr byteArray16;
  350.  
  351.         /// FWP_BYTE_BLOB*
  352.         public System.IntPtr byteBlob;
  353.  
  354.         /// SID*
  355.         public System.IntPtr sid;
  356.  
  357.         /// FWP_BYTE_BLOB*
  358.         public System.IntPtr sd;
  359.  
  360.         /// FWP_TOKEN_INFORMATION*
  361.         public System.IntPtr tokenInformation;
  362.  
  363.         /// FWP_BYTE_BLOB*
  364.         public System.IntPtr tokenAccessInformation;
  365.  
  366.         /// LPWSTR->WCHAR*
  367.         public System.IntPtr unicodeString;
  368.  
  369.         /// FWP_BYTE_ARRAY6*
  370.         public System.IntPtr byteArray6;
  371.  
  372.         /// FWP_V4_ADDR_AND_MASK*
  373.         public System.IntPtr v4AddrMask;
  374.  
  375.         /// FWP_V6_ADDR_AND_MASK*
  376.         public System.IntPtr v6AddrMask;
  377.  
  378.         /// FWP_RANGE0*
  379.         public System.IntPtr rangeValue;
  380.     }
  381.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  382.     public struct FWPM_FILTER_CONDITION0_
  383.     {
  384.  
  385.         /// GUID->_GUID
  386.         //public GUID fieldKey;
  387.         public Guid fieldKey;
  388.  
  389.         /// FWP_MATCH_TYPE->FWP_MATCH_TYPE_
  390.         public FWP_MATCH_TYPE_ matchType;
  391.  
  392.         /// FWP_CONDITION_VALUE0_
  393.         public FWP_CONDITION_VALUE0_ conditionValue;
  394.     }
  395.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  396.     public struct FWPM_ACTION0_
  397.     {
  398.  
  399.         /// FWP_ACTION_TYPE
  400.         public uint type;
  401.  
  402.         /// Anonymous_2997c82f_b552_43d7_a71b_526008c4825c
  403.         public Guid filterType;
  404.  
  405.         /// GUID->_GUID
  406.         public Guid calloutKey;
  407.     }
  408.     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
  409.     public struct FWPM_FILTER0_
  410.     {
  411.  
  412.         /// GUID->_GUID
  413.         //public GUID filterKey;
  414.         public Guid filterKey;
  415.  
  416.         /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
  417.         public FWPM_DISPLAY_DATA0_ displayData;
  418.  
  419.         /// UINT32->unsigned int
  420.         public uint flags;
  421.  
  422.         /// GUID*
  423.         public System.IntPtr providerKey;
  424.  
  425.         /// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
  426.         public FWP_BYTE_BLOB_ providerData;
  427.  
  428.         /// GUID->_GUID
  429.         //public GUID layerKey;
  430.         public Guid layerKey;
  431.  
  432.         /// GUID->_GUID
  433.         //public GUID subLayerKey;
  434.         public Guid subLayerKey;
  435.  
  436.         /// FWP_VALUE0->FWP_VALUE0_
  437.         public FWP_VALUE0_ weight;
  438.  
  439.         /// UINT32->unsigned int
  440.         public uint numFilterConditions;
  441.  
  442.         /// FWPM_FILTER_CONDITION0*
  443.         public System.IntPtr filterCondition;
  444.  
  445.         /// FWPM_ACTION0->FWPM_ACTION0_
  446.         public FWPM_ACTION0_ action;
  447.  
  448.         /// Anonymous_9e7af134_1c75_45df_ba40_12e91eb0542c
  449.         /// UINT64->unsigned __int64
  450.         public ulong rawContext;
  451.  
  452.         /// GUID->_GUID
  453.         public Guid providerContextKey;
  454.  
  455.         /// GUID*
  456.         public System.IntPtr reserved;
  457.  
  458.         /// UINT64->unsigned __int64
  459.         public ulong filterId;
  460.         //public IntPtr filterId;
  461.  
  462.         /// FWP_VALUE0->FWP_VALUE0_
  463.         public FWP_VALUE0_ effectiveWeight;
  464.     }
  465.  
  466.  
  467.     public partial class NativeConstants
  468.     {
  469.         /// FWPM_CALLOUT_FLAG_PERSISTENT -> (0x00010000)
  470.         public const int FWPM_CALLOUT_FLAG_PERSISTENT = 65536;
  471.         /// FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT -> (0x00020000)
  472.         public const int FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT = 131072;
  473.         /// FWPM_CALLOUT_FLAG_REGISTERED -> (0x00040000)
  474.         public const int FWPM_CALLOUT_FLAG_REGISTERED = 262144;
  475.         /// FWP_ACTION_FLAG_TERMINATING -> (0x00001000)
  476.         public const int FWP_ACTION_FLAG_TERMINATING = 4096;
  477.         /// FWP_ACTION_FLAG_NON_TERMINATING -> (0x00002000)
  478.         public const int FWP_ACTION_FLAG_NON_TERMINATING = 8192;
  479.         /// FWP_ACTION_FLAG_CALLOUT -> (0x00004000)
  480.         public const int FWP_ACTION_FLAG_CALLOUT = 16384;
  481.         /// FWP_ACTION_BLOCK -> (0x00000001 | FWP_ACTION_FLAG_TERMINATING)
  482.         public const int FWP_ACTION_BLOCK = (1 | NativeConstants.FWP_ACTION_FLAG_TERMINATING);
  483.         /// FWP_ACTION_PERMIT -> (0x00000002 | FWP_ACTION_FLAG_TERMINATING)
  484.         public const int FWP_ACTION_PERMIT = (2 | NativeConstants.FWP_ACTION_FLAG_TERMINATING);
  485.         /// FWP_ACTION_CALLOUT_TERMINATING -> (0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING)
  486.         public const int FWP_ACTION_CALLOUT_TERMINATING = (3 | (NativeConstants.FWP_ACTION_FLAG_CALLOUT | NativeConstants.FWP_ACTION_FLAG_TERMINATING));
  487.         /// FWP_ACTION_CALLOUT_INSPECTION -> (0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING)
  488.         public const int FWP_ACTION_CALLOUT_INSPECTION = (4 | (NativeConstants.FWP_ACTION_FLAG_CALLOUT | NativeConstants.FWP_ACTION_FLAG_NON_TERMINATING));
  489.         /// FWP_ACTION_CALLOUT_UNKNOWN -> (0x00000005 | FWP_ACTION_FLAG_CALLOUT)
  490.         public const int FWP_ACTION_CALLOUT_UNKNOWN = (5 | NativeConstants.FWP_ACTION_FLAG_CALLOUT);
  491.         /// FWP_ACTION_CONTINUE -> (0x00000006 | FWP_ACTION_FLAG_NON_TERMINATING)
  492.         public const int FWP_ACTION_CONTINUE = (6 | NativeConstants.FWP_ACTION_FLAG_NON_TERMINATING);
  493.         /// FWP_ACTION_NONE -> (0x00000007)
  494.         public const int FWP_ACTION_NONE = 7;
  495.         /// FWP_ACTION_NONE_NO_MATCH -> (0x00000008)
  496.         public const int FWP_ACTION_NONE_NO_MATCH = 8;
  497.         /// FWPM_FILTER_FLAG_NONE -> (0x00000000)
  498.         public const int FWPM_FILTER_FLAG_NONE = 0;
  499.         /// FWPM_FILTER_FLAG_PERSISTENT -> (0x00000001)
  500.         public const int FWPM_FILTER_FLAG_PERSISTENT = 1;
  501.         /// FWPM_FILTER_FLAG_BOOTTIME -> (0x00000002)
  502.         public const int FWPM_FILTER_FLAG_BOOTTIME = 2;
  503.         /// FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT -> (0x00000004)
  504.         public const int FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT = 4;
  505.         /// FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT -> (0x00000008)
  506.         public const int FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT = 8;
  507.         /// FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED -> (0x00000010)
  508.         public const int FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED = 16;
  509.         /// FWPM_FILTER_FLAG_DISABLED -> (0x00000020)
  510.         public const int FWPM_FILTER_FLAG_DISABLED = 32;
  511.         /// FWPM_FILTER_FLAG_INDEXED -> (0x00000040)
  512.         public const int FWPM_FILTER_FLAG_INDEXED = 64;
  513.     }
  514.  
  515.     public partial class NativeMethods
  516.     {
  517.  
  518.         /// Return Type: DWORD->unsigned int
  519.         ///serverName: wchar_t*
  520.         ///authnService: UINT32->unsigned int
  521.         ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
  522.         ///session: FWPM_SESSION0*
  523.         ///engineHandle: HANDLE*
  524.         [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmEngineOpen0")]
  525.         public static extern uint FwpmEngineOpen0([System.Runtime.InteropServices.InAttribute()] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] string serverName, uint authnService, [System.Runtime.InteropServices.InAttribute()] System.IntPtr authIdentity, [System.Runtime.InteropServices.InAttribute()] System.IntPtr session, ref System.IntPtr engineHandle);
  526.        
  527.         /// Return Type: DWORD->unsigned int
  528.         ///serverName: wchar_t*
  529.         ///authnService: UINT32->unsigned int
  530.         ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
  531.         ///session: FWPM_SESSION0*
  532.         ///engineHandle: HANDLE*
  533.         [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmEngineClose0")]
  534.         public static extern uint FwpmEngineClose0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle);
  535.  
  536.         /// Return Type: DWORD->unsigned int
  537.         ///engineHandle: HANDLE->void*
  538.         ///filter: FWPM_FILTER0*
  539.         ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
  540.         ///id: UINT64*
  541.         [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmFilterAdd0")]
  542.         public static extern uint FwpmFilterAdd0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, [System.Runtime.InteropServices.InAttribute()] ref FWPM_FILTER0_ filter, [System.Runtime.InteropServices.InAttribute()] System.IntPtr sd, ref ulong id);
  543.  
  544.         /// Return Type: DWORD->unsigned int
  545.         ///engineHandle: HANDLE->void*
  546.         ///id: UINT64->unsigned __int64
  547.         [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmFilterDeleteById0")]
  548.         public static extern uint FwpmFilterDeleteById0(System.IntPtr engineHandle, ref ulong id);
  549.  
  550.         /// Return Type: DWORD->unsigned int
  551.         ///engineHandle: HANDLE->void*
  552.         ///subLayer: FWPM_SUBLAYER0*
  553.         ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
  554.         [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmSubLayerAdd0")]
  555.         public static extern uint FwpmSubLayerAdd0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, [System.Runtime.InteropServices.InAttribute()] ref FWPM_SUBLAYER0_ subLayer, [System.Runtime.InteropServices.InAttribute()] System.IntPtr sd);
  556.  
  557.         /// Return Type: DWORD->unsigned int
  558.         ///engineHandle: HANDLE->void*
  559.         ///key: GUID*
  560.         [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmSubLayerDeleteByKey0")]
  561.         public static extern uint FwpmSubLayerDeleteByKey0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, ref Guid key);
  562.     }
  563.  
  564.  
  565.  
  566.     internal static class Extensions
  567.     {
  568.         public static FWP_V4_ADDR_AND_MASK_[] ToFwpV4AddrAndMask(this IPHostEntry obj)
  569.         {
  570.             var ret = new List<FWP_V4_ADDR_AND_MASK_>();
  571.  
  572.             foreach (var ipAddress in obj.AddressList)
  573.             {
  574.                 if (ipAddress.AddressFamily == AddressFamily.InterNetwork)
  575.                 {
  576.                     var addr = BitConverter.ToUInt32(ipAddress.GetAddressBytes().Reverse().ToArray(), 0);
  577.                     if (ret.All(x => x.addr != addr))
  578.                     {
  579.                         ret.Add(new FWP_V4_ADDR_AND_MASK_
  580.                         {
  581.                             addr = addr,
  582.                             mask = 0xFFFFFFFF
  583.                         });
  584.                     }
  585.                 }
  586.             }
  587.  
  588.             return ret.ToArray();
  589.         }
  590.  
  591.         public static IntPtr ToIntPtr(this object obj)
  592.         {
  593.             var handle = GCHandle.Alloc(obj);
  594.             return GCHandle.ToIntPtr(handle);
  595.         }
  596.     }
  597.  
  598.  
  599. class Program
  600.     {
  601.         #region Authentication Service Constants
  602.  
  603.         const uint RPC_C_AUTHN_NONE = 0;
  604.         const uint RPC_C_AUTHN_DCE_PRIVATE = 1;
  605.         const uint RPC_C_AUTHN_DCE_PUBLIC = 2;
  606.         const uint RPC_C_AUTHN_DEC_PUBLIC = 4;
  607.         const uint RPC_C_AUTHN_GSS_NEGOTIATE = 9;
  608.         const uint RPC_C_AUTHN_WINNT = 10;
  609.         const uint RPC_C_AUTHN_GSS_SCHANNEL = 14;
  610.         const uint RPC_C_AUTHN_GSS_KERBEROS = 16;
  611.         const uint RPC_C_AUTHN_DPA = 17;
  612.         const uint RPC_C_AUTHN_MSN = 18;
  613.         const uint RPC_C_AUTHN_DIGEST = 21;
  614.         const uint RPC_C_AUTHN_NEGO_EXTENDER = 30;
  615.         const uint RPC_C_AUTHN_MQ = 100;
  616.         const uint RPC_C_AUTHN_DEFAULT = 0xffffffff;
  617.  
  618.         #endregion
  619.  
  620.         #region Filter Keys
  621.  
  622.         private static Guid FWPM_CONDITION_FLAGS = new Guid("{632ce23b-5167-435c-86d7-e903684aa80c}");
  623.         private static Guid FWPM_CONDITION_INTERFACE_INDEX = new Guid("{667fd755-d695-434a-8af5-d3835a1259bc}");
  624.         private static Guid FWPM_CONDITION_INTERFACE_TYPE = new Guid("{daf8cd14-e09e-4c93-a5ae-c5c13b73ffca}");
  625.         private static Guid FWPM_CONDITION_IP_LOCAL_ADDRESS = new Guid("{d9ee00de-c1ef-4617-bfe3-ffd8f5a08957}");
  626.         private static Guid FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE = new Guid("{6ec7f6c4-376b-45d7-9e9c-d337cedcd237}");
  627.         private static Guid FWPM_CONDITION_IP_LOCAL_INTERFACE = new Guid("{4cd62a49-59c3-4969-b7f3-bda5d32890a4}");
  628.         private static Guid FWPM_CONDITION_IP_LOCAL_PORT = new Guid("{0c1ba1af-5765-453f-af22-a8f791ac775b}");
  629.         private static Guid FWPM_CONDITION_IP_PROTOCOL = new Guid("{3971ef2b-623e-4f9a-8cb1-6e79b806b9a7}");
  630.         private static Guid FWPM_CONDITION_IP_REMOTE_ADDRESS = new Guid("{b235ae9a-1d64-49b8-a44c-5ff3d9095045}");
  631.         private static Guid FWPM_CONDITION_IP_REMOTE_PORT = new Guid("{c35a604d-d22b-4e1a-91b4-68f674ee674b}");
  632.         private static Guid FWPM_CONDITION_SUB_INTERFACE_INDEX = new Guid("{0cd42473-d621-4be3-ae8c-72a348d283e1}");
  633.         private static Guid FWPM_CONDITION_TUNNEL_TYPE = new Guid("{77a40437-8779-4868-a261-f5a902f1c0cd}");
  634.  
  635.         #endregion
  636.  
  637.         #region Layer Keys
  638.  
  639.         private static Guid FWPM_LAYER_INBOUND_IPPACKET_V4 = new Guid("{c86fd1bf-21cd-497e-a0bb-17425c885c58}");
  640.         private static Guid FWPM_LAYER_OUTBOUND_IPPACKET_V4 = new Guid("{1e5c9fae-8a84-4135-a331-950b54229ecd}");
  641.         private static Guid FWPM_LAYER_INBOUND_TRANSPORT_V4 = new Guid("{5926dfc8-e3cf-4426-a283-dc393f5d0f9d}");
  642.  
  643.         #endregion
  644.  
  645.         private static readonly List<FWP_V4_ADDR_AND_MASK_> SitesList = new List<FWP_V4_ADDR_AND_MASK_>();
  646.         private static IntPtr _engineHandle;
  647.         private static Guid _subLayerGuid;
  648.         private static readonly List<FWPM_FILTER0_> Filters = new List<FWPM_FILTER0_>();
  649.  
  650.         static void Main(string[] args)
  651.         {
  652.             // Get a list of FWP_V4_ADDR_MASK
  653.             SitesList.AddRange(Dns.GetHostEntry("facebook.com").ToFwpV4AddrAndMask());
  654.             SitesList.AddRange(Dns.GetHostEntry("www.facebook.com").ToFwpV4AddrAndMask());
  655.  
  656.             // Create Guid for sublayer
  657.             _subLayerGuid = Guid.NewGuid();
  658.  
  659.             // Create sublayer
  660.             var subLayer = new FWPM_SUBLAYER0_
  661.             {
  662.                 displayData = new FWPM_DISPLAY_DATA0_
  663.                 {
  664.                     name = "MyFirewall",
  665.                     description = "MyFirewall"
  666.                 },
  667.                 subLayerKey = _subLayerGuid
  668.             };
  669.  
  670.             // Create a filter condition for each FWP_V4_ADDR_MASK
  671.             var filterConditions = new List<FWPM_FILTER_CONDITION0_>();
  672.             foreach (var site in SitesList)
  673.             {
  674.                 filterConditions.Add(new FWPM_FILTER_CONDITION0_
  675.                 {
  676.                     fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS,
  677.                     matchType = FWP_MATCH_TYPE_.FWP_MATCH_EQUAL,
  678.                     conditionValue = new FWP_CONDITION_VALUE0_
  679.                     {
  680.                         type = FWP_DATA_TYPE_.FWP_V4_ADDR_MASK,
  681.                         v4AddrMask = site.ToIntPtr()
  682.                     }
  683.                 });
  684.             }
  685.  
  686.             // Create a filter with the condition list above
  687.             var filterIn = new FWPM_FILTER0_
  688.             {
  689.                 subLayerKey = _subLayerGuid,
  690.                 layerKey = FWPM_LAYER_INBOUND_IPPACKET_V4,
  691.                 displayData = new FWPM_DISPLAY_DATA0_
  692.                 {
  693.                     name = "Filter to block inbound ipv4 traffic to sites given as argument"
  694.                 },
  695.                 action = new FWPM_ACTION0_
  696.                 {
  697.                     type = NativeConstants.FWP_ACTION_BLOCK
  698.                 },
  699.                 filterCondition = filterConditions.ToIntPtr(),
  700.                 numFilterConditions = (uint)filterConditions.Count,
  701.                 weight = new FWP_VALUE0_
  702.                 {
  703.                     type = FWP_DATA_TYPE_.FWP_UINT8,
  704.                     uint8 = 0x00
  705.                 }
  706.             };
  707.  
  708.             // Open engine
  709.             var hr = NativeMethods.FwpmEngineOpen0(null, RPC_C_AUTHN_WINNT, IntPtr.Zero, IntPtr.Zero, ref _engineHandle);
  710.             Marshal.ThrowExceptionForHR((int)hr);
  711.             // Add sublayer
  712.             hr = NativeMethods.FwpmSubLayerAdd0(_engineHandle, ref subLayer, IntPtr.Zero);
  713.             Marshal.ThrowExceptionForHR((int)hr);
  714.             // Add filter
  715.             hr = NativeMethods.FwpmFilterAdd0(_engineHandle, ref filterIn, IntPtr.Zero, ref filterIn.filterId);
  716.             Marshal.ThrowExceptionForHR((int)hr);
  717.         }
  718. }
  719. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!