API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 20th, 2020
2,260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 17.45 KB | None | 0 0
raw download clone embed print report
  1. #include <initguid.h>
  2. #include <ntddk.h>
  3. #define NDIS620
  4. #include <ndis.h>
  5. #include <fwpsk.h>
  6. #include <fwpmk.h>
  7. #include <ip2string.h>
  8. #include <mstcpip.h>
  9.  
  10. #define WPP_CONTROL_GUIDS \
  11.     WPP_DEFINE_CONTROL_GUID(Default, (81C29CFA,1DD4,4177,9B97,8A361B74B246), \
  12.         WPP_DEFINE_BIT(Default) \
  13.     )
  14.  
  15. #include "main.tmh"
  16.  
  17. #define DNS_PORT 53
  18.  
  19. // DNS host the client wants to connect to
  20. #define DNS_HOST_ORIGINAL 0x0292A8C0 // 192.168.146.2
  21.  
  22. // DNS host the client is redirected to
  23. #define DNS_HOST_REDIRECT 0x08080808 // 8.8.8.8
  24.  
  25. #pragma pack(push, 1)
  26.  
  27. typedef struct _IPV4_HEADER
  28. {
  29.     UINT8  VersionAndHeaderLength;
  30.     UINT8  TypeOfService;
  31.     UINT16 TotalLength;
  32.     UINT16 Identification;
  33.     UINT16 FlagsAndFragmentOffset;
  34.     UINT8  TimeToLive;
  35.     UINT8  Protocol;
  36.     UINT16 Checksum;
  37.     UINT32 SourceAddress;
  38.     UINT32 DestinationAddress;
  39. } IPV4_HEADER, *PIPV4_HEADER;
  40.  
  41. #pragma pack(pop)
  42.  
  43. HANDLE g_InjectionHandle = NULL;
  44. HANDLE g_EngineHandle = NULL;
  45. GUID g_SessionKey = { 0 };
  46. GUID g_ProviderKey = { 0 };
  47. GUID g_SubLayerKey = { 0 };
  48. GUID g_ConnectRedirectCalloutKey = { 0 };
  49. GUID g_ConnectRedirectFilterKey = { 0 };
  50. GUID g_DatagramDataCalloutKey = { 0 };
  51. GUID g_DatagramDataFilterKey = { 0 };
  52.  
  53. DRIVER_INITIALIZE DriverEntry;
  54. DRIVER_UNLOAD DriverUnload;
  55.  
  56. void NTAPI DriverConnectRedirectClassify(
  57.     _In_ const FWPS_INCOMING_VALUES* inFixedValues,
  58.     _In_ const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
  59.     _Inout_opt_ void* layerData,
  60.     _In_opt_ const void* classifyContext,
  61.     _In_ const FWPS_FILTER* filter,
  62.     _In_ UINT64 flowContext,
  63.     _Inout_ FWPS_CLASSIFY_OUT* classifyOut
  64. );
  65.  
  66. void NTAPI DriverDatagramDataClassify(
  67.     _In_ const FWPS_INCOMING_VALUES* inFixedValues,
  68.     _In_ const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
  69.     _Inout_opt_ void* layerData,
  70.     _In_opt_ const void* classifyContext,
  71.     _In_ const FWPS_FILTER* filter,
  72.     _In_ UINT64 flowContext,
  73.     _Inout_ FWPS_CLASSIFY_OUT* classifyOut
  74. );
  75.  
  76. NTSTATUS NTAPI DriverNotify(
  77.     _In_ FWPS_CALLOUT_NOTIFY_TYPE notifyType,
  78.     _In_ const GUID* filterKey,
  79.     _Inout_ FWPS_FILTER* filter
  80. );
  81.  
  82. NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
  83. {
  84.     WPP_INIT_TRACING(DriverObject, RegistryPath);
  85.  
  86.     DoTraceMessage(Default, "DriverEntry() enter");
  87.  
  88.     DriverObject->DriverUnload = DriverUnload;
  89.  
  90.     ExUuidCreate(&g_SessionKey);
  91.     ExUuidCreate(&g_ProviderKey);
  92.     ExUuidCreate(&g_SubLayerKey);
  93.     ExUuidCreate(&g_ConnectRedirectCalloutKey);
  94.     ExUuidCreate(&g_DatagramDataCalloutKey);
  95.     ExUuidCreate(&g_ConnectRedirectFilterKey);
  96.     ExUuidCreate(&g_DatagramDataFilterKey);
  97.  
  98.     {
  99.         NTSTATUS Status = FwpsInjectionHandleCreate(AF_INET, FWPS_INJECTION_TYPE_TRANSPORT, &g_InjectionHandle);
  100.         if (!NT_SUCCESS(Status))
  101.         {
  102.             DoTraceMessage(Default, "FwpsInjectionHandleCreate() Status=%!STATUS!", Status);
  103.         }
  104.  
  105.         FWPS_CALLOUT Callout;
  106.         RtlZeroMemory(&Callout, sizeof(Callout));
  107.         Callout.calloutKey = g_ConnectRedirectCalloutKey;
  108.         Callout.classifyFn = DriverConnectRedirectClassify;
  109.         Callout.notifyFn = DriverNotify;
  110.         UINT32 CalloutId = 0;
  111.         Status = FwpsCalloutRegister(DriverObject, &Callout, &CalloutId);
  112.         if (!NT_SUCCESS(Status))
  113.         {
  114.             DoTraceMessage(Default, "FwpsCalloutRegister(ConnectRedirect) Status=%!STATUS!", Status);
  115.         }
  116.  
  117.         Callout.calloutKey = g_DatagramDataCalloutKey;
  118.         Callout.classifyFn = DriverDatagramDataClassify;
  119.         CalloutId = 0;
  120.         Status = FwpsCalloutRegister(DriverObject, &Callout, &CalloutId);
  121.         if (!NT_SUCCESS(Status))
  122.         {
  123.             DoTraceMessage(Default, "FwpsCalloutRegister(DatagramData) Status=%!STATUS!", Status);
  124.         }
  125.     }
  126.  
  127.     {
  128.         FWPM_SESSION Session;
  129.         RtlZeroMemory(&Session, sizeof(Session));
  130.         Session.sessionKey = g_SessionKey;
  131.         Session.displayData.name = L"WfpDnsRedirect Session";
  132.         Session.flags = FWPM_SESSION_FLAG_DYNAMIC;
  133.         NTSTATUS Status = FwpmEngineOpen(NULL, RPC_C_AUTHN_DEFAULT, NULL, &Session, &g_EngineHandle);
  134.         if (!NT_SUCCESS(Status))
  135.         {
  136.             DoTraceMessage(Default, "FwpmEngineOpen() Status=%!STATUS!", Status);
  137.         }
  138.  
  139.         Status = FwpmTransactionBegin(g_EngineHandle, 0);
  140.         if (!NT_SUCCESS(Status))
  141.         {
  142.             DoTraceMessage(Default, "FwpmTransactionBegin() Status=%!STATUS!", Status);
  143.         }
  144.  
  145.         FWPM_PROVIDER Provider;
  146.         RtlZeroMemory(&Provider, sizeof(Provider));
  147.         Provider.providerKey = g_ProviderKey;
  148.         Provider.displayData.name = L"WfpDnsRedirect Provider";
  149.         Status = FwpmProviderAdd(g_EngineHandle, &Provider, NULL);
  150.         if (!NT_SUCCESS(Status))
  151.         {
  152.             DoTraceMessage(Default, "FwpmProviderAdd() Status=%!STATUS!", Status);
  153.         }
  154.  
  155.         FWPM_SUBLAYER SubLayer;
  156.         RtlZeroMemory(&SubLayer, sizeof(SubLayer));
  157.         SubLayer.subLayerKey = g_SubLayerKey;
  158.         SubLayer.displayData.name = L"WfpDnsRedirect SubLayer";
  159.         SubLayer.providerKey = &g_ProviderKey;
  160.         SubLayer.weight = MAXUINT16;
  161.         Status = FwpmSubLayerAdd(g_EngineHandle, &SubLayer, NULL);
  162.         if (!NT_SUCCESS(Status))
  163.         {
  164.             DoTraceMessage(Default, "FwpmSubLayerAdd() Status=%!STATUS!", Status);
  165.         }
  166.  
  167.         FWPM_CALLOUT Callout;
  168.         RtlZeroMemory(&Callout, sizeof(Callout));
  169.         Callout.calloutKey = g_ConnectRedirectCalloutKey;
  170.         Callout.displayData.name = L"WfpDnsRedirect Connect Redirect Callout";
  171.         Callout.providerKey = &g_ProviderKey;
  172.         Callout.applicableLayer = FWPM_LAYER_ALE_CONNECT_REDIRECT_V4;
  173.         UINT32 CalloutId = 0;
  174.         Status = FwpmCalloutAdd(g_EngineHandle, &Callout, NULL, &CalloutId);
  175.         if (!NT_SUCCESS(Status))
  176.         {
  177.             DoTraceMessage(Default, "FwpmCalloutAdd(ConnectRedirect) Status=%!STATUS!", Status);
  178.         }
  179.  
  180.         Callout.calloutKey = g_DatagramDataCalloutKey;
  181.         Callout.displayData.name = L"WfpDnsRedirect Datagram Data Callout";
  182.         Callout.applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4;
  183.         CalloutId = 0;
  184.         Status = FwpmCalloutAdd(g_EngineHandle, &Callout, NULL, &CalloutId);
  185.         if (!NT_SUCCESS(Status))
  186.         {
  187.             DoTraceMessage(Default, "FwpmCalloutAdd(DatagramData) Status=%!STATUS!", Status);
  188.         }
  189.  
  190.         UINT64 FilterWeight = MAXUINT64;
  191.         FWPM_FILTER Filter;
  192.         RtlZeroMemory(&Filter, sizeof(Filter));
  193.         Filter.filterKey = g_ConnectRedirectFilterKey;
  194.         Filter.displayData.name = L"WfpDnsRedirect Connect Redirect Filter";
  195.         Filter.providerKey = &g_ProviderKey;
  196.         Filter.layerKey = FWPM_LAYER_ALE_CONNECT_REDIRECT_V4;
  197.         Filter.subLayerKey = g_SubLayerKey;
  198.         Filter.weight.type = FWP_UINT64;
  199.         Filter.weight.uint64 = &FilterWeight;
  200.         Filter.action.type = FWP_ACTION_CALLOUT_TERMINATING;
  201.         Filter.action.calloutKey = g_ConnectRedirectCalloutKey;
  202.         UINT64 FilterId = 0;
  203.         Status = FwpmFilterAdd(g_EngineHandle, &Filter, NULL, &FilterId);
  204.         if (!NT_SUCCESS(Status))
  205.         {
  206.             DoTraceMessage(Default, "FwpmFilterAdd(ConnectRedirect) Status=%!STATUS!", Status);
  207.         }
  208.  
  209.         Filter.filterKey = g_DatagramDataFilterKey;
  210.         Filter.displayData.name = L"WfpDnsRedirect Datagram Data Filter";
  211.         Filter.layerKey = FWPM_LAYER_DATAGRAM_DATA_V4;
  212.         Filter.action.calloutKey = g_DatagramDataCalloutKey;
  213.         FilterId = 0;
  214.         Status = FwpmFilterAdd(g_EngineHandle, &Filter, NULL, &FilterId);
  215.         if (!NT_SUCCESS(Status))
  216.         {
  217.             DoTraceMessage(Default, "FwpmFilterAdd(DatagramData) Status=%!STATUS!", Status);
  218.         }
  219.  
  220.         Status = FwpmTransactionCommit(g_EngineHandle);
  221.         if (!NT_SUCCESS(Status))
  222.         {
  223.             DoTraceMessage(Default, "FwpmTransactionCommit() Status=%!STATUS!", Status);
  224.         }
  225.     }
  226.  
  227.     DoTraceMessage(Default, "DriverEntry() exit");
  228.  
  229.     return STATUS_SUCCESS;
  230. }
  231.  
  232. VOID DriverUnload(PDRIVER_OBJECT DriverObject)
  233. {
  234.     DoTraceMessage(Default, "DriverUnload enter");
  235.  
  236.     {
  237.         NTSTATUS Status = FwpmTransactionBegin(g_EngineHandle, 0);
  238.         if (!NT_SUCCESS(Status))
  239.         {
  240.             DoTraceMessage(Default, "FwpmTransactionBegin() Status=%!STATUS!", Status);
  241.         }
  242.  
  243.         Status = FwpmFilterDeleteByKey(g_EngineHandle, &g_DatagramDataFilterKey);
  244.         if (!NT_SUCCESS(Status))
  245.         {
  246.             DoTraceMessage(Default, "FwpmFilterDeleteByKey(DatagramData) Status=%!STATUS!", Status);
  247.         }
  248.  
  249.         Status = FwpmFilterDeleteByKey(g_EngineHandle, &g_ConnectRedirectFilterKey);
  250.         if (!NT_SUCCESS(Status))
  251.         {
  252.             DoTraceMessage(Default, "FwpmFilterDeleteByKey(ConnectRedirect) Status=%!STATUS!", Status);
  253.         }
  254.  
  255.         Status = FwpmCalloutDeleteByKey(g_EngineHandle, &g_DatagramDataCalloutKey);
  256.         if (!NT_SUCCESS(Status))
  257.         {
  258.             DoTraceMessage(Default, "FwpmCalloutDeleteByKey(DatagramData) Status=%!STATUS!", Status);
  259.         }
  260.  
  261.         Status = FwpmCalloutDeleteByKey(g_EngineHandle, &g_ConnectRedirectCalloutKey);
  262.         if (!NT_SUCCESS(Status))
  263.         {
  264.             DoTraceMessage(Default, "FwpmCalloutDeleteByKey(ConnectRedirect) Status=%!STATUS!", Status);
  265.         }
  266.  
  267.         Status = FwpmSubLayerDeleteByKey(g_EngineHandle, &g_SubLayerKey);
  268.         if (!NT_SUCCESS(Status))
  269.         {
  270.             DoTraceMessage(Default, "FwpmSubLayerDeleteByKey() Status=%!STATUS!", Status);
  271.         }
  272.  
  273.         Status = FwpmProviderDeleteByKey(g_EngineHandle, &g_ProviderKey);
  274.         if (!NT_SUCCESS(Status))
  275.         {
  276.             DoTraceMessage(Default, "FwpmProviderDeleteByKey() Status=%!STATUS!", Status);
  277.         }
  278.  
  279.         Status = FwpmTransactionCommit(g_EngineHandle);
  280.         if (!NT_SUCCESS(Status))
  281.         {
  282.             DoTraceMessage(Default, "FwpmTransactionCommit() Status=%!STATUS!", Status);
  283.         }
  284.  
  285.         Status = FwpmEngineClose(g_EngineHandle);
  286.         g_EngineHandle = NULL;
  287.     }
  288.  
  289.     {
  290.         NTSTATUS Status = FwpsCalloutUnregisterByKey(&g_DatagramDataCalloutKey);
  291.         if (!NT_SUCCESS(Status))
  292.         {
  293.             DoTraceMessage(Default, "FwpsCalloutUnregisterByKey(DatagramData) Status=%!STATUS!", Status);
  294.         }
  295.  
  296.         Status = FwpsCalloutUnregisterByKey(&g_ConnectRedirectCalloutKey);
  297.         if (!NT_SUCCESS(Status))
  298.         {
  299.             DoTraceMessage(Default, "FwpsCalloutUnregisterByKey(ConnectRedirect) Status=%!STATUS!", Status);
  300.         }
  301.  
  302.         Status = FwpsInjectionHandleDestroy(g_InjectionHandle);
  303.         if (!NT_SUCCESS(Status))
  304.         {
  305.             DoTraceMessage(Default, "FwpsInjectionHandleDestroy() Status=%!STATUS!", Status);
  306.         }
  307.     }
  308.  
  309.     DoTraceMessage(Default, "DriverUnload exit");
  310.  
  311.     WPP_CLEANUP(DriverObject);
  312. }
  313.  
  314. NTSTATUS NTAPI DriverNotify(
  315.     _In_ FWPS_CALLOUT_NOTIFY_TYPE notifyType,
  316.     _In_ const GUID* filterKey,
  317.     _Inout_ FWPS_FILTER* filter
  318. )
  319. {
  320.     UNREFERENCED_PARAMETER(notifyType);
  321.     UNREFERENCED_PARAMETER(filterKey);
  322.     UNREFERENCED_PARAMETER(filter);
  323.  
  324.     return STATUS_SUCCESS;
  325. }
  326.  
  327. void NTAPI DriverConnectRedirectClassify(
  328.     _In_ const FWPS_INCOMING_VALUES* inFixedValues,
  329.     _In_ const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
  330.     _Inout_opt_ void* layerData,
  331.     _In_opt_ const void* classifyContext,
  332.     _In_ const FWPS_FILTER* filter,
  333.     _In_ UINT64 flowContext,
  334.     _Inout_ FWPS_CLASSIFY_OUT* classifyOut
  335. )
  336. {
  337.     UNREFERENCED_PARAMETER(inMetaValues);
  338.     UNREFERENCED_PARAMETER(layerData);
  339.     UNREFERENCED_PARAMETER(flowContext);
  340.  
  341.     UINT32 RemoteAddress = inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_ADDRESS].value.uint32;
  342.     UINT16 RemotePort = inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_PORT].value.uint16;
  343.  
  344.     classifyOut->actionType = FWP_ACTION_PERMIT;
  345.     classifyOut->rights |= FWPS_RIGHT_ACTION_WRITE;
  346.  
  347.     if ((RemotePort == DNS_PORT) && (RemoteAddress != DNS_HOST_REDIRECT))
  348.     {
  349.         UINT64 ClassifyHandle = 0;
  350.         NTSTATUS Status = FwpsAcquireClassifyHandle((void*)classifyContext, 0, &ClassifyHandle);
  351.         if (NT_SUCCESS(Status))
  352.         {
  353.             FWPS_CONNECT_REQUEST* ConnectRequest = NULL;
  354.             Status = FwpsAcquireWritableLayerDataPointer(ClassifyHandle, filter->filterId, 0, &ConnectRequest, classifyOut);
  355.             if (NT_SUCCESS(Status))
  356.             {
  357.                 DoTraceMessage(Default, "Redirect DNS request");
  358.  
  359.                 IN_ADDR RedirectAddress;
  360.                 RedirectAddress.s_addr = DNS_HOST_REDIRECT;
  361.                 INETADDR_SET_ADDRESS((SOCKADDR*)&ConnectRequest->remoteAddressAndPort, (const UCHAR*)&RedirectAddress);
  362.                 FwpsApplyModifiedLayerData(ClassifyHandle, ConnectRequest, 0);
  363.  
  364.                 classifyOut->actionType = FWP_ACTION_PERMIT;
  365.                 classifyOut->rights |= FWPS_RIGHT_ACTION_WRITE;
  366.             }
  367.             else
  368.             {
  369.                 DoTraceMessage(Default, "FwpsAcquireWritableLayerDataPointer() Status=%!STATUS!", Status);
  370.             }
  371.             FwpsReleaseClassifyHandle(ClassifyHandle);
  372.             ClassifyHandle = 0;
  373.         }
  374.         else
  375.         {
  376.             DoTraceMessage(Default, "FwpsAcquireClassifyHandle() Status=%!STATUS!", Status);
  377.         }
  378.     }
  379. }
  380.  
  381. void UpdateIpv4HeaderChecksum(PIPV4_HEADER IpHeader, UINT32 IpHeaderSize)
  382. {
  383.     UINT32 Checksum = 0;
  384.     UINT32 WordCount = IpHeaderSize / sizeof(UINT16);
  385.     UINT16* Header = (UINT16*)IpHeader;
  386.  
  387.     IpHeader->Checksum = 0;
  388.  
  389.     for (UINT8 WordIndex = 0; WordIndex < WordCount; WordIndex++)
  390.     {
  391.         Checksum += Header[WordIndex];
  392.     }
  393.  
  394.     Checksum = (Checksum & 0x0000ffff) + (Checksum >> 16);
  395.     Checksum += (Checksum >> 16);
  396.  
  397.     IpHeader->Checksum = (UINT16)~Checksum;
  398. }
  399.  
  400. void NTAPI DriverDatagramDataInjectComplete(
  401.     _In_ void* context,
  402.     _Inout_ NET_BUFFER_LIST* netBufferList,
  403.     _In_ BOOLEAN dispatchLevel
  404. )
  405. {
  406.     UNREFERENCED_PARAMETER(context);
  407.     UNREFERENCED_PARAMETER(dispatchLevel);
  408.  
  409.     if (!NT_SUCCESS(netBufferList->Status))
  410.     {
  411.         DoTraceMessage(Default, "DriverDatagramDataInjectComplete() Status=%!STATUS!", netBufferList->Status);
  412.     }
  413.  
  414.     FwpsFreeCloneNetBufferList(netBufferList, 0);
  415. }
  416.  
  417. void NTAPI DriverDatagramDataClassify(
  418.     _In_ const FWPS_INCOMING_VALUES* inFixedValues,
  419.     _In_ const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
  420.     _Inout_opt_ void* layerData,
  421.     _In_opt_ const void* classifyContext,
  422.     _In_ const FWPS_FILTER* filter,
  423.     _In_ UINT64 flowContext,
  424.     _Inout_ FWPS_CLASSIFY_OUT* classifyOut
  425. )
  426. {
  427.     UNREFERENCED_PARAMETER(layerData);
  428.     UNREFERENCED_PARAMETER(classifyContext);
  429.     UNREFERENCED_PARAMETER(filter);
  430.     UNREFERENCED_PARAMETER(flowContext);
  431.  
  432.     UINT32 RemoteAddress = inFixedValues->incomingValue[FWPS_FIELD_DATAGRAM_DATA_V4_IP_REMOTE_ADDRESS].value.uint32;
  433.     UINT16 RemotePort = inFixedValues->incomingValue[FWPS_FIELD_DATAGRAM_DATA_V4_IP_REMOTE_PORT].value.uint16;
  434.     IF_INDEX InterfaceIndex = inFixedValues->incomingValue[FWPS_FIELD_DATAGRAM_DATA_V4_INTERFACE_INDEX].value.uint32;
  435.     IF_INDEX SubInterfaceIndex = inFixedValues->incomingValue[FWPS_FIELD_DATAGRAM_DATA_V4_SUB_INTERFACE_INDEX].value.uint32;
  436.     FWP_DIRECTION Direction = inFixedValues->incomingValue[FWPS_FIELD_DATAGRAM_DATA_V4_DIRECTION].value.uint32;
  437.  
  438.     FWPS_PACKET_INJECTION_STATE PacketInjectionState = FwpsQueryPacketInjectionState(g_InjectionHandle, layerData, NULL);
  439.  
  440.     classifyOut->actionType = FWP_ACTION_PERMIT;
  441.     classifyOut->rights |= FWPS_RIGHT_ACTION_WRITE;
  442.  
  443.     if ((Direction == FWP_DIRECTION_INBOUND) && (PacketInjectionState == FWPS_PACKET_NOT_INJECTED) && (RemotePort == DNS_PORT) && (RemoteAddress == DNS_HOST_REDIRECT))
  444.     {
  445.         UINT32 IpHeaderSize = inMetaValues->ipHeaderSize;
  446.         UINT32 TransportHeaderSize = inMetaValues->transportHeaderSize;
  447.  
  448.         PNET_BUFFER NetBuffer = NET_BUFFER_LIST_FIRST_NB((PNET_BUFFER_LIST)layerData);
  449.         NdisRetreatNetBufferDataStart(NetBuffer, IpHeaderSize + TransportHeaderSize, 0, NULL);
  450.  
  451.         PNET_BUFFER_LIST NetBufferList = NULL;
  452.         NTSTATUS Status = FwpsAllocateCloneNetBufferList(layerData, NULL, NULL, 0, &NetBufferList);
  453.         if (!NT_SUCCESS(Status))
  454.         {
  455.             DoTraceMessage(Default, "FwpsAllocateCloneNetBufferList() Status=%!STATUS!", Status);
  456.         }
  457.  
  458.         NdisAdvanceNetBufferDataStart(NetBuffer, IpHeaderSize + TransportHeaderSize, FALSE, NULL);
  459.  
  460.         if (!NetBufferList)
  461.         {
  462.             return;
  463.         }
  464.  
  465.         DoTraceMessage(Default, "Modify DNS response");
  466.  
  467.         NetBuffer = NET_BUFFER_LIST_FIRST_NB(NetBufferList);
  468.  
  469.         PIPV4_HEADER IpHeader = NdisGetDataBuffer(NetBuffer, sizeof(IPV4_HEADER), NULL, 1, 0);
  470.         IpHeader->SourceAddress = DNS_HOST_ORIGINAL;
  471.         UpdateIpv4HeaderChecksum(IpHeader, sizeof(IPV4_HEADER));
  472.  
  473.         Status = FwpsInjectTransportReceiveAsync(g_InjectionHandle, NULL, NULL, 0, AF_INET, inMetaValues->compartmentId, InterfaceIndex, SubInterfaceIndex, NetBufferList, DriverDatagramDataInjectComplete, NULL);
  474.         if (!NT_SUCCESS(Status))
  475.         {
  476.             DoTraceMessage(Default, "FwpsInjectTransportReceiveAsync() Status=%!STATUS!", Status);
  477.             FwpsFreeCloneNetBufferList(NetBufferList, 0);
  478.         }
  479.  
  480.         classifyOut->actionType = FWP_ACTION_BLOCK;
  481.         classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
  482.         classifyOut->flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB;
  483.     }
  484. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!