flat assembler
Message board for the users of flat assembler.

Index > Windows > Packet filter?

Author
Thread Post new topic Reply to topic
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 21 Dec 2008, 09:15
Sorry if this is a noob question, but could somebody please tell me how to set up a basic, low level packet filter?

Nothing fancy

I'm just looking for something like, a win32 function I call and the argument I give it is the address in my code and then when a packet is being sent in or out, the packet is sent here, along with it's length and whether it's going in or out, and then another function I call to let it go through or not? Or better yet just one to manually send it myself so it can be modified if necessary?

In short: I don't need to OS to handle any of the complicated high level stuff. I want to just want to completely do that all in my own program.


If anyone knows what functions I need for this low level functionality please tell me because I can't find it anywhere. Confused



P.S. sorry if this is a really easy (and/or poorly worded) question, I'm rather new to fasm and the win32 API.. Embarassed


edit:
LOL I searched for my oldest post (out of curiosity) and the first sentence had a typo. Fixed! Razz

_________________


Last edited by Azu on 29 Nov 2009, 21:55; edited 1 time in total
Post 21 Dec 2008, 09:15
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 21 Dec 2008, 09:18
You need to either write your own driver or install an existing driver. Do a search for "pcap". I think it does what you need.
Post 21 Dec 2008, 09:18
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 21 Dec 2008, 09:23
Thanks, I'll take a look at it. Just to make sure we're on the same page first though, this will let me choose whether or not the packets are allowed through (not just look at them) right?
Post 21 Dec 2008, 09:23
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 21 Dec 2008, 09:25
Oh, for that I am not sure about.
Post 21 Dec 2008, 09:25
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 21 Dec 2008, 09:28
If pcap is not suitable, then another option is to use a local socks proxy. With a proxy you can have complete control over what is sent and received. But it requires you to set each app with the proxy settings and not all apps can support using a socks interface.
Post 21 Dec 2008, 09:28
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 21 Dec 2008, 09:30
It sounds like it wouldn't be low level enough to prevent programs from getting around it if they really want to.. and I don't think that will be able to stop other types of traffic like ICMP..

I'm sure there's a way though, because that's how all firewalls work right?
Or did I just read your post wrong? Confused


I just want to route all data that is going to be sent in through or out of the ethernet port to be routed through this and have it decide whether or not to allow it through


Last edited by Azu on 21 Dec 2008, 09:33; edited 1 time in total
Post 21 Dec 2008, 09:30
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 21 Dec 2008, 09:33
Okay, if you are requiring it in such a way that programs are not aware what is happening then you definitely need to be at the driver level. Perhaps there is an open-source firewall that has a driver in it you can examine.
Post 21 Dec 2008, 09:33
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 21 Dec 2008, 09:36
Okay thanks Smile I'll keep looking
Post 21 Dec 2008, 09:36
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.