Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ELITES ONLY ;)

Posted on 2000-04-05
17
Medium Priority
?
224 Views
Last Modified: 2010-04-02
A Hi to all C++ dudez !

 We need a function that blocks either IP Addresses or Ports on a 32 bit
 winsock, 2.0 to include in our C++ proggyz .

 We need it to block Port 12345 (NETBUS), from Incoming Connection or Outgoing
 Connections.
 We also want to block some IP Addresses ( both in and out ).
 we know this function is little bit complex, similar to firewalls, but
 we don't want to Advance to NetBIOS or ARP Packets, all we need is blocking
 TCP IP, and a TCP Port.

 o We use Visual C++ 6.0 Enterprise Edition.
 o We dont want any urlz,dox,activez,dllz,libz,discouragez,or 'i dont know'z .

 If you are "3xtR3/\/\3 C++ 3l!t3", you should beable to write that function.

 Thanks for helping us in this.
 X.25 Tech.
0
Comment
Question by:x25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
  • +2
17 Comments
 
LVL 4

Accepted Solution

by:
nils pipenbrinck earned 5040 total points
ID: 2689245
just a question.

would it be ok to use a wrapper winsock dll which doesn't allow any program to access the port 12345? If so I could help.

the wrapper winsock would work this way:

make a copy of the original winsock dll and rename it into  winsock_unsecure.dll (or something like that). Then you write yourself a winsock dll which just passes the calls to the copy. It would be just a matter of minutes to add some code that detects accesses to port 12345 and sends them into nirvana instead to the original winsock dll.

This won't help you from other machines to access this port, however, no comminication would be possible since all trys to accept connections from this port will fail.

That's just an idea.. I did someting like that with a couple of kernel functions two month ago.. it took me an hour to build a faked dll... I needed some weired tools to do so, but after all it worked. I don't have a deep knowlage of firewalls and socket programming, but i understand enough that this approach would make each communication impossible.

the main problem i see is, that if the software updates the winsock dll to a newer version the protection will fail.

Tell me if this would do the job.. if so I can help you further.

   Nils
0
 

Author Comment

by:x25
ID: 2689449
nils, it seems like it will do the job ..

 Thanks !
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2689709
really?

cool... I'll try to explain the steps this night. I'm at the office now.

NIls
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:abancroft
ID: 2690768
You do realise that this'll prevent ALL applications on that PC from communicating on the filtered port & IP addresses?
0
 
LVL 9

Expert Comment

by:ShaunWilde
ID: 2690851
you could set it up so the new - fake winsock.dll could tell in which process it was running and then create an exception list probably based on the calling processes name
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2690882
If the filtering is just for the one program (and you have access to the code):
1. Create a wrapper DLL for the winsock DLL, as nils pipenbrinck suggested: but don't name it winsock.dll. e.g. name it ws_wrap.dll
2. Link your app to ws_wrap.lib instead of winsock.lib.

Now you app (and only your app) links to ws_wrap.dll which in turn forwards the calls to winsock.dll (with appropriate filtering).
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2693747
jep.

there are a lot of funky ways to fool windows with dll loading.

if you only want to filter one program you can name your new dll ws32_blah.dll and change the export table name in the executable with a hex editor.

Hopefully I'll find the time to write the steps to create such a dll tonight. It's difficult because the dll's have to look _exactly_ like the original (say.. same export names, ordinals and resource tables..)

I'm at the office right now, and I'm fighting with compiler bugs..

  Nils




0
 

Author Comment

by:x25
ID: 2696530

 writing a dll with the same function names and ordinals isn't a problem for me ( i have found them using Depenency Walker ) but i need to know each function's result type and the variables betwen the () in each function.

 i made guesses for a number of them, but still a lot which i don't know.
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2697586
they are all defined in the headerfiles.

or you can take a look at the win32 api help.

btw. the calling convention for the dll function is always stdcall. it's important, that you export your function this way.

I don't think that I'll find the time to help you. further. This weekend is really crazy.

Nils
0
 

Author Comment

by:x25
ID: 2703741

 you want 1260 pts ?
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2703797
Even easier: get the SDK header for WinSock, copy & rename it and include it in your project.

Then just create the appropriate function bodies, using the headers as a guide.
0
 

Expert Comment

by:koniant
ID: 2707170
The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

If you want to block incoming connections to a port, just open the port and don't let go. As for blocking out going - you need to take apart winsock.dll and have it filter the no-connect addresses. The port that is being connected to is of no consequence to anything - the connection can go out on any port. Now, if you're building a sock server, just go get the RFC and build your own with the blocking features you want.

Also, I believe arp may help you out if you poke around with it.
0
 
LVL 9

Expert Comment

by:ShaunWilde
ID: 2707246
That is not an answer !
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2707981
>>The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

So x25 should tell his customers that he can't implement their requirements on Win9x or NT and that they should switch to Unix? I'm sure that'll improve the customers confidence & increase sales.....NOT!

>>you need to take apart winsock.dll and have it filter the no-connect addresses.

Restating the question is not an answer.
0
 

Author Comment

by:x25
ID: 2711419
im not intersted in Unix-like oprating systems ..

 1260 Points Goes To Nils Pippen Brinck.
0
 

Author Comment

by:x25
ID: 2711435
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2711660
wouah..

hey x25.. that really surprises me.. I never thought you would accept my offer as an anwer. Even If I couldn't help you any more since I had to much work to do here.

Anyways.. thanks a lot..  Tell me if you run into problems..

Nils
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question