Solved

ELITES ONLY ;)

Posted on 2000-04-05
17
220 Views
Last Modified: 2010-04-02
A Hi to all C++ dudez !

 We need a function that blocks either IP Addresses or Ports on a 32 bit
 winsock, 2.0 to include in our C++ proggyz .

 We need it to block Port 12345 (NETBUS), from Incoming Connection or Outgoing
 Connections.
 We also want to block some IP Addresses ( both in and out ).
 we know this function is little bit complex, similar to firewalls, but
 we don't want to Advance to NetBIOS or ARP Packets, all we need is blocking
 TCP IP, and a TCP Port.

 o We use Visual C++ 6.0 Enterprise Edition.
 o We dont want any urlz,dox,activez,dllz,libz,discouragez,or 'i dont know'z .

 If you are "3xtR3/\/\3 C++ 3l!t3", you should beable to write that function.

 Thanks for helping us in this.
 X.25 Tech.
0
Comment
Question by:x25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
  • +2
17 Comments
 
LVL 4

Accepted Solution

by:
nils pipenbrinck earned 1260 total points
ID: 2689245
just a question.

would it be ok to use a wrapper winsock dll which doesn't allow any program to access the port 12345? If so I could help.

the wrapper winsock would work this way:

make a copy of the original winsock dll and rename it into  winsock_unsecure.dll (or something like that). Then you write yourself a winsock dll which just passes the calls to the copy. It would be just a matter of minutes to add some code that detects accesses to port 12345 and sends them into nirvana instead to the original winsock dll.

This won't help you from other machines to access this port, however, no comminication would be possible since all trys to accept connections from this port will fail.

That's just an idea.. I did someting like that with a couple of kernel functions two month ago.. it took me an hour to build a faked dll... I needed some weired tools to do so, but after all it worked. I don't have a deep knowlage of firewalls and socket programming, but i understand enough that this approach would make each communication impossible.

the main problem i see is, that if the software updates the winsock dll to a newer version the protection will fail.

Tell me if this would do the job.. if so I can help you further.

   Nils
0
 

Author Comment

by:x25
ID: 2689449
nils, it seems like it will do the job ..

 Thanks !
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2689709
really?

cool... I'll try to explain the steps this night. I'm at the office now.

NIls
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:abancroft
ID: 2690768
You do realise that this'll prevent ALL applications on that PC from communicating on the filtered port & IP addresses?
0
 
LVL 9

Expert Comment

by:ShaunWilde
ID: 2690851
you could set it up so the new - fake winsock.dll could tell in which process it was running and then create an exception list probably based on the calling processes name
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2690882
If the filtering is just for the one program (and you have access to the code):
1. Create a wrapper DLL for the winsock DLL, as nils pipenbrinck suggested: but don't name it winsock.dll. e.g. name it ws_wrap.dll
2. Link your app to ws_wrap.lib instead of winsock.lib.

Now you app (and only your app) links to ws_wrap.dll which in turn forwards the calls to winsock.dll (with appropriate filtering).
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2693747
jep.

there are a lot of funky ways to fool windows with dll loading.

if you only want to filter one program you can name your new dll ws32_blah.dll and change the export table name in the executable with a hex editor.

Hopefully I'll find the time to write the steps to create such a dll tonight. It's difficult because the dll's have to look _exactly_ like the original (say.. same export names, ordinals and resource tables..)

I'm at the office right now, and I'm fighting with compiler bugs..

  Nils




0
 

Author Comment

by:x25
ID: 2696530

 writing a dll with the same function names and ordinals isn't a problem for me ( i have found them using Depenency Walker ) but i need to know each function's result type and the variables betwen the () in each function.

 i made guesses for a number of them, but still a lot which i don't know.
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2697586
they are all defined in the headerfiles.

or you can take a look at the win32 api help.

btw. the calling convention for the dll function is always stdcall. it's important, that you export your function this way.

I don't think that I'll find the time to help you. further. This weekend is really crazy.

Nils
0
 

Author Comment

by:x25
ID: 2703741

 you want 1260 pts ?
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2703797
Even easier: get the SDK header for WinSock, copy & rename it and include it in your project.

Then just create the appropriate function bodies, using the headers as a guide.
0
 

Expert Comment

by:koniant
ID: 2707170
The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

If you want to block incoming connections to a port, just open the port and don't let go. As for blocking out going - you need to take apart winsock.dll and have it filter the no-connect addresses. The port that is being connected to is of no consequence to anything - the connection can go out on any port. Now, if you're building a sock server, just go get the RFC and build your own with the blocking features you want.

Also, I believe arp may help you out if you poke around with it.
0
 
LVL 9

Expert Comment

by:ShaunWilde
ID: 2707246
That is not an answer !
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2707981
>>The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

So x25 should tell his customers that he can't implement their requirements on Win9x or NT and that they should switch to Unix? I'm sure that'll improve the customers confidence & increase sales.....NOT!

>>you need to take apart winsock.dll and have it filter the no-connect addresses.

Restating the question is not an answer.
0
 

Author Comment

by:x25
ID: 2711419
im not intersted in Unix-like oprating systems ..

 1260 Points Goes To Nils Pippen Brinck.
0
 

Author Comment

by:x25
ID: 2711435
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2711660
wouah..

hey x25.. that really surprises me.. I never thought you would accept my offer as an anwer. Even If I couldn't help you any more since I had to much work to do here.

Anyways.. thanks a lot..  Tell me if you run into problems..

Nils
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question