Solved

ELITES ONLY ;)

Posted on 2000-04-05
17
214 Views
Last Modified: 2010-04-02
A Hi to all C++ dudez !

 We need a function that blocks either IP Addresses or Ports on a 32 bit
 winsock, 2.0 to include in our C++ proggyz .

 We need it to block Port 12345 (NETBUS), from Incoming Connection or Outgoing
 Connections.
 We also want to block some IP Addresses ( both in and out ).
 we know this function is little bit complex, similar to firewalls, but
 we don't want to Advance to NetBIOS or ARP Packets, all we need is blocking
 TCP IP, and a TCP Port.

 o We use Visual C++ 6.0 Enterprise Edition.
 o We dont want any urlz,dox,activez,dllz,libz,discouragez,or 'i dont know'z .

 If you are "3xtR3/\/\3 C++ 3l!t3", you should beable to write that function.

 Thanks for helping us in this.
 X.25 Tech.
0
Comment
Question by:x25
  • 5
  • 5
  • 4
  • +2
17 Comments
 
LVL 4

Accepted Solution

by:
nils pipenbrinck earned 1260 total points
ID: 2689245
just a question.

would it be ok to use a wrapper winsock dll which doesn't allow any program to access the port 12345? If so I could help.

the wrapper winsock would work this way:

make a copy of the original winsock dll and rename it into  winsock_unsecure.dll (or something like that). Then you write yourself a winsock dll which just passes the calls to the copy. It would be just a matter of minutes to add some code that detects accesses to port 12345 and sends them into nirvana instead to the original winsock dll.

This won't help you from other machines to access this port, however, no comminication would be possible since all trys to accept connections from this port will fail.

That's just an idea.. I did someting like that with a couple of kernel functions two month ago.. it took me an hour to build a faked dll... I needed some weired tools to do so, but after all it worked. I don't have a deep knowlage of firewalls and socket programming, but i understand enough that this approach would make each communication impossible.

the main problem i see is, that if the software updates the winsock dll to a newer version the protection will fail.

Tell me if this would do the job.. if so I can help you further.

   Nils
0
 

Author Comment

by:x25
ID: 2689449
nils, it seems like it will do the job ..

 Thanks !
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2689709
really?

cool... I'll try to explain the steps this night. I'm at the office now.

NIls
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2690768
You do realise that this'll prevent ALL applications on that PC from communicating on the filtered port & IP addresses?
0
 
LVL 9

Expert Comment

by:ShaunWilde
ID: 2690851
you could set it up so the new - fake winsock.dll could tell in which process it was running and then create an exception list probably based on the calling processes name
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2690882
If the filtering is just for the one program (and you have access to the code):
1. Create a wrapper DLL for the winsock DLL, as nils pipenbrinck suggested: but don't name it winsock.dll. e.g. name it ws_wrap.dll
2. Link your app to ws_wrap.lib instead of winsock.lib.

Now you app (and only your app) links to ws_wrap.dll which in turn forwards the calls to winsock.dll (with appropriate filtering).
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2693747
jep.

there are a lot of funky ways to fool windows with dll loading.

if you only want to filter one program you can name your new dll ws32_blah.dll and change the export table name in the executable with a hex editor.

Hopefully I'll find the time to write the steps to create such a dll tonight. It's difficult because the dll's have to look _exactly_ like the original (say.. same export names, ordinals and resource tables..)

I'm at the office right now, and I'm fighting with compiler bugs..

  Nils




0
 

Author Comment

by:x25
ID: 2696530

 writing a dll with the same function names and ordinals isn't a problem for me ( i have found them using Depenency Walker ) but i need to know each function's result type and the variables betwen the () in each function.

 i made guesses for a number of them, but still a lot which i don't know.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2697586
they are all defined in the headerfiles.

or you can take a look at the win32 api help.

btw. the calling convention for the dll function is always stdcall. it's important, that you export your function this way.

I don't think that I'll find the time to help you. further. This weekend is really crazy.

Nils
0
 

Author Comment

by:x25
ID: 2703741

 you want 1260 pts ?
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2703797
Even easier: get the SDK header for WinSock, copy & rename it and include it in your project.

Then just create the appropriate function bodies, using the headers as a guide.
0
 

Expert Comment

by:koniant
ID: 2707170
The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

If you want to block incoming connections to a port, just open the port and don't let go. As for blocking out going - you need to take apart winsock.dll and have it filter the no-connect addresses. The port that is being connected to is of no consequence to anything - the connection can go out on any port. Now, if you're building a sock server, just go get the RFC and build your own with the blocking features you want.

Also, I believe arp may help you out if you poke around with it.
0
 
LVL 9

Expert Comment

by:ShaunWilde
ID: 2707246
That is not an answer !
0
 
LVL 4

Expert Comment

by:abancroft
ID: 2707981
>>The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

So x25 should tell his customers that he can't implement their requirements on Win9x or NT and that they should switch to Unix? I'm sure that'll improve the customers confidence & increase sales.....NOT!

>>you need to take apart winsock.dll and have it filter the no-connect addresses.

Restating the question is not an answer.
0
 

Author Comment

by:x25
ID: 2711419
im not intersted in Unix-like oprating systems ..

 1260 Points Goes To Nils Pippen Brinck.
0
 

Author Comment

by:x25
ID: 2711435
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
ID: 2711660
wouah..

hey x25.. that really surprises me.. I never thought you would accept my offer as an anwer. Even If I couldn't help you any more since I had to much work to do here.

Anyways.. thanks a lot..  Tell me if you run into problems..

Nils
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now