Solved

ELITES ONLY ;)

Posted on 2000-04-05
17
210 Views
Last Modified: 2010-04-02
A Hi to all C++ dudez !

 We need a function that blocks either IP Addresses or Ports on a 32 bit
 winsock, 2.0 to include in our C++ proggyz .

 We need it to block Port 12345 (NETBUS), from Incoming Connection or Outgoing
 Connections.
 We also want to block some IP Addresses ( both in and out ).
 we know this function is little bit complex, similar to firewalls, but
 we don't want to Advance to NetBIOS or ARP Packets, all we need is blocking
 TCP IP, and a TCP Port.

 o We use Visual C++ 6.0 Enterprise Edition.
 o We dont want any urlz,dox,activez,dllz,libz,discouragez,or 'i dont know'z .

 If you are "3xtR3/\/\3 C++ 3l!t3", you should beable to write that function.

 Thanks for helping us in this.
 X.25 Tech.
0
Comment
Question by:x25
  • 5
  • 5
  • 4
  • +2
17 Comments
 
LVL 4

Accepted Solution

by:
nils pipenbrinck earned 1260 total points
Comment Utility
just a question.

would it be ok to use a wrapper winsock dll which doesn't allow any program to access the port 12345? If so I could help.

the wrapper winsock would work this way:

make a copy of the original winsock dll and rename it into  winsock_unsecure.dll (or something like that). Then you write yourself a winsock dll which just passes the calls to the copy. It would be just a matter of minutes to add some code that detects accesses to port 12345 and sends them into nirvana instead to the original winsock dll.

This won't help you from other machines to access this port, however, no comminication would be possible since all trys to accept connections from this port will fail.

That's just an idea.. I did someting like that with a couple of kernel functions two month ago.. it took me an hour to build a faked dll... I needed some weired tools to do so, but after all it worked. I don't have a deep knowlage of firewalls and socket programming, but i understand enough that this approach would make each communication impossible.

the main problem i see is, that if the software updates the winsock dll to a newer version the protection will fail.

Tell me if this would do the job.. if so I can help you further.

   Nils
0
 

Author Comment

by:x25
Comment Utility
nils, it seems like it will do the job ..

 Thanks !
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
Comment Utility
really?

cool... I'll try to explain the steps this night. I'm at the office now.

NIls
0
 
LVL 4

Expert Comment

by:abancroft
Comment Utility
You do realise that this'll prevent ALL applications on that PC from communicating on the filtered port & IP addresses?
0
 
LVL 9

Expert Comment

by:ShaunWilde
Comment Utility
you could set it up so the new - fake winsock.dll could tell in which process it was running and then create an exception list probably based on the calling processes name
0
 
LVL 4

Expert Comment

by:abancroft
Comment Utility
If the filtering is just for the one program (and you have access to the code):
1. Create a wrapper DLL for the winsock DLL, as nils pipenbrinck suggested: but don't name it winsock.dll. e.g. name it ws_wrap.dll
2. Link your app to ws_wrap.lib instead of winsock.lib.

Now you app (and only your app) links to ws_wrap.dll which in turn forwards the calls to winsock.dll (with appropriate filtering).
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
Comment Utility
jep.

there are a lot of funky ways to fool windows with dll loading.

if you only want to filter one program you can name your new dll ws32_blah.dll and change the export table name in the executable with a hex editor.

Hopefully I'll find the time to write the steps to create such a dll tonight. It's difficult because the dll's have to look _exactly_ like the original (say.. same export names, ordinals and resource tables..)

I'm at the office right now, and I'm fighting with compiler bugs..

  Nils




0
 

Author Comment

by:x25
Comment Utility

 writing a dll with the same function names and ordinals isn't a problem for me ( i have found them using Depenency Walker ) but i need to know each function's result type and the variables betwen the () in each function.

 i made guesses for a number of them, but still a lot which i don't know.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 4

Expert Comment

by:nils pipenbrinck
Comment Utility
they are all defined in the headerfiles.

or you can take a look at the win32 api help.

btw. the calling convention for the dll function is always stdcall. it's important, that you export your function this way.

I don't think that I'll find the time to help you. further. This weekend is really crazy.

Nils
0
 

Author Comment

by:x25
Comment Utility

 you want 1260 pts ?
0
 
LVL 4

Expert Comment

by:abancroft
Comment Utility
Even easier: get the SDK header for WinSock, copy & rename it and include it in your project.

Then just create the appropriate function bodies, using the headers as a guide.
0
 

Expert Comment

by:koniant
Comment Utility
The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

If you want to block incoming connections to a port, just open the port and don't let go. As for blocking out going - you need to take apart winsock.dll and have it filter the no-connect addresses. The port that is being connected to is of no consequence to anything - the connection can go out on any port. Now, if you're building a sock server, just go get the RFC and build your own with the blocking features you want.

Also, I believe arp may help you out if you poke around with it.
0
 
LVL 9

Expert Comment

by:ShaunWilde
Comment Utility
That is not an answer !
0
 
LVL 4

Expert Comment

by:abancroft
Comment Utility
>>The easiest way to do all of that is to run a real operating system, like anything based on Unix or Unix-like.

So x25 should tell his customers that he can't implement their requirements on Win9x or NT and that they should switch to Unix? I'm sure that'll improve the customers confidence & increase sales.....NOT!

>>you need to take apart winsock.dll and have it filter the no-connect addresses.

Restating the question is not an answer.
0
 

Author Comment

by:x25
Comment Utility
im not intersted in Unix-like oprating systems ..

 1260 Points Goes To Nils Pippen Brinck.
0
 

Author Comment

by:x25
Comment Utility
0
 
LVL 4

Expert Comment

by:nils pipenbrinck
Comment Utility
wouah..

hey x25.. that really surprises me.. I never thought you would accept my offer as an anwer. Even If I couldn't help you any more since I had to much work to do here.

Anyways.. thanks a lot..  Tell me if you run into problems..

Nils
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

When writing generic code, using template meta-programming techniques, it is sometimes useful to know if a type is convertible to another type. A good example of when this might be is if you are writing diagnostic instrumentation for code to generat…
In days of old, returning something by value from a function in C++ was necessarily avoided because it would, invariably, involve one or even two copies of the object being created and potentially costly calls to a copy-constructor and destructor. A…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now