【作者】 高泽胜；

【导师】 陶宏才；

【作者基本信息】 西南交通大学 ， 计算机应用技术， 2004， 硕士

【摘要】 随着Internet的飞速发展，越来越多的个人计算机接入到互联网中。但是，人们在充分享受网络所带来方便的同时，网络安全事件也在不断增加。在当前个人网络安全产品中，个人防火墙是一个非常重要的网络安全产品。本文在比较了当前几种流行的个人防火墙技术后，提出了一种新的实现方法，即NDIS-HOOK与SPI相结合，并利用该技术在Windows下设计了一个基于NDIS-HOOK与SPI的个人防火墙。 Windows使用NDIS函数库实现NDIS接口，所有的网络通信最终必须通过NDIS完成。NDIS-HOOK的工作原理是直接替换NDIS函数库中的函数地址，这样，向NDIS的请求就会先经过自定义函数处理，处理完后再转发给系统函数，因此，利用NDIS-HOOK可以实现底层的数据包捕获。SPI是利用Winsock 2服务提供者接口实现个人防火墙，SPI是新的Windows套接字所引入的一种新的编程接口，利用这种技术可以方便地捕获应用层的数据包。本文利用NDIS-HOOK与SPI相结合，在应用层利用SPI进行封包来过滤各种应用程序，而在核心层利用NDIS-HOOK来过滤各种非Socket通信的数据包。 本文首先讲述了网络安全和个人防火墙知识，并讨论了个人防火墙技术及发展；继而比较了几种现实个人防火墙的技术，并提出了自己的技术选择；接着阐述了本防火墙的总体结构及功能。另外，本文还对核心公用模块、控管规则文件、日志文件进行了设计，对今后的工作做出了进一步的展望。更多还原

【Abstract】 With the rapid development of Internet, more and more personal computers have been connected to Internet. But while people enjoy the convenience brought by Internet, problems of network security are increasing. In the current personal network security products, personal firewall is a very important network security one. Compared with the popular personal firewall technologies, a new method which is based on NDIS-HOOK and SPI is suggested. Using this method, the author has designed a personal firewall based on NDIS-HOOK and SPI on Windows platform.Windows uses NDIS function library to realize the NDIS interface, thus, all network communication must use NDIS. The work principle of NDIS-HOOK is that by means of replacing directly the address of function in NDIS database, the request for NDIS would be first passed to the user-defined function, then transmitted to the system function. Using NDIS-HOOK, the lower-layer data packets can be captured. SPI uses Winsock Service Provider Interface to realize the personal firewall, which is a new programming interface offered by the Windows Socket 2.0. Using this method, the data packets of application layer can be captured. This thesis combines the NDIS-HOOK with SPI. In application layer, the system uses SPI to filter all kinds of application program. In kernel layer, the system uses NDIS-HOOK to filter all kinds of non-socket data packets.First, the knowledge of network security and personal firewall are introduced in the thesis, and development of personal firewall technologies is discussed. Then the technologies of personal firewall are compared, and the method used in this thesis is chosen. Thirdly, the whole structure and function are expatiated. At last, the kernel common module, file of control rule and log file are designed, and the next-step work of system is viewed.更多还原