èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽä¸é—´å±‚é©±åŠ¨ç¨‹åºçš„æ•°æ®åŒ…æ‹¦æˆªæŠ€æœ¯ç ”ç©¶ä¸Žå®žçŽ°

Research and Realization of Network Packets Capture by Using Intermediate Drivers

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æŽçŽŽï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ å“ˆå°”æ»¨å·¥ç¨‹å¤§å¦ ï¼Œ æŽ§åˆ¶ç†è®ºä¸ŽæŽ§åˆ¶å·¥ç¨‹ï¼Œ 2006ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€è®¡ç®—æœºåº”ç”¨çš„æ™®åŠï¼Œç½‘ç»œå®‰å…¨é—®é¢˜è¶Šæ¥è¶Šå¼•èµ·äººä»¬çš„é‡è§†ã€‚åœ¨ä½œæˆ˜æŒ‡æŒ¥æŽ§åˆ¶ç³»ç»Ÿä¸ï¼Œå®‰å…¨é—®é¢˜æ˜¾å¾—å°¤ä¸ºé‡è¦ã€‚æé«˜ç½‘ç»œå®‰å…¨æ€§çš„æ–¹æ³•æœ‰å¾ˆå¤šï¼Œæœ¬æ–‡ç»“åˆè¯¾é¢˜ï¼Œå¯¹åŸºäºŽä¸é—´å±‚é©±åŠ¨ç¨‹åºçš„æ•°æ®åŒ…æ‹¦æˆªæŠ€æœ¯è¿›è¡Œäº†ç ”ç©¶ã€‚ æœ¬æ–‡é¦–å…ˆåˆ†æžäº†Windowsçš„ç½‘ç»œä½“ç³»ç»“æž„ï¼Œæ¯”è¾ƒäº†åœ¨ä¸åŒå±‚æ¬¡ä¸Šè¿›è¡Œæ•°æ®åŒ…æ‹¦æˆªçš„å„ç§æ–¹æ³•ï¼Œç¡®å®šå‡ºé‡‡ç”¨ä¸é—´å±‚é©±åŠ¨ç¨‹åºçš„æ–¹æ³•è¿›è¡Œæ•°æ®åŒ…æ‹¦æˆªã€‚éšåŽå¯¹ä¸é—´å±‚é©±åŠ¨ç¨‹åºè¿›è¡Œäº†ä»‹ç»ï¼Œè¯´æ˜Žäº†è¿›è¡Œé©±åŠ¨ç¨‹åºç¼–ç¨‹çš„è¦ç‚¹ã€‚ æœ¬æ–‡è¿›è¡Œäº†ä¸é—´å±‚é©±åŠ¨ç¨‹åºçš„åˆå§‹åŒ–ä¸ŽåŠ¨æ€ç»‘å®šæ“ä½œã€‚åœ¨DriverEntryå‡½æ•°ä¸æ³¨å†Œäº†ProtocolXxxæŽ¥å£å’ŒMiniportXxxæŽ¥å£ï¼Œåœ¨ProtocolBindAdapterå‡½æ•°ä¸å°†åè®®é©±åŠ¨ç¨‹åºç»‘å®šåœ¨ä¸€å¼ è™šæ‹Ÿç½‘å¡(Virtual Adapter)ä¸Šï¼Œä»Žè€Œåœ¨åè®®é©±åŠ¨ç¨‹åºå’Œå¾®ç«¯å£é©±åŠ¨ç¨‹åºä¹‹é—´åŠ å…¥äº†æˆ‘ä»¬çš„ä¸é—´å±‚é©±åŠ¨ç¨‹åºã€‚ æœ¬æ–‡éšåŽä»‹ç»äº†é‡è¦çš„æ•°æ®ç»“æž„æ•°æ®åŒ…æè¿°ç¬¦å’Œç¼“å†²åŒºæè¿°ç¬¦ï¼Œå¹¶ç¼–å†™ç¨‹åºåˆ†é…è‡ªå·±çš„åŒ…æè¿°ç¬¦å’Œæ•°æ®åŒ…æè¿°ç¬¦ã€‚ç„¶åŽï¼Œç¼–å†™äº†æ‹·è´æ•°æ®åŒ…å†…å®¹çš„å‡½æ•°ï¼Œå¹¶æ”¹å†™äº†ä¸€ç³»åˆ—å®Œæˆå‡½æ•°ï¼Œä»¥æ”¯æŒå¼‚æ¥æ“ä½œï¼›åˆ†æžä»¥å¤ªç½‘å¸§å’ŒIPæ•°æ®æŠ¥çš„æ ¼å¼ï¼Œæ®æ¤ç»™å‡ºè¿‡æ»¤è§„åˆ™ï¼Œæ ¹æ®è¿‡æ»¤è§„åˆ™ï¼Œæ”¹å†™PtReceiveå‡½æ•°å’ŒMpSendå‡½æ•°ï¼Œä»Žè€Œå®žçŽ°æŒ‰æŒ‡å®šåè®®ç±»åž‹æŽ¥æ”¶æ•°æ®åŒ…ã€æŒ‰æŒ‡å®šåè®®ç±»åž‹æŽ¥å—æ•°æ®åŒ…ã€æŒ‰æŒ‡å®šIPåœ°å€æ”¶å‘æ•°æ®åŒ…çš„åŠŸèƒ½ã€‚æœ€åŽç”¨DbgViewè¿›è¡Œäº†éªŒè¯ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the popularization of computer application, network security is causing more and more concerns. In the campaign command control system, security is obviously important. There are many ways to guarantee network security, in this paper, we do a research on using intermediate driver to capture and filter network packets in order to promote security level.Firstly this paper introduces Windows network architecture, and compares several kinds of methods generally used to capture network packets in different layers. After that, this paper emphasizes the method of using intermediate drivers (IMD), with a explanation of its classification and peculiarities.This paper particularly introduces the initialization, binding, send packets and receive packets procedure of intermediate drivers, and pays a special attention to the packet descriptor and buffer descriptor structures, which is essential to programming drivers. Finally, this paper implements the function of capturing and filtering networking packets, which is validated by using DbgView.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ä¸é—´å±‚é©±åŠ¨ç¨‹åºï¼› æ•°æ®åŒ…æ•èŽ·ï¼› NDISï¼›
ã€Key wordsã€‘ intermediate driversï¼› network packets captureï¼› NDISï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ å“ˆå°”æ»¨å·¥ç¨‹å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘5
ã€ä¸‹è½½é¢‘æ¬¡ã€‘390

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽä¸­é—´å±‚é©±åŠ¨ç¨‹åºçš„æ•°æ®åŒ…æ‹¦æˆªæŠ€æœ¯ç ”ç©¶ä¸Žå®žçŽ°

Research and Realization of Network Packets Capture by Using Intermediate Drivers

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åŸºäºŽä¸é—´å±‚é©±åŠ¨ç¨‹åºçš„æ•°æ®åŒ…æ‹¦æˆªæŠ€æœ¯ç ”ç©¶ä¸Žå®žçŽ°