基于windows防火墙系统开发

好久没有自己想做的软件了，以前做防火墙想做了很久，但一直没有时间，或许觉得很难，周末实在无聊，就开始着手做这个了，比想的要简单多了

实现了，按照自定义法则（根据IP，端口，应用程序）通过 /丢弃数据包，监控进程，基本实现天网防火墙的业务功能，加上自己一些想法

主要用了hook,内存映射，一些api函数，如果对这些感兴趣的朋友，可以讨论哈

hook提供思路性的代码

function NEWWSARecv(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesRecvd: DWORD; var lpFlags: DWORD;
  lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall;
type
  tWSARecv = function(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesRecvd: DWORD; var lpFlags: DWORD;
    lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall;
var

  ip: string;
  port: integer;
  localport: Integer;
  i: integer;
  ProtId: string;
begin
   //恢复入口
  // MessageBeep(1000);
  GetIPAndPort(s, ip, port, localport, ProtId);
  bRec := bRec + lpNumberOfBytesRecvd;
  if CheckRule(s, Mode_IN, ip, port, localport, ProtId) then
  begin
    Hook[4].Restore;
    result := tWSARecv(hook[4].OldFunction)(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
    Hook[4].Change;
  end
  else
  begin
    WSASetLastError(WSAENETDOWN);
    result := SOCKET_ERROR;
  end;

end;


 Hook[4] := THookClass.Create(Trap, @WSARecv, @NEWWSARecv);