VC++ 防火墙 Win7 XP MFC

来源：互联网发布：小旭音乐知乎编辑：程序博客网时间：2024/06/07 02:16

//防火墙本质是你开辟一个端口侦听，即作为服务器的时候，系统为了防止对它造成伤害，特意开出的隔离墙。

//所以如果希望系统不自动弹出询问添加防火墙，就应该在端口侦听的地方提前把exe文件的全路径加入防火墙规则。

//win7系统默认添加防火墙规则名称是 资源视图-Version-FileDescription

#include "stdafx.h"#include <windows.h>#include <stdio.h>#include <netfw.h>#pragma comment( lib, "ole32.lib" )#pragma comment( lib, "oleaut32.lib" )// Forward declarationsHRESULT     WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2);int __cdecl main(){HRESULT hrComInit = S_OK;HRESULT hr = S_OK;INetFwRules *pFwRules = NULL;INetFwRule *pFwRule = NULL;INetFwRule *pTmpFwRule = NULL;VARIANT_BOOL isServiceRestricted = FALSE;INetFwPolicy2 *pNetFwPolicy2 = NULL;INetFwServiceRestriction *pFwServiceRestriction = NULL;// The Service and App name to useBSTR bstrServiceName = SysAllocString(L"SampleService");   // provide a valid service short name here.BSTR bstrAppName = SysAllocString(L"E:\\DownCode\\13114500790\\ServiceTest.exe");// The rule name, description should be provided as indirect strings '@appfullpath,-resource index' for// localization purposes. // Using the strings directly for illustration here.BSTR bstrRuleName = SysAllocString(L"Allow TCP 12345 to sampleservice");BSTR bstrRuleDescription = SysAllocString(L"Allow only TCP 12345 traffic to sampleservice service, block everything else");BSTR bstrRuleLPorts = SysAllocString(L"12345");// Error checking for BSTR allocationsif (NULL == bstrServiceName) { printf("Failed to allocate bstrServiceName\n"); goto Cleanup; }if (NULL == bstrAppName) { printf("Failed to allocate bstrAppName\n"); goto Cleanup; }if (NULL == bstrRuleName) { printf("Failed to allocate bstrRuleName\n"); goto Cleanup; }if (NULL == bstrRuleDescription) { printf("Failed to allocate bstrRuleDescription\n"); goto Cleanup; }if (NULL == bstrRuleLPorts) { printf("Failed to allocate bstrRuleLPorts\n"); goto Cleanup; }// Initialize COM.hrComInit = CoInitializeEx(0,COINIT_APARTMENTTHREADED);// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been// initialized with a different mode. Since we don't care what the mode is,// we'll just use the existing mode.if (hrComInit != RPC_E_CHANGED_MODE){if (FAILED(hrComInit)){printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);goto Cleanup;}}// Retrieve INetFwPolicy2hr = WFCOMInitialize(&pNetFwPolicy2);if (FAILED(hr)){goto Cleanup;}// Retrieve INetFwServiceRestrictionhr = pNetFwPolicy2->get_ServiceRestriction(&pFwServiceRestriction);if (FAILED(hr)){printf("get_ServiceRestriction failed: 0x%08lx\n", hr);goto Cleanup;}// Restrict the sampleservice Service.// This will add two WSH rules -//    - a default block all inbound traffic to the service//    - a default block all outbound traffic from the service/*hr = pFwServiceRestriction->RestrictService(bstrServiceName, bstrAppName, TRUE, FALSE);if (FAILED(hr)){printf("RestrictService failed: 0x%08lx\nMake sure you specified a valid service shortname.\n", hr);goto Cleanup;}*/// If the service does not send/receive any network traffic then you are done. You can skip adding the allow WSH rules below.// If the service requires sending/receiving certain traffic, then add 'allow' WSH rules as follows// Get the collections of Windows Service Hardening networking rules firsthr = pNetFwPolicy2->get_Rules(&pFwRules);//hr = pFwServiceRestriction->get_Rules(&pFwRules);if (FAILED(hr)){wprintf(L"get_Rules failed: 0x%08lx\n", hr);goto Cleanup;}// Add inbound WSH allow rule for allowing TCP 12345 to the service// Create a new Rule object.hr = CoCreateInstance(__uuidof(NetFwRule),NULL,CLSCTX_INPROC_SERVER,__uuidof(INetFwRule),(void**)&pFwRule);if (FAILED(hr)){printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the Rule Namehr = pFwRule->put_Name(bstrRuleName);if (FAILED(hr)){printf("put_Name failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the Rule Descriptionhr = pFwRule->put_Description(bstrRuleDescription);if (FAILED(hr)){printf("put_Description failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the Application Namehr = pFwRule->put_ApplicationName(bstrAppName);if (FAILED(hr)){printf("put_ApplicationName failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the Service Namehr = pFwRule->put_ServiceName(bstrServiceName);if (FAILED(hr)){printf("put_ServiceName failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the Protocolhr = pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);if (FAILED(hr)){printf("put_Protocol failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the Local Portshr = pFwRule->put_LocalPorts(bstrRuleLPorts);if (FAILED(hr)){printf("put_LocalPorts failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the rule Actionhr = pFwRule->put_Action(NET_FW_ACTION_ALLOW);if (FAILED(hr)){printf("put_Action failed: 0x%08lx\n", hr);goto Cleanup;}// Populate the rule Enabled settinghr = pFwRule->put_Enabled(VARIANT_TRUE);if (FAILED(hr)){printf("put_Enabled failed: 0x%08lx\n", hr);goto Cleanup;}//------------------------------------------------------------------------------------------BSTR bstrPPLiveRuleName = SysAllocString(L"PPLive");hr = pFwRules->Item(bstrRuleName, &pTmpFwRule);/*if (FAILED(hr)){printf("Item failed: 0x%08lx\n", hr);goto Cleanup;}*/if (pTmpFwRule != NULL){printf("规则已存在！\n");VARIANT_BOOL flag;pTmpFwRule->get_Enabled(&flag);if (!flag) //如果规则没打开{pTmpFwRule->put_Enabled(VARIANT_TRUE); //打开规则}int a;a = 3;goto Cleanup;}// Add the Rule to the collection of Windows Service Hardening(WSH) ruleshr = pFwRules->Add(pFwRule);if (FAILED(hr)){printf("Firewall Rule Add failed: 0x%08lx\n", hr);goto Cleanup;}Sleep(3000);// Check to see if the Service is Restrictedhr = pFwServiceRestriction->ServiceRestricted(bstrServiceName, bstrAppName, &isServiceRestricted);if (FAILED(hr)){printf("ServiceRestricted failed: 0x%08lx\n", hr);goto Cleanup;}if (isServiceRestricted){printf ("Service was successfully restricted in WSH.\nExcept for TCP 12345 inbound traffic and its responses, all other inbound and outbound connections to and from the service will be blocked.\n");}else{printf ("The Service could not be properly restricted.\n");}Cleanup:// Free BSTR'sSysFreeString(bstrServiceName);SysFreeString(bstrAppName);SysFreeString(bstrRuleName);SysFreeString(bstrRuleDescription);SysFreeString(bstrRuleLPorts);SysFreeString(bstrPPLiveRuleName);// Release the INetFwRule objectif (pFwRule != NULL){pFwRule->Release();}// Release the INetFwRules objectif (pFwRules != NULL){pFwRules->Release();}// Release INetFwPolicy2if (pNetFwPolicy2 != NULL){pNetFwPolicy2->Release();}// Uninitialize COM.if (SUCCEEDED(hrComInit)){CoUninitialize();}getchar();return 0;}// Instantiate INetFwPolicy2HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2){HRESULT hr = S_OK;hr = CoCreateInstance(__uuidof(NetFwPolicy2), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwPolicy2), (void**)ppNetFwPolicy2);if (FAILED(hr)){printf("CoCreateInstance for INetFwPolicy2 failed: 0x%08lx\n", hr);goto Cleanup;        }Cleanup:return hr;}

XP:

#include <windows.h>#include <crtdbg.h>#include <netfw.h>#include <objbase.h>#include <oleauto.h>#include <stdio.h>#pragma comment( lib, "ole32.lib" )#pragma comment( lib, "oleaut32.lib" )HRESULT WindowsFirewallInitialize(OUT INetFwProfile** fwProfile){HRESULT hr = S_OK;INetFwMgr* fwMgr = NULL;INetFwPolicy* fwPolicy = NULL;_ASSERT(fwProfile != NULL);*fwProfile = NULL;// Create an instance of the firewall settings manager.hr = CoCreateInstance(__uuidof(NetFwMgr),NULL,CLSCTX_INPROC_SERVER,__uuidof(INetFwMgr),(void**)&fwMgr);if (FAILED(hr)){printf("CoCreateInstance failed: 0x%08lx\n", hr);goto error;}// Retrieve the local firewall policy.hr = fwMgr->get_LocalPolicy(&fwPolicy);if (FAILED(hr)){printf("get_LocalPolicy failed: 0x%08lx\n", hr);goto error;}// Retrieve the firewall profile currently in effect.hr = fwPolicy->get_CurrentProfile(fwProfile);if (FAILED(hr)){printf("get_CurrentProfile failed: 0x%08lx\n", hr);goto error;}error:// Release the local firewall policy.if (fwPolicy != NULL){fwPolicy->Release();}// Release the firewall settings manager.if (fwMgr != NULL){fwMgr->Release();}return hr;}void WindowsFirewallCleanup(IN INetFwProfile* fwProfile){// Release the firewall profile.if (fwProfile != NULL){fwProfile->Release();}}HRESULT WindowsFirewallIsOn(IN INetFwProfile* fwProfile, OUT BOOL* fwOn){HRESULT hr = S_OK;VARIANT_BOOL fwEnabled;_ASSERT(fwProfile != NULL);_ASSERT(fwOn != NULL);*fwOn = FALSE;// Get the current state of the firewall.hr = fwProfile->get_FirewallEnabled(&fwEnabled);if (FAILED(hr)){printf("get_FirewallEnabled failed: 0x%08lx\n", hr);goto error;}// Check to see if the firewall is on.if (fwEnabled != VARIANT_FALSE){*fwOn = TRUE;printf("The firewall is on.\n");}else{printf("The firewall is off.\n");}error:return hr;}HRESULT WindowsFirewallTurnOn(IN INetFwProfile* fwProfile){HRESULT hr = S_OK;BOOL fwOn;_ASSERT(fwProfile != NULL);// Check to see if the firewall is off.hr = WindowsFirewallIsOn(fwProfile, &fwOn);if (FAILED(hr)){printf("WindowsFirewallIsOn failed: 0x%08lx\n", hr);goto error;}// If it is, turn it on.if (!fwOn){// Turn the firewall on.hr = fwProfile->put_FirewallEnabled(VARIANT_TRUE);if (FAILED(hr)){printf("put_FirewallEnabled failed: 0x%08lx\n", hr);goto error;}printf("The firewall is now on.\n");}error:return hr;}HRESULT WindowsFirewallTurnOff(IN INetFwProfile* fwProfile){HRESULT hr = S_OK;BOOL fwOn;_ASSERT(fwProfile != NULL);// Check to see if the firewall is on.hr = WindowsFirewallIsOn(fwProfile, &fwOn);if (FAILED(hr)){printf("WindowsFirewallIsOn failed: 0x%08lx\n", hr);goto error;}// If it is, turn it off.if (fwOn){// Turn the firewall off.hr = fwProfile->put_FirewallEnabled(VARIANT_FALSE);if (FAILED(hr)){printf("put_FirewallEnabled failed: 0x%08lx\n", hr);goto error;}printf("The firewall is now off.\n");}error:return hr;}HRESULT WindowsFirewallAppIsEnabled(IN INetFwProfile* fwProfile,IN const wchar_t* fwProcessImageFileName,OUT BOOL* fwAppEnabled){HRESULT hr = S_OK;BSTR fwBstrProcessImageFileName = NULL;VARIANT_BOOL fwEnabled;INetFwAuthorizedApplication* fwApp = NULL;INetFwAuthorizedApplications* fwApps = NULL;_ASSERT(fwProfile != NULL);_ASSERT(fwProcessImageFileName != NULL);_ASSERT(fwAppEnabled != NULL);*fwAppEnabled = FALSE;// Retrieve the authorized application collection.hr = fwProfile->get_AuthorizedApplications(&fwApps);if (FAILED(hr)){printf("get_AuthorizedApplications failed: 0x%08lx\n", hr);goto error;}// Allocate a BSTR for the process image file name.fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);if (fwBstrProcessImageFileName == NULL){hr = E_OUTOFMEMORY;printf("SysAllocString failed: 0x%08lx\n", hr);goto error;}// Attempt to retrieve the authorized application.hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);if (SUCCEEDED(hr)){// Find out if the authorized application is enabled.hr = fwApp->get_Enabled(&fwEnabled);if (FAILED(hr)){printf("get_Enabled failed: 0x%08lx\n", hr);goto error;}if (fwEnabled != VARIANT_FALSE){// The authorized application is enabled.*fwAppEnabled = TRUE;printf("Authorized application %lS is enabled in the firewall.\n",fwProcessImageFileName);}else{printf("Authorized application %lS is disabled in the firewall.\n",fwProcessImageFileName);}}else{// The authorized application was not in the collection.hr = S_OK;printf("Authorized application %lS is disabled in the firewall.\n",fwProcessImageFileName);}error:// Free the BSTR.SysFreeString(fwBstrProcessImageFileName);// Release the authorized application instance.if (fwApp != NULL){fwApp->Release();}// Release the authorized application collection.if (fwApps != NULL){fwApps->Release();}return hr;}HRESULT WindowsFirewallAddApp(  IN INetFwProfile* fwProfile,  IN const wchar_t* fwProcessImageFileName,  IN const wchar_t* fwName  ){HRESULT hr = S_OK;BOOL fwAppEnabled;BSTR fwBstrName = NULL;BSTR fwBstrProcessImageFileName = NULL;INetFwAuthorizedApplication* fwApp = NULL;INetFwAuthorizedApplications* fwApps = NULL;_ASSERT(fwProfile != NULL);_ASSERT(fwProcessImageFileName != NULL);_ASSERT(fwName != NULL);// First check to see if the application is already authorized.hr = WindowsFirewallAppIsEnabled(fwProfile,fwProcessImageFileName,&fwAppEnabled);if (FAILED(hr)){printf("WindowsFirewallAppIsEnabled failed: 0x%08lx\n", hr);goto error;}// Only add the application if it isn't already authorized.if (!fwAppEnabled){// Retrieve the authorized application collection.hr = fwProfile->get_AuthorizedApplications(&fwApps);if (FAILED(hr)){printf("get_AuthorizedApplications failed: 0x%08lx\n", hr);goto error;}// Create an instance of an authorized application.hr = CoCreateInstance(__uuidof(NetFwAuthorizedApplication),NULL,CLSCTX_INPROC_SERVER,__uuidof(INetFwAuthorizedApplication),(void**)&fwApp);if (FAILED(hr)){printf("CoCreateInstance failed: 0x%08lx\n", hr);goto error;}// Allocate a BSTR for the process image file name.fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);if (fwBstrProcessImageFileName == NULL){hr = E_OUTOFMEMORY;printf("SysAllocString failed: 0x%08lx\n", hr);goto error;}// Set the process image file name.hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);if (FAILED(hr)){printf("put_ProcessImageFileName failed: 0x%08lx\n", hr);goto error;}// Allocate a BSTR for the application friendly name.fwBstrName = SysAllocString(fwName);if (SysStringLen(fwBstrName) == 0){hr = E_OUTOFMEMORY;printf("SysAllocString failed: 0x%08lx\n", hr);goto error;}// Set the application friendly name.hr = fwApp->put_Name(fwBstrName);if (FAILED(hr)){printf("put_Name failed: 0x%08lx\n", hr);goto error;}// Add the application to the collection.hr = fwApps->Add(fwApp);if (FAILED(hr)){printf("Add failed: 0x%08lx\n", hr);goto error;}printf("Authorized application %lS is now enabled in the firewall.\n",fwProcessImageFileName);}error:// Free the BSTRs.SysFreeString(fwBstrName);SysFreeString(fwBstrProcessImageFileName);// Release the authorized application instance.if (fwApp != NULL){fwApp->Release();}// Release the authorized application collection.if (fwApps != NULL){fwApps->Release();}return hr;}HRESULT WindowsFirewallPortIsEnabled( IN INetFwProfile* fwProfile, IN LONG portNumber, IN NET_FW_IP_PROTOCOL ipProtocol, OUT BOOL* fwPortEnabled ){HRESULT hr = S_OK;VARIANT_BOOL fwEnabled;INetFwOpenPort* fwOpenPort = NULL;INetFwOpenPorts* fwOpenPorts = NULL;_ASSERT(fwProfile != NULL);_ASSERT(fwPortEnabled != NULL);*fwPortEnabled = FALSE;// Retrieve the globally open ports collection.hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts);if (FAILED(hr)){printf("get_GloballyOpenPorts failed: 0x%08lx\n", hr);goto error;}// Attempt to retrieve the globally open port.hr = fwOpenPorts->Item(portNumber, ipProtocol, &fwOpenPort);if (SUCCEEDED(hr)){// Find out if the globally open port is enabled.hr = fwOpenPort->get_Enabled(&fwEnabled);if (FAILED(hr)){printf("get_Enabled failed: 0x%08lx\n", hr);goto error;}if (fwEnabled != VARIANT_FALSE){// The globally open port is enabled.*fwPortEnabled = TRUE;printf("Port %ld is open in the firewall.\n", portNumber);}else{printf("Port %ld is not open in the firewall.\n", portNumber);}}else{// The globally open port was not in the collection.hr = S_OK;printf("Port %ld is not open in the firewall.\n", portNumber);}error:// Release the globally open port.if (fwOpenPort != NULL){fwOpenPort->Release();}// Release the globally open ports collection.if (fwOpenPorts != NULL){fwOpenPorts->Release();}return hr;}HRESULT WindowsFirewallPortAdd(   IN INetFwProfile* fwProfile,   IN LONG portNumber,   IN NET_FW_IP_PROTOCOL ipProtocol,   IN const wchar_t* name   ){HRESULT hr = S_OK;BOOL fwPortEnabled;BSTR fwBstrName = NULL;INetFwOpenPort* fwOpenPort = NULL;INetFwOpenPorts* fwOpenPorts = NULL;_ASSERT(fwProfile != NULL);_ASSERT(name != NULL);// First check to see if the port is already added.hr = WindowsFirewallPortIsEnabled(fwProfile,portNumber,ipProtocol,&fwPortEnabled);if (FAILED(hr)){printf("WindowsFirewallPortIsEnabled failed: 0x%08lx\n", hr);goto error;}// Only add the port if it isn't already added.if (!fwPortEnabled){// Retrieve the collection of globally open ports.hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts);if (FAILED(hr)){printf("get_GloballyOpenPorts failed: 0x%08lx\n", hr);goto error;}// Create an instance of an open port.hr = CoCreateInstance(__uuidof(NetFwOpenPort),NULL,CLSCTX_INPROC_SERVER,__uuidof(INetFwOpenPort),(void**)&fwOpenPort);if (FAILED(hr)){printf("CoCreateInstance failed: 0x%08lx\n", hr);goto error;}// Set the port number.hr = fwOpenPort->put_Port(portNumber);if (FAILED(hr)){printf("put_Port failed: 0x%08lx\n", hr);goto error;}// Set the IP protocol.hr = fwOpenPort->put_Protocol(ipProtocol);if (FAILED(hr)){printf("put_Protocol failed: 0x%08lx\n", hr);goto error;}// Allocate a BSTR for the friendly name of the port.fwBstrName = SysAllocString(name);if (SysStringLen(fwBstrName) == 0){hr = E_OUTOFMEMORY;printf("SysAllocString failed: 0x%08lx\n", hr);goto error;}// Set the friendly name of the port.hr = fwOpenPort->put_Name(fwBstrName);if (FAILED(hr)){printf("put_Name failed: 0x%08lx\n", hr);goto error;}// Opens the port and adds it to the collection.hr = fwOpenPorts->Add(fwOpenPort);if (FAILED(hr)){printf("Add failed: 0x%08lx\n", hr);goto error;}printf("Port %ld is now open in the firewall.\n", portNumber);}error:// Free the BSTR.SysFreeString(fwBstrName);// Release the open port instance.if (fwOpenPort != NULL){fwOpenPort->Release();}// Release the globally open ports collection.if (fwOpenPorts != NULL){fwOpenPorts->Release();}return hr;}int  main(int argc, TCHAR* argv[]){HRESULT hr = S_OK;HRESULT comInit = E_FAIL;INetFwProfile* fwProfile = NULL;// Initialize COM.comInit = CoInitializeEx(0,COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been// initialized with a different mode. Since we don't care what the mode is,// we'll just use the existing mode.if (comInit != RPC_E_CHANGED_MODE){hr = comInit;if (FAILED(hr)){printf("CoInitializeEx failed: 0x%08lx\n", hr);goto error;}}INetFwRules *fwRules;// Retrieve the firewall profile currently in effect.hr = WindowsFirewallInitialize(&fwProfile);if (FAILED(hr)){printf("WindowsFirewallInitialize failed: 0x%08lx\n", hr);goto error;}// Turn off the firewall.hr = WindowsFirewallTurnOff(fwProfile);if (FAILED(hr)){printf("WindowsFirewallTurnOff failed: 0x%08lx\n", hr);goto error;}// Turn on the firewall.hr = WindowsFirewallTurnOn(fwProfile);if (FAILED(hr)){printf("WindowsFirewallTurnOn failed: 0x%08lx\n", hr);goto error;}// Add Windows Messenger to the authorized application collection.hr = WindowsFirewallAddApp(fwProfile,L"E:\\Code_Factory\\NetDemo\\NetDemo V1.0-UDP\\Release\\NetDemo.exe",L"NetDemo");if (FAILED(hr)){printf("WindowsFirewallAddApp failed: 0x%08lx\n", hr);goto error;}// Add TCP::80 to list of globally open ports.hr = WindowsFirewallPortAdd(fwProfile, 80, NET_FW_IP_PROTOCOL_TCP, L"WWW");if (FAILED(hr)){printf("WindowsFirewallPortAdd failed: 0x%08lx\n", hr);goto error;}error:// Release the firewall profile.WindowsFirewallCleanup(fwProfile);// Uninitialize COM.if (SUCCEEDED(comInit)){CoUninitialize();}getchar();return 0;}

0 0