摘要
针对目前Windows下个人防火墙软件在拦截网络数据封包上所存在的不足,提出了一种新的用户态和内核态混合的网络数据封包拦截方案。该方案基于Winsock2服务提供者SPI和NDISHOOK,能克服单一的网络数据包拦截方案的缺点,在理论上可以截获所有通过Win-dows的网络封包,同时接口简单、思路明确并且容易实现软件的自动安装。根据实验系统的测试表明,新的网络数据包拦截方案有很好的稳定性,系统具有良好的使用价值。
A new method based on Windows kernel mode and user mode is proposed so as to solve the prob- lems of packet capture in personal firewall products. The method is based on Windows Socket 2 SPI and NDIS HOOK. It avoids the defect of single way to capture packet. And theoretically, it can capture all the packets. Experimental results show that experimental system based on the new method of packet capture is effective and stable.
出处
《南京审计学院学报》
2010年第2期84-92,共9页
journal of nanjing audit university