摘要
在分析介绍Windows2000/XP平台的网络驱动程序的基础上,提出了一种使用NDIShook技术实现防火墙驱动程序的方法。这种方法不同于已有的APIhook技术,它无需重新启动操作系统就能生效,并增强了抵御网络攻击的能力。由于它工作在网络层,可以对所有进出计算机的数据包进行过滤,因此可以更方便有效地保护用户信息安全。同时提出并设计了一个基于共享内存和事件对象的驱动程序通信模型。分析证明该模型可有效提高驱动程序与应用程序通信的效率。
The network driver of Windows 2000/XP was analyzed, and a scheme of implementing firewall driver using NDIS(Network Driver Interface Specification) hook was presented. Different from API hook, the method could take effect without reboot and strengthen the ability of resisting intrusion. The driver worked on network layer and filtered all data packets through the computer, so it could protect users' information effectively and conveniently. A driver communication model based on share memory and event object was also provided. The analysis of this model indicates that it can greatly improve the communication efficiency between driver and application.
出处
《计算机应用》
CSCD
北大核心
2005年第7期1529-1530,1534,共3页
journal of Computer Applications
基金
国家863计划项目(2003AA412030)
