Based Host Firewall Of The Tdi-hook And The Ndis-hook

With the development of information technology, more and more people join the virtual world the Internet. Although the network brings the newest and fastest information with people,it brings many security thread problems with people.In network application end, personal firewall is always focused by domestic and foreign security researchers.Because it can monitor process network action in host effectly.Meantime, it can protect host network security.The paper discusses the technology of network driver HOOK on Windows platform,and describes the design of personal firewall that is based on the technology of TDI HOOK and NDIS HOOK, and the implementation of Personal firewall on Windows platform is also presented.Firstly, the paper presents the background of introducing of the personal firewall, the development of domestic and foreign personal firewall,analyses throughly the technology of network driver HOOK on Windows platform include their merits and demerits, and introduces the network frame of Windows operate system.Then, the paper analyses the basic structure and fuctions of WDM driver,decribes driver object, device object, file object and IRP structure, discusses the relation between I/O stack and layered driver.Finally, the paper explains the design of the system and the implement of all the modules in detail, implements function testing and performance analysing to the whole system, and summarizes the entire paper.In the subject, the author takes part in the theory reaserch and analysis, also be responsible for the design of system frame and the realization of system function. During the development of system, we adopt the design idea of modularization and structural, which improves the system portable. In aspect of realization technology, we adopt the technology of double layeres monitor between TDI layer and NDIS layer, realize data package filter and monitor the action of processes accessing network, which improves veracity and security. We proposed the concept of digital singnature about rule management and introduced study mode to reduce fault for personal firewall.The overall system makes up of three modules, EXE for user interactive interface,DLL for user mode interface and SYS for kernel mode filtering and rule management.