【正文】 it brings us great convenience. We bee more and more dependent on the Inter, but it brought a lot of questions of work security, thereby the products of work security attract much attention. Firewall is an effective means to secure the system. It can separate personal puter from unsafe work, according to the preset rules to decide whether to let the packet through. It guarantees the safety of personal puter. This paper is based on Windows 2020, DDK for Windows 2020 and Visual C++ platform to develop simple firewall system. There are two parts in the system, which are hook filter driver module and the module of user interface. The main function of hook filter driver module is to register hook callback function and filter packet according to rules. The main function of user interface module is to add or delete filter rules, and save filter rules as file. Key words: firewall。由于黑客攻擊和信息泄露并不是直接對(duì)系統(tǒng)造成損害，所以往往不能引起人們的注意。另外還有多種防火墻產(chǎn)品正朝 著數(shù)據(jù)安全與用戶認(rèn)證、防止病毒與黑客侵入等方向發(fā)展。因此，為了保護(hù)主機(jī)的安全 第 2 頁(yè) 共 20 頁(yè) 通信，研究有效的個(gè)人防火墻技術(shù)很有必要。這就需要人們給網(wǎng)絡(luò)加一道安全之門，而這道門的重要守護(hù)者就是防火墻 。那些不符合規(guī)則的數(shù)據(jù)包將被過(guò)濾 掉，以保證網(wǎng)絡(luò)的安全。 。另外，防火墻很難防范來(lái)自于網(wǎng)絡(luò)內(nèi)部的攻擊以及病毒的威脅。 MFC 是一個(gè)很大的、擴(kuò)展了的 C++類層次結(jié)構(gòu)，它能使開發(fā) Windows 應(yīng)用程序變得更加容易。 使用 MFC 的最大優(yōu)點(diǎn)是它為你做了所有最難做的事。也就是是說(shuō)， Winpcap 不能阻塞、過(guò)濾或控制其他應(yīng)用程序數(shù)據(jù)包的收發(fā)，它僅僅是監(jiān)聽(tīng)共享網(wǎng)絡(luò)上傳送的數(shù)據(jù)報(bào)。 程序模塊 該模塊主要就是用戶所看到的程序界面，是用戶和防火墻進(jìn)行對(duì)話的對(duì)象。 它允許用戶注冊(cè)自己的 ip 數(shù)據(jù)報(bào)處理函數(shù)。內(nèi)核中的過(guò)濾器鉤子驅(qū)動(dòng)將本機(jī)進(jìn)出的所有封包都傳入到我們的虛擬設(shè)備中，按照我們提供的過(guò)濾規(guī)則進(jìn)行處理。 //封包標(biāo)適，唯一 標(biāo)識(shí) 發(fā)送的每一個(gè)數(shù)據(jù)報(bào) USHORY ipFlags。 TCP 頭 ： typedef stuct_TCPHeader { USHORT sourcePort。 //校驗(yàn)和 USHORT urgenPointer。 不過(guò)，一般情況下要根據(jù)過(guò)濾器鉤子函數(shù)的基本功能來(lái)命名。 PF PASS 表小 IP 過(guò)濾驅(qū)動(dòng)程序處理該數(shù)據(jù)包，并將結(jié)果動(dòng)作回復(fù)給 IP 協(xié)議棧． IP過(guò)濾器驅(qū)動(dòng)如何過(guò)濾數(shù)據(jù)包由它本身和包過(guò)濾 API 接口的設(shè)置方式來(lái)決定；如果過(guò)濾器鉤子認(rèn)為自己不需要處理該數(shù)據(jù)包，而是讓 IP 過(guò)濾器驅(qū)動(dòng)過(guò)濾包，則應(yīng)該返回該 PF_PASS。 //指定這個(gè)對(duì)象要求訪問(wèn)的權(quán)限 OUT PFILE_OBJECT *FileObject。當(dāng)有數(shù)據(jù)包發(fā)送或接收時(shí)， IP 過(guò)濾驅(qū)動(dòng)程序就要調(diào)用這些回調(diào)函數(shù)。這個(gè) Dispatch 例程處理發(fā)來(lái)的 I/O 控制請(qǐng)求 ， 在 DriverEntry 入口函數(shù)中為這個(gè) Dispatch 例程設(shè)置和輸出入口點(diǎn) 。 //過(guò)濾規(guī)則 CFilterList *pNext。過(guò)濾函數(shù)實(shí)現(xiàn)大致流程如下： 第 11 頁(yè) 共 20 頁(yè) 圖 5 客戶端應(yīng)用程序 用戶程序的核心實(shí)現(xiàn)就是使用 CDriver 類向驅(qū)動(dòng)程序發(fā)送幾個(gè)設(shè)備控制代碼（ START_IP_HOOK(安裝過(guò)濾鉤子 )、 STOP_IP_HOOK（清除過(guò)濾鉤子）、 ADD_FILTER（安裝過(guò)濾規(guī)則）、 CLEAR_FILTER(卸載過(guò)濾規(guī)則 )）。 圖 4. 主程序界面 當(dāng)用戶單擊“添加 規(guī)則 ”時(shí)彈出 添加 規(guī)則 窗口 ， 如圖 5。 第 14 頁(yè) 共 20 頁(yè) 視圖類又從 CWnd 類派生。 // 啟動(dòng) IP 過(guò)濾鉤子驅(qū)動(dòng) char szPath[256]。 } CMainFrame::~CMainFrame() 第 15 頁(yè) 共 20 頁(yè) { if(m_bStarted) m_pFilterDrvIoControl(STOP_IP_HOOK, NULL, 0, NULL, 0)。 } void CMainFrame::OnFileStop() // 停止過(guò)濾 { if(m_bStarted) { // 通知 IP 過(guò)濾驅(qū)動(dòng)停止過(guò)濾 m_pFilterDrvIoControl(STOP_IP_HOOK, NULL, 0, NULL, 0)。 i++) { // 轉(zhuǎn)換字節(jié)順序 CIPFilter pf。 if(nRet == 1) { AfxMessageBox(安裝過(guò)濾條件出錯(cuò)！ )。 // 寫入文件 CFile file。但通過(guò)測(cè)試可以看到，當(dāng)用戶添加了較多的過(guò)濾規(guī)則并進(jìn)行數(shù)據(jù)過(guò)濾時(shí)，上網(wǎng)速度會(huì)變慢，所以還需要對(duì)過(guò)濾規(guī)則對(duì)比算法 做 一些改進(jìn)。 [4] 朱雁輝 ,朱雁冰 著 Windows 防火墻與網(wǎng)絡(luò)封包截獲技術(shù) [M].北京： 電子 工業(yè)出版社2020。我也感謝我的同組同學(xué)和同班同學(xué)在這次畢業(yè)設(shè)計(jì)中給我的支持和幫助，特別感謝同學(xué)為我提供電腦，讓我順利完成畢業(yè)設(shè)計(jì)和論文 。 （ 4）學(xué)?？稍试S學(xué)位論文被查閱或借閱 。 Sure, theyˇ re horses.〃 They talked, sitting their gaunt horses in the dark. Zurito said nothing. He had the only steady horse of the lot. He had tried him, wheeling him in the corrals, and he responded to the bit and the spurs. He had ta ken the bandage off his right eye and cut the strings where they had tied his ears tight shut at the base. He was a good, solid horse, solid on his legs. That was all he needed. He intended to ride him all through the corrida. He had already, since he had mounted, sitting in the halfdark in the big, quilted saddle, waiting for the paseo, piced through the whole corrida in his mind. The other picadors went on talking on both sides of him. He did not hear them. The tw o matadors stood together in front of their three peones, their capes furled over their left arms in the same fashion. Manuel was thinking about the three lads in back of him. They were all three Madrile?os, like Hernandez, boys about nieen. One of them, a gypsy, serious, aloof, and darkfaced, he liked the look of. He turned. 168。 and more than monly anxious to please, she naturally suspected that every power of pleasing would fail her. She retreated from the window, fearful of being seen。re not getting closer to Themis, but something39。s parents had been taken here instead of Diane, do you think it would have helped them? Nicholas did not reply. We have treatments for disturbed persons, Nicholas. But, at least for the time being, we have no treatment for disturbing persons. Diane and the boy had turned away, and the waves39。t fastened down. Cirocco locked her control board. At her elbow, Bill nodded in his couch, asleep. The two of them had not left CONMOD in two days. She moved through SCIMOD like a sleepwalker. Somewhere down there was a bed with soft sheets and a pillow, and a fortable quarter gee now that the carousel was turning again. A buzzer sounded faintly and for a moment she could not place it. Then things became sharp and clear as adrenalin ate the cobwebs. It was the radar alarm in CONMOD. Captain, Bil,1 said over the speaker, I39。s feelings was every moment increasing. She was quite amazed at her ow n disposure。 This thing Iˇ m on barely keeps me off the ground,〃 the first picador said. 168。 （ 2）學(xué)校可以采用影印、縮印或其他復(fù)制方式保存學(xué)位論文。在短暫的幾個(gè)月的相處時(shí)間里，老師淵博的知識(shí)、敏銳的思路和實(shí)事求是的工作作風(fēng)給我留下了深刻的印象，這將使得我終身受益，謹(jǐn)此向老師表示衷心的感謝和崇高的敬意 。 [2] 鄭莉 ,董淵 . 著 C++語(yǔ)言程序設(shè)計(jì) [M].北京：清華大學(xué)出版 .2020。 } } 結(jié) 論 隨著網(wǎng)絡(luò)的發(fā)展，個(gè)人防火墻越來(lái)越受到重視，用戶對(duì)個(gè)人防火墻的要求也越來(lái)越高。 } // 彈出保存對(duì)話框 CFileDialog dlg(FALSE, rul, NULL, OFN_HIDEREADONLY | OFN_CREATEPROMPT, Rule Files(*.rul)|*.rul|all(*.*)|*.*||, NULL)。 // 發(fā)送設(shè)備控制代碼 nRet = m_pFilterDrvIoControl(ADD_FILTER, amp。 for(int i=0。 return。 exit(1)。 // 指示是否啟動(dòng) ?? }； // 文件 CMainFrame::CMainFrame() { // 確保 IP 過(guò)濾驅(qū)動(dòng)啟動(dòng)（否則怎樣為它安裝鉤子？） m_pIPFltDrv = new CDriver(, IpFltDrv)。 ② 變量盡量不使用縮寫，個(gè)別較長(zhǎng)的單詞或已成習(xí)慣縮寫如下 Initialize