Windows平台截包技术的研究
首发时间:2006-09-06
摘要:本文分别从Windows的用户态和内核态讨论了可操作性较好的数种网络数据包拦截的技术,然后分析了各种方法的特点和适用场合,最后重点分析了NDIS框架和各种协议驱动是如何协调进行网络数据的传输,并且在此基础上给出了采用HOOK NDIS库函数的方法实现网络数据包拦截的细节。
关键词: 包过滤 网络驱动 NDIS HOOK Winsock2 SPI
For information in English, please click here
Packet Filtering Research of Windows System
Abstract:This essay introduced several realizable methods of packet filtering from user mode and kernel mode in windows platform, including comparing their advantages and disadvantages. Finally, focused on how NDIS framework cooperate with each protocol driver to complete data transferring, and presented detail information to filter packets by hooking NDIS library.
Keywords: Packet Filter Network Driver NDIS HOOK Winsock2 SPI
基金:
论文图表:
引用
No.8228753981157516****
同行评议
共计0人参与
勘误表
Windows平台截包技术的研究
评论
全部评论0/1000