tags:

views:

5313

answers:

5
+3  Q: 

How do you block selected applications from accessing the internet (C++, Win32)

I want to have an application or service that is running that, on some schedule, can disable access to the internet for all applications except for specific ones.

I'm trying to create a filter that can be turned on or off under programmatic control. Not just IP addresses and ports, but I want to be able to block specific applications as well, much like Zone Alarm and other software firewalls let you block.

For example, iexplore.exe, skype.exe, firefox.exe, aim.exe. But still need to allow other applications to connect as needed.

It has to work on Vista as well as XP, but I kind of expect that the method will be different on each of those platforms.

Basically, the filter has to tie the network communication back to the executable that is making the request and then allow or deny it.

Update:

On Vista at least, it looks like I want to use filters in the ALE layers of the WFP.

On XP, I'm still looking for the best way to do it. Do I really need to be writing device drivers and dealing with kernel stuff? I'm just a lowly application developer. Kill me now.

Update 2:

Currently looking at the PfCreateInterface and related Pf* API's for pre-Vista systems.

A: 

I'm not sure, but I think you'd need to do it by getting the program to run as a user that has limited permissions, the question is, can you make a user account that stops such things?

Jesse Pepper  2009-01-08 05:32:42
It has to run in limited and administrator accounts in Windows. I'm not trying to prevent all applications from executing. I just want the attempt to access the internet by the application to fail (ie, drop the packets or refuse the connection)
MarkS  2009-01-08 05:41:10
A single application can be run as a different user than the currently logged in user.
Jesse Pepper  2009-01-08 05:44:43
... that is, if you know the programs that you're talking about, you can put the executables somewhere where the normal user doesn't have access to them, and then provide access to each locked-down application only through a shortcut that run's it as the locked-down user.
Jesse Pepper  2009-01-08 05:46:19
I appreciate the suggestions. But I can't move apps around creating shortcuts, etc. "my app" will be installed on machines where it won't even know what apps will be trying to access the internet. Firefox could be up, with access now, but at 8pm, it no longer has access. Next http request blocked.
MarkS  2009-01-08 05:58:02
+1  A: 

You'll have to write a device driver that filters traffic based on the executable requesting the traffic.

Paul Whitehurst  2009-01-08 05:36:41
A: 

You'll need to redirect all (or at least many) calls to the WinSock API functions of any running program to your own replacement functions. That means getting into the memory of each running program and hijacking those functions, which is an... interesting... exercise. :-)

That might be enough of a pointer to get you started, or at least to suggest some more specific questions to ask.

Head Geek  2009-01-08 05:38:09
A: 

Could you move aside (ie rename) the system's winsock DLL and replace it with your own ? Yours should provide the same API, but check the the process name of incoming requests... return an error code to blocked applications and forward the calls from allowed apps onto the real DLL.

timday  2009-01-08 13:19:32
Nice idea, but since Windows 2000, the OS has code to prevent that kind of thing, so malware can't replace system files. It could also cause problems with upgrades.
Head Geek  2009-01-09 19:32:14
Not to mention, if this was a good way to do it, then what's to stop another app from installing their version of winsock and essentially disabling mine.
MarkS  2009-01-20 02:46:21
+3  A: 

You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.

Also see this question.

Max Caceres  2009-01-09 04:58:34

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS