diff --git a/bin/profile_internal.xml b/bin/profile_internal.xml
index 0433a2c2..2bc72a68 100644
Binary files a/bin/profile_internal.xml and b/bin/profile_internal.xml differ
diff --git a/packages.config b/packages.config
index 7a9561b2..1b8cfbd9 100644
--- a/packages.config
+++ b/packages.config
@@ -1,4 +1,4 @@
-
+
\ No newline at end of file
diff --git a/simplewall.vcxproj b/simplewall.vcxproj
index 04524ca7..ce64952c 100644
--- a/simplewall.vcxproj
+++ b/simplewall.vcxproj
@@ -1,6 +1,6 @@
-
+
Debug
@@ -170,7 +170,7 @@
Windows
/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)
%(DelayLoadDLLs)
- 6.3
+ 6.1
true
@@ -201,7 +201,7 @@
true
true
Windows
- 6.3
+ 6.1
/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)
true
%(DelayLoadDLLs)
@@ -236,7 +236,7 @@
true
Windows
/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)
- 6.3
+ 6.1
true
%(DelayLoadDLLs)
true
@@ -274,7 +274,7 @@
/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)
UseLinkTimeCodeGeneration
%(DelayLoadDLLs)
- 6.3
+ 6.1
true
@@ -309,7 +309,7 @@
true
true
Windows
- 6.3
+ 6.1
/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)
true
UseLinkTimeCodeGeneration
@@ -349,7 +349,7 @@
true
Windows
/DEPENDENTLOADFLAG:0x800 /BREPRO %(AdditionalOptions)
- 6.3
+ 6.1
true
UseLinkTimeCodeGeneration
%(DelayLoadDLLs)
@@ -418,13 +418,13 @@
-
+
This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.
-
-
+
+
\ No newline at end of file
diff --git a/src/helper.c b/src/helper.c
index fd183f50..f385d719 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -672,28 +672,75 @@ BOOLEAN _app_calculatefilehash (
_Out_ HCATADMIN_PTR hcat_admin_ptr
)
{
+ static R_INITONCE init_once = PR_INITONCE_INIT;
+ static CCAHFFH2 _CryptCATAdminCalcHashFromFileHandle2 = NULL;
+ static CCAAC2 _CryptCATAdminAcquireContext2 = NULL;
+
const GUID DriverActionVerify = DRIVER_ACTION_VERIFY;
HCATADMIN hcat_admin;
+ PVOID hwintrust;
PBYTE file_hash;
ULONG file_hash_length;
+ NTSTATUS status;
- if (!CryptCATAdminAcquireContext2 (&hcat_admin, &DriverActionVerify, algorithm_id, NULL, 0))
- return FALSE;
+ if (_r_initonce_begin (&init_once))
+ {
+ status = _r_sys_loadlibrary (L"wintrust.dll", 0, &hwintrust);
+
+ if (hwintrust)
+ {
+ _r_sys_getprocaddress (hwintrust, "CryptCATAdminAcquireContext2", 0, (PVOID_PTR)&_CryptCATAdminAcquireContext2);
+ _r_sys_getprocaddress (hwintrust, "CryptCATAdminCalcHashFromFileHandle2", 0, (PVOID_PTR)&_CryptCATAdminCalcHashFromFileHandle2);
+
+ // _r_sys_freelibrary (hwintrust, FALSE);
+ }
+
+ _r_initonce_end (&init_once);
+ }
+
+ if (_CryptCATAdminAcquireContext2)
+ {
+ if (!_CryptCATAdminAcquireContext2 (&hcat_admin, &DriverActionVerify, algorithm_id, NULL, 0))
+ return FALSE;
+ }
+ else
+ {
+ if (!CryptCATAdminAcquireContext (&hcat_admin, &DriverActionVerify, 0))
+ return FALSE;
+ }
file_hash_length = 32;
file_hash = _r_mem_allocate (file_hash_length);
- if (!CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+ if (_CryptCATAdminCalcHashFromFileHandle2)
{
- file_hash = _r_mem_reallocate (file_hash, file_hash_length);
+ if (!_CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+ {
+ file_hash = _r_mem_reallocate (file_hash, file_hash_length);
+
+ if (!_CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+ {
+ CryptCATAdminReleaseContext (hcat_admin, 0);
+ _r_mem_free (file_hash);
- if (!CryptCATAdminCalcHashFromFileHandle2 (hcat_admin, hfile, &file_hash_length, file_hash, 0))
+ return FALSE;
+ }
+ }
+ }
+ else
+ {
+ if (!CryptCATAdminCalcHashFromFileHandle (hfile, &file_hash_length, file_hash, 0))
{
- CryptCATAdminReleaseContext (hcat_admin, 0);
- _r_mem_free (file_hash);
+ file_hash = _r_mem_reallocate (file_hash, file_hash_length);
- return FALSE;
+ if (!CryptCATAdminCalcHashFromFileHandle (hfile, &file_hash_length, file_hash, 0))
+ {
+ CryptCATAdminReleaseContext (hcat_admin, 0);
+ _r_mem_free (file_hash);
+
+ return FALSE;
+ }
}
}
diff --git a/src/helper.h b/src/helper.h
index e274ea0e..988a91ca 100644
--- a/src/helper.h
+++ b/src/helper.h
@@ -14,6 +14,24 @@ typedef struct _ICON_INFORMATION
LONG uwp_icon_id;
} ICON_INFORMATION, *PICON_INFORMATION;
+// CryptCATAdminAcquireContext2 (win8+)
+typedef BOOL (WINAPI *CCAAC2)(
+ _Out_ PHANDLE hcat_admin,
+ _In_opt_ LPCGUID pgSubsystem,
+ _In_opt_ PCWSTR pwszHashAlgorithm,
+ _In_opt_ PCCERT_STRONG_SIGN_PARA pStrongHashPolicy,
+ _Reserved_ DWORD dwFlags
+ );
+
+// CryptCATAdminCalcHashFromFileHandle2 (win8+)
+typedef BOOL (WINAPI *CCAHFFH2)(
+ _In_ HCATADMIN hCatAdmin,
+ _In_ HANDLE hFile,
+ _Inout_ DWORD *pcbHash,
+ _Out_writes_bytes_to_opt_ (*pcbHash, *pcbHash) BYTE *pbHash,
+ _Reserved_ DWORD dwFlags
+ );
+
#define FMTADDR_AS_RULE 0x0001
#define FMTADDR_USE_PROTOCOL 0x0002
diff --git a/src/icons.c b/src/icons.c
index 570c41d5..ffb8a4b6 100644
--- a/src/icons.c
+++ b/src/icons.c
@@ -35,15 +35,18 @@ PICON_INFORMATION _app_icons_getdefault ()
_r_obj_dereference (path);
// load uwp icons
- path = _r_obj_concatstrings (
- 2,
- _r_sys_getsystemdirectory ()->buffer,
- L"\\wsreset.exe"
- );
+ if (_r_sys_isosversiongreaterorequal (WINDOWS_8))
+ {
+ path = _r_obj_concatstrings (
+ 2,
+ _r_sys_getsystemdirectory ()->buffer,
+ L"\\wsreset.exe"
+ );
- _app_icons_loadfromfile (path, 0, &icon_info.uwp_icon_id, &icon_info.uwp_hicon, FALSE);
+ _app_icons_loadfromfile (path, 0, &icon_info.uwp_icon_id, &icon_info.uwp_hicon, FALSE);
- _r_obj_dereference (path);
+ _r_obj_dereference (path);
+ }
_r_initonce_end (&init_once);
}
diff --git a/src/log.c b/src/log.c
index c8689ea5..411d2cc3 100644
--- a/src/log.c
+++ b/src/log.c
@@ -325,6 +325,7 @@ VOID _wfp_logsubscribe (
FWPMNES4 _FwpmNetEventSubscribe4 = NULL;
FWPMNES3 _FwpmNetEventSubscribe3 = NULL;
FWPMNES2 _FwpmNetEventSubscribe2 = NULL;
+ FWPMNES1 _FwpmNetEventSubscribe1 = NULL;
HANDLE current_handle;
HANDLE new_handle = NULL;
PVOID hfwpuclnt;
@@ -372,9 +373,16 @@ VOID _wfp_logsubscribe (
if (NT_SUCCESS (status))
status = _FwpmNetEventSubscribe2 (engine_handle, &subscription, &_wfp_logcallback2, ULongToPtr (WINDOWS_10_RS1), &new_handle); // win10rs1+
}
+ else if (_r_sys_isosversiongreaterorequal (WINDOWS_8))
+ {
+ status = _r_sys_getprocaddress (hfwpuclnt, "FwpmNetEventSubscribe1", 0, (PVOID_PTR)&_FwpmNetEventSubscribe1);
+
+ if (NT_SUCCESS (status))
+ status = _FwpmNetEventSubscribe1 (engine_handle, &subscription, &_wfp_logcallback1, ULongToPtr (WINDOWS_8), &new_handle); // win8+
+ }
else
{
- status = FwpmNetEventSubscribe1 (engine_handle, &subscription, &_wfp_logcallback1, ULongToPtr (WINDOWS_8_1), &new_handle); // win8+
+ status = FwpmNetEventSubscribe0 (engine_handle, &subscription, &_wfp_logcallback0, ULongToPtr (WINDOWS_7), &new_handle); // win7+
}
if (status != STATUS_SUCCESS)
@@ -436,6 +444,10 @@ VOID _wfp_logsetoption (
UINT32 mask = 0;
ULONG status;
+ // configure dropped packets logging (win8+)
+ if (!_r_sys_isosversiongreaterorequal (WINDOWS_8))
+ return;
+
// add allowed connections monitor
if (!_r_config_getboolean (L"IsExcludeClassifyAllow", TRUE))
mask |= FWPM_NET_EVENT_KEYWORD_CLASSIFY_ALLOW;
@@ -1033,7 +1045,7 @@ BOOLEAN log_struct_to_f (
break;
}
- case WINDOWS_8_1:
+ case WINDOWS_8:
{
const FWPM_NET_EVENT2 *evt = event_data;
@@ -1145,6 +1157,97 @@ BOOLEAN log_struct_to_f (
break;
}
+ case WINDOWS_7:
+ {
+ const FWPM_NET_EVENT1 *evt = event_data;
+
+ if (evt->type == FWPM_NET_EVENT_TYPE_CLASSIFY_DROP && evt->classifyDrop)
+ {
+ log->layer_id = evt->classifyDrop->layerId;
+ log->filter_id = evt->classifyDrop->filterId;
+ log->direction = evt->classifyDrop->msFwpDirection;
+ log->is_loopback = !!evt->classifyDrop->isLoopback;
+ }
+ else if (evt->type == FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP && evt->ipsecDrop)
+ {
+ log->layer_id = evt->ipsecDrop->layerId;
+ log->filter_id = evt->ipsecDrop->filterId;
+ log->direction = evt->ipsecDrop->direction;
+ }
+ else
+ {
+ return FALSE;
+ }
+
+ // indicates the direction of the packet transmission and set valid directions
+ switch (log->direction)
+ {
+ case FWP_DIRECTION_IN:
+ case FWP_DIRECTION_INBOUND:
+ {
+ log->direction = FWP_DIRECTION_INBOUND;
+ break;
+ }
+
+ case FWP_DIRECTION_OUT:
+ case FWP_DIRECTION_OUTBOUND:
+ {
+ log->direction = FWP_DIRECTION_OUTBOUND;
+ break;
+ }
+
+ default:
+ {
+ return FALSE;
+ }
+ }
+
+ log->flags = evt->header.flags;
+
+ RtlCopyMemory (&log->timestamp, &evt->header.timeStamp, sizeof (log->timestamp));
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_APP_ID_SET)
+ log->app_id = evt->header.appId.data;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_USER_ID_SET)
+ log->user_id = evt->header.userId;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET)
+ log->protocol = evt->header.ipProtocol;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET)
+ log->local_port = evt->header.localPort;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET)
+ log->remote_port = evt->header.remotePort;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_IP_VERSION_SET)
+ {
+ log->version = evt->header.ipVersion;
+
+ if (evt->header.ipVersion == FWP_IP_VERSION_V4)
+ {
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET)
+ log->local_addr4 = evt->header.localAddrV4;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)
+ log->remote_addr4 = evt->header.remoteAddrV4;
+ }
+ else if (evt->header.ipVersion == FWP_IP_VERSION_V6)
+ {
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET)
+ log->local_addr6 = &evt->header.localAddrV6;
+
+ if (evt->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)
+ log->remote_addr6 = &evt->header.remoteAddrV6;
+ }
+ }
+ else
+ {
+ log->version = FWP_IP_VERSION_NONE;
+ }
+ }
+
default:
{
return FALSE;
@@ -1154,7 +1257,7 @@ BOOLEAN log_struct_to_f (
return TRUE;
}
-// win81+ callback
+// win8+ callback
VOID CALLBACK _wfp_logcallback1 (
_In_ PVOID context,
_In_ const FWPM_NET_EVENT2* event_data
@@ -1166,6 +1269,18 @@ VOID CALLBACK _wfp_logcallback1 (
_wfp_logcallback (&log);
}
+// win7+ callback
+VOID CALLBACK _wfp_logcallback0 (
+ _In_ PVOID context,
+ _In_ const FWPM_NET_EVENT1* event_data
+)
+{
+ ITEM_LOG_CALLBACK log;
+
+ if (log_struct_to_f (PtrToUlong (context), &log, (LPCVOID)event_data))
+ _wfp_logcallback (&log);
+}
+
// win10rs1+ callback
VOID CALLBACK _wfp_logcallback2 (
_In_ PVOID context,
diff --git a/src/log.h b/src/log.h
index 172acf5a..86eec74b 100644
--- a/src/log.h
+++ b/src/log.h
@@ -30,6 +30,15 @@ typedef ULONG (WINAPI *FWPMNES2)(
_Out_ PHANDLE events_handle
);
+// FwpmNetEventSubscribe1 (win8+)
+typedef ULONG (WINAPI *FWPMNES1)(
+ _In_ HANDLE engine_handle,
+ _In_ const FWPM_NET_EVENT_SUBSCRIPTION0 *subscription,
+ _In_ FWPM_NET_EVENT_CALLBACK1 callback,
+ _In_opt_ PVOID context,
+ _Out_ PHANDLE events_handle
+ );
+
VOID _app_loginit (
_In_ BOOLEAN is_install
);
@@ -88,6 +97,12 @@ VOID CALLBACK _wfp_logcallback (
_In_ PITEM_LOG_CALLBACK log
);
+// win7+ callback
+VOID CALLBACK _wfp_logcallback0 (
+ _In_ PVOID context,
+ _In_ const FWPM_NET_EVENT1* event_data
+);
+
// win8+ callback
VOID CALLBACK _wfp_logcallback1 (
_In_ PVOID context,
diff --git a/src/main.c b/src/main.c
index 6129d143..77d18a06 100644
--- a/src/main.c
+++ b/src/main.c
@@ -763,6 +763,10 @@ INT_PTR CALLBACK SettingsProc (
_r_ctrl_checkbutton (hwnd, IDC_EXCLUDESTEALTH_CHK, _r_config_getboolean (L"IsExcludeStealth", TRUE));
_r_ctrl_checkbutton (hwnd, IDC_EXCLUDECLASSIFYALLOW_CHK, _r_config_getboolean (L"IsExcludeClassifyAllow", TRUE));
+ // win8+
+ if (_r_sys_isosversionlower (WINDOWS_8))
+ _r_ctrl_enable (hwnd, IDC_EXCLUDECLASSIFYALLOW_CHK, FALSE);
+
break;
}
@@ -1132,7 +1136,7 @@ INT_PTR CALLBACK SettingsProc (
_r_ctrl_setstringformat (
hwnd,
IDC_EXCLUDECLASSIFYALLOW_CHK,
- L"%s %s",
+ L"%s %s [win8+]",
_r_locale_getstring (IDS_TITLE_EXCLUDE),
_r_locale_getstring (IDS_EXCLUDECLASSIFYALLOW_CHK)
);
diff --git a/src/packages.c b/src/packages.c
index 25fce1ec..8202214e 100644
--- a/src/packages.c
+++ b/src/packages.c
@@ -317,7 +317,8 @@ VOID _app_package_getpackageslist ()
if (!NT_SUCCESS (status))
{
- _r_log (LOG_LEVEL_WARNING, NULL, L"_r_reg_openkey", status, reg_byname);
+ if (status != STATUS_OBJECT_NAME_NOT_FOUND)
+ _r_log (LOG_LEVEL_WARNING, NULL, L"_r_reg_openkey", status, reg_byname);
}
else
{
@@ -337,7 +338,8 @@ VOID _app_package_getpackageslist ()
if (!NT_SUCCESS (status))
{
- _r_log (LOG_LEVEL_WARNING, NULL, L"_r_reg_openkey", status, reg_bysid);
+ if (status != STATUS_OBJECT_NAME_NOT_FOUND)
+ _r_log (LOG_LEVEL_WARNING, NULL, L"_r_reg_openkey", status, reg_bysid);
}
else
{
diff --git a/src/timer.c b/src/timer.c
index b5b33699..a5e959a2 100644
--- a/src/timer.c
+++ b/src/timer.c
@@ -62,7 +62,7 @@ VOID _app_timer_set (
if (ptr_app->htimer)
{
- TpSetTimerEx (ptr_app->htimer, &li, 0, 0);
+ TpSetTimer (ptr_app->htimer, &li, 0, 0);
is_created = TRUE;
}
@@ -72,7 +72,7 @@ VOID _app_timer_set (
if (NT_SUCCESS (status))
{
- TpSetTimerEx (htimer, &li, 0, 0);
+ TpSetTimer (htimer, &li, 0, 0);
ptr_app->htimer = htimer;
diff --git a/src/wfp.c b/src/wfp.c
index 78976923..197ee200 100644
--- a/src/wfp.c
+++ b/src/wfp.c
@@ -380,19 +380,22 @@ BOOLEAN _wfp_initialize (
}
// packet queuing (win8+)
- if (_r_config_getboolean (L"IsPacketQueuingEnabled", TRUE))
+ if (_r_sys_isosversiongreaterorequal (WINDOWS_8))
{
- // Enables inbound or forward packet queuing independently.
- // when enabled, the system is able to evenly distribute cpu load
- // to multiple cpus for site-to-site ipsec tunnel scenarios.
+ if (_r_config_getboolean (L"IsPacketQueuingEnabled", TRUE))
+ {
+ // Enables inbound or forward packet queuing independently.
+ // when enabled, the system is able to evenly distribute cpu load
+ // to multiple cpus for site-to-site ipsec tunnel scenarios.
- val.type = FWP_UINT32;
- val.uint32 = FWPM_ENGINE_OPTION_PACKET_QUEUE_INBOUND | FWPM_ENGINE_OPTION_PACKET_QUEUE_FORWARD;
+ val.type = FWP_UINT32;
+ val.uint32 = FWPM_ENGINE_OPTION_PACKET_QUEUE_INBOUND | FWPM_ENGINE_OPTION_PACKET_QUEUE_FORWARD;
- status = FwpmEngineSetOption0 (engine_handle, FWPM_ENGINE_PACKET_QUEUING, &val);
+ status = FwpmEngineSetOption0 (engine_handle, FWPM_ENGINE_PACKET_QUEUING, &val);
- if (status != ERROR_SUCCESS)
- _r_log (LOG_LEVEL_WARNING, NULL, L"FwpmEngineSetOption0", status, L"FWPM_ENGINE_PACKET_QUEUING");
+ if (status != ERROR_SUCCESS)
+ _r_log (LOG_LEVEL_WARNING, NULL, L"FwpmEngineSetOption0", status, L"FWPM_ENGINE_PACKET_QUEUING");
+ }
}
CleanupExit:
@@ -806,7 +809,8 @@ ULONG _wfp_createfilter (
filter.flags |= FWPM_FILTER_FLAG_PERSISTENT;
// filter is indexed to help enable faster lookup during classification (win8+)
- filter.flags |= FWPM_FILTER_FLAG_INDEXED;
+ if (_r_sys_isosversiongreaterorequal (WINDOWS_8))
+ filter.flags |= FWPM_FILTER_FLAG_INDEXED;
}
if (flags)