firewall api (windows xp sp2) ... ?

bingo · Post by **bingo** » Wed May 25, 2005 2:53 pm

vbs-sample Adding an Application
http://msdn.microsoft.com/library/en-us ... cation.asp

Option Explicit

' Set constants
Const NET_FW_PROFILE_DOMAIN = 0
Const NET_FW_PROFILE_STANDARD = 1

' Scope
Const NET_FW_SCOPE_ALL = 0

' IP Version – ANY is the only allowable setting for now
Const NET_FW_IP_VERSION_ANY = 2

' Declare variables
Dim errornum

' Create the firewall manager object.
Dim fwMgr
Set fwMgr = CreateObject("HNetCfg.FwMgr")

' Get the current profile for the local firewall policy.
Dim profile
Set profile = fwMgr.LocalPolicy.CurrentProfile

Dim app
Set app = CreateObject("HNetCfg.FwAuthorizedApplication")

app.ProcessImageFileName = "%PROGRAMFILES%\Outlook Express\msimn.exe"
app.Name = "Outlook Express"
app.Scope = NET_FW_SCOPE_ALL
' Use either Scope or RemoteAddresses, but not both
'app.RemoteAddresses = "*"
app.IpVersion = NET_FW_IP_VERSION_ANY
app.Enabled = TRUE

' Use this line if you want to add the app, but disabled.
'app.Enabled = FALSE

On Error Resume Next
errornum = 0
profile.AuthorizedApplications.Add app
errornum = Err.Number
if errornum <> 0 then Wscript.Echo("Adding authorized application failed with: " & errornum)

how in pb ???

Code: Select all

; beginning with interface
;
; Interface generated by Interface Generator 1.0, Date 05/25/2005 

; NetFwTypeLib, 

; Enumerations

Enumeration ; NET_FW_IP_VERSION_
  #NET_FW_IP_VERSION_V4 = 0
  #NET_FW_IP_VERSION_V6 = 1
  #NET_FW_IP_VERSION_ANY = 2
  #NET_FW_IP_VERSION_MAX = 3
EndEnumeration

Enumeration ; NET_FW_SCOPE_
  #NET_FW_SCOPE_ALL = 0
  #NET_FW_SCOPE_LOCAL_SUBNET = 1
  #NET_FW_SCOPE_CUSTOM = 2
  #NET_FW_SCOPE_MAX = 3
EndEnumeration

Enumeration ; NET_FW_IP_PROTOCOL_
  #NET_FW_IP_PROTOCOL_TCP = 6
  #NET_FW_IP_PROTOCOL_UDP = 17
EndEnumeration

Enumeration ; NET_FW_SERVICE_TYPE_
  #NET_FW_SERVICE_FILE_AND_PRINT = 0
  #NET_FW_SERVICE_UPNP = 1
  #NET_FW_SERVICE_REMOTE_DESKTOP = 2
  #NET_FW_SERVICE_NONE = 3
  #NET_FW_SERVICE_TYPE_MAX = 4
EndEnumeration

Enumeration ; NET_FW_PROFILE_TYPE_
  #NET_FW_PROFILE_DOMAIN = 0
  #NET_FW_PROFILE_STANDARD = 1
  #NET_FW_PROFILE_CURRENT = 2
  #NET_FW_PROFILE_TYPE_MAX = 3
EndEnumeration

; DispInterfaces

Interface INetFwRemoteAdminSettings Extends IDispatch
  get_IpVersion(a)
  put_IpVersion(a)
  get_Scope(a)
  put_Scope(a)
  get_RemoteAddresses(a)
  put_RemoteAddresses(a)
  get_Enabled(a)
  put_Enabled(a)
EndInterface

Interface INetFwIcmpSettings Extends IDispatch
  get_AllowOutboundDestinationUnreachable(a)
  put_AllowOutboundDestinationUnreachable(a)
  get_AllowRedirect(a)
  put_AllowRedirect(a)
  get_AllowInboundEchoRequest(a)
  put_AllowInboundEchoRequest(a)
  get_AllowOutboundTimeExceeded(a)
  put_AllowOutboundTimeExceeded(a)
  get_AllowOutboundParameterProblem(a)
  put_AllowOutboundParameterProblem(a)
  get_AllowOutboundSourceQuench(a)
  put_AllowOutboundSourceQuench(a)
  get_AllowInboundRouterRequest(a)
  put_AllowInboundRouterRequest(a)
  get_AllowInboundTimestampRequest(a)
  put_AllowInboundTimestampRequest(a)
  get_AllowInboundMaskRequest(a)
  put_AllowInboundMaskRequest(a)
  get_AllowOutboundPacketTooBig(a)
  put_AllowOutboundPacketTooBig(a)
EndInterface

Interface INetFwOpenPort Extends IDispatch
  get_Name(a)
  put_Name(a)
  get_IpVersion(a)
  put_IpVersion(a)
  get_Protocol(a)
  put_Protocol(a)
  get_Port(a)
  put_Port(a)
  get_Scope(a)
  put_Scope(a)
  get_RemoteAddresses(a)
  put_RemoteAddresses(a)
  get_Enabled(a)
  put_Enabled(a)
  get_BuiltIn(a)
EndInterface

Interface INetFwOpenPorts Extends IDispatch
  get_Count(a)
  Add(a)
  Remove(a,b)
  Item(a,b,c)
  get__NewEnum(a)
EndInterface

Interface INetFwService Extends IDispatch
  get_Name(a)
  get_Type(a)
  get_Customized(a)
  get_IpVersion(a)
  put_IpVersion(a)
  get_Scope(a)
  put_Scope(a)
  get_RemoteAddresses(a)
  put_RemoteAddresses(a)
  get_Enabled(a)
  put_Enabled(a)
  get_GloballyOpenPorts(a)
EndInterface

Interface INetFwServices Extends IDispatch
  get_Count(a)
  Item(a,b)
  get__NewEnum(a)
EndInterface

Interface INetFwAuthorizedApplication Extends IDispatch
  get_Name(a)
  put_Name(a)
  get_ProcessImageFileName(a)
  put_ProcessImageFileName(a)
  get_IpVersion(a)
  put_IpVersion(a)
  get_Scope(a)
  put_Scope(a)
  get_RemoteAddresses(a)
  put_RemoteAddresses(a)
  get_Enabled(a)
  put_Enabled(a)
EndInterface

Interface INetFwAuthorizedApplications Extends IDispatch
  get_Count(a)
  Add(a)
  Remove(a)
  Item(a,b)
  get__NewEnum(a)
EndInterface

Interface INetFwProfile Extends IDispatch
  get_Type(a)
  get_FirewallEnabled(a)
  put_FirewallEnabled(a)
  get_ExceptionsNotAllowed(a)
  put_ExceptionsNotAllowed(a)
  get_NotificationsDisabled(a)
  put_NotificationsDisabled(a)
  get_UnicastResponsesToMulticastBroadcastDisabled(a)
  put_UnicastResponsesToMulticastBroadcastDisabled(a)
  get_RemoteAdminSettings(a)
  get_IcmpSettings(a)
  get_GloballyOpenPorts(a)
  get_Services(a)
  get_AuthorizedApplications(a)
EndInterface

Interface INetFwPolicy Extends IDispatch
  get_CurrentProfile(a)
  GetProfileByType(a,b)
EndInterface

Interface INetFwMgr Extends IDispatch
  get_LocalPolicy(a)
  get_CurrentProfileType(a)
  RestoreDefaults()
  IsPortAllowed(a,b,c,d,e,f,g)
  IsIcmpTypeAllowed(a,b,c,d,e)
EndInterface

Interface INetFwMgrPrivate Extends INetFwMgr
  GetScratchPolicy(a,b)
EndInterface

;any way ???

djes · Post by **djes** » Fri May 27, 2005 10:51 pm

Add this after the interfaces

Code: Select all

app_name.s="C:\myprogram.exe"
app_title.s="My Wonderfull Program qui fait tout"

objFirewall.INetFwMgr = CreateObject("HNetCfg.FwMgr")
objFirewall\get_LocalPolicy(@a.INetFwPolicy)
a\get_CurrentProfile(@objPolicy.INetFwProfile)

objApplication.INetFwAuthorizedApplication = CreateObject("HNetCfg.FwAuthorizedApplication")

objApplication\put_Name(Ansi2Uni(app_title))
objApplication\put_IPVersion(2)
objApplication\put_ProcessImageFileName (Ansi2Uni(app_name))
objApplication\put_RemoteAddresses(Ansi2Uni("*"))
objApplication\put_Scope(0)
objApplication\put_Enabled(#True)

objPolicy\get_AuthorizedApplications(@colApplications.INetFwAuthorizedApplications) 

colApplications\add(objApplication)

bingo · Post by **bingo** » Sat May 28, 2005 9:00 am

thanks djes !

a way with cocreatinstance_(...) and "304CE942-6E39-40D8-943A-B913C40C9CD4" , if createobject-lib is not present ?

djes · Post by **djes** » Sat May 28, 2005 11:22 am

bingo wrote:thanks djes !

a way with cocreatinstance_(...) and "304CE942-6E39-40D8-943A-B913C40C9CD4" , if createobject-lib is not present ?

I like comlib

bingo · Post by **bingo** » Sat May 28, 2005 1:47 pm

without lib ...

Code: Select all

;add your app to firewall - AuthorizedApplication (xp/sp2)

Interface INetFwAuthorizedApplication Extends IDispatch
  get_Name(a)
  put_Name(a)
  get_ProcessImageFileName(a)
  put_ProcessImageFileName(a)
  get_IpVersion(a)
  put_IpVersion(a)
  get_Scope(a)
  put_Scope(a)
  get_RemoteAddresses(a)
  put_RemoteAddresses(a)
  get_Enabled(a)
  put_Enabled(a)
EndInterface

Interface INetFwAuthorizedApplications Extends IDispatch
  get_Count(a)
  Add(a)
  Remove(a)
  Item(a,b)
  get__NewEnum(a)
EndInterface

Interface INetFwProfile Extends IDispatch
  get_Type(a)
  get_FirewallEnabled(a)
  put_FirewallEnabled(a)
  get_ExceptionsNotAllowed(a)
  put_ExceptionsNotAllowed(a)
  get_NotificationsDisabled(a)
  put_NotificationsDisabled(a)
  get_UnicastResponsesToMulticastBroadcastDisabled(a)
  put_UnicastResponsesToMulticastBroadcastDisabled(a)
  get_RemoteAdminSettings(a)
  get_IcmpSettings(a)
  get_GloballyOpenPorts(a)
  get_Services(a)
  get_AuthorizedApplications(a)
EndInterface

Interface INetFwPolicy Extends IDispatch
  get_CurrentProfile(a)
  GetProfileByType(a,b)
EndInterface

Interface INetFwMgr Extends IDispatch
  get_LocalPolicy(a)
  get_CurrentProfileType(a)
  RestoreDefaults()
  IsPortAllowed(a,b,c,d,e,f,g)
  IsIcmpTypeAllowed(a,b,c,d,e)
EndInterface

Global memtarget
Procedure.l Ansi2Uni(ansi.s) ;short way to unicode
If memtarget > 0 : CoTaskMemFree_(memtarget) : EndIf
SHStrDup_(@ansi,@memtarget)
;use it if SHStrDup - error
;--------------------------
;OpenLibrary(1,"shlwapi.dll")
;CallFunction (1, "SHStrDupA",@ansi,@memtarget) 
;CloseLibrary(1)
;--------------------------
ProcedureReturn memtarget
EndProcedure

Procedure free_app_firewall(name.s,app.s)
ret.l
CoInitialize_(0) 
If CoCreateInstance_(?CLSID_NetFwMgr,0,1,?IID_INetFwMgr,@object0.INetFwMgr) = 0 
object0\get_LocalPolicy(@a.INetFwPolicy) 
a\get_CurrentProfile(@objPolicy.INetFwProfile)
  If CoCreateInstance_(?CLSID_FwAuthorizedApplication,0,1,?IID_INetFwAuthorizedApplication,@object.INetFwAuthorizedApplication) = 0 
  object\put_Name(Ansi2Uni(name)) 
  object\put_IPVersion(2) 
  object\put_ProcessImageFileName (Ansi2Uni(app)) 
  object\put_RemoteAddresses(Ansi2Uni("*")) 
  object\put_Scope(0) 
  object\put_Enabled(#True)
  EndIf 
objPolicy\get_AuthorizedApplications(@colApplications.INetFwAuthorizedApplications) 
If colApplications\add(object) = 0 : ret = 1 : EndIf
EndIf
CoUninitialize_()

DataSection 
CLSID_NetFwMgr: 
Data.l $304CE942
Data.w $6E39,$40D8
Data.b $94,$3A,$B9,$13,$C4,$0C,$9C,$D4

IID_INetFwMgr:
Data.l $F7898AF5
Data.w $CAC4,$4632
Data.b $A2,$EC,$DA,$06,$E5,$11,$1A,$F2

CLSID_FwAuthorizedApplication: 
Data.l $EC9846B3
Data.w $2762,$4A6B
Data.b $A2,$14,$6A,$CB,$60,$34,$62,$D2

IID_INetFwAuthorizedApplication:
Data.l $B5E64FFA
Data.w $C2C5,$444E
Data.b $A3,$01,$FB,$5E,$00,$01,$80,$50
EndDataSection 

  ProcedureReturn ret

EndProcedure

Debug free_app_firewall("my app","c:\windows\notepad.exe") ; should be a real app !

djes · Post by **djes** » Sat May 28, 2005 2:44 pm

Well done!

Num3 · Post by **Num3** » Sat May 28, 2005 4:32 pm

Nice one, might have some interest for XP SP2 machines....
(not that i use them

thank to my router)