Does anyone know how to set the property values in a COM object? In this case, it's for creating a rule in the Windows firewall. I think I have the instances correctly, but I don't know how to load the properties and call the methods. Thank you very much.
.386
.Model Flat, StdCall
Option CaseMap :None
AsigText Macro Name, Text:VarArg
Local lbl
Jmp lbl
Name DB Text, 0
lbl:
EndM
.Const
GuiPolicy TextEqu <{098325047H, 0C671H, 04174H, {08DH, 081H, 0DEH, 0FCH, 0D3H, 0F0H, 031H, 086H}}>
IID_FwRule TextEqu <{0AF230D27H, 0BABAH, 04E42H, {0ACH, 0EDH, 0F5H, 024H, 0F2H, 02CH, 0FCH, 0E2H}}>
NET_FW_ACTION_BLOCK equ 0
NET_FW_RULE_DIR_IN Equ 1
.Data?
pFwPolicy2 DD ?
pFwRule DD ?
.Data
HandleConsola DD 0
CarroDeRetorno DB 13 ; Código ASCII para retorno de carro
NuevaLinea DB 10 ; Código ASCII para nueva línea
ProgID_HNetCfg_FwPolicy2 DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'w', 'P', 'o', 'l', 'i', 'c', 'y', '2', 0
ProgID_HNetCfg_Fwrule DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'W', 'R', 'u', 'l', 'e', 0
CLSIDFw GUID <>
IID_INetFwPolicy2 GUID GuiPolicy
CLSID_NetFwRule GUID <>
IID_INetFwRule GUID IID_FwRule
ruleName DW 'B', 'l', 'o', 'c', 'k', 'S', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'I', 'P', 0
ruleDescription DW 'B', 'l', 'o', 'c', 'k', ' ', 't', 'r', 'a', 'f', 'f', 'i', 'c', ' ', 'f', 'r', 'o', 'm', ' ', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', ' ', 'I', 'P', 0
remoteAddresses DW '1', '9', '2', '.', '1', '6', '8', '.', '1', '.', '1', 0 ; Cambia esta IP a la que deseas bloquear
; ruleName DB "BlockSpecificIP", 0
; ruleDescription DB "Block traffic from specific IP", 0
; remoteAddresses DB "192.168.1.1", 0 ; Cambia esta IP a la que deseas bloquear
.Code
start:
Invoke GetStdHandle, STD_OUTPUT_HANDLE
Mov HandleConsola, Eax
;=====================
AsigText Cabecera0, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera0, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera1, "FraiFRW by Fraile - 2024."
Invoke WriteConsoleA, HandleConsola, Addr Cabecera1, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera2, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera2, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke ImprimirSaltoDeLinea
;=====================
; Initialize COM library
Invoke CoInitialize, NULL
Cmp Eax, S_OK
Jne ErrorInicializacionCOM
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_FwPolicy2, Addr CLSIDFw
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
Invoke CoCreateInstance, Addr CLSIDFw, NULL, CLSCTX_LOCAL_SERVER, Addr IID_INetFwPolicy2, Addr pFwPolicy2
; Check if the instance was created successfully
Cmp Eax, S_OK
Jne ErrorCoCrea
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_Fwrule, Addr CLSID_NetFwRule
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
; Crear una instancia de la interfaz INetFwRule
Invoke CoCreateInstance, Addr CLSID_NetFwRule, NULL, CLSCTX_INPROC_SERVER, Addr IID_INetFwRule, Addr pFwRule
Cmp Eax, S_OK
Jne ErrorCoCreaRule
.
.
.
.
.
; Cerrar la biblioteca COM
invoke CoUninitialize
Invoke ExitProcess, 0
ErrorInicializacionCOM:
AsigText Error0, "Error Ini COM."
Invoke WriteConsoleA, HandleConsola, Addr Error0, 14, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCLIDIdentifi:
AsigText Error1, "Error Identifi Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error1, 20, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorClsID:
AsigText Error2, "Error Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error2, 11, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCrea:
AsigText Error3, "Error al instanciar Obj."
Invoke WriteConsoleA, HandleConsola, Addr Error3, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCreaRule:
AsigText Error4, "Error al instanciar regla."
Invoke WriteConsoleA, HandleConsola, Addr Error4, 27, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ImprimirSaltoDeLinea Proc
; Imprime un retorno de carro (CR) y una nueva línea (LF) en la consola
Invoke WriteConsole, HandleConsola, Addr CarroDeRetorno, 1, 0, 0
Invoke WriteConsole, HandleConsola, Addr NuevaLinea, 1, 0, 0
Ret
ImprimirSaltoDeLinea EndP
End start
Here is C header from FirewallAPI.tlb
Look those get / put methods.
Thank you very much, TimoVJL, but could I use this with masm32? Or is it just for reference on accessing methods, properties, etc.? Do you have any examples in masm32?
I don't use assembler these days.
It was just for our COM specialist.
coinvoke macro helps with COM objects.
In this site are many members, who can help you with COM code.
Thank you so much,
With firewall.h, I obtain the methods. According to what I have read, I can refer to them through offsets.
/* INetFwRule methods */
HRESULT (STDMETHODCALLTYPE *get_Name)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_Name)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_Description)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_Description)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_ApplicationName)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_ApplicationName)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_serviceName)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_serviceName)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_Protocol)(INetFwRule *This,LONG*);
HRESULT (STDMETHODCALLTYPE *put_Protocol)(INetFwRule *This,LONG);
HRESULT (STDMETHODCALLTYPE *get_LocalPorts)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_LocalPorts)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_RemotePorts)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_RemotePorts)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_LocalAddresses)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_LocalAddresses)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_RemoteAddresses)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_RemoteAddresses)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_IcmpTypesAndCodes)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_IcmpTypesAndCodes)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_Direction)(INetFwRule *This,enum NET_FW_RULE_DIRECTION_*);
HRESULT (STDMETHODCALLTYPE *put_Direction)(INetFwRule *This,enum NET_FW_RULE_DIRECTION_);
HRESULT (STDMETHODCALLTYPE *get_Interfaces)(INetFwRule *This,VARIANT*);
HRESULT (STDMETHODCALLTYPE *put_Interfaces)(INetFwRule *This,VARIANT);
HRESULT (STDMETHODCALLTYPE *get_InterfaceTypes)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_InterfaceTypes)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_Enabled)(INetFwRule *This,VARIANT_BOOL*);
HRESULT (STDMETHODCALLTYPE *put_Enabled)(INetFwRule *This,VARIANT_BOOL);
HRESULT (STDMETHODCALLTYPE *get_Grouping)(INetFwRule *This,BSTR*);
HRESULT (STDMETHODCALLTYPE *put_Grouping)(INetFwRule *This,BSTR);
HRESULT (STDMETHODCALLTYPE *get_Profiles)(INetFwRule *This,LONG*);
HRESULT (STDMETHODCALLTYPE *put_Profiles)(INetFwRule *This,LONG);
HRESULT (STDMETHODCALLTYPE *get_EdgeTraversal)(INetFwRule *This,VARIANT_BOOL*);
HRESULT (STDMETHODCALLTYPE *put_EdgeTraversal)(INetFwRule *This,VARIANT_BOOL);
HRESULT (STDMETHODCALLTYPE *get_Action)(INetFwRule *This,enum NET_FW_ACTION_*);
HRESULT (STDMETHODCALLTYPE *put_Action)(INetFwRule *This,enum NET_FW_ACTION_);
If I want to load a value into the put_name property, I need to find its offset. From what I have seen, this is calculated by enumerating each of the previously mentioned properties and multiplying by 4 if it's a 32-bit application or by 8 if it's a 64-bit application. In my case, I am developing the application with MASM32, so I multiply by 4.
get_Name - index 0
put_Name - index 1 (offset 1 * 4 = 4 bytes or 0x04)
get_Description - index 2
put_Description - index 3 (offset 3 * 4 = 12 bytes or 0x0C)
Alright, so now to assign values to the COM object and add a new rule, I can load them as follows:
.386
.Model Flat, StdCall
Option CaseMap :None
AsigText Macro Name, Text:VarArg
Local lbl
Jmp lbl
Name DB Text, 0
lbl:
EndM
.Const
GuiPolicy TextEqu <{098325047H, 0C671H, 04174H, {08DH, 081H, 0DEH, 0FCH, 0D3H, 0F0H, 031H, 086H}}>
IID_FwRule TextEqu <{0AF230D27H, 0BABAH, 04E42H, {0ACH, 0EDH, 0F5H, 024H, 0F2H, 02CH, 0FCH, 0E2H}}>
NET_FW_ACTION_BLOCK Equ 0
NET_FW_RULE_DIR_IN Equ 1
.Data?
pFwPolicy2 DD ?
pFwRule DD ?
bstrName DD ?
bstrDescription DD ?
bstrRemoteAddresses DD ?
.Data
HandleConsola DD 0
CarroDeRetorno DB 13 ; Código ASCII para retorno de carro
NuevaLinea DB 10 ; Código ASCII para nueva línea
ProgID_HNetCfg_FwPolicy2 DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'w', 'P', 'o', 'l', 'i', 'c', 'y', '2', 0
ProgID_HNetCfg_Fwrule DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'W', 'R', 'u', 'l', 'e', 0
CLSIDFw GUID <>
IID_INetFwPolicy2 GUID GuiPolicy
CLSID_NetFwRule GUID <>
IID_INetFwRule GUID IID_FwRule
ruleName DW 'B', 'l', 'o', 'c', 'k', 'S', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'I', 'P', 0
ruleDescription DW 'B', 'l', 'o', 'c', 'k', ' ', 't', 'r', 'a', 'f', 'f', 'i', 'c', ' ', 'f', 'r', 'o', 'm', ' ', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', ' ', 'I', 'P', 0
remoteAddresses DW '1', '9', '2', '.', '1', '6', '8', '.', '1', '.', '1', 0 ; Cambia esta IP a la que deseas bloquear
.Code
start:
Invoke GetStdHandle, STD_OUTPUT_HANDLE
Mov HandleConsola, Eax
;=====================
AsigText Cabecera0, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera0, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera1, "FraiFRW by Fraile - 2024."
Invoke WriteConsoleA, HandleConsola, Addr Cabecera1, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera2, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera2, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke ImprimirSaltoDeLinea
;=====================
; Initialize COM library
Invoke CoInitialize, NULL
Cmp Eax, S_OK
Jne ErrorInicializacionCOM
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_FwPolicy2, Addr CLSIDFw
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
Invoke CoCreateInstance, Addr CLSIDFw, NULL, CLSCTX_LOCAL_SERVER, Addr IID_INetFwPolicy2, Addr pFwPolicy2
; Check if the instance was created successfully
Cmp Eax, S_OK
Jne ErrorCoCrea
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_Fwrule, Addr CLSID_NetFwRule
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
; Crear una instancia de la interfaz INetFwRule
Invoke CoCreateInstance, Addr CLSID_NetFwRule, NULL, CLSCTX_INPROC_SERVER, Addr IID_INetFwRule, Addr pFwRule
Cmp Eax, S_OK
Jne ErrorCoCreaRule
; Establecer las propiedades de la regla
Invoke SysAllocString, Addr ruleName
Mov bstrName, Eax
Cmp Eax, 0
Je ErrorSysAlloc
Mov Eax, pFwRule
Mov Edx, [Eax]
Push bstrName
Call DWord Ptr [Edx + 04H] ; Offset para put_Name
Invoke SysFreeString, bstrName
Invoke SysAllocString, Addr ruleDescription
Mov bstrDescription, Eax
Cmp Eax, 0
Je ErrorSysAlloc
Mov Eax, pFwRule
Mov Edx, [Eax]
Push bstrDescription
Call DWord Ptr [Edx + 0CH] ; Offset para put_Description
Invoke SysFreeString, bstrDescription
; Mensaje de éxito
AsigText ReglaCreada, "Regla Creada!."
Invoke WriteConsoleA, HandleConsola, Addr ReglaCreada, 14, 0, 0
Invoke ImprimirSaltoDeLinea
; Cerrar la biblioteca COM
Invoke CoUninitialize
Invoke ExitProcess, 0
ErrorInicializacionCOM:
AsigText Error0, "Error Ini COM."
Invoke WriteConsoleA, HandleConsola, Addr Error0, 14, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCLIDIdentifi:
AsigText Error1, "Error Identifi Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error1, 20, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorClsID:
AsigText Error2, "Error Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error2, 11, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCrea:
AsigText Error3, "Error al instanciar Obj."
Invoke WriteConsoleA, HandleConsola, Addr Error3, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCreaRule:
AsigText Error4, "Error al instanciar regla."
Invoke WriteConsoleA, HandleConsola, Addr Error4, 27, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorSysAlloc:
AsigText Error5, "Error SysAlloc."
Invoke WriteConsoleA, HandleConsola, Addr Error5, 15, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ImprimirSaltoDeLinea Proc
; Imprime un retorno de carro (CR) y una nueva línea (LF) en la consola
Invoke WriteConsole, HandleConsola, Addr CarroDeRetorno, 1, 0, 0
Invoke WriteConsole, HandleConsola, Addr NuevaLinea, 1, 0, 0
Ret
ImprimirSaltoDeLinea EndP
End start
But for some reason, the name seems to be assigned, but the description is NOT. Any ideas, please?
Quote from: Fraile on June 13, 2024, 01:10:49 AMIf I want to load a value into the put_name property, I need to find its offset. From what I have seen, this is calculated by enumerating each of the previously mentioned properties and multiplying by 4 if it's a 32-bit application or by 8 if it's a 64-bit application. In my case, I am developing the application with MASM32, so I multiply by 4.
get_Name - index 0
put_Name - index 1 (offset 1 * 4 = 4 bytes or 0x04)
get_Description - index 2
put_Description - index 3 (offset 3 * 4 = 12 bytes or 0x0C)
It's not
that simple. The offset most likely won't start at 0, because Interfaces inherit from other interfaces, at least they inherit IUnknown ( which has 3 functions ).
QuoteBut for some reason, the name seems to be assigned, but the description is NOT. Any ideas, please?
Since COM is strongly related to C++ ( the MS variant ), each COM method has a hidden first argument, that's the object itself.
This has all been discussed multiple times - so you could probably scan the forum for code examples. The COM method calls are usually done by using macros ( "coinvoke" and the likes ).
Great, thank you very much, I'll take a look.
COM objects are one kind of structs and are used through pointer to structs.
coinvoke macro is for that.
Vortex example for poasm :
https://masmforum.com/board/index.php/topic,16726.msg139124.html#msg139124 (https://masmforum.com/board/index.php/topic,16726.msg139124.html#msg139124)
This also give a hint :
;http://www.masmforum.com/board/index.php?topic=5613.msg41863
.model flat,stdcall
CoMethod1Proto typedef proto :DWORD
CoMethod2Proto typedef proto :DWORD, :DWORD
CoMethod3Proto typedef proto :DWORD, :DWORD, :DWORD
CoMethod4Proto typedef proto :DWORD, :DWORD, :DWORD, :DWORD
CoMethod5Proto typedef proto :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
CoMethod6Proto typedef proto :DWORD, :DWORD, :DWORD, :DWORD, :DWORD, :DWORD
CoMethod1 typedef ptr CoMethod1Proto
CoMethod2 typedef ptr CoMethod2Proto
CoMethod3 typedef ptr CoMethod3Proto
CoMethod4 typedef ptr CoMethod4Proto
CoMethod5 typedef ptr CoMethod5Proto
CoMethod6 typedef ptr CoMethod6Proto
IRichEditOleCallback STRUCT
QueryInterface CoMethod3 ?
AddRef CoMethod1 ?
Release CoMethod1 ?
GetNewStorage CoMethod2 ?
GetInPlaceContext CoMethod4 ?
ShowContainerUI CoMethod2 ?
QueryInsertObject CoMethod4 ?
DeleteObject CoMethod2 ?
QueryAcceptData CoMethod6 ?
ContextSensitiveHelp CoMethod3 ?
GetClipboardData CoMethod4 ?
GetDragDropEffect CoMethod4 ?
GetContextMenu CoMethod5 ?
IRichEditOleCallback ENDS
Quote from: TimoVJL on June 13, 2024, 05:36:15 AMCOM objects are one kind of structs and are used through pointer to structs.
coinvoke macro is for that.
I looked through my Masm32 folder.
How come the only instance of
coinvoke (the macro) is in JJ's MasmBasic stuff (in MasmBasic.inc)?
Is this a MasmBasic thing?
At this site is speech5 text to speech and directx examples from Siekmanski
An example of the coinvoke macro :
coinvoke MACRO ppv:REQ,interface:REQ,member:REQ,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16
FOR arg,<p16,p15,p14,p13,p12,p11,p10,p9,p8,p7,p6,p5,p4,p3,p2,p1>
IFNB <arg>
push arg
ENDIF
ENDM
mov eax,ppv
push eax
mov eax,DWORD PTR [eax]
call interface.member[eax]
ENDM
Is this (or equivalent) anywhere in the MASM32 package?
The Masm32 package does not provide a coinvoke macro.
Quote from: NoCforMe on June 13, 2024, 05:49:40 AMthe only instance of coinvoke (the macro) is in JJ's MasmBasic stuff
I've seen several examples over time: forum search finds 64 posts.
CoInvoke has some undocumented extra bells and whistles (mainly for debugging, I use it a lot for my own sources), but others also work fine. The point is that they make a big fuss about COM being incredibly complicated, but it isn't.
Is it time to make standard way to handle COM objects.
After that, TLB to INC converter is possible to make finally.
In this site are at least three persons, who can do that.
First of all, thank you all very much, because now I am starting to see things more clearly. The assignment of properties seems to be going well, but in this part of the code ; Obtener la colección de reglas del firewall
;********************************************
coinvoke pFwPolicy2, INetFwPolicy2, get_Rules
Mov pFwRules, Eax
;********************************************
the program crashes, it doesn't respond. Can you think of any reason why this might be happening? Thank you very much.
.386
.Model Flat, StdCall
Option CaseMap :None
AsigText Macro Name, Text:VarArg
Local lbl
Jmp lbl
Name DB Text, 0
lbl:
EndM
coinvoke Macro ppv:Req,interface:Req,member:Req,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16
FOR arg,<p16,p15,p14,p13,p12,p11,p10,p9,p8,p7,p6,p5,p4,p3,p2,p1>
IFNB <arg>
Push arg
ENDIF
EndM
Mov Eax,ppv
Push Eax
Mov Eax,DWord Ptr [Eax]
Call @CatStr(interface,<.>,member)[Eax]
EndM
.Const
GuiPolicy TextEqu <{098325047H, 0C671H, 04174H, {08DH, 081H, 0DEH, 0FCH, 0D3H, 0F0H, 031H, 086H}}>
IID_FwRule TextEqu <{0AF230D27H, 0BABAH, 04E42H, {0ACH, 0EDH, 0F5H, 024H, 0F2H, 02CH, 0FCH, 0E2H}}>
NET_FW_ACTION_BLOCK Equ 0
NET_FW_RULE_DIR_IN Equ 1
.Data?
IShellDispatch Struct
QueryInterface DD ?
AddRef DD ?
Release DD ?
GetTypeInfoCount DD ?
GetTypeInfo DD ?
GetIDsOfNames DD ?
_Invoke DD ?
get_Name DD ?
put_Name DD ?
get_Description DD ?
put_Description DD ?
get_ApplicationName DD ?
put_ApplicationName DD ?
get_serviceName DD ?
put_serviceName DD ?
get_Protocol DD ?
put_Protocol DD ?
get_LocalPorts DD ?
put_LocalPorts DD ?
get_RemotePorts DD ?
put_RemotePorts DD ?
get_LocalAddresses DD ?
put_LocalAddresses DD ?
get_RemoteAddresses DD ?
put_RemoteAddresses DD ?
get_IcmpTypesAndCodes DD ?
put_IcmpTypesAndCodes DD ?
get_Direction DD ?
put_Direction DD ?
get_Interfaces DD ?
put_Interfaces DD ?
get_InterfaceTypes DD ?
put_InterfaceTypes DD ?
get_Enabled DD ?
put_Enabled DD ?
get_Grouping DD ?
put_Grouping DD ?
get_Profiles DD ?
put_Profiles DD ?
get_EdgeTraversal DD ?
put_EdgeTraversal DD ?
get_Action DD ?
put_Action DD ?
IShellDispatch EndS
INetFwRules Struct
QueryInterface DD ?
AddRef DD ?
Release DD ?
GetTypeInfoCount DD ?
GetTypeInfo DD ?
GetIDsOfNames DD ?
_Invoke DD ?
get_Count DD ?
_Add DD ?
Remove DD ?
Item DD ?
get__NewEnum DD ?
INetFwRules EndS
INetFwPolicy2 Struct
QueryInterface DD ?
AddRef DD ?
Release DD ?
GetTypeInfoCount DD ?
GetTypeInfo DD ?
GetIDsOfNames DD ?
_invoke DD ?
get_CurrentProfileTypes DD ?
get_FirewallEnabled DD ?
put_FirewallEnabled DD ?
get_ExcludedInterfaces DD ?
put_ExcludedInterfaces DD ?
get_BlockAllInboundTraffic DD ?
put_BlockAllInboundTraffic DD ?
get_NotificationsDisabled DD ?
put_NotificationsDisabled DD ?
get_UnicastRTMDisabled DD ?
put_UnicastRTMBDisabled DD ?
get_Rules DD ?
get_ServiceRestriction DD ?
EnableRuleGroup DD ?
IsRuleGroupEnabled DD ?
RestoreLocalFirewallDefaults DD ?
get_DefaultInboundAction DD ?
put_DefaultInboundAction DD ?
get_DefaultOutboundAction DD ?
put_DefaultOutboundAction DD ?
get_IsRuleGroupCurrentlyEnabled DD ?
get_LocalPolicyModifyState DD ?
INetFwPolicy2 EndS
pFwPolicy2 DD ?
pFwRules DD ?
pFwRule DD ?
.Data
HandleConsola DD 0
CarroDeRetorno DB 13 ; Código ASCII para retorno de carro
NuevaLinea DB 10 ; Código ASCII para nueva línea
ProgID_HNetCfg_FwPolicy2 DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'w', 'P', 'o', 'l', 'i', 'c', 'y', '2', 0
ProgID_HNetCfg_Fwrule DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'W', 'R', 'u', 'l', 'e', 0
CLSIDFw GUID <>
IID_INetFwPolicy2 GUID GuiPolicy
CLSID_NetFwRule GUID <>
IID_INetFwRule GUID IID_FwRule
ruleName DW 'B', 'l', 'o', 'c', 'k', 'S', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'I', 'P', 0
ruleDescription DW 'B', 'l', 'o', 'c', 'k', ' ', 't', 'r', 'a', 'f', 'f', 'i', 'c', ' ', 'f', 'r', 'o', 'm', ' ', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', ' ', 'I', 'P', 0
remoteAddresses DW '1', '9', '2', '.', '1', '6', '8', '.', '1', '.', '1', 0 ; Cambia esta IP a la que deseas bloquear
; ruleName DB "BlockSpecificIP", 0
; ruleDescription DB "Block traffic from specific IP", 0
; remoteAddresses DB "192.168.1.1", 0 ; Cambia esta IP a la que deseas bloquear
.Code
start:
Invoke GetStdHandle, STD_OUTPUT_HANDLE
Mov HandleConsola, Eax
;=====================
AsigText Cabecera0, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera0, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera1, "FraiFRW by Fraile - 2024."
Invoke WriteConsoleA, HandleConsola, Addr Cabecera1, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera2, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera2, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke ImprimirSaltoDeLinea
;=====================
; Initialize COM library
Invoke CoInitialize, NULL
Cmp Eax, S_OK
Jne ErrorInicializacionCOM
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_FwPolicy2, Addr CLSIDFw
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
Invoke CoCreateInstance, Addr CLSIDFw, NULL, CLSCTX_LOCAL_SERVER, Addr IID_INetFwPolicy2, Addr pFwPolicy2
; Check if the instance was created successfully
Cmp Eax, S_OK
Jne ErrorCoCrea
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_Fwrule, Addr CLSID_NetFwRule
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
; Crear una instancia de la interfaz INetFwRule
Invoke CoCreateInstance, Addr CLSID_NetFwRule, NULL, CLSCTX_INPROC_SERVER, Addr IID_INetFwRule, Addr pFwRule
Cmp Eax, S_OK
Jne ErrorCoCreaRule
; Obtener la colección de reglas del firewall
;********************************************
coinvoke pFwPolicy2, INetFwPolicy2, get_Rules
Mov pFwRules, Eax
;********************************************
; Establecer las propiedades de la regla
Invoke SysAllocString, Addr ruleName
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_Name, Eax
Invoke SysAllocString, Addr ruleDescription
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_Description, Eax
Invoke SysAllocString, Addr remoteAddresses
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_RemoteAddresses, Eax
; Establecer la acción de la regla (bloquear)
Mov Eax, NET_FW_ACTION_BLOCK
coinvoke pFwRule, IShellDispatch, put_Action, Eax
; Habilitar la regla
Mov Eax, 1 ; TRUE
coinvoke pFwRule, IShellDispatch, put_Enabled, Eax
; Agregar la regla al firewall
; Mensaje de éxito
AsigText ReglaCreada, "Regla Creada!."
Invoke WriteConsoleA, HandleConsola, Addr ReglaCreada, 14, 0, 0
Invoke ImprimirSaltoDeLinea
; Cerrar la biblioteca COM
Invoke CoUninitialize
Invoke ExitProcess, 0
ErrorInicializacionCOM:
AsigText Error0, "Error Ini COM."
Invoke WriteConsoleA, HandleConsola, Addr Error0, 14, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCLIDIdentifi:
AsigText Error1, "Error Identifi Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error1, 20, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorClsID:
AsigText Error2, "Error Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error2, 11, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCrea:
AsigText Error3, "Error al instanciar Obj."
Invoke WriteConsoleA, HandleConsola, Addr Error3, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCreaRule:
AsigText Error4, "Error al instanciar regla."
Invoke WriteConsoleA, HandleConsola, Addr Error4, 27, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorSysAlloc:
AsigText Error5, "Error SysAlloc."
Invoke WriteConsoleA, HandleConsola, Addr Error5, 15, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ImprimirSaltoDeLinea Proc
; Imprime un retorno de carro (CR) y una nueva línea (LF) en la consola
Invoke WriteConsole, HandleConsola, Addr CarroDeRetorno, 1, 0, 0
Invoke WriteConsole, HandleConsola, Addr NuevaLinea, 1, 0, 0
Ret
ImprimirSaltoDeLinea EndP
End start
You need to give get_Rules a pointer to store the interface you're after. Try
coinvoke pFwPolicy2, INetFwPolicy2, get_Rules, addr pFwRules
Generally, EAX will have the result of the invoke, not what you are after.
Error!!!! coinvoke pFwPolicy2, INetFwPolicy2, get_Rules, Offset pFwRules
Microsoft get_rules (https://learn.microsoft.com/en-us/windows/win32/api/netfw/nf-netfw-inetfwpolicy2-get_rules)
Thanks!!!!
I already created the rule but it doesn't enable it; I think it's because of put_Grouping. According to Microsoft, it is mandatory and must be filled in the following way: '@<dll name>, <resource string identifier>'. Microsoft says that groups help enable and disable multiple rules at once, but I don't understand how to set the put_Grouping property according to the format. Any ideas? Thank you very much.
Quote from: Fraile on June 14, 2024, 09:11:37 PMI already created the rule but it doesn't enable it; I think it's because of put_Grouping.
Well, "we" ( or at least "I" ) like to have my/our own thoughts - so please provide the code that "created the rule".
Also, COM returns an error msg if a method fails - you should tell this information, it may be helpful...
What is this "IShellDispatch" name doing in your code? It's obviously NOT the IShellDispatch interface, but the INetFwRule one. That's at least confusing...
What about the protocol? I'm no "firewall" expert, so it's a wild guess, but a quick look at the MS site tells that "you must first set the protocol" ...
IShellDispatch" doesn't match, that's correct; it's from a Vortex example. The point is that the rule does get created; I go to the firewall and see it created, but it's not enabled.
.386
.Model Flat, StdCall
Option CaseMap :None
AsigText Macro Name, Text:VarArg
Local lbl
Jmp lbl
Name DB Text, 0
lbl:
EndM
coinvoke Macro ppv:Req,interface:Req,member:Req,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16
FOR arg,<p16,p15,p14,p13,p12,p11,p10,p9,p8,p7,p6,p5,p4,p3,p2,p1>
IFNB <arg>
Push arg
ENDIF
EndM
Mov Eax,ppv
Push Eax
Mov Eax,DWord Ptr [Eax]
Call @CatStr(interface,<.>,member)[Eax]
EndM
.Const
GuiPolicy TextEqu <{098325047H, 0C671H, 04174H, {08DH, 081H, 0DEH, 0FCH, 0D3H, 0F0H, 031H, 086H}}>
IID_FwRule TextEqu <{0AF230D27H, 0BABAH, 04E42H, {0ACH, 0EDH, 0F5H, 024H, 0F2H, 02CH, 0FCH, 0E2H}}>
NET_FW_ACTION_BLOCK Equ 0
NET_FW_RULE_DIR_IN Equ 1
NET_FW_RULE_TRUE Equ 1
NET_FW_RULE_PROTOCOL Equ 6
.Data?
IShellDispatch Struct
QueryInterface DD ?
AddRef DD ?
Release DD ?
GetTypeInfoCount DD ?
GetTypeInfo DD ?
GetIDsOfNames DD ?
_Invoke DD ?
get_Name DD ?
put_Name DD ?
get_Description DD ?
put_Description DD ?
get_ApplicationName DD ?
put_ApplicationName DD ?
get_serviceName DD ?
put_serviceName DD ?
get_Protocol DD ?
put_Protocol DD ?
get_LocalPorts DD ?
put_LocalPorts DD ?
get_RemotePorts DD ?
put_RemotePorts DD ?
get_LocalAddresses DD ?
put_LocalAddresses DD ?
get_RemoteAddresses DD ?
put_RemoteAddresses DD ?
get_IcmpTypesAndCodes DD ?
put_IcmpTypesAndCodes DD ?
get_Direction DD ?
put_Direction DD ?
get_Interfaces DD ?
put_Interfaces DD ?
get_InterfaceTypes DD ?
put_InterfaceTypes DD ?
get_Enabled DD ?
put_Enabled DD ?
get_Grouping DD ?
put_Grouping DD ?
get_Profiles DD ?
put_Profiles DD ?
get_EdgeTraversal DD ?
put_EdgeTraversal DD ?
get_Action DD ?
put_Action DD ?
IShellDispatch EndS
INetFwRules Struct
QueryInterface DD ?
AddRef DD ?
Release DD ?
GetTypeInfoCount DD ?
GetTypeInfo DD ?
GetIDsOfNames DD ?
_Invoke DD ?
get_Count DD ?
_Add DD ?
Remove DD ?
Item DD ?
get__NewEnum DD ?
INetFwRules EndS
INetFwPolicy2 Struct
QueryInterface DD ?
AddRef DD ?
Release DD ?
GetTypeInfoCount DD ?
GetTypeInfo DD ?
GetIDsOfNames DD ?
_invoke DD ?
get_CurrentProfileTypes DD ?
get_FirewallEnabled DD ?
put_FirewallEnabled DD ?
get_ExcludedInterfaces DD ?
put_ExcludedInterfaces DD ?
get_BlockAllInboundTraffic DD ?
put_BlockAllInboundTraffic DD ?
get_NotificationsDisabled DD ?
put_NotificationsDisabled DD ?
get_UnicastRTMDisabled DD ?
put_UnicastRTMBDisabled DD ?
get_Rules DD ?
get_ServiceRestriction DD ?
EnableRuleGroup DD ?
IsRuleGroupEnabled DD ?
RestoreLocalFirewallDefaults DD ?
get_DefaultInboundAction DD ?
put_DefaultInboundAction DD ?
get_DefaultOutboundAction DD ?
put_DefaultOutboundAction DD ?
get_IsRuleGroupCurrentlyEnabled DD ?
get_LocalPolicyModifyState DD ?
INetFwPolicy2 EndS
pFwPolicy2 DD ?
pFwRules DD ?
pFwRule DD ?
.Data
HandleConsola DD 0
CarroDeRetorno DB 13 ; Código ASCII para retorno de carro
NuevaLinea DB 10 ; Código ASCII para nueva línea
ProgID_HNetCfg_FwPolicy2 DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'w', 'P', 'o', 'l', 'i', 'c', 'y', '2', 0
ProgID_HNetCfg_Fwrule DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'W', 'R', 'u', 'l', 'e', 0
CLSIDFw GUID <>
IID_INetFwPolicy2 GUID GuiPolicy
CLSID_NetFwRule GUID <>
IID_INetFwRule GUID IID_FwRule
ruleName DW 'S', 'e', 'c', 'u', 'r', 'e', ' ', 'W', 'a', 't', 'c', 'h', ' ', 'I', 'P', 0
ruleDescription DW 'B', 'l', 'o', 'c', 'k', ' ', 't', 'r', 'a', 'f', 'f', 'i', 'c', ' ', 'f', 'r', 'o', 'm', ' ', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', ' ', 'I', 'P', 0
remoteAddresses DW '1', '9', '2', '.', '1', '6', '8', '.', '1', '.', '1', 0 ; Cambia esta IP a la que deseas bloquear
grouping DW 'S', 'e', 'c', 'u', 'r', 'e', ' ', 'W', 'a', 't', 'c', 'h', ' ', 'I', 'P', 0
.Code
start:
Invoke GetStdHandle, STD_OUTPUT_HANDLE
Mov HandleConsola, Eax
;=====================
AsigText Cabecera0, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera0, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera1, "FraiFRW by Fraile - 2024."
Invoke WriteConsoleA, HandleConsola, Addr Cabecera1, 25, 0, 0
Invoke ImprimirSaltoDeLinea
AsigText Cabecera2, "----------------------------------"
Invoke WriteConsoleA, HandleConsola, Addr Cabecera2, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke ImprimirSaltoDeLinea
;=====================
; Initialize COM library
Invoke CoInitialize, NULL
Cmp Eax, S_OK
Jne ErrorInicializacionCOM
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_FwPolicy2, Addr CLSIDFw
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
Invoke CoCreateInstance, Addr CLSIDFw, NULL, CLSCTX_LOCAL_SERVER, Addr IID_INetFwPolicy2, Addr pFwPolicy2
; Check if the instance was created successfully
Cmp Eax, S_OK
Jne ErrorCoCrea
Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_Fwrule, Addr CLSID_NetFwRule
Cmp Eax, S_OK
Jne ErrorCLIDIdentifi
; Crear una instancia de la interfaz INetFwRule
Invoke CoCreateInstance, Addr CLSID_NetFwRule, NULL, CLSCTX_INPROC_SERVER, Addr IID_INetFwRule, Addr pFwRule
Cmp Eax, S_OK
Jne ErrorCoCreaRule
; Establecer las propiedades de la regla
Invoke SysAllocString, Addr ruleName
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_Name, Eax
Cmp Eax, 0
Jl ErrorCinvoke
Invoke SysAllocString, Addr ruleDescription
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_Description, Eax
Invoke SysAllocString, Addr remoteAddresses
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_RemoteAddresses, Eax
; Protocolo TCP
Mov Eax, NET_FW_RULE_PROTOCOL
coinvoke pFwRule, IShellDispatch, put_Protocol, Eax
; Establecer la dirección de la regla (bloquear entrada)
mov eax, NET_FW_RULE_DIR_IN
coinvoke pFwRule, IShellDispatch, put_Direction, Eax
Invoke SysAllocString, Addr grouping
Cmp Eax, 0
Je ErrorSysAlloc
coinvoke pFwRule, IShellDispatch, put_Grouping, Eax
; Establecer la acción de la regla (bloquear)
Mov Eax, NET_FW_ACTION_BLOCK
coinvoke pFwRule, IShellDispatch, put_Action, Eax
; Habilitar la regla
Mov Eax, NET_FW_RULE_TRUE
coinvoke pFwRule, IShellDispatch, put_Enabled, Eax
; Obtener la colección de reglas del firewall
;********************************************
coinvoke pFwPolicy2, INetFwPolicy2, get_Rules, Offset pFwRules
; Agregar la regla al firewall
coinvoke pFwRules, INetFwRules, _Add, pFwRule
;********************************************
; Recuperar la regla añadida y habilitarla
; Invoke SysAllocString, Addr ruleName
; coinvoke pFwRules, INetFwRules, Item, Eax, Offset pFwRule
; Mov Eax, NET_FW_RULE_TRUE
; coinvoke pFwRule, IShellDispatch, put_Enabled, Eax
; Mensaje de éxito
AsigText ReglaCreada, "Regla Creada!."
Invoke WriteConsoleA, HandleConsola, Addr ReglaCreada, 14, 0, 0
Invoke ImprimirSaltoDeLinea
; Cerrar la biblioteca COM
Invoke CoUninitialize
Invoke ExitProcess, 0
ErrorInicializacionCOM:
AsigText Error0, "Error Ini COM."
Invoke WriteConsoleA, HandleConsola, Addr Error0, 14, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCLIDIdentifi:
AsigText Error1, "Error Identifi Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error1, 20, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorClsID:
AsigText Error2, "Error Clid."
Invoke WriteConsoleA, HandleConsola, Addr Error2, 11, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCrea:
AsigText Error3, "Error al instanciar Obj."
Invoke WriteConsoleA, HandleConsola, Addr Error3, 25, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCoCreaRule:
AsigText Error4, "Error al instanciar regla."
Invoke WriteConsoleA, HandleConsola, Addr Error4, 27, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorSysAlloc:
AsigText Error5, "Error SysAlloc."
Invoke WriteConsoleA, HandleConsola, Addr Error5, 15, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ErrorCinvoke:
AsigText Error6, "Error Coinvoke."
Invoke WriteConsoleA, HandleConsola, Addr Error6, 15, 0, 0
Invoke ImprimirSaltoDeLinea
Invoke CoUninitialize
Invoke ExitProcess, 1
ImprimirSaltoDeLinea Proc
; Imprime un retorno de carro (CR) y una nueva línea (LF) en la consola
Invoke WriteConsole, HandleConsola, Addr CarroDeRetorno, 1, 0, 0
Invoke WriteConsole, HandleConsola, Addr NuevaLinea, 1, 0, 0
Ret
ImprimirSaltoDeLinea EndP
End start
The truth is that all of this is part of a project I'm working on. In this same channel, I opened a thread for ETW. The thing is, it's a program to detect attacks through event capture, for example, brute force attacks.... Now I'm programming to get the attacker's IP and put it into the firewall to block it..... That's what I'm working on.....
Quotecoinvoke pFwRules, INetFwRules, _Add, pFwRule
I go to the firewall and see it created, but it's not enabled.
The Add method may fail - you should check the result, no matter if you "see it created" or not.
coinvoke pFwRules, INetFwRules, _Add, pFwRule
Cmp Eax, 0
jl ErrorCrearRegla
I have added the verification, and it does not give an error. The rule is created.
Got it!!!. Note: put_Enabled is of type VARIANT_BOOL, so the value has to be -1.
Insert Rules in Firewall the Windows (https://github.com/Cayetanode/FraiFirewallACL/tree/main)
I have removed ALL the contentious and 'Off Topic' posts to clean this thread up,.... Again !!
Let's hope for the OP's sake, that it stays that way.