COM, create rule in Firewall to windows

jj2007 · June 13, 2024, 06:25:40 AM

Quote from: NoCforMe on June 13, 2024, 05:49:40 AMthe only instance of coinvoke (the macro) is in JJ's MasmBasic stuff

I've seen several examples over time: forum search finds 64 posts.

CoInvoke has some undocumented extra bells and whistles (mainly for debugging, I use it a lot for my own sources), but others also work fine. The point is that they make a big fuss about COM being incredibly complicated, but it isn't.

TimoVJL · June 13, 2024, 07:59:31 AM

Is it time to make standard way to handle COM objects.
After that, TLB to INC converter is possible to make finally.
In this site are at least three persons, who can do that.

Fraile · June 14, 2024, 06:50:42 PM

First of all, thank you all very much, because now I am starting to see things more clearly. The assignment of properties seems to be going well, but in this part of the code ; Obtener la colección de reglas del firewall
;********************************************
coinvoke pFwPolicy2, INetFwPolicy2, get_Rules
Mov pFwRules, Eax
;********************************************
the program crashes, it doesn't respond. Can you think of any reason why this might be happening? Thank you very much.

Code Select


.386
.Model Flat, StdCall
Option CaseMap :None
AsigText Macro Name, Text:VarArg
	Local lbl
	Jmp lbl
		Name DB Text, 0
lbl:
EndM
coinvoke Macro ppv:Req,interface:Req,member:Req,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16

    FOR arg,<p16,p15,p14,p13,p12,p11,p10,p9,p8,p7,p6,p5,p4,p3,p2,p1>

        IFNB <arg>

            Push arg

        ENDIF

    EndM

    Mov     Eax,ppv
    Push    Eax
    Mov     Eax,DWord Ptr [Eax]
    Call    @CatStr(interface,<.>,member)[Eax]

EndM

.Const
    GuiPolicy  TextEqu   <{098325047H, 0C671H, 04174H, {08DH, 081H, 0DEH, 0FCH, 0D3H, 0F0H, 031H, 086H}}>
    IID_FwRule TextEqu   <{0AF230D27H, 0BABAH, 04E42H, {0ACH, 0EDH, 0F5H, 024H, 0F2H, 02CH, 0FCH, 0E2H}}>



    NET_FW_ACTION_BLOCK Equ 0
    NET_FW_RULE_DIR_IN  Equ 1

.Data?

IShellDispatch Struct

    QueryInterface          DD ?
    AddRef                  DD ?
    Release                 DD ?
    
    GetTypeInfoCount        DD ?
    GetTypeInfo             DD ?
    GetIDsOfNames           DD ?
    _Invoke                 DD ?

    get_Name                DD ?
    put_Name                DD ?
	get_Description         DD ?
	put_Description         DD ?
	get_ApplicationName     DD ?
	put_ApplicationName     DD ?
	get_serviceName         DD ?
	put_serviceName         DD ?
	get_Protocol            DD ?
	put_Protocol            DD ?
	get_LocalPorts          DD ?
	put_LocalPorts          DD ?
	get_RemotePorts         DD ?
	put_RemotePorts         DD ?
	get_LocalAddresses      DD ?
	put_LocalAddresses      DD ?
	get_RemoteAddresses     DD ?
	put_RemoteAddresses     DD ?
	get_IcmpTypesAndCodes   DD ?
	put_IcmpTypesAndCodes   DD ?
	get_Direction           DD ?
	put_Direction           DD ?
	get_Interfaces          DD ?
	put_Interfaces          DD ?
	get_InterfaceTypes      DD ?
	put_InterfaceTypes      DD ?
	get_Enabled             DD ?
	put_Enabled             DD ?
	get_Grouping            DD ?
	put_Grouping            DD ?
	get_Profiles            DD ?
	put_Profiles            DD ?
	get_EdgeTraversal       DD ?
	put_EdgeTraversal       DD ?
	get_Action              DD ?
	put_Action              DD ?
    
IShellDispatch EndS
INetFwRules Struct
    QueryInterface          DD ?
    AddRef                  DD ?
    Release                 DD ?
    GetTypeInfoCount        DD ?
    GetTypeInfo             DD ?
    GetIDsOfNames           DD ?
    _Invoke                 DD ?
    get_Count               DD ?
    _Add                    DD ?
    Remove                  DD ?
    Item                    DD ?
    get__NewEnum            DD ?
INetFwRules EndS
INetFwPolicy2 Struct
    QueryInterface               DD ?
    AddRef                       DD ?
    Release                      DD ?
    GetTypeInfoCount             DD ?
    GetTypeInfo                  DD ?
    GetIDsOfNames                DD ?
    _invoke                      DD ?

    get_CurrentProfileTypes      DD ?
    get_FirewallEnabled          DD ?
    put_FirewallEnabled          DD ?
    get_ExcludedInterfaces       DD ?
    put_ExcludedInterfaces       DD ?
    get_BlockAllInboundTraffic   DD ?
    put_BlockAllInboundTraffic   DD ?
    get_NotificationsDisabled    DD ?
    put_NotificationsDisabled    DD ?
    get_UnicastRTMDisabled       DD ?
    put_UnicastRTMBDisabled      DD ?
    get_Rules                    DD ?
    get_ServiceRestriction       DD ?
    EnableRuleGroup              DD ?
    IsRuleGroupEnabled           DD ?
    RestoreLocalFirewallDefaults DD ?
    get_DefaultInboundAction DD ?
    put_DefaultInboundAction DD ?
    get_DefaultOutboundAction DD ?
    put_DefaultOutboundAction DD ?
    get_IsRuleGroupCurrentlyEnabled DD ?
    get_LocalPolicyModifyState DD ?
INetFwPolicy2 EndS

    pFwPolicy2              DD ?
    pFwRules				DD ?
	pFwRule                 DD ?



.Data
    HandleConsola			 DD 0
    CarroDeRetorno           DB 13 ; Código ASCII para retorno de carro
    NuevaLinea               DB 10 ; Código ASCII para nueva línea

    ProgID_HNetCfg_FwPolicy2 DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'w', 'P', 'o', 'l', 'i', 'c', 'y', '2', 0
    ProgID_HNetCfg_Fwrule    DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'W', 'R', 'u', 'l', 'e', 0

	CLSIDFw                  GUID <>
    IID_INetFwPolicy2        GUID GuiPolicy
    CLSID_NetFwRule          GUID <>
	IID_INetFwRule			 GUID IID_FwRule

    ruleName            DW 'B', 'l', 'o', 'c', 'k', 'S', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'I', 'P', 0
    ruleDescription     DW 'B', 'l', 'o', 'c', 'k', ' ', 't', 'r', 'a', 'f', 'f', 'i', 'c', ' ', 'f', 'r', 'o', 'm', ' ', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', ' ', 'I', 'P', 0
    remoteAddresses     DW '1', '9', '2', '.', '1', '6', '8', '.', '1', '.', '1', 0  ; Cambia esta IP a la que deseas bloquear

;    ruleName            DB "BlockSpecificIP", 0
;    ruleDescription     DB "Block traffic from specific IP", 0
;    remoteAddresses     DB "192.168.1.1", 0  ; Cambia esta IP a la que deseas bloquear


.Code

start:

 	Invoke GetStdHandle, STD_OUTPUT_HANDLE
 	Mov HandleConsola, Eax

	;=====================

	AsigText Cabecera0, "----------------------------------"
    Invoke WriteConsoleA, HandleConsola, Addr Cabecera0, 25, 0, 0
    Invoke ImprimirSaltoDeLinea

	AsigText Cabecera1, "FraiFRW by Fraile - 2024."
    Invoke WriteConsoleA, HandleConsola, Addr Cabecera1, 25, 0, 0
    Invoke ImprimirSaltoDeLinea

	AsigText Cabecera2, "----------------------------------"
    Invoke WriteConsoleA, HandleConsola, Addr Cabecera2, 25, 0, 0
    Invoke ImprimirSaltoDeLinea
    Invoke ImprimirSaltoDeLinea

	;=====================

    ; Initialize COM library
    Invoke CoInitialize, NULL
    Cmp Eax, S_OK
	Jne ErrorInicializacionCOM

	Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_FwPolicy2, Addr CLSIDFw
	Cmp Eax, S_OK
	Jne ErrorCLIDIdentifi

    Invoke CoCreateInstance, Addr CLSIDFw, NULL, CLSCTX_LOCAL_SERVER, Addr IID_INetFwPolicy2, Addr pFwPolicy2

    ; Check if the instance was created successfully
    Cmp Eax, S_OK
    Jne ErrorCoCrea

	Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_Fwrule, Addr CLSID_NetFwRule
	Cmp Eax, S_OK
	Jne ErrorCLIDIdentifi

    ; Crear una instancia de la interfaz INetFwRule
    Invoke CoCreateInstance, Addr CLSID_NetFwRule, NULL, CLSCTX_INPROC_SERVER, Addr IID_INetFwRule, Addr pFwRule
    Cmp Eax, S_OK
    Jne ErrorCoCreaRule

    ; Obtener la colección de reglas del firewall
    ;********************************************
    coinvoke pFwPolicy2, INetFwPolicy2, get_Rules
    Mov pFwRules, Eax
    ;********************************************



    ; Establecer las propiedades de la regla
    Invoke SysAllocString, Addr ruleName
    Cmp Eax, 0
    Je ErrorSysAlloc
	coinvoke pFwRule, IShellDispatch, put_Name, Eax

    Invoke SysAllocString, Addr ruleDescription
    Cmp Eax, 0
    Je ErrorSysAlloc
	coinvoke pFwRule, IShellDispatch, put_Description, Eax

    Invoke SysAllocString, Addr remoteAddresses
    Cmp Eax, 0
    Je ErrorSysAlloc
	coinvoke pFwRule, IShellDispatch, put_RemoteAddresses, Eax

    ; Establecer la acción de la regla (bloquear)
    Mov Eax, NET_FW_ACTION_BLOCK
    coinvoke pFwRule, IShellDispatch, put_Action, Eax

    ; Habilitar la regla
    Mov Eax, 1 ; TRUE
    coinvoke pFwRule, IShellDispatch, put_Enabled, Eax


    ; Agregar la regla al firewall


    ; Mensaje de éxito
    AsigText ReglaCreada, "Regla Creada!."
    Invoke WriteConsoleA, HandleConsola, Addr ReglaCreada, 14, 0, 0
    Invoke ImprimirSaltoDeLinea


    ; Cerrar la biblioteca COM
    Invoke CoUninitialize
    Invoke ExitProcess, 0


ErrorInicializacionCOM:
	AsigText Error0, "Error Ini COM."
    Invoke WriteConsoleA, HandleConsola, Addr Error0, 14, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCLIDIdentifi:
	AsigText Error1, "Error Identifi Clid."
    Invoke WriteConsoleA, HandleConsola, Addr Error1, 20, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorClsID:
	AsigText Error2, "Error Clid."
    Invoke WriteConsoleA, HandleConsola, Addr Error2, 11, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCoCrea:
	AsigText Error3, "Error al instanciar Obj."
    Invoke WriteConsoleA, HandleConsola, Addr Error3, 25, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCoCreaRule:
	AsigText Error4, "Error al instanciar regla."
    Invoke WriteConsoleA, HandleConsola, Addr Error4, 27, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorSysAlloc:
	AsigText Error5, "Error SysAlloc."
    Invoke WriteConsoleA, HandleConsola, Addr Error5, 15, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ImprimirSaltoDeLinea Proc
    ; Imprime un retorno de carro (CR) y una nueva línea (LF) en la consola
    Invoke WriteConsole, HandleConsola, Addr CarroDeRetorno, 1, 0, 0
    Invoke WriteConsole, HandleConsola, Addr NuevaLinea, 1, 0, 0
    Ret

ImprimirSaltoDeLinea EndP



End start

sinsi · June 14, 2024, 07:22:19 PM

You need to give get_Rules a pointer to store the interface you're after. Try

Code Select

    coinvoke pFwPolicy2, INetFwPolicy2, get_Rules, addr pFwRules

Generally, EAX will have the result of the invoke, not what you are after.

Fraile · June 14, 2024, 07:23:10 PM

Error!!!! coinvoke pFwPolicy2, INetFwPolicy2, get_Rules, Offset pFwRules

Microsoft get_rules

Thanks!!!!

Fraile · June 14, 2024, 09:11:37 PM

I already created the rule but it doesn't enable it; I think it's because of put_Grouping. According to Microsoft, it is mandatory and must be filled in the following way: '@<dll name>, <resource string identifier>'. Microsoft says that groups help enable and disable multiple rules at once, but I don't understand how to set the put_Grouping property according to the format. Any ideas? Thank you very much.

_japheth · June 14, 2024, 10:01:01 PM

Quote from: Fraile on June 14, 2024, 09:11:37 PMI already created the rule but it doesn't enable it; I think it's because of put_Grouping.

Well, "we" ( or at least "I" ) like to have my/our own thoughts - so please provide the code that "created the rule".

Also, COM returns an error msg if a method fails - you should tell this information, it may be helpful...

What is this "IShellDispatch" name doing in your code? It's obviously NOT the IShellDispatch interface, but the INetFwRule one. That's at least confusing...

What about the protocol? I'm no "firewall" expert, so it's a wild guess, but a quick look at the MS site tells that "you must first set the protocol" ...

Fraile · June 14, 2024, 10:07:49 PM

IShellDispatch" doesn't match, that's correct; it's from a Vortex example. The point is that the rule does get created; I go to the firewall and see it created, but it's not enabled.

Code Select


.386
.Model Flat, StdCall
Option CaseMap :None
AsigText Macro Name, Text:VarArg
	Local lbl
	Jmp lbl
		Name DB Text, 0
lbl:
EndM
coinvoke Macro ppv:Req,interface:Req,member:Req,p1,p2,p3,p4,p5,p6,p7,p8,p9,p10,p11,p12,p13,p14,p15,p16

    FOR arg,<p16,p15,p14,p13,p12,p11,p10,p9,p8,p7,p6,p5,p4,p3,p2,p1>

        IFNB <arg>

            Push arg

        ENDIF

    EndM

    Mov     Eax,ppv
    Push    Eax
    Mov     Eax,DWord Ptr [Eax]
    Call    @CatStr(interface,<.>,member)[Eax]

EndM

.Const
    GuiPolicy  TextEqu   <{098325047H, 0C671H, 04174H, {08DH, 081H, 0DEH, 0FCH, 0D3H, 0F0H, 031H, 086H}}>
    IID_FwRule TextEqu   <{0AF230D27H, 0BABAH, 04E42H, {0ACH, 0EDH, 0F5H, 024H, 0F2H, 02CH, 0FCH, 0E2H}}>



    NET_FW_ACTION_BLOCK  Equ 0
    NET_FW_RULE_DIR_IN   Equ 1
    NET_FW_RULE_TRUE     Equ 1
    NET_FW_RULE_PROTOCOL Equ 6


.Data?

IShellDispatch Struct

    QueryInterface          DD ?
    AddRef                  DD ?
    Release                 DD ?
    
    GetTypeInfoCount        DD ?
    GetTypeInfo             DD ?
    GetIDsOfNames           DD ?
    _Invoke                 DD ?

    get_Name                DD ?
    put_Name                DD ?
	get_Description         DD ?
	put_Description         DD ?
	get_ApplicationName     DD ?
	put_ApplicationName     DD ?
	get_serviceName         DD ?
	put_serviceName         DD ?
	get_Protocol            DD ?
	put_Protocol            DD ?
	get_LocalPorts          DD ?
	put_LocalPorts          DD ?
	get_RemotePorts         DD ?
	put_RemotePorts         DD ?
	get_LocalAddresses      DD ?
	put_LocalAddresses      DD ?
	get_RemoteAddresses     DD ?
	put_RemoteAddresses     DD ?
	get_IcmpTypesAndCodes   DD ?
	put_IcmpTypesAndCodes   DD ?
	get_Direction           DD ?
	put_Direction           DD ?
	get_Interfaces          DD ?
	put_Interfaces          DD ?
	get_InterfaceTypes      DD ?
	put_InterfaceTypes      DD ?
	get_Enabled             DD ?
	put_Enabled             DD ?
	get_Grouping            DD ?
	put_Grouping            DD ?
	get_Profiles            DD ?
	put_Profiles            DD ?
	get_EdgeTraversal       DD ?
	put_EdgeTraversal       DD ?
	get_Action              DD ?
	put_Action              DD ?
    
IShellDispatch EndS
INetFwRules Struct
    QueryInterface          DD ?
    AddRef                  DD ?
    Release                 DD ?
    GetTypeInfoCount        DD ?
    GetTypeInfo             DD ?
    GetIDsOfNames           DD ?
    _Invoke                 DD ?
    get_Count               DD ?
    _Add                    DD ?
    Remove                  DD ?
    Item                    DD ?
    get__NewEnum            DD ?
INetFwRules EndS
INetFwPolicy2 Struct
    QueryInterface               DD ?
    AddRef                       DD ?
    Release                      DD ?
    GetTypeInfoCount             DD ?
    GetTypeInfo                  DD ?
    GetIDsOfNames                DD ?
    _invoke                      DD ?

    get_CurrentProfileTypes      DD ?
    get_FirewallEnabled          DD ?
    put_FirewallEnabled          DD ?
    get_ExcludedInterfaces       DD ?
    put_ExcludedInterfaces       DD ?
    get_BlockAllInboundTraffic   DD ?
    put_BlockAllInboundTraffic   DD ?
    get_NotificationsDisabled    DD ?
    put_NotificationsDisabled    DD ?
    get_UnicastRTMDisabled       DD ?
    put_UnicastRTMBDisabled      DD ?
    get_Rules                    DD ?
    get_ServiceRestriction       DD ?
    EnableRuleGroup              DD ?
    IsRuleGroupEnabled           DD ?
    RestoreLocalFirewallDefaults DD ?
    get_DefaultInboundAction DD ?
    put_DefaultInboundAction DD ?
    get_DefaultOutboundAction DD ?
    put_DefaultOutboundAction DD ?
    get_IsRuleGroupCurrentlyEnabled DD ?
    get_LocalPolicyModifyState DD ?
INetFwPolicy2 EndS

    pFwPolicy2              DD ?
    pFwRules				DD ?
	pFwRule                 DD ?



.Data
    HandleConsola			 DD 0
    CarroDeRetorno           DB 13 ; Código ASCII para retorno de carro
    NuevaLinea               DB 10 ; Código ASCII para nueva línea

    ProgID_HNetCfg_FwPolicy2 DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'w', 'P', 'o', 'l', 'i', 'c', 'y', '2', 0
    ProgID_HNetCfg_Fwrule    DW 'H', 'N', 'e', 't', 'C', 'f', 'g', '.', 'F', 'W', 'R', 'u', 'l', 'e', 0

	CLSIDFw                  GUID <>
    IID_INetFwPolicy2        GUID GuiPolicy
    CLSID_NetFwRule          GUID <>
	IID_INetFwRule			 GUID IID_FwRule

    ruleName            DW 'S', 'e', 'c', 'u', 'r', 'e', ' ', 'W', 'a', 't', 'c', 'h', ' ', 'I', 'P', 0
    ruleDescription     DW 'B', 'l', 'o', 'c', 'k', ' ', 't', 'r', 'a', 'f', 'f', 'i', 'c', ' ', 'f', 'r', 'o', 'm', ' ', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', ' ', 'I', 'P', 0
    remoteAddresses     DW '1', '9', '2', '.', '1', '6', '8', '.', '1', '.', '1', 0  ; Cambia esta IP a la que deseas bloquear
	grouping            DW 'S', 'e', 'c', 'u', 'r', 'e', ' ', 'W', 'a', 't', 'c', 'h', ' ', 'I', 'P', 0


.Code

start:

 	Invoke GetStdHandle, STD_OUTPUT_HANDLE
 	Mov HandleConsola, Eax

	;=====================

	AsigText Cabecera0, "----------------------------------"
    Invoke WriteConsoleA, HandleConsola, Addr Cabecera0, 25, 0, 0
    Invoke ImprimirSaltoDeLinea

	AsigText Cabecera1, "FraiFRW by Fraile - 2024."
    Invoke WriteConsoleA, HandleConsola, Addr Cabecera1, 25, 0, 0
    Invoke ImprimirSaltoDeLinea

	AsigText Cabecera2, "----------------------------------"
    Invoke WriteConsoleA, HandleConsola, Addr Cabecera2, 25, 0, 0
    Invoke ImprimirSaltoDeLinea
    Invoke ImprimirSaltoDeLinea

	;=====================

    ; Initialize COM library
    Invoke CoInitialize, NULL
    Cmp Eax, S_OK
	Jne ErrorInicializacionCOM

	Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_FwPolicy2, Addr CLSIDFw
	Cmp Eax, S_OK
	Jne ErrorCLIDIdentifi

    Invoke CoCreateInstance, Addr CLSIDFw, NULL, CLSCTX_LOCAL_SERVER, Addr IID_INetFwPolicy2, Addr pFwPolicy2

    ; Check if the instance was created successfully
    Cmp Eax, S_OK
    Jne ErrorCoCrea

	Invoke CLSIDFromProgID, Addr ProgID_HNetCfg_Fwrule, Addr CLSID_NetFwRule
	Cmp Eax, S_OK
	Jne ErrorCLIDIdentifi

    ; Crear una instancia de la interfaz INetFwRule
    Invoke CoCreateInstance, Addr CLSID_NetFwRule, NULL, CLSCTX_INPROC_SERVER, Addr IID_INetFwRule, Addr pFwRule
    Cmp Eax, S_OK
    Jne ErrorCoCreaRule


    ; Establecer las propiedades de la regla
    Invoke SysAllocString, Addr ruleName
    Cmp Eax, 0
    Je ErrorSysAlloc
	coinvoke pFwRule, IShellDispatch, put_Name, Eax
	Cmp Eax, 0
	Jl ErrorCinvoke

    Invoke SysAllocString, Addr ruleDescription
    Cmp Eax, 0
    Je ErrorSysAlloc
	coinvoke pFwRule, IShellDispatch, put_Description, Eax

    Invoke SysAllocString, Addr remoteAddresses
    Cmp Eax, 0
    Je ErrorSysAlloc
	coinvoke pFwRule, IShellDispatch, put_RemoteAddresses, Eax

	; Protocolo TCP
    Mov Eax, NET_FW_RULE_PROTOCOL
    coinvoke pFwRule, IShellDispatch, put_Protocol, Eax


    ; Establecer la dirección de la regla (bloquear entrada)
    mov eax, NET_FW_RULE_DIR_IN
    coinvoke pFwRule, IShellDispatch, put_Direction, Eax

    Invoke SysAllocString, Addr grouping
    Cmp Eax, 0
    Je ErrorSysAlloc
    coinvoke pFwRule, IShellDispatch, put_Grouping, Eax

    ; Establecer la acción de la regla (bloquear)
    Mov Eax, NET_FW_ACTION_BLOCK
    coinvoke pFwRule, IShellDispatch, put_Action, Eax

    ; Habilitar la regla
    Mov Eax, NET_FW_RULE_TRUE
    coinvoke pFwRule, IShellDispatch, put_Enabled, Eax




    ; Obtener la colección de reglas del firewall
    ;********************************************
    coinvoke pFwPolicy2, INetFwPolicy2, get_Rules, Offset pFwRules

    ; Agregar la regla al firewall
    coinvoke pFwRules, INetFwRules, _Add, pFwRule
    ;********************************************

    ; Recuperar la regla añadida y habilitarla
;    Invoke SysAllocString, Addr ruleName
;    coinvoke pFwRules, INetFwRules, Item, Eax, Offset pFwRule
;    Mov Eax, NET_FW_RULE_TRUE
;    coinvoke pFwRule, IShellDispatch, put_Enabled, Eax


    ; Mensaje de éxito
    AsigText ReglaCreada, "Regla Creada!."
    Invoke WriteConsoleA, HandleConsola, Addr ReglaCreada, 14, 0, 0
    Invoke ImprimirSaltoDeLinea


    ; Cerrar la biblioteca COM
    Invoke CoUninitialize
    Invoke ExitProcess, 0


ErrorInicializacionCOM:
	AsigText Error0, "Error Ini COM."
    Invoke WriteConsoleA, HandleConsola, Addr Error0, 14, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCLIDIdentifi:
	AsigText Error1, "Error Identifi Clid."
    Invoke WriteConsoleA, HandleConsola, Addr Error1, 20, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorClsID:
	AsigText Error2, "Error Clid."
    Invoke WriteConsoleA, HandleConsola, Addr Error2, 11, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCoCrea:
	AsigText Error3, "Error al instanciar Obj."
    Invoke WriteConsoleA, HandleConsola, Addr Error3, 25, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCoCreaRule:
	AsigText Error4, "Error al instanciar regla."
    Invoke WriteConsoleA, HandleConsola, Addr Error4, 27, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorSysAlloc:
	AsigText Error5, "Error SysAlloc."
    Invoke WriteConsoleA, HandleConsola, Addr Error5, 15, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1

ErrorCinvoke:

	AsigText Error6, "Error Coinvoke."
    Invoke WriteConsoleA, HandleConsola, Addr Error6, 15, 0, 0
    Invoke ImprimirSaltoDeLinea

    Invoke CoUninitialize
    Invoke ExitProcess, 1


ImprimirSaltoDeLinea Proc
    ; Imprime un retorno de carro (CR) y una nueva línea (LF) en la consola
    Invoke WriteConsole, HandleConsola, Addr CarroDeRetorno, 1, 0, 0
    Invoke WriteConsole, HandleConsola, Addr NuevaLinea, 1, 0, 0
    Ret

ImprimirSaltoDeLinea EndP



End start

Fraile · June 14, 2024, 11:30:45 PM

The truth is that all of this is part of a project I'm working on. In this same channel, I opened a thread for ETW. The thing is, it's a program to detect attacks through event capture, for example, brute force attacks.... Now I'm programming to get the attacker's IP and put it into the firewall to block it..... That's what I'm working on.....

_japheth · June 14, 2024, 11:57:06 PM

Quotecoinvoke pFwRules, INetFwRules, _Add, pFwRule

I go to the firewall and see it created, but it's not enabled.

The Add method may fail - you should check the result, no matter if you "see it created" or not.

Fraile · June 15, 2024, 12:24:50 AM

Code Select

coinvoke pFwRules, INetFwRules, _Add, pFwRule
Cmp Eax, 0
jl ErrorCrearRegla

I have added the verification, and it does not give an error. The rule is created.

Fraile · June 15, 2024, 01:43:46 AM

Got it!!!. Note: put_Enabled is of type VARIANT_BOOL, so the value has to be -1.

Fraile · June 15, 2024, 02:11:40 AM

Insert Rules in Firewall the Windows

stoo23 · July 01, 2024, 10:37:27 AM

I have removed ALL the contentious and 'Off Topic' posts to clean this thread up,.... Again !!
Let's hope for the OP's sake, that it stays that way.

The MASM Forum

News:

COM, create rule in Firewall to windows

jj2007

TimoVJL

Fraile

sinsi

Fraile

Fraile

_japheth

Fraile

Fraile

_japheth

Fraile

Fraile

Fraile

stoo23