#include <windows.h>
#include <fwpmu.h>
#include <accctrl.h>
#include <aclapi.h>
#include <stdio.h>
 
#pragma comment (lib, "fwpuclnt.lib")
#pragma comment (lib, "advapi32.lib")
 
#define SESSION_NAME L"SDK Examples"
 
#define EXIT_ON_ERROR(fnName) \
   if (result != ERROR_SUCCESS) \
   { \
      printf(#fnName " = 0x%08X\n", result); \
      goto CLEANUP; \
   }
 
DWORD FilterByUserAndApp(
         __in HANDLE engine,
         __in PCWSTR filterName,
         __in_opt const GUID* providerKey,
         __in const GUID* layerKey,
         __in_opt const GUID* subLayerKey,
         __in_opt PCWSTR userName,
         __in_opt PCWSTR appPath,
         __in FWP_ACTION_TYPE actionType,
         __out_opt UINT64* filterId
         )
{
   DWORD result = ERROR_SUCCESS;
   FWPM_FILTER_CONDITION0 conds[2];
   UINT32 numConds = 0;
   EXPLICIT_ACCESS_W access;
   ULONG sdLen;
   PSECURITY_DESCRIPTOR sd = NULL;
   FWP_BYTE_BLOB sdBlob, *appBlob = NULL;
   FWPM_FILTER0 filter;
 
   // Add an FWPM_CONDITION_ALE_USER_ID condition if requested.
   if (userName != NULL)
   {
      // When evaluating SECURITY_DESCRIPTOR conditions, the filter engine
      // checks for FWP_ACTRL_MATCH_FILTER access. If the DACL grants access,
      // it does not mean that the traffic is allowed; it just means that the
      // condition evaluates to true. Likewise if it denies access, the
      // condition evaluates to false.
      BuildExplicitAccessWithNameW(
         &access,
         (PWSTR)userName,
         FWP_ACTRL_MATCH_FILTER,
         GRANT_ACCESS,
         0
         );
 
      result = BuildSecurityDescriptorW(
                  NULL,
                  NULL,
                  1,
                  &access,
                  0,
                  NULL,
                  NULL,
                  &sdLen,
                  &sd
                  );
      EXIT_ON_ERROR(BuildSecurityDescriptorW);
 
      // Security descriptors must be in self-relative form (i.e., contiguous).
      // The security descriptor returned by BuildSecurityDescriptorW is
      // already self-relative, but if you're using another mechanism to build
      // the descriptor, you may have to convert it. See MakeSelfRelativeSD for
      // details.
      sdBlob.size = sdLen;
      sdBlob.data = (UINT8*)sd;
 
      conds[numConds].fieldKey = FWPM_CONDITION_ALE_USER_ID;
      conds[numConds].matchType = FWP_MATCH_EQUAL;
      conds[numConds].conditionValue.type = FWP_SECURITY_DESCRIPTOR_TYPE;
      conds[numConds].conditionValue.sd = &sdBlob;
      ++numConds;
   }
 
   // Add an FWPM_CONDITION_ALE_APP_ID condition if requested.
   if (appPath != NULL)
   {
      // appPath must be a fully-qualified file name, and the file must
      // exist on the local machine.
      result = FwpmGetAppIdFromFileName0(appPath, &appBlob);
      EXIT_ON_ERROR(FwpmGetAppIdFromFileName0);
 
      conds[numConds].fieldKey = FWPM_CONDITION_ALE_APP_ID;
      conds[numConds].matchType = FWP_MATCH_EQUAL;
      conds[numConds].conditionValue.type = FWP_BYTE_BLOB_TYPE;
      conds[numConds].conditionValue.byteBlob = appBlob;
      ++numConds;
   }
 
   memset(&filter, 0, sizeof(filter));
   // For MUI compatibility, object names should be indirect strings. See
   // SHLoadIndirectString for details.
   filter.displayData.name = (PWSTR)filterName;
   // Link all objects to our provider. When multiple providers are installed
   // on a computer, this makes it easy to determine who added what.
   filter.providerKey = (GUID*)providerKey;
   filter.layerKey = *layerKey;
   // Generally, it's best to add filters to our own sublayer, so we don't have
   // to worry about being overridden by filters added by another provider.
   if (subLayerKey != NULL)
   {
      filter.subLayerKey = *subLayerKey;
   }
   filter.numFilterConditions = numConds;
   if (numConds > 0)
   {
      filter.filterCondition = conds;
   }
   filter.action.type = actionType;
 
   result = FwpmFilterAdd0(engine, &filter, NULL, filterId);
   EXIT_ON_ERROR(FwpmFilterAdd0);
 
CLEANUP:
   FwpmFreeMemory0((void**)&appBlob);
   LocalFree(sd);
   return result;
}
 
 

I2luY2x1ZGUgPHdpbmRvd3MuaD4KI2luY2x1ZGUgPGZ3cG11Lmg+CiNpbmNsdWRlIDxhY2NjdHJsLmg+CiNpbmNsdWRlIDxhY2xhcGkuaD4KI2luY2x1ZGUgPHN0ZGlvLmg+CgojcHJhZ21hIGNvbW1lbnQgKGxpYiwgImZ3cHVjbG50LmxpYiIpCiNwcmFnbWEgY29tbWVudCAobGliLCAiYWR2YXBpMzIubGliIikKCiNkZWZpbmUgU0VTU0lPTl9OQU1FIEwiU0RLIEV4YW1wbGVzIgoKI2RlZmluZSBFWElUX09OX0VSUk9SKGZuTmFtZSkgXAogICBpZiAocmVzdWx0ICE9IEVSUk9SX1NVQ0NFU1MpIFwKICAgeyBcCiAgICAgIHByaW50ZigjZm5OYW1lICIgPSAweCUwOFhcbiIsIHJlc3VsdCk7IFwKICAgICAgZ290byBDTEVBTlVQOyBcCiAgIH0KCkRXT1JEIEZpbHRlckJ5VXNlckFuZEFwcCgKICAgICAgICAgX19pbiBIQU5ETEUgZW5naW5lLAogICAgICAgICBfX2luIFBDV1NUUiBmaWx0ZXJOYW1lLAogICAgICAgICBfX2luX29wdCBjb25zdCBHVUlEKiBwcm92aWRlcktleSwKICAgICAgICAgX19pbiBjb25zdCBHVUlEKiBsYXllcktleSwKICAgICAgICAgX19pbl9vcHQgY29uc3QgR1VJRCogc3ViTGF5ZXJLZXksCiAgICAgICAgIF9faW5fb3B0IFBDV1NUUiB1c2VyTmFtZSwKICAgICAgICAgX19pbl9vcHQgUENXU1RSIGFwcFBhdGgsCiAgICAgICAgIF9faW4gRldQX0FDVElPTl9UWVBFIGFjdGlvblR5cGUsCiAgICAgICAgIF9fb3V0X29wdCBVSU5UNjQqIGZpbHRlcklkCiAgICAgICAgICkKewogICBEV09SRCByZXN1bHQgPSBFUlJPUl9TVUNDRVNTOwogICBGV1BNX0ZJTFRFUl9DT05ESVRJT04wIGNvbmRzWzJdOwogICBVSU5UMzIgbnVtQ29uZHMgPSAwOwogICBFWFBMSUNJVF9BQ0NFU1NfVyBhY2Nlc3M7CiAgIFVMT05HIHNkTGVuOwogICBQU0VDVVJJVFlfREVTQ1JJUFRPUiBzZCA9IE5VTEw7CiAgIEZXUF9CWVRFX0JMT0Igc2RCbG9iLCAqYXBwQmxvYiA9IE5VTEw7CiAgIEZXUE1fRklMVEVSMCBmaWx0ZXI7CgogICAvLyBBZGQgYW4gRldQTV9DT05ESVRJT05fQUxFX1VTRVJfSUQgY29uZGl0aW9uIGlmIHJlcXVlc3RlZC4KICAgaWYgKHVzZXJOYW1lICE9IE5VTEwpCiAgIHsKICAgICAgLy8gV2hlbiBldmFsdWF0aW5nIFNFQ1VSSVRZX0RFU0NSSVBUT1IgY29uZGl0aW9ucywgdGhlIGZpbHRlciBlbmdpbmUKICAgICAgLy8gY2hlY2tzIGZvciBGV1BfQUNUUkxfTUFUQ0hfRklMVEVSIGFjY2Vzcy4gSWYgdGhlIERBQ0wgZ3JhbnRzIGFjY2VzcywKICAgICAgLy8gaXQgZG9lcyBub3QgbWVhbiB0aGF0IHRoZSB0cmFmZmljIGlzIGFsbG93ZWQ7IGl0IGp1c3QgbWVhbnMgdGhhdCB0aGUKICAgICAgLy8gY29uZGl0aW9uIGV2YWx1YXRlcyB0byB0cnVlLiBMaWtld2lzZSBpZiBpdCBkZW5pZXMgYWNjZXNzLCB0aGUKICAgICAgLy8gY29uZGl0aW9uIGV2YWx1YXRlcyB0byBmYWxzZS4KICAgICAgQnVpbGRFeHBsaWNpdEFjY2Vzc1dpdGhOYW1lVygKICAgICAgICAgJmFjY2VzcywKICAgICAgICAgKFBXU1RSKXVzZXJOYW1lLAogICAgICAgICBGV1BfQUNUUkxfTUFUQ0hfRklMVEVSLAogICAgICAgICBHUkFOVF9BQ0NFU1MsCiAgICAgICAgIDAKICAgICAgICAgKTsKCiAgICAgIHJlc3VsdCA9IEJ1aWxkU2VjdXJpdHlEZXNjcmlwdG9yVygKICAgICAgICAgICAgICAgICAgTlVMTCwKICAgICAgICAgICAgICAgICAgTlVMTCwKICAgICAgICAgICAgICAgICAgMSwKICAgICAgICAgICAgICAgICAgJmFjY2VzcywKICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgTlVMTCwKICAgICAgICAgICAgICAgICAgTlVMTCwKICAgICAgICAgICAgICAgICAgJnNkTGVuLAogICAgICAgICAgICAgICAgICAmc2QKICAgICAgICAgICAgICAgICAgKTsKICAgICAgRVhJVF9PTl9FUlJPUihCdWlsZFNlY3VyaXR5RGVzY3JpcHRvclcpOwoKICAgICAgLy8gU2VjdXJpdHkgZGVzY3JpcHRvcnMgbXVzdCBiZSBpbiBzZWxmLXJlbGF0aXZlIGZvcm0gKGkuZS4sIGNvbnRpZ3VvdXMpLgogICAgICAvLyBUaGUgc2VjdXJpdHkgZGVzY3JpcHRvciByZXR1cm5lZCBieSBCdWlsZFNlY3VyaXR5RGVzY3JpcHRvclcgaXMKICAgICAgLy8gYWxyZWFkeSBzZWxmLXJlbGF0aXZlLCBidXQgaWYgeW91J3JlIHVzaW5nIGFub3RoZXIgbWVjaGFuaXNtIHRvIGJ1aWxkCiAgICAgIC8vIHRoZSBkZXNjcmlwdG9yLCB5b3UgbWF5IGhhdmUgdG8gY29udmVydCBpdC4gU2VlIE1ha2VTZWxmUmVsYXRpdmVTRCBmb3IKICAgICAgLy8gZGV0YWlscy4KICAgICAgc2RCbG9iLnNpemUgPSBzZExlbjsKICAgICAgc2RCbG9iLmRhdGEgPSAoVUlOVDgqKXNkOwoKICAgICAgY29uZHNbbnVtQ29uZHNdLmZpZWxkS2V5ID0gRldQTV9DT05ESVRJT05fQUxFX1VTRVJfSUQ7CiAgICAgIGNvbmRzW251bUNvbmRzXS5tYXRjaFR5cGUgPSBGV1BfTUFUQ0hfRVFVQUw7CiAgICAgIGNvbmRzW251bUNvbmRzXS5jb25kaXRpb25WYWx1ZS50eXBlID0gRldQX1NFQ1VSSVRZX0RFU0NSSVBUT1JfVFlQRTsKICAgICAgY29uZHNbbnVtQ29uZHNdLmNvbmRpdGlvblZhbHVlLnNkID0gJnNkQmxvYjsKICAgICAgKytudW1Db25kczsKICAgfQoKICAgLy8gQWRkIGFuIEZXUE1fQ09ORElUSU9OX0FMRV9BUFBfSUQgY29uZGl0aW9uIGlmIHJlcXVlc3RlZC4KICAgaWYgKGFwcFBhdGggIT0gTlVMTCkKICAgewogICAgICAvLyBhcHBQYXRoIG11c3QgYmUgYSBmdWxseS1xdWFsaWZpZWQgZmlsZSBuYW1lLCBhbmQgdGhlIGZpbGUgbXVzdAogICAgICAvLyBleGlzdCBvbiB0aGUgbG9jYWwgbWFjaGluZS4KICAgICAgcmVzdWx0ID0gRndwbUdldEFwcElkRnJvbUZpbGVOYW1lMChhcHBQYXRoLCAmYXBwQmxvYik7CiAgICAgIEVYSVRfT05fRVJST1IoRndwbUdldEFwcElkRnJvbUZpbGVOYW1lMCk7CgogICAgICBjb25kc1tudW1Db25kc10uZmllbGRLZXkgPSBGV1BNX0NPTkRJVElPTl9BTEVfQVBQX0lEOwogICAgICBjb25kc1tudW1Db25kc10ubWF0Y2hUeXBlID0gRldQX01BVENIX0VRVUFMOwogICAgICBjb25kc1tudW1Db25kc10uY29uZGl0aW9uVmFsdWUudHlwZSA9IEZXUF9CWVRFX0JMT0JfVFlQRTsKICAgICAgY29uZHNbbnVtQ29uZHNdLmNvbmRpdGlvblZhbHVlLmJ5dGVCbG9iID0gYXBwQmxvYjsKICAgICAgKytudW1Db25kczsKICAgfQoKICAgbWVtc2V0KCZmaWx0ZXIsIDAsIHNpemVvZihmaWx0ZXIpKTsKICAgLy8gRm9yIE1VSSBjb21wYXRpYmlsaXR5LCBvYmplY3QgbmFtZXMgc2hvdWxkIGJlIGluZGlyZWN0IHN0cmluZ3MuIFNlZQogICAvLyBTSExvYWRJbmRpcmVjdFN0cmluZyBmb3IgZGV0YWlscy4KICAgZmlsdGVyLmRpc3BsYXlEYXRhLm5hbWUgPSAoUFdTVFIpZmlsdGVyTmFtZTsKICAgLy8gTGluayBhbGwgb2JqZWN0cyB0byBvdXIgcHJvdmlkZXIuIFdoZW4gbXVsdGlwbGUgcHJvdmlkZXJzIGFyZSBpbnN0YWxsZWQKICAgLy8gb24gYSBjb21wdXRlciwgdGhpcyBtYWtlcyBpdCBlYXN5IHRvIGRldGVybWluZSB3aG8gYWRkZWQgd2hhdC4KICAgZmlsdGVyLnByb3ZpZGVyS2V5ID0gKEdVSUQqKXByb3ZpZGVyS2V5OwogICBmaWx0ZXIubGF5ZXJLZXkgPSAqbGF5ZXJLZXk7CiAgIC8vIEdlbmVyYWxseSwgaXQncyBiZXN0IHRvIGFkZCBmaWx0ZXJzIHRvIG91ciBvd24gc3VibGF5ZXIsIHNvIHdlIGRvbid0IGhhdmUKICAgLy8gdG8gd29ycnkgYWJvdXQgYmVpbmcgb3ZlcnJpZGRlbiBieSBmaWx0ZXJzIGFkZGVkIGJ5IGFub3RoZXIgcHJvdmlkZXIuCiAgIGlmIChzdWJMYXllcktleSAhPSBOVUxMKQogICB7CiAgICAgIGZpbHRlci5zdWJMYXllcktleSA9ICpzdWJMYXllcktleTsKICAgfQogICBmaWx0ZXIubnVtRmlsdGVyQ29uZGl0aW9ucyA9IG51bUNvbmRzOwogICBpZiAobnVtQ29uZHMgPiAwKQogICB7CiAgICAgIGZpbHRlci5maWx0ZXJDb25kaXRpb24gPSBjb25kczsKICAgfQogICBmaWx0ZXIuYWN0aW9uLnR5cGUgPSBhY3Rpb25UeXBlOwoKICAgcmVzdWx0ID0gRndwbUZpbHRlckFkZDAoZW5naW5lLCAmZmlsdGVyLCBOVUxMLCBmaWx0ZXJJZCk7CiAgIEVYSVRfT05fRVJST1IoRndwbUZpbHRlckFkZDApOwoKQ0xFQU5VUDoKICAgRndwbUZyZWVNZW1vcnkwKCh2b2lkKiopJmFwcEJsb2IpOwogICBMb2NhbEZyZWUoc2QpOwogICByZXR1cm4gcmVzdWx0Owp9Cgo=

MA==

Standard input is empty