search

dahall / Vanara

A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
MIT License
1.81k stars 196 forks source link

FwpUClnt.FWPM_FILTER0.filterId is broken #475

Closed Signum21 closed 3 months ago

Signum21 commented 3 months ago

Describe the bug and how to reproduce

I'm enumerating the wfp filters. The name, description and filterKey are correctly extracted but the filterId is 0 for all filters.

What code is involved

FwpUClnt.FwpmFilterEnum0(engineHandle, filterEnumHandle, 2500, out FwpUClnt.SafeFwpmMem filters, out uint filterslength);
FwpUClnt.FWPM_FILTER0[] filtersArray = filters.ToArray<FwpUClnt.FWPM_FILTER0>(filterslength, true);

foreach (FwpUClnt.FWPM_FILTER0 filter in filtersArray)
{
    Console.WriteLine(filter.displayData.name);
    Console.WriteLine(filter.displayData.description);
    Console.WriteLine(filter.filterId);
    Console.WriteLine(filter.filterKey + Environment.NewLine);
}

Expected behavior

The filterId should be different and not 0 (I confirmed this with another tool).

dahall commented 3 months ago

Thanks. I had a size bug in FWP_VALUE0 causing the problem. It is fixed and can be found in 4.0.3 (soon to be released) or on the AppVeyor repository as pre-release (see readme).

I would strongly encourage the use of the overload for FwpmFilterEnum0 that tucks the array inside a memory manager.

FwpmFilterEnum0(engineHandle, out SafeFwpmArray<FWPM_FILTER0> h);
foreach (FWPM_FILTER0 e in h)
   ...