gpt4 book ai didi

c++ - Windows 防火墙 C++ API - 如何正确清理 COM 资源?

转载 作者:行者123 更新时间:2023-12-01 15:10:50 28 4
gpt4 key购买 nike

我正在尝试使用基于 COM 的 Windows 防火墙 API 来遍历现有的防火墙规则,并找出其中是否存在一个特定规则。

目前我很难理解 Cleanup 中发生的事情。此示例的一部分 (https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ics/c-enumerating-firewall-rules):

/********************************************************************++
Copyright (C) Microsoft. All Rights Reserved.

Abstract:
This C++ file includes sample code for enumerating Windows Firewall
rules using the Microsoft Windows Firewall APIs.

********************************************************************/

#include <windows.h>
#include <stdio.h>
#include <comutil.h>
#include <atlcomcli.h>
#include <netfw.h>

#pragma comment( lib, "ole32.lib" )
#pragma comment( lib, "oleaut32.lib" )

#define NET_FW_IP_PROTOCOL_TCP_NAME L"TCP"
#define NET_FW_IP_PROTOCOL_UDP_NAME L"UDP"

#define NET_FW_RULE_DIR_IN_NAME L"In"
#define NET_FW_RULE_DIR_OUT_NAME L"Out"

#define NET_FW_RULE_ACTION_BLOCK_NAME L"Block"
#define NET_FW_RULE_ACTION_ALLOW_NAME L"Allow"

#define NET_FW_RULE_ENABLE_IN_NAME L"TRUE"
#define NET_FW_RULE_DISABLE_IN_NAME L"FALSE"


// Forward declarations
void DumpFWRulesInCollection(INetFwRule* FwRule);
HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2);


int __cdecl main()
{
HRESULT hrComInit = S_OK;
HRESULT hr = S_OK;

ULONG cFetched = 0;
CComVariant var;

IUnknown *pEnumerator;
IEnumVARIANT* pVariant = NULL;

INetFwPolicy2 *pNetFwPolicy2 = NULL;
INetFwRules *pFwRules = NULL;
INetFwRule *pFwRule = NULL;

long fwRuleCount;

// Initialize COM.
hrComInit = CoInitializeEx(
0,
COINIT_APARTMENTTHREADED
);

// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
// initialized with a different mode. Since we don't care what the mode is,
// we'll just use the existing mode.
if (hrComInit != RPC_E_CHANGED_MODE)
{
if (FAILED(hrComInit))
{
wprintf(L"CoInitializeEx failed: 0x%08lx\n", hrComInit);
goto Cleanup;
}
}

// Retrieve INetFwPolicy2
hr = WFCOMInitialize(&pNetFwPolicy2);
if (FAILED(hr))
{
goto Cleanup;
}

// Retrieve INetFwRules
hr = pNetFwPolicy2->get_Rules(&pFwRules);
if (FAILED(hr))
{
wprintf(L"get_Rules failed: 0x%08lx\n", hr);
goto Cleanup;
}

// Obtain the number of Firewall rules
hr = pFwRules->get_Count(&fwRuleCount);
if (FAILED(hr))
{
wprintf(L"get_Count failed: 0x%08lx\n", hr);
goto Cleanup;
}

wprintf(L"The number of rules in the Windows Firewall are %d\n", fwRuleCount);

// Iterate through all of the rules in pFwRules
pFwRules->get__NewEnum(&pEnumerator);

if(pEnumerator)
{
hr = pEnumerator->QueryInterface(__uuidof(IEnumVARIANT), (void **) &pVariant);
}

while(SUCCEEDED(hr) && hr != S_FALSE)
{
var.Clear();
hr = pVariant->Next(1, &var, &cFetched);

if (S_FALSE != hr)
{
if (SUCCEEDED(hr))
{
hr = var.ChangeType(VT_DISPATCH);
}
if (SUCCEEDED(hr))
{
hr = (V_DISPATCH(&var))->QueryInterface(__uuidof(INetFwRule), reinterpret_cast<void**>(&pFwRule));
}

if (SUCCEEDED(hr))
{
// Output the properties of this rule
DumpFWRulesInCollection(pFwRule);
}
}
}

Cleanup:

// Release pFwRule
if (pFwRule != NULL)
{
pFwRule->Release();
}

// Release INetFwPolicy2
if (pNetFwPolicy2 != NULL)
{
pNetFwPolicy2->Release();
}

// Uninitialize COM.
if (SUCCEEDED(hrComInit))
{
CoUninitialize();
}

return 0;
}


// Output properties of a Firewall rule
void DumpFWRulesInCollection(INetFwRule* FwRule)
{
variant_t InterfaceArray;
variant_t InterfaceString;

VARIANT_BOOL bEnabled;
BSTR bstrVal;

long lVal = 0;
long lProfileBitmask = 0;

NET_FW_RULE_DIRECTION fwDirection;
NET_FW_ACTION fwAction;

struct ProfileMapElement
{
NET_FW_PROFILE_TYPE2 Id;
LPCWSTR Name;
};

ProfileMapElement ProfileMap[3];
ProfileMap[0].Id = NET_FW_PROFILE2_DOMAIN;
ProfileMap[0].Name = L"Domain";
ProfileMap[1].Id = NET_FW_PROFILE2_PRIVATE;
ProfileMap[1].Name = L"Private";
ProfileMap[2].Id = NET_FW_PROFILE2_PUBLIC;
ProfileMap[2].Name = L"Public";

wprintf(L"---------------------------------------------\n");

if (SUCCEEDED(FwRule->get_Name(&bstrVal)))
{
wprintf(L"Name: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_Description(&bstrVal)))
{
wprintf(L"Description: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_ApplicationName(&bstrVal)))
{
wprintf(L"Application Name: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_ServiceName(&bstrVal)))
{
wprintf(L"Service Name: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_Protocol(&lVal)))
{
switch(lVal)
{
case NET_FW_IP_PROTOCOL_TCP:

wprintf(L"IP Protocol: %s\n", NET_FW_IP_PROTOCOL_TCP_NAME);
break;

case NET_FW_IP_PROTOCOL_UDP:

wprintf(L"IP Protocol: %s\n", NET_FW_IP_PROTOCOL_UDP_NAME);
break;

default:

break;
}

if(lVal != NET_FW_IP_VERSION_V4 && lVal != NET_FW_IP_VERSION_V6)
{
if (SUCCEEDED(FwRule->get_LocalPorts(&bstrVal)))
{
wprintf(L"Local Ports: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_RemotePorts(&bstrVal)))
{
wprintf(L"Remote Ports: %s\n", bstrVal);
}
}
else
{
if (SUCCEEDED(FwRule->get_IcmpTypesAndCodes(&bstrVal)))
{
wprintf(L"ICMP TypeCode: %s\n", bstrVal);
}
}
}

if (SUCCEEDED(FwRule->get_LocalAddresses(&bstrVal)))
{
wprintf(L"LocalAddresses: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_RemoteAddresses(&bstrVal)))
{
wprintf(L"RemoteAddresses: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_Profiles(&lProfileBitmask)))
{
// The returned bitmask can have more than 1 bit set if multiple profiles
// are active or current at the same time

for (int i=0; i<3; i++)
{
if ( lProfileBitmask & ProfileMap[i].Id )
{
wprintf(L"Profile: %s\n", ProfileMap[i].Name);
}
}
}

if (SUCCEEDED(FwRule->get_Direction(&fwDirection)))
{
switch(fwDirection)
{
case NET_FW_RULE_DIR_IN:

wprintf(L"Direction: %s\n", NET_FW_RULE_DIR_IN_NAME);
break;

case NET_FW_RULE_DIR_OUT:

wprintf(L"Direction: %s\n", NET_FW_RULE_DIR_OUT_NAME);
break;

default:

break;
}
}

if (SUCCEEDED(FwRule->get_Action(&fwAction)))
{
switch(fwAction)
{
case NET_FW_ACTION_BLOCK:

wprintf(L"Action: %s\n", NET_FW_RULE_ACTION_BLOCK_NAME);
break;

case NET_FW_ACTION_ALLOW:

wprintf(L"Action: %s\n", NET_FW_RULE_ACTION_ALLOW_NAME);
break;

default:

break;
}
}

if (SUCCEEDED(FwRule->get_Interfaces(&InterfaceArray)))
{
if(InterfaceArray.vt != VT_EMPTY)
{
SAFEARRAY *pSa = NULL;

pSa = InterfaceArray.parray;

for(long index= pSa->rgsabound->lLbound; index < (long)pSa->rgsabound->cElements; index++)
{
SafeArrayGetElement(pSa, &index, &InterfaceString);
wprintf(L"Interfaces: %s\n", (BSTR)InterfaceString.bstrVal);
}
}
}

if (SUCCEEDED(FwRule->get_InterfaceTypes(&bstrVal)))
{
wprintf(L"Interface Types: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_Enabled(&bEnabled)))
{
if (bEnabled)
{
wprintf(L"Enabled: %s\n", NET_FW_RULE_ENABLE_IN_NAME);
}
else
{
wprintf(L"Enabled: %s\n", NET_FW_RULE_DISABLE_IN_NAME);
}
}

if (SUCCEEDED(FwRule->get_Grouping(&bstrVal)))
{
wprintf(L"Grouping: %s\n", bstrVal);
}

if (SUCCEEDED(FwRule->get_EdgeTraversal(&bEnabled)))
{
if (bEnabled)
{
wprintf(L"Edge Traversal: %s\n", NET_FW_RULE_ENABLE_IN_NAME);
}
else
{
wprintf(L"Edge Traversal: %s\n", NET_FW_RULE_DISABLE_IN_NAME);
}
}
}


// Instantiate INetFwPolicy2
HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2)
{
HRESULT hr = S_OK;

hr = CoCreateInstance(
__uuidof(NetFwPolicy2),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwPolicy2),
(void**)ppNetFwPolicy2);

if (FAILED(hr))
{
wprintf(L"CoCreateInstance for INetFwPolicy2 failed: 0x%08lx\n", hr);
goto Cleanup;
}

Cleanup:
return hr;
}

特别是,这些行让我感到困惑:
    // Release pFwRule
if (pFwRule != NULL)
{
pFwRule->Release();
}
pFwRule指针在每次迭代时都会被覆盖,所以这里我们是明确的 Release只输入 最后 通过 QueryInterface 获得的规则在 while上面循环。
Release从成功调用 QueryInterface 获得的指针是合乎逻辑的,因为 QueryInterface来电 AddRef在返回之前(在文档中明确说明)。

但我无法理解的是:
  • 我们为什么不 Release在查询循环中的下一个规则之前所有以前遍历的规则?它们是否在某处被隐式释放?是否 QueryInterface调用Release卧底以防非空指针传递给它?
  • 我们为什么不调用ReleasepFwRules ? INetFwPolicy2::get_Rules 不是吗?函数给我们一个指向 COM 对象的新指针,即 AddRef 'ed 在返回给我们之前(因此最终必须是调用者的 Release d)?
  • 关于 pEnumerator 的相同问题从 get__NewEnum 获得的指针: 我们为什么不 Release这个也是?
  • 最佳答案

    该代码确实泄漏了 COM 内存。

    每次调用接口(interface)的 AddRef()方法必须对其 Release() 进行匹配调用方法。任何输出接口(interface)指针的函数调用都必须调用 AddRef()在退出之前,调用者必须调用 Release()之后就可以了。

    一般规则是,对于任何向调用者分配和返回内存的函数,调用者在使用完它后必须释放它。

    所以,回答你的问题:

  • 是的,缺少对 Release() 的调用在这段代码中,所以有 COM 接口(interface)被泄露 - 具体来说:pFwRules , pEnumerator , 和 pFwRule不是 Release()会正确的。
  • DumpFWRulesInCollection()也泄漏了 COM 内存。它没有释放任何 BSTR FwRule 输出的字符串的方法。
    而且,当它调用 SafeArrayGetElement()在一个循环中,它没有清除 InterfaceString在每次迭代中。
  • 不,QueryInterface()不隐含 Release()一个非空指针。就像 SafeArrayGetElement()不清除正在写入的元素。
  • 关于c++ - Windows 防火墙 C++ API - 如何正确清理 COM 资源?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60792452/

    28 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com