From d93991d82854916739a29eee636ebe379b107bef Mon Sep 17 00:00:00 2001
From: Gary zhao <263659@qq.com>
Date: Mon, 11 Apr 2022 14:13:46 +0800
Subject: [PATCH] 1.0.0.24
---
ProcessInjector/ProcessInjector.csproj | 2 +-
WPELibrary/Lib/MainClass.cs | 27 --
WPELibrary/Lib/Socket_Cache.cs | 76 +++--
WPELibrary/Lib/Socket_Operation.cs | 46 ++-
WPELibrary/Lib/Socket_Packet.cs | 24 +-
WPELibrary/Lib/WinSockHook.cs | 408 +++++++++++++++++++------
WPELibrary/Socket_Form.Designer.cs | 67 ++--
WPELibrary/WPELibrary.csproj | 3 +-
8 files changed, 450 insertions(+), 203 deletions(-)
delete mode 100644 WPELibrary/Lib/MainClass.cs
diff --git a/ProcessInjector/ProcessInjector.csproj b/ProcessInjector/ProcessInjector.csproj
index e45eb4f..916c14e 100644
--- a/ProcessInjector/ProcessInjector.csproj
+++ b/ProcessInjector/ProcessInjector.csproj
@@ -27,7 +27,7 @@
X-NAS
true
publish.htm
- 24
+ 25
1.0.0.%2a
false
true
diff --git a/WPELibrary/Lib/MainClass.cs b/WPELibrary/Lib/MainClass.cs
deleted file mode 100644
index daeba6b..0000000
--- a/WPELibrary/Lib/MainClass.cs
+++ /dev/null
@@ -1,27 +0,0 @@
-using EasyHook;
-using System.Windows.Forms;
-
-namespace WPELibrary.Lib
-{
- public class MainClass : IEntryPoint
- {
- [System.Runtime.InteropServices.DllImport("user32.dll")]
- private static extern bool SetProcessDPIAware();
- public MainClass(RemoteHooking.IContext context, string channelName)
- {
- //
- }
-
- public void Run(RemoteHooking.IContext context, string channelName)
- {
- if (System.Environment.OSVersion.Version.Major >= 6)
- {
- SetProcessDPIAware();
- }
-
- Application.EnableVisualStyles();
- Application.SetCompatibleTextRenderingDefault(false);
- Application.Run(new Socket_Form());
- }
- }
-}
diff --git a/WPELibrary/Lib/Socket_Cache.cs b/WPELibrary/Lib/Socket_Cache.cs
index 3864e2e..baa276c 100644
--- a/WPELibrary/Lib/Socket_Cache.cs
+++ b/WPELibrary/Lib/Socket_Cache.cs
@@ -36,7 +36,11 @@ public static void SocketToQueue(int iSocket, IntPtr ipBuff, int iLen, Socket_Pa
private static void SocketToQueue_Thread(object ob)
{
Socket_Packet sp = (Socket_Packet)ob;
- qSocket_Packet.Enqueue(sp);
+
+ lock (qSocket_Packet)
+ {
+ qSocket_Packet.Enqueue(sp);
+ }
}
#endregion
@@ -102,31 +106,45 @@ public static void SocketToList(int iMax_DataLen)
string sIP_From = "", sIP_To = "";
- if (sType.Equals(Socket_Packet.SocketType.Recv))
- {
- sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.To);
- sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
- }
- else if (sType.Equals(Socket_Packet.SocketType.Send))
- {
- sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
- sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.To);
- }
- else if (sType.Equals(Socket_Packet.SocketType.SendTo))
- {
- sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
- sIP_To = Socket_Operation.GetSocketIP(sAddr.sin_addr, sAddr.sin_port);
- }
- else if (sType.Equals(Socket_Packet.SocketType.RecvFrom))
- {
- sIP_From = Socket_Operation.GetSocketIP(sAddr.sin_addr, sAddr.sin_port);
- sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
- }
- else
- {
- sIP_From = "127.0.0.1";
- sIP_To = "127.0.0.1";
- }
+ switch (sType)
+ {
+ case Socket_Packet.SocketType.Recv:
+
+ sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.To);
+ sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
+
+ break;
+ case Socket_Packet.SocketType.WSARecv:
+
+ sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.To);
+ sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
+
+ break;
+ case Socket_Packet.SocketType.Send:
+
+ sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
+ sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.To);
+
+ break;
+ case Socket_Packet.SocketType.WSASend:
+
+ sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
+ sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.To);
+
+ break;
+ case Socket_Packet.SocketType.SendTo:
+
+ sIP_From = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
+ sIP_To = Socket_Operation.GetSocketIP(sAddr.sin_addr, sAddr.sin_port);
+
+ break;
+ case Socket_Packet.SocketType.RecvFrom:
+
+ sIP_From = Socket_Operation.GetSocketIP(sAddr.sin_addr, sAddr.sin_port);
+ sIP_To = Socket_Operation.GetSocketIP(iSocket, Socket_Packet.IPType.From);
+
+ break;
+ }
Socket_Packet_Info si = new Socket_Packet_Info(iIndex, sType, iSocket, sIP_From, sIP_To, iResLen, sData, bBuffer);
@@ -258,7 +276,11 @@ public static void LogToQueue(string sLogContent)
private static void LogToQueue_Thread(object ob)
{
Socket_Log sl = (Socket_Log)ob;
- qSocket_Log.Enqueue(sl);
+
+ lock (qSocket_Log)
+ {
+ qSocket_Log.Enqueue(sl);
+ }
}
#endregion
diff --git a/WPELibrary/Lib/Socket_Operation.cs b/WPELibrary/Lib/Socket_Operation.cs
index bf06d9e..0038544 100644
--- a/WPELibrary/Lib/Socket_Operation.cs
+++ b/WPELibrary/Lib/Socket_Operation.cs
@@ -290,24 +290,36 @@ public static string GetSocketType_CN(Socket_Packet.SocketType stType)
case Socket_Packet.SocketType.Send:
sReturn = "发送";
break;
+ case Socket_Packet.SocketType.WSASend:
+ sReturn = "WSA发送";
+ break;
case Socket_Packet.SocketType.SendTo:
sReturn = "发送到";
break;
case Socket_Packet.SocketType.Recv:
sReturn = "接收";
break;
+ case Socket_Packet.SocketType.WSARecv:
+ sReturn = "WSA接收";
+ break;
case Socket_Packet.SocketType.RecvFrom:
sReturn = "接收自";
break;
case Socket_Packet.SocketType.Send_Interecept:
sReturn = "拦截-发送";
break;
+ case Socket_Packet.SocketType.WSASend_Interecept:
+ sReturn = "拦截-WSA发送";
+ break;
case Socket_Packet.SocketType.SendTo_Interecept:
sReturn = "拦截-发送到";
break;
case Socket_Packet.SocketType.Recv_Interecept:
sReturn = "拦截-接收";
break;
+ case Socket_Packet.SocketType.WSARecv_Interecept:
+ sReturn = "拦截-WSA接收";
+ break;
case Socket_Packet.SocketType.RecvFrom_Interecept:
sReturn = "拦截-接收自";
break;
@@ -360,6 +372,7 @@ public static bool ISShow_SocketInfo(Socket_Packet s)
bool bISShow_BySize = ISShow_BySize(iResLen);
if (!bISShow_BySize)
{
+ DoLog("[过滤封包大小] " + iResLen.ToString());
return false;
}
@@ -367,6 +380,7 @@ public static bool ISShow_SocketInfo(Socket_Packet s)
bool bISShow_BySocket = ISShow_BySocket(iSocket);
if (!bISShow_BySocket)
{
+ DoLog("[过滤套接字] " + iSocket.ToString());
return false;
}
@@ -374,6 +388,7 @@ public static bool ISShow_SocketInfo(Socket_Packet s)
bool bISShow_ByIP = ISShow_ByIP(sIP_From, sIP_To);
if (!bISShow_ByIP)
{
+ DoLog("[过滤IP地址] " + sIP_From + " / " + sIP_To);
return false;
}
@@ -382,6 +397,7 @@ public static bool ISShow_SocketInfo(Socket_Packet s)
bool bISShow_ByPacket = ISShow_ByPacket(sPacket);
if (!bISShow_ByPacket)
{
+ DoLog("[过滤封包内容] " + sPacket);
return false;
}
@@ -780,21 +796,35 @@ public static void ShowMessageBox(string sMessage)
#region//日志
public static void DoLog_HookInfo(Socket_Packet.SocketType sType, int iSocket, int iLen, int iRes)
{
- if (bDoLog_Hook)
+ try
{
- string sTypeCN = GetSocketType_CN(sType);
+ if (bDoLog_Hook)
+ {
+ string sTypeCN = GetSocketType_CN(sType);
- string sLog = "[" + sTypeCN + "]" + " - " + iSocket.ToString() + "," + iRes.ToString() + " / " + iLen.ToString();
- DoLog(sLog);
- }
+ string sLog = "[" + sTypeCN + "]" + " - " + iSocket.ToString() + "," + iRes.ToString() + " / " + iLen.ToString();
+ DoLog(sLog);
+ }
+ }
+ catch (Exception ex)
+ {
+ DoLog(ex.Message);
+ }
}
public static void DoLog(string sLogContent)
{
- if (bDoLog)
+ try
{
- Socket_Cache.LogQueue.LogToQueue(sLogContent);
- }
+ if (bDoLog)
+ {
+ Socket_Cache.LogQueue.LogToQueue(sLogContent);
+ }
+ }
+ catch (Exception ex)
+ {
+ DoLog(ex.Message);
+ }
}
#endregion
}
diff --git a/WPELibrary/Lib/Socket_Packet.cs b/WPELibrary/Lib/Socket_Packet.cs
index 94e2f43..0ffd38d 100644
--- a/WPELibrary/Lib/Socket_Packet.cs
+++ b/WPELibrary/Lib/Socket_Packet.cs
@@ -21,16 +21,26 @@ public struct sockaddr
public byte[] sin_zero;
}
+ public unsafe struct WSABUF
+ {
+ public Int32 len;
+ public IntPtr buf;
+ }
+
public enum SocketType
{
Send = 1,
- SendTo = 2,
- Recv = 3,
- RecvFrom = 4,
- Send_Interecept = 5,
- SendTo_Interecept = 6,
- Recv_Interecept = 7,
- RecvFrom_Interecept = 8,
+ WSASend = 2,
+ SendTo = 3,
+ Recv = 4,
+ WSARecv = 5,
+ RecvFrom = 6,
+ Send_Interecept = 7,
+ WSASend_Interecept = 8,
+ SendTo_Interecept = 9,
+ Recv_Interecept = 10,
+ WSARecv_Interecept = 11,
+ RecvFrom_Interecept = 12,
}
public enum IPType
diff --git a/WPELibrary/Lib/WinSockHook.cs b/WPELibrary/Lib/WinSockHook.cs
index f4cadda..d606fce 100644
--- a/WPELibrary/Lib/WinSockHook.cs
+++ b/WPELibrary/Lib/WinSockHook.cs
@@ -1,92 +1,185 @@
using System;
+using System.Windows.Forms;
using System.Runtime.InteropServices;
using EasyHook;
namespace WPELibrary.Lib
{
- public class WinSockHook
- {
- private LocalHook lhSend, lhSendTo, lhRecv, lhRecvFrom;
+ public class WinSockHook : IEntryPoint
+ {
+ private LocalHook lhSend, lhSendTo, lhRecv, lhRecvFrom, lhWSASend, lhWSARecv;
+
+ #region//user32.dll
+
+ [DllImport("user32.dll")]
+ private static extern bool SetProcessDPIAware();
+
+ #endregion
+
+ #region//ws2_32.dll WSAGetLastError
+
+ [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
+ private static extern int WSAGetLastError();
+
+ #endregion
#region//ws2_32.dll Send Hook
[DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
- private static extern int send(int socket, IntPtr buffer, int length, int flags);
+ private unsafe static extern Int32 send(Int32 socket, IntPtr buffer, Int32 length, Int32 flags);
+
+ [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
+ unsafe delegate Int32 DSend(Int32 s, IntPtr buf, Int32 len, Int32 flags);
- [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
- delegate int SendHook(int socket, IntPtr buffer, int length, int flags);
- private int Send_Hook(int socket, IntPtr buffer, int length, int flags)
+ private static unsafe Int32 Send_Hook(Int32 socket, IntPtr buffer, Int32 length, Int32 flags)
{
- int res = 0;
- Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+ Int32 res = 0;
- if (Socket_Cache.Interecept_Send)
+ try
{
- Socket_Cache.SocketQueue.Interecept_CNT++;
- stSocketType = Socket_Packet.SocketType.Send_Interecept;
+ Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
- Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
- }
- else
- {
- Filter_List.DoFilter(buffer, length);
+ if (Socket_Cache.Interecept_Send)
+ {
+ byte[] bBuff_NULL = new byte[length];
+ Socket_Operation.SetByteToIntPtr(bBuff_NULL, buffer, length);
+
+ Socket_Cache.SocketQueue.Interecept_CNT++;
+ stSocketType = Socket_Packet.SocketType.Send_Interecept;
+ }
+ else
+ {
+ stSocketType = Socket_Packet.SocketType.Send;
+ Filter_List.DoFilter(buffer, length);
+ }
res = send(socket, buffer, length, flags);
- if (res > 0)
+ if (res > 0 && length > 0)
{
- if (Socket_Cache.Display_Send)
+ if (Socket_Cache.Display_Send && !Socket_Cache.Interecept_Send)
{
Socket_Cache.SocketQueue.Send_CNT++;
- stSocketType = Socket_Packet.SocketType.Send;
Socket_Cache.SocketQueue.SocketToQueue(socket, buffer, length, stSocketType, new Socket_Packet.sockaddr(), res);
+ }
+ }
+
+ Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
+ }
+
+ return res;
+ }
+
+ #endregion
+
+ #region//ws2_32.dll WSASend Hook
+
+ [DllImport("ws2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
+ private unsafe static extern Int32 WSASend(Int32 Socket, IntPtr lpBuffers, UInt32 dwBufferCount, IntPtr lpNumberOfBytesSent, UInt32 dwFlags, IntPtr lpOverlapped, IntPtr lpCompletionRoutine);
+
+ [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
+ unsafe delegate Int32 DWSASend(Int32 Socket, IntPtr lpBuffers, UInt32 dwBufferCount, IntPtr lpNumberOfBytesSent, UInt32 dwFlags, IntPtr lpOverlapped, IntPtr lpCompletionRoutine);
+
+ private static unsafe Int32 WSASend_Hook(Int32 Socket, IntPtr lpBuffers, UInt32 dwBufferCount, IntPtr lpNumberOfBytesSent, UInt32 dwFlags, IntPtr lpOverlapped, IntPtr lpCompletionRoutine)
+ {
+ Int32 res = 0;
+ int BytesSent = 0;
+
+ try
+ {
+ Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+
+ Socket_Packet.WSABUF wsBuffer;
+ wsBuffer = (Socket_Packet.WSABUF)Marshal.PtrToStructure(lpBuffers, typeof(Socket_Packet.WSABUF));
- Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ if (Socket_Cache.Interecept_Send)
+ {
+ byte[] bBuff_NULL = new byte[wsBuffer.len];
+ Socket_Operation.SetByteToIntPtr(bBuff_NULL, wsBuffer.buf, wsBuffer.len);
+
+ Socket_Cache.SocketQueue.Interecept_CNT++;
+ stSocketType = Socket_Packet.SocketType.WSASend_Interecept;
+ }
+ else
+ {
+ stSocketType = Socket_Packet.SocketType.WSASend;
+
+ Filter_List.DoFilter(wsBuffer.buf, (int)wsBuffer.len);
+ }
+
+ res = WSASend(Socket, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
+ BytesSent = Marshal.ReadInt32(lpNumberOfBytesSent);
+
+ if (res == 0 && BytesSent > 0)
+ {
+ if (Socket_Cache.Display_Send && !Socket_Cache.Interecept_Send)
+ {
+ Socket_Cache.SocketQueue.Send_CNT++;
+ Socket_Cache.SocketQueue.SocketToQueue(Socket, wsBuffer.buf, wsBuffer.len, stSocketType, new Socket_Packet.sockaddr(), BytesSent);
}
- }
- }
+ }
+
+ Socket_Operation.DoLog_HookInfo(stSocketType, Socket, wsBuffer.len, BytesSent);
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
+ }
return res;
}
- #endregion
+ #endregion
#region//ws2_32.dll SendTo Hook
[DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
- private static extern int sendto(int socket, IntPtr buffer, int length, int flags, ref Socket_Packet.sockaddr To, ref int toLenth);
+ private unsafe static extern Int32 sendto(Int32 socket, IntPtr buffer, Int32 length, Int32 flags, ref Socket_Packet.sockaddr To, ref Int32 toLenth);
- [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
- delegate int SendToHook(int socket, IntPtr buffer, int length, int flags, ref Socket_Packet.sockaddr To, ref int toLenth);
- private int SendTo_Hook(int socket, IntPtr buffer, int length, int flags, ref Socket_Packet.sockaddr To, ref int toLenth)
+ [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
+ unsafe delegate Int32 DSendTo(Int32 socket, IntPtr buffer, Int32 length, Int32 flags, ref Socket_Packet.sockaddr To, ref Int32 toLenth);
+ private static unsafe Int32 SendTo_Hook(Int32 socket, IntPtr buffer, Int32 length, Int32 flags, ref Socket_Packet.sockaddr To, ref Int32 toLenth)
{
- int res = 0;
- Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+ Int32 res = 0;
- if (Socket_Cache.Interecept_SendTo)
+ try
{
- Socket_Cache.SocketQueue.Interecept_CNT++;
- stSocketType = Socket_Packet.SocketType.SendTo_Interecept;
+ Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
- Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
- }
- else
- {
- Filter_List.DoFilter(buffer, length);
+ if (Socket_Cache.Interecept_SendTo)
+ {
+ byte[] bBuff_NULL = new byte[length];
+ Socket_Operation.SetByteToIntPtr(bBuff_NULL, buffer, length);
+
+ Socket_Cache.SocketQueue.Interecept_CNT++;
+ stSocketType = Socket_Packet.SocketType.SendTo_Interecept;
+ }
+ else
+ {
+ stSocketType = Socket_Packet.SocketType.SendTo;
+ Filter_List.DoFilter(buffer, length);
+ }
res = sendto(socket, buffer, length, flags, ref To, ref toLenth);
- if (res > 0)
+ if (res > 0 && length > 0)
{
if (Socket_Cache.Display_SendTo)
{
- Socket_Cache.SocketQueue.Send_CNT++;
- stSocketType = Socket_Packet.SocketType.SendTo;
+ Socket_Cache.SocketQueue.Send_CNT++;
Socket_Cache.SocketQueue.SocketToQueue(socket, buffer, length, stSocketType, To, res);
-
- Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
}
}
+
+ Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
}
return res;
@@ -97,40 +190,49 @@ private int SendTo_Hook(int socket, IntPtr buffer, int length, int flags, ref So
#region//ws2_32.dll Recv Hook
[DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
- private static extern int recv(int socket, IntPtr buffer, int length, int flags);
+ private unsafe static extern Int32 recv(Int32 socket, IntPtr buffer, Int32 length, Int32 flags);
- [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
- delegate int RecvHook(int socket, IntPtr buffer, int length, int flags);
- private int Recv_Hook(int socket, IntPtr buffer, int length, int flags)
- {
- int res = 0;
- Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+ [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
+ unsafe delegate Int32 Drecv(Int32 socket, IntPtr buffer, Int32 length, Int32 flags);
- res = recv(socket, buffer, length, flags);
+ private static unsafe Int32 Recv_Hook(Int32 socket, IntPtr buffer, Int32 length, Int32 flags)
+ {
+ Int32 res = 0;
- if (res > 0)
+ try
{
- if (Socket_Cache.Interecept_Recv)
- {
- byte[] bBuff_NULL = new byte[res];
- Socket_Operation.SetByteToIntPtr(bBuff_NULL, buffer, res);
+ res = recv(socket, buffer, length, flags);
- Socket_Cache.SocketQueue.Interecept_CNT++;
- stSocketType = Socket_Packet.SocketType.Recv_Interecept;
- }
- else
+ Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+
+ if (res > 0)
{
- Filter_List.DoFilter(buffer, length);
+ if (Socket_Cache.Interecept_Recv)
+ {
+ byte[] bBuff_NULL = new byte[res];
+ Socket_Operation.SetByteToIntPtr(bBuff_NULL, buffer, res);
- if (Socket_Cache.Display_Recv)
+ Socket_Cache.SocketQueue.Interecept_CNT++;
+ stSocketType = Socket_Packet.SocketType.Recv_Interecept;
+ }
+ else
{
- Socket_Cache.SocketQueue.Recv_CNT++;
- stSocketType = Socket_Packet.SocketType.Recv;
- Socket_Cache.SocketQueue.SocketToQueue(socket, buffer, length, stSocketType, new Socket_Packet.sockaddr(), res);
+ Filter_List.DoFilter(buffer, length);
+
+ if (Socket_Cache.Display_Recv)
+ {
+ Socket_Cache.SocketQueue.Recv_CNT++;
+ stSocketType = Socket_Packet.SocketType.Recv;
+ Socket_Cache.SocketQueue.SocketToQueue(socket, buffer, length, stSocketType, new Socket_Packet.sockaddr(), res);
+ }
}
- }
- Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ }
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
}
return res;
@@ -138,43 +240,110 @@ private int Recv_Hook(int socket, IntPtr buffer, int length, int flags)
#endregion
- #region//ws2_32.dll RecvFrom Hook
+ #region//ws2_32.dll WSARecv Hook
[DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
- private static extern int recvfrom(int socket, IntPtr buffer, int length, int flags, ref Socket_Packet.sockaddr from, ref int fromLen);
+ private unsafe static extern Int32 WSARecv(Int32 Socket, IntPtr lpBuffers, Int32 dwBufferCount, IntPtr lpNumberOfBytesRecvd, Int32 flags, IntPtr overlapped, IntPtr completionRoutine);
- [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
- delegate int RecvFromHook(int socket, IntPtr buffer, int length, int flags, ref Socket_Packet.sockaddr from, ref int fromLen);
- private int RecvFrom_Hook(int socket, IntPtr buffer, int length, int flags, ref Socket_Packet.sockaddr from, ref int fromLen)
+ [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
+ unsafe delegate Int32 DWSARecv(Int32 Socket, IntPtr lpBuffers, Int32 dwBufferCount, IntPtr lpNumberOfBytesRecvd, Int32 flags, IntPtr overlapped, IntPtr completionRoutine);
+
+ private static unsafe Int32 WSARecv_Hook(Int32 Socket, IntPtr lpBuffers, Int32 dwBufferCount, IntPtr lpNumberOfBytesRecvd, Int32 flags, IntPtr overlapped, IntPtr completionRoutine)
{
- int res = 0;
- Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
-
- res = recvfrom(socket, buffer, length, flags, ref from, ref fromLen);
+ Int32 res = 0;
+ int BytesRecvd = 0;
- if (res > 0)
+ try
{
- if (Socket_Cache.Interecept_RecvFrom)
+ Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+
+ Socket_Packet.WSABUF wsBuffer;
+ wsBuffer = (Socket_Packet.WSABUF)Marshal.PtrToStructure(lpBuffers, typeof(Socket_Packet.WSABUF));
+
+ res = WSARecv(Socket, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, flags, overlapped, completionRoutine);
+ BytesRecvd = Marshal.ReadInt32(lpNumberOfBytesRecvd);
+
+ if (res == 0 && BytesRecvd > 0)
{
- byte[] bBuff_NULL = new byte[res];
- Socket_Operation.SetByteToIntPtr(bBuff_NULL, buffer, res);
+ if (Socket_Cache.Interecept_Recv)
+ {
+ byte[] bBuff_NULL = new byte[wsBuffer.len];
+ Socket_Operation.SetByteToIntPtr(bBuff_NULL, wsBuffer.buf, wsBuffer.len);
- Socket_Cache.SocketQueue.Interecept_CNT++;
- stSocketType = Socket_Packet.SocketType.RecvFrom_Interecept;
+ Socket_Cache.SocketQueue.Interecept_CNT++;
+ stSocketType = Socket_Packet.SocketType.WSARecv_Interecept;
+ }
+ else
+ {
+ Filter_List.DoFilter(wsBuffer.buf, wsBuffer.len);
+
+ if (Socket_Cache.Display_Recv)
+ {
+ Socket_Cache.SocketQueue.Recv_CNT++;
+ stSocketType = Socket_Packet.SocketType.WSARecv;
+ Socket_Cache.SocketQueue.SocketToQueue(Socket, wsBuffer.buf, wsBuffer.len, stSocketType, new Socket_Packet.sockaddr(), BytesRecvd);
+ }
+ }
+
+ Socket_Operation.DoLog_HookInfo(stSocketType, Socket, wsBuffer.len, BytesRecvd);
}
- else
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
+ }
+
+ return res;
+ }
+
+ #endregion
+
+ #region//ws2_32.dll RecvFrom Hook
+
+ [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
+ private unsafe static extern Int32 recvfrom(Int32 socket, IntPtr buffer, Int32 length, Int32 flags, ref Socket_Packet.sockaddr from, ref Int32 fromLen);
+
+ [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto, SetLastError = true)]
+ unsafe delegate Int32 DRecvFrom(Int32 socket, IntPtr buffer, Int32 length, Int32 flags, ref Socket_Packet.sockaddr from, ref Int32 fromLen);
+
+ private static unsafe Int32 RecvFrom_Hook(Int32 socket, IntPtr buffer, Int32 length, Int32 flags, ref Socket_Packet.sockaddr from, ref Int32 fromLen)
+ {
+ Int32 res = 0;
+
+ try
+ {
+ res = recvfrom(socket, buffer, length, flags, ref from, ref fromLen);
+
+ Socket_Packet.SocketType stSocketType = new Socket_Packet.SocketType();
+
+ if (res > 0)
{
- Filter_List.DoFilter(buffer, length);
+ if (Socket_Cache.Interecept_RecvFrom)
+ {
+ byte[] bBuff_NULL = new byte[res];
+ Socket_Operation.SetByteToIntPtr(bBuff_NULL, buffer, res);
- if (Socket_Cache.Display_RecvFrom)
+ Socket_Cache.SocketQueue.Interecept_CNT++;
+ stSocketType = Socket_Packet.SocketType.RecvFrom_Interecept;
+ }
+ else
{
- Socket_Cache.SocketQueue.Recv_CNT++;
- stSocketType = Socket_Packet.SocketType.RecvFrom;
- Socket_Cache.SocketQueue.SocketToQueue(socket, buffer, length, stSocketType, from, res);
+ Filter_List.DoFilter(buffer, length);
+
+ if (Socket_Cache.Display_RecvFrom)
+ {
+ Socket_Cache.SocketQueue.Recv_CNT++;
+ stSocketType = Socket_Packet.SocketType.RecvFrom;
+ Socket_Cache.SocketQueue.SocketToQueue(socket, buffer, length, stSocketType, from, res);
+ }
}
- }
- Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ Socket_Operation.DoLog_HookInfo(stSocketType, socket, length, res);
+ }
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
}
return res;
@@ -182,22 +351,61 @@ private int RecvFrom_Hook(int socket, IntPtr buffer, int length, int flags, ref
#endregion
+ #region//WinSockHook Run
+
+ public WinSockHook()
+ {
+ //
+ }
+
+ public WinSockHook(RemoteHooking.IContext InContext, String InChannelName)
+ {
+ //
+ }
+
+ public unsafe void Run(RemoteHooking.IContext InContext, String InArg1)
+ {
+ if (Environment.OSVersion.Version.Major >= 6)
+ {
+ SetProcessDPIAware();
+ }
+
+ Application.EnableVisualStyles();
+ Application.SetCompatibleTextRenderingDefault(false);
+ Application.Run(new Socket_Form());
+ }
+
+ #endregion
+
#region//开始拦截
public void StartHook()
{
- lhRecv = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recv"), new RecvHook(Recv_Hook), this);
- lhRecv.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
+ try
+ {
+ lhRecv = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recv"), new Drecv(Recv_Hook), this);
+ lhRecv.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
+
+ lhRecvFrom = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recvfrom"), new DRecvFrom(RecvFrom_Hook), this);
+ lhRecvFrom.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
- lhRecvFrom = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recvfrom"), new RecvFromHook(RecvFrom_Hook), this);
- lhRecvFrom.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
+ lhSend = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "send"), new DSend(Send_Hook), this);
+ lhSend.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
- lhSend = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "send"), new SendHook(Send_Hook), this);
- lhSend.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
+ lhSendTo = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "sendto"), new DSendTo(SendTo_Hook), this);
+ lhSendTo.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
- lhSendTo = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "sendto"), new SendToHook(SendTo_Hook), this);
- lhSendTo.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
+ lhWSASend = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "WSASend"), new DWSASend(WSASend_Hook), this);
+ lhWSASend.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
- Socket_Operation.DoLog("开始拦截!");
+ lhWSARecv = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "WSARecv"), new DWSARecv(WSARecv_Hook), this);
+ lhWSARecv.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
+
+ Socket_Operation.DoLog("开始拦截!");
+ }
+ catch (Exception ex)
+ {
+ Socket_Operation.DoLog(ex.Message);
+ }
}
#endregion
@@ -208,6 +416,8 @@ public void StopHook()
lhSend.Dispose();
lhRecvFrom.Dispose();
lhSendTo.Dispose();
+ lhWSASend.Dispose();
+ lhWSARecv.Dispose();
Socket_Operation.DoLog("结束拦截!");
}
diff --git a/WPELibrary/Socket_Form.Designer.cs b/WPELibrary/Socket_Form.Designer.cs
index 6e97bcb..2926fcb 100644
--- a/WPELibrary/Socket_Form.Designer.cs
+++ b/WPELibrary/Socket_Form.Designer.cs
@@ -74,8 +74,6 @@ private void InitializeComponent()
this.rtbGB2312 = new System.Windows.Forms.RichTextBox();
this.tpLog = new System.Windows.Forms.TabPage();
this.dgvLogList = new System.Windows.Forms.DataGridView();
- this.cTime = new System.Windows.Forms.DataGridViewTextBoxColumn();
- this.cContent = new System.Windows.Forms.DataGridViewTextBoxColumn();
this.cmsLogList = new System.Windows.Forms.ContextMenuStrip(this.components);
this.导出到ExcelToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
@@ -135,12 +133,14 @@ private void InitializeComponent()
this.cData = new System.Windows.Forms.DataGridViewTextBoxColumn();
this.gbFilterList = new System.Windows.Forms.GroupBox();
this.dgvFilterList = new System.Windows.Forms.DataGridView();
- this.bgwLogList = new System.ComponentModel.BackgroundWorker();
this.cCheck = new System.Windows.Forms.DataGridViewCheckBoxColumn();
this.cFilterIndex = new System.Windows.Forms.DataGridViewTextBoxColumn();
this.cFilterName = new System.Windows.Forms.DataGridViewTextBoxColumn();
this.cFilterSearch = new System.Windows.Forms.DataGridViewTextBoxColumn();
this.cFilterModify = new System.Windows.Forms.DataGridViewTextBoxColumn();
+ this.bgwLogList = new System.ComponentModel.BackgroundWorker();
+ this.cTime = new System.Windows.Forms.DataGridViewTextBoxColumn();
+ this.cContent = new System.Windows.Forms.DataGridViewTextBoxColumn();
this.gbFilter_Size.SuspendLayout();
this.gbFilter_Type.SuspendLayout();
this.gbBottom.SuspendLayout();
@@ -207,7 +207,7 @@ private void InitializeComponent()
this.txtCheck_IP.Name = "txtCheck_IP";
this.txtCheck_IP.Size = new System.Drawing.Size(399, 22);
this.txtCheck_IP.TabIndex = 38;
- this.txtCheck_IP.Text = "0.0.0.0";
+ this.txtCheck_IP.Text = "0.0.0.0;127.0.0.1";
this.txtCheck_IP.WordWrap = false;
//
// cbDisplay_RecvFrom
@@ -565,21 +565,6 @@ private void InitializeComponent()
this.dgvLogList.Size = new System.Drawing.Size(711, 132);
this.dgvLogList.TabIndex = 0;
//
- // cTime
- //
- this.cTime.DataPropertyName = "Time";
- this.cTime.HeaderText = "记录时间";
- this.cTime.Name = "cTime";
- this.cTime.ReadOnly = true;
- //
- // cContent
- //
- this.cContent.AutoSizeMode = System.Windows.Forms.DataGridViewAutoSizeColumnMode.Fill;
- this.cContent.DataPropertyName = "Content";
- this.cContent.HeaderText = "日志内容";
- this.cContent.Name = "cContent";
- this.cContent.ReadOnly = true;
- //
// cmsLogList
//
this.cmsLogList.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -1040,7 +1025,7 @@ private void InitializeComponent()
this.cType.Name = "cType";
this.cType.ReadOnly = true;
this.cType.SortMode = System.Windows.Forms.DataGridViewColumnSortMode.NotSortable;
- this.cType.Width = 55;
+ this.cType.Width = 65;
//
// cSocket
//
@@ -1062,7 +1047,7 @@ private void InitializeComponent()
this.cFrom.Name = "cFrom";
this.cFrom.ReadOnly = true;
this.cFrom.SortMode = System.Windows.Forms.DataGridViewColumnSortMode.NotSortable;
- this.cFrom.Width = 150;
+ this.cFrom.Width = 160;
//
// Column5
//
@@ -1073,7 +1058,7 @@ private void InitializeComponent()
this.Column5.Name = "Column5";
this.Column5.ReadOnly = true;
this.Column5.SortMode = System.Windows.Forms.DataGridViewColumnSortMode.NotSortable;
- this.Column5.Width = 150;
+ this.Column5.Width = 160;
//
// cLen
//
@@ -1135,10 +1120,6 @@ private void InitializeComponent()
this.dgvFilterList.CellContentClick += new System.Windows.Forms.DataGridViewCellEventHandler(this.dgvFilterList_CellContentClick);
this.dgvFilterList.CellDoubleClick += new System.Windows.Forms.DataGridViewCellEventHandler(this.dgvFilterList_CellDoubleClick);
//
- // bgwLogList
- //
- this.bgwLogList.DoWork += new System.ComponentModel.DoWorkEventHandler(this.bgwLogList_DoWork);
- //
// cCheck
//
this.cCheck.DataPropertyName = "ISCheck";
@@ -1180,6 +1161,26 @@ private void InitializeComponent()
this.cFilterModify.ReadOnly = true;
this.cFilterModify.Visible = false;
//
+ // bgwLogList
+ //
+ this.bgwLogList.DoWork += new System.ComponentModel.DoWorkEventHandler(this.bgwLogList_DoWork);
+ //
+ // cTime
+ //
+ this.cTime.DataPropertyName = "Time";
+ this.cTime.HeaderText = "记录时间";
+ this.cTime.Name = "cTime";
+ this.cTime.ReadOnly = true;
+ this.cTime.Width = 120;
+ //
+ // cContent
+ //
+ this.cContent.AutoSizeMode = System.Windows.Forms.DataGridViewAutoSizeColumnMode.Fill;
+ this.cContent.DataPropertyName = "Content";
+ this.cContent.HeaderText = "日志内容";
+ this.cContent.Name = "cContent";
+ this.cContent.ReadOnly = true;
+ //
// Socket_Form
//
this.AutoScaleDimensions = new System.Drawing.SizeF(96F, 96F);
@@ -1322,8 +1323,11 @@ private void InitializeComponent()
private System.Windows.Forms.ToolStripMenuItem 导出到ExcelToolStripMenuItem;
private System.Windows.Forms.ToolStripSeparator toolStripSeparator5;
private System.Windows.Forms.ToolStripMenuItem 清空此列表ToolStripMenuItem;
- private System.Windows.Forms.DataGridViewTextBoxColumn cTime;
- private System.Windows.Forms.DataGridViewTextBoxColumn cContent;
+ private System.Windows.Forms.DataGridViewCheckBoxColumn cCheck;
+ private System.Windows.Forms.DataGridViewTextBoxColumn cFilterIndex;
+ private System.Windows.Forms.DataGridViewTextBoxColumn cFilterName;
+ private System.Windows.Forms.DataGridViewTextBoxColumn cFilterSearch;
+ private System.Windows.Forms.DataGridViewTextBoxColumn cFilterModify;
private System.Windows.Forms.DataGridViewTextBoxColumn cIndex;
private System.Windows.Forms.DataGridViewTextBoxColumn cType;
private System.Windows.Forms.DataGridViewTextBoxColumn cSocket;
@@ -1331,10 +1335,7 @@ private void InitializeComponent()
private System.Windows.Forms.DataGridViewTextBoxColumn Column5;
private System.Windows.Forms.DataGridViewTextBoxColumn cLen;
private System.Windows.Forms.DataGridViewTextBoxColumn cData;
- private System.Windows.Forms.DataGridViewCheckBoxColumn cCheck;
- private System.Windows.Forms.DataGridViewTextBoxColumn cFilterIndex;
- private System.Windows.Forms.DataGridViewTextBoxColumn cFilterName;
- private System.Windows.Forms.DataGridViewTextBoxColumn cFilterSearch;
- private System.Windows.Forms.DataGridViewTextBoxColumn cFilterModify;
+ private System.Windows.Forms.DataGridViewTextBoxColumn cTime;
+ private System.Windows.Forms.DataGridViewTextBoxColumn cContent;
}
}
\ No newline at end of file
diff --git a/WPELibrary/WPELibrary.csproj b/WPELibrary/WPELibrary.csproj
index e8ea45c..0c888bf 100644
--- a/WPELibrary/WPELibrary.csproj
+++ b/WPELibrary/WPELibrary.csproj
@@ -22,6 +22,7 @@
prompt
4
AnyCPU
+ true
pdbonly
@@ -31,6 +32,7 @@
prompt
4
AnyCPU
+ true
false
@@ -75,7 +77,6 @@
-
True