替换系统wsock32.dll,实现封包拦截
2024-05-06 22:58:24
// wsock32.cpp : Defines the entry point for the DLL application.
//:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::// Module : 替换系统wsock32.dll,实现封包拦截
// Author : 阵雨
// Notes: :VC++6.0 XP下编译通过
//利用函数转发器,将无需拦截的替换wsock32.dll的导出函数转发到syswsock32.dll(原来的替换wsock32.dll),
//在网上见过替换替换wsock32.dll的文章,但是都没有使用函数转发器,所以都比较复杂
//:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
#include "stdafx.h"
#pragma comment(linker,"/export:accept=syswsock32.accept,@1")
#pragma comment(linker,"/export:bind=syswsock32.bind,@2")
#pragma comment(linker,"/export:closesocket=syswsock32.closesocket,@3")
#pragma comment(linker,"/export:connect=syswsock32.connect,@4")
#pragma comment(linker,"/export:getpeername=syswsock32.getpeername,@5")
#pragma comment(linker,"/export:getsockname=syswsock32.getsockname,@6")
#pragma comment(linker,"/export:getsockopt=syswsock32.getsockopt,@7")
#pragma comment(linker,"/export:htons=syswsock32.htons,@9")
#pragma comment(linker,"/export:htonl=syswsock32.htonl,@8")
#pragma comment(linker,"/export:inet_addr=syswsock32.inet_addr,@10")
#pragma comment(linker,"/export:inet_ntoa=syswsock32.inet_ntoa,@11")
#pragma comment(linker,"/export:ioctlsocket=syswsock32.ioctlsocket,@12")
#pragma comment(linker,"/export:listen=syswsock32.listen,@13")
#pragma comment(linker,"/export:ntohl=syswsock32.ntohl,@14")
#pragma comment(linker,"/export:ntohs=syswsock32.ntohs,@15")
#pragma comment(linker,"/export:recv=_recv@16,@16")
#pragma comment(linker,"/export:recvfrom=_recvfrom@24,@17")
#pragma comment(linker,"/export:select=syswsock32.select,@18")
#pragma comment(linker,"/export:send=_send@16,@19")
#pragma comment(linker,"/export:sendto=_sendto@24,@20")
#pragma comment(linker,"/export:setsockopt=syswsock32.setsockopt,@21")
#pragma comment(linker,"/export:socket=syswsock32.socket,@23")
#pragma comment(linker,"/export:shutdown=syswsock32.shutdown,@22")
#pragma comment(linker,"/export:MigrateWinsockConfiguration=syswsock32.MigrateWinsockConfiguration,@24")
#pragma comment(linker,"/export:gethostbyname=syswsock32.gethostbyname,@52")
#pragma comment(linker,"/export:gethostbyaddr=syswsock32.gethostbyaddr,@51")
#pragma comment(linker,"/export:getprotobynumber=syswsock32.getprotobynumber,@54")
#pragma comment(linker,"/export:getprotobyname=syswsock32.getprotobyname,@53")
#pragma comment(linker,"/export:getservbyport=syswsock32.getservbyport,@56")
#pragma comment(linker,"/export:getservbyname=syswsock32.getservbyname,@55")
#pragma comment(linker,"/export:gethostname=syswsock32.gethostname,@57")
#pragma comment(linker,"/export:WSAAsyncSelect=syswsock32.WSAAsyncSelect,@101")
#pragma comment(linker,"/export:WSAAsyncGetHostByName=syswsock32.WSAAsyncGetHostByName,@103")
#pragma comment(linker,"/export:WSAAsyncGetHostByAddr=syswsock32.WSAAsyncGetHostByAddr,@102")
#pragma comment(linker,"/export:WSAAsyncGetProtoByNumber=syswsock32.WSAAsyncGetProtoByNumber,@104")
#pragma comment(linker,"/export:WSAAsyncGetProtoByName=syswsock32.WSAAsyncGetProtoByName,@105")
#pragma comment(linker,"/export:WSAAsyncGetServByPort=syswsock32.WSAAsyncGetServByPort,@106")
#pragma comment(linker,"/export:WSAAsyncGetServByName=syswsock32.WSAAsyncGetServByName,@107")
#pragma comment(linker,"/export:WSACancelAsyncRequest=syswsock32.WSACancelAsyncRequest,@108")
#pragma comment(linker,"/export:WSASetBlockingHook=syswsock32.WSASetBlockingHook,@109")
#pragma comment(linker,"/export:WSAUnhookBlockingHook=syswsock32.WSAUnhookBlockingHook,@110")
#pragma comment(linker,"/export:WSAGetLastError=syswsock32.WSAGetLastError,@111")
#pragma comment(linker,"/export:WSASetLastError=syswsock32.WSASetLastError,@112")
#pragma comment(linker,"/export:WSACancelBlockingCall=syswsock32.WSACancelBlockingCall,@113")
#pragma comment(linker,"/export:WSAIsBlocking=syswsock32.WSAIsBlocking,@114")
#pragma comment(linker,"/export:WSAStartup=syswsock32.WSAStartup,@115")
#pragma comment(linker,"/export:WSACleanup=syswsock32.WSACleanup,@116")
#pragma comment(linker,"/export:___WSAFDIsSet=syswsock32.__WSAFDIsSet,@151")#pragma comment(linker,"/export:WSARecvEx=syswsock32.WSARecvEx,@1107")
#pragma comment(linker,"/export:WSApSetPostRoutine=syswsock32.WSApSetPostRoutine,@1000")
#pragma comment(linker,"/export:WEP=syswsock32.WEP,@500")
#pragma comment(linker,"/export:TransmitFile=syswsock32.TransmitFile,@1140")
#pragma comment(linker,"/export:SetServiceW=syswsock32.SetServiceW,@1118")
#pragma comment(linker,"/export:SetServiceA=syswsock32.SetServiceA,@1117")
#pragma comment(linker,"/export:sethostname=syswsock32.sethostname,@1105")
#pragma comment(linker,"/export:s_perror=syswsock32.s_perror,@1108")
#pragma comment(linker,"/export:rresvport=syswsock32.rresvport,@1104")
#pragma comment(linker,"/export:rexec=syswsock32.rexec,@1103")
#pragma comment(linker,"/export:rcmd=syswsock32.rcmd,@1102")
#pragma comment(linker,"/export:NPLoadNameSpaces=syswsock32.NPLoadNameSpaces,@1130")
#pragma comment(linker,"/export:inet_network=syswsock32.inet_network,@1100")
#pragma comment(linker,"/export:GetTypeByNameW=syswsock32.GetTypeByNameW,@1114")
#pragma comment(linker,"/export:GetTypeByNameA=syswsock32.GetTypeByNameA,@1113")
#pragma comment(linker,"/export:GetServiceW=syswsock32.GetServiceW,@1120")
#pragma comment(linker,"/export:GetServiceA=syswsock32.GetServiceA,@1119")
#pragma comment(linker,"/export:getnetbyname=syswsock32.getnetbyname,@1101")
#pragma comment(linker,"/export:GetNameByTypeW=syswsock32.GetNameByTypeW,@1116")
#pragma comment(linker,"/export:GetNameByTypeA=syswsock32.GetNameByTypeA,@1115")
#pragma comment(linker,"/export:GetAddressByNameW=syswsock32.GetAddressByNameW,@1110")
#pragma comment(linker,"/export:GetAddressByNameA=syswsock32.GetAddressByNameA,@1109")
#pragma comment(linker,"/export:GetAcceptExSockaddrs=syswsock32.GetAcceptExSockaddrs,@1142")
#pragma comment(linker,"/export:EnumProtocolsW=syswsock32.EnumProtocolsW,@1112")
#pragma comment(linker,"/export:EnumProtocolsA=syswsock32.EnumProtocolsA,@1111")
#pragma comment(linker,"/export:dn_expand=syswsock32.dn_expand,@1106")
#pragma comment(linker,"/export:AcceptEx=syswsock32.AcceptEx,@1141")typedef int (WINAPI *PFUN)(int s,const char * buf,int len,int flags);
PFUN mySend,myRecv;
typedef int (WINAPI *PFUN2)(int s,char *buf,int len,int flags,int to,int tolen);
PFUN2 mySendto,myRecvfrom;
void SendData(int cmd,int len,char *pbuffer,int sendORrecv);
HINSTANCE hws2_32;
HWND ServerHwnd;
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{switch(ul_reason_for_call){case DLL_PROCESS_ATTACH:hws2_32=LoadLibrary("ws2_32.dll");mySend=(PFUN)GetProcAddress(hws2_32,"send");myRecv=(PFUN)GetProcAddress(hws2_32,"recv");mySendto=(PFUN2)GetProcAddress(hws2_32,"sendto");myRecvfrom=(PFUN2)GetProcAddress(hws2_32,"recvfrom");ServerHwnd=FindWindow("TForm1","Server");break;case DLL_PROCESS_DETACH:break;case DLL_THREAD_ATTACH:break;case DLL_THREAD_DETACH:break;}
return TRUE;
}
extern "C" __declspec(dllexport) int WINAPI send(int s,char *buf,int len,int flags)
{SendData(s,len,buf,1);
return mySend(s,buf,len,flags);
}
extern "C" __declspec(dllexport) int WINAPI sendto(int s,char *buf,int len,int flags,int to,int tolen)
{
SendData(s,len,buf,1);
return mySendto(s,buf,len,flags,to,tolen);
}
extern "C" __declspec(dllexport) int WINAPI recv(int s,char *buf,int len,int flags)
{
int rt;
rt=myRecv(s,buf,len,flags);
SendData(s,rt,buf,0);
return rt;
}
extern "C" __declspec(dllexport) int WINAPI recvfrom(int s,char *buf,int len,int flags,int from,int fromlen)
{
int rt;
rt=myRecvfrom(s,buf,len,flags,from,fromlen);
SendData(s,rt,buf,0);
return rt;
}
//------------------------------------------------
void SendData(int cmd,int len,char *pbuffer,int sendORrecv)
{
COPYDATASTRUCT copydata;
copydata.dwData=cmd;
copydata.cbData=len;
copydata.lpData=pbuffer;
if(::IsWindow(ServerHwnd))
{
::SendMessage(ServerHwnd,WM_COPYDATA,sendORrecv,(LPARAM)©data);
}
}
本代码的着色效果由xTiNt自动完成替换系统wsock32.dll,实现封包拦截相关推荐
- 2020-11-23(Windows系统的dll注入 )
一.什么是dll注入 在Windows操作系统中,运行的每一个进程都生活在自己的程序空间中(保护模式),每一个进程都认为自己拥有整个机器的控制权,每个进程都认为自己拥有计算机的整个内存空间,这些假象都 ...
- Windows系统的dll注入
一.什么是dll注入 在Windows操作系统中,运行的每一个进程都生活在自己的程序空间中(保护模式),每一个进程都认为自己拥有整个机器的控制权,每个进程都认为自己拥有计算机的整个内存空间,这些假象都 ...
- 介绍一种很棒的wince 如何替换系统声音的方法
Topic:介绍一种很棒的wince 如何替换系统声音的方法(作者:Baiduluckyboy) //------------------------------------------------- ...
- 聊一聊ws2_32.dll和wsock32.dll
Wsock32.Dll与Ws2_32.Dll区别 CSocket在Wsock32.Dll中实现,Socket API在Ws2_32.Dll实现 这两个Dll是两个不同层次的接口,调用关系如下: 网 ...
- Windows核心编程_HOOk SOCKET实现封包拦截
Socket的HOOK技术是目前网络拦截程序的基础功能,还有浏览器的抓包工具都是通过拦截Socket函数实现的 浏览器也好,通讯软件也好,他们只是使用的通讯协议不一样,其最底层的全部都是通过封装Soc ...
- 易语言编程-远程封包拦截与发送技术
我们前面学习了封包拦截的技术和发送技术,但都是用DLL的注入方式来进行拦截封包的 那么有没有一种可以不需要注入,就可以拦截到指定进程里的封包数据呢? 答案是肯定的:有的 Game-EC模块的最新版本就 ...
- Android 替换系统桌面Launcher
公司做一个定制的APP,就是开机就打开app,按home还是自己app.我找了很多都是修改framework,这样很麻烦,就相当编源码了(我觉得是这样).正题: <application and ...
- 冒险岛封包拦截研究!
注1:次文章只用与技术研究,并无其它用意!使用此软件造成的一切后果均与本人无关! 注2:此软件的原型来自互联网!软件作者:snow 注3:欢迎转载,转载请注明文章原地址:http://blog.csd ...
- 【OSX】OSX下采用MAMP的PHP替换系统自带PHP
OSX下采用MAMP的PHP替换系统自带PHP 前言 众所周知,OSX自带了PHP和Apache,显然这些不是我们需要的. 很多人都会安装集成环境作为自己的开发环境.比如我选择的是MAMP,PHP的版 ...
最新文章
- NOIP2016天天爱跑步
- 楚留香手游系统互通的服务器,楚留香手游互通服务器汇总 哪些服能一起玩
- 0009:err:module:__wine_process_init failed to load xxx
- [html] From表单提交时为什么会刷新页面?怎么预防刷新?
- 普通码农和技术大牛之间,只差这10本书(1024高能福利)
- C++ 拷贝构造函数
- 【报告分享】2020全球网络趋势报告.pdf(附下载链接)
- 红黑树(Red-Black Tree)
- linux 查看libevent 安装目录,Linux系统centos6.7上安装libevent
- Python3 - 基础知识、基本了解
- Fragment 源码解析add()和replace()方法
- python脚本编程手册安卓版_python编程入门app下载
- 2022年11月份,NPDP产品经理认证即将改版,到底改哪些内容?
- Postgresql的使用-1 创建数据库
- No content to map to Object due to end of input
- HTML5背景颜色表格作业,HTML快速入门5——不规则表格、表格背景、边框颜色
- Java实现九宫格游戏
- P4208 [JSOI2008]最小生成树计数
- Golang并发模型:轻松入门流水线FAN模式
- SSR(服务端渲染)于CSR(客户端渲染)
热门文章
- File类获取功能的方法
- 数据库-优化-pt-query-digest使用简介
- 建造者模式 coding
- Spring Cloud Gateway 之获取请求体的几种方式
- Spring AbstractAutowireCapableBeanFactory
- linux下qt实现计算器,QT实现计算器
- lambda 表达式中的 this 与普通情况下的 this 指向
- 区块链时代的拜占庭容错:Tendermint(五)
- 【Spring MVC】 maven pom.xml 错误: Cannot upgrade/downgrade to Dynamic Web Module 3.0 facet.
- 《响应式Web设计性能优化》一2.1 性能度量基础