-
-
[求助]如何获取源ip端口,目标ip端口?
-
发表于:
2011-4-4 11:41
6357
-
《另类挂钩-RING3数据包监视》http://bbs.pediy.com/showthread.php?t=81204
利用这篇文章中的过滤技术,如何获取源ip端口,目标ip端口?
NTSTATUS __stdcall NewNtDeviceIoControlFile(
HANDLE FileHandle,
HANDLE Event OPTIONAL,
PVOID ApcRoutine OPTIONAL,
PVOID ApcContext OPTIONAL,
PVOID IoStatusBlock,
ULONG IoControlCode,
PVOID InputBuffer OPTIONAL,
ULONG InputBufferLength,
PVOID OutputBuffer OPTIONAL,
ULONG OutputBufferLength
)
{
//先调用原始函数
LONG stat ;
__asm
{
push OutputBufferLength
push OutputBuffer
push InputBufferLength
push InputBuffer
push IoControlCode
push IoStatusBlock
push ApcContext
push ApcRoutine
push Event
push FileHandle
call pNtDeviceIoControl
mov stat ,eax
}
//如果原始函数失败了(例如RECV无数据)
if (!NT_SUCCESS(stat))
{
return stat ;
}
//检查是否为TCP收发指令
if (IoControlCode != AFD_SEND && IoControlCode != AFD_RECV)
{
return stat ;
}
//访问AFD INFO结构,获得SEND或RECV的BUFFER信息
//这里可能是有问题的BUFFER,因此我们要加TRY EXCEPT
//
__try
{
//从InputBuffer得到Buffer和Len
PAFD_INFO AfdInfo = (PAFD_INFO)InputBuffer ;
PVOID Buffer = AfdInfo->BufferArray->buf ;
ULONG Len = AfdInfo->BufferArray->len;
if (IoControlCode == AFD_SEND)
{
if (LookupSendPacket(Buffer , Len))
{
//输出包内容
//这里输出调试信息,可以用DbgView查看,如果有UI可以做成SendMessage形式~
OutputDebugString("SendPacket!\n");
//OutputDebugString((char*)Buffer);
}
}
else
{
if (LookupRecvPacket(Buffer , Len))
{
OutputDebugString("RecvPacket!\n");
//OutputDebugString((char*)Buffer);
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return stat ;
}
return stat;
}
[课程]Android-CTF解题方法汇总!
