明文send,recv没看到在什么地方,bp recv
71A2676F > 8BFF mov edi, edi
71A26771 55 push ebp
71A26772 8BEC mov ebp, esp
71A26774 83EC 10 sub esp, 10
71A26777 53 push ebx
71A26778 33DB xor ebx, ebx
71A2677A 813D 5040A371 2>cmp dword ptr [71A34050], 71A22C29
71A26784 56 push esi
71A26785 0F84 5E4A0000 je 71A2B1E9
71A2678B 8D45 F8 lea eax, dword ptr [ebp-8]
71A2678E 50 push eax
71A2678F E8 1FD5FFFF call 71A23CB3
71A26794 3BC3 cmp eax, ebx
71A26796 8945 FC mov dword ptr [ebp-4], eax
71A26799 0F85 C02E0000 jnz 71A2965F
71A2679F FF75 08 push dword ptr [ebp+8]
71A267A2 E8 87C6FFFF call 71A22E2E
71A267A7 8BF0 mov esi, eax
71A267A9 3BF3 cmp esi, ebx
71A267AB 0F84 C82E0000 je 71A29679
71A267B1 8B45 10 mov eax, dword ptr [ebp+10]
71A267B4 57 push edi
71A267B5 8D4D FC lea ecx, dword ptr [ebp-4]
71A267B8 51 push ecx
71A267B9 FF75 F8 push dword ptr [ebp-8]
71A267BC 8D4D 14 lea ecx, dword ptr [ebp+14]
.
.
.
.
.
.
0AA5F25C 030DA287 /CALL 到 recv 来自 030DA285
0AA5F260 00000950 |Socket = 950
0AA5F264 032565B8 |Buffer = 032565B8
0AA5F268 00001000 |BufSize = 1000 (4096.)
0AA5F26C 00000000 \Flags = 0
0AA5F270 F74535F8
0AA5F274 00000000
0AA5F278 032565B8 ASCII "HTTP/1.1 200 OK",CR,LF,"Via: 1.1 CREEC-PROXY15",CR,LF,"Connection: Keep-Alive",CR,LF,"Proxy-Connection: Keep-Alive",CR,LF,"Content-Length: 998",CR,LF,"Date: Fri, 08 Jul 2011 08:39:00 GMT",CR,LF,"Content-Type: text/xml;charset=utf-8",CR,LF...
请问怎么找到recv回来的东西?
还有,之前想过一个办法,因为网络验证繁琐的send,繁琐的recv,繁琐的jmp,就想到host欺骗,我修改了我本机的host文件,可是,为啥我send的东西还是发到原地址去了?ie访问也是源地址。不是我修改后的地址。
问题简单,求解答,有的时候很多东西就是一层窗户纸,希望有人能带领我捅破这层纸,先感谢了!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课