ndis中修改包中数据, 然后计算校验和,帮忙看看计算校验和问题所在
USHORT CheckSum(USHORT *buffer, int size)
{
ULONG cksum = 0;
while(size > 1)
{
cksum += * buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
VOID alterPacketWind(PUCHAR pPacketContent, ULONG length)
{
USHORT ipHdrlen = 0;
USHORT tcpHdrlen = 0;
UCHAR checkbuff[2048] = {0};
PIP_HEADER pIPHeader;
PTCPv4_HEADER pTcpv4Header;
SD_HEADER sdHeader;
USHORT dataSize ;
dataSize = length - sizeof(IP_HEADER) - sizeof(TCPv4_HEADER) - IP_OFFSET;
pIPHeader = (PIP_HEADER)(pPacketContent + IP_OFFSET);
ipHdrlen = (pIPHeader->VIHL & 0x0f) * sizeof(ULONG);
pTcpv4Header = (PTCPv4_HEADER)(pPacketContent + IP_OFFSET + ipHdrlen);
//pTcpv4Header->Window = 20;
tcpHdrlen = UTIL_htons(pIPHeader->TotLen) - ipHdrlen;
sdHeader.saddr = pIPHeader->iaSrc.S_un.S_addr;
sdHeader.daddr = pIPHeader->iaDst.S_un.S_addr;
sdHeader.mbz = 0;
sdHeader.ptcl = PROT_TCP;
sdHeader.tcpl = UTIL_htons(tcpHdrlen);
NdisMoveMemory(checkbuff, &sdHeader, sizeof(sdHeader));
NdisMoveMemory(checkbuff + sizeof(sdHeader), pTcpv4Header, tcpHdrlen);
pTcpv4Header->Check_sum = CheckSum((USHORT *)checkbuff, sizeof(sdHeader) + tcpHdrlen);
//pTcpv4Header->Check_sum = UTIL_htons(UTIL_htons(pTcpv4Header->Check_sum) - dataSize);
DBGPRINT(("ipHdrlen = %d, tcpHdrlen = %d, length=%d, Check_sum = %d, iaSrc = %x, iaDst =%x\n", ipHdrlen, tcpHdrlen, length, pTcpv4Header->Check_sum ,pIPHeader->iaSrc.S_un.S_addr, pIPHeader->iaDst.S_un.S_addr));
return ;
}
[课程]Android-CTF解题方法汇总!