能力值:
( LV2,RANK:10 )
|
-
-
2 楼
求大神给指点下
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
网络相关不懂啊
不过假如这个函数真能关联到你说的ip地址之类,看起来也只有FileHandle可以用了。你需要一个根据HANDLE可以反向得到类似于文件名之类的包含字符串或者复杂结构的函数。
我给一个3环的文件句柄反向得到文件名的例子,你看看有没有启发吧。
// 3.2ms
wstring GetFileNameFromHandle(HANDLE hFile)
{
TimeCounter tc(L"GetFileNameFromHandle in spend ");
const int ObjectNameInformation = 1; // enum OBJECT_INFORMATION_CLASS;
typedef LONG (CALLBACK* ZWQUERYOBJECT)(
HANDLE ObjectHandle,
ULONG ObjectInformationClass,
PVOID ObjectInformation,
ULONG ObjectInformationLength,
PULONG ReturnLength
);
static HMODULE hNtDLL = LoadLibrary(L"ntdll.dll");
if (!hNtDLL)
{
hNtDLL = LoadLibrary(L"ntdll.dll");
}
static ZWQUERYOBJECT ZwQueryObject = (ZWQUERYOBJECT)GetProcAddress(hNtDLL, "ZwQueryObject");
if (!ZwQueryObject)
{
ZwQueryObject = (ZWQUERYOBJECT)GetProcAddress(hNtDLL, "ZwQueryObject");
if (!ZwQueryObject)
{
wprintf(L"[%s] could not get filename, GetProcAddress->ZwQueryObject failed.\n",
__WFUNCTION__);
return L"";
}
}
//TimeCounter* ptc = NULL;
// 0.0ms
//ptc = new TimeCounter(L"ZwQueryObject spend ");
WCHAR szPathInfo[MAX_PATH + 4] = {0};
ULONG dwResult;
// notice success equal to !=0
// szPathInfo = "ĐĒ�\Device\HarddiskVolume3\Documents and Settings\Administrator\My Documents\Visual Studio 2008\Projects\20160725_R3ReadCache\file_list.txt"
if (ZwQueryObject(hFile, ObjectNameInformation, szPathInfo, sizeof(szPathInfo)-1 , &dwResult) != 0)
{
wprintf(L"[%s] could not get filename, ZwQueryObject failed.\n", __WFUNCTION__);
return L"";
}
//delete ptc;
// we do not need a judge for net file
// org code's logic is if this is a net file, remove it's prefix and return...no help for us
// net file should not be cached
#if 0
// if the file on net drive
const PWCHAR szNetDevice = L"//Device//LanmanRedirector";
static DWORD dwDeviceNameLen = lstrlenW(szNetDevice);
if (!wcsnicmp(szPathInfo + 4, szNetDevice, dwDeviceNameLen)) // if equal
{
lstrcpyW(lpFilePath, L"//"); // add a //, means net file named as //Device/....
lstrcatW(lpFilePath, szPathInfo + 4 + lstrlenW(szNetDevice)); // skip 4+/Device/LanmanRedirector WCHARs
return lpFilePath;
}
#endif
// 0.0ms
//ptc = new TimeCounter(L"GetLogicalDriveStrings spend ");
WCHAR szDrive [MAX_PATH] = {0};
WCHAR *lpDrive = szDrive;
int iPathLen;
// C.:.\...D.:.\...E.:.\...F.:.\...I.:.\...L.:.\...R.:.\...Z.:.\...
// MAX_PATH=260/4=65 >26
if (GetLogicalDriveStrings(MAX_PATH-1, szDrive) >= MAX_PATH)
{
wprintf(L"[%s] could not get filename, GetLogicalDriveStrings failed.\n", __WFUNCTION__);
return L"";
}
//delete ptc;
while ((iPathLen = lstrlenW(lpDrive)) != 0)
{
WCHAR szDevName[MAX_PATH] = {0};
lpDrive[iPathLen - 1] = 0x00; // The device name cannot have a trailing backslash
// szDevName = "\Device\HarddiskVolume3"
// 0.0ms
//ptc = new TimeCounter(L"QueryDosDeviceW spend ");
int iDevLen = (int)QueryDosDeviceW(lpDrive, szDevName, MAX_PATH);
//delete ptc;
// 0.0ms
//ptc = new TimeCounter(L"wcsnicmp spend ");
if (iDevLen && iDevLen < MAX_PATH){
iDevLen = lstrlenW(szDevName);
if (!wcsnicmp(szPathInfo + 4, szDevName, iDevLen)) // equal
{
WCHAR lpFilePath[MAX_PATH] = {0};
lstrcpyW(lpFilePath, lpDrive);
lstrcatW(lpFilePath, szPathInfo + 4 + iDevLen); // jump no sense 8 bytes, jump dos device name
//break;
//delete ptc;
//delete ptc2;
return lpFilePath;
}
}
lpDrive += iPathLen + 1;
}
return L"";
}
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
这个是获取句柄名,我是想在这里过滤UDP通讯的IP地址,要怎么取到呢?
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
getpeername
|
能力值:
( LV3,RANK:20 )
|
-
-
6 楼
这个没试过好像也没文档, 猜测已经组好包了.
你上层随意sendto, 拦截, 查看各参数就知道了.
|
|
|
|
