能力值:
( LV8,RANK:130 )
|
-
-
2 楼
还有注释啊.
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
我是来顶qihoocom和heXer两个大牛的
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
强力占个座位
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
占座
123456
|
能力值:
( LV9,RANK:850 )
|
-
-
6 楼
仔细学习学习
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
收藏了慢慢看
|
能力值:
( LV12,RANK:450 )
|
-
-
8 楼
试了一下,果然很好使。不过网络相关的还不是太熟悉,还要慢慢研究研究
|
能力值:
( LV9,RANK:610 )
|
-
-
9 楼
MJ就是不一般…连抓包都这么与众不同
|
能力值:
( LV12,RANK:470 )
|
-
-
10 楼
占座学习中。。
|
能力值:
(RANK:650 )
|
-
-
11 楼
向王小姐学习
|
能力值:
( LV15,RANK:340 )
|
-
-
12 楼
这个还真没见过,立即改个Delphi的去瞧瞧。
果然好用,膜拜一下!明天试试修改数据包内容
翻译的Delphi版源码见附件,这是我GET百度的数据。
00007368 23.14766884 [4048] [HOOK] NDIC_Hook dll loaded. 00007369 23.14779282 [4048] [HOOK] Lock "NtDeviceIoControlFile" for HOOK. 00007370 23.14781952 [4048] [HOOK] Base=719C0000, Thunk=0000127C, ID=F 00007371 23.14791679 [4048] [HOOK] Orign[0x719C12B8]=0x7C92D8E3, new Addr=0x04DEA3C4 00008751 28.35400581 [4048] [HTTP Send] Length = 822 00008752 28.35421753 [4048] GET / HTTP/1.1 00008753 28.35421753 [4048] Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* 00008754 28.35421753 [4048] Accept-Language: zh-cn 00008755 28.35421753 [4048] User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; CIBA; TheWorld) 00008756 28.35421753 [4048] UA-CPU: x86 00008757 28.35421753 [4048] Accept-Encoding: gzip, deflate 00008758 28.35421753 [4048] Host: www.baidu.com 00008759 28.35421753 [4048] Connection: Keep-Alive 00008760 28.35421753 [4048] Cookie: BAIDUID=F07CEBAE4F4B5A6DE8A3D73BDA7CBB34:FG=1;... 00008761 28.35421753 [4048] 00008783 28.39130974 [4048] [HTTP Recv] Length = 1024 00008784 28.39136696 [4048] HTTP/1.1 200 OK 00008785 28.39136696 [4048] Date: Sun, 01 Feb 2009 14:43:22 GMT 00008786 28.39136696 [4048] Server: BWS/1.0 00008787 28.39136696 [4048] Content-Length: 2029 00008788 28.39136696 [4048] Content-Type: text/html 00008789 28.39136696 [4048] Cache-Control: private 00008790 28.39136696 [4048] Expires: Sun, 01 Feb 2009 14:43:22 GMT 00008791 28.39136696 [4048] Content-Encoding: gzip 00008792 28.39136696 [4048] 00008793 28.39136696 [4048] ? 00008814 28.42530823 [4048] [HTTP Send] Length = 796 00008815 28.42535210 [4048] GET /js/bdsug.js?v=1.0.1.0 HTTP/1.1 00008816 28.42535210 [4048] Accept: */* 00008817 28.42535210 [4048] Referer: http://www.baidu.com/ 00008818 28.42535210 [4048] Accept-Language: zh-cn 00008819 28.42535210 [4048] User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; CIBA; TheWorld) 00008820 28.42535210 [4048] UA-CPU: x86 00008821 28.42535210 [4048] Accept-Encoding: gzip, deflate 00008822 28.42535210 [4048] If-Modified-Since: Mon, 19 Jan 2009 13:18:00 GMT 00008823 28.42535210 [4048] If-None-Match: "1599-49747d88" 00008824 28.42535210 [4048] Host: www.baidu.com 00008825 28.42535210 [4048] Connection: Keep-Alive 00008826 28.42535210 [4048] Cookie: BAIDUID=F07CEBAE4F4B5A6DE8A3D73BDA7CBB34:FG=1;... 00008827 28.42535210 [4048] 00008840 28.45828247 [4048] [HTTP Recv] Length = 1024 00008844 28.45885849 [4048] HTTP/1.1 304 Not Modified 00008845 28.45885849 [4048] Date: Sun, 01 Feb 2009 14:43:22 GMT 00008846 28.45885849 [4048] Server: Apache/1.3.27 00008847 28.45885849 [4048] ETag: "1599-49747d88" 00008848 28.45885849 [4048]
两个GET和返回数据都抓下来了。
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
够另类啊,学习,非http的send/recv/WSA……的IoControlCode是多少呢?
|
能力值:
( LV8,RANK:130 )
|
-
-
14 楼
学习。。。。。。。。。。。。。。。
|
能力值:
( LV3,RANK:25 )
|
-
-
15 楼
支持一下
|
能力值:
( LV12,RANK:420 )
|
-
-
16 楼
仔细看看代码就知道了,这个可以拦任何TCP的封包,过滤HTTP是在过滤包内容时做的
|
能力值:
( LV9,RANK:610 )
|
-
-
17 楼
MJ的第二篇精华了~
|
能力值:
( LV2,RANK:10 )
|
-
-
18 楼
坐底上膜拜
|
能力值:
( LV2,RANK:10 )
|
-
-
19 楼
改完共享一下原代码吧 谢谢
|
能力值:
( LV2,RANK:10 )
|
-
-
20 楼
支持! 嘿嘿 SPI挫啊挫!
|
能力值:
( LV4,RANK:50 )
|
-
-
21 楼
顶,不过貌似MJ打错字了
// Hook mswsock.dll导出表的Ntdll!NtDeviceIoControlFile 。 中的“导出”应该是“输入”吧
|
能力值:
( LV2,RANK:10 )
|
-
-
22 楼
MJ 放血,快快吸血~~~
|
能力值:
( LV12,RANK:420 )
|
-
-
23 楼
确实写错了,应为 导入/输入表 谢谢指正
|
能力值:
( LV12,RANK:760 )
|
-
-
24 楼
好老啊,第一次提到这些ioctrlcode是在xfocus的水区~~~、
AFD_Sendto
AFD_RecvFrom
AFD_Connect
AFD_Bind
几个小编号也都有记录~~
|
能力值:
( LV12,RANK:760 )
|
-
-
25 楼
以下定义 出自 byshell 1.00 private版代码
#define AFD_BIND 0x12003
#define AFD_CONNECT 0x12007
#define AFD_SET_CONTEXT 0x12047
#define AFD_RECV 0x12017
#define AFD_SEND 0x1201f
#define AFD_SELECT 0x12024
#define AFD_SENDTO 0x12023
|
|
|