diff --git a/PacketStruct.h b/PacketStruct.h
new file mode 100644
index 0000000..a0c182f
--- /dev/null
+++ b/PacketStruct.h
@@ -0,0 +1,100 @@
+#ifndef _PACKETSTRUCT_H
+#define _PACKETSTRUCT_H
+
+
+#pragma pack(1)
+
+
+/*以太网帧头格式结构体 14个字节*/
+typedef struct ether_header
+{
+ unsigned char ether_dhost[6];// 目的MAC地址
+ unsigned char ether_shost[6];// 源MAC地址
+ unsigned short ether_type;// eh_type的值需要考察上一层的协议,如果为ip则为0×0800
+}ETHERHEADER, *PETHERHEADER;
+
+/*以ARP字段结构体 28个字节*/
+typedef struct arp_header
+{
+ unsigned short arp_hrd;
+ unsigned short arp_pro;
+ unsigned char arp_hln;
+ unsigned char arp_pln;
+ unsigned short arp_op;
+ unsigned char arp_sourha[6];
+ unsigned long arp_sourpa;
+ unsigned char arp_destha[6];
+ unsigned long arp_destpa;
+}ARPHEADER, *PARPHEADER;
+
+/*ARP报文结构体 42个字节*/
+typedef struct arp_packet
+{
+ ETHERHEADER etherHeader;
+ ARPHEADER arpHeader;
+}ARPPACKET, *PARPPACKET;
+
+
+// ipv4_pro字段:
+#define PROTOCOL_ICMP 0x01
+#define PROTOCOL_IGMP 0x02
+#define PROTOCOL_TCP 0x06
+#define PROTOCOL_UDP 0x11
+
+/*IPv4报头结构体 20个字节*/
+typedef struct ipv4_header
+{
+ unsigned char ipv4_ver_hl;// Version(4 bits) + Internet Header Length(4 bits)长度按4字节对齐
+ unsigned char ipv4_stype; // 服务类型
+ unsigned short ipv4_plen;// 总长度(包含IP数据头,TCP数据头以及数据)
+ unsigned short ipv4_pidentify;// ID定义单独IP
+ unsigned short ipv4_flag_offset;// 标志位偏移量
+ unsigned char ipv4_ttl; // 生存时间
+ unsigned char ipv4_pro;// 协议类型
+ unsigned short ipv4_crc;// 校验和
+ unsigned long ipv4_sourpa;// 源IP地址
+ unsigned long ipv4_destpa;// 目的IP地址
+}IPV4HEADER, *PIPV4HEADER;
+
+
+/*IPv6报头结构体 40个字节*/
+typedef struct ipv6_header
+{
+ unsigned char ipv6_ver_hl;
+ unsigned char ipv6_priority;
+ unsigned short ipv6_lable;
+ unsigned short ipv6_plen;
+ unsigned char ipv6_nextheader;
+ unsigned char ipv6_limits;
+ unsigned char ipv6_sourpa[16];
+ unsigned char ipv6_destpa[16];
+}IPV6HEADER, *PIPV6HEADER;
+
+/*TCP报头结构体 20个字节*/
+typedef struct tcp_header
+{
+ unsigned short tcp_sourport;//源端口
+ unsigned short tcp_destport;//目的端口
+ unsigned long tcp_seqnu;//序列号
+ unsigned long tcp_acknu;//确认号
+ unsigned char tcp_hlen; //4位首部长度
+ unsigned char tcp_reserved;//标志位
+ unsigned short tcp_window;//窗口大小
+ unsigned short tcp_chksum;//检验和
+ unsigned short tcp_urgpoint;//紧急指针
+}TCPHEADER, *PTCPHEADER;
+
+/*UDP报头结构体 8个字节*/
+typedef struct udp_header
+{
+ unsigned short udp_sourport;// 源端口
+ unsigned short udp_destport;// 目的端口
+ unsigned short udp_hlen;// 长度
+ unsigned short udp_crc;// 校验和
+}UDPHEADER, *PUDPHEADER;
+
+
+#pragma pack()
+
+
+#endif
\ No newline at end of file
diff --git a/RawSocket.sln b/RawSocket.sln
new file mode 100644
index 0000000..034bb0d
--- /dev/null
+++ b/RawSocket.sln
@@ -0,0 +1,22 @@
+锘
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RawSocket", "RawSocket.vcxproj", "{28B55222-A3F0-4832-BD05-A8D482CF9EBD}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Release|Win32 = Release|Win32
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Debug|Win32.ActiveCfg = Debug|Win32
+ {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Debug|Win32.Build.0 = Debug|Win32
+ {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Release|Win32.ActiveCfg = Release|Win32
+ {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Release|Win32.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/RawSocket.v12.suo b/RawSocket.v12.suo
new file mode 100644
index 0000000..85ab1c8
Binary files /dev/null and b/RawSocket.v12.suo differ
diff --git a/RawSocket.vcxproj b/RawSocket.vcxproj
new file mode 100644
index 0000000..070bfe1
--- /dev/null
+++ b/RawSocket.vcxproj
@@ -0,0 +1,79 @@
+锘
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+
+ {28B55222-A3F0-4832-BD05-A8D482CF9EBD}
+ RawSocket
+
+
+
+ Application
+ true
+ v120_xp
+ MultiByte
+
+
+ Application
+ false
+ v120_xp
+ true
+ MultiByte
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Level3
+ Disabled
+ true
+ _WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+
+
+ true
+
+
+
+
+ Level3
+ MaxSpeed
+ true
+ true
+ true
+ _CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+
+
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/RawSocket.vcxproj.filters b/RawSocket.vcxproj.filters
new file mode 100644
index 0000000..e24b424
--- /dev/null
+++ b/RawSocket.vcxproj.filters
@@ -0,0 +1,33 @@
+锘
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;hm;inl;inc;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ 婧愭枃浠
+
+
+ 婧愭枃浠
+
+
+
+
+ 澶存枃浠
+
+
+ 澶存枃浠
+
+
+
\ No newline at end of file
diff --git a/RecvInfo.txt b/RecvInfo.txt
new file mode 100644
index 0000000..a14d312
--- /dev/null
+++ b/RecvInfo.txt
@@ -0,0 +1,89 @@
+[RECV] 132bytes
+45 00 00 84 07 D4 00 00 40 11 00 00 7F 00 00 01
+7F 00 00 01 30 39 0D 05 00 70 CD E5 31 31 31 31
+31 31 31 31 31 31 31 31 31 31 31 31 31 31 00 00
+02 00 00 00 00 00 00 00 00 00 00 00 4C FC 18 00
+00 00 00 00 90 FE 18 00 A2 75 3C 76 00 00 00 00
+00 00 00 00 70 0A 00 00 FF FF FF FF 63 6F 41 00
+02 00 00 00 70 E0 42 00 AE 75 3C 76 00 00 00 00
+00 00 00 00 54 0A 42 76 01 00 00 00 00 7F 00 00
+00 00 00 00
+[UDP]
+Protocol:UDP From:192.168.189.132:137 -->To:192.168.189.2:137
+82 aa 40 00 00 01 00 00 00 00 00 01 20 46 48 45
+4a 45 4f 43 4e 44 4a 46 47 46 42 45 43 45 4a 44
+42 46 41 45 4f 45 47 44 4a 45 45 43 41 00 00 20
+00 01 c0 0c 00 20 00 01 00 04 93 e0 00 06 60 00
+c0 a8 bd 84
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
+[UDP]
+Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137
+85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45
+44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44
+44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20
+00 01
diff --git a/Release/RawSocket.exe b/Release/RawSocket.exe
new file mode 100644
index 0000000..fcfe2d1
Binary files /dev/null and b/Release/RawSocket.exe differ
diff --git a/Release/RecvInfo.txt b/Release/RecvInfo.txt
new file mode 100644
index 0000000..9061974
--- /dev/null
+++ b/Release/RecvInfo.txt
@@ -0,0 +1,79 @@
+[UDP]
+Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 03 44 37 d7 2c 13 16 54 04 00 00 00 01
+01 01 00 00 68 21 00 00 00 00 00 00 00 00 54 ff
+4a 5c 35 e2 51 52 67 46 37 27 be 5e 0f 84 f8 05
+0d 4d 0d ec 26 c6 e2 64 cd 1a 0d ae eb e4 c3 0b
+e2 a3 68 42 4e 73 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 00 58 6c b1 2c 13 16 54 02 00 00 00 01
+01 01 00 00 68 21 44 cf 25 31 f2 2a a8 37 69 02
+e7 b2 16 84 e6 2e 03
+[UDP]
+Protocol:UDP From:111.161.88.49:8000 -->To:10.210.104.233:4015
+02 37 0f 00 58 6c b1 2c 13 16 54 00 00 00 13 d9
+90 c2 f7 93 3f 6f 96 74 07 20 5f 28 fc 44 41 54
+f4 75 8b 07 5b 15 d9 b8 7f 9f 24 c8 d8 38 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 03 44 37 d7 2c 13 16 54 04 00 00 00 01
+01 01 00 00 68 21 00 00 00 00 00 00 00 00 54 ff
+4a 5c 35 e2 51 52 67 46 37 27 be 5e 0f 84 f8 05
+0d 4d 0d ec 26 c6 e2 64 cd 1a 0d ae eb e4 c3 0b
+e2 a3 68 42 4e 73 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 03 44 18 5c 2e c7 42 01 04 00 00 00 01
+01 01 00 00 68 21 00 00 00 00 00 00 00 00 d1 36
+2c 49 9d 51 ad 8f 9c c0 7c a3 04 fe 34 d7 49 2c
+c7 f9 44 2b 70 98 fa 07 4e 95 6d 6f 3a 65 23 58
+51 17 7a fa 08 05 03
+[UDP]
+Protocol:UDP From:111.161.88.49:8000 -->To:10.210.104.233:4015
+02 37 0f 00 81 53 c2 2c 13 16 54 00 00 00 90 f3
+aa 39 c3 4a fb 56 41 55 11 7c 84 e7 24 88 b3 05
+07 ec 08 01 86 e9 b8 aa 34 38 0d ee a1 02 6b 5c
+cf b8 2a 9a aa 0a 45 58 df 88 56 b4 e5 19 f0 69
+c2 71 1c 36 33 00 53 10 76 91 ad 86 5d c8 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 03 44 18 5c 2e c7 42 01 04 00 00 00 01
+01 01 00 00 68 21 00 00 00 00 00 00 00 00 d1 36
+2c 49 9d 51 ad 8f 9c c0 7c a3 04 fe 34 d7 49 2c
+c7 f9 44 2b 70 98 fa 07 4e 95 6d 6f 3a 65 23 58
+51 17 7a fa 08 05 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 03 44 37 d7 2c 13 16 54 04 00 00 00 01
+01 01 00 00 68 21 00 00 00 00 00 00 00 00 54 ff
+4a 5c 35 e2 51 52 67 46 37 27 be 5e 0f 84 f8 05
+0d 4d 0d ec 26 c6 e2 64 cd 1a 0d ae eb e4 c3 0b
+e2 a3 68 42 4e 73 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 00 58 58 3f 2e c7 42 01 02 00 00 00 01
+01 01 00 00 68 21 8f 95 b8 b5 e3 db 2b 17 fb 81
+e0 16 8c c2 d2 47 03
+[UDP]
+Protocol:UDP From:123.151.13.27:8000 -->To:10.210.104.233:4019
+02 37 0f 00 58 58 3f 2e c7 42 01 00 00 00 5a 49
+f5 06 61 36 47 4c 28 c5 ee be c9 9b 8e 7c 42 fb
+f7 14 9f 28 7d 01 ed 86 b6 8e f2 58 85 90 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000
+02 37 0f 03 44 18 5c 2e c7 42 01 04 00 00 00 01
+01 01 00 00 68 21 00 00 00 00 00 00 00 00 d1 36
+2c 49 9d 51 ad 8f 9c c0 7c a3 04 fe 34 d7 49 2c
+c7 f9 44 2b 70 98 fa 07 4e 95 6d 6f 3a 65 23 58
+51 17 7a fa 08 05 03
+[UDP]
+Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000
+02 37 0f 00 0d 39 3a 2c 13 16 54 02 00 00 00 01
+01 01 00 00 68 21 9c 6f 00 66 a2 71 85 cf c5 ee
+11 e6 ae f6 7c be 6c 46 28 fc 9c e1 7e 26 25 44
+b0 03 d6 85 9c 49 03
+[UDP]
+Protocol:UDP From:111.161.88.49:8000 -->To:10.210.104.233:4015
+02 37 0f 00 0d 39 3a 2c 13 16 54 00 00 00 1f ac
+4b 61 4f a2 33 dd 6a b1 88 d7 d5 2e 12 5e 03
diff --git a/main.cpp b/main.cpp
new file mode 100644
index 0000000..e89d4f0
--- /dev/null
+++ b/main.cpp
@@ -0,0 +1,32 @@
+#include "rawsocket.h"
+
+
+
+UINT RecvThreadProc(LPVOID lpVoid)
+{
+ ReceivePacket();
+
+ return 0;
+}
+
+
+int main()
+{
+ printf("***************** Welcome To World Of Demon *****************\n");
+ printf(" 使用说明:\n");
+ printf(" 1. 请输入数字,请根据IP地址来选择对应的网卡进行嗅探\n");
+ printf(" 2. 在抓包的过程中,你可以按“回车键”结束嗅探\n");
+ printf("*************************************************************\n\n\n");
+
+ InitRawSocket();
+
+ ::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RecvThreadProc, NULL, 0, NULL);
+
+ getchar();
+
+ ExitRawSocket();
+
+ system("pause");
+
+ return 0;
+}
\ No newline at end of file
diff --git a/rawsocket.cpp b/rawsocket.cpp
new file mode 100644
index 0000000..22c2888
--- /dev/null
+++ b/rawsocket.cpp
@@ -0,0 +1,385 @@
+#include "rawsocket.h"
+
+
+// 全局变量
+SOCKET g_RawSocket = 0;
+HOSTIP g_HostIp;
+BOOL g_bStopRecv = FALSE;
+
+
+// 函数定义
+void ShowError(char *lpszText)
+{
+ char szErr[MAX_PATH] = {0};
+ ::wsprintf(szErr, "%s Error!\nError Code Is:%d\n", lpszText, ::GetLastError());
+ ::MessageBox(NULL, szErr, "ERROR", MB_OK | MB_ICONERROR);
+}
+
+
+BOOL InitRawSocket()
+{
+ // 设置版本
+ WSADATA wsaData = {0};
+ if(0 != WSAStartup(MAKEWORD(2, 2), &wsaData))
+ {
+ ShowError("WSAStartup");
+ return FALSE;
+ }
+ // 创建原始套接字
+ // !!!Windows上没办法用Raw Socket抓MAC层的数据包,只能抓到IP层及以上的数据包!!!
+ g_RawSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP); // 注意此处的设置!!!
+// g_RawSocket = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+ if (INVALID_SOCKET == g_RawSocket)
+ {
+ WSACleanup();
+ ShowError("socket");
+ return FALSE;
+ }
+ // 绑定到接口
+ // 获取本机名
+ char szHostName[MAX_PATH] = {0};
+ if (SOCKET_ERROR == ::gethostname(szHostName, MAX_PATH))
+ {
+ closesocket(g_RawSocket);
+ WSACleanup();
+ ShowError("gethostname");
+ return FALSE;
+ }
+ // 根据本机名获取本机IP地址
+ hostent *lpHostent = ::gethostbyname(szHostName);
+ if(NULL == lpHostent)
+ {
+ closesocket(g_RawSocket);
+ WSACleanup();
+ ShowError("gethostbyname");
+ return FALSE;
+ }
+ // IP地址转换并保存IP地址
+ g_HostIp.iLen = 0;
+ ::lstrcpy(g_HostIp.szIPArray[g_HostIp.iLen], "127.0.0.1");
+ g_HostIp.iLen++;
+ char *lpszHostIP = NULL;
+ while (NULL != (lpHostent->h_addr_list[(g_HostIp.iLen - 1)]))
+ {
+ lpszHostIP = inet_ntoa(*(in_addr *)lpHostent->h_addr_list[(g_HostIp.iLen - 1)]);
+ ::lstrcpy(g_HostIp.szIPArray[g_HostIp.iLen], lpszHostIP);
+ g_HostIp.iLen++;
+ }
+ // 选择IP地址对应的网卡来嗅探
+ printf("Choose A IP Address To Sniff:\n");
+ for (int i = 0; i < g_HostIp.iLen; i++)
+ {
+ printf("\tIP %d:%s\n", i, g_HostIp.szIPArray[i]);
+ }
+ printf("Input A Number: ");
+ int iChoose = 0;
+ scanf("%d", &iChoose);
+ getchar();
+ if ((0 > iChoose) || (iChoose >= g_HostIp.iLen))
+ {
+ printf("Choose Error!\nExit Now!!!\n");
+ system("pause");
+ exit(0);
+ }
+ printf("Sniffing...\n");
+
+ if ((0 <= iChoose) && (iChoose < g_HostIp.iLen))
+ {
+ lpszHostIP = g_HostIp.szIPArray[iChoose];
+ }
+// ::MessageBox(NULL, lpszHostIP, "HOST IP", MB_OK);
+ // 构造地址结构
+ sockaddr_in SockAddr = {0};
+ RtlZeroMemory(&SockAddr, sizeof(sockaddr_in));
+ SockAddr.sin_addr.S_un.S_addr = inet_addr(lpszHostIP);
+ SockAddr.sin_family = AF_INET;
+ SockAddr.sin_port = htons(0);
+ // 绑定
+ if (SOCKET_ERROR == ::bind(g_RawSocket, (sockaddr *)(&SockAddr), sizeof(sockaddr_in)))
+ {
+ closesocket(g_RawSocket);
+ WSACleanup();
+ ShowError("bind");
+ return FALSE;
+ }
+ // 设置混杂模式,这样才能捕获所有的数据包
+ DWORD dwSetVal = 1;
+ if (SOCKET_ERROR == ioctlsocket(g_RawSocket, SIO_RCVALL, &dwSetVal))
+ {
+ closesocket(g_RawSocket);
+ WSACleanup();
+ ShowError("ioctlsocket");
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOL ReceivePacket()
+{
+ sockaddr_in RecvAddr = { 0 };
+ int iRecvBytes = 0;
+ int iRecvAddrLen = sizeof(sockaddr_in);
+ DWORD dwBufSize = 12000;
+ BYTE *lpRecvBuf = new BYTE[dwBufSize];
+ int i = 0;
+ g_bStopRecv = TRUE;
+ // 接收
+ while (g_bStopRecv)
+ {
+ RtlZeroMemory(&RecvAddr, iRecvAddrLen);
+ iRecvBytes = recvfrom(g_RawSocket, (char *)lpRecvBuf, dwBufSize, 0, (sockaddr *)(&RecvAddr), &iRecvAddrLen);
+ if (0 < iRecvBytes)
+ {
+ // 接收到数据包
+ // 分析数据包
+ AnalyseRecvPacket(lpRecvBuf);
+ }
+ }
+
+ // 释放内存
+ delete[]lpRecvBuf;
+ lpRecvBuf = NULL;
+
+ return TRUE;
+}
+
+
+BOOL ReceivePacket_Print()
+{
+ sockaddr_in RecvAddr = { 0 };
+ int iRecvBytes = 0;
+ int iRecvAddrLen = sizeof(sockaddr_in);
+ DWORD dwBufSize = 12000;
+ BYTE *lpRecvBuf = new BYTE[dwBufSize];
+ int i = 0;
+ g_bStopRecv = TRUE;
+ // 接收
+ char szTemp[10] = {0};
+ FILE *fp = fopen("RecvInfo.txt", "w+");
+
+ while (g_bStopRecv)
+ {
+ RtlZeroMemory(&RecvAddr, iRecvAddrLen);
+ iRecvBytes = recvfrom(g_RawSocket, (char *)lpRecvBuf, dwBufSize, 0, (sockaddr *)(&RecvAddr), &iRecvAddrLen);
+ if (0 < iRecvBytes)
+ {
+ // 接收到信息
+ printf("[RECV] %dbytes\n", iRecvBytes);
+
+ ::wsprintf(szTemp, "[RECV] %dbytes\n", iRecvBytes);
+ fputs(szTemp, fp);
+ for (i = 0; i < iRecvBytes; i++)
+ {
+ if (!g_bStopRecv)
+ {
+ break;
+ }
+ if ((0 == (i % 8)) && (0 != i))
+ {
+ printf(" ");
+
+ ::wsprintf(szTemp, "%s", " ");
+ fputs(szTemp, fp);
+ }
+ if ((0 == (i % 16)) && (0 != i))
+ {
+ printf("\n");
+
+ ::wsprintf(szTemp, "%s", "\n");
+ fputs(szTemp, fp);
+ }
+ printf("%02x ", lpRecvBuf[i]);
+
+ ::wsprintf(szTemp, "%02X ", lpRecvBuf[i]);
+ fputs(szTemp, fp);
+
+ }
+ printf("\n");
+
+ ::wsprintf(szTemp, "%s", "\n");
+ fputs(szTemp, fp);
+ }
+ }
+
+ fclose(fp);
+ // 释放内存
+ delete[]lpRecvBuf;
+ lpRecvBuf = NULL;
+
+
+ return TRUE;
+}
+
+
+void MyPrintf(const char * _Format, ...)
+{
+ char szTemp[MAX_PATH] = {0};
+ // 第1步,定义这个指向参数列表的变量
+ va_list arg_ptr;
+ // 第2步,把上面这个变量初始化,让它指向参数列表
+ va_start(arg_ptr, _Format);
+ // 第3步,获取arg_ptr指向的当前参数
+ vsprintf(szTemp, _Format, arg_ptr);
+ // 第4步,清理工作
+ va_end(arg_ptr);
+
+ // 显示
+ printf("%s", szTemp);
+ // 保存到文件
+ SaveToFile("RecvInfo.txt", szTemp);
+}
+
+
+void SaveToFile(char *lpszFileName, char *lpBuf)
+{
+ FILE *fp = fopen(lpszFileName, "a+");
+ if(NULL == fp)
+ {
+ return ;
+ }
+
+ fputs(lpBuf, fp);
+
+ fclose(fp);
+}
+
+
+BOOL ExitRawSocket()
+{
+ g_bStopRecv = FALSE;
+ Sleep(500);
+ closesocket(g_RawSocket);
+ WSACleanup();
+
+ return TRUE;
+}
+
+
+void AnalyseRecvPacket(BYTE *lpBuf)
+{
+/*
+ !!!Windows上没办法用Raw Socket抓MAC层的数据包,只能抓到IP层及以上的数据包!!!
+ 注意:
+ 数据包的字节顺序转换问题!!!
+ //这里要将网络字节序转换为本地字节序
+*/
+ //分析IP协议
+ PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+ //分析IP包的协议类型
+ switch (ip->ipv4_pro)
+ {
+ case IPPROTO_ICMP:
+ {
+ MyPrintf("[ICMP]\n");
+ AnalyseRecvPacket_All(lpBuf);
+ break;
+ }
+ case IPPROTO_IGMP:
+ {
+ MyPrintf("[IGMP]\n");
+ AnalyseRecvPacket_All(lpBuf);
+ break;
+ }
+ case IPPROTO_TCP:
+ {
+ //分析tcp协议
+ MyPrintf("[TCP]\n");
+ AnalyseRecvPacket_TCP(lpBuf);
+ break;
+ }
+ case IPPROTO_UDP:
+ {
+ //分析udp协议
+ MyPrintf("[UDP]\n");
+ AnalyseRecvPacket_UDP(lpBuf);
+ break;
+ }
+ default:
+ {
+ MyPrintf("[OTHER IP]\n");
+ AnalyseRecvPacket_All(lpBuf);
+ break;
+ }
+ }
+}
+
+
+void AnalyseRecvPacket_All(BYTE *lpBuf)
+{
+ struct sockaddr_in saddr, daddr;
+ PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+ saddr.sin_addr.s_addr = ip->ipv4_sourpa;
+ daddr.sin_addr.s_addr = ip->ipv4_destpa;
+
+ MyPrintf("From:%s --> ", inet_ntoa(saddr.sin_addr));
+ MyPrintf("To:%s\n", inet_ntoa(daddr.sin_addr));
+}
+
+
+void AnalyseRecvPacket_UDP(BYTE *lpBuf)
+{
+ struct sockaddr_in saddr, daddr;
+ PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+ PUDPHEADER udp = (PUDPHEADER)(lpBuf + (ip->ipv4_ver_hl & 0x0F) * 4);
+ int hlen = (int)((ip->ipv4_ver_hl & 0x0F) * 4 + sizeof(UDPHEADER));
+ int dlen = (int)(ntohs(udp->udp_hlen) - 8);
+// int dlen = (int)(udp->udp_hlen - 8);
+ saddr.sin_addr.s_addr = ip->ipv4_sourpa;
+ daddr.sin_addr.s_addr = ip->ipv4_destpa;
+ MyPrintf("Protocol:UDP ");
+ MyPrintf("From:%s:%d -->", inet_ntoa(saddr.sin_addr), ntohs(udp->udp_sourport));
+ MyPrintf("To:%s:%d\n", inet_ntoa(daddr.sin_addr), ntohs(udp->udp_destport));
+
+ PrintData((lpBuf + hlen), dlen, 0);
+}
+
+
+void AnalyseRecvPacket_TCP(BYTE *lpBuf)
+{
+ struct sockaddr_in saddr, daddr;
+ PIPV4HEADER ip = (PIPV4HEADER)lpBuf;
+ PTCPHEADER tcp = (PTCPHEADER)(lpBuf + (ip->ipv4_ver_hl & 0x0F) * 4);
+ int hlen = (ip->ipv4_ver_hl & 0x0F) * 4 + tcp->tcp_hlen * 4;
+ int dlen = ntohs(ip->ipv4_plen) - hlen; //这里要将网络字节序转换为本地字节序
+ saddr.sin_addr.s_addr = ip->ipv4_sourpa;
+ daddr.sin_addr.s_addr = ip->ipv4_destpa;
+
+ MyPrintf("Protocol:TCP ");
+ MyPrintf("From:%s:%d --> ", inet_ntoa(saddr.sin_addr), ntohs(tcp->tcp_sourport));
+ MyPrintf("To:%s:%d ", inet_ntoa(daddr.sin_addr), ntohs(tcp->tcp_destport));
+ MyPrintf("ack:%u syn:%u length=%d\n", tcp->tcp_acknu, tcp->tcp_seqnu, dlen);
+
+ PrintData((lpBuf + hlen), dlen, 0);
+}
+
+
+void PrintData(BYTE *lpBuf, int iLen, int iPrintType)
+{
+ if (0 == iPrintType) // 16进制
+ {
+ for (int i = 0; i < iLen; i++)
+ {
+ if ((0 == (i % 8)) && (0 != i))
+ {
+ MyPrintf(" ");
+ }
+ if ((0 == (i % 16)) && (0 != i))
+ {
+ MyPrintf("\n");
+ }
+ MyPrintf("%02x ", lpBuf[i]);
+
+ }
+ MyPrintf("\n");
+ }
+ else if (1 == iPrintType) // ASCII编码
+ {
+ for (int i = 0; i < iLen; i++)
+ {
+ MyPrintf("%c", lpBuf[i]);
+ }
+ MyPrintf("\n");
+ }
+}
\ No newline at end of file
diff --git a/rawsocket.h b/rawsocket.h
new file mode 100644
index 0000000..d6a99c5
--- /dev/null
+++ b/rawsocket.h
@@ -0,0 +1,43 @@
+#ifndef _RAWSOCKET_H_
+#define _RAWSOCKET_H_
+
+/*
+ 注意:
+ 头文件.h只声明变量和函数,不要在头文件里定义变量或函数,要不然#ifndef .. #define ...#endif 没有用哦^_^
+*/
+
+#include
+#include
+#include
+#include
+#include "PacketStruct.h"
+#pragma comment(lib, "ws2_32.lib")
+#include // 不定参数函数需要的头文件
+
+
+
+typedef struct _HOSTIP
+{
+ int iLen;
+ char szIPArray[10][50];
+}HOSTIP;
+
+extern SOCKET g_RawSocket;
+extern HOSTIP g_HostIp;
+extern BOOL g_bStopRecv;
+
+void ShowError(char *lpszText);
+BOOL InitRawSocket();
+BOOL ReceivePacket();
+BOOL ReceivePacket_Print();
+BOOL ExitRawSocket();
+void AnalyseRecvPacket(BYTE *lpBuf);
+void AnalyseRecvPacket_All(BYTE *lpBuf);
+void AnalyseRecvPacket_UDP(BYTE *lpBuf);
+void AnalyseRecvPacket_TCP(BYTE *lpBuf);
+void PrintData(BYTE *lpBuf, int iLen, int iPrintType);
+void MyPrintf(const char * _Format, ...); // 不定长参数函数
+void SaveToFile(char *lpszFileName, char *lpBuf);
+
+
+#endif
\ No newline at end of file
diff --git a/res/demon64X64.ico b/res/demon64X64.ico
new file mode 100644
index 0000000..5f8cae7
Binary files /dev/null and b/res/demon64X64.ico differ