From 209f8d0fb86ca84d00929ea5c6ddd34f74104efe Mon Sep 17 00:00:00 2001 From: DemonGan Date: Thu, 14 Apr 2022 13:59:39 +0000 Subject: [PATCH] init init --- PacketStruct.h | 100 ++++++++++ RawSocket.sln | 22 +++ RawSocket.v12.suo | Bin 0 -> 33280 bytes RawSocket.vcxproj | 79 ++++++++ RawSocket.vcxproj.filters | 33 ++++ RecvInfo.txt | 89 +++++++++ Release/RawSocket.exe | Bin 0 -> 10752 bytes Release/RecvInfo.txt | 79 ++++++++ main.cpp | 32 ++++ rawsocket.cpp | 385 ++++++++++++++++++++++++++++++++++++++ rawsocket.h | 43 +++++ res/demon64X64.ico | Bin 0 -> 16958 bytes 12 files changed, 862 insertions(+) create mode 100644 PacketStruct.h create mode 100644 RawSocket.sln create mode 100644 RawSocket.v12.suo create mode 100644 RawSocket.vcxproj create mode 100644 RawSocket.vcxproj.filters create mode 100644 RecvInfo.txt create mode 100644 Release/RawSocket.exe create mode 100644 Release/RecvInfo.txt create mode 100644 main.cpp create mode 100644 rawsocket.cpp create mode 100644 rawsocket.h create mode 100644 res/demon64X64.ico diff --git a/PacketStruct.h b/PacketStruct.h new file mode 100644 index 0000000..a0c182f --- /dev/null +++ b/PacketStruct.h @@ -0,0 +1,100 @@ +#ifndef _PACKETSTRUCT_H +#define _PACKETSTRUCT_H + + +#pragma pack(1) + + +/*以太网帧头格式结构体 14个字节*/ +typedef struct ether_header +{ + unsigned char ether_dhost[6];// 目的MAC地址 + unsigned char ether_shost[6];// 源MAC地址 + unsigned short ether_type;// eh_type的值需要考察上一层的协议,如果为ip则为0×0800 +}ETHERHEADER, *PETHERHEADER; + +/*以ARP字段结构体 28个字节*/ +typedef struct arp_header +{ + unsigned short arp_hrd; + unsigned short arp_pro; + unsigned char arp_hln; + unsigned char arp_pln; + unsigned short arp_op; + unsigned char arp_sourha[6]; + unsigned long arp_sourpa; + unsigned char arp_destha[6]; + unsigned long arp_destpa; +}ARPHEADER, *PARPHEADER; + +/*ARP报文结构体 42个字节*/ +typedef struct arp_packet +{ + ETHERHEADER etherHeader; + ARPHEADER arpHeader; +}ARPPACKET, *PARPPACKET; + + +// ipv4_pro字段: +#define PROTOCOL_ICMP 0x01 +#define PROTOCOL_IGMP 0x02 +#define PROTOCOL_TCP 0x06 +#define PROTOCOL_UDP 0x11 + +/*IPv4报头结构体 20个字节*/ +typedef struct ipv4_header +{ + unsigned char ipv4_ver_hl;// Version(4 bits) + Internet Header Length(4 bits)长度按4字节对齐 + unsigned char ipv4_stype; // 服务类型 + unsigned short ipv4_plen;// 总长度(包含IP数据头,TCP数据头以及数据) + unsigned short ipv4_pidentify;// ID定义单独IP + unsigned short ipv4_flag_offset;// 标志位偏移量 + unsigned char ipv4_ttl; // 生存时间 + unsigned char ipv4_pro;// 协议类型 + unsigned short ipv4_crc;// 校验和 + unsigned long ipv4_sourpa;// 源IP地址 + unsigned long ipv4_destpa;// 目的IP地址 +}IPV4HEADER, *PIPV4HEADER; + + +/*IPv6报头结构体 40个字节*/ +typedef struct ipv6_header +{ + unsigned char ipv6_ver_hl; + unsigned char ipv6_priority; + unsigned short ipv6_lable; + unsigned short ipv6_plen; + unsigned char ipv6_nextheader; + unsigned char ipv6_limits; + unsigned char ipv6_sourpa[16]; + unsigned char ipv6_destpa[16]; +}IPV6HEADER, *PIPV6HEADER; + +/*TCP报头结构体 20个字节*/ +typedef struct tcp_header +{ + unsigned short tcp_sourport;//源端口 + unsigned short tcp_destport;//目的端口 + unsigned long tcp_seqnu;//序列号 + unsigned long tcp_acknu;//确认号 + unsigned char tcp_hlen; //4位首部长度 + unsigned char tcp_reserved;//标志位 + unsigned short tcp_window;//窗口大小 + unsigned short tcp_chksum;//检验和 + unsigned short tcp_urgpoint;//紧急指针 +}TCPHEADER, *PTCPHEADER; + +/*UDP报头结构体 8个字节*/ +typedef struct udp_header +{ + unsigned short udp_sourport;// 源端口 + unsigned short udp_destport;// 目的端口 + unsigned short udp_hlen;// 长度 + unsigned short udp_crc;// 校验和 +}UDPHEADER, *PUDPHEADER; + + +#pragma pack() + + +#endif \ No newline at end of file diff --git a/RawSocket.sln b/RawSocket.sln new file mode 100644 index 0000000..034bb0d --- /dev/null +++ b/RawSocket.sln @@ -0,0 +1,22 @@ +锘 +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2013 +VisualStudioVersion = 12.0.40629.0 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RawSocket", "RawSocket.vcxproj", "{28B55222-A3F0-4832-BD05-A8D482CF9EBD}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Debug|Win32.ActiveCfg = Debug|Win32 + {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Debug|Win32.Build.0 = Debug|Win32 + {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Release|Win32.ActiveCfg = Release|Win32 + {28B55222-A3F0-4832-BD05-A8D482CF9EBD}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/RawSocket.v12.suo b/RawSocket.v12.suo new file mode 100644 index 0000000000000000000000000000000000000000..85ab1c8c5be2cb1c619a85f6a346d35afa5ae181 GIT binary patch literal 33280 zcmeHQYit|Wl^!~_V<&AAJ89awiLKgB>NY0Lha^*WUVMnLV<~neMNVU;3Pp}2S`?{r zNXw3;=F!w?+B7euC^krg?rsyf@1|&*qNst?S?r?d4;w+Y1-6UbWZ}hj_eZzbAG=-b z#_IRonJW${a%M={jU3Mv&fLrUI`?tzz2}~DW_0@0nz#P)m340`HSSjB66NgtYGtJ< z-eU?YS1HN|@Ov5H?EL&ZlbDX6>n@-X7*GoMD=8gHuabvfRE}^e9lL9l6$^8|)~3{3 zul{@D%Vizw6h z%PCnUt)$TZEZUG4t9rg0m#yyD$mZ94ZEW{T_&*fOC zXiEt(sxqpS(S~t^iprpv9Tlyd(u;~`SXt&F-YfCTDgHU+{k^f6S?(PctZ`h^mm`h- zW$@YF)qwXKam>C3Vfr62e1tnvk7S=i5mbn0zL-V0{A%K6M&ll zTLE5x53mj32iyvfbu{DOhH~#~v1~JVmU`Yl>-zuuGw%8a%`K(%FX>b616=Rd)vSvR zHNRzp*KGgIXzcpmWzJkDEc-9p zP$$cxs5=nzvJpE3I-^7*f%9JHJ}Rf}u#kID4nvttHD@3z-GTAvoue82W#m6@R4@qc zCvBX+hkz*~a1P)(uI$0nP8!DkQ%)i8JVv#aUiJB}DMRQVxt&ow4`cmN+QYV_5wdd| zf&Xe`YNr1WAV1qncMrxshyLqaU`oiE?71$zET8N@<$06?vki>1a|L8LX=EBgKc|78 zedbJ)_fj$2>^mi3hm-*1Je2;_cb@=e%8Dqfa*E$P{&w^qs*iRdwiWt+1f@xXbawcI zdbWm7;^*CZ1HftjA4T4yMvYeZ_`%gKYQ~acr^_S>1Mg{Fp3NE{ddkCeR z`svdMV|Dy>E$si~m$_!?hJZ~2-ado&1|jh+pw}f(Aa5o0ZykDBKGA>CZ}y$8l42c_ z_YbS_r!2hFx*DUyk9fwo%ij}=6APbAK~^48B+KKH;6{`v1dL(F1~O^;+DkDV;ipG_AFT4Aij-ed|h zns2C3$Z1adcHlntZq=&Q22qMWUMhZ&R_K=B)+UYypU;KA_~w5+eC(fgeXCw&7ybM%8owqY*Mt@b+@qp z^6aDThptx3wjcPp_fLqmqvx@DcHsP_{_BGPlDAb}nMR(HXEt3e{wVrMj(8FqU_tcX z`V6A}(Y(U+TCJaxNdAsT&m-qqo_`nO{8J~%&D!bszsKfZ+&?7^=(B45G|#^k|Kaj~ z)@zTWycGC9?j^1Af3^D$c~0KF?Bwo}!XW?md{KLS3AH}agGvB8u5r%v-)fYbh)@1M2!`!V)Yz)CwD^VwK^ z>Qx%E75L@acZxrW;zLFiR_mX%a3RQlsLzmNP#KxVq4%Qvhve*Z{>}2ATKcQcf0!w; zdR#j}f3)l28SE7Q0pxA8{&h^00&xwf(9iQK*pFY7PwTPf7J&Z~^e<(A=CnrPdy#-! zqi|CHM_Q*Hn2uGqwsInep!`G1zMb};`}KN*{~}&Wyo!SJ&6)0PvSqqvLP|d=8#A9u zkbf@FzEk}70DoTZKJIimaGM(bcneg)g*U=v6sYld{%t~>v>B;MuKUxx|J{w2aMY=9 zCZAv3>qfg?rCP{8o9=%z_&GmTu9fr0jDHtKJtO*_$C;PIXiyTK6ET#C+PQZ7&$bZA zKXXlR9jydh3g8;$*~YV-q95LwxX!8TU>Vv_%JNqm;Sa#)S;+ek`2wbMf8ZU7Vd|-Q zU!=UU1MpG6MgVDuJj@LM%CjibWq!&PxxQ`!Yz24$KEO5r?ffAdd$YWFDTa z+kzZXGL>*v_@yk`$_^FwpW^;UUeqamo_PW}9+WdJwm%(1ug8V_sbY;HOH})mzmR7o zZ|oF5?@DKu>GkXd_jeFnB{g@oH?LvA!Rq-MJ!$_zew}=`Q~aE-M~n(<`M*}~|7%be z`FN-J&&U0rxao{;S$gOA{xABiV|RvsDc%3AR;$Rqeb3g9pv>f0Ky|JT=VE{W{ zdqyO*(Wl-(nhxmtzDH-DXzq1Bc77~&!pf))V!UW2U zjv_sb_1J~Kp!oAbz7>Kz%MZC(C(>Ah7dhgH=|U*-p0NL| z+<)cS=M+DAud-389e&C-t(?SvBQiO~|0wbvH7X5*7DyREP;&y((q2IwbC8o(I72J? zBi~E<(;Y3xrj56@C~KuuiLzH}=yc0YT2?ZTl=EXJy-e9S@Z&9i`0L=V6Dy9t`N*jk zPsj?n%-=4Z{j1okr`LRMo$~cxUOE4|Ok>51-DtBXNep$6c2KQHSv!C|w%S1Pl6sLV zJ3sZ9`rmi0d^%6>m|k2AL(}-HvDGt?^g*7R1}89$J&<2Y-~iNVCmf0U(LIqH8pkbyFKr}W1Gdl*1xhu@le5cU@y^3xjtPVqmEybl8C?C?{MVCCfc zqfW#r{-==lhgOv~nMS!XHTy0`^MKY-}~zN|Lke5JhlJ4)7af}8qqmrm;K;KbKpy}4R};DC(CZ1%XQ|% z-bo&?gmor)WBvU*GuFoZvu+*4ysL!W#JOzSPGKc+E^G8b*3)QL@!<~3x6yU$`>3#i zF^>T)H_mNa>fdne+M!cG1XP#6ZD~7hPrZ=d@K()m2%!M}c*7=DGA)7-S5yQL!yU_y zlKhJy_Z&`5Clo*_T|`JgvbYbZC_5%>L^$uX$!R>UJC(sgdQvSVi>Vn+gna4g>Dk$% zaer?hLOl%Ez;fj|Pke_Te@BDiXjfM-81zO$3BR{99141)aetRL5{`F-8N{mbI|JUH zXt&=R3Uzn&1cR|)Bp96g%K2{9z7z*%uv9FkOTGy?EOyO$_Ix+1GFgt>^wjxo(^M*( zH`9*YAmKVHzD)x1QnI%%P5N4`L>J~V5=``N@9YhDquV<}-asJk_eQWpyncVgAM5ca z5{X!7ZuaK>td>q>bE)ZGeZ~srku=#zh`@QEEe&0273bD&Okij4R^Hsd zY4{6k5)B*~nJE+}lf9oQr%KsEJ{j}}y1f3N*WZ&IS4)x1R5qVZ<#K*mHre0gG)JG8 zZEa})jrOG`Qy97FT&gryC{87(bLH`D-tb07Q<|FOV+0$_A-tsOcu_>XgG2hZmLBWc zzI`;D#u$b=F}sd6OM+wwSkeCUg>|eY13w#U}vqCCa>9QO)!C>;|f>>~c_~uMd}5 ztgI^uFkDNMLwJ9MPQW*N?FOrj+;WJduMZV96uMjf8m-B<0Vs8m`{Hicqwm2T;4<6^ zn%APYQpWuGhRPkPzV1SW=0X*%V;>fO^ntO|@%kV?q$L#l(TtewOFP#?Y?c^9e@h*=Mtt2YeD`<@28h=ZKZKov#UG0}e^jP~R*MAhy?mnhV z+$m>cjrDdF8L!)Zw2#rs`h#y7(b1;{l-z`DlWYf~j94C^O`J=GQ7Q|Rl{e>cY2>?5 zaGULpwZ7eV@fE1*QX#ui;v+&85s*(ktS+jA5$DQvpdwmP(PnwEE`N*onmpeIla6Eg z>glyRawku(`B7B)`sO>Ye}idqtQnRR%J5?M(po+5yx@D+BSW9in3RMS1Z}GMIix9Q z@42IqkLGuIjv#dmfBJV9`K2?ih13ErYP9!@5|enNjO&W;zsj%TQY%yWIyYhcm{@+M9;>!OgaJKMWT(cfx>B;}O@+*9}SyQ`HscgRWL_WPDWS$@5=ve6ezCz-&zCe%KxjlR#*OCH5{(|-)t@5%KvH8VW*dO z<^Rp7;+K;Ae=pWP-*$23|8f&FOKN0Xv%XVVz0-We-%MWScjf<5#_r1h>wkH>zDB~8 z|GV;kSN_i(l&%Bd%Kxcba4P@js8yW#G-bHnDOSnNkhw%9WkCM-2%3(h#?`GIFizB9 zeRxZ^FXZ$4{98L>#eMCkKO(Ds?mPbaU%d9 Y-+lS2kKe!Z#Q)x^y|9v&W3{dL6Jc! + + + + Debug + Win32 + + + Release + Win32 + + + + {28B55222-A3F0-4832-BD05-A8D482CF9EBD} + RawSocket + + + + Application + true + v120_xp + MultiByte + + + Application + false + v120_xp + true + MultiByte + + + + + + + + + + + + + + + Level3 + Disabled + true + _WINSOCK_DEPRECATED_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + + + true + + + + + Level3 + MaxSpeed + true + true + true + _CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + + + true + true + true + + + + + + + + + + + + + + \ No newline at end of file diff --git a/RawSocket.vcxproj.filters b/RawSocket.vcxproj.filters new file mode 100644 index 0000000..e24b424 --- /dev/null +++ b/RawSocket.vcxproj.filters @@ -0,0 +1,33 @@ +锘 + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + 婧愭枃浠 + + + 婧愭枃浠 + + + + + 澶存枃浠 + + + 澶存枃浠 + + + \ No newline at end of file diff --git a/RecvInfo.txt b/RecvInfo.txt new file mode 100644 index 0000000..a14d312 --- /dev/null +++ b/RecvInfo.txt @@ -0,0 +1,89 @@ +[RECV] 132bytes +45 00 00 84 07 D4 00 00 40 11 00 00 7F 00 00 01 +7F 00 00 01 30 39 0D 05 00 70 CD E5 31 31 31 31 +31 31 31 31 31 31 31 31 31 31 31 31 31 31 00 00 +02 00 00 00 00 00 00 00 00 00 00 00 4C FC 18 00 +00 00 00 00 90 FE 18 00 A2 75 3C 76 00 00 00 00 +00 00 00 00 70 0A 00 00 FF FF FF FF 63 6F 41 00 +02 00 00 00 70 E0 42 00 AE 75 3C 76 00 00 00 00 +00 00 00 00 54 0A 42 76 01 00 00 00 00 7F 00 00 +00 00 00 00 +[UDP] +Protocol:UDP From:192.168.189.132:137 -->To:192.168.189.2:137 +82 aa 40 00 00 01 00 00 00 00 00 01 20 46 48 45 +4a 45 4f 43 4e 44 4a 46 47 46 42 45 43 45 4a 44 +42 46 41 45 4f 45 47 44 4a 45 45 43 41 00 00 20 +00 01 c0 0c 00 20 00 01 00 04 93 e0 00 06 60 00 +c0 a8 bd 84 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 94 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 +[UDP] +Protocol:UDP From:192.168.189.1:137 -->To:192.168.189.255:137 +85 97 01 10 00 01 00 00 00 00 00 00 20 46 45 45 +44 45 50 45 4f 45 47 44 43 43 4f 45 47 43 4f 44 +44 44 47 44 41 43 4f 45 44 45 4f 41 41 00 00 20 +00 01 diff --git a/Release/RawSocket.exe b/Release/RawSocket.exe new file mode 100644 index 0000000000000000000000000000000000000000..fcfe2d10a924598cf6985c5c51e4163a98451d9d GIT binary patch literal 10752 zcmeHNe_T}8mA?!FB7%^XNl4TDG3;ZQ91tHfft|wDD)!>KKd~7gJk}F^O&I#$?A}_d~KqNkj7Xd+rPdf3*AK zvw!rno9pM?ALpEV?m6e4d+vRMmCGJusf;l#Kvfyrhn9+)*MGT+gFJrn^W)jBu_vbN zOQ|?9rABNH>)WKz8p+qHZ}bI&Az8m#&`Xh^zB#BbTU@Pg4f%z_?Ci{fq-fjD+9{h( z7E2@0_NBL^FJj#GrGJ$+^7gD0t~vjaVc4heFm8P1Xh}WHWy%^u{+V%FqTe3l#!OTVL(np zNoDTMoRQ|yWZqtF2+6is8S_)e%UFL3b*?L`7!$FM+sIh)b)?b5ddqctV_+=rX7ZAg z3T2^PM*r?xP?26_Yf^9Yc+oSqs!;O#WFKR-nLt4%gIn0GfKkPbr3({mY-1V-Krrac zrUFJ4H)F9vDJ(St$8CkpoNr{)lf2+_7fM1P1V*x*tpbp4cL7EfH)C^04L|MvFM1&U zAslXw_4Xx8tzunna5J&P=w|8}F_vgfCYoFmM=s<|^l)DMchIDT{}WlRn|D+l!+ce@ zilkgZWFAdh<#BV3Rh^bdRzJq7ZkV$T65AsrP*;y`^sv?(TX|KRzP=^O#myHpAZ9yr zyP5gLF3)hSn2K?C=La9F>XFVN)L7W7yc@5{We||1>M|h7TieZP;x-8Ps=AY0dTs*Q zk}K{YbPJX}4T4fRY(B9veqjt_%3CW&El=x5&kt_Ccos=Ap~B&=Ed{4Bs;x7}#7Cit zx2dbFz};O|FxMOZbq-engJQ3!K}@Tn$AGV~j-4>>$Kq(+KV9rri) z-;J8&U8~7qXma5JRaHkce+BkH^V4X!=I6&JjD@y9iCQQJM{5x)w3z9}jo#k}k@3%A z$F5cS0c2J3JJ}6M5W*lt8SK1#Qz>Uj%9|fuFXf)36vdSVqs2J5#K1f^0#HOvMSWGt zrhe(svVuH9bn&4wKdW22H5wa^7BktQFx8;yE<(gwPBnS4z4@CDk*ND1K}QnicJW48 zl+`^~jXF28ZtdpCi;9b%ol96*ebsy!!ECb<_e1v_q}kp60#;Wm=9wwliE}=pHG0(K z;7l9OC#UO){whLfBGjBnYI;QrpCe)p4{$nM3bg8s3t0OoF;8b8XC&MtTfrLCnjki+P)JzF1aJpz6*;9;__bm)KegXkg>OQgg~lsqtra*pJ2I3x==Xo39|t@EuNC1wCOE>Tiw+&G-vp6Ck1QeR#c4dr~N({~QkF zJ`&on5{F<)k{}jyS6q`{GU&{2gawI&$Itgr^y0*k!ws)i*P3H+eO4~y)xk~VgFLan zkg=wmGi3#LkV^=6m#XW4AY~E-3w*5%C2}3qdOg4>{P?3T1^Jdf%;v6CT2}IPz zlXp(11$m%O)yZUUMZpYAPrCbl_vjU-JUG38p%i`aij@9)JYD+N1%4%Sc#9LE4K4-8!0>(Jv^iHvYek_t;NIu z(6y?r9SwFQnf~8_o32a$JpW(JtyU&wAwFyCln=T#UCP-rCfc9Vo%L|Hwlf2M>Z%;> z@(ktdE!BF}Q_A`*<%_vFdt=dfhIk%2ba@8jx59ghXBb|~*^Bgc3S=*CT8bO>j90t_ zw)lHUi<~DbXRlk6WU3>w)&lY=B3E9D9?nRu98#7H#(%?iNZYXT{?R&9JYT2pU_#%V zJ@Ug@P&#!G`sVCipgHum#@iLS#I?ESNJ4Kh7i+PLb!5|v zBBJ^C-U~Yrzxyhe;e6ZhtaURPkB|Y2lI=u)^M1n6=R@S3eUx9DY@73eiJUXXqWfj^ z#;+S|+Z;zH=j*YSlpejC;_xwS?a~%i)!mDZlDz|UPaCe`9vRhk|2%j(MakX;^!9o_ zh%d+W6<>z+qpl2yV392Gk9U%&CrDI$6Ub3lE(wo}CBcsq8ZS37Qx8+eg1mhdBpuZj zScu8G9D^R}iuY1AgQ^0e=pMmLyxw{Y7gMP zx6@~l;?*i29uT3pa@-sn%-J~}@0oFq7b1h^%k!0w2U5}4tO3v?nJts!&ylPFyKNH3 z+}p(|q5OOpTvJ3Qx=*vEi<8#&fR zCa}mjRrgH{x0A@EopB4S=#9Uwfwf!h7U0@zxh=i~C>Wg9qFH+4b3MhSurk|1wa!5Gq= zfV$}sotHP+WxScB=S|u~-b~Bq&CEPBkAEd?AsWTQdYrt~_PEh@dop?|Xxw=YSN+kn ztuQhL|F#pcr;JQaD@IKUA5C*|Dg$m|ve%-mUmIgbJ1Q{NFxbGy3O|uu6=_2lAL_@h zX+fv4*iJ#vN0|f9M3}C4G8DGCxG~(?ADI?y&rOX?R@`|mecIP$l zx&JXmPB+I^yr5Js9J7V3$Vcj6n-L$<^2*1+bOJQpP> zRX91wZJ^i{cfq0f`Yo{I`IzqGj+u@cMKc1SryQJiEq z$8MZ(^?ihO_a~BL1|`N7z1%V8*k&8gidoMmvf_RDIom*l1EUx7qQWH>6^0U@Otp0f z7rpKN`2hsC>NqNAcOH?)UOCxAn>*0d?YV@LlLyx;@Py|QKJZjsK88l>OiXmTJr}{G zC#K55ZqKl}@}e1^Y{wkGij3L67_tX)J711uDTlIeS-{w#{@iiLU_Int`E?f$B77nt zaIo1?7bRdOr=nlmqHWQux`hzCbg43k_W&hpo}qcJ#^*;`OMd;z-soNUL|)n3k|&Ck z9%mp4M1^xm9wbY#=35#aTGOs?JR^2Lxo+uY-AMR2WWjb3WBdR{?eVyFLBb z{PXmxQLMB)F8p{aEr4gqP}in&YUI3nhU=t8`q87A$z6-%J;{`#@!z89RW_Z&YBOmy z+5<`>6^M{4XO~WhT{*jOMQ?50fqZCxkg9=kN;(2Zqn?Z&(K@b3?>4L?x}NA%-IR{7 zOQonxVdl%V@mH`YbnJ{pG?+^z{tKY`aGHKVW=wkubzfg1>Q(&u1y%9z?F!&M47jKN zlLIh}1Aw?!BSU!qByGbR09k;` zHpb2YVt}Usj{~TD39STJ1*ioq1lR!vzzl#E&<0r#0=57i1$+zeeZWruKLfk~=mVSv zya%8kJ;wv?1Q-CtfVqHrKmhO{;LCu&2RsgV3UB~$7BC2?fWA~JAZrfELkTn1aSH&) zq+=`qKWTR0x6lp^;5GpAe}@GCbvy71?ZAVwgHJ^D!tL&nE*p#fAf96HDIja`l7EB0*#?oL0=Qn*M+2jU%$9XUnaDM zg8J)O?}pNPl;itP_5Snj-YY%NXYw)OjD`B61IN!F8#w;at7m$iK02`Pg9E=U_wGJ> zW^ZiQueYCmchBilKiYlx#L&T~emQjVts>S6x~y`y@HihJ6k-t`%g))(El~3d=!Xt1!}E zy@8JyGn!@>8t~7Ex%0$OC@knp_2piDsoyUN;V^l-I@sLQWQQhWfuH8LPYa`89&C%q zU|kexT`fpjWWIYCyT5#1rFTUp+69TWW*!aM{Y%Oc?c$n+ zo+?-ZVP1$F^y({AXoUpGC$pnEl3N5WvQ`kLn&il@Ki1GRG3YL{y+dXmZlQP!?#A58)`3Q zrquP}HmNx%HMqh1!H5lUPZK*}b&1-dkGlUWQDV-qaXCKEvIUE+7x#?gfVl z9AGFXj>_uVc~wS}A))iyl!p4oHhF$?Ko%r+o2J3n8eY?on7JpVp#i$I`kI42X-$~D zhjCbt8+>hT4f2LItP#~DSZ8S(8WVHe=!Jq!%{cqyM*KC;7ZBK`#7rb~snsWof+R7P zo!ZbGY?iTXYlFbDJ{hsS;3kp~T*tnzX=tLq5;Impl3NpfFZz<);1^a$)~pev2Bh${ zc$Hut&`W}%FX#^leouR&&?YyBg6yXWN)6V6EwX^T)`+cQ)|3)jpX1!*#rkFJ#|hqQ z;UR4zhQcC)fy2cteOO>=jEb50@n!;Ki*a1ZAcL zE@@jxnvZCXNU$|QdouODh#+n73Q|)DyAW&?=7l0$(xDVY_`HZDK}2$Pxu3l_3Y$0+ zK(Y;V8mf8F)-<;YrD3>4pdLHU%7oGSy_4Q5v?5$?mVZ9Q{dIbPKFoLCez1)0R4R0j zQAvzGt^a>{Acg-onEX-SK?(cmw>|zW>A2P(Df9~;f9tLCGPY?Xh(<9vOWIol`gM4z zAuGG48w(B7^#WxzypLVem(H{m&0J9;&U((9eF6bZ}p z-cCxJ`kzQMPv!G4Gb}Vlq-J?Tatw?lJP^Sug5N7OuR|_eBZRLKN0UA6m`ayXg|JQt z;CYPNHQg63=l6j$T_0&KZKO-dHND9f2n*Bov#!c<&ieDKIA>j>lXKQp<1pPhYs7CD zjM|4k+s(y)3&KPAvxa=bWW!yCnFfoY+)!;;YVaF^2HEhSp~KK=Pz*mYykhtl!v(_! z290s1akWt~e%1IL;}49xjR%bV#M{M;^sH%@=@rxK zrr(?1GQDeJ=6v&==DW>iv)#PdTx0f`MRVA^!Te?Oqvo%fpEN&X-eW#yK4pH}JZMh0 zOtchQES3_B$MOY>*AlgKS+-feWqHE#L(A_hZ&?N`mo1sr6067RwLWa^w*JWajP+;M z{nnWEjP;^bQ}o%QDMho2yhSxd^+n5zRu%nS(Sf4lMJJ11DSExAzvxQQ$3>r;y>j-Z z*`2e0F#EOHxy7@JXBXENw-!HBe5Ckn@jJ!C#kbfd+5X06wUyWw+Nx~zHlJ;cEns`V zw$ApDEo%F^?K`#}+q1UkZN0V=w$rxPZNImjw_ULPo9&Wq*p_R*+x~g`a=YK&Y!BKW zvwy?>9sBp~&)N^zkJw+f|BF3t|D*kV`-k=v$9PAc<4%XmG0#!ysCF!O_#B%ZTOHqa zoN~P8_`TyT$AIHq$B;vHq&u^ndCm#Wsm{BdCa2vw-?`XX<6P$SJA=-LoR2!c>wMCA z*_rOjay7Zux;DAK?RwU=+qG)W-_Ch>&Nt?KZ_d+m-k9^|ocHFWmW(g?Y)O8}tdcn; zWhHebfs*wl-6c@4|X$$KS;5To:111.161.88.49:8000 +02 37 0f 03 44 37 d7 2c 13 16 54 04 00 00 00 01 +01 01 00 00 68 21 00 00 00 00 00 00 00 00 54 ff +4a 5c 35 e2 51 52 67 46 37 27 be 5e 0f 84 f8 05 +0d 4d 0d ec 26 c6 e2 64 cd 1a 0d ae eb e4 c3 0b +e2 a3 68 42 4e 73 03 +[UDP] +Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000 +02 37 0f 00 58 6c b1 2c 13 16 54 02 00 00 00 01 +01 01 00 00 68 21 44 cf 25 31 f2 2a a8 37 69 02 +e7 b2 16 84 e6 2e 03 +[UDP] +Protocol:UDP From:111.161.88.49:8000 -->To:10.210.104.233:4015 +02 37 0f 00 58 6c b1 2c 13 16 54 00 00 00 13 d9 +90 c2 f7 93 3f 6f 96 74 07 20 5f 28 fc 44 41 54 +f4 75 8b 07 5b 15 d9 b8 7f 9f 24 c8 d8 38 03 +[UDP] +Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000 +02 37 0f 03 44 37 d7 2c 13 16 54 04 00 00 00 01 +01 01 00 00 68 21 00 00 00 00 00 00 00 00 54 ff +4a 5c 35 e2 51 52 67 46 37 27 be 5e 0f 84 f8 05 +0d 4d 0d ec 26 c6 e2 64 cd 1a 0d ae eb e4 c3 0b +e2 a3 68 42 4e 73 03 +[UDP] +Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000 +02 37 0f 03 44 18 5c 2e c7 42 01 04 00 00 00 01 +01 01 00 00 68 21 00 00 00 00 00 00 00 00 d1 36 +2c 49 9d 51 ad 8f 9c c0 7c a3 04 fe 34 d7 49 2c +c7 f9 44 2b 70 98 fa 07 4e 95 6d 6f 3a 65 23 58 +51 17 7a fa 08 05 03 +[UDP] +Protocol:UDP From:111.161.88.49:8000 -->To:10.210.104.233:4015 +02 37 0f 00 81 53 c2 2c 13 16 54 00 00 00 90 f3 +aa 39 c3 4a fb 56 41 55 11 7c 84 e7 24 88 b3 05 +07 ec 08 01 86 e9 b8 aa 34 38 0d ee a1 02 6b 5c +cf b8 2a 9a aa 0a 45 58 df 88 56 b4 e5 19 f0 69 +c2 71 1c 36 33 00 53 10 76 91 ad 86 5d c8 03 +[UDP] +Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000 +02 37 0f 03 44 18 5c 2e c7 42 01 04 00 00 00 01 +01 01 00 00 68 21 00 00 00 00 00 00 00 00 d1 36 +2c 49 9d 51 ad 8f 9c c0 7c a3 04 fe 34 d7 49 2c +c7 f9 44 2b 70 98 fa 07 4e 95 6d 6f 3a 65 23 58 +51 17 7a fa 08 05 03 +[UDP] +Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000 +02 37 0f 03 44 37 d7 2c 13 16 54 04 00 00 00 01 +01 01 00 00 68 21 00 00 00 00 00 00 00 00 54 ff +4a 5c 35 e2 51 52 67 46 37 27 be 5e 0f 84 f8 05 +0d 4d 0d ec 26 c6 e2 64 cd 1a 0d ae eb e4 c3 0b +e2 a3 68 42 4e 73 03 +[UDP] +Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000 +02 37 0f 00 58 58 3f 2e c7 42 01 02 00 00 00 01 +01 01 00 00 68 21 8f 95 b8 b5 e3 db 2b 17 fb 81 +e0 16 8c c2 d2 47 03 +[UDP] +Protocol:UDP From:123.151.13.27:8000 -->To:10.210.104.233:4019 +02 37 0f 00 58 58 3f 2e c7 42 01 00 00 00 5a 49 +f5 06 61 36 47 4c 28 c5 ee be c9 9b 8e 7c 42 fb +f7 14 9f 28 7d 01 ed 86 b6 8e f2 58 85 90 03 +[UDP] +Protocol:UDP From:10.210.104.233:4019 -->To:123.151.13.27:8000 +02 37 0f 03 44 18 5c 2e c7 42 01 04 00 00 00 01 +01 01 00 00 68 21 00 00 00 00 00 00 00 00 d1 36 +2c 49 9d 51 ad 8f 9c c0 7c a3 04 fe 34 d7 49 2c +c7 f9 44 2b 70 98 fa 07 4e 95 6d 6f 3a 65 23 58 +51 17 7a fa 08 05 03 +[UDP] +Protocol:UDP From:10.210.104.233:4015 -->To:111.161.88.49:8000 +02 37 0f 00 0d 39 3a 2c 13 16 54 02 00 00 00 01 +01 01 00 00 68 21 9c 6f 00 66 a2 71 85 cf c5 ee +11 e6 ae f6 7c be 6c 46 28 fc 9c e1 7e 26 25 44 +b0 03 d6 85 9c 49 03 +[UDP] +Protocol:UDP From:111.161.88.49:8000 -->To:10.210.104.233:4015 +02 37 0f 00 0d 39 3a 2c 13 16 54 00 00 00 1f ac +4b 61 4f a2 33 dd 6a b1 88 d7 d5 2e 12 5e 03 diff --git a/main.cpp b/main.cpp new file mode 100644 index 0000000..e89d4f0 --- /dev/null +++ b/main.cpp @@ -0,0 +1,32 @@ +#include "rawsocket.h" + + + +UINT RecvThreadProc(LPVOID lpVoid) +{ + ReceivePacket(); + + return 0; +} + + +int main() +{ + printf("***************** Welcome To World Of Demon *****************\n"); + printf(" 使用说明:\n"); + printf(" 1. 请输入数字,请根据IP地址来选择对应的网卡进行嗅探\n"); + printf(" 2. 在抓包的过程中,你可以按“回车键”结束嗅探\n"); + printf("*************************************************************\n\n\n"); + + InitRawSocket(); + + ::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RecvThreadProc, NULL, 0, NULL); + + getchar(); + + ExitRawSocket(); + + system("pause"); + + return 0; +} \ No newline at end of file diff --git a/rawsocket.cpp b/rawsocket.cpp new file mode 100644 index 0000000..22c2888 --- /dev/null +++ b/rawsocket.cpp @@ -0,0 +1,385 @@ +#include "rawsocket.h" + + +// 全局变量 +SOCKET g_RawSocket = 0; +HOSTIP g_HostIp; +BOOL g_bStopRecv = FALSE; + + +// 函数定义 +void ShowError(char *lpszText) +{ + char szErr[MAX_PATH] = {0}; + ::wsprintf(szErr, "%s Error!\nError Code Is:%d\n", lpszText, ::GetLastError()); + ::MessageBox(NULL, szErr, "ERROR", MB_OK | MB_ICONERROR); +} + + +BOOL InitRawSocket() +{ + // 设置版本 + WSADATA wsaData = {0}; + if(0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) + { + ShowError("WSAStartup"); + return FALSE; + } + // 创建原始套接字 + // !!!Windows上没办法用Raw Socket抓MAC层的数据包,只能抓到IP层及以上的数据包!!! + g_RawSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP); // 注意此处的设置!!! +// g_RawSocket = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); + if (INVALID_SOCKET == g_RawSocket) + { + WSACleanup(); + ShowError("socket"); + return FALSE; + } + // 绑定到接口 + // 获取本机名 + char szHostName[MAX_PATH] = {0}; + if (SOCKET_ERROR == ::gethostname(szHostName, MAX_PATH)) + { + closesocket(g_RawSocket); + WSACleanup(); + ShowError("gethostname"); + return FALSE; + } + // 根据本机名获取本机IP地址 + hostent *lpHostent = ::gethostbyname(szHostName); + if(NULL == lpHostent) + { + closesocket(g_RawSocket); + WSACleanup(); + ShowError("gethostbyname"); + return FALSE; + } + // IP地址转换并保存IP地址 + g_HostIp.iLen = 0; + ::lstrcpy(g_HostIp.szIPArray[g_HostIp.iLen], "127.0.0.1"); + g_HostIp.iLen++; + char *lpszHostIP = NULL; + while (NULL != (lpHostent->h_addr_list[(g_HostIp.iLen - 1)])) + { + lpszHostIP = inet_ntoa(*(in_addr *)lpHostent->h_addr_list[(g_HostIp.iLen - 1)]); + ::lstrcpy(g_HostIp.szIPArray[g_HostIp.iLen], lpszHostIP); + g_HostIp.iLen++; + } + // 选择IP地址对应的网卡来嗅探 + printf("Choose A IP Address To Sniff:\n"); + for (int i = 0; i < g_HostIp.iLen; i++) + { + printf("\tIP %d:%s\n", i, g_HostIp.szIPArray[i]); + } + printf("Input A Number: "); + int iChoose = 0; + scanf("%d", &iChoose); + getchar(); + if ((0 > iChoose) || (iChoose >= g_HostIp.iLen)) + { + printf("Choose Error!\nExit Now!!!\n"); + system("pause"); + exit(0); + } + printf("Sniffing...\n"); + + if ((0 <= iChoose) && (iChoose < g_HostIp.iLen)) + { + lpszHostIP = g_HostIp.szIPArray[iChoose]; + } +// ::MessageBox(NULL, lpszHostIP, "HOST IP", MB_OK); + // 构造地址结构 + sockaddr_in SockAddr = {0}; + RtlZeroMemory(&SockAddr, sizeof(sockaddr_in)); + SockAddr.sin_addr.S_un.S_addr = inet_addr(lpszHostIP); + SockAddr.sin_family = AF_INET; + SockAddr.sin_port = htons(0); + // 绑定 + if (SOCKET_ERROR == ::bind(g_RawSocket, (sockaddr *)(&SockAddr), sizeof(sockaddr_in))) + { + closesocket(g_RawSocket); + WSACleanup(); + ShowError("bind"); + return FALSE; + } + // 设置混杂模式,这样才能捕获所有的数据包 + DWORD dwSetVal = 1; + if (SOCKET_ERROR == ioctlsocket(g_RawSocket, SIO_RCVALL, &dwSetVal)) + { + closesocket(g_RawSocket); + WSACleanup(); + ShowError("ioctlsocket"); + return FALSE; + } + + return TRUE; +} + + +BOOL ReceivePacket() +{ + sockaddr_in RecvAddr = { 0 }; + int iRecvBytes = 0; + int iRecvAddrLen = sizeof(sockaddr_in); + DWORD dwBufSize = 12000; + BYTE *lpRecvBuf = new BYTE[dwBufSize]; + int i = 0; + g_bStopRecv = TRUE; + // 接收 + while (g_bStopRecv) + { + RtlZeroMemory(&RecvAddr, iRecvAddrLen); + iRecvBytes = recvfrom(g_RawSocket, (char *)lpRecvBuf, dwBufSize, 0, (sockaddr *)(&RecvAddr), &iRecvAddrLen); + if (0 < iRecvBytes) + { + // 接收到数据包 + // 分析数据包 + AnalyseRecvPacket(lpRecvBuf); + } + } + + // 释放内存 + delete[]lpRecvBuf; + lpRecvBuf = NULL; + + return TRUE; +} + + +BOOL ReceivePacket_Print() +{ + sockaddr_in RecvAddr = { 0 }; + int iRecvBytes = 0; + int iRecvAddrLen = sizeof(sockaddr_in); + DWORD dwBufSize = 12000; + BYTE *lpRecvBuf = new BYTE[dwBufSize]; + int i = 0; + g_bStopRecv = TRUE; + // 接收 + char szTemp[10] = {0}; + FILE *fp = fopen("RecvInfo.txt", "w+"); + + while (g_bStopRecv) + { + RtlZeroMemory(&RecvAddr, iRecvAddrLen); + iRecvBytes = recvfrom(g_RawSocket, (char *)lpRecvBuf, dwBufSize, 0, (sockaddr *)(&RecvAddr), &iRecvAddrLen); + if (0 < iRecvBytes) + { + // 接收到信息 + printf("[RECV] %dbytes\n", iRecvBytes); + + ::wsprintf(szTemp, "[RECV] %dbytes\n", iRecvBytes); + fputs(szTemp, fp); + for (i = 0; i < iRecvBytes; i++) + { + if (!g_bStopRecv) + { + break; + } + if ((0 == (i % 8)) && (0 != i)) + { + printf(" "); + + ::wsprintf(szTemp, "%s", " "); + fputs(szTemp, fp); + } + if ((0 == (i % 16)) && (0 != i)) + { + printf("\n"); + + ::wsprintf(szTemp, "%s", "\n"); + fputs(szTemp, fp); + } + printf("%02x ", lpRecvBuf[i]); + + ::wsprintf(szTemp, "%02X ", lpRecvBuf[i]); + fputs(szTemp, fp); + + } + printf("\n"); + + ::wsprintf(szTemp, "%s", "\n"); + fputs(szTemp, fp); + } + } + + fclose(fp); + // 释放内存 + delete[]lpRecvBuf; + lpRecvBuf = NULL; + + + return TRUE; +} + + +void MyPrintf(const char * _Format, ...) +{ + char szTemp[MAX_PATH] = {0}; + // 第1步,定义这个指向参数列表的变量 + va_list arg_ptr; + // 第2步,把上面这个变量初始化,让它指向参数列表 + va_start(arg_ptr, _Format); + // 第3步,获取arg_ptr指向的当前参数 + vsprintf(szTemp, _Format, arg_ptr); + // 第4步,清理工作 + va_end(arg_ptr); + + // 显示 + printf("%s", szTemp); + // 保存到文件 + SaveToFile("RecvInfo.txt", szTemp); +} + + +void SaveToFile(char *lpszFileName, char *lpBuf) +{ + FILE *fp = fopen(lpszFileName, "a+"); + if(NULL == fp) + { + return ; + } + + fputs(lpBuf, fp); + + fclose(fp); +} + + +BOOL ExitRawSocket() +{ + g_bStopRecv = FALSE; + Sleep(500); + closesocket(g_RawSocket); + WSACleanup(); + + return TRUE; +} + + +void AnalyseRecvPacket(BYTE *lpBuf) +{ +/* + !!!Windows上没办法用Raw Socket抓MAC层的数据包,只能抓到IP层及以上的数据包!!! + 注意: + 数据包的字节顺序转换问题!!! + //这里要将网络字节序转换为本地字节序 +*/ + //分析IP协议 + PIPV4HEADER ip = (PIPV4HEADER)lpBuf; + //分析IP包的协议类型 + switch (ip->ipv4_pro) + { + case IPPROTO_ICMP: + { + MyPrintf("[ICMP]\n"); + AnalyseRecvPacket_All(lpBuf); + break; + } + case IPPROTO_IGMP: + { + MyPrintf("[IGMP]\n"); + AnalyseRecvPacket_All(lpBuf); + break; + } + case IPPROTO_TCP: + { + //分析tcp协议 + MyPrintf("[TCP]\n"); + AnalyseRecvPacket_TCP(lpBuf); + break; + } + case IPPROTO_UDP: + { + //分析udp协议 + MyPrintf("[UDP]\n"); + AnalyseRecvPacket_UDP(lpBuf); + break; + } + default: + { + MyPrintf("[OTHER IP]\n"); + AnalyseRecvPacket_All(lpBuf); + break; + } + } +} + + +void AnalyseRecvPacket_All(BYTE *lpBuf) +{ + struct sockaddr_in saddr, daddr; + PIPV4HEADER ip = (PIPV4HEADER)lpBuf; + saddr.sin_addr.s_addr = ip->ipv4_sourpa; + daddr.sin_addr.s_addr = ip->ipv4_destpa; + + MyPrintf("From:%s --> ", inet_ntoa(saddr.sin_addr)); + MyPrintf("To:%s\n", inet_ntoa(daddr.sin_addr)); +} + + +void AnalyseRecvPacket_UDP(BYTE *lpBuf) +{ + struct sockaddr_in saddr, daddr; + PIPV4HEADER ip = (PIPV4HEADER)lpBuf; + PUDPHEADER udp = (PUDPHEADER)(lpBuf + (ip->ipv4_ver_hl & 0x0F) * 4); + int hlen = (int)((ip->ipv4_ver_hl & 0x0F) * 4 + sizeof(UDPHEADER)); + int dlen = (int)(ntohs(udp->udp_hlen) - 8); +// int dlen = (int)(udp->udp_hlen - 8); + saddr.sin_addr.s_addr = ip->ipv4_sourpa; + daddr.sin_addr.s_addr = ip->ipv4_destpa; + MyPrintf("Protocol:UDP "); + MyPrintf("From:%s:%d -->", inet_ntoa(saddr.sin_addr), ntohs(udp->udp_sourport)); + MyPrintf("To:%s:%d\n", inet_ntoa(daddr.sin_addr), ntohs(udp->udp_destport)); + + PrintData((lpBuf + hlen), dlen, 0); +} + + +void AnalyseRecvPacket_TCP(BYTE *lpBuf) +{ + struct sockaddr_in saddr, daddr; + PIPV4HEADER ip = (PIPV4HEADER)lpBuf; + PTCPHEADER tcp = (PTCPHEADER)(lpBuf + (ip->ipv4_ver_hl & 0x0F) * 4); + int hlen = (ip->ipv4_ver_hl & 0x0F) * 4 + tcp->tcp_hlen * 4; + int dlen = ntohs(ip->ipv4_plen) - hlen; //这里要将网络字节序转换为本地字节序 + saddr.sin_addr.s_addr = ip->ipv4_sourpa; + daddr.sin_addr.s_addr = ip->ipv4_destpa; + + MyPrintf("Protocol:TCP "); + MyPrintf("From:%s:%d --> ", inet_ntoa(saddr.sin_addr), ntohs(tcp->tcp_sourport)); + MyPrintf("To:%s:%d ", inet_ntoa(daddr.sin_addr), ntohs(tcp->tcp_destport)); + MyPrintf("ack:%u syn:%u length=%d\n", tcp->tcp_acknu, tcp->tcp_seqnu, dlen); + + PrintData((lpBuf + hlen), dlen, 0); +} + + +void PrintData(BYTE *lpBuf, int iLen, int iPrintType) +{ + if (0 == iPrintType) // 16进制 + { + for (int i = 0; i < iLen; i++) + { + if ((0 == (i % 8)) && (0 != i)) + { + MyPrintf(" "); + } + if ((0 == (i % 16)) && (0 != i)) + { + MyPrintf("\n"); + } + MyPrintf("%02x ", lpBuf[i]); + + } + MyPrintf("\n"); + } + else if (1 == iPrintType) // ASCII编码 + { + for (int i = 0; i < iLen; i++) + { + MyPrintf("%c", lpBuf[i]); + } + MyPrintf("\n"); + } +} \ No newline at end of file diff --git a/rawsocket.h b/rawsocket.h new file mode 100644 index 0000000..d6a99c5 --- /dev/null +++ b/rawsocket.h @@ -0,0 +1,43 @@ +#ifndef _RAWSOCKET_H_ +#define _RAWSOCKET_H_ + +/* + 注意: + 头文件.h只声明变量和函数,不要在头文件里定义变量或函数,要不然#ifndef .. #define ...#endif 没有用哦^_^ +*/ + +#include +#include +#include +#include +#include "PacketStruct.h" +#pragma comment(lib, "ws2_32.lib") +#include // 不定参数函数需要的头文件 + + + +typedef struct _HOSTIP +{ + int iLen; + char szIPArray[10][50]; +}HOSTIP; + +extern SOCKET g_RawSocket; +extern HOSTIP g_HostIp; +extern BOOL g_bStopRecv; + +void ShowError(char *lpszText); +BOOL InitRawSocket(); +BOOL ReceivePacket(); +BOOL ReceivePacket_Print(); +BOOL ExitRawSocket(); +void AnalyseRecvPacket(BYTE *lpBuf); +void AnalyseRecvPacket_All(BYTE *lpBuf); +void AnalyseRecvPacket_UDP(BYTE *lpBuf); +void AnalyseRecvPacket_TCP(BYTE *lpBuf); +void PrintData(BYTE *lpBuf, int iLen, int iPrintType); +void MyPrintf(const char * _Format, ...); // 不定长参数函数 +void SaveToFile(char *lpszFileName, char *lpBuf); + + +#endif \ No newline at end of file diff --git a/res/demon64X64.ico b/res/demon64X64.ico new file mode 100644 index 0000000000000000000000000000000000000000..5f8cae7ef4228d2ed38be29a21d113bb439c0dc4 GIT binary patch literal 16958 zcmeI24~SP)7RR4DJ0otWg~*HzInGK*gs6#Rhz>F<5h4=dw$X-JNGlSN;#Nq15O;9b zYC#qo))*F%2n$)njU~ig#AZWlhzN<+WOuS5Oe7>mw{dRY&w2OU-}}w{T%2|ne8cYy z-`~CWynD|(=iGDuzR9u)`s?V(^xKxrTbX4uvn-n@h?Tu4z&Gm1llpJn19cD7Jy7>R z-2-(G)ICu5K-~j%4}|-&EOZNR3NH)y3Jt;x;VI#d!hYdtfi3npqOe9bg&H^`-o+aH zOX58-ejH%^enmFv^c3zE9v40p+$Y~CkB{yVb_&?fv#we`*uD5?6NN6}ZDCz?ov>W( z)(f+8epnLAw^ize+r>L1Y^?CIOtLmanTpks6dq9hhpM?@wRi^w+4P?%>`)!-xnGc8 zR=%nfd?oPgxG*)BV)}g+`BggdTsqz_gaY;|uP0%O@NI0@qZHn`SeBknVOQkw-Y4Oz z{S4u|g3N-g=0oZNja#R1GVWq1o>9p)deGpPLSl5t;@b5Q98;afp*0)@%K zh1doib9NTaDv#~-BfgjzAJj-JF8`!D^z$B}y;8~MK<{tOk4~Xe_0aPJA<33ruL{_| zNN5!XgewAmW*pH5FrO0tUVb;1Z1XKVbRm65ZPyCO++WDcmrhkNvo^}X7x-B^n;eTJ zZ!xws+$kCK1^Q@ya0+`PZm(Od&7;^yS!dio* zv5>7@{*HU{mgbjpk~<&}o7hU%c7G?kErb#a}P_#VpnPq|lCd^|6nvUGbUT{X@z2gx*(2D^kMNC|hx7eRHCq z8~WjoCxwBZw!DR(`eJ>zQR`@md3Xne_hTLAu&wiN?sfY~cgFX8tbF**T|W=EPC3II z&0OpP=*nFs<>n`Pe zOyIw+ShuJvJ~S#@~xN49bi+QE^b-KX3s(!FFuNeQdqtCy}+nb#2xvu~1 zZ;B({q45CO`#$&kak$hdO3d%f26rMBlG#)(75k@f&i zRpV+=&b9aPu9v))bmTnvoN!wBz4K#z);(fg^QifhcTip)pTj>X?5J*MzGeM8CiDr~ zM>^ShykBjO3!Dwu3+@s=6|_gVUJ7@pKDMwP1M-S9%9Qm4?PGV}Nh=ae%|>#=Ny%m<8l<`R#0#x3>(o$suk@4Fw!%Vqtw zyA$jx7-08=@J{4>y9=QVd>tTGD32KH1u><_rn?C{*Hu&w?5VJCZO*g#iL&M!C!1@u z7MGdQ{3cI&q4D{ywbYH=k*WL!QIey zeS-Fic89}w*ju}88MwCI(We7K4TbGH0nb_Qu$g+4<9Oj55RTPoSRz)spVygjBr(_7 zxR3FX&U8ArLw0wm^H7;7opZHMuSN8)-P_RrZ2~dR{+E5QV&D7|_sg}~-{`y)<8iGU zsc*W=)wvT&^Pt8+x-ZuHP*$?S71bn9|(?7J8C zYp*|&EY2_L*^&H-s^#AwSQnlWXcx~4BiojxocfWwof=~~yeq!uey6ZL+O0b)v%kZi zlrv3tyYyv^GhMm|@x5=O>ftNugA(rny~om>()-S-q^ZBP=W|MXN9-@$&G_@OrRmIr zJ@-~?A39<`udDFw4$5Po%x6#x&zqkHS;u`k$S56Wi8n`kGY;0*jBN^ z?y`@HH@CtgSM@C}?un~wl&=&vMEkiD*8S(TD4iXSsotQ#y;+I(K}9>$y%^(rR`E$C zpVoe@7is;}-0A;ARH<3MoSkjClV==or`}#|gRPhS;xkqz=g-o27~PSLhd8kR3DTLs zd~iwWPC;h?`~M#Q23I&U$yNC`Kkmdn6SP*s8%Z|DtRBg|G0XOCh3{+FL@X4+9qEX@ zqWR!q@i`+he=ujhBxnrT*>R0h)|LlvOna}T74dIpy&k2UdASR^MrHFsr=II>+-&8X z!2HNqA)Y#fYqTA2Z1V+sWz7-(oo>9@ShuI{fw~9k9;kbu?t!`oZZr>s{}c81<%0h@ zDNpw;7z$Sh!wavq4lQi%|8T|MUU_z5^P}(0?(bdt+U~jU%?<-g|GvB7U(>>+eWyAb zA8QKV{Nszxi3^*;l~aq`C*3?LT>g4`+nj7i82U2H=DhghFtl-Q*7Cb)VQ5Q3)~s}R zOJmmB+!TiI>Y8&~b60p}>A>NhWqqNkC0F3FJRRQhx|N5Y-51l{dAj{nOh2?VJijVW zmv4N*GAlf7kL5*q+H*Lje~D>#p7!mlPJ2Jk%L6g(|9nM&F2(f9@N6qz9?m^Cw7u8L W!!7-mh6$H{WtoAYX*uJ6^7}n6adpQ4 literal 0 HcmV?d00001