www.gusucode.com > HookAPI开发包(Win32 API函数截拦)源码程序 > HookAPI开发包(Win32 API函数截拦)源码程序/谷速代码-code/HookAPI1.7/HOOKSOCKET/Mydll.cpp
// ------------------------------------- //
// 您如果要使用本文件,请不要删除本说明 //
// ------------------------------------- //
// HOOKAPI 开发例子 //
// Copyright 2002 编程沙龙 Paladin //
// www.ProgramSalon.com //
// 编译提示:如果是Win9x系统,需要预定义WIN95 //
// ------------------------------------- //
#include "stdafx.h"
#include <winsock.h>
#include <io.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <shellapi.h>
//#include <lmcons.h>
//#include <lmalert.h>
#include "../dll/mydll.h"
//#include <nb30.h>
#include <ras.h>
#include "util.h"
#ifdef WIN95
#pragma code_seg("_INIT")
#pragma comment(linker,"/SECTION:.bss,RWS /SECTION:.data,RWS /SECTION:.rdata,RWS /SECTION:.text,RWS /SECTION:_INIT,RWS ")
#pragma comment(linker,"/BASE:0xBFF70000")
#endif
HINSTANCE g_hInstance;
HANDLE g_hThreadMSN =NULL;
// 如果是win9x,不能使用fopen函数
int WriteBinData(char *function, char *buf, int len)
{
char mod_name[100];
char fname[128];
if(len <=0) return 0;
GetFileName(mod_name);
wsprintf(fname, "c:\\%s.log", mod_name);
HANDLE hFile;
if((hFile =CreateFile(fname, GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) <0)
{
WriteLog("open file %s failed", fname);
return -1;
}
SetFilePointer(hFile, 0, NULL, FILE_END);
char temp[2048];
wsprintf(temp, "\r\n(%s,len=%d)\r\n ", function, len);
DWORD dw;
WriteFile(hFile, temp, strlen(temp), &dw, NULL);
for(int i =0; i<len; i++)
{
if(isgraph(buf[i]&0x00FF) || buf[i] ==' ' || buf[i] =='\t' || buf[i] =='\r' || buf[i] =='\n')
wsprintf(temp, "%c", buf[i]&0x00FF);
else
wsprintf(temp, "(%02x)", buf[i]&0x00FF);
WriteFile(hFile, temp, strlen(temp), &dw, NULL);
}
CloseHandle(hFile);
return 0;
}
int GetLocalPortBySocket(SOCKET s)
{
struct sockaddr name;
int namelen =sizeof(name);
getsockname(s, &name, &namelen);
return ntohs(((struct sockaddr_in *)&name)->sin_port);
}
int GetLocalIPBySocket(SOCKET s, char *ip)
{
struct sockaddr name;
int namelen =sizeof(name);
getsockname(s, &name, &namelen);
strcpy(ip, inet_ntoa(((struct sockaddr_in *)&name)->sin_addr));
return 0;
}
int GetRemotePortBySocket(SOCKET s)
{
struct sockaddr name;
int namelen =sizeof(name);
getpeername(s, &name, &namelen);
return ntohs(((struct sockaddr_in *)&name)->sin_port);
}
int GetIPAndPortByAddr(struct sockaddr *paddr, char *ip, int *port)
{
*ip =0;
*port =0;
if(paddr ==NULL) return -1;
strcpy(ip, inet_ntoa(((struct sockaddr_in *)paddr)->sin_addr));
*port =ntohs(((struct sockaddr_in *)paddr)->sin_port);
return 0;
}
int GetRemoteIPBySocket(SOCKET s, char *ip)
{
struct sockaddr name;
int namelen =sizeof(name);
getpeername(s, &name, &namelen);
strcpy(ip, inet_ntoa(((struct sockaddr_in *)&name)->sin_addr));
return 0;
}
int WINAPI mysocket(int af, int type, int protocol)
{
//Sleep(500);// test for multithread
WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);
return socket(af, type, protocol);
}
struct hostent * WINAPI mygethostbyname (const char * name)
{
// filter IE url
//MessageBox(NULL, "mydll:mygethostbyname called", name, MB_OK);
WriteLog("gethostbyname:name:%s", name);
return gethostbyname(name);
}
int WINAPI myaccept(SOCKET s, struct sockaddr *pname, int *pnamelen)
{
WriteLog("myaccept");
int port =GetLocalPortBySocket(s);
int s1 =accept(s, pname, pnamelen);
if(s1 >0)
{
// check filter
}
return s1;
}
int WINAPI myconnect(SOCKET s, struct sockaddr *name, int namelen)
{
WriteLog("myconnect");
struct sockaddr_in *paddr =(struct sockaddr_in *)name;
char *ip =inet_ntoa(paddr->sin_addr);
int port =ntohs(paddr->sin_port);
WriteLog("connect: ip=%s, port=%d\r\n", ip, port);
char temp[50];
wsprintf(temp, "ip=%s, port=%d\r\n", ip, port);
WriteBinData("connect", temp, strlen(temp));
BYTE *p =(BYTE *)GetProcAddress(GetModuleHandle("ws2_32.dll"), "recv");
if(p)
{
sprintf(temp, "my connect: data of recv=%x:%x %x %x %x %x", p, p[0], p[1],p[2],p[3],p[4]);
WriteLog(temp);
}
// check filter
return connect(s, name, namelen);
}
int WINAPI myrecv(SOCKET s, char *buf, int len, int flags)
{
WriteLog("myrecv, len:%d", len);
int recved_len =recv(s, (char *)buf, len, flags);
int err;
if(recved_len <=0) err =WSAGetLastError();
int port =GetLocalPortBySocket(s);
int port1 =GetRemotePortBySocket(s);
char ip[16];
GetRemoteIPBySocket(s, ip);
char temp[200];
wsprintf(temp, "sd:%d, ip:%s, local_port:%d, remote_port:%d, len:%d, recved_len:%d", s, ip, port, port1, len, recved_len);
if(recved_len >10)
{
char *p =strstr(buf, "returnValue=false");
//WriteLog(",,,%s", buf);
if(p)
{
WriteLog("okkkkkkkkkkkkkkkkkkkk");
strcpy(p+strlen("returnValue="), "true ");
p =strstr(p+10, "returnValue=false");
//WriteLog(",,,%s", buf);
if(p)
{
WriteLog("okkkkkkkkkkkkkkkkkkkk");
strcpy(p+strlen("returnValue="), "true ");
}
}
}
WriteBinData("recv info", temp, strlen(temp));
WriteBinData("recv data", buf, recved_len);
if(recved_len <=0) WSASetLastError(err);
return recved_len;
}
int WINAPI mysend(SOCKET s, char *buf, int len, int flags)
{
int ret;
WriteLog("mysend, len:%d", len);
int port =GetLocalPortBySocket(s);
int port1 =GetRemotePortBySocket(s);
char ip[16];
GetRemoteIPBySocket(s, ip);
char temp[200];
wsprintf(temp, "sd:%d, ip:%s, local_port:%d, remote_port:%d", s, ip, port, port1);
WriteBinData("send info", temp, strlen(temp));
WriteBinData("send data", buf, len);
ret =send(s, (char *)buf, len, flags);
int err;
if(ret <=0) err =WSAGetLastError();
// other process...
if(ret <=0) WSASetLastError(err);
return ret;
}
int WINAPI mysendto (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * to, int tolen)
{
WriteLog("mysendto");
int port;
char ip[16];
char temp[200];
GetIPAndPortByAddr(to, ip, &port);
sprintf(temp, "ip:%s, remote_port:%d", ip, port);
WriteBinData("sendto", temp, strlen(temp));
WriteBinData("sendto", buf, len);
BYTE *p =(BYTE *)GetProcAddress(GetModuleHandle("ws2_32.dll"), "recv");
if(p)
{
sprintf(temp, "data of recv=%x:%x %x %x %x %x", p, p[0], p[1],p[2],p[3],p[4]);
WriteLog(temp);
}
return sendto(s, buf, len, flags, to, tolen);
}
int WINAPI myrecvfrom (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * from, int *fromlen)
{
WriteLog("myrecvfrom");
int ret = recvfrom(s, buf, len, flags, from, fromlen);
int err=WSAGetLastError();
int port;
char ip[16];
char temp[200];
GetIPAndPortByAddr(from, ip, &port);
sprintf(temp, "ip:%s, remote_port:%d, len=%d", ip, port, len);
WriteBinData("recvfrom", temp, strlen(temp));
WriteBinData("recvfrom", buf, ret);
WSASetLastError(err);
return ret;
}
/*
HINSTANCE WINAPI myShellExecuteA(HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile,
LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd)
{
WriteLog("ShellExecuteW file=%s", lpFile);
return ShellExecuteA(hwnd, lpOperation, lpFile, lpParameters, lpDirectory, nShowCmd);
}
HINSTANCE WINAPI myShellExecuteW(HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory, INT nShowCmd)
{
char fname[400];
int len =WideCharToMultiByte( CP_ACP, 0, lpFile, -1, fname, sizeof(fname),NULL,NULL);
fname[len] =0;
WriteLog("ShellExecuteW file=%s", fname);
return ShellExecuteW(hwnd, lpOperation, lpFile, lpParameters, lpDirectory, nShowCmd);
}
BOOL WINAPI myShellExecuteExA(LPSHELLEXECUTEINFOA lpExecInfo)
{
WriteLog("ShellExecuteExA");
return ShellExecuteExA(lpExecInfo);
}
BOOL WINAPI myShellExecuteExW(LPSHELLEXECUTEINFOW lpExecInfo)
{
WriteLog("ShellExecuteExW");
return ShellExecuteExW(lpExecInfo);
}
BOOL WINAPI myCreateProcessAsUserA (
HANDLE hToken,
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
BOOL bbb= CreateProcessAsUserA (hToken, lpApplicationName,
lpCommandLine,
lpProcessAttributes,
lpThreadAttributes,
bInheritHandles,
dwCreationFlags,
lpEnvironment,
lpCurrentDirectory,
lpStartupInfo,
lpProcessInformation);
WriteLog("CreateProcessAsUserA");
return bbb;
}
BOOL WINAPI myCreateProcessAsUserW (
HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
BOOL bbb = CreateProcessAsUserW (hToken, lpApplicationName,
lpCommandLine,
lpProcessAttributes,
lpThreadAttributes,
bInheritHandles,
dwCreationFlags,
lpEnvironment,
lpCurrentDirectory,
lpStartupInfo,
lpProcessInformation);
WriteLog("CreateProcessAsUserW");
return bbb;
}
*/
// to hook new process
DWORD WINAPI myCreateProcessW(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
//WriteLog("HookAPI:CreateProcessW");
DWORD aaa= CreateProcessW(lpApplicationName,
lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
//DWORD dw =GetLastError();
char fname[400];
int len =WideCharToMultiByte( CP_ACP, 0, lpCommandLine, -1, fname, sizeof(fname),NULL,NULL);
fname[len] =0;
WriteLog("HookAPI:CreateProcessW:%s", fname);
//SetLastError(dw);
//MessageBox(NULL, "CreateProcessW", "HookAPI", MB_OK);
return aaa;
}
DWORD WINAPI myCreateProcessA(
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
DWORD aaa= CreateProcessA(lpApplicationName,
lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
//MessageBox(NULL, lpCommandLine, "HookAPI", MB_OK);
WriteLog("HookAPI:CreateProcessA:%s", lpCommandLine);
return aaa;
}
// 地址小的放前面
MYAPIINFO myapi_info[] =
{
// "kernel32.dll" CreateProcessInternalA
//{"advapi32.dll", "CreateProcessAsUserA", 11, "myCreateProcessAsUserA"},
//{"advapi32.dll", "CreateProcessAsUserW", 12, "myCreateProcessAsUserW"},
//{"Shell32.dll", "ShellExecuteA", 6, "myShellExecuteA"},
//{"Shell32.dll", "ShellExecuteW", 6, "myShellExecuteW"},
//{"Shell32.dll", "ShellExecuteExA", 1, "myShellExecuteExA"},
//{"Shell32.dll", "ShellExecuteExW", 1, "myShellExecuteExW"},
#ifdef WINNT
//{"kernel32.dll", "CreateProcessA", 10, "myCreateProcessA"},
//{"kernel32.dll", "CreateProcessW", 10, "myCreateProcessW"},
{"WS2_32.DLL", "socket", 3, "mysocket"},
{"WS2_32.DLL", "accept", 3, "myaccept"},
{"WS2_32.DLL", "connect", 3, "myconnect"},
{"WS2_32.DLL", "recv", 4, "myrecv"},
{"WS2_32.DLL", "send", 4, "mysend"},
{"WS2_32.DLL", "sendto", 6, "mysendto"},
{"WS2_32.DLL", "recvfrom", 6, "myrecvfrom"},
{"WS2_32.DLL", "gethostbyname", 1, "mygethostbyname"},
#else
{"WSOCK32.DLL", "socket", 3, "mysocket"},
{"WSOCK32.DLL", "accept", 3, "myaccept"},
{"WSOCK32.DLL", "connect", 3, "myconnect"},
{"WSOCK32.DLL", "send", 4, "mysend"},
{"WSOCK32.DLL", "sendto", 6, "mysendto"},
{"WSOCK32.DLL", "recvfrom", 6, "myrecvfrom"},
{"WSOCK32.DLL", "gethostbyname", 1, "mygethostbyname"},
#endif
{"WSOCK32.DLL", "recv", 4, "myrecv"},
{NULL}
};
// 下列内容请不要修改
MYAPIINFO *GetMyAPIInfo()
{
return &myapi_info[0];
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if(ul_reason_for_call =DLL_PROCESS_ATTACH)
{
//GetProfileString("HookAPI", "dll_path", "", g_szDllPath, sizeof(g_szDllPath));
}
return TRUE;
}