📄 check.cpp
字号:
#include "check.h"
#include "packet.h"
#include "windef.h"
#include "stdio.h"
#include "string.h"
int CheckTcp(
PIP_HEADER pIpHeader,
PTCP_HEADER pTcpHeader,
BOOLEAN IsSend,
UINT LookaheadBufferSize,
PVOID pVoid
)
{
NTSTATUS Status;
NTSTATUS LogStatus;
UNICODE_STRING UnicodeFilespec;
UNICODE_STRING UnicodeLogFile;
OBJECT_ATTRIBUTES ObjectAttributes;
OBJECT_ATTRIBUTES LogObjectAttributes;
HANDLE FileHandle;
HANDLE LogFileHandle;
DWORD IP;
IO_STATUS_BLOCK Iosb;
IO_STATUS_BLOCK LogIosb;
RtlInitUnicodeString(&UnicodeFilespec, L"\\DosDevices\\C:\\ip.dat");
RtlInitUnicodeString(&UnicodeLogFile, L"\\DosDevices\\C:\\iplog.dat");
InitializeObjectAttributes(&ObjectAttributes, // ptr to structure
&UnicodeFilespec, // ptr to file spec
OBJ_CASE_INSENSITIVE, // attributes
NULL, // root directory handle
NULL ); // ptr to security descriptor
InitializeObjectAttributes(&LogObjectAttributes, // ptr to structure
&UnicodeLogFile, // ptr to file spec
OBJ_CASE_INSENSITIVE, // attributes
NULL, // root directory handle
NULL ); // ptr to security descriptor
Status = ZwCreateFile(&FileHandle, // returned file handle
(GENERIC_READ| SYNCHRONIZE), // desired access
&ObjectAttributes, // ptr to object attributes
&Iosb, // ptr to I/O status block
0, // allocation size
FILE_ATTRIBUTE_NORMAL, // file attributes
0, // share access
FILE_SUPERSEDE, // create disposition
FILE_SYNCHRONOUS_IO_NONALERT, // create options
NULL, // ptr to extended attributes
0); // length of ea buffer
LogStatus = ZwCreateFile(&LogFileHandle, // returned file handle
(FILE_APPEND_DATA| SYNCHRONIZE), // desired access
&LogObjectAttributes, // ptr to object attributes
&LogIosb, // ptr to I/O status block
0, // allocation size
FILE_ATTRIBUTE_NORMAL, // file attributes
0, // share access
FILE_SUPERSEDE, // create disposition
FILE_SYNCHRONOUS_IO_NONALERT, // create options
NULL, // ptr to extended attributes
0);
//
// Check the system service status
//
if( !NT_SUCCESS(Status) )
{
}
//
// Check the returned status too...
//
if(!NT_SUCCESS(Iosb.Status) )
{
}
Status = ZwReadFile(FileHandle,
0,
NULL,
NULL,
&Iosb,
&IP,
4,
0,
NULL);
if(IsSend)
{
while(!NT_SUCCESS(Status)&&!NT_SUCCESS(Iosb.Status))
{
Status = ZwReadFile(FileHandle,
0,
NULL,
NULL,
&Iosb,
&IP,
4,
0,
NULL);
if(strcmp((char *)pIpHeader->SourceIp,(char *)IPTrans(IP)))
{
LogStatus = ZwWriteFile(LogFileHandle,
0,
NULL,
NULL,
&Iosb,
&IP,
4,
0,
NULL);
return -1;
}
}
}
else
{
while(!NT_SUCCESS(Status)&&!NT_SUCCESS(Iosb.Status))
{
Status = ZwReadFile(FileHandle,
0,
NULL,
NULL,
&Iosb,
&IP,
4,
0,
NULL);
if(strcmp((char *)pIpHeader->DestinationIp,(char *)IPTrans(IP)))
{
LogStatus = ZwWriteFile(LogFileHandle,
0,
NULL,
NULL,
&Iosb,
&IP,
4,
0,
NULL);
return -1;
}
}
}
//
// Well, That's all folks!
//
Status = ZwClose(FileHandle);
return 1;
}
int CheckUdp(
PIP_HEADER pIpHeader,
PUDP_HEADER pUdpHeader,
BOOLEAN IsSend,
UINT LookaheadBufferSize,
void *pVoid
)
{
if(pUdpHeader->Length!=LookaheadBufferSize)
return 1;
return 0;
}
int CheckIcmp(
PIP_HEADER pIpHeader,
PICMP_HEADER pIcmpHeader,
BOOLEAN IsSend,
UINT LookaheadBufferSize
)
{
if(!IsSend) return -1;
return 1;
}
unsigned char* IPTrans(DWORD IP)
{
int ip1=(IP&0x000000ff);
int ip2=(IP&0x0000ff00)>>8;
int ip3=(IP&0x00ff0000)>>16;
int ip4=(IP&0xff000000)>>24;
unsigned char Tmp[4];
sprintf((char*)Tmp,"%c",(char)ip1);
sprintf((char *)&Tmp[1],"%c",(char)ip2);
sprintf((char *)&Tmp[2],"%c",(char)ip3);
sprintf((char *)&Tmp[3],"%c",(char)ip4);
return Tmp;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -