sniffer.h

主要是关于贪吃蛇算法在ＱＱ通信中应用．使用ＶＣ＋＋６.０.

#pragma once

#include <stdio.h>
#include <stdlib.h>
#include "md5_en.h"


#define STATUS_FAILED 0xFFFF //定义异常出错代码 
#define MAX_PACK_LEN 65535 //接收的最大IP报文 
#define MAX_ADDR_LEN 16 //点分十进制地址的最大长度 
#define MAX_PROTO_TEXT_LEN 16 //子协议名称(如"TCP")最大长度 
#define MAX_PROTO_NUM 12 //子协议数量 
#define MAX_HOSTNAME_LAN 255 //最大主机名长度 
#define CMD_PARAM_HELP true 

typedef struct _iphdr  
{  
unsigned char h_lenver; //4位首部长度+4位IP版本号  
unsigned char tos; //8位服务类型TOS  
unsigned short total_len; //16位总长度（字节）  
unsigned short ident; //16位标识  
unsigned short frag_and_flags; //3位标志位  
unsigned char ttl; //8位生存时间 TTL  
unsigned char proto; //8位协议 (TCP, UDP 或其他)  
unsigned short checksum; //16位IP首部校验和  
unsigned int sourceIP; //32位源IP地址  
unsigned int destIP; //32位目的IP地址  
}IP_HEADER;  

typedef struct _tcphdr //定义TCP首部  
{  
USHORT th_sport; //16位源端口  
USHORT th_dport; //16位目的端口  
unsigned int th_seq; 
unsigned int th_ack; 
unsigned char th_lenres; //4位首部长度/6位保留字  
unsigned char th_flag; //6位标志位  
USHORT th_win; //16位窗口大小  
USHORT th_sum; //16位校验和  
USHORT th_urp; //16位紧急数据偏移量  
}TCP_HEADER;  

typedef struct _udphdr //定义UDP首部  
{  
unsigned short uh_sport;  
unsigned short uh_dport;  
unsigned short uh_len; 
unsigned short uh_sum;  
} UDP_HEADER;  

typedef struct _icmphdr //定义ICMP首部  
{  
BYTE i_type; //8位类型  
BYTE i_code; //8位代码  
USHORT i_cksum; //16位校验和  
USHORT i_id; //识别号（一般用进程号作为识别号）  
USHORT i_seq; //报文序列号  
ULONG timestamp; //时间戳  
}ICMP_HEADER;  


 

typedef struct _qqhdr
{
	BYTE sCode;
	WORD wVer;
	WORD wType;
	WORD wIndex;
}QQ_HEADER;

typedef struct _packhdr
{
	char sIP[20];
	char dIP[20];
	WORD sPORT;
	WORD dPORT;
	WORD Len;
}PACK_HEADER;


CString BufToHex(char *buf,int len);


//qq协议部分。数据包类型
#define TYPE_GETTOKEN 0x0062
#define TYPE_LOGIN    0x0022
#define TYPE_GETFRIENDLIST 0x0026
#define TYPE_GETONLINEFRIENDLIST 0x0027
#define TYPE_PACKET0X67    0x67



class CSniffer
{
public:
	CSniffer(void);
	~CSniffer(void);
	int Start();
	
	int Init(DWORD msg_id,HWND hWnd,DWORD uid,char *pwd);

private:
	SOCKET SockRaw;  
	char TcpFlag[6];//定义TCP标志位
	bool ParamTcp; // -t关注TCP 报文  
	bool ParamUdp; // -u关注UDP 报文  
	bool ParamIcmp; // -i关注ICMP报文  
	bool ParamDecode; // -d对协议进行解码  
	char *strFromIpFilter; // 源IP地址过滤  
	char *strDestIpFilter; // 目的地址过滤  
	int DecodeIpPack(char *buf, int iBufSize);
	int DecodeQQ(char *buf,int buflen,CString &qq_str);
	int GetQQHeader(char *buf,QQ_HEADER *hdr);
	int DecodeGetToken(char *buf,int buflen,CString &qq_str,QQ_HEADER *qq_hdr);
	int DecodeLogin(char *buf,int buflen,CString &qq_str,QQ_HEADER *qq_hdr);
	int DecodeDefault(char *buf,int buflen,CString &qq_str,QQ_HEADER *qq_hdr);
	int DecodeGetFriendList(char *buf,int buflen,CString &qq_str,QQ_HEADER *qq_hdr);
	int DecodeGetOnlineFriendList(char *buf,int buflen,CString &qq_str,QQ_HEADER *qq_hdr);
	int Decode0x67(char *buf,int buflen,CString &qq_str,QQ_HEADER *qq_hdr);


	int TryDecrypt(char *buf,int buflen,int *startpos,int *endpos,CString &whichkey);
	int Decrypt(char *buf,int buflen,char *decrypted,int *outlen);
	int Decrypt(char *buf,int startpos,int endpos,char *decrypted,int *outlen);
	int SearchInBuf(char *buf,int buflen,char *data,int datalen);


	bool m_inited;
	HWND m_hWnd;
	DWORD MSG_DATAREACH;
	DWORD m_uid;	
	char m_pwd_key[16];
	char m_key_rand[16];
	char m_key_session[16];
	char m_client_key[32];
};