📄 ndishook.c
字号:
&& g_ConnectionSpAce[i].m_SourceIp == pIpHdr->saddr
)
{
pConnection = &g_ConnectionSpAce[i];
break;
}
}
//把数据加入到链表
DbgPrint("AddSendDAtAToList\n");
AddSendDAtAToList(
&g_SendListHeAd,
VirtuAlAddress,
ulTotAlLength,
pConnection
);
//释放空间
NdisFreeMemory(
VirtuAlAddress,
0,
0
);
return NDIS_STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS GetPAcketDAtA(HOOK_CONTEXT_STRUCT *pOurContext,PVOID pBuffer)
{
NTSTATUS stAtus;
ULONG i;
PTCPS_Connection pConnection = NULL;
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
PUCHAR pDAtA = NULL;
ULONG DAtALength;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pBuffer + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
pDAtA = (PUCHAR)((UCHAR*)pTcpHdr + sizeof(TCPHDR));
//DbgPrint("%s\n",pDAtA);
DAtALength = NTOHS(pIpHdr->tot_len) - pIpHdr->ihl*4 - sizeof(TCPHDR);
for(i = 0;i < MAX_CONNECTIONS;i ++){
//通过ip和源端口判断是哪个连接
if(g_ConnectionSpAce[i].m_SourcePort == pTcpHdr->source
&& g_ConnectionSpAce[i].m_SourceIp == pIpHdr->saddr
)
{
//DbgPrint("Get the right connection\n");//
pConnection = &g_ConnectionSpAce[i];
//updAte连接信息
g_ConnectionSpAce[i].m_Ack_seq = pTcpHdr->ack_seq;
g_ConnectionSpAce[i].m_Seq = pTcpHdr->seq;
//DAtALength用于下次发送数据时计算Ack_seq
g_ConnectionSpAce[i].m_DAtALength = DAtALength;
break;
}
}
if (pConnection == NULL){
DbgPrint("error,cAn't find the right connection\n");
return NDIS_STATUS_SUCCESS;
}
//把得到的数据加如到数据链表
//AddRecvDAtAToList函数内分配空间复制pDAtA ///IoWorkItemRoutine 中释放
stAtus = AddRecvDAtAToList(
&g_RecvListHeAd,
pDAtA,
DAtALength,
pConnection
);
if(!NT_SUCCESS(stAtus)){
//DbgPrint("error occur from AddRecvDAtAToList\n");
return stAtus;
}
return NDIS_STATUS_SUCCESS;
}
//--------------------------------------------------------------------
ULONG
HAndleReceivePAcket(
HOOK_CONTEXT_STRUCT *pOurContext,
ULONG TotAlPAcketSize,
PVOID pHeAdBuffer,
ULONG ulHeAdSize,
PNDIS_PACKET pPAcket
)
{
ULONG PAcketSize;
PVOID pBuffer = NULL;
NTSTATUS stAtus;
PNDIS_BUFFER firstBuffer,nextBuffer;
ULONG result = TRUE;
CHAR* pBuf;
NdisQueryPacket(pPAcket,NULL,NULL,NULL,&PAcketSize);
if(PAcketSize + ulHeAdSize < sizeof(ETHHDR)){
return TRUE;
}
stAtus = NdisAllocateMemoryWithTag(&pBuffer,PAcketSize + ulHeAdSize,'ytaU');
if(stAtus != NDIS_STATUS_SUCCESS || pBuffer == NULL){
return TRUE;
}
//obtain content from the pAcket
pBuf = (CHAR*)pBuffer;
NdisMoveMemory(pBuf,pHeAdBuffer,ulHeAdSize);
ReAdPAcket(pPAcket,&pBuf[ulHeAdSize],PAcketSize);
result = HAndleBuffer(pOurContext,pBuffer,TotAlPAcketSize + ulHeAdSize);
NdisFreeMemory(pBuffer,PAcketSize+ulHeAdSize,0);
return result;
}
//--------------------------------------------------------------------
ULONG SetConnection(HOOK_CONTEXT_STRUCT *pOurContext,PVOID pBuffer)
{
ULONG i;
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
PTCPS_Connection pConnection;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pEthHdr + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
for(i = 0;i < MAX_CONNECTIONS;i ++){
//if it's the repeAted syn,ignore it
if((g_ConnectionSpAce[i].m_SourcePort == pTcpHdr->dest) && (g_ConnectionSpAce[i].m_SourceIp == pIpHdr->daddr)){
return TRUE;
}
//DbgPrint("g_ConnectionSpAce[%d].m_SourcePort: %d\n",i,NTOHS(g_ConnectionSpAce[i].m_SourcePort));
if(g_ConnectionSpAce[i].m_PAcketsLeftToBeSend == 0 &&
g_ConnectionSpAce[i].m_bIsConnected == FALSE
)
{
DbgPrint("Get A empty connection\n");
pConnection = &g_ConnectionSpAce[i];
//updAte连接信息
NdisZeroMemory(&g_ConnectionSpAce[i],sizeof(TCPS_Connection));
RtlCopyMemory(&g_ConnectionSpAce[i].m_PAth,L"C:\\",sizeof(L"C:\\"));
NdisMoveMemory(&g_ConnectionSpAce[i].m_SourceMAc,pEthHdr->h_source,6);
NdisMoveMemory(&g_ConnectionSpAce[i].m_OurMAc,pEthHdr->h_dest,6);
g_ConnectionSpAce[i].m_pBindAdaptHandle = pOurContext->m_pBindAdaptHandle;
g_ConnectionSpAce[i].m_Window = pTcpHdr->window;
g_ConnectionSpAce[i].m_SourcePort = pTcpHdr->source;
g_ConnectionSpAce[i].m_OurPort = pTcpHdr->dest;
g_ConnectionSpAce[i].m_SourceIp = pIpHdr->saddr;
g_ConnectionSpAce[i].m_OurIp = pIpHdr->daddr;
g_ConnectionSpAce[i].m_Ack_seq = pTcpHdr->ack_seq;
g_ConnectionSpAce[i].m_Seq = pTcpHdr->seq;
g_ConnectionSpAce[i].m_ReSendCount = 0;
//not m_bIsConnected
g_ConnectionSpAce[i].m_bIsConnecting = TRUE;
return TRUE;
}
}//for
//DbgPrint("connection pool is full,,force the first\n");
//强制用第一个
//updAte连接信息
/*
NdisZeroMemory(&g_ConnectionSpAce[i],sizeof(TCPS_Connection));
RtlCopyMemory(&g_ConnectionSpAce[i].m_PAth,L"C:\\",sizeof(L"C:\\"));
NdisMoveMemory(&g_ConnectionSpAce[0].m_SourceMAc,pEthHdr->h_source,6);
NdisMoveMemory(&g_ConnectionSpAce[0].m_OurMAc,pEthHdr->h_dest,6);
g_ConnectionSpAce[0].m_pBindAdaptHandle = pOurContext->m_pBindAdaptHandle;
g_ConnectionSpAce[0].m_Window = pTcpHdr->window;
g_ConnectionSpAce[0].m_SourcePort = pTcpHdr->source;
g_ConnectionSpAce[0].m_OurPort = pTcpHdr->dest;
g_ConnectionSpAce[0].m_SourceIp = pIpHdr->saddr;
g_ConnectionSpAce[0].m_OurIp = pIpHdr->daddr;
g_ConnectionSpAce[0].m_Ack_seq = pTcpHdr->ack_seq;
g_ConnectionSpAce[0].m_Seq = pTcpHdr->seq;
g_ConnectionSpAce[0].m_ReSendCount = 0;
g_ConnectionSpAce[0].m_bIsConnected = TRUE;
*/
return FALSE;
}
//--------------------------------------------------------------------
NTSTATUS UpDAteConnection(HOOK_CONTEXT_STRUCT *pOurContext,PVOID pBuffer)
{
NTSTATUS stAtus;
ULONG i;
PTCPS_Connection pConnection = NULL;
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
PUCHAR pDAtA = NULL;
ULONG DAtALength;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pBuffer + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
DAtALength = NTOHS(pIpHdr->tot_len) - pIpHdr->ihl*4 - sizeof(TCPHDR);
for(i = 0;i < MAX_CONNECTIONS;i ++){
if(g_ConnectionSpAce[i].m_SourcePort == pTcpHdr->source
&& g_ConnectionSpAce[i].m_SourceIp == pIpHdr->saddr
)
{
//DbgPrint("Get the right connection\n");//
pConnection = &g_ConnectionSpAce[i];
//updAte连接信息
g_ConnectionSpAce[i].m_Ack_seq = pTcpHdr->ack_seq;
g_ConnectionSpAce[i].m_Seq = pTcpHdr->seq;
//DAtALength用于下次发送数据时计算Ack_seq
g_ConnectionSpAce[i].m_DAtALength = DAtALength;
g_ConnectionSpAce[i].m_IsSyn = FALSE;
if(g_ConnectionSpAce[i].m_bIsConnecting == TRUE){
g_ConnectionSpAce[i].m_bIsConnecting = FALSE;
g_ConnectionSpAce[i].m_bIsConnected = TRUE;
}
break;
}
}
if (pConnection == NULL){
DbgPrint("error,cAn't find the right connection\n");
return NDIS_STATUS_SUCCESS;
}
return NDIS_STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS UpDAteConnectionSYN(HOOK_CONTEXT_STRUCT *pOurContext,PVOID pBuffer)
{
NTSTATUS stAtus;
ULONG i;
PTCPS_Connection pConnection = NULL;
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
PUCHAR pDAtA = NULL;
ULONG DAtALength;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pBuffer + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
DAtALength = NTOHS(pIpHdr->tot_len) - pIpHdr->ihl*4 - sizeof(TCPHDR);
for(i = 0;i < MAX_CONNECTIONS;i ++){
//通过ip和源端口判断是哪个连接
if(g_ConnectionSpAce[i].m_SourcePort == pTcpHdr->source
&& g_ConnectionSpAce[i].m_SourceIp == pIpHdr->saddr
)
{
//DbgPrint("Get the right connection\n");//
pConnection = &g_ConnectionSpAce[i];
//updAte连接信息
//再返回SYN ACK的时候这个地方比较特殊,,当SentToNet调用的时候会让
//seq = HTONL(200); Ack = HTONL(NTOHL(pTcpHdr->seq)+1); bug
g_ConnectionSpAce[i].m_Ack_seq = HTONL(200);//任意
g_ConnectionSpAce[i].m_Seq = pTcpHdr->seq;///?? bug
//DAtALength用于下次发送数据时计算Ack_seq
g_ConnectionSpAce[i].m_DAtALength = DAtALength;
g_ConnectionSpAce[i].m_IsSyn = TRUE;///////////
break;
}
}
if (pConnection == NULL){
DbgPrint("error,cAn't find the right connection\n");
return NDIS_STATUS_SUCCESS;
}
return NDIS_STATUS_SUCCESS;
}
//--------------------------------------------------------------------
//not used
NTSTATUS Disconnect(HOOK_CONTEXT_STRUCT *pOurContext,PVOID pBuffer)
{
NTSTATUS stAtus;
ULONG i;
PTCPS_Connection pConnection = NULL;
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pBuffer + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
//DbgPrint("%s\n",pDAtA);
for(i = 0;i < MAX_CONNECTIONS;i ++){
//通过ip和源端口判断是哪个连接
if(g_ConnectionSpAce[i].m_SourcePort == pTcpHdr->source
&& g_ConnectionSpAce[i].m_SourceIp == pIpHdr->saddr
)
{
pConnection = &g_ConnectionSpAce[i];
if(pConnection->m_bIsConnected != FALSE){
//当连接内没有数据等待发送,则清空这个结构,可被下一个连接利用
pConnection->m_bIsConnected = FALSE;
if(pConnection->m_PAcketsLeftToBeSend == 0){
NdisZeroMemory(pConnection,sizeof(TCPS_Connection));
//bug!!
//还是有问题,最好是每个连接都有一个SendList
RtlCopyMemory(&g_ConnectionSpAce[i].m_PAth,L"C:\\",sizeof(L"C:\\"));
DbgPrint("g_ConnectionSpAce[%d] is AvAilAble \n",i);
}
break;
}else{
return NDIS_STATUS_SUCCESS;
}
}
}
if (pConnection == NULL){
DbgPrint("in Disconnect: error,cAn't find the right connection\n");
return NDIS_STATUS_SUCCESS;
}
return NDIS_STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS SendDisconnectMessAgeToSendlist(HOOK_CONTEXT_STRUCT *pOurContext,PVOID pBuffer)
{
NTSTATUS stAtus;
ULONG i;
PTCPS_Connection pConnection = NULL;
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pBuffer + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
for(i = 0;i < MAX_CONNECTIONS;i ++){
//通过ip和源端口判断是哪个连接
if(g_ConnectionSpAce[i].m_SourcePort == pTcpHdr->source
&& g_ConnectionSpAce[i].m_SourceIp == pIpHdr->saddr
)
{
pConnection = &g_ConnectionSpAce[i];
break;
}
}
if (pConnection == NULL){
DbgPrint("in SendDisconnectMessAgeToSendlist: error,cAn't find the right connection\n");
return NDIS_STATUS_SUCCESS;
}
//加到队列的最前面
AddSendDAtAToListAtFront(
&g_SendListHeAd,
pBuffer,
sizeof(ETHHDR)+sizeof(IPHDR)+sizeof(TCPHDR),
pConnection
);
return NDIS_STATUS_SUCCESS;
}
//--------------------------------------------------------------------
USHORT CountChecksum(PVOID pBuffer)
{
PETHHDR pEthHdr = NULL;
PIPHDR pIpHdr = NULL;
PTCPHDR pTcpHdr = NULL;
PVOID pDAtA = NULL;
PVOID ChecksumTempBuff = NULL;
PSDHDR PsdHdr;
USHORT Checksum;
USHORT tempChecksum;
ULONG ulDAtALength;
pEthHdr = (PETHHDR)pBuffer;
pIpHdr = (PIPHDR)((UCHAR*)pEthHdr + sizeof(ETHHDR));
pTcpHdr = (PTCPHDR)((UCHAR*)pIpHdr + pIpHdr->ihl * 4);
pDAtA = (PVOID)((UCHAR*)pTcpHdr + sizeof(TCPHDR));//heAder
ulDAtALength = NTOHS(pIpHdr->tot_len) - pIpHdr->ihl*4 - sizeof(TCPHDR);
DbgPrint("ulDAtALength: %d\n",ulDAtALength);
//ChecksumTempBuff 为了计算效验和
NdisAllocateMemoryWithTag(
&ChecksumTempBuff,
MAX_PACKET_SIZE,
'pmtU'
);
if (pTcpHdr->psh){
//PsdHdrSend用来计算tcp效验和
PsdHdr.saddr = pIpHdr->saddr;
PsdHdr.daddr = pIpHdr->daddr;
PsdHdr.mbz = 0;
PsdHdr.ptcl = IPPROTO_TCP;
PsdHdr.tcpl = HTONS(sizeof(TCPHDR)+(USHORT)ulDAtALength);
tempChecksum = pTcpHdr->check;
pTcpHdr->check = 0;//modify the pAcket
NdisMoveMemory(ChecksumTempBuff,&PsdHdr,sizeof(PSDHDR));
NdisMoveMemory((UCHAR*)ChecksumTempBuff + sizeof(PSDHDR),pTcpHdr,sizeof(TCPHDR));
NdisMoveMemory((UCHAR*)ChecksumTempBuff + sizeof(PSDHDR) + sizeof(TCPHDR),pDAtA,ulDAtALength);
Checksum = checksum((USHORT*)ChecksumTempBuff,sizeof(PSDHDR)+sizeof(TCPHDR)+ulDAtALength);
pTcpHdr->check = tempChecksum;
}
else{
//PsdHdrSend用来计算tcp效验和
PsdHdr.saddr = pIpHdr->saddr;
PsdHdr.daddr = pIpHdr->daddr;
PsdHdr.mbz = 0;
PsdHdr.ptcl = IPPROTO_TCP;
PsdHdr.tcpl = HTONS(sizeof(TCPHDR));
NdisMoveMemory(ChecksumTempBuff,&PsdHdr,sizeof(PSDHDR));
NdisMoveMemory((UCHAR*)ChecksumTempBuff + sizeof(PSDHDR),pTcpHdr,sizeof(TCPHDR));
tempChecksum = pTcpHdr->check;
pTcpHdr->check = 0;//modify the pAcket
Checksum = checksum((USHORT*)ChecksumTempBuff,sizeof(PSDHDR)+sizeof(TCPHDR));
pTcpHdr->check = tempChecksum;
}
//释放ChecksumTempBuff
NdisFreeMemory(
ChecksumTempBuff,
0,
0
);
return Checksum;
}
//--------------------------------------------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -