📄 ethernetspyreader.cpp
字号:
#include <afxwin.h>
#include <windows.h>
#include <winsock.h>
#include "ntddndis.h"
#include "packet32.h"
#include "EthernetSpyReader.h"
#define IsBroadcast(Addr) (Addr[0]&Addr[1]&Addr[2]&Addr[3]&Addr[4]&Addr[5] == 0xFF)
#define IsMulticast(Addr) (FALSE)
#define SWAP(p) (((p)<<8)|((p)>>8))
DWORD ReadingThread(LPDWORD lpdwParam)
{
EthernetSpyReader* SpyReader = (EthernetSpyReader *) lpdwParam;
PSTATISTICS Stats = &(SpyReader->Stats);
LPPACKET *Packet;
HANDLE hFrame;
PFRAMEETH Frame;
PULONG FrameLength;
USHORT FrameType;
BOOL Error;
UINT i;
Packet = (LPPACKET *)malloc (SpyReader->BufLen * sizeof(PVOID));
hFrame = GlobalAlloc (GMEM_MOVEABLE, SpyReader->BufLen * sizeof (FRAMEETH));
Frame = (PFRAMEETH) GlobalLock(hFrame);
FrameLength = (PULONG) malloc (SpyReader->BufLen * sizeof(LONG));
Error = FALSE;
for (i = 0; i < SpyReader->BufLen && !Error; i++)
{
Packet[i] = PacketAllocatePacket();
Error = Packet[i] == NULL;
if (!Error)
{
FrameLength[i] = 0;
PacketInitPacket( Packet[i],
(PVOID)(&Frame[i]),
sizeof(FRAMEETH));
PacketReceivePacket( SpyReader->Adapter,
Packet[i],
FALSE,
&(FrameLength[i]));
}
}
if (!Error)
{
for (i = 0 ; SpyReader->KillThread == FALSE; i = (i + 1) % SpyReader->BufLen)
{
PacketWaitPacket( SpyReader->Adapter,
Packet[i],
&(FrameLength[i]) );
// CALCOLO DELLE STATISTICHE
EnterCriticalSection(&(SpyReader->CritSecCounters));
{
Stats->Total++;
FrameType = (USHORT)(Frame[i].Type[0]) + (USHORT)(Frame[i].Type[1]) << 8;
if( IsBroadcast(Frame[i].DestAddr) )
{
Stats->Broadcast++;
}
else if( IsMulticast(Frame[i].DestAddr) )
{
Stats->Multicast++;
}
else
{
Stats->Directed++;
}
if( FrameType < IEEE802_3_TYPE )
{
Stats->IEEE802_3++;
}
else
{
switch(FrameType)
{
case IP_TYPE:
Stats->IP++;
break;
case X75_TYPE:
Stats->X75++;
break;
case X25_TYPE:
Stats->X25++;
break;
case ARP_TYPE:
Stats->ARP++;
break;
case BANYAN_TYPE:
Stats->Banyan++;
break;
case DECMOP1_TYPE:
Stats->DecMop1++;
break;
case DECMOP2_TYPE:
Stats->DecMop2++;
break;
case DECNET_TYPE:
Stats->DecNet++;
break;
case DECLAT_TYPE:
Stats->DecLat++;
break;
case DECDIAGNOSTIC_TYPE:
Stats->DecDiagnostic++;
break;
case DECLANBRIDGE_TYPE:
Stats->DecLanBridge++;
break;
case DECETHENCR_TYPE:
Stats->DecEthEncr++;
break;
case APPLETALK_TYPE:
Stats->AppleTalk++;
break;
case IBMSNA_TYPE:
Stats->IBMSna++;
break;
case NETWARE_TYPE:
Stats->NetWare++;
break;
case SNMP_TYPE:
Stats->SNMP++;
break;
default:
Stats->Unknown++;
}
}
Stats->Bytes += FrameLength[i];
SpyReader->Pkt[SpyReader->NextPkt].Num = Stats->Total;
SpyReader->Pkt[SpyReader->NextPkt].Time = GetTickCount();
SpyReader->Pkt[SpyReader->NextPkt].Len = FrameLength[i];
Stats->AvgThroughPut = (double)Stats->Bytes * 8.0 / (double)( SpyReader->Pkt[SpyReader->NextPkt].Time - SpyReader->StartTime );
Stats->AvgPktLen = (double)Stats->Bytes / (double)Stats->Total;
Stats->AvgPktPerSec = (double)Stats->Total / (double)( SpyReader->Pkt[SpyReader->NextPkt].Time - SpyReader->StartTime ) * 1000.0;
if( SpyReader->SoftwareFilter->Match( &(Frame[i]) ) == TRUE )
{
memcpy(&(SpyReader->Pkt[SpyReader->NextPkt].Frame), &(Frame[i]), SpyReader->MaxFrameLen);
SpyReader->StoredPkt++;
SpyReader->NextPkt = (SpyReader->NextPkt+1) % SpyReader->MaxPkt;
}
}
LeaveCriticalSection(&(SpyReader->CritSecCounters));
// FINE CALCOLO DELLE STATISTICHE
PacketReceivePacket( SpyReader->Adapter,
Packet[i],
FALSE,
&(FrameLength[i]));
}
SpyReader->ResetDriver();
for (i = 0; i < SpyReader->BufLen; i++)
PacketFreePacket(Packet[i]);
}
else
{
for ( i-- ; i > 0; i--)
PacketFreePacket(Packet[i - 1]);
}
free(Packet);
GlobalFree(hFrame);
free(FrameLength);
// if (SpyReader->Wnd)
// SpyReader->Wnd->PostMessage(WM_THREADTERMINATED, 0, 0);
return 0;
}
EthernetSpyReader::EthernetSpyReader()
{
SoftwareFilter = &DefaultSoftwareFilter;
BufLen = 10;
RefreshTime = 250;
StoredPkt = 0;
memset(&Stats, 0, sizeof(Stats));
MaxPkt = 1000;
MaxFrameLen = 1514;
Pkt = (PPACKET_INFO)malloc(MaxPkt*sizeof(PACKET_INFO));
InitializeCriticalSection(&CritSecCounters);
ULONG NameLength=64;
PacketGetAdapterNames(AdapterName, &NameLength);
Adapter=PacketOpenAdapter(AdapterName);
SetHardwareFilter (NDIS_PACKET_TYPE_PROMISCUOUS);
PacketQueryHardwareAddress( Adapter, HardwareAddress);
IPAddress = GetHostIPAddr();
}
EthernetSpyReader::~EthernetSpyReader()
{
PacketCloseAdapter(Adapter);
free(Pkt);
}
void EthernetSpyReader::StartReading()
{
DWORD dwThreadId;
StartTime = GetTickCount();
memset (&Stats, 0, sizeof(Stats));
NextPkt = 0;
StoredPkt = 0;
KillThread = FALSE;
hReadingThread = CreateThread(
NULL, /* no security attributes */
0, /* use default stack size */
(LPTHREAD_START_ROUTINE)ReadingThread, /* thread function */
(LPDWORD) this, /* argument to thread function */
0, /* use default creation flags */
&dwThreadId); /* returns the thread identifier */
}
void EthernetSpyReader::StopReading( BOOL Blocking )
{
DWORD ExitCode;
KillThread = TRUE;
ResumeThread( hReadingThread );
if (Blocking)
{
do
{
GetExitCodeThread( hReadingThread, &ExitCode );
Sleep(10);
}
while( ExitCode== STILL_ACTIVE );
}
}
void EthernetSpyReader::SuspendReading(void)
{
SuspendThread( hReadingThread );
}
void EthernetSpyReader::ResumeReading( void )
{
ResumeThread( hReadingThread );
}
void EthernetSpyReader::SetReadingPriority(int Priority)
{
SetThreadPriority (hReadingThread, Priority);
}
void EthernetSpyReader::ClearGlobalStats()
{
EnterCriticalSection(&CritSecCounters);
{
Stats.Total = 0;
Stats.Broadcast = 0;
Stats.Multicast = 0;
Stats.Bytes = 0;
StartTime = GetTickCount();
}
LeaveCriticalSection(&CritSecCounters);
}
void EthernetSpyReader::ClearTypeStats( )
{
EnterCriticalSection(&CritSecCounters);
{
Stats.IP = 0;
Stats.X75 = 0;
Stats.X25 = 0;
Stats.ARP = 0;
Stats.Banyan = 0;
Stats.DecMop1 = 0;
Stats.DecMop2 = 0;
Stats.DecNet = 0;
Stats.DecLat = 0;
Stats.DecDiagnostic = 0;
Stats.DecLanBridge = 0;
Stats.DecEthEncr = 0;
Stats.AppleTalk = 0;
Stats.IBMSna = 0;
Stats.NetWare = 0;
Stats.SNMP = 0;
Stats.IEEE802_3 = 0;
Stats.Unknown = 0;
}
LeaveCriticalSection(&CritSecCounters);
}
/*
void EthernetSpyReader::InitializeNetData(CWnd* _Wnd)
{
Wnd = _Wnd;
StartTime = GetTickCount();
memset (&Stats, 0, sizeof(Stats));
NextPkt = 0;
StoredPkt = 0;
}
*/
void EthernetSpyReader::ResetDriver ()
{
PacketCloseAdapter (Adapter);
Adapter = PacketOpenAdapter (AdapterName);
SetHardwareFilter (HardwareFilter);
}
BOOL EthernetSpyReader::SetHardwareFilter(ULONG Filter)
{
HardwareFilter = Filter;
return PacketSetFilter(Adapter, Filter);
}
void EthernetSpyReader::SetSoftwareFilter (SpyFilter* _Filter){ if (_Filter)
SoftwareFilter = _Filter;
else
SoftwareFilter = &DefaultSoftwareFilter;}
#define MAXHOSTNAME 255
ULONG EthernetSpyReader::GetHostIPAddr ()
{
/*-----------------------------------------------------------
* Function: GetHostID()
*
* Description:
* Get the Local IP address using the following algorithm:
* - get local hostname with gethostname()
* - attempt to resolve local hostname with gethostbyname()
* if that fails:
* - get a UDP socket
* - connect UDP socket to arbitrary address and port
* - use getsockname() to get local address
*/
char szLclHost [MAXHOSTNAME];
LPHOSTENT lpstHostent;
SOCKADDR_IN stLclAddr;
SOCKADDR_IN stRmtAddr;
int nAddrSize = sizeof(SOCKADDR);
SOCKET hSock;
int nRet;
/* Init local address (to zero) */
stLclAddr.sin_addr.s_addr = INADDR_ANY;
/* Get the local hostname */
nRet = gethostname(szLclHost, MAXHOSTNAME);
if (nRet != SOCKET_ERROR) {
/* Resolve hostname for local address */
lpstHostent = gethostbyname((LPSTR)szLclHost);
if (lpstHostent)
stLclAddr.sin_addr.s_addr = *((u_long FAR*) (lpstHostent->h_addr));
}
/* If still not resolved, then try second strategy */
if (stLclAddr.sin_addr.s_addr == INADDR_ANY) {
/* Get a UDP socket */
hSock = socket(AF_INET, SOCK_DGRAM, 0);
if (hSock != INVALID_SOCKET) {
/* Connect to arbitrary port and address (NOT loopback) */
stRmtAddr.sin_family = AF_INET;
stRmtAddr.sin_port = htons(IPPORT_ECHO);
stRmtAddr.sin_addr.s_addr = inet_addr("128.127.50.1");
nRet = connect(hSock,
(LPSOCKADDR)&stRmtAddr,
sizeof(SOCKADDR));
if (nRet != SOCKET_ERROR) {
/* Get local address */
getsockname(hSock,
(LPSOCKADDR)&stLclAddr,
(int FAR*)&nAddrSize);
}
closesocket(hSock); /* we're done with the socket */
}
}
return (stLclAddr.sin_addr.s_addr);
}
/*
BOOL EthernetSpyReader::IPAddrToEthernetAddr (ULONG IPAddr, PBYTE EthAddr)
{
ARP_FRAME SendFrame;
ARP_FRAME RcvFrame;
LPPACKET SendPacket;
LPPACKET RcvPacket;
ULONG Len;
memset (SendFrame.DestAddr, 0xFF, 6);
memcpy (SendFrame.SrcAddr, HardwareAddress, 6);
SendFrame.Type[0] = 0x08;
SendFrame.Type[1] = 0x06;
SendFrame.HWType[0] = 0;
SendFrame.HWType[1] = 1;
SendFrame.ProtocolType[0] = 0x08;
SendFrame.ProtocolType[1] = 0x00;
SendFrame.HLen = 6;
SendFrame.PLen = 4;
SendFrame.Operation[0] = 0;
SendFrame.Operation[1] = 1;
memcpy (SendFrame.SenderHWAddr, HardwareAddress, 6);
memcpy (SendFrame.SenderIPAddr, &IPAddress, 4);
memset (SendFrame.TargetHWAddr, 0, 6);
memcpy (SendFrame.TargetIPAddr, &IPAddr, 4);
memset (SendFrame.Unused, 0, 32);
PacketSetFilter(Adapter, NDIS_PACKET_TYPE_DIRECTED);
SendPacket = PacketAllocatePacket ();
PacketInitPacket (SendPacket, &SendFrame, sizeof (SendFrame));
memset (&RcvFrame, 0, sizeof(RcvFrame));
RcvPacket = PacketAllocatePacket ();
PacketInitPacket (RcvPacket, &RcvFrame, sizeof (SendFrame));
while ( RcvFrame.Type[0] != 0x08 || RcvFrame.Type[1] != 0x06 ||
RcvFrame.Operation[0] != 0 || RcvFrame.Operation[1] != 2 ||
memcmp(RcvFrame.SenderIPAddr, &IPAddr, 4) )
{
// PacketSendPacket (Adapter, SendPacket, FALSE);
// PacketSendPacket (Adapter, SendPacket, FALSE);
PacketReceivePacket (Adapter, RcvPacket, FALSE, &Len);
PacketSendPacket (Adapter, SendPacket, FALSE);
PacketWaitPacket (Adapter, RcvPacket, &Len);
}
memcpy (EthAddr, RcvFrame.SenderHWAddr, 6);
PacketFreePacket (SendPacket);
PacketFreePacket (RcvPacket);
PacketSetFilter(Adapter, HardwareFilter);
return TRUE;
}
*/
BOOL EthernetSpyReader::IPAddrToEthernetAddr (ULONG IPAddr, PBYTE EthAddr)
{
ARP_FRAME SendFrame;
LPPACKET SendPacket;
ARP_FRAME* RcvFrame;
ULONG i, j, LastRead, NumRead;
BOOL Result;
SpyFilter* OldFilter = SoftwareFilter;
SoftwareFilter = &DefaultSoftwareFilter;
memset (SendFrame.DestAddr, 0xFF, 6);
memcpy (SendFrame.SrcAddr, HardwareAddress, 6);
SendFrame.Type[0] = 0x08;
SendFrame.Type[1] = 0x06;
SendFrame.HWType[0] = 0;
SendFrame.HWType[1] = 1;
SendFrame.ProtocolType[0] = 0x08;
SendFrame.ProtocolType[1] = 0x00;
SendFrame.HLen = 6;
SendFrame.PLen = 4;
SendFrame.Operation[0] = 0;
SendFrame.Operation[1] = 1;
memcpy (SendFrame.SenderHWAddr, HardwareAddress, 6);
memcpy (SendFrame.SenderIPAddr, &IPAddress, 4);
memset (SendFrame.TargetHWAddr, 0, 6);
memcpy (SendFrame.TargetIPAddr, &IPAddr, 4);
memset (SendFrame.Unused, 0, 32);
PacketSetFilter(Adapter, NDIS_PACKET_TYPE_DIRECTED);
SendPacket = PacketAllocatePacket ();
PacketInitPacket (SendPacket, &SendFrame, sizeof (SendFrame));
Result = FALSE;
for (j = 0; j < 5 && !Result; j++)
{
LastRead = NextPkt;
PacketSendPacket (Adapter, SendPacket, FALSE);
Sleep (1000);
NumRead = NextPkt - LastRead;
for (i = 0; i < NumRead; i++)
{
RcvFrame = (ARP_FRAME *)(&Pkt[(LastRead+i) % MaxPkt].Frame);
if ( RcvFrame->Type[0] == 0x08 && RcvFrame->Type[1] == 0x06 &&
RcvFrame->Operation[0] == 0 && RcvFrame->Operation[1] == 2 &&
memcmp(RcvFrame->SenderIPAddr, &IPAddr, 4) == 0 )
{
Result = TRUE;
break;
}
}
}
if (Result)
memcpy (EthAddr, RcvFrame->SenderHWAddr, 6);
else
memset (EthAddr, 0, 6);
SoftwareFilter = OldFilter;
PacketFreePacket (SendPacket);
PacketSetFilter(Adapter, HardwareFilter);
return Result;
}
#define ASCII_TO_EXE(c) (c >= 'A' ? c-'A'+10 : c-'0')
BOOL EthernetSpyReader::ConvertAddress (CString S, PBYTE EthAddr)
{
hostent* Host;
ULONG IPAddr;
if (S != "")
{
if ((Host = gethostbyname (S)) != NULL)
{
memcpy (&IPAddr, Host->h_addr, 4);
return IPAddrToEthernetAddr (IPAddr, EthAddr);
}
else
{
S.MakeUpper ();
memset (EthAddr, 0, 6);
for(int i = 0; i < min(12, S.GetLength()) / 2; i++)
{
EthAddr[i] = ASCII_TO_EXE( S[2*i] ) * 16 + ASCII_TO_EXE( S[2*i+1] );
}
return TRUE;
}
}
memset (EthAddr, 0, 6);
return FALSE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -