📄 f_winsniffdlg.cpp
字号:
memset(bufOfLine,0,30);
strcpy(bufOfLine,"Adapter ");
char index[1];
itoa(i+1,index,10);
strcat(bufOfLine,index);
strcat(bufOfLine,":");
m_localInfor.AddString(bufOfLine);
memset(bufOfLine,0,30);
strcpy(bufOfLine,"Mac: ");
strcat(bufOfLine,m_localMac[i]);
m_localInfor.AddString(bufOfLine);
memset(bufOfLine,0,30);
strcpy(bufOfLine,"IP: ");
strcat(bufOfLine,m_localIP[i]);
m_localInfor.AddString(bufOfLine);
memset(bufOfLine,0,30);
strcpy(bufOfLine,"******************************");
m_localInfor.AddString(bufOfLine);
}
return;
}
void CF_WinSniffDlg::OnSniff()
{
// TODO: Add your control notification handler code here
int num=0;
count=0;
CStdioFile file;
CString rString;
ET_HEADER_size=sizeof(ET_HEADER);
TCP_HEADER_size=sizeof(TCP_HEADER);
IP_HEADER_size=sizeof(IP_HEADER);
UDP_HEADER_size=sizeof(UDP_HEADER);
LPTSTR lpsz;
if(!file.Open("keyword.txt",CFile::modeRead,NULL))
{
AfxMessageBox("无法打开文件 【 keyword.txt 】 !",MB_OK+MB_ICONSTOP,0);
return ;
}
else
{
while(file.ReadString(rString))
{
count+=1;
lpsz = new TCHAR[rString.GetLength()+1];
_tcscpy(lpsz, rString);
//key=rString.GetBuffer(rString.GetLength());
strcpy(key[num],lpsz);
num=num+1;
}
file.Close();
}
if(isRun==TRUE)
{
MessageBox("上次监控未停止", "系统提示", MB_OK);
return;
}
UpdateData(1);
isRun=TRUE;
pthis=this;
DWORD ID=0;
if(m_isNormal==TRUE)
{
CreateThread(NULL,0,normalSniff,NULL,0,&ID);
}
else
{
CreateThread(NULL,0,exchangeSniff,NULL,0,&ID);
}
CWnd *pTemp;
pTemp=GetDlgItem(IDC_CHECKALL);
pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_CHECKPTOP);
pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_MODAL);
pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_ADAPTER);
pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_SNIFF);
pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_SAVE_LOG);
pTemp->EnableWindow(TRUE);
// pTemp=GetDlgItem(IDC_CLEAN);
// pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_STOP);
pTemp->EnableWindow(TRUE);
if(m_isAll==FALSE)
{
pTemp=GetDlgItem(IDC_IPADDR1);
pTemp->EnableWindow(FALSE);
pTemp=GetDlgItem(IDC_IPADDR2);
pTemp->EnableWindow(FALSE);
}
}
void CF_WinSniffDlg::OnClean()
{
// TODO: Add your control notification handler code here
if(isRun==TRUE)
{
//MessageBox("请先停止监控!");
MessageBox("请先停止监控", "系统提示", MB_OKCANCEL);
return;
}
if(IDCANCEL==MessageBox("确定已经保存记录并清除当前记录吗?", "系统提示", MB_OKCANCEL))
//AfxMessageBox("确定已经保存记录并清除当前记录吗?",MB_OKCANCEL))
return;
else
m_dataList.DeleteAllItems();
}
void CF_WinSniffDlg::OnSaveLog()
{
// TODO: Add your control notification handler code here
int num=0;
num=m_dataList.GetItemCount();
t =CTime::GetCurrentTime();
CString cslog;
char listData[50]={0};
sprintf(m_logFile,"%s",t.Format("%Y-%m-%d-%H-%M-%S.log"));
FILE *pf=fopen(m_logFile,"w");
for(int i=0;i<num;i++)
{
for(int j=0;j<6;j++)
{
memset(listData,0,30);
m_dataList.GetItemText(i,j,listData,30);
fprintf(pf,"%s|",listData);
}
fprintf(pf,"\n");
}
fclose(pf);
cslog.Format("监控记录已保存到文件【 %s 】",m_logFile);
//MessageBox(cslog);
MessageBox(cslog, "系统提示", MB_OK);
}
void CF_WinSniffDlg::receive()
{
char buffer[1024*8]={0};
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket(); //为Packet分配内存
PacketInitPacket(lpPacket,buffer,sizeof(buffer)); //初始化Packet
PacketReceivePacket(lpAdapter,lpPacket,TRUE); //接收数据报
char *buf;
ET_HEADER *lpEthdr;
bpf_hdr *lpBpfhdr;
bool isValidPacket=FALSE;
DWORD sIP=0,dIP=0;
buf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)buf;
lpEthdr=(ET_HEADER *)(buf+lpBpfhdr->bh_hdrlen);
if(lpEthdr->eh_type==htons(0x0800)) //帧类型为0x0800则表示为IP包
{
IP_HEADER *lpIphdr=(IP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER));
sIP=lpIphdr->m_sIP;
dIP=lpIphdr->m_dIP;
isValidPacket=TRUE;
}
else if(lpEthdr->eh_type==htons(0x0806)) //帧类型为0x0806则表示为ARP包
{
ARP_HEADER *lpArphdr=(ARP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+sizeof(ET_HEADER));
sIP=lpArphdr->arp_spa;
dIP=lpArphdr->arp_tpa;
isValidPacket=TRUE;
}
if(isValidPacket==TRUE)
{
if(m_isAll==TRUE)
{
if( ( sIP != 0 ) && ( dIP != 0 ) )
{
assay(lpPacket);
}
}
else
{
bool isAssay=FALSE;
char source_ip[20]={0},dest_ip[20]={0};
in_addr addr={0};
addr.S_un.S_addr=sIP;
memcpy(source_ip,inet_ntoa(addr),strlen(inet_ntoa(addr)));
memset(&addr,0,sizeof(in_addr));
addr.S_un.S_addr=dIP;
memcpy(dest_ip,inet_ntoa(addr),strlen(inet_ntoa(addr)));
DWORD Addr=0;
char *IP,IP1[20]={0},IP2[20]={0};
m_ip1.GetAddress(Addr);
Addr = htonl(Addr);
IP = inet_ntoa(*(in_addr*)&Addr);
memcpy(IP1,IP,strlen(IP));
Addr=0;
m_ip2.GetAddress(Addr);
Addr = htonl(Addr);
IP = inet_ntoa(*(in_addr*)&Addr);
memcpy(IP2,IP,strlen(IP));
if( ( strcmp(source_ip,IP1) == 0 ) && ( strcmp(dest_ip,IP2) == 0 ) )
{
isAssay=TRUE;
}
else if( ( strcmp(source_ip,IP2) == 0 ) && ( strcmp(dest_ip,IP1) == 0 ) )
{
isAssay=TRUE;
}
if(isAssay==TRUE)
{
assay(lpPacket);
}
}//end else
}//end if(isValidPacket==TRUE)
PacketFreePacket(lpPacket); //释放Packet的内存
}
DWORD WINAPI normalSniff(void *no)
{
// MessageBox("ok!");
static CHAR adapter_list[10][1024];
WCHAR adapter_name[2048];
WCHAR *name1,*name2;
ULONG adapter_length=4096;
ULONG i,adapter_num=0;
//取得所有适配器的名字.
if(PacketGetAdapterNames((char*)adapter_name, &adapter_length)==FALSE)
{
//adapter_name:一块用户负责分配的缓冲区,将把适配器的名字填充进去,
//一串用一个Unicode的"\0"分隔的Unicode字符串,每一个都是一个网卡的名字
//adapter_length:这块缓冲区的大小
MessageBox(0,"PacketGetAdapterNames error!","",0);
return -1;
}
name1=adapter_name;
name2=adapter_name;
i = 0;
//把AdapterName中的适配器,分个copy到adapter_list[]中,i从0开始为第一个
while((*name1!='\0') || (*(name1-1)!='\0'))
{
if(*name1=='\0')
{
memcpy(adapter_list[i],name2,2*(name1-name2));
name2=name1+1;
i++;
}
name1++;
}
//打开选择的那个适配器,AdapterList[m_indexOfAdapter]为适配器名字
//如果打开成功,返回一个指针,它指向一个正确初始化了的ADAPTER Object。否则,返回NULL。
lpAdapter=(LPADAPTER)PacketOpenAdapter((LPTSTR)adapter_list[pthis->m_indexOfAdapter]);
if (!lpAdapter||(lpAdapter->hFile==INVALID_HANDLE_VALUE))
{
MessageBox(0,"Unable to open the driver!","",0);
return -1;
}
//设置网卡为混杂模式
if(PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_PROMISCUOUS)==FALSE)
{
MessageBox(0,"Warning: Unable to set the adapter to promiscuous mode!","",0);
}
//设置捕获数据报的内核级缓冲区大小
if(PacketSetBuff(lpAdapter,8*1024)==FALSE)
{
MessageBox(0,"PacketSetBuff Error!","",0);
return -1;
}
//设置在接收到一个数据报后“休息”的时间
if(PacketSetReadTimeout(lpAdapter,1)==FALSE)
{
MessageBox(0,"Warning: Unable to set the timeout!","",0);
}
if(pthis->m_isAll==FALSE)
{
if( ( pthis->m_ip1.IsBlank() ) || ( pthis->m_ip2.IsBlank() ) )
{
MessageBox(0,"Please fill in the IP!","",0);
return -1;
}
}
//MessageBox(0,"1!","",0);
while(isRun==TRUE)
{
pthis->receive();
// Sleep(50);
}
return 0;
}
void CF_WinSniffDlg::OnStop()
{
// TODO: Add your control notification handler code here
if(isRun==FALSE)
{
return;
}
isRun=FALSE;
pthis=NULL;
Sleep(100);
if(lpAdapter!=NULL)
{
PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_DIRECTED);
PacketCloseAdapter(lpAdapter); //关闭适配器
lpAdapter=NULL;
}
CWnd *pTemp;
pTemp=GetDlgItem(IDC_CHECKALL);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_CHECKPTOP);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_SAVE_LOG);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_MODAL);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_ADAPTER);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_SNIFF);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_CLEAN);
pTemp->EnableWindow(TRUE);
if(m_isAll==FALSE)
{
pTemp=GetDlgItem(IDC_IPADDR1);
pTemp->EnableWindow(TRUE);
pTemp=GetDlgItem(IDC_IPADDR2);
pTemp->EnableWindow(TRUE);
}
}
//检查从buffer开始的长度为length的缓冲区内是否有关键字key,若有则返回1,无则返回0
int CF_WinSniffDlg::checkkey(char *buffer,int length)
{
int i,mark=0,num,key_len;
char *p;
for(num=0;num<count;num++)
{
p=key[num];
mark=0;
key_len=strlen(key[num]);
for(i=0;i<length;i++)
{
if(mark==key_len)return num;
if(*(buffer+i)==*(p+mark)) mark+=1;
else mark=0;
}
}
return -1;
}
void CF_WinSniffDlg::assay(LPPACKET lpPacket)
{
char *buf;
int rule_num=0;
CString cs;
ET_HEADER *lpEthdr;
bpf_hdr *lpBpfhdr;
t = CTime::GetCurrentTime();
buf=(char *)lpPacket->Buffer;
lpBpfhdr=(bpf_hdr *)buf;
lpEthdr=(ET_HEADER *)(buf+lpBpfhdr->bh_hdrlen);
m_length=(int)(lpPacket->ulBytesReceived)-lpBpfhdr->bh_hdrlen-ET_HEADER_size;
if(lpEthdr->eh_type==htons(0x0800)) //帧类型为0x0800则表示为IP包
{
//获取IP包头信息,偏移地址为buf + lpBpfhdr的长度 + ET_HEADER的长度
IP_HEADER *lpIphdr=(IP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+ET_HEADER_size);
//m_length=m_length-IP_HEADER_size;
char source_ip[20]={0},dest_ip[20]={0};
in_addr addr={0};
addr.S_un.S_addr=lpIphdr->m_sIP;//IP包的源IP
memcpy(source_ip,inet_ntoa(addr),strlen(inet_ntoa(addr)));
memset(&addr,0,sizeof(in_addr));
addr.S_un.S_addr=lpIphdr->m_dIP;//IP包的目的IP
memcpy(dest_ip,inet_ntoa(addr),strlen(inet_ntoa(addr)));
if(lpIphdr->m_protocol==IPPROTO_TCP)//TCP包处理
{
//获取TCP包头信息,偏移地址为buf + lpBpfhdr的长度 + ET_HEADER的长度 + IP_HEADER的长度
TCP_HEADER *lpTcphdr=(TCP_HEADER *)(buf+lpBpfhdr->bh_hdrlen+ET_HEADER_size+IP_HEADER_size);
rule_num=checkkey(buf,(int)lpPacket->ulBytesReceived)+1;
if(rule_num>0)
{
//记录协议类型到第0列
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -