#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include "HookApi.h"
//API HOOK方式
#define APIHOOK16
//SOCKS代理配置文件
#define CONFIG_FILE "C:\\SocksCap.ini"
#define TEST_FILE "C:\\test.ini"
//SOCKET类型
#define SOCKET_TYPE_TCP 0
#define SOCKET_TYPE_UDP 1
#ifdef APIHOOK16
#include "apihook16.h"
#define CAPIHook CHOOKAPI
#else
#include "apihook32.h"
#define CAPIHook CHOOKAPI
#endif
#include "socks.h"
#pragma comment(lib, "ws2_32.lib")
//ws2_32.dll中的函数声明
SOCKET WINAPI __stdcall socket_ws2_32(int af, int type, int protocol);
int WINAPI __stdcall connect_ws2_32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall bind_ws2_32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall listen_ws2_32(SOCKET s, int backlog);
SOCKET WINAPI __stdcall accept_ws2_32(SOCKET s, struct sockaddr FAR* addr, int FAR* addrlen);
int WINAPI __stdcall closesocket_ws2_32(SOCKET s);
//wsock32.dll中的函数声明
SOCKET WINAPI __stdcall socket_wsock32(int af, int type, int protocol);
int WINAPI __stdcall connect_wsock32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall bind_wsock32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall listen_wsock32(SOCKET s, int backlog);
SOCKET WINAPI __stdcall accept_wsock32(SOCKET s, struct sockaddr FAR* addr, int FAR* addrlen);
int WINAPI __stdcall closesocket_wsock32(SOCKET s);
//ws2_32.dll 钩住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_ws2_32;
CAPIHook g_hook_connect_ws2_32;
CAPIHook g_hook_bind_ws2_32;
CAPIHook g_hook_listen_ws2_32;
CAPIHook g_hook_accept_ws2_32;
CAPIHook g_hook_closesocket_ws2_32;
//wsock32.dll 勾住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_wsock32;
CAPIHook g_hook_connect_wsock32;
CAPIHook g_hook_bind_wsock32;
CAPIHook g_hook_listen_wsock32;
CAPIHook g_hook_accept_wsock32;
CAPIHook g_hook_closesocket_wsock32;
/*
//ws2_32.dll 钩住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_ws2_32("ws2_32.dll", "socket", (FARPROC)socket_ws2_32);
CAPIHook g_hook_connect_ws2_32("ws2_32.dll", "connect", (FARPROC)connect_ws2_32);
CAPIHook g_hook_bind_ws2_32("ws2_32.dll", "bind", (FARPROC)bind_ws2_32);
CAPIHook g_hook_listen_ws2_32("ws2_32.dll", "listen", (FARPROC)listen_ws2_32);
CAPIHook g_hook_accept_ws2_32("ws2_32.dll", "accept", (FARPROC)accept_ws2_32);
CAPIHook g_hook_closesocket_ws2_32("ws2_32.dll", "closesocket", (FARPROC)closesocket_ws2_32);
//wsock32.dll 勾住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_wsock32("wsock32.dll", "socket", (FARPROC)socket_wsock32);
CAPIHook g_hook_connect_wsock32("wsock32.dll", "connect", (FARPROC)connect_wsock32);
CAPIHook g_hook_bind_wsock32("wsock32.dll", "bind", (FARPROC)bind_wsock32);
CAPIHook g_hook_listen_wsock32("wsock32.dll", "listen", (FARPROC)listen_wsock32);
CAPIHook g_hook_accept_wsock32("wsock32.dll", "accept", (FARPROC)accept_wsock32);
CAPIHook g_hook_closesocket_wsock32("wsock32.dll", "closesocket", (FARPROC)closesocket_wsock32);
*/
// 定义API挂接项结构
typedef struct _HOOK_ITEM {
DWORD dwAddr ; // IAT项所在地址
DWORD dwOldValue ; // IAT项的原始函数地址
DWORD dwNewValue ; // IAT项的新函数地址
} HOOK_ITEM, *PHOOK_ITEM ;
HOOK_ITEM HookItem = {0} ; // 定义IAT项,用于保存MessageBoxA的IAT项信息
//重定向
BOOL WINAPI RedirectApi ( PCHAR pDllName, PCHAR pFunName, DWORD dwNewProc, PHOOK_ITEM pItem )
{
// 检查参数是否合法
if ( pDllName == NULL || pFunName == NULL || !dwNewProc || !pItem )
return FALSE ;
// 检测目标模块是否存在
char szTempDllName[256] = {0} ;
DWORD dwBaseImage = (DWORD)GetModuleHandle(NULL) ;
if ( dwBaseImage == 0 )
return FALSE ;
// 取得PE文件头信息指针
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)dwBaseImage ;
PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)(dwBaseImage + (pDosHeader->e_lfanew)) ;
PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = &(pNtHeader->OptionalHeader) ;
PIMAGE_SECTION_HEADER pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pNtHeader + 0x18 + pNtHeader->FileHeader.SizeOfOptionalHeader ) ;
// 遍历导入表
PIMAGE_THUNK_DATA pThunk, pIAT ;
PIMAGE_IMPORT_DESCRIPTOR pIID = (PIMAGE_IMPORT_DESCRIPTOR)(dwBaseImage+pOptionalHeader->DataDirectory[1].VirtualAddress ) ;
while ( pIID->FirstThunk )
{
// 检测是否目标模块
if ( strcmp ( (PCHAR)(dwBaseImage+pIID->Name), pDllName ) )
{
pIID++ ;
continue ;
}
pIAT = (PIMAGE_THUNK_DATA)( dwBaseImage + pIID->FirstThunk ) ;
if ( pIID->OriginalFirstThunk )
pThunk = (PIMAGE_THUNK_DATA)( dwBaseImage + pIID->OriginalFirstThunk ) ;
else
pThunk = pIAT ;
// 遍历IAT
DWORD dwThunkValue = 0 ;
while ( ( dwThunkValue = *((DWORD*)pThunk) ) != 0 )
{
if ( ( dwThunkValue & IMAGE_ORDINAL_FLAG32 ) == 0 )
{
// 检测是否目标函数
if ( strcmp ( (PCHAR)(dwBaseImage+dwThunkValue+2), pFunName ) == 0 )
{
// 填充函数重定向信息
pItem->dwAddr = (DWORD)pIAT ;
pItem->dwOldValue = *((DWORD*)pIAT) ;
pItem->dwNewValue = dwNewProc;
// 修改IAT项
DWORD dwOldProtect = 0 ;
VirtualProtect ( pIAT, 4, PAGE_READWRITE, &dwOldProtect ) ;
*((DWORD*)pIAT) = dwNewProc ;
VirtualProtect ( pIAT, 4, PAGE_READWRITE, &dwOldProtect ) ;
return TRUE ;
}
}
pThunk ++ ;
pIAT ++ ;
}
pIID ++ ;
}
return FALSE ;
}
//SOCKET信息结构
typedef struct _SOCKET_INFO {
int nProxySocket; //代理SOCKET
int nNomalSocket; //正常SOCKET
int nType; //SOCKET类型(TCP/UDP)
} SOCKET_INFO;
static SOCKET_INFO g_SocketList[1024] = {0}; //SOCKET信息列表
static int g_nIndex = 0; //SOCKET信息列表索引
//向列表中插入SOCKET信息
VOID ins_list(const SOCKET_INFO socket_info)
{
int i = 0;
if (g_nIndex >= 1024)
g_nIndex = 0;
for (i=0; i<g_nIndex; i++) {
if (memcmp(&socket_info, &g_SocketList[i], sizeof(SOCKET_INFO)) == 0)
return; //已经在list中了
}
memcpy(&g_SocketList[g_nIndex], &socket_info, sizeof(SOCKET_INFO));
g_nIndex++;
}
//从列表中删除SOCKET信息
VOID del_list(const int nSocket)
{
int i = 0;
SOCKET_INFO *socket_info = NULL;
for (i=0; i<g_nIndex; i++) {
socket_info = &g_SocketList[i];
if (socket_info->nProxySocket == nSocket) {
closesocket(socket_info->nProxySocket);
closesocket(socket_info->nNomalSocket);
g_nIndex--;
if (i < g_nIndex)
memcpy(socket_info, &g_SocketList[g_nIndex], sizeof(SOCKET_INFO));
memset(&g_SocketList[g_nIndex], 0, sizeof(SOCKET_INFO));
break;
}
}
}
//从列表中匹配SOCKET
SOCKET_INFO *find_list(const int nSocket)
{
int i = 0;
SOCKET_INFO *socket_info = NULL;
for (i=0; i<g_nIndex; i++) {
socket_info = &g_SocketList[i];
if (socket_info->nProxySocket == nSocket) {
return socket_info;
}
}
return socket_info;
}
//socket()
SOCKET WINAPI __stdcall socket_ws2_32(int af, int type, int protocol)
{
WritePrivateProfileString(
"TESTOUT", // section name
"str", // key name
"run in here 100", // string to add
TEST_FILE // initialization file
);
#ifdef APIHOOK16
g_hook_socket_ws2_32.UnHook();
g_hook_connect_ws2_32.UnHook();
#endif
char szSocksHost[MAX_PATH] = {0};
char szSocksPort[MAX_PATH] = {0};
char szUser[MAX_PATH] = {0};
char szPass[MAX_PATH] = {0};
SOCKET nSocket = INVALID_SOCKET;
//获取SOCKS代理配置 在SocksConfig.ini中
GetPrivateProfileString("SOCKS-SERVER", "ADDRESS", "\0", szSocksHost, sizeof(szSocksHost)-1, CONFIG_FILE);
GetPrivateProfileString("SOCKS-SERVER", "PORT", "1080", szSocksPort, sizeof(szSocksPort)-1, CONFIG_FILE);
- 1
- 2
前往页