HoLLy
/
SWSniff
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Don't be afraid of pointers (but WSA* still doesn't work)

This commit is contained in:
HoLLy 2018-05-07 15:47:06 +02:00
Родитель 18008654a0
Коммит 1c570011ef
4 изменённых файлов: 38 добавлений и 38 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

27
SWSniff.Internal/InjectStart.cs
Просмотреть файл

@ -7,15 +7,15 @@ using SWSniff.Internal.Interop;
namespace SWSniff.Internal
{
public static class InjectStart
public static unsafe class InjectStart
{
[DllImport("kernel32")]
private static extern bool AllocConsole();
private delegate int SendDelegate(IntPtr socket, IntPtr buf, int len, SocketFlags flags);
private delegate int RecvDelegate(IntPtr socket, IntPtr buf, int len, SocketFlags flags);
private delegate int WSARecvDelegate(IntPtr socket, IntPtr buffers, int bufferCount, out IntPtr numberOfBytesRecvd, SocketFlags flags, IntPtr overlapped, IntPtr completionRoutine);
private delegate int WSASendDelegate(IntPtr socket, IntPtr buffers, int bufferCount, out IntPtr numberOfBytesSent, SocketFlags flags, IntPtr overlapped, IntPtr completionRoutine);
private delegate int SendDelegate(IntPtr socket, byte* buf, int len, SocketFlags flags);
private delegate int RecvDelegate(IntPtr socket, byte* buf, int len, SocketFlags flags);
private delegate int WSARecvDelegate(IntPtr socket, WSABuffer* buffers, int bufferCount, int* numberOfBytesRecvd, SocketFlags* flags, void* overlapped, void* completionRoutine);
private delegate int WSASendDelegate(IntPtr socket, WSABuffer* buffers, int bufferCount, int* numberOfBytesSent, SocketFlags* flags, void* overlapped, void* completionRoutine);
private static PacketHandler _packetHandler;
private static PipeManager _pipeManager;
@ -30,6 +30,7 @@ namespace SWSniff.Internal
AllocConsole();
#endif
Console.WriteLine("Initializing");
Console.WriteLine("IntPtr size: " + IntPtr.Size);
_pipeManager = new PipeManager();
_packetHandler = new PacketHandler(_pipeManager);
@ -53,28 +54,28 @@ namespace SWSniff.Internal
Thread.Sleep(1000);
}
private static int SendTarget(IntPtr socket, IntPtr buf, int len, SocketFlags flags)
private static int SendTarget(IntPtr socket, byte* buf, int len, SocketFlags flags)
{
_packetHandler.HandleSend(socket, buf, len, flags);
return _sendHook.OriginalFunction(socket, buf, len, flags);
}
private static int RecvTarget(IntPtr socket, IntPtr buf, int len, SocketFlags flags)
private static int RecvTarget(IntPtr socket, byte* buf, int len, SocketFlags flags)
{
_packetHandler.HandleRecv(socket, buf, len, flags);
return _recvHook.OriginalFunction(socket, buf, len, flags);
}
public static int WSASendTarget(IntPtr socket, IntPtr buffers, int bufferCount, out IntPtr numberOfBytesSent, SocketFlags flags, IntPtr overlapped, IntPtr completionRoutine)
private static unsafe int WSASendTarget(IntPtr socket, WSABuffer* buffers, int bufferCount, int* numberOfBytesSent, SocketFlags* flags, void* overlapped, void* completionRoutine)
{
_packetHandler.HandleWSASend(socket, buffers, bufferCount, flags);
return _wsaSendHook.OriginalFunction(socket, buffers, bufferCount, out numberOfBytesSent, flags, overlapped, completionRoutine);
_packetHandler.HandleWSASend(socket, buffers, bufferCount, *flags);
return _wsaSendHook.OriginalFunction(socket, buffers, bufferCount, numberOfBytesSent, flags, overlapped, completionRoutine);
}
private static int WSARecvTarget(IntPtr socket, IntPtr buffers, int bufferCount, out IntPtr numberOfBytesRecvd, SocketFlags flags, IntPtr overlapped, IntPtr completionRoutine)
private static unsafe int WSARecvTarget(IntPtr socket, WSABuffer* buffers, int bufferCount, int* numberOfBytesRecvd, SocketFlags* flags, void* overlapped, void* completionRoutine)
{
_packetHandler.HandleWSARecv(socket, buffers, bufferCount, flags);
return _wsaRecvHook.OriginalFunction(socket, buffers, bufferCount, out numberOfBytesRecvd, flags, overlapped, completionRoutine);
_packetHandler.HandleWSARecv(socket, buffers, bufferCount, *flags);
return _wsaRecvHook.OriginalFunction(socket, buffers, bufferCount, numberOfBytesRecvd, flags, overlapped, completionRoutine);
}
}
}

40
SWSniff.Internal/Interop/PacketHandler.cs
Просмотреть файл

@ -5,7 +5,7 @@ using System.Text;
namespace SWSniff.Internal.Interop
{
internal class PacketHandler
internal unsafe class PacketHandler
{
private readonly PipeManager _pipeMan;
@ -14,63 +14,53 @@ namespace SWSniff.Internal.Interop
_pipeMan = pipeMan;
}
public void HandleSend(IntPtr socket, IntPtr buf, int len, SocketFlags flags)
public void HandleSend(IntPtr socket, byte* buf, int len, SocketFlags flags)
{
const PacketFunction fn = PacketFunction.Send;
DebugLog(buf, len, flags, fn);
_pipeMan.SendPacketDetected(fn, socket, ReadMemoryBuffer(buf, len));
}
public void HandleRecv(IntPtr socket, IntPtr buf, int len, SocketFlags flags)
public void HandleRecv(IntPtr socket, byte* buf, int len, SocketFlags flags)
{
const PacketFunction fn = PacketFunction.Recv;
DebugLog(buf, len, flags, fn);
_pipeMan.SendPacketDetected(fn, socket, ReadMemoryBuffer(buf, len));
}
public unsafe void HandleWSASend(IntPtr socket, IntPtr wsaBuf, int bufferCount, SocketFlags flags)
public void HandleWSASend(IntPtr socket, WSABuffer* wsaBuf, int bufferCount, SocketFlags flags)
{
const PacketFunction fn = PacketFunction.WSASend;
for (int i = 0; i < bufferCount; i++) {
var bufPtr = (WSABuffer*)wsaBuf + i;
DebugLog((*bufPtr).Data, (*bufPtr).Length, flags, fn);
_pipeMan.SendPacketDetected(fn, socket, ReadMemoryBuffer((*bufPtr).Data, (*bufPtr).Length));
DebugLog(wsaBuf[i].Data, wsaBuf[i].Length, flags, fn);
_pipeMan.SendPacketDetected(fn, socket, ReadMemoryBuffer(wsaBuf[i].Data, wsaBuf[i].Length));
}
}
public unsafe void HandleWSARecv(IntPtr socket, IntPtr wsaBuf, int bufferCount, SocketFlags flags)
public void HandleWSARecv(IntPtr socket, WSABuffer* wsaBuf, int bufferCount, SocketFlags flags)
{
const PacketFunction fn = PacketFunction.WSARecv;
for (int i = 0; i < bufferCount; i++) {
var bufPtr = (WSABuffer*)wsaBuf + i;
DebugLog((*bufPtr).Data, (*bufPtr).Length, flags, fn);
_pipeMan.SendPacketDetected(fn, socket, ReadMemoryBuffer((*bufPtr).Data, (*bufPtr).Length));
DebugLog(wsaBuf[i].Data, wsaBuf[i].Length, flags, fn);
_pipeMan.SendPacketDetected(fn, socket, ReadMemoryBuffer(wsaBuf[i].Data, wsaBuf[i].Length));
}
}
private struct WSABuffer
private static byte[] ReadMemoryBuffer(byte* buf, int len)
{
public int Length;
public IntPtr Data;
}
private static unsafe byte[] ReadMemoryBuffer(IntPtr buf, int len)
{
byte[] buffer = new byte[len];
byte* ptr = (byte*)buf.ToPointer();
byte[] ret = new byte[len];
for (int i = 0; i < len; i++)
buffer[i] = *ptr++;
return buffer;
ret[i] = buf[i];
return ret;
}
[Conditional("DEBUG")]
private static unsafe void DebugLog(IntPtr buf, int len, SocketFlags flags, PacketFunction fn)
private static void DebugLog(byte* buf, int len, SocketFlags flags, PacketFunction fn)
{
var sb = new StringBuilder();
byte* ptr = (byte*)buf.ToPointer();
for (int i = 0; i < len; i++)
sb.AppendFormat("{0:X2}-", *ptr++);
sb.AppendFormat("{0:X2}-", buf[i]);
string s = sb.ToString().TrimEnd('-');
if (s.Length >= 0x200)

8
SWSniff.Internal/NativeStructs.cs Normal file
Просмотреть файл

@ -0,0 +1,8 @@
namespace SWSniff.Internal
{
public unsafe struct WSABuffer
{
public int Length;
public byte* Data;
}
}

1
SWSniff.Internal/SWSniff.Internal.csproj
Просмотреть файл

@ -53,6 +53,7 @@
<Compile Include="Interop\PipeManager.cs" />
<Compile Include="Native.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="NativeStructs.cs" />
</ItemGroup>
<ItemGroup />
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />