[C ා] use EasyHook to inject WS2 ා 32.dll to implement send and recv to intercept data packets

Foreword:

Four years ago, because I wanted to get the help of a game, I went into programming. At the beginning, I was still using easy language, and then I became addicted to programming. A few days before the middle school entrance examination, people were holding English books and Chinese, and I was there to memorize them. Only I was reading the book "Introduction to C + + is very simple" every day in the classroom (although I haven't read C + in four years, I haven't yet started yet).

      Later, baidu found that Yi language can do it. It can intercept data with a module. Later, it released some auxiliary source code on the Internet. I changed one with Yi language by using this source code. Although I did, I didn't write it myself. Later, for some reasons, I didn't touch it for several years. I studied PHP and Yi language with my heart until the beginning of 19 To c, because looking at c and easy language is very similar, then I began to study this. Slowly, I thought of the assistant that I didn't finish four years ago, and then I started to look up Baidu's data. As a result, I found a c that I couldn't do. I could only call the dll of c + +, and then I gave up, and began to learn c and java at school.

Until a few days ago, I saw that flash player didn't provide it in December this year, and I happened to inject it in the whole remote, and then I picked it up again. After writing it, I found that there were dozens of lines of code, which was not as difficult as I thought.

1, Install EasyHook

Installing from within visual studio with NuGet

2, Components

1.WinForm window

2.webBrowser

3, CPP.cs(Hook injection class)

A few pieces of code, changed for three days, always reported inexplicable errors, either the port could not be opened, or the c + + injection failed

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Threading.Tasks;

namespace Hook
{
    public class CPP
    {

        int hModule = 0;
        public CPP() {
            //First, load the ws2_32.dll in. If I can't find the error, I don't know why. It's ok if I don't add this one the other day
            hModule = LoadLibrary("WS2_32.dll"); //Take module handle   
        }

        [DllImport("kernel32.dll", EntryPoint = "LoadLibrary")]
        public static extern int LoadLibrary(
            [MarshalAs(UnmanagedType.LPStr)] string lpLibFileName);

        [DllImport("kernel32.dll", EntryPoint = "GetProcAddress")]
        public static extern IntPtr GetProcAddress(int hModule,
            [MarshalAs(UnmanagedType.LPStr)] string lpProcName);

        [DllImport("kernel32.dll", EntryPoint = "FreeLibrary")]
        public static extern bool FreeLibrary(int hModule);
      
       //Import recv and send functions in WS2 ﹣ 32

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
        static extern int recv(int socket, IntPtr buffer, int length, int flags);
        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
        static extern int send(int socket, IntPtr buffer, int length, int flags);
   
        //Matching delegates to recv and send
        [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
        delegate int RecvHook(int s, IntPtr buf,int length,int flags);
        [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
        delegate int SendHook(int s, IntPtr buf, int length, int flags);
       

       //The function of Recv after Hook seems to stick
        static private int Recv(int s, IntPtr buf, int length, int flags)
        {
         
            byte[] ys = new byte[length];
            Marshal.Copy(buf, ys, 0, length);
            String hex = "";//Hexadecimal packet content
            int ia = 0;
            foreach (byte n in ys)
            {
                    hex += n.ToString("X2")+" ";
            }
            
            //Console.WriteLine(length) ;
            Thread.Sleep(10);
            int res = recv(s, buf, length, flags);
            if (res == -1) //SOCKET_ERROR
                return res;
           
            return res;
        }
        //Send function after Hook
       static private int Send(int s, IntPtr buf, int length, int flags)
        {
            int res = send(s, buf, length, flags);
            if (res == -1) //SOCKET_ERROR
                return res;
            byte[] ys = new byte[length];
            Marshal.Copy(buf, ys, 0, length);
            String hex = "";  //Hexadecimal packet content
            foreach (byte n in ys)
            {
                // Console.WriteLine("c");
                hex+=n.ToString("X2");
            }
           
            return res;
        }


        //Hook the current process
        public static void Install(String uni) {
            IntPtr Beep = EasyHook.LocalHook.GetProcAddress("WS2_32.dll", uni);
            //Hang Recv
            if (uni.Equals("recv"))
            {
                RecvHook RecvHook = new RecvHook(Recv);
                EasyHook.LocalHook.Create(Beep, RecvHook, null).ThreadACL.SetInclusiveACL(new int[] { 0 });
            }
            else {
            //Hang Send
                SendHook SendHook = new SendHook(Send);
                EasyHook.LocalHook.Create(Beep, SendHook, null).ThreadACL.SetInclusiveACL(new int[] { 0 });
            }
        }
    }
}

4, Form1.cs

The component is the webBrowser, and then set the url to start the project directly

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace Hook
{
    public partial class Form1 : Form
    {
      
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
           //Just hook up
            CPP.Install("recv");
            CPP.Install("send");
            
          
        } 
    }
}

Legacy problem: Recv always intercepts more than 60000 packets (data returned by my target). The first one is very long, but the last one is very long

Can intercept SEND package

 

Published 5 original articles, won praise 3, visited 8732
Private letter follow

Tags: Programming socket PHP Java

Posted on Sun, 15 Mar 2020 04:06:10 -0700 by The Chancer