atfeel 2015-12-24 02:02 采纳率: 40%
浏览 1554
已采纳

C# 同时勾send 和 recv ,代码出错在哪里?

下面的代码,同时安装勾子会出错,现在的代码只能勾一个函数
private void Form1_Load(object sender, EventArgs e)
{
send_Hook.Install("ws2_32.dll", "send", Marshal.GetFunctionPointerForDelegate(new sendCallback(sendProc)));
send_Hook.Install("ws2_32.dll", "recv", Marshal.GetFunctionPointerForDelegate(new recvCallback(toProc)));
}
怎么才能即可接截Send,也可Recv

这里是完整代码

 using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

using System.Collections;
using System.Runtime.InteropServices;
using api_hook;


namespace api_hook_封包学习
{
  public partial class Form1 : Form
  {
  [DllImport("ws2_32.dll")]
  static extern int send(int s, byte[] buf, int len, int flag);

  [DllImport("ws2_32.dll")]
  static extern int recv(int s, byte[] buf, int len, int flag);

  APIHOOK send_Hook = new APIHOOK();
  delegate int sendCallback(int s, IntPtr buf, int len, int flag);
  delegate int recvCallback(int s, IntPtr buf, int len, int flag);
  public Form1()
  {
  InitializeComponent();
  }

  private void Form1_Load(object sender, EventArgs e)
  {
  send_Hook.Install("ws2_32.dll", "send", Marshal.GetFunctionPointerForDelegate(new sendCallback(sendProc)));
  send_Hook.Install("ws2_32.dll", "recv", Marshal.GetFunctionPointerForDelegate(new recvCallback(toProc)));
  }

  int sendProc(int s, IntPtr buf, int len, int flag)
  {
  byte[] buffer = new byte[len];
  Marshal.Copy(buf, buffer, 0, len); //读封包数据,读取后可进行条件修改,拦截,转发等,记得处理后调用发送   
  send_Hook.Suspend(); //暂停拦截,转交系统调用   
  int ret = send(s, buffer, len, flag); //发送数据,此处可进行拦截
  send_Hook.Continue(); //恢复HOOK   
  return ret;
  }
  int toProc(int s, IntPtr buf, int len, int flag)
  {
  byte[] buffer = new byte[len];
  Marshal.Copy(buf, buffer, 0, len); //读封包数据  
  send_Hook.Suspend(); //暂停拦截,转交系统调用   
  int ret = recv(s, buffer, len, flag); //发送数据,此处可对包进行处理操作
  send_Hook.Continue(); //恢复HOOK   
  return ret;
  }
  private void button1_Click(object sender, EventArgs e)//按下时加载网页进行测试数据
  {
  webBrowser1.Navigate("http://baidu.com");
  }  
  }
//APIHOOK关键代码类
  public class APIHOOK
  {
  #region Api声明
  [DllImport("Kernel32.dll", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi)]
  static extern IntPtr GetModuleHandle(
  string lpModuleName
  );
  [DllImport("Kernel32.dll")]
  static extern bool VirtualProtect(
  IntPtr lpAddress,
  int dwSize,
  int flNewProtect,
  ref int lpflOldProtect
  );
  [DllImport("Kernel32.dll", EntryPoint = "lstrcpynA", CharSet = CharSet.Ansi)]
  static extern IntPtr lstrcpyn(
  byte[] lpString1,
  byte[] lpString2,
  int iMaxLength
  );
  [DllImport("Kernel32.dll")]
  static extern IntPtr GetProcAddress(
  IntPtr hModule,
  string lpProcName
  );
  [DllImport("Kernel32.dll")]
  static extern bool FreeLibrary(
  IntPtr hModule
  );
  #endregion
  #region 常量定义表
  const int PAGE_EXECUTE_READWRITE = 0x40;
  #endregion
  #region 变量表
  IntPtr ProcAddress;
  int lpflOldProtect = 0;
  byte[] OldEntry = new byte[5];
  byte[] NewEntry = new byte[5];
  IntPtr OldAddress;
  #endregion
  public APIHOOK() { }
  public APIHOOK(string ModuleName, string ProcName, IntPtr lpAddress)
  {
  Install(ModuleName, ProcName, lpAddress);
  }
  public bool Install(string ModuleName, string ProcName, IntPtr lpAddress)
  {
  IntPtr hModule = GetModuleHandle(ModuleName); //取模块句柄   
  if (hModule == IntPtr.Zero) return false;
  ProcAddress = GetProcAddress(hModule, ProcName); //取入口地址   
  if (ProcAddress == IntPtr.Zero) return false;
  if (!VirtualProtect(ProcAddress, 5, PAGE_EXECUTE_READWRITE, ref lpflOldProtect)) return false; //修改内存属性   
  Marshal.Copy(ProcAddress, OldEntry, 0, 5); //读取前5字节   
  NewEntry = AddBytes(new byte[1] { 233 }, BitConverter.GetBytes((Int32)((Int32)lpAddress - (Int32)ProcAddress - 5))); //计算新入口跳转   
  Marshal.Copy(NewEntry, 0, ProcAddress, 5); //写入前5字节   
  OldEntry = AddBytes(OldEntry, new byte[5] { 233, 0, 0, 0, 0 });
  OldAddress = lstrcpyn(OldEntry, OldEntry, 0); //取变量指针   
  Marshal.Copy(BitConverter.GetBytes((double)((Int32)ProcAddress - (Int32)OldAddress - 5)), 0, (IntPtr)(OldAddress.ToInt32() + 6), 4); //保存JMP   
  FreeLibrary(hModule); //释放模块句柄   
  return true;
  }
  public void Suspend()
  {
  Marshal.Copy(OldEntry, 0, ProcAddress, 5);
  }
  public void Continue()
  {
  Marshal.Copy(NewEntry, 0, ProcAddress, 5);
  }
  public bool Uninstall()
  {
  if (ProcAddress == IntPtr.Zero) return false;
  Marshal.Copy(OldEntry, 0, ProcAddress, 5);
  ProcAddress = IntPtr.Zero;
  return true;
  }
  static byte[] AddBytes(byte[] a, byte[] b)
  {
  ArrayList retArray = new ArrayList();
  for (int i = 0; i < a.Length; i++)
  {
  retArray.Add(a[i]);
  }
  for (int i = 0; i < b.Length; i++)
  {
  retArray.Add(b[i]);
  }
  return (byte[])retArray.ToArray(typeof(byte));
  }
  }
}
  • 写回答

1条回答 默认 最新

  • 普通网友 2015-12-24 04:13
    关注

    是因为你的ws2_32.dll里面已经封装了Recv的方法,当你加载第二个的时候冲突了。也就是函数冲定义

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 暴力法无法解出,可能要使用dp和数学知识
  • ¥15 wpf通过绑定控件自身的值,来实现背景颜色的切换
  • ¥15 CDH6.3 运行hive -e hive -e "show databases;"报错:hive-env.sh:行24: hbase-common.jar: 权限不够
  • ¥15 SSRS制作的报表打开报错,无法正常显示网页
  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系