Use VC # to make multithreaded TCP Connect scanner
(Author: mikespook | Date: 2003-8-24 | Views: 250)
Keywords: network, c #, scanning, multi-threaded this article has submitted "hacker security base". The article is "hacker safety base", and it is not necessary to reprint without the "hacking security base". Thank you for your cooperation! If you want to know what service provides the other party, what tool is your most common? That's right! scanner. Now there are hundreds of kinds of scanners. From the very early Haktek (this is not the earliest scanner, but the first scanner you see.) To the current X-Scan. China's foreign, countless. Today I am going to teach big houses with VC # to make their own multi-threaded scanner. First, the principle of the scanner is briefly introduced to X-SCAN as an example. I want X-scan everyone to use it? Haven't used it? (Oh, you have been using the scanner you have done. You turn the next page, this page is watching.) X-Scan is set to the host address and port range. Another one is TCP or SYN scanning method. There is no good explanation of the host address and port range. The key is to scan mode in this TCP / SYN. TCP scanning or TCP Connect scan is the most basic scanning method that connects to a complete TCP protocol. When the connection is successful when the host is connected, it is turned off to the next port attempt to join success. Try this repeatedly until all port scans are completed. The TCP Connect Scanner is also very simple, and the scanning speed is fast and does not require special permissions (herein, this article does not involve this.). But TCP Connect scans has a maximum shortcomings. It is easy to detect, and the preferred host may also filter it. The system log will record it. SYN scan is also called semi-scan, in fact, the three handshakes of TCP do not complete the last time. A connection request is issued while connecting. When receiving the host feedback SYN signal, it is to turn to the next port when the connection signal is allowed, and the connection confirmation is not sent. This is actually not connected to the host without being recorded. Make up the shortcomings of TCP Connect. However, it is necessary to add this that most servers will now record this connection because SYN scans is too popular. Here I want to explain why I want to use VC # to do development tools. C # may not be at all in many masters. But C # is a language that is relatively balanced in development efficiency and operational efficiency. The VC # development environment makes it the advantage of being exhausted. Plus the powerful support of the .NET class library, it is very suitable for beginners to start using it quickly. It's better to talk nonsense. Let's start making your own TCP Connect scanner. Construction of a Windows application in VC #, named Scantest. In the following description, the content in parentheses is the property setting of the control. Add a button on the form (Name: btnscan text: Scan), a text box (Name: txtip), two NuMericUpdown controls (Name1: Numportmin Value1: 1 Maximum1: 65535 Minimum1: 1 Name2: Numportmax Valude2: 1024 Maximum1: 65535 Minimum1: 1), ListBox (Name: lbResult) for displaying scan results. As shown in Figure 1: Figure 1 is designed with the program interface, starting the coding below. Since it is necessary to TCP Connect Scanner, it will not be supported by the TCP connection library.
Here we mainly use two class system.net.Ipaddress and system.net.sockets.tcpclient. You have to include the namespace where the two classes are located in your form .cs file. As follows: use system.net; use system.net.sockets; these two classes are very powerful, but we only use one of them. If you are interested, you can check MSDN to learn more. Add a method isportopen in the form of the form. As follows: public bool isPortOpen (string ip, int port) {try {TcpClient client = new TcpClient (); // Create an instance of TcpClient IPAddress address = IPAddress.Parse (ip); // conversion type string to the IP address IPAddressclient. Connect (address, port); // Connect the server address port client.close (); // Connection successfully disconnect Return true; // Return true, connection success} Catch (Exception E) // Connection failed TCPCPCLIENT class Throw an exception, capture {return false; // Return False, connection failed}} This method is simple, such as adding the following code in BTnscan's Click event: private void btnscan_click (Object sender, system.eventargs e) { IF (this.isportopen ("127.0.0.1")) LBRESULT.ITEMS.ADD ((Object) "Local Computer 80 Port Connection"); elselbResult.Items.Add (Object) "Local Computer 80 port connection failed ");} Click this button on the form to check if the 80 port of the local computer is open. Now, you have begun to your goal. This just checks if a port is open, and cannot control which computer is checked. Well, do such modifications to the above code: private void btnscan_click (object sender, system.eventargs e) {for (int i = (int) number numportmin.value; i <= (int) Numportmax.Value; i ) IF ( This.isportopen (txtip.text, i)) LBRESULT.ITEMS.Add ((Object) (txtip.text ": i.toTRING () " Port connection success ")); elselbresult.items.add ((Object) (txtip.text ":" i.tostring () "Port connection failed"))); // Generally speaking, the scanner does not record ports that fail to fail, here is just to demonstrate} compilation operation project, in the text box TXTIP is filled in your target address, such as "127.0.0.1" or "192.168.1.14" what. Then set the values of Numportmin and Numportmax, such as 50 and 100, indicating that the port from 50 to 100 is scanned. I suggest that these two values are not too big, or you have to be patient. Behind I will explain why. Then click on the button BTNScan. The program did not respond! ! ! ! As long as you don't set a scanner range to be too large, a slightly wait for a few seconds will display the scan results. Well, is it very excited? You can scan any range of ports of a computer.
Wait, don't worry experiment. We still have a serious problem without resolution: the program interrupt response! Why is this so? In fact, it is very good to explain: Here we use a loop. When you click on the BTNSCAN division Click event, the program enters this loop. Continue until the loop execution end program will continue. Well, I know why, let's take a look at how to solve this problem. Let me talk about the preparation you have to do. First let your form. CS file contains system.threading this name space. The content under this name space is to control the wire. Then add such a field in the form class: threadstart threadstart; thread thread; add the thread constructed in the form of the form, as follows: public frmmain () {INITIALIZECMAINENT (); threadstart = new threadstart (ScantHread); // You have to add this two thread = new thread (threadstart);} ScantRead is a method you want to add. This method must be no parameters, the return value is VOID. Put the code in the Click event of the button btnscan just now: public void scantread () {for (int i = (int) number Numportmin.Value; i <= (int) Numportmax.Value; i ) {IF (this.Isportopen (txtip.text, i)) LBRESULT.ITEMS.ADD ((Object) (txtip.text ":" i.toTString () "Port connection success"))); / * elselbresult.Items.add ((Object) (txtip.text ":" i.toTRING () "Port connection failed")); we only record ports that are successful, so I block these code. But in order to let everyone see more clearly, I retain these comments. * / this.text = "Scantest is scanning port:" i.to.tostring (); // This is not available here, just to make you see more clear. }} Modify the code of the Click event of the Button BTNScan: private void btnscan_click (object sender, system.eventargs e) {if (thread.threadstate.equals (threadstate.Running)) // Decision thread has been run {thread.abort () // Interrupt thread runs btnscan.text = "scan";} else {thread.start (); // Start thread run btnscan.text = "stop";} Now compiling the project, look at the effect. We can understand the progress of scanning and programs no longer stop responding. Ha, awesome! Is it completed? NO! ! ! This is not multithreading, and you only create a thread to scan one-by-one. So continue our work. "Take It Easy! You will see new york." Before we create multi-thread scan, there is a problem to resolve: Because we can't call the thread function with the parameter pass, let the thread know which port of the scan is a very The key question. Yes, use public variables. Let's take a relatively large transformation of the program.
First, modify the thread declaration in the form class as follows: ThreadStart threadStart; thread [] thread; and add two shaping fields to the form class: int port; // The portMax currently being scanned INT portmax; // Scan port largest The code in the form constructor is modified as follows: public frmmain () {INITIALIZECMOMPONENT (); threadstart = new threadstart (scant = new thread [10]; // Setting Using 10 Thread for (INT I = 0; I <10; i ) // Use cyclic initialization 10 thread {thread t = new thread (threadstart); thread [i] = t;}} Since it is multi-thread, then the thread and stop thread are of course Single thread is not only the same: private void btnscan_click (object sender, system.eventargs e) {if (btnscan.text.equals ("scan")) // Here I am lazy, good programs should not write {portmax = INT) NumportMax.Value; // Here, thread execution required variable port = = = = = = = = (int) Numportmin.Value; for (int i = 0; i <10; i ) // is still using loop execution thread Thread [i] .Start (); btnscan.text = "stop";} else {for (int i = 0; i <10; i ) // This is still using loop stop thread Thread [i] .Abort (); Btnscan.text = "Scan";}} It's ok, now you need to make the most critical functions Scanthread's transformation, please carefully understand my annotation: public void scantread () {loc (this) // Here is to avoid Repeat the same port, set the execution as a critical area below, which means that only one thread can execute the code of the critical area at the same time. {While (port <= portmax) // This is not used here, because Port is incremented by one by one. {IF (Txtip.Text, Port) LBRESULT.ITEMS.ADD ((Object) (txtip.text ": port.toString () " Port connection success ")); / * elselbResult.Items .Add ((object) (txtip.text ": i.toTRING () " Port connection failed ")); we only record ports that are successful, so I block these code. But in order to let everyone see more clearly, I retain these comments. * / this.text = "Scantest is scanning port:" port.toString (); port ;}}} has a critical area, multi-threaded execution, no conflict. A very good code. Run a look? (... "long wait ...)" Do you make sure this is multi-thread? "Maybe there will be a reader to finally don't help but ask. Yes, this is indeed multi-threaded. But our code has problems! ! ! The speed of scan is very slow. Everyone noticed that my critical area is the entire scan function. Then there is only one thread to perform a scan at the same time.
Although we set a multi-thread, the execution speed will not be much faster than the single thread. Even slower (if you count the time of thread switching). How to do? First, let's see why this critical area is set to resolve this multi-thread execution. If there is no critical area, it may be a thread when it is running to the execution IF (Txtip.Text, Port)). Your port is skipped, no scan. We must put the operations of the variable port in the critical area. Ensure that a thread uses a variable port or an additional thread must wait. The above ScantRead function is very good to meet this requirement. However, because the code detected by the port is also placed in the critical area, there is only one thread to operate when the port is detected. Know the problem, then start the brain to solve the problem. Now put the operation of the variable port in the critical area. At the same time, it is also necessary to put the ISPORTOPEN's operation outside of the critical area so that the multi-thread is scanned. Then the new ScantHread function is generated: public void scantread () {while (true) // We let the loop always do {int nowport; // The port that is really scanned, this is a local variable Lock (this) // into the critical Area {if (port> portmax) return; // When the scan to the maximum port, terminate the ELSE {nowport = port; / / otherwise set the true scan port port ; // jump to the next port}} // Outboundation IF (this.isportopen (txtip.text, noport) // Please note that the NOWPROT variable I use here. At this time, other threads don't affect the detection of the variable port, and NOWPORT is a local variable, not affected by other threads LBRESULT.ITEMS.ADD ((Object) (Txtip.Text ":" NOWPORT.TOSTRING () "Port connection success"))))); / * elselbresult.items.add (txtip.text ": i.tostring () " Port connection failed ")); We only record port successful ports, So I shield these code. But in order to let everyone see more clearly, I retain these comments. * / this.text = "Scantest is scanning port:" nowport.toString ();}} Now you need to compile and run it? Is it a lot of speed? At this point, a standard multi-threaded TCP Connect scanner is done. Here I have to add a few more brief description (in the way, more deceived fees, 嘿 ~). 1. C # itself is not very fast, so the speed of this scanner is definitely more than the scanner created by C / C . 2. Here I don't make the user to set the number of threads in the thread like X-Scan. But I think this is no longer a problem. (Tip: You can control the number of threads to the constructor, add some controls, and re-adjust the adjustment code.) 3. Although just scanning a computer's port. But how to scan multiple hosts I want a smart reader already have an answer. (When you change the host address, it is not difficult to change your port?) In fact, a good scanner should have a lot of functions, such as what is detected by vulnerabilities. But knowing that these functions should not be a problem. The scanned open port is possible to send a particular data to check both. I wish you all a happy.
