Yesterday, I suddenly couldn't access any websites, but QQ was still working properly ~~~~~ `Well, definitely DNS has a problem ~~
use the traceroute you have to look at it, 6 gateways work normal ~~~ is indeed DNS bad ~~
^ _ ^
search Baidu, download TCP / IP detailed 2 volumes ~~ There is no one can be under ... Also, Trojan ~~~~` fainted!
But there is a gain! Found the DNS list of major cities in the country!
It seems that only yourself! Good in Iris. However, only 10 days left during the trial period! Oh, caught ... It turned out to be like this: Windows sent a UDP package to DNS. Of course, there is 'www.xxx.com', then the DNS server returns a UDP package containing the IP address, we The job is to decompose this package ~~~~~
The port of the DNS server is 53. The Query Package format is accepted as follows:
PDOMAINQUERY = ^ YDOMAINQUERY;
YDOMAINQUERY = Record
U16ID: Word; // Arbitrary
U16flag: word; // $ 0100; // Standard query
U16Question: Word; // 1
U16answer: word; // 0
U16Author: word; // 0
U16Addition: word; // 0
U8secb: byte; // section begin
U8sece: byte; // section end
U16TYPE: WORD; // 1
U16Class: Word; // 1
End;
We fill this package this:
ProCedure FillDomainQuery (PDQ: PDomainQuery; Saddr: String);
Var
PDATA, PTEMP: PCHAR;
I, Cblen: Integer;
PU16: PWORD;
Begin
Fillchar (PDQ ^, Sizeof (YDomainQuery) Length (Saddr), 0);
PDQ ^ .U16ID: = HTONS (DNS_ID);
Pdq ^ .u16flag: = HTONS (DNS_Stand_Query);
PDQ ^ .u16question: = HTONS (DNS_Question);
//Pdq^.u16ambwer: = 0; //pdq ^.u16author: = 0; //pdq ^.u16addition: = 0;
/ / Initialization domain data buffer
Cblen: = Length (SADDR) 2;
PDATA: = Allocmem (Cblen);
INC (PDATA);
Move (Saddr [1], PDATA ^, Length (Saddr));
DEC (PDATA);
// Fill domain data buffer
PTEMP: = PDATA;
= pOS ('.', Saddr); //www.baidu.com --- EXAMPLE
While i> 0 do
Begin // i = 4; i = 6
PTEMP ^: = CHR (I-1); // 3 5 Inc (PTEMP, I); // ^ ^
Delete (saddr, 1, i); //s='baidu.com '; s =' com '
I: = POS ('.', Saddr);
End;
PTEMP ^: = CHR (Length (Saddr)); // s = 'COM'
INC (PTEMP, Length (Saddr) 1);
PTEMP ^: = # 0;
/ / Copy the domain name to PDQ ^ .u8secb
PTEMP: = @ PDQ ^ .u8secb;
Move (PDATA ^, PTEMP ^, Cblen);
FreeMem (PDATA);
/ / Finally fill in Type / Class
PU16: = PWORD (PTEMP CBLEN);
PU16 ^: = HTONS (DNS_TYPE_HOST);
INC (PU16);
PU16 ^: = HTONS (DNS_CLASS_INET);
Alien;
Var
PDQ: pdomainquery;
PDQ: = Allocmem (Sizeof (YDomainQuery) length (edtdomain.text);
FillDomainQuery (pdq, edtdomain.text);
Udp.sendbuf (PCHAR (PDQ), Sizeof (YDomainQuery) Length (EdTdomain.Text));
~ ! !
Function decodeMainanwser (PBUF: PCHAR; LEN: Integer): String;
Var
P: pchar;
W: word;
J: integer;
S1, S2, S3, S4: STRING
Begin
P: = PBUF; J: = 0;
Result: = 'TransactionId:' INTOSTR (PWORD (P) ^) # 13 # 10;
INC (p, 2); Inc (j, 2);
Result: = Result 'response flag:' Format ('% x', [NTOHS (P) ^)]) # 13 # 10;
IF NTOHS (PWORD (P) ^) <> dns_stand_resten
Begin
= result 'response error ...' # 13 # 10;
Exit;
End;
INC (p, 2); Inc (j, 2);
Result: = Result 'Question:' INTOSTR (NTOHS (P) ^)) # 13 # 10;
INC (p, 2); Inc (j, 2);
Result: = Result 'Answer:' INTOSTR (NTOHS (P) ^)) # 13 # 10; Inc (p, 2); INC (J, 2);
Result: = Result Authority: ' INTOSTR (NTOHS (P) ^)) # 13 # 10;
INC (p, 2); Inc (j, 2);
Result: = Result 'Addition:' INTOSTR (NTOHS (pword (p) ^)) # 13 # 10;
INC (p, 2); Inc (j, 2);
W: = byte (p ^);
While W> 0 Do / / Skip DNS Host Returns the domain name to query
Begin
INC (p, w 1); INC (J, W 1);
W: = byte (p ^);
End;
INC (P); inc (J);
INC (P, 4); Inc (J, 4); // Type / Class
INC (p, 6); Inc (j, 6); // Name / Type / Class
INC (p, 4); INC (j, 4); // TIME
W: = NTOHS (PWORD (P) ^); // Get data length
INC (p, 2); Inc (j, 2); / / to the real data address
INC (p, w); inc (J, W);
INC (p, 10); inc (J, 10);
INC (p, 2); Inc (j, 2);
S1: = INTOSTR (Byte (p ^)); inc (p); inc (j);
S2: = INTOSTR (byte (p ^)); inc (p); inc (j);
S3: = INTOSTR (Byte (p ^)); inc (p); inc (j);
S4: = INTOSTR (Byte (p ^)); inc (p); inc (j);
= result 'ip:' s1 '.' S2 '.' S3 # 13 # 10;
IF LEN Exit; INC (p, 6); // Name / Type / Class INC (p, 4); // time INC (p, 2); / / to arrive at the real data address S1: = INTOSTR (Byte (p ^)); Inc (P); S2: = INTOSTR (Byte (p ^)); inc (P); S3: = INTOSTR (Byte (p ^)); inc (P); S4: = INTOSTR (Byte (p ^)); = result 'ip:' s1 '.' S2 '.' S3 # 13 # 10; Alien;
