2. Tech
  3. SPI intercepting network package (DLL)

SPI intercepting network package (DLL)

xiaoxiao2021-03-06  13

#include #include #include

#pragma comment (lib, "ws2_32.lib") /// Used to save system service provider path information Custom registry key value // # define reg_install_key "System // CurrentControlset // Services // Winsock2 //// MySPI "

/// / global variable, used to save system service providers 30 service function pointers // wspproc_table nextproctable; char Tempfile [256]; char Winpath [256];

void GetRightEntryIdItem (IN WSAPROTOCOL_INFOW * pProtocolInfo, OUT TCHAR * sItem) {if (pProtocolInfo-> ProtocolChain.ChainLen <= 1) {sprintf (sItem, "% u", pProtocolInfo-> dwCatalogEntryId);} else {sprintf (sItem, " % u ", pprotocolinfo-> protocolchain .chainentries [pprotocolinfo-> protocolchain.chainlen - 1]);}}

Bool getHookProvider (in wsaprotocol_infow * pprotocolinfo, out tchar * spathname) {tchar sitem [21]; getRighTryidItem (PprotocolInfo, Sitem);

HKEY HSUBKEY; DWORD ULDATELENTH = Max_Path; Tchar Stemp [MAX_PATH];

(! RegOpenKeyEx (HKEY_LOCAL_MACHINE, REG_INSTALL_KEY, 0, KEY_ALL_ACCESS, & hSubkey) = ERROR_SUCCESS) if return FALSE; if (RegQueryValueEx (hSubkey, sItem, 0, NULL, (BYTE *) sTemp, & ulDateLenth) || ExpandEnvironmentStrings (sTemp, sPathName, ulDateLenth ) == 0) RETURN FALSE; if (Spathname [0] == '/ 0' && STEMP [0]! = '/ 0') STRCPY (SpathName, STEMP); RegcloseKey (HSubkey);

Return True;}

SOCKET WSPAPI WSPSocket (int af, int type, int protocol, LPWSAPROTOCOL_INFOW lpProtocolInfo, GROUP g, DWORD dwFlags, LPINT lpErrno) {return NextProcTable.lpWSPSocket (af, type, protocol, lpProtocolInfo, g, dwFlags, lpErrno);} BOOL WINAPI DllMain (Hinstance Hmodule, DWORD UL_REASON_FOR_CALL, LPVOID LPRESERVED) {if (ul_reason_for_call == dll_process_attach) {} else if (ul_reason_for_call == dll_process_detach) {}

Return True;}

int WSPAPI WSPStartup (WORD wVersionRequested, LPWSPDATA lpWSPData, LPWSAPROTOCOL_INFOW lpProtocolInfo, WSPUPCALLTABLE upcallTable, LPWSPPROC_TABLE lpProcTable) {TCHAR sLibraryPath [512]; LPWSPSTARTUP WSPStartupFunc = NULL; HMODULE hLibraryHandle = NULL; INT ErrorCode = 0;

if (! GetHookProvider (lpProtocolInfo, sLibraryPath) || (hLibraryHandle = LoadLibrary (sLibraryPath)) == NULL || (WSPStartupFunc = (LPWSPSTARTUP) GetProcAddress (hLibraryHandle, "WSPStartup")) == NULL) return WSAEPROVIDERFAILEDINIT;

IF ((ErrorCode = WspstartupFunc (WversionRequested, LPWSPData, LPPROTOCOLINFO, UPCALLTABLE, LPPROCTABLE)) RETURN ErrorCode; NextPROCTABLE = * LPPROCTABLE D;

LPPROCTABLE-> LPWSPSOCKET = Wspsocket;

Return 0;}

转载请注明原文地址:https://www.9cbs.com/read-47818.html

9cbs

New Post(0)