【干活】关于拦截封包的两个不同版本的recv函数

于 2021-03-18 12:17:11 发布
阅读量996 收藏
点赞数 1
分类专栏: VB6.0程序制作
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/i735740559/article/details/114972272
版权

wsock32.dll 和 ws2_32.lib 里面都有 recv这个函数 功能是一样的,只是函数地址不一样,hook的时候要注意。二选一吧。

#pragma comment(lib,“wsock32.lib”)

#pragma comment(lib,“ws2_32.lib”)


#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include "detours.h"


#pragma comment(lib,"detours.lib")

#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))


//以下是HOOK需要的头文件

//#include <winsock2.h>
//#include <MSWSock.h>

#pragma comment(lib,"wsock32.lib") //wsock32.lib  ws2_32.lib
// 注意这个HOOK 是 hook  wsock32.dll 的  recv 还是 ws2_32.lib 的 recv

#include <string.h>
#include<iostream>
using namespace std ;



 int   (WINAPI  * TrueRecv)  (SOCKET s,char FAR *buf,int len,int flags)=recv;




int nc = 0;









 int GetByte(char  FAR * adr  )
 {
 char tk[2000]="";
int i = 0;
 int len =   strlen( adr);  


  char tem[250];
  
    for (i=0; i<len; ++i)  //++是自加的意思, ++i相当于i = i + 1
    {

        sprintf (tem," 0x%X",*(byte*)adr);

		strcat(tk,tem);
           

          adr=adr+1;
        
    }

  OutputDebugStringA  (tk);
 
 return 0;
 }




char  ByT[1000] ="";
 int  WINAPI TimedRecv(SOCKET s,char FAR *buf,int len,int flags)
{


int ret=0;






/*

  char tem[50000]="";

if   ( len==4096) // 判断 封包长度为 4096 
{

//	OutputDebugStringA(  buf  ); 

   sprintf(tem, "%s",buf );
   std::string str1=tem; 
   int pos1=str1.find("<CU_T>");   //  <CU_T>11:22:56</CU_T>
   int pos2=str1.find("</CU_T>");  //  <CU_T>11:22:56</CU_T>
   
    if  ( pos1>0  &&   pos2>0 )
	{
		  int  subPos=pos2-pos1;
          std::string str2=str1.substr(pos1+6,subPos-6); 
          OutputDebugStringA(  str2.c_str()  ); // 工具DbgView 查看 输出的时间
          //SetWindowTextA(hwd, str2.c_str()  ) ; // 把时间显示到窗体标题上
	}



}


*/


  //OutputDebugStringA(  "接收到封包" ); 



ret =  TrueRecv(s,buf,len,flags);



//nc = nc +1;




int  lenEx = strlen(buf);



 char tem[1000]="";
 sprintf(tem, "封包长度A %d  封包长度B %d ",   lenEx, len );





  OutputDebugStringA( tem );

//  GetByte (buf);





/*



if (lenEx == 1)
{
	  OutputDebugStringA(  "修改数据包1" );
  BYTE  buff3[1] =
  {
  0x21
 };

  memcpy (buf, buff3,1);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}

if (lenEx ==336)
{
	  OutputDebugStringA(  "修改数据包1" );
  BYTE  buff3[336] =
  {
 
0x6B,0x73,0x73,0x64,0x61,0x74,0x61,0x30,0x3A,0x7C,0x3A,0x31,0x39,0x30,0x39,0x33,0x30,0x3A,0x7C,0x3A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x3A,0x7C,0x3A,0x77,0x55,0x6F,0x69,0x55,0x67,0x77,0x70,0x6B,0x41,0x5A,0x31,0x61,0x72,0x79,0x38,0x2B,0x74,0x6E,0x51,0x68,0x65,0x6E,0x65,0x31,0x62,0x71,0x43,0x64,0x30,0x72,0x68,0x71,0x79,0x39,0x76,0x50,0x64,0x31,0x43,0x6F,0x35,0x44,0x54,0x74,0x30,0x41,0x50,0x36,0x2F,0x50,0x68,0x62,0x41,0x4A,0x39,0x64,0x71,0x56,0x4D,0x4E,0x6A,0x58,0x58,0x56,0x6B,0x46,0x4E,0x42,0x77,0x34,0x39,0x61,0x54,0x47,0x31,0x4C,0x41,0x59,0x70,0x6B,0x43,0x69,0x77,0x62,0x68,0x54,0x57,0x41,0x75,0x68,0x38,0x6D,0x6A,0x66,0x51,0x57,0x4A,0x46,0x61,0x2B,0x44,0x79,0x65,0x31,0x47,0x59,0x53,0x30,0x50,0x50,0x57,0x47,0x33,0x50,0x77,0x61,0x62,0x4F,0x32,0x32,0x53,0x71,0x48,0x61,0x2B,0x51,0x62,0x47,0x70,0x42,0x54,0x65,0x32,0x51,0x4B,0x36,0x61,0x46,0x70,0x44,0x6E,0x79,0x74,0x48,0x36,0x39,0x61,0x30,0x66,0x38,0x41,0x6D,0x6D,0x79,0x37,0x50,0x68,0x38,0x51,0x47,0x33,0x68,0x62,0x51,0x42,0x6D,0x59,0x68,0x66,0x4B,0x4C,0x62,0x45,0x69,0x38,0x74,0x2F,0x34,0x4C,0x4E,0x57,0x6D,0x70,0x78,0x47,0x37,0x6C,0x2B,0x49,0x44,0x54,0x4F,0x69,0x67,0x62,0x78,0x79,0x64,0x6A,0x76,0x2B,0x6E,0x35,0x4B,0x74,0x2B,0x77,0x35,0x4E,0x4C,0x62,0x75,0x79,0x49,0x6D,0x54,0x4D,0x6E,0x50,0x57,0x63,0x2B,0x72,0x57,0x6F,0x5A,0x57,0x63,0x59,0x52,0x63,0x48,0x55,0x41,0x4C,0x49,0x2B,0x77,0x51,0x37,0x77,0x43,0x63,0x6A,0x47,0x6C,0x2F,0x34,0x4A,0x68,0x62,0x58,0x62,0x4F,0x69,0x57,0x6B,0x4D,0x61,0x33,0x73,0x6E,0x33,0x66,0x2B,0x62,0x70,0x79,0x63,0x67,0x6F,0x65,0x67,0x57,0x56,0x65,0x57,0x4F,0x57,0x4E,0x64,0x53,0x35,0x30,0x76,0x71,0x72,0x39,0x62,0x42,0x4E,0x59,0x7A,0x54,0x4A,0x48,0x77,0x3D,0x3D,0x3A,0x7C,0x3A,0x3A,0x7C,0x3A


 };

  memcpy (buf, buff3,336);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}










if (lenEx == 284)
{
	  OutputDebugStringA(  "修改数据包1" );
  BYTE  buff3[284] =
  {
0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x64,0x49,0x64,0x77,0x67,0x68,0x37,0x64,0x36,0x6F,0x2B,0x61,0x69,0x70,0x6A,0x46,0x6F,0x34,0x39,0x59,0x7A,0x4D,0x34,0x54,0x55,0x5A,0x55,0x2F,0x5A,0x30,0x72,0x4B,0x32,0x54,0x67,0x5A,0x6D,0x30,0x51,0x56,0x41,0x4D,0x30,0x3D,0x60,0x51,0x4F,0x56,0x5A,0x7C,0x71,0x44,0x38,0x51,0x71,0x36,0x38,0x34,0x42,0x65,0x6B,0x58,0x79,0x68,0x76,0x59,0x70,0x71,0x66,0x51,0x6A,0x77,0x33,0x46,0x59,0x35,0x47,0x35,0x6F,0x36,0x5A,0x4D,0x6C,0x62,0x7A,0x36,0x43,0x49,0x7C,0x74,0x69,0x5A,0x42,0x61,0x32,0x77,0x55,0x61,0x7A,0x5F,0x5F,0x38,0x5A,0x59,0x35,0x6A,0x64,0x45,0x4C,0x73,0x59,0x5F,0x4D,0x6D,0x63,0x33,0x65,0x73,0x4A,0x72,0x51,0x4D,0x46,0x4D,0x6D,0x5A,0x4E,0x55,0x52,0x4E,0x4D,0x33,0x6C,0x38,0x5A,0x78,0x30,0x6F,0x62,0x42,0x77,0x37,0x64,0x6F,0x50,0x4C,0x50,0x42,0x5A,0x4D,0x5F,0x4E,0x74,0x6D,0x6A,0x54,0x74,0x32,0x75,0x6F,0x59,0x56,0x51,0x47,0x76,0x73,0x76,0x32,0x6A,0x43,0x69,0x72,0x61,0x4F,0x4F,0x39,0x4E,0x4C,0x76,0x46,0x4C,0x44,0x64,0x68,0x6E,0x34,0x4D,0x41,0x4C,0x69,0x5A,0x6A,0x58,0x58,0x71,0x64,0x6B,0x70,0x76,0x57,0x51,0x72,0x56,0x68,0x6C,0x63,0x43,0x42,0x5F,0x65,0x65,0x75,0x45,0x30,0x76,0x66,0x67,0x65,0x41,0x46,0x71,0x5F,0x4F,0x64,0x72,0x65,0x4B,0x77,0x53,0x47,0x4F,0x4D,0x53,0x65,0x43,0x43,0x57,0x73,0x66,0x52,0x30,0x7C,0x37,0x46,0x38,0x69,0x56,0x41,0x33,0x51,0x64,0x4A,0x7A,0x77,0x4A,0x57,0x34,0x6A,0x30,0x69,0x77,0x57,0x42,0x73,0x45,0x6A,0x74,0x6A,0x57,0x68,0x61,0x64

 };

  memcpy (buf, buff3,284);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}





if (lenEx == 104)
{
	  OutputDebugStringA(  "修改数据包2" );
  BYTE  buff3[104] =
  {
	  0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x6A,0x4C,0x4D,0x4F,0x4C,0x65,0x46,0x54,0x78,0x47,0x6E,0x6D,0x68,0x57,0x43,0x6E,0x43,0x45,0x75,0x62,0x70,0x68,0x43,0x41,0x68,0x76,0x47,0x51,0x5A,0x53,0x59,0x78,0x6C,0x71,0x56,0x63,0x76,0x75,0x39,0x52,0x38,0x50,0x51,0x3D,0x60,0x69,0x59,0x58,0x36,0x69,0x32,0x38,0x68,0x6E,0x52,0x78,0x54,0x47,0x5F,0x51,0x30,0x56,0x67,0x42,0x33,0x75,0x67,0x49,0x31,0x69,0x7C,0x5F,0x4E,0x67,0x75,0x36,0x7A,0x39,0x32,0x61,0x33,0x70,0x52,0x78,0x72,0x52,0x55,0x6B,0x33,0x64,0x32,0x35

  };

  memcpy (buf, buff3,104);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}


if (lenEx == 88)
{
	  OutputDebugStringA(  "修改数据包" );
  BYTE  buff3[88] =
  {
0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x52,0x72,0x53,0x74,0x4F,0x35,0x34,0x48,0x47,0x69,0x59,0x63,0x36,0x61,0x57,0x71,0x73,0x49,0x77,0x79,0x57,0x58,0x70,0x71,0x41,0x51,0x36,0x2B,0x43,0x54,0x35,0x35,0x6C,0x51,0x54,0x47,0x37,0x7A,0x78,0x59,0x6D,0x51,0x59,0x3D,0x60,0x6D,0x72,0x38,0x57,0x7A,0x64,0x49,0x33,0x50,0x33,0x54,0x56,0x42,0x41,0x34,0x62,0x7C,0x57,0x38,0x69,0x4E,0x72,0x75,0x75,0x51,0x77,0x5A,0x6A,0x37,0x4C,0x67

  };

  memcpy (buf, buff3,88);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}





if (lenEx == 152)
{
	  OutputDebugStringA(  "修改数据包" );
  BYTE  buff3[152] =
  {
0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x4E,0x41,0x72,0x43,0x70,0x69,0x42,0x71,0x54,0x4A,0x37,0x67,0x4D,0x71,0x57,0x31,0x61,0x53,0x48,0x35,0x5A,0x5A,0x59,0x4B,0x7A,0x41,0x56,0x63,0x52,0x66,0x6C,0x6C,0x71,0x35,0x67,0x75,0x6A,0x31,0x44,0x52,0x52,0x70,0x41,0x3D,0x60,0x5A,0x78,0x59,0x46,0x57,0x77,0x76,0x70,0x5A,0x59,0x42,0x46,0x6A,0x67,0x54,0x66,0x32,0x78,0x4B,0x46,0x36,0x34,0x50,0x54,0x6E,0x65,0x50,0x49,0x67,0x75,0x6A,0x50,0x53,0x39,0x38,0x70,0x64,0x73,0x6C,0x36,0x50,0x36,0x69,0x70,0x7A,0x31,0x76,0x73,0x41,0x56,0x4C,0x6A,0x35,0x56,0x4F,0x73,0x75,0x63,0x58,0x69,0x78,0x51,0x49,0x36,0x57,0x4F,0x57,0x44,0x33,0x67,0x76,0x30,0x57,0x42,0x54,0x50,0x48,0x73,0x56,0x33,0x48,0x4F,0x56,0x53,0x38,0x50,0x48,0x68,0x63,0x47,0x58,0x6A,0x57,0x46,0x64

  };

  memcpy (buf, buff3,152);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}



if (lenEx == 196)
{
	  OutputDebugStringA(  "修改数据包" );
  BYTE  buff3[196] =
  {
0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x64,0x42,0x54,0x35,0x49,0x52,0x35,0x59,0x59,0x73,0x4F,0x6D,0x4E,0x39,0x4C,0x72,0x58,0x70,0x55,0x61,0x76,0x30,0x4E,0x52,0x48,0x31,0x67,0x4B,0x4C,0x43,0x4F,0x52,0x2B,0x4C,0x41,0x72,0x6C,0x69,0x46,0x51,0x4A,0x61,0x41,0x3D,0x60,0x4A,0x65,0x5F,0x6B,0x67,0x62,0x73,0x46,0x45,0x51,0x54,0x4E,0x5A,0x4C,0x71,0x5A,0x31,0x37,0x70,0x7A,0x63,0x6C,0x35,0x34,0x6F,0x7A,0x50,0x4B,0x30,0x63,0x77,0x4F,0x59,0x6B,0x64,0x74,0x76,0x55,0x31,0x47,0x41,0x48,0x79,0x71,0x31,0x47,0x76,0x69,0x45,0x6D,0x36,0x57,0x39,0x6B,0x42,0x71,0x30,0x69,0x39,0x34,0x57,0x47,0x6B,0x53,0x75,0x65,0x6B,0x57,0x5F,0x47,0x44,0x59,0x67,0x56,0x62,0x53,0x52,0x33,0x74,0x55,0x64,0x47,0x62,0x5A,0x4B,0x41,0x75,0x79,0x31,0x69,0x41,0x30,0x4F,0x6B,0x41,0x72,0x33,0x4D,0x58,0x45,0x35,0x6C,0x44,0x37,0x75,0x6B,0x43,0x69,0x57,0x73,0x51,0x5F,0x39,0x6C,0x53,0x4E,0x69,0x73,0x35,0x74,0x44,0x71,0x6C,0x48,0x4A,0x6B,0x4D,0x36,0x6E,0x6C,0x33,0x75,0x36,0x30,0x47,0x71,0x30,0x4D,0x44

  };

  memcpy (buf, buff3,196);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}


if (lenEx == 184)
{
	  OutputDebugStringA(  "修改数据包" );
  BYTE  buff3[184] =
  {

	  0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x6A,0x4E,0x4A,0x59,0x61,0x4D,0x61,0x77,0x41,0x75,0x72,0x30,0x4F,0x36,0x75,0x30,0x75,0x68,0x76,0x49,0x7A,0x6E,0x74,0x48,0x7A,0x49,0x57,0x78,0x6E,0x47,0x4F,0x7A,0x37,0x76,0x32,0x72,0x64,0x35,0x75,0x52,0x53,0x53,0x51,0x3D,0x60,0x66,0x67,0x76,0x6B,0x41,0x65,0x68,0x6B,0x5A,0x34,0x41,0x4E,0x55,0x56,0x57,0x75,0x30,0x51,0x63,0x61,0x35,0x74,0x46,0x59,0x66,0x42,0x73,0x62,0x67,0x58,0x4E,0x6B,0x45,0x39,0x31,0x72,0x67,0x32,0x6A,0x53,0x47,0x50,0x4C,0x4E,0x50,0x6C,0x33,0x61,0x44,0x6C,0x31,0x5A,0x67,0x67,0x63,0x4E,0x67,0x67,0x6F,0x37,0x47,0x6D,0x48,0x77,0x6E,0x6D,0x46,0x78,0x32,0x75,0x50,0x47,0x41,0x63,0x7C,0x7A,0x6A,0x78,0x48,0x74,0x33,0x32,0x74,0x30,0x50,0x39,0x7A,0x59,0x32,0x47,0x52,0x35,0x41,0x58,0x6A,0x69,0x36,0x61,0x67,0x53,0x32,0x75,0x6A,0x79,0x5A,0x59,0x6F,0x4E,0x32,0x36,0x55,0x47,0x77,0x31,0x61,0x74,0x6A,0x77,0x53,0x72,0x47,0x56,0x52,0x78,0x44,0x34,0x58


  };

  memcpy (buf, buff3,184);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}



if (lenEx == 400)
{
	  OutputDebugStringA(  "修改数据包" );
  BYTE  buff3[400] =
  {

0x63,0x72,0x79,0x70,0x74,0x72,0x73,0x61,0x64,0x61,0x74,0x61,0x51,0x52,0x54,0x43,0x46,0x2B,0x78,0x34,0x7A,0x65,0x4B,0x67,0x59,0x6A,0x4F,0x70,0x64,0x44,0x37,0x77,0x52,0x36,0x78,0x71,0x6E,0x64,0x61,0x46,0x68,0x49,0x4F,0x77,0x71,0x6C,0x36,0x56,0x57,0x5A,0x44,0x4C,0x2F,0x77,0x51,0x3D,0x60,0x39,0x52,0x50,0x76,0x39,0x52,0x72,0x4D,0x58,0x54,0x72,0x62,0x73,0x55,0x5A,0x64,0x33,0x4E,0x69,0x62,0x41,0x7C,0x41,0x6D,0x58,0x6D,0x35,0x7A,0x66,0x7C,0x5A,0x6A,0x4A,0x6E,0x72,0x74,0x35,0x54,0x53,0x6F,0x45,0x31,0x59,0x4B,0x38,0x57,0x33,0x4D,0x30,0x37,0x50,0x6C,0x66,0x70,0x49,0x78,0x66,0x5F,0x57,0x5F,0x33,0x38,0x6F,0x65,0x39,0x72,0x6F,0x64,0x74,0x4D,0x79,0x47,0x58,0x32,0x65,0x58,0x75,0x4C,0x4B,0x44,0x4A,0x57,0x39,0x4F,0x51,0x49,0x7A,0x7A,0x48,0x4E,0x37,0x55,0x39,0x71,0x44,0x78,0x41,0x54,0x69,0x47,0x53,0x38,0x69,0x71,0x47,0x64,0x48,0x62,0x38,0x64,0x7C,0x46,0x57,0x55,0x6E,0x4B,0x37,0x33,0x39,0x74,0x6A,0x69,0x42,0x6C,0x47,0x6F,0x68,0x33,0x6A,0x41,0x36,0x4A,0x6A,0x5F,0x47,0x61,0x52,0x5F,0x66,0x39,0x66,0x52,0x4A,0x78,0x33,0x6A,0x70,0x6F,0x6F,0x33,0x55,0x74,0x44,0x67,0x33,0x38,0x59,0x4B,0x74,0x33,0x30,0x79,0x6B,0x62,0x71,0x38,0x41,0x76,0x65,0x65,0x76,0x35,0x73,0x45,0x57,0x6C,0x43,0x5F,0x6F,0x42,0x73,0x4E,0x36,0x41,0x33,0x4E,0x57,0x55,0x69,0x4C,0x6A,0x6D,0x48,0x62,0x6F,0x77,0x4D,0x4C,0x79,0x71,0x53,0x36,0x48,0x71,0x43,0x33,0x49,0x52,0x6C,0x52,0x37,0x58,0x4C,0x7C,0x70,0x74,0x67,0x7C,0x55,0x74,0x39,0x5A,0x62,0x6D,0x67,0x4D,0x6C,0x6E,0x43,0x54,0x4E,0x35,0x6E,0x6B,0x50,0x76,0x57,0x6E,0x39,0x6A,0x6C,0x70,0x37,0x42,0x7C,0x37,0x47,0x38,0x55,0x73,0x34,0x77,0x41,0x6A,0x6E,0x44,0x45,0x4D,0x4D,0x38,0x59,0x4D,0x76,0x4F,0x43,0x38,0x78,0x47,0x43,0x64,0x76,0x61,0x4A,0x71,0x59,0x6B,0x59,0x7C,0x73,0x76,0x59,0x77,0x39,0x38,0x33,0x55,0x44,0x49,0x6F,0x41,0x6B,0x58,0x70,0x5F,0x45,0x64,0x56,0x35,0x67,0x59,0x30,0x5A,0x78,0x78,0x55,0x64,0x78,0x45,0x59,0x57,0x6D,0x6D,0x44,0x5F,0x61,0x55,0x30,0x79,0x39,0x61,0x33,0x4B,0x39,0x6C,0x74,0x6E,0x47,0x6C,0x57,0x63,0x68,0x74,0x52,0x4B,0x4E,0x68,0x6F,0x54,0x5A,0x35,0x4E,0x62,0x33


  };

  memcpy (buf, buff3,400);   //从b中复制5个字符到a中,把a原有的字符都给覆盖了,采用组个覆盖的方式	

}
*/








  return ret;
}




BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
    if (dwReason == DLL_PROCESS_ATTACH) {
        DetourRestoreAfterWith();
		
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)TrueRecv, TimedRecv);
        DetourTransactionCommit();
		 OutputDebugStringA("DLL已注入");
    }
    else if (dwReason == DLL_PROCESS_DETACH) {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)TrueRecv, TimedRecv);
        DetourTransactionCommit();
			 OutputDebugStringA("DLL已卸载");
    }
    return TRUE;
}
侠客软件开发
关注
专栏目录
易语言网络封包拦截修改源码.rar
07-11
易语言网络封包拦截修改源码.rar
易语言编程-远程封包拦截与发送技术
热门推荐
hzw320的博客
10-16 1万+
我们前面学习了封包拦截的技术和发送技术,但都是用DLL的注入方式来进行拦截封包的 那么有没有一种可以不需要注入,就可以拦截到指定进程里的封包数据呢? 答案是肯定的:有的 独立团论坛的Game-EC模块的最新版本就加入了远程封包功能,但是要正确使用模块里的命令稳定运行,需模块授权使用 这个功能可以实现不需要写DLL注入到进程, 就可以进行拦截和获取指定进程的封包数据和套接字信息 非常方便便捷,远程封...
利用hook截获进程的API调用
Redspider的专栏
04-01 2532
截获API是个很有用的东西,比如你想分析一下别人的程序是怎样工作的。这里我介绍一下一种我自己试验通过的方法。首先,我们必须设法把自己的代码放到目标程序的进程空间里去。Windows Hook可以帮我们实现这一点。SetWindowsHookEx的声明如下:HHOOK SetWindowsHookEx(  int idHook,        // hook type  HOOKPROC lpfn,
ws2_32.dll wsock32.dll send sendto 注意
lionzl的专栏
08-11 3337
我们知道,WS2_32.DLL导出了send、sendto、recvrecvfrom、WSASend、WSASendTo、WSARecv和WSARecvFrom,而WSOCK32.DLL也导出了send、sendto、recvrecvfrom函数(OD只能看到WSOCK32.DLL的recvrecvfrom,用VC的DEPENDS.EXE才能查看到send、sendto)。但MSDN上并没有
hook socket send recv的代码(zz)
weixin_34210740的博客
03-26 606
(zzfrom)http://hack.gameres.com/showthread.asp?threadid=3379 hook socket send recv的代码(1) 最后更新:2005.07.17 本程序演示如何拦截一个程序对send、recv函数的调用, 并把send、recv函数的参数用 WM_COPYDATA 消息发送 到监视程序中。 附带演示如何拦截Di...
HOOK SEND RECV函数拦截网络封包的程序.rar
09-21
总的来说,HOOK SEND RECV函数拦截技术是网络编程和系统监控的一个强大工具。它允许开发者深入理解网络通信过程,并对其进行控制,但同时也需要谨慎使用,以确保系统的稳定性和合规性。通过学习和实践,你可以更好...
易语言远程拦截封包
07-19
在"易语言远程拦截封包"这个主题中,我们主要关注的是如何使用易语言来实现网络数据包的远程拦截和分析。这涉及到网络编程的基础知识以及网络通信中的关键接口,如send和recv。 首先,我们需要理解网络封包是什么。...
模拟器封包拦截技术, 易语言源码
04-04
源码中可能使用了API Hook技术,如Detours库,来实现对send和recv函数拦截。 3. **拦截收包与发包**:源码中特别提到支持拦截收发封包,这意味着它不仅能够捕捉到应用发出的数据包,也能捕获到接收到的响应。这...
利用HOOK拦截封包原理
04-21
### 利用HOOK拦截封包原理 在网络安全与软件开发领域中,HOOK技术是一种非常重要的手段,被广泛应用于系统监控、安全检测以及程序调试等多个方面。本文将深入探讨如何使用HOOK技术来拦截网络封包,并重点讲解利用...
封包助手包括Send,Recv,WSASend,WSARecv,SendTo等
11-19
封包助手是一个能拦截网络应用程序数据包的纯绿色软件(压缩包不足400KB,无插件无病毒,不需安装),包括Send,Recv,WSASend,WSARecv,SendTo,RecvFrom,WSASendTo,WSARecvFrom。 封包助手还可以拦截Connect和Accept...
易语言封包截取源码,易语言HOOKapi实现封包截取
08-19
HOOKapi实现封包截取系统结构:dll,myrecv,mysend,HOOKON,HOOKOFF,发送文本,CallWindowProc_,SetWindowLong_,寻找顶级窗口_,MessageBox_,关闭内核对象_,创建文件映射对象_,MapViewOfFile_,UnmapViewOfFile_,打开文件映射
HookRecv 拦截输出
09-17
hookrecv拦截输出封包信息 不错的东西
ws2_32.dll 拦截send函数并把发送内容写到ob文件里
06-28
对网络数据的拦截,其中列出send函数例子,把send的内容写入ob文件.
易语言-hook 拦截操作源码 纯源 APIHOOK
06-29
易语言杀软监控源码例程程序结合易语言通用对象支持库,调用API函数监控杀软。易语言杀软监控源码对学习HOOK有所帮助。 易学编程网
详谈HOOK API的技术
skyremember的专栏
11-02 705
 详谈HOOK API的技术        上一帖     下一帖    查看完整版本页: [1] 麦克风http://www.51cto.com2006-4-6 03:05详谈HOOK API的技术HOOKAPI是一个永恒的话题,如果没有HOOK,许多技术将很难实现,也许根本不能实现。这里所说的API,是广义上的API,它包括DOS下的中断,WINDOWS里的AP
Windows Hook 易核心编程(4) API Hook 续 拦截API
ywbhnay的专栏
04-27 1913
在开始之前,让我们先来回顾一下: 什么叫Hook API?       所谓Hook就是钩子的意思,而API是指Windows开放给程序员的编程接口,使得在用户级别下可以对操作系统进行控 制,也就是一般的应用程序都需要调用API来完成某些功能,Hook API的意思就是在这些应用程序调用真正的系统API前可 以先被截获,从而进行一些处理再调用真正的API来完成功能。在讲H
Send函数Recv函数解析
xtmb2364434724的博客
09-05 339
1. send函数 int send( SOCKET s, const char FAR *buf, int len, int flags );   不论是客户端还是服务器端应用程序都用send函数来向TCP连接的另一端发送数据。 客户端程序一般用send函数向服务器发送请求,而服务器则通常用send函数来向客户程序发送应答。 该函数的: 第一个参数指定发送端套接字描述符; 第二个参数
recv函数最后一个参数
最新发布
06-01
recv函数最后一个参数是一组用于发送和接收数据的标志,可以指定接收函数的行为。常见的标志包括: 1. 0:默认值,表示没有任何标志。 2. MSG_OOB:接收带外数据,该标志仅在SOCK_STREAM套接字类型中有效。 3. MSG_PEEK:接收数据,但不将数据从接收队列中删除,这样可以在不实际读取数据的情况下查看数据。 4. MSG_WAITALL:阻止函数返回,直到接收到全部请求的数据。 5. MSG_TRUNC:截断接收的数据,以符合缓冲区的大小。 6. MSG_DONTWAIT:指示函数应该立即返回,而不是等待数据到达。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

侠客软件开发

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值