封包的截取与解包-2

//TCP解包程序
int DecodeTcpPack(char * TcpBuf, int iBufSize)
{
 TCP_HEADER * pTcpHeader;
 int i;
 int iSourcePort,iDestPort;
 DWORD dwWriten = 0;
 char chInfo[100];
 memset(chInfo, 0, 100);
 pTcpHeader = (TCP_HEADER * )TcpBuf;
 //计算TCP首部长度
 int TcpHeaderLen =  pTcpHeader->th_lenres>>4;
 TcpHeaderLen *= sizeof(unsigned long);
 char * TcpData=TcpBuf+TcpHeaderLen;
 //如果过滤敏感字符串则判断是否包含
 if (strSensitive)
  if ((strstr(TcpData, strSensitive))==NULL) return true;
 //对端口进行过滤
 iSourcePort = ntohs(pTcpHeader->th_sport);
 iDestPort = ntohs(pTcpHeader->th_dport);
 if ((iPortFilter) && (iSourcePort!=iPortFilter) && (iDestPort!=iPortFilter))
  return true;
 //输出
 printf("%s ", szProtocol);
 printf("%15s:%5d ->%15s:%5d  ", szSourceIP, iSourcePort, szDestIP, iDestPort);
 printf("TTL=%3d  ", iTTL);
 sprintf(chInfo, "/r/n%s %15s:%5d ->%15s:%5d TTL=%3d ", szProtocol, szSourceIP, iSourcePort, szDestIP, iDestPort, iTTL);
 //判断TCP标志位
 unsigned char FlagMask = 1;
 for( i=0; i<6; i++ )
 {
  if((pTcpHeader->th_flag) & FlagMask)
  {
   printf("%c",TcpFlag[i]);
   strncat(chInfo, &TcpFlag[i], 1);
  }
  else
  {
   printf("-");
   strcat(chInfo, "-");
  }
  FlagMask=FlagMask<<1;
 }
 printf("  bytes=%4d", iBufSize);
 char temp[12];
 sprintf(temp, "  bytes=%4d", iBufSize);
 strcat(chInfo, temp);
 ::WriteFile(hFile, chInfo, strlen(chInfo), &dwWriten, NULL);
 ::WriteFile(hParse, chInfo, strlen(chInfo), &dwWriten, NULL);
 printf("/n");
 //对于长度大于40字节的包进行数据分析(IP_HEADER+TCP_HEADER=40)
 if ((ParamDecode) && (iBufSize>40))
 {
  //分析TCP数据段
  if ((!strSensitive) || (strstr(TcpData,strSensitive)))
  {
   printf(" [DATA]/n");
   ::WriteFile(hFile, "/r/n[DATA]/r/n", sizeof("/r/n[DATA]/r/n"), &dwWriten, NULL);
   ::WriteFile(hParse, "/r/n[DATA]/r/n", sizeof("/r/n[DATA]/r/n"), &dwWriten, NULL);
   printf("%s",TcpData);
   ::WriteFile(hFile, TcpData, strlen(TcpData), &dwWriten, NULL);
   ::WriteFile(hParse, TcpData, strlen(TcpData), &dwWriten, NULL);
   printf("/n [DATA END]/n/n/n");
   ::WriteFile(hFile, "/r/n[DATA END]/r/n/r/n", sizeof("/r/n[DATA END]/r/n/r/n"), &dwWriten, NULL);
   ::WriteFile(hParse, "[DATA END]/r/n", sizeof("[DATA END]/r/n"), &dwWriten, NULL);
  }
 }
 return true;
}

 

//UDP解包程序
int DecodeUdpPack(char * UdpBuf, int iBufSize)
{
 DWORD dwWriten = 0;
 char chInfo[100];
 memset(chInfo, 0, 100);
 UDP_HEADER *pUdpHeader;
 pUdpHeader = (UDP_HEADER * )UdpBuf;
 int iSourcePort = ntohs(pUdpHeader->uh_sport);
 int iDestPort = ntohs(pUdpHeader->uh_dport);
 //对端口进行过滤
 if(iPortFilter)
  if ((iSourcePort!=iPortFilter) && (iDestPort!=iPortFilter))
   return true;
 sprintf(chInfo, "/r/n%s %15s:%5d ->%15s:%5d TTL=%3d Len=%4d bytes=%4d", szProtocol, szSourceIP, iSourcePort, szDestIP, iDestPort, iTTL, ntohs(pUdpHeader->uh_len), iBufSize);
 printf("/n");
 printf("%s ", szProtocol);
 printf("%15s:%5d ->%15s:%5d  ", szSourceIP, iSourcePort, szDestIP, iDestPort);
 printf("TTL=%3d ", iTTL);
 printf("Len=%4d ", ntohs(pUdpHeader->uh_len));
 printf("bytes=%4d", iBufSize);
 ::WriteFile(hFile, chInfo, strlen(szProtocol) + sizeof("/r/n : ->: TTL= Len= bytes=") + 51, &dwWriten, NULL);
 ::WriteFile(hParse, chInfo, strlen(szProtocol) + sizeof("/r/n : ->: TTL= Len= bytes=") + 51, &dwWriten, NULL);
 //对于长度大于28字节的包进行数据分析(IP_HEADER+UDP_HEADER>28)
 if ((ParamDecode) && (iBufSize>28))
 {
  printf("/n[DATA]/n");
  ::WriteFile(hFile, "/r/n[DATA]/r/n", sizeof("/r/n[DATA]/r/n"), &dwWriten, NULL);
  ::WriteFile(hParse, "/r/n[DATA]", sizeof("/r/n[DATA]"), &dwWriten, NULL);
  //UDP首部长度为8
  char * UdpData=UdpBuf+8;
  //分析UDP数据段
  for(unsigned int i=0;i<(iBufSize-sizeof(UDP_HEADER));i++)
  {
   char chData[15];
   char chPata[1];
   if ( (UdpData[i]>33) && (UdpData[i]<122) )
   {
                printf("/n%2c [%08x]", UdpData[i], UdpData[i]);
    sprintf(chData, "/r/n%2c [%08x]", UdpData[i], UdpData[i]);
   }
   else
   {
    printf("/n   [%08x]", abs(UdpData[i]));
    sprintf(chData, "/r/n   [%08x]", UdpData[i]);
   }
   sprintf(chPata, "%c", UdpData[i]);
   ::WriteFile(hFile, chData, 15, &dwWriten, NULL);
   ::WriteFile(hParse, chPata, 1, &dwWriten, NULL);

  }
  printf("/n[DATA END]/n/n");
  ::WriteFile(hFile, "/r/n[DATA END]/r/n/r/n", sizeof("/r/n[DATA END]/r/n/r/n"), &dwWriten, NULL);
  ::WriteFile(hParse, "[DATA END]/r/n", sizeof("[DATA END]/r/n"), &dwWriten, NULL);
 }
 return true;
}

//ICMP解包程序
int DecodeIcmpPack(char * IcmpBuf, int iBufSize)
{
 ICMP_HEADER * pIcmpHeader;
 pIcmpHeader = (ICMP_HEADER * )IcmpBuf;
 int iIcmpType = pIcmpHeader->i_type;
 int iIcmpCode = pIcmpHeader->i_code;
 //对类型进行过滤
 if ((iPortFilter) && (iIcmpType!=iPortFilter)) return true;
 printf("%s ", szProtocol);
 //printf("%15s Type%d ->%15s Code%d  ", szSourceIP, iIcmpType, szDestIP, iIcmpCode);
 printf("%15s       ->%15s        ", szSourceIP, szDestIP);
 printf("TTL=%3d ", iTTL);
 printf("Type%2d,%d ",iIcmpType,iIcmpCode);
 printf("bytes=%4d", iBufSize);
 printf("/n");
 //对于包含数据段的包进行数据分析
 if ((ParamDecode) && (iBufSize>28))
 {
  char * IcmpData=IcmpBuf+4;
  //分析ICMP数据段
  printf(" [DATA]");
  for(unsigned int i=0;i<(iBufSize-sizeof(ICMP_HEADER));i++)
  {
   if (!(i%8)) printf("/n");
   if ( (IcmpData[i]>33) && (IcmpData[i]<122) )
     printf("%3c [%3x]", IcmpData[i], IcmpData[i]);
   else printf("    [%3x]", abs(IcmpData[i]));
  }
  printf("/n [DATA END]/n/n/n");
 }
 return true;
}