www.pudn.com > QQ_Sniffer.rar > TestActiveX.cpp

// TestActiveX.cpp : 定义控制台应用程序的入口点。 
// 
 
#include "stdafx.h" 
#include  
 
#include "pcap.h" 
#include "myfollow.h" 
#include "myState.H" 
 
 
 
// 唯一的应用程序对象 
 
using namespace std; 
void  parse_handle( const unsigned char *  byteArray, const unsigned int byteArrayLen, FILE* pipe); 
 
/* prototype of the packet handler */ 
/* Callback function invoked by libpcap for every incoming packet */ 
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data) 
{ 
	parse_handle(pkt_data, ( size_t )( header->caplen ), stdout ); 
	//    outputBinary( ( u_char * )packet, ( size_t )( pcap_head->caplen ), stderr ); 
    return; 
} 
 
int Start() 
{ 
	g_objState.InitHash(); 
 
	pcap_if_t *alldevs; 
	pcap_if_t *d; 
	int inum; 
	int i=0; 
	pcap_t *adhandle; 
	char errbuf[PCAP_ERRBUF_SIZE]; 
 
 
	/* Retrieve the device list on the local machine */ 
	if ( pcap_findalldevs( &alldevs , errbuf ) == -1 ) 
	{ 
		fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); 
		exit(1); 
	} 
	 
	/* Print the list */ 
	printf( "\n"); 
	for(d=alldevs; d; d=d->next) 
	{ 
		printf("%d. %s", ++i, d->name); 
		if (d->description) 
			printf(" (%s)\n", d->description); 
		else 
			printf(" (No description available)\n"); 
	} 
	 
	if(i==0) 
	{ 
		printf("\nNo interfaces found! Make sure WinPcap 3.1.beta4 or higher is installed.\n"); 
		return -1; 
	} 
	 
	printf("选择网卡号码 (1-%d):",i); 
	scanf("%d", &inum); 
	 
	if(inum < 1 || inum > i) 
	{ 
		printf("\nInterface number out of range.\n"); 
		/* Free the device list */ 
		pcap_freealldevs(alldevs); 
		return -1; 
	} 
	 
	/* Jump to the selected adapter */ 
	for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); 
	 
 
	/* Open the device */ 
	if ( (adhandle= pcap_open_live (d->name, 65535, 0, 1000, errbuf) ) == NULL) 
	{ 
		fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); 
		/* Free the device list */ 
		pcap_freealldevs(alldevs); 
		return -1; 
	} 
	 
	printf("\n正在工作于%s...\n", d->description); 
	 
	/* At this point, we don't need any more the device list. Free it */ 
	pcap_freealldevs(alldevs); 
	 
	/* start the capture */ 
	pcap_loop(adhandle, 0, packet_handler, NULL); 
 
	return 1; 
 
} 
 
void Stop() 
{ 
	g_objState.freeState(); 
} 
 
 
 
 
int _tmain(int argc, _TCHAR* argv[]) 
{ 
	int nRetCode = 0; 
	int nLoadMode = 1; 
	char n ; 
	 
	{ 
 
		fprintf( stderr, "\t\n"); 
		fprintf( stderr, "\t   __ __|                             ____  ___    ____   \n"); 
		fprintf( stderr, "\t      |    _ \\    _` |    _` _\\      / __/ / _ \\  / _  ` \n"); 
		fprintf( stderr, "\t      |    __/   (   |   |  |  |    _\\ \\  / _/ /  \\_, /   \n"); 
		fprintf( stderr, "\t     _|  \\___|  \\__,_|  _| _| _|   /___/  \\___/  /___/    \n"); 
		fprintf( stderr, "\t\n"); 
 
		fprintf( stderr, "\tTEAM 509 will demonstratre you how to break HH!\n"); 
		fprintf( stderr, "\t\tdirect comment to oetsfl(at)yahoo.com.cn\n\n"); 
 
		if(argc==2) 
		{ 
			if(atoi(argv[1])!=0) 
			{ 
				fprintf( stderr, "破解模式设为2 （数字破解）\n"); 
 
			} 
			else 
			{ 
				fprintf( stderr, "字典式攻击 字典文件\n"); 
			} 
		} 
		else 
			{ 
				fprintf( stderr, "默认破解模式设为2（数字）\n"); 
			} 
 
		fprintf( stderr, "1 本地模式 2 动态库模式： \n"); 
		while(1) 
		{ 
			n = getch(); 
			if (n == '1') 
			{ 
				fprintf( stderr, "......本地模式已经准备好......\n"); 
				break; 
			} 
			else if (n == '2') 
			{ 
				fprintf( stderr, "......动态库模式已经准备好......\n"); 
				nLoadMode = 2; 
				break; 
			} 
			else if (n == 27) 
				break; 
		} 
 
		if (nLoadMode == 1) 
		{ 
				Start(); 
		} 
		else if (nLoadMode == 2) 
		{ 
			 
		} 
 
		if (n != 27) 
		{ 
			while (1) 
			{ 
				char n = getch(); 
				if (n == 27) 
					break; 
			} 
			if (nLoadMode == 1) 
				Stop(); 
			if (nLoadMode == 2) 
			{ 
				//NetStopService(); 
			} 
		} 
 
	} 
	return nRetCode; 
} 
 
 
 
void  parse_handle( const unsigned char *  byteArray, const unsigned int byteArrayLen, FILE* pipe) 
{ 
	u_char *data = (u_char*)byteArray; 
 
	struct ether_header * eh = (ether_header *)data;
	
	struct ip *iph = (struct ip *)(data + 14); 
	data = data + 14; 
 
	static struct tuple4 addr; 
	struct tcphdr *tcph = NULL; 
	int datalen = 0; 
	static CMyFollow objFollow; 
	if (iph->ip_p == 0x06) 
	{ 
		int iplen = iplen = ntohs(iph->ip_len);//IP长度 
		//长度不正确 
		if (iplen - 4 * iph->ip_hl < sizeof(struct tcphdr)) 
			return ; 
 
		tcph = (struct tcphdr *)(data + 4 * iph->ip_hl); 
 
		//datalen为TCP的数据长度 
		datalen = iplen - 4 * iph->ip_hl - 4 * tcph->th_off; 
 
		addr.source = ntohs(tcph->th_sport); 
		addr.dest = ntohs(tcph->th_dport); 
		addr.saddr = iph->ip_src.s_addr; 
		addr.daddr = iph->ip_dst.s_addr; 
 
		if (tcph->th_flags & TH_RST)  
			return ; 
 
		objFollow.parse_hh1(addr, iph->ip_p, (u_char*)tcph + sizeof(tcphdr), datalen, stdout); 

	} 
	else if (iph->ip_p == 0x11) 
	{ 
		int iplen = ntohs(iph->ip_len);//IP长度 
		 
		//长度不正确 
		if (iplen - 4 * iph->ip_hl < sizeof(struct udphdr)) 
			return ; 
 
		struct udphdr * udph = (struct udphdr *)(data + 4 * iph->ip_hl); 
 
		//udp包的长度 
		int ulen = ntohs(udph->uh_ulen); 
		if (iplen - 4 * iph->ip_hl < ulen || ulenuh_sport); 
		addr.dest = ntohs(udph->uh_dport); 
		addr.saddr = iph->ip_src.s_addr; 
		addr.daddr = iph->ip_dst.s_addr; 
		
		 
		objFollow.parse_hh1(addr, iph->ip_p, (u_char*)udph + sizeof(struct udphdr), datalen, stdout); 
 
	} 
 
}