2024-06-18 17:57:37 +08:00
|
|
|
|
using ClassLibrary1;
|
2023-09-22 17:17:54 +08:00
|
|
|
|
using EasyHook;
|
2024-06-18 17:57:37 +08:00
|
|
|
|
using System;
|
2024-06-18 18:28:38 +08:00
|
|
|
|
using System.Collections;
|
2024-06-18 17:57:37 +08:00
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
using System.Net.Sockets;
|
|
|
|
|
|
using System.Runtime.InteropServices;
|
|
|
|
|
|
using System.Text;
|
2023-09-22 17:17:54 +08:00
|
|
|
|
using System.Threading;
|
|
|
|
|
|
using System.Windows.Forms;
|
2023-09-25 12:44:13 +08:00
|
|
|
|
using static AxibugInject.ws2_32;
|
2023-09-22 17:17:54 +08:00
|
|
|
|
|
2024-06-18 22:46:22 +08:00
|
|
|
|
|
2023-09-22 17:17:54 +08:00
|
|
|
|
namespace AxibugInject
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
[Serializable]
|
|
|
|
|
|
public class HookParameter
|
|
|
|
|
|
{
|
|
|
|
|
|
public string Msg { get; set; }
|
|
|
|
|
|
public int HostProcessId { get; set; }
|
|
|
|
|
|
public string RedirectorArrs { get; set; }
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public class Main : IEntryPoint
|
|
|
|
|
|
{
|
|
|
|
|
|
public LocalHook GetHostByNameHook = null;
|
2023-09-25 12:44:13 +08:00
|
|
|
|
public LocalHook GetHostByAddrHook = null;
|
|
|
|
|
|
public LocalHook gethostnameHook = null;
|
|
|
|
|
|
public LocalHook connectHook = null;
|
2024-06-18 17:57:37 +08:00
|
|
|
|
public LocalHook WSAConnectHook = null;
|
2023-09-22 17:17:54 +08:00
|
|
|
|
|
|
|
|
|
|
public static Dictionary<string, string> mDictHostToIP = new Dictionary<string, string>();
|
|
|
|
|
|
public Main(
|
|
|
|
|
|
RemoteHooking.IContext context,
|
|
|
|
|
|
string channelName
|
|
|
|
|
|
, HookParameter parameter
|
|
|
|
|
|
)
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
string[] RedirectorArrs = parameter.RedirectorArrs.Split('|');
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
for(int i = 0;i < RedirectorArrs.Length;i++)
|
|
|
|
|
|
{
|
|
|
|
|
|
string line = RedirectorArrs[i].Trim();
|
|
|
|
|
|
if (string.IsNullOrEmpty(line))
|
|
|
|
|
|
continue;
|
|
|
|
|
|
string[] arr = RedirectorArrs[i].Trim().Split(':');
|
|
|
|
|
|
if (arr.Length < 2)
|
|
|
|
|
|
continue;
|
|
|
|
|
|
mDictHostToIP[arr[0].Trim()] = arr[1].Trim();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
MessageBox.Show(ex.ToString());
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
MessageBox.Show(parameter.Msg + ",并加载:" + mDictHostToIP.Count + "个重定向配置", "Hooked");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public void Run(
|
|
|
|
|
|
RemoteHooking.IContext context,
|
|
|
|
|
|
string channelName
|
|
|
|
|
|
, HookParameter parameter
|
|
|
|
|
|
)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
2023-09-25 12:44:13 +08:00
|
|
|
|
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyname");
|
2023-09-22 17:17:54 +08:00
|
|
|
|
GetHostByNameHook = LocalHook.Create(
|
|
|
|
|
|
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyname"),
|
|
|
|
|
|
new DGetHostByName(GetHostByName_Hooked),
|
|
|
|
|
|
this);
|
|
|
|
|
|
GetHostByNameHook.ThreadACL.SetExclusiveACL(new int[1]);
|
2023-09-25 12:44:13 +08:00
|
|
|
|
|
|
|
|
|
|
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyaddr");
|
|
|
|
|
|
GetHostByAddrHook = LocalHook.Create(
|
|
|
|
|
|
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyaddr"),
|
|
|
|
|
|
new Dgethostbyaddr(gethostbyaddr_Hooked),
|
|
|
|
|
|
this);
|
|
|
|
|
|
GetHostByAddrHook.ThreadACL.SetExclusiveACL(new int[1]);
|
|
|
|
|
|
|
|
|
|
|
|
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostname");
|
|
|
|
|
|
gethostnameHook = LocalHook.Create(
|
|
|
|
|
|
LocalHook.GetProcAddress("ws2_32.dll", "gethostname"),
|
|
|
|
|
|
new Dgethostname(gethostname_Hooked),
|
|
|
|
|
|
this);
|
|
|
|
|
|
gethostnameHook.ThreadACL.SetExclusiveACL(new int[1]);
|
|
|
|
|
|
|
|
|
|
|
|
ConsoleShow.Log($"Hook函数ws2_32.dll->connect");
|
|
|
|
|
|
connectHook = LocalHook.Create(
|
|
|
|
|
|
LocalHook.GetProcAddress("ws2_32.dll", "connect"),
|
|
|
|
|
|
new Dconnect(connect_Hooked),
|
|
|
|
|
|
this);
|
|
|
|
|
|
connectHook.ThreadACL.SetExclusiveACL(new int[1]);
|
2024-06-18 17:57:37 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ConsoleShow.Log($"Hook函数ws2_32.dll->WSAConnect");
|
|
|
|
|
|
WSAConnectHook = LocalHook.Create(
|
|
|
|
|
|
LocalHook.GetProcAddress("ws2_32.dll", "WSAConnect"),
|
|
|
|
|
|
new DWSAConnect(WSAConnect_Hooked),
|
|
|
|
|
|
this);
|
|
|
|
|
|
WSAConnectHook.ThreadACL.SetExclusiveACL(new int[1]);
|
2023-10-06 15:40:41 +08:00
|
|
|
|
|
2023-09-22 17:17:54 +08:00
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
MessageBox.Show(ex.Message);
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
while (true)
|
|
|
|
|
|
{
|
|
|
|
|
|
Thread.Sleep(10);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-09-25 12:44:13 +08:00
|
|
|
|
#region gethostbyname
|
2023-09-22 17:17:54 +08:00
|
|
|
|
|
|
|
|
|
|
[DllImport("ws2_32.dll", EntryPoint = "gethostbyname", CharSet = CharSet.Ansi)]
|
|
|
|
|
|
public static extern IntPtr gethostbyname(String name);
|
|
|
|
|
|
|
|
|
|
|
|
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
|
|
|
|
|
|
delegate IntPtr DGetHostByName(String name);
|
|
|
|
|
|
static IntPtr GetHostByName_Hooked(
|
|
|
|
|
|
String name)
|
|
|
|
|
|
{
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
2023-09-25 12:44:13 +08:00
|
|
|
|
ConsoleShow.Log($"gethostbyname[调用]name->{name}");
|
2023-09-22 17:17:54 +08:00
|
|
|
|
Main This = (Main)HookRuntimeInfo.Callback;
|
|
|
|
|
|
if (mDictHostToIP.ContainsKey(name.ToLower()))
|
|
|
|
|
|
{
|
2023-09-25 12:44:13 +08:00
|
|
|
|
ConsoleShow.Log($"gethostbyname[访问并重定向]{name}->{mDictHostToIP[name]}");
|
2023-09-22 17:17:54 +08:00
|
|
|
|
name = mDictHostToIP[name.ToLower()];
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2023-09-25 12:44:13 +08:00
|
|
|
|
ConsoleShow.Log("gethostbyname[访问]:" + name);
|
2023-09-22 17:17:54 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch
|
|
|
|
|
|
{
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// call original API...
|
|
|
|
|
|
return gethostbyname(
|
|
|
|
|
|
name);
|
|
|
|
|
|
}
|
|
|
|
|
|
#endregion
|
2023-09-25 12:44:13 +08:00
|
|
|
|
|
|
|
|
|
|
#region gethostname
|
|
|
|
|
|
|
|
|
|
|
|
[DllImport("ws2_32.dll", SetLastError = true)]
|
|
|
|
|
|
static extern int gethostname(StringBuilder name, int length);
|
|
|
|
|
|
|
|
|
|
|
|
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
|
|
|
|
|
|
delegate int Dgethostname(StringBuilder name, int length);
|
|
|
|
|
|
static int gethostname_Hooked(StringBuilder name, int length)
|
|
|
|
|
|
{
|
|
|
|
|
|
ConsoleShow.Log($"gethostname[调用]name->{name} length->{length}");
|
|
|
|
|
|
// call original API...
|
|
|
|
|
|
return gethostname(name, length);
|
|
|
|
|
|
}
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
|
|
|
|
|
|
#region gethostbyaddr
|
|
|
|
|
|
|
|
|
|
|
|
[DllImport("ws2_32.dll", EntryPoint = "gethostbyaddr", CharSet = CharSet.Ansi)]
|
|
|
|
|
|
public static extern IntPtr gethostbyaddr(String addr, int len,int type);
|
|
|
|
|
|
|
|
|
|
|
|
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
|
|
|
|
|
|
delegate IntPtr Dgethostbyaddr(String addr, int len, int type);
|
|
|
|
|
|
static IntPtr gethostbyaddr_Hooked(String addr, int len,int type)
|
|
|
|
|
|
{
|
|
|
|
|
|
ConsoleShow.Log($"gethostbyaddr[调用]addr->{addr} len->{len} type->{type}");
|
|
|
|
|
|
try
|
|
|
|
|
|
{
|
|
|
|
|
|
Main This = (Main)HookRuntimeInfo.Callback;
|
|
|
|
|
|
if (mDictHostToIP.ContainsKey(addr.ToLower()))
|
|
|
|
|
|
{
|
|
|
|
|
|
ConsoleShow.Log($"gethostbyaddr[访问并重定向]{addr}->{mDictHostToIP[addr]}");
|
|
|
|
|
|
addr = mDictHostToIP[addr.ToLower()];
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
ConsoleShow.Log("gethostbyaddr[访问]:" + addr);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
catch
|
|
|
|
|
|
{
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// call original API...
|
|
|
|
|
|
return gethostbyaddr(addr, len, type);
|
|
|
|
|
|
}
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#region connect
|
2024-06-18 22:46:22 +08:00
|
|
|
|
[DllImport("ws2_32.dll")]
|
|
|
|
|
|
public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
|
2023-09-25 12:44:13 +08:00
|
|
|
|
|
|
|
|
|
|
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
|
2024-06-18 22:46:22 +08:00
|
|
|
|
delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
|
|
|
|
|
|
static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize)
|
|
|
|
|
|
{
|
2023-10-06 15:40:41 +08:00
|
|
|
|
|
2024-06-18 22:46:22 +08:00
|
|
|
|
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
|
|
|
|
|
|
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}");
|
2023-10-06 15:40:41 +08:00
|
|
|
|
|
2024-06-18 22:46:22 +08:00
|
|
|
|
// call original API...
|
|
|
|
|
|
return connect(SocketHandle, ref addr, addrsize);
|
|
|
|
|
|
}
|
2023-10-06 15:40:41 +08:00
|
|
|
|
|
|
|
|
|
|
|
2024-06-18 22:46:22 +08:00
|
|
|
|
|
2024-06-18 18:28:38 +08:00
|
|
|
|
#endregion
|
2023-09-25 12:44:13 +08:00
|
|
|
|
|
2024-06-18 18:28:38 +08:00
|
|
|
|
#region WSAConnect
|
|
|
|
|
|
|
|
|
|
|
|
[DllImport("ws2_32.dll", SetLastError = true)]
|
2024-06-18 17:57:37 +08:00
|
|
|
|
internal static extern SocketError WSAConnect(
|
2024-06-18 22:46:22 +08:00
|
|
|
|
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
|
|
|
|
|
|
[In] IntPtr lpCallerData,
|
|
|
|
|
|
[Out] IntPtr lpCalleeData,
|
|
|
|
|
|
[In] IntPtr lpSQOS,
|
|
|
|
|
|
[In] IntPtr lpGQOS);
|
2024-06-18 17:57:37 +08:00
|
|
|
|
|
|
|
|
|
|
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
|
2024-06-18 22:46:22 +08:00
|
|
|
|
delegate SocketError DWSAConnect(
|
|
|
|
|
|
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
|
|
|
|
|
|
[In] IntPtr lpCallerData,
|
|
|
|
|
|
[Out] IntPtr lpCalleeData,
|
|
|
|
|
|
[In] IntPtr lpSQOS,
|
|
|
|
|
|
[In] IntPtr lpGQOS);
|
|
|
|
|
|
|
2024-06-18 17:57:37 +08:00
|
|
|
|
static SocketError WSAConnect_Hooked(
|
2024-06-18 22:46:22 +08:00
|
|
|
|
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
|
|
|
|
|
|
[In] IntPtr lpCallerData,
|
|
|
|
|
|
[Out] IntPtr lpCalleeData,
|
|
|
|
|
|
[In] IntPtr lpSQOS,
|
|
|
|
|
|
[In] IntPtr lpGQOS)
|
2024-06-18 18:28:38 +08:00
|
|
|
|
{
|
2024-06-18 22:46:22 +08:00
|
|
|
|
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
|
|
|
|
|
|
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}");
|
|
|
|
|
|
|
|
|
|
|
|
return WSAConnect(SocketHandle, ref addr, addrsize, lpCallerData, lpCalleeData, lpSQOS, lpGQOS);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#region 工具
|
|
|
|
|
|
|
|
|
|
|
|
static int GetPort(ushort Tbed)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (Tbed < 256)
|
|
|
|
|
|
return Tbed;
|
|
|
|
|
|
|
|
|
|
|
|
byte gao = (byte)(Tbed >> 8);
|
|
|
|
|
|
byte di = (byte)(Tbed & 0xff);
|
|
|
|
|
|
|
|
|
|
|
|
ushort a = (ushort)(gao << 8);
|
|
|
|
|
|
ushort b = (ushort)di;
|
|
|
|
|
|
//ushort newBed = (ushort)(a | di);
|
|
|
|
|
|
|
|
|
|
|
|
ushort newT = (ushort)(gao | di << 8);
|
|
|
|
|
|
return newT;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public static string SwapToIP(uint value)
|
|
|
|
|
|
{
|
|
|
|
|
|
byte[] data = BitConverter.GetBytes(value);
|
|
|
|
|
|
|
|
|
|
|
|
string result = "";
|
2024-06-18 18:28:38 +08:00
|
|
|
|
//猜测
|
2024-06-18 22:46:22 +08:00
|
|
|
|
for (int i = 0; i < data.Length; i++)
|
2024-06-18 18:28:38 +08:00
|
|
|
|
{
|
2024-06-18 22:46:22 +08:00
|
|
|
|
if (!string.IsNullOrEmpty(result))
|
|
|
|
|
|
result += ".";
|
|
|
|
|
|
result += data[i];
|
2024-06-18 18:28:38 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2024-06-18 22:46:22 +08:00
|
|
|
|
return result;
|
|
|
|
|
|
}
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
}
|
2023-09-22 17:17:54 +08:00
|
|
|
|
}
|
