AxibugRedirector/AxibugInject/Main.cs

301 lines
9.5 KiB
C#
Raw Normal View History

2024-06-18 17:57:37 +08:00
using ClassLibrary1;
2023-09-22 17:17:54 +08:00
using EasyHook;
2024-06-18 17:57:37 +08:00
using System;
2024-06-18 18:28:38 +08:00
using System.Collections;
2024-06-18 17:57:37 +08:00
using System.Collections.Generic;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Text;
2023-09-22 17:17:54 +08:00
using System.Threading;
using System.Windows.Forms;
2023-09-25 12:44:13 +08:00
using static AxibugInject.ws2_32;
2023-09-22 17:17:54 +08:00
2024-06-18 22:46:22 +08:00
2023-09-22 17:17:54 +08:00
namespace AxibugInject
{
[Serializable]
public class HookParameter
{
public string Msg { get; set; }
public int HostProcessId { get; set; }
public string RedirectorArrs { get; set; }
}
public class Main : IEntryPoint
{
public LocalHook GetHostByNameHook = null;
2023-09-25 12:44:13 +08:00
public LocalHook GetHostByAddrHook = null;
public LocalHook gethostnameHook = null;
public LocalHook connectHook = null;
2024-06-18 17:57:37 +08:00
public LocalHook WSAConnectHook = null;
2023-09-22 17:17:54 +08:00
public static Dictionary<string, string> mDictHostToIP = new Dictionary<string, string>();
public Main(
RemoteHooking.IContext context,
string channelName
, HookParameter parameter
)
{
string[] RedirectorArrs = parameter.RedirectorArrs.Split('|');
try
{
for(int i = 0;i < RedirectorArrs.Length;i++)
{
string line = RedirectorArrs[i].Trim();
if (string.IsNullOrEmpty(line))
continue;
string[] arr = RedirectorArrs[i].Trim().Split(':');
if (arr.Length < 2)
continue;
mDictHostToIP[arr[0].Trim()] = arr[1].Trim();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
MessageBox.Show(parameter.Msg + ",并加载:" + mDictHostToIP.Count + "个重定向配置", "Hooked");
}
public void Run(
RemoteHooking.IContext context,
string channelName
, HookParameter parameter
)
{
try
{
2023-09-25 12:44:13 +08:00
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyname");
2023-09-22 17:17:54 +08:00
GetHostByNameHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyname"),
new DGetHostByName(GetHostByName_Hooked),
this);
GetHostByNameHook.ThreadACL.SetExclusiveACL(new int[1]);
2023-09-25 12:44:13 +08:00
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyaddr");
GetHostByAddrHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyaddr"),
new Dgethostbyaddr(gethostbyaddr_Hooked),
this);
GetHostByAddrHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostname");
gethostnameHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostname"),
new Dgethostname(gethostname_Hooked),
this);
gethostnameHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->connect");
connectHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "connect"),
new Dconnect(connect_Hooked),
this);
connectHook.ThreadACL.SetExclusiveACL(new int[1]);
2024-06-18 17:57:37 +08:00
ConsoleShow.Log($"Hook函数ws2_32.dll->WSAConnect");
WSAConnectHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "WSAConnect"),
new DWSAConnect(WSAConnect_Hooked),
this);
WSAConnectHook.ThreadACL.SetExclusiveACL(new int[1]);
2023-10-06 15:40:41 +08:00
2023-09-22 17:17:54 +08:00
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
try
{
while (true)
{
Thread.Sleep(10);
}
}
catch
{
}
}
2023-09-25 12:44:13 +08:00
#region gethostbyname
2023-09-22 17:17:54 +08:00
[DllImport("ws2_32.dll", EntryPoint = "gethostbyname", CharSet = CharSet.Ansi)]
public static extern IntPtr gethostbyname(String name);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr DGetHostByName(String name);
static IntPtr GetHostByName_Hooked(
String name)
{
try
{
2023-09-25 12:44:13 +08:00
ConsoleShow.Log($"gethostbyname[调用]name->{name}");
2023-09-22 17:17:54 +08:00
Main This = (Main)HookRuntimeInfo.Callback;
if (mDictHostToIP.ContainsKey(name.ToLower()))
{
2023-09-25 12:44:13 +08:00
ConsoleShow.Log($"gethostbyname[访问并重定向]{name}->{mDictHostToIP[name]}");
2023-09-22 17:17:54 +08:00
name = mDictHostToIP[name.ToLower()];
}
else
{
2023-09-25 12:44:13 +08:00
ConsoleShow.Log("gethostbyname[访问]" + name);
2023-09-22 17:17:54 +08:00
}
}
catch
{
}
// call original API...
return gethostbyname(
name);
}
#endregion
2023-09-25 12:44:13 +08:00
#region gethostname
[DllImport("ws2_32.dll", SetLastError = true)]
static extern int gethostname(StringBuilder name, int length);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate int Dgethostname(StringBuilder name, int length);
static int gethostname_Hooked(StringBuilder name, int length)
{
ConsoleShow.Log($"gethostname[调用]name->{name} length->{length}");
// call original API...
return gethostname(name, length);
}
#endregion
#region gethostbyaddr
[DllImport("ws2_32.dll", EntryPoint = "gethostbyaddr", CharSet = CharSet.Ansi)]
public static extern IntPtr gethostbyaddr(String addr, int len,int type);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr Dgethostbyaddr(String addr, int len, int type);
static IntPtr gethostbyaddr_Hooked(String addr, int len,int type)
{
ConsoleShow.Log($"gethostbyaddr[调用]addr->{addr} len->{len} type->{type}");
try
{
Main This = (Main)HookRuntimeInfo.Callback;
if (mDictHostToIP.ContainsKey(addr.ToLower()))
{
ConsoleShow.Log($"gethostbyaddr[访问并重定向]{addr}->{mDictHostToIP[addr]}");
addr = mDictHostToIP[addr.ToLower()];
}
else
{
ConsoleShow.Log("gethostbyaddr[访问]" + addr);
}
}
catch
{
}
// call original API...
return gethostbyaddr(addr, len, type);
}
#endregion
#region connect
2024-06-18 22:46:22 +08:00
[DllImport("ws2_32.dll")]
public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
2023-09-25 12:44:13 +08:00
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
2024-06-18 22:46:22 +08:00
delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize)
{
2023-10-06 15:40:41 +08:00
2024-06-18 22:46:22 +08:00
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}");
2023-10-06 15:40:41 +08:00
2024-06-18 22:46:22 +08:00
// call original API...
return connect(SocketHandle, ref addr, addrsize);
}
2023-10-06 15:40:41 +08:00
2024-06-18 22:46:22 +08:00
2024-06-18 18:28:38 +08:00
#endregion
2023-09-25 12:44:13 +08:00
2024-06-18 18:28:38 +08:00
#region WSAConnect
[DllImport("ws2_32.dll", SetLastError = true)]
2024-06-18 17:57:37 +08:00
internal static extern SocketError WSAConnect(
2024-06-18 22:46:22 +08:00
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
[In] IntPtr lpCallerData,
[Out] IntPtr lpCalleeData,
[In] IntPtr lpSQOS,
[In] IntPtr lpGQOS);
2024-06-18 17:57:37 +08:00
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
2024-06-18 22:46:22 +08:00
delegate SocketError DWSAConnect(
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
[In] IntPtr lpCallerData,
[Out] IntPtr lpCalleeData,
[In] IntPtr lpSQOS,
[In] IntPtr lpGQOS);
2024-06-18 17:57:37 +08:00
static SocketError WSAConnect_Hooked(
2024-06-18 22:46:22 +08:00
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
[In] IntPtr lpCallerData,
[Out] IntPtr lpCalleeData,
[In] IntPtr lpSQOS,
[In] IntPtr lpGQOS)
2024-06-18 18:28:38 +08:00
{
2024-06-18 22:46:22 +08:00
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}");
return WSAConnect(SocketHandle, ref addr, addrsize, lpCallerData, lpCalleeData, lpSQOS, lpGQOS);
}
#endregion
#region
static int GetPort(ushort Tbed)
{
if (Tbed < 256)
return Tbed;
byte gao = (byte)(Tbed >> 8);
byte di = (byte)(Tbed & 0xff);
ushort a = (ushort)(gao << 8);
ushort b = (ushort)di;
//ushort newBed = (ushort)(a | di);
ushort newT = (ushort)(gao | di << 8);
return newT;
}
public static string SwapToIP(uint value)
{
byte[] data = BitConverter.GetBytes(value);
string result = "";
2024-06-18 18:28:38 +08:00
//猜测
2024-06-18 22:46:22 +08:00
for (int i = 0; i < data.Length; i++)
2024-06-18 18:28:38 +08:00
{
2024-06-18 22:46:22 +08:00
if (!string.IsNullOrEmpty(result))
result += ".";
result += data[i];
2024-06-18 18:28:38 +08:00
}
2024-06-18 22:46:22 +08:00
return result;
}
#endregion
}
2023-09-22 17:17:54 +08:00
}