diff --git a/AxibugInject/Main.cs b/AxibugInject/Main.cs index 635524c..e9c4150 100644 --- a/AxibugInject/Main.cs +++ b/AxibugInject/Main.cs @@ -6,6 +6,8 @@ using System.Threading; using System.Windows.Forms; using ClassLibrary1; using System.Collections.Generic; +using System.Xml.Linq; +using static AxibugInject.ws2_32; namespace AxibugInject { @@ -22,6 +24,9 @@ namespace AxibugInject public class Main : IEntryPoint { public LocalHook GetHostByNameHook = null; + public LocalHook GetHostByAddrHook = null; + public LocalHook gethostnameHook = null; + public LocalHook connectHook = null; public static Dictionary mDictHostToIP = new Dictionary(); public Main( @@ -62,11 +67,33 @@ namespace AxibugInject { try { + ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyname"); GetHostByNameHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "gethostbyname"), new DGetHostByName(GetHostByName_Hooked), this); GetHostByNameHook.ThreadACL.SetExclusiveACL(new int[1]); + + ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyaddr"); + GetHostByAddrHook = LocalHook.Create( + LocalHook.GetProcAddress("ws2_32.dll", "gethostbyaddr"), + new Dgethostbyaddr(gethostbyaddr_Hooked), + this); + GetHostByAddrHook.ThreadACL.SetExclusiveACL(new int[1]); + + ConsoleShow.Log($"Hook函数ws2_32.dll->gethostname"); + gethostnameHook = LocalHook.Create( + LocalHook.GetProcAddress("ws2_32.dll", "gethostname"), + new Dgethostname(gethostname_Hooked), + this); + gethostnameHook.ThreadACL.SetExclusiveACL(new int[1]); + + ConsoleShow.Log($"Hook函数ws2_32.dll->connect"); + connectHook = LocalHook.Create( + LocalHook.GetProcAddress("ws2_32.dll", "connect"), + new Dconnect(connect_Hooked), + this); + connectHook.ThreadACL.SetExclusiveACL(new int[1]); } catch (Exception ex) { @@ -87,7 +114,7 @@ namespace AxibugInject } } - #region gethostname + #region gethostbyname [DllImport("ws2_32.dll", EntryPoint = "gethostbyname", CharSet = CharSet.Ansi)] public static extern IntPtr gethostbyname(String name); @@ -99,15 +126,16 @@ namespace AxibugInject { try { + ConsoleShow.Log($"gethostbyname[调用]name->{name}"); Main This = (Main)HookRuntimeInfo.Callback; if (mDictHostToIP.ContainsKey(name.ToLower())) { - ConsoleShow.Log($"[访问并重定向]{name}->{mDictHostToIP[name]}"); + ConsoleShow.Log($"gethostbyname[访问并重定向]{name}->{mDictHostToIP[name]}"); name = mDictHostToIP[name.ToLower()]; } else { - ConsoleShow.Log("[访问]:" + name); + ConsoleShow.Log("gethostbyname[访问]:" + name); } } catch @@ -119,5 +147,82 @@ namespace AxibugInject name); } #endregion + + #region gethostname + + [DllImport("ws2_32.dll", SetLastError = true)] + static extern int gethostname(StringBuilder name, int length); + + [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] + delegate int Dgethostname(StringBuilder name, int length); + static int gethostname_Hooked(StringBuilder name, int length) + { + ConsoleShow.Log($"gethostname[调用]name->{name} length->{length}"); + // call original API... + return gethostname(name, length); + } + #endregion + + #region gethostbyaddr + + [DllImport("ws2_32.dll", EntryPoint = "gethostbyaddr", CharSet = CharSet.Ansi)] + public static extern IntPtr gethostbyaddr(String addr, int len,int type); + + [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] + delegate IntPtr Dgethostbyaddr(String addr, int len, int type); + static IntPtr gethostbyaddr_Hooked(String addr, int len,int type) + { + ConsoleShow.Log($"gethostbyaddr[调用]addr->{addr} len->{len} type->{type}"); + try + { + Main This = (Main)HookRuntimeInfo.Callback; + if (mDictHostToIP.ContainsKey(addr.ToLower())) + { + ConsoleShow.Log($"gethostbyaddr[访问并重定向]{addr}->{mDictHostToIP[addr]}"); + addr = mDictHostToIP[addr.ToLower()]; + } + else + { + ConsoleShow.Log("gethostbyaddr[访问]:" + addr); + } + } + catch + { + } + + // call original API... + return gethostbyaddr(addr, len, type); + } + #endregion + + + #region connect + + //[StructLayout(LayoutKind.Sequential)] + //public struct sockaddr_in6 + //{ + // public short sin6_family; + // public ushort sin6_port; + // public uint sin6_flowinfo; + // [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] + // public byte[] sin6_addr; + // public uint sin6_scope_id; + //} + [DllImport("Ws2_32.dll")] + public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize); + + [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] + delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize); + static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize) + { + ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}"); + ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{addr.sin_addr} sin_port->{addr.sin_port}"); + // call original API... + return connect(SocketHandle, ref addr, addrsize); + } + + #endregion + + } } diff --git a/AxibugInject/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs b/AxibugInject/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs new file mode 100644 index 0000000..5d01041 --- /dev/null +++ b/AxibugInject/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs @@ -0,0 +1,4 @@ +// +using System; +using System.Reflection; +[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")] diff --git a/AxibugInject/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs b/AxibugInject/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs new file mode 100644 index 0000000..15efebf --- /dev/null +++ b/AxibugInject/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs @@ -0,0 +1,4 @@ +// +using System; +using System.Reflection; +[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.8", FrameworkDisplayName = ".NET Framework 4.8")] diff --git a/AxibugInject/obj/Release/.NETFramework,Version=v4.8.AssemblyAttributes.cs b/AxibugInject/obj/Release/.NETFramework,Version=v4.8.AssemblyAttributes.cs new file mode 100644 index 0000000..15efebf --- /dev/null +++ b/AxibugInject/obj/Release/.NETFramework,Version=v4.8.AssemblyAttributes.cs @@ -0,0 +1,4 @@ +// +using System; +using System.Reflection; +[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.8", FrameworkDisplayName = ".NET Framework 4.8")] diff --git a/AxibugInject/ws2_32.cs b/AxibugInject/ws2_32.cs new file mode 100644 index 0000000..be767ca --- /dev/null +++ b/AxibugInject/ws2_32.cs @@ -0,0 +1,167 @@ +using System; +using System.Collections.Generic; +using System.Text; +using System.Runtime.InteropServices; +using System.Net.Sockets; + +namespace AxibugInject +{ + public class ws2_32 + { + /* + public const int SOCKET_ERROR = -1; + public const int INVALID_SOCKET = ~0; + + [DllImport("ws2_32.dll", CharSet = CharSet.Auto, SetLastError = true)] + public static extern Int32 WSACleanup(); + [DllImport("Ws2_32.dll")] + public static extern int WSAStartup(ushort Version, out WSAData Data); + [DllImport("Ws2_32.dll")] + public static extern SocketError WSAGetLastError(); + [DllImport("Ws2_32.dll")] + public static extern IntPtr socket(AddressFamily af, SocketType type, ProtocolType protocol); + [DllImport("Ws2_32.dll")] + public static unsafe extern int send(IntPtr SocketHandle, byte[] buf, int len, int flags); + [DllImport("Ws2_32.dll")] + public static extern int recv(IntPtr SocketHandle, byte[] buf, int len, int flags); + [DllImport("Ws2_32.dll")] + public static unsafe extern int send([In] IntPtr s, [In] byte* buf, [In] int len, [In] int flags); + [DllImport("Ws2_32.dll")] + public static unsafe extern int recv([In] IntPtr s, [Out] byte* buf, [In] int len, [In] int flags); + [DllImport("ws2_32.dll", CharSet = CharSet.Auto, SetLastError = true)] + public static extern IntPtr accept(IntPtr socketHandle, ref sockaddr_in socketAddress, ref int addressLength); + [DllImport("Ws2_32.dll")] + public static extern int listen(IntPtr s, int backlog); + [DllImport("Ws2_32.dll", CharSet = CharSet.Ansi)] + public static extern uint inet_addr(string cp); + [DllImport("Ws2_32.dll")] + public static extern ushort htons(ushort hostshort); + [DllImport("Ws2_32.dll")] + public static unsafe extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize); + [DllImport("Ws2_32.dll")] + public static extern int closesocket(IntPtr SocketHandle); + [DllImport("Ws2_32.dll")] + public static unsafe extern int getpeername(IntPtr SocketHandle, sockaddr_in* addr, int* addrsize); + [DllImport("Ws2_32.dll")] + public static unsafe extern int bind(IntPtr SocketHandle, ref sockaddr_in addr, int namelen); + [DllImport("Ws2_32.dll")] + public static unsafe extern sbyte* inet_ntoa(int _in); + [DllImport("Ws2_32.dll")] + public static unsafe extern ulong htonl(ulong hostlong); + [DllImport("Ws2_32.dll")] + public static unsafe extern ulong ntohl(ulong netlong); + [DllImport("Ws2_32.dll")] + public static unsafe extern ushort ntohs(ushort netshort); + [DllImport("ws2_32.dll", SetLastError = true)] + public static extern SocketError setsockopt([In] IntPtr socketHandle, [In] SocketOptionLevel optionLevel, [In] SocketOptionName optionName, [In] ref int optionValue, [In] int optionLength); + + [DllImport("ws2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)] + public static extern IntPtr WSASocket(AddressFamily af, SocketType socket_type, ProtocolType protocol, + IntPtr lpProtocolInfo, Int32 group, SocketConstructorFlags dwFlags); + + [DllImport("ws2_32.dll", SetLastError = true)] + public static unsafe extern int sendto(IntPtr Socket, byte* buff, int len, SocketFlags flags, sockaddr_in To, int tolen); + [DllImport("ws2_32.dll", SetLastError = true)] + public static unsafe extern int recvfrom(IntPtr Socket, byte* buff, int len, SocketFlags flags, ref sockaddr_in To, int tolen); + + + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)] + public unsafe struct WSAData + { + public ushort Version; + public ushort HighVersion; + [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 257)] + public string Description; + [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 129)] + public string SystemStatus; + public ushort MaxSockets; + public ushort MaxUdpDg; + sbyte* lpVendorInfo; + } + + public enum AddressFamily : int + { + Unknown = 0, + InterNetworkv4 = 2, + Ipx = 4, + AppleTalk = 17, + NetBios = 17, + InterNetworkv6 = 23, + Irda = 26, + BlueTooth = 32 + } + public enum SocketType : int + { + Unknown = 0, + Stream = 1, + DGram = 2, + Raw = 3, + Rdm = 4, + SeqPacket = 5 + } + public enum ProtocolType : int + { + BlueTooth = 3, + Tcp = 6, + Udp = 17, + ReliableMulticast = 113 + } + + public unsafe struct fd_set + { + public const int FD_SETSIZE = 64; + public uint fd_count; + public fixed uint fd_array[FD_SETSIZE]; + } + + [Flags] + public enum SocketConstructorFlags + { + WSA_FLAG_MULTIPOINT_C_LEAF = 4, + WSA_FLAG_MULTIPOINT_C_ROOT = 2, + WSA_FLAG_MULTIPOINT_D_LEAF = 0x10, + WSA_FLAG_MULTIPOINT_D_ROOT = 8, + WSA_FLAG_OVERLAPPED = 1 + } + + */ + /// + /// Internet socket address structure. + /// + public struct sockaddr_in + { + /// + /// Protocol family indicator. + /// + public ushort sin_family; + /// + /// Protocol port. + /// + public ushort sin_port; + /// + /// Actual address value. + /// + public uint sin_addr; + /// + /// Address content list. + /// + //[MarshalAs(UnmanagedType.LPStr, SizeConst=8)] + //public string sin_zero; + public long sin_zero; + } + /* + public enum SocketFlags + { + Broadcast = 0x400, + ControlDataTruncated = 0x200, + DontRoute = 4, + MaxIOVectorLength = 0x10, + Multicast = 0x800, + None = 0, + OutOfBand = 1, + Partial = 0x8000, + Peek = 2, + Truncated = 0x100 + }*/ + } +} \ No newline at end of file diff --git a/AxibugRedirector/Program.cs b/AxibugRedirector/Program.cs index 0b11619..15786c7 100644 --- a/AxibugRedirector/Program.cs +++ b/AxibugRedirector/Program.cs @@ -94,8 +94,22 @@ namespace AxibugRedirector } Console.WriteLine("已就绪"); - while(true) - Console.ReadLine(); + while (true) + { + string str = Console.ReadLine(); + if (int.TryParse(str, out int cmd)) + { + if (cmd == 4) + { + Console.WriteLine($"再次注入PID{CurrPid}"); + if (DoInjectByPid(cmd)) + { + bflag = true; + Console.WriteLine($"再次注入PID{CurrPid}成功!"); + } + } + } + } } [DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)] @@ -207,6 +221,7 @@ namespace AxibugRedirector } #region 运行时处理 + static int CurrPid; public static bool StartProcessWithHook(string path) { var pro = new Process(); @@ -230,7 +245,7 @@ namespace AxibugRedirector Console.WriteLine("失败:"+ex.ToString()); return false; } - + CurrPid = pro.Id; return DoInjectByPid(pro.Id); } #endregion diff --git a/AxibugRedirector/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs b/AxibugRedirector/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs new file mode 100644 index 0000000..15efebf --- /dev/null +++ b/AxibugRedirector/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs @@ -0,0 +1,4 @@ +// +using System; +using System.Reflection; +[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.8", FrameworkDisplayName = ".NET Framework 4.8")] diff --git a/AxibugRedirector/obj/Release/.NETFramework,Version=v4.8.AssemblyAttributes.cs b/AxibugRedirector/obj/Release/.NETFramework,Version=v4.8.AssemblyAttributes.cs new file mode 100644 index 0000000..15efebf --- /dev/null +++ b/AxibugRedirector/obj/Release/.NETFramework,Version=v4.8.AssemblyAttributes.cs @@ -0,0 +1,4 @@ +// +using System; +using System.Reflection; +[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.8", FrameworkDisplayName = ".NET Framework 4.8")]