From 8b0a8012a3ad5f8aaf63f98048d5cf372b4557dd Mon Sep 17 00:00:00 2001
From: sin365 <353374337@qq.com>
Date: Fri, 6 Oct 2023 15:40:41 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=20connect=20api?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
AxibugInject/AxibugInject.csproj | 2 +
AxibugInject/Main.cs | 28 +++++++--
AxibugInject/ws2_32.cs | 101 ++++++++++++++++++++++++++++++-
AxibugRedirector/Program.cs | 54 ++++++++++++++---
4 files changed, 170 insertions(+), 15 deletions(-)
diff --git a/AxibugInject/AxibugInject.csproj b/AxibugInject/AxibugInject.csproj
index 3e6ab91..1d63e5a 100644
--- a/AxibugInject/AxibugInject.csproj
+++ b/AxibugInject/AxibugInject.csproj
@@ -24,6 +24,7 @@
4
x86
false
+ false
pdbonly
@@ -59,6 +60,7 @@
+
diff --git a/AxibugInject/Main.cs b/AxibugInject/Main.cs
index e9c4150..7efc34b 100644
--- a/AxibugInject/Main.cs
+++ b/AxibugInject/Main.cs
@@ -94,6 +94,7 @@ namespace AxibugInject
new Dconnect(connect_Hooked),
this);
connectHook.ThreadACL.SetExclusiveACL(new int[1]);
+
}
catch (Exception ex)
{
@@ -209,18 +210,37 @@ namespace AxibugInject
// public uint sin6_scope_id;
//}
[DllImport("Ws2_32.dll")]
- public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
+ public static extern int connect(IntPtr SocketHandle, ref sockaddr_in_old addr, int addrsize);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
- delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
- static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize)
+ delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in_old addr, int addrsize);
+ static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in_old addr, int addrsize)
{
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
- ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{addr.sin_addr} sin_port->{addr.sin_port}");
+ ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{addr.sin_addr}" +
+ $" sin_port->{GetPort(addr.sin_port)}");
+ /*ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{addr.sin_addr.s_b1}.{addr.sin_addr.s_b2}.{addr.sin_addr.s_b3}.{addr.sin_addr.s_b4}" +
+ $" sin_port->{GetPort(addr.sin_port)}");*/
// call original API...
return connect(SocketHandle, ref addr, addrsize);
}
+
+ static int GetPort(ushort Tbed)
+ {
+ if (Tbed < 256)
+ return Tbed;
+
+ byte gao = (byte)(Tbed >> 8);
+ byte di = (byte)(Tbed & 0xff);
+
+ ushort a = (ushort)(gao << 8);
+ ushort b = (ushort)di;
+ //ushort newBed = (ushort)(a | di);
+
+ ushort newT = (ushort)(gao | di << 8);
+ return newT;
+ }
#endregion
diff --git a/AxibugInject/ws2_32.cs b/AxibugInject/ws2_32.cs
index be767ca..d2f7f6a 100644
--- a/AxibugInject/ws2_32.cs
+++ b/AxibugInject/ws2_32.cs
@@ -125,10 +125,22 @@ namespace AxibugInject
}
*/
+
+ /*
+ * struct sockaddr_in {
+ short sin_family;
+ u_short sin_port;
+ struct in_addr sin_addr;
+ char sin_zero[8];
+};
+ */
+
+
+
///
/// Internet socket address structure.
///
- public struct sockaddr_in
+ public struct sockaddr_in_old
{
///
/// Protocol family indicator.
@@ -149,6 +161,93 @@ namespace AxibugInject
//public string sin_zero;
public long sin_zero;
}
+
+ ///
+ /// Internet socket address structure.
+ ///
+ public struct sockaddr_in
+ {
+ ///
+ /// Protocol family indicator.
+ ///
+ public short sin_family;
+ ///
+ /// Protocol port.
+ ///
+ public ushort sin_port;
+ ///
+ /// Actual address value.
+ ///
+ public in_addr sin_addr;
+ ///
+ /// Address content list.
+ ///
+ [MarshalAs(UnmanagedType.LPStr, SizeConst=8)]
+ public string sin_zero;
+ //public long sin_zero;
+ }
+
+ [StructLayout(LayoutKind.Explicit, Size = 4)]
+ public struct in_addr
+ {
+ [FieldOffset(0)] internal byte s_b1;
+ [FieldOffset(1)] internal byte s_b2;
+ [FieldOffset(2)] internal byte s_b3;
+ [FieldOffset(3)] internal byte s_b4;
+
+ [FieldOffset(0)] internal ushort s_w1;
+ [FieldOffset(2)] internal ushort s_w2;
+
+ [FieldOffset(0)] internal uint S_addr;
+
+ ///
+ /// can be used for most tcp & ip code
+ ///
+ internal uint s_addr
+ {
+ get { return S_addr; }
+ }
+
+ ///
+ /// host on imp
+ ///
+ internal byte s_host
+ {
+ get { return s_b2; }
+ }
+
+ ///
+ /// network
+ ///
+ internal byte s_net
+ {
+ get { return s_b1; }
+ }
+
+ ///
+ /// imp
+ ///
+ internal ushort s_imp
+ {
+ get { return s_w2; }
+ }
+
+ ///
+ /// imp #
+ ///
+ internal byte s_impno
+ {
+ get { return s_b4; }
+ }
+
+ ///
+ /// logical host
+ ///
+ internal byte s_lh
+ {
+ get { return s_b3; }
+ }
+ }
/*
public enum SocketFlags
{
diff --git a/AxibugRedirector/Program.cs b/AxibugRedirector/Program.cs
index 15786c7..59271a9 100644
--- a/AxibugRedirector/Program.cs
+++ b/AxibugRedirector/Program.cs
@@ -116,27 +116,61 @@ namespace AxibugRedirector
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool IsWow64Process([In] IntPtr process, [Out] out bool wow64Process);
+
private static bool RegGACAssembly()
{
var dllName = "EasyHook.dll";
- var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
- if (!RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ var dllPath = System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
+ if (System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath);
+ Thread.Sleep(100);
+ new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
+ Thread.Sleep(100);
+ if (System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ Console.WriteLine("{0} registered to GAC successfully.", dllName);
+ else
{
- new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
- Thread.Sleep(100);
+ Console.WriteLine("{0} registered to GAC failed.", dllName);
+ return false;
}
dllName = "AxibugInject.dll";
- dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
- new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath);
- if (!RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ dllPath = System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
+ if (System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath);
+ Thread.Sleep(100);
+ new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
+ Thread.Sleep(100);
+ if (System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ Console.WriteLine("{0} registered to GAC successfully.", dllName);
+ else
{
- new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
- Thread.Sleep(100);
+ Console.WriteLine("{0} registered to GAC failed.", dllName);
+ return false;
}
-
return true;
}
+ //private static bool RegGACAssembly()
+ //{
+ // var dllName = "EasyHook.dll";
+ // var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
+ // if (!RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ // {
+ // new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
+ // Thread.Sleep(100);
+ // }
+
+ // dllName = "AxibugInject.dll";
+ // dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
+ // new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath);
+ // if (!RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
+ // {
+ // new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
+ // Thread.Sleep(100);
+ // }
+
+ // return true;
+ //}
private static bool InstallHookInternal(int processId)
{