using ClassLibrary1; using EasyHook; using System; using System.Collections; using System.Collections.Generic; using System.Net.Sockets; using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Windows.Forms; using static AxibugInject.ws2_32; namespace AxibugInject { [Serializable] public class HookParameter { public string Msg { get; set; } public int HostProcessId { get; set; } public string RedirectorArrs { get; set; } } public class Main : IEntryPoint { public LocalHook GetHostByNameHook = null; public LocalHook GetHostByAddrHook = null; public LocalHook gethostnameHook = null; public LocalHook connectHook = null; public LocalHook WSAConnectHook = null; public static Dictionary mDictHostToIP = new Dictionary(); public Main( RemoteHooking.IContext context, string channelName , HookParameter parameter ) { string[] RedirectorArrs = parameter.RedirectorArrs.Split('|'); try { for(int i = 0;i < RedirectorArrs.Length;i++) { string line = RedirectorArrs[i].Trim(); if (string.IsNullOrEmpty(line)) continue; string[] arr = RedirectorArrs[i].Trim().Split(':'); if (arr.Length < 2) continue; mDictHostToIP[arr[0].Trim()] = arr[1].Trim(); } } catch (Exception ex) { MessageBox.Show(ex.ToString()); } MessageBox.Show(parameter.Msg + ",并加载:" + mDictHostToIP.Count + "个重定向配置", "Hooked"); } public void Run( RemoteHooking.IContext context, string channelName , HookParameter parameter ) { try { ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyname"); GetHostByNameHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "gethostbyname"), new DGetHostByName(GetHostByName_Hooked), this); GetHostByNameHook.ThreadACL.SetExclusiveACL(new int[1]); ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyaddr"); GetHostByAddrHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "gethostbyaddr"), new Dgethostbyaddr(gethostbyaddr_Hooked), this); GetHostByAddrHook.ThreadACL.SetExclusiveACL(new int[1]); ConsoleShow.Log($"Hook函数ws2_32.dll->gethostname"); gethostnameHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "gethostname"), new Dgethostname(gethostname_Hooked), this); gethostnameHook.ThreadACL.SetExclusiveACL(new int[1]); ConsoleShow.Log($"Hook函数ws2_32.dll->connect"); connectHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "connect"), new Dconnect(connect_Hooked), this); connectHook.ThreadACL.SetExclusiveACL(new int[1]); ConsoleShow.Log($"Hook函数ws2_32.dll->WSAConnect"); WSAConnectHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "WSAConnect"), new DWSAConnect(WSAConnect_Hooked), this); WSAConnectHook.ThreadACL.SetExclusiveACL(new int[1]); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } try { while (true) { Thread.Sleep(10); } } catch { } } #region gethostbyname [DllImport("ws2_32.dll", EntryPoint = "gethostbyname", CharSet = CharSet.Ansi)] public static extern IntPtr gethostbyname(String name); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] delegate IntPtr DGetHostByName(String name); static IntPtr GetHostByName_Hooked( String name) { try { ConsoleShow.Log($"gethostbyname[调用]name->{name}"); Main This = (Main)HookRuntimeInfo.Callback; if (mDictHostToIP.ContainsKey(name.ToLower())) { ConsoleShow.Log($"gethostbyname[访问并重定向]{name}->{mDictHostToIP[name]}"); name = mDictHostToIP[name.ToLower()]; } else { ConsoleShow.Log("gethostbyname[访问]:" + name); } } catch { } // call original API... return gethostbyname( name); } #endregion #region gethostname [DllImport("ws2_32.dll", SetLastError = true)] static extern int gethostname(StringBuilder name, int length); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] delegate int Dgethostname(StringBuilder name, int length); static int gethostname_Hooked(StringBuilder name, int length) { ConsoleShow.Log($"gethostname[调用]name->{name} length->{length}"); // call original API... return gethostname(name, length); } #endregion #region gethostbyaddr [DllImport("ws2_32.dll", EntryPoint = "gethostbyaddr", CharSet = CharSet.Ansi)] public static extern IntPtr gethostbyaddr(String addr, int len,int type); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] delegate IntPtr Dgethostbyaddr(String addr, int len, int type); static IntPtr gethostbyaddr_Hooked(String addr, int len,int type) { ConsoleShow.Log($"gethostbyaddr[调用]addr->{addr} len->{len} type->{type}"); try { Main This = (Main)HookRuntimeInfo.Callback; if (mDictHostToIP.ContainsKey(addr.ToLower())) { ConsoleShow.Log($"gethostbyaddr[访问并重定向]{addr}->{mDictHostToIP[addr]}"); addr = mDictHostToIP[addr.ToLower()]; } else { ConsoleShow.Log("gethostbyaddr[访问]:" + addr); } } catch { } // call original API... return gethostbyaddr(addr, len, type); } #endregion #region connect [DllImport("ws2_32.dll")] public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize); static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize) { ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}"); ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}"); // call original API... return connect(SocketHandle, ref addr, addrsize); } #endregion #region WSAConnect [DllImport("ws2_32.dll", SetLastError = true)] internal static extern SocketError WSAConnect( IntPtr SocketHandle, ref sockaddr_in addr, int addrsize, [In] IntPtr lpCallerData, [Out] IntPtr lpCalleeData, [In] IntPtr lpSQOS, [In] IntPtr lpGQOS); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] delegate SocketError DWSAConnect( IntPtr SocketHandle, ref sockaddr_in addr, int addrsize, [In] IntPtr lpCallerData, [Out] IntPtr lpCalleeData, [In] IntPtr lpSQOS, [In] IntPtr lpGQOS); static SocketError WSAConnect_Hooked( IntPtr SocketHandle, ref sockaddr_in addr, int addrsize, [In] IntPtr lpCallerData, [Out] IntPtr lpCalleeData, [In] IntPtr lpSQOS, [In] IntPtr lpGQOS) { ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}"); ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}"); return WSAConnect(SocketHandle, ref addr, addrsize, lpCallerData, lpCalleeData, lpSQOS, lpGQOS); } #endregion #region 工具 static int GetPort(ushort Tbed) { if (Tbed < 256) return Tbed; byte gao = (byte)(Tbed >> 8); byte di = (byte)(Tbed & 0xff); ushort a = (ushort)(gao << 8); ushort b = (ushort)di; //ushort newBed = (ushort)(a | di); ushort newT = (ushort)(gao | di << 8); return newT; } public static string SwapToIP(uint value) { byte[] data = BitConverter.GetBytes(value); string result = ""; //猜测 for (int i = 0; i < data.Length; i++) { if (!string.IsNullOrEmpty(result)) result += "."; result += data[i]; } return result; } #endregion } }