sin365/AxibugRedirector
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
402691a14d
AxibugRedirector/AxibugInject/Main.cs
sin365 402691a14d fix
2024-06-18 22:46:22 +08:00

301 lines
9.5 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using ClassLibrary1;
using EasyHook;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
using static AxibugInject.ws2_32;
namespace AxibugInject
{
[Serializable]
public class HookParameter
{
public string Msg { get; set; }
public int HostProcessId { get; set; }
public string RedirectorArrs { get; set; }
}
public class Main : IEntryPoint
{
public LocalHook GetHostByNameHook = null;
public LocalHook GetHostByAddrHook = null;
public LocalHook gethostnameHook = null;
public LocalHook connectHook = null;
public LocalHook WSAConnectHook = null;
public static Dictionary<string, string> mDictHostToIP = new Dictionary<string, string>();
public Main(
RemoteHooking.IContext context,
string channelName
, HookParameter parameter
)
{
string[] RedirectorArrs = parameter.RedirectorArrs.Split('|');
try
{
for(int i = 0;i < RedirectorArrs.Length;i++)
{
string line = RedirectorArrs[i].Trim();
if (string.IsNullOrEmpty(line))
continue;
string[] arr = RedirectorArrs[i].Trim().Split(':');
if (arr.Length < 2)
continue;
mDictHostToIP[arr[0].Trim()] = arr[1].Trim();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
MessageBox.Show(parameter.Msg + ",并加载:" + mDictHostToIP.Count + "个重定向配置", "Hooked");
}
public void Run(
RemoteHooking.IContext context,
string channelName
, HookParameter parameter
)
{
try
{
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyname");
GetHostByNameHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyname"),
new DGetHostByName(GetHostByName_Hooked),
this);
GetHostByNameHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyaddr");
GetHostByAddrHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyaddr"),
new Dgethostbyaddr(gethostbyaddr_Hooked),
this);
GetHostByAddrHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostname");
gethostnameHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostname"),
new Dgethostname(gethostname_Hooked),
this);
gethostnameHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->connect");
connectHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "connect"),
new Dconnect(connect_Hooked),
this);
connectHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->WSAConnect");
WSAConnectHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "WSAConnect"),
new DWSAConnect(WSAConnect_Hooked),
this);
WSAConnectHook.ThreadACL.SetExclusiveACL(new int[1]);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
try
{
while (true)
{
Thread.Sleep(10);
}
}
catch
{
}
}
#region gethostbyname
[DllImport("ws2_32.dll", EntryPoint = "gethostbyname", CharSet = CharSet.Ansi)]
public static extern IntPtr gethostbyname(String name);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr DGetHostByName(String name);
static IntPtr GetHostByName_Hooked(
String name)
{
try
{
ConsoleShow.Log($"gethostbyname[调用]name->{name}");
Main This = (Main)HookRuntimeInfo.Callback;
if (mDictHostToIP.ContainsKey(name.ToLower()))
{
ConsoleShow.Log($"gethostbyname[访问并重定向]{name}->{mDictHostToIP[name]}");
name = mDictHostToIP[name.ToLower()];
}
else
{
ConsoleShow.Log("gethostbyname[访问]" + name);
}
}
catch
{
}
// call original API...
return gethostbyname(
name);
}
#endregion
#region gethostname
[DllImport("ws2_32.dll", SetLastError = true)]
static extern int gethostname(StringBuilder name, int length);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate int Dgethostname(StringBuilder name, int length);
static int gethostname_Hooked(StringBuilder name, int length)
{
ConsoleShow.Log($"gethostname[调用]name->{name} length->{length}");
// call original API...
return gethostname(name, length);
}
#endregion
#region gethostbyaddr
[DllImport("ws2_32.dll", EntryPoint = "gethostbyaddr", CharSet = CharSet.Ansi)]
public static extern IntPtr gethostbyaddr(String addr, int len,int type);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr Dgethostbyaddr(String addr, int len, int type);
static IntPtr gethostbyaddr_Hooked(String addr, int len,int type)
{
ConsoleShow.Log($"gethostbyaddr[调用]addr->{addr} len->{len} type->{type}");
try
{
Main This = (Main)HookRuntimeInfo.Callback;
if (mDictHostToIP.ContainsKey(addr.ToLower()))
{
ConsoleShow.Log($"gethostbyaddr[访问并重定向]{addr}->{mDictHostToIP[addr]}");
addr = mDictHostToIP[addr.ToLower()];
}
else
{
ConsoleShow.Log("gethostbyaddr[访问]" + addr);
}
}
catch
{
}
// call original API...
return gethostbyaddr(addr, len, type);
}
#endregion
#region connect
[DllImport("ws2_32.dll")]
public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize)
{
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}");
// call original API...
return connect(SocketHandle, ref addr, addrsize);
}
#endregion
#region WSAConnect
[DllImport("ws2_32.dll", SetLastError = true)]
internal static extern SocketError WSAConnect(
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
[In] IntPtr lpCallerData,
[Out] IntPtr lpCalleeData,
[In] IntPtr lpSQOS,
[In] IntPtr lpGQOS);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate SocketError DWSAConnect(
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
[In] IntPtr lpCallerData,
[Out] IntPtr lpCalleeData,
[In] IntPtr lpSQOS,
[In] IntPtr lpGQOS);
static SocketError WSAConnect_Hooked(
IntPtr SocketHandle, ref sockaddr_in addr, int addrsize,
[In] IntPtr lpCallerData,
[Out] IntPtr lpCalleeData,
[In] IntPtr lpSQOS,
[In] IntPtr lpGQOS)
{
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{SwapToIP(addr.sin_addr)} sin_port->{GetPort(addr.sin_port)}");
return WSAConnect(SocketHandle, ref addr, addrsize, lpCallerData, lpCalleeData, lpSQOS, lpGQOS);
}
#endregion
#region
static int GetPort(ushort Tbed)
{
if (Tbed < 256)
return Tbed;
byte gao = (byte)(Tbed >> 8);
byte di = (byte)(Tbed & 0xff);
ushort a = (ushort)(gao << 8);
ushort b = (ushort)di;
//ushort newBed = (ushort)(a | di);
ushort newT = (ushort)(gao | di << 8);
return newT;
}
public static string SwapToIP(uint value)
{
byte[] data = BitConverter.GetBytes(value);
string result = "";
//猜测
for (int i = 0; i < data.Length; i++)
{
if (!string.IsNullOrEmpty(result))
result += ".";
result += data[i];
}
return result;
}
#endregion
}
}
Reference in New Issue View Git Blame Copy Permalink