sin365/AxibugRedirector
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
601581a73a
AxibugRedirector/AxibugInject/Main.cs
sin365 601581a73a 追加函数
2023-09-25 12:44:13 +08:00

229 lines
7.7 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System;
using System.Text;
using System.Runtime.InteropServices;
using EasyHook;
using System.Threading;
using System.Windows.Forms;
using ClassLibrary1;
using System.Collections.Generic;
using System.Xml.Linq;
using static AxibugInject.ws2_32;
namespace AxibugInject
{
[Serializable]
public class HookParameter
{
public string Msg { get; set; }
public int HostProcessId { get; set; }
public string RedirectorArrs { get; set; }
}
public class Main : IEntryPoint
{
public LocalHook GetHostByNameHook = null;
public LocalHook GetHostByAddrHook = null;
public LocalHook gethostnameHook = null;
public LocalHook connectHook = null;
public static Dictionary<string, string> mDictHostToIP = new Dictionary<string, string>();
public Main(
RemoteHooking.IContext context,
string channelName
, HookParameter parameter
)
{
string[] RedirectorArrs = parameter.RedirectorArrs.Split('|');
try
{
for(int i = 0;i < RedirectorArrs.Length;i++)
{
string line = RedirectorArrs[i].Trim();
if (string.IsNullOrEmpty(line))
continue;
string[] arr = RedirectorArrs[i].Trim().Split(':');
if (arr.Length < 2)
continue;
mDictHostToIP[arr[0].Trim()] = arr[1].Trim();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
MessageBox.Show(parameter.Msg + ",并加载:" + mDictHostToIP.Count + "个重定向配置", "Hooked");
}
public void Run(
RemoteHooking.IContext context,
string channelName
, HookParameter parameter
)
{
try
{
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyname");
GetHostByNameHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyname"),
new DGetHostByName(GetHostByName_Hooked),
this);
GetHostByNameHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostbyaddr");
GetHostByAddrHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostbyaddr"),
new Dgethostbyaddr(gethostbyaddr_Hooked),
this);
GetHostByAddrHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->gethostname");
gethostnameHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "gethostname"),
new Dgethostname(gethostname_Hooked),
this);
gethostnameHook.ThreadACL.SetExclusiveACL(new int[1]);
ConsoleShow.Log($"Hook函数ws2_32.dll->connect");
connectHook = LocalHook.Create(
LocalHook.GetProcAddress("ws2_32.dll", "connect"),
new Dconnect(connect_Hooked),
this);
connectHook.ThreadACL.SetExclusiveACL(new int[1]);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
try
{
while (true)
{
Thread.Sleep(10);
}
}
catch
{
}
}
#region gethostbyname
[DllImport("ws2_32.dll", EntryPoint = "gethostbyname", CharSet = CharSet.Ansi)]
public static extern IntPtr gethostbyname(String name);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr DGetHostByName(String name);
static IntPtr GetHostByName_Hooked(
String name)
{
try
{
ConsoleShow.Log($"gethostbyname[调用]name->{name}");
Main This = (Main)HookRuntimeInfo.Callback;
if (mDictHostToIP.ContainsKey(name.ToLower()))
{
ConsoleShow.Log($"gethostbyname[访问并重定向]{name}->{mDictHostToIP[name]}");
name = mDictHostToIP[name.ToLower()];
}
else
{
ConsoleShow.Log("gethostbyname[访问]" + name);
}
}
catch
{
}
// call original API...
return gethostbyname(
name);
}
#endregion
#region gethostname
[DllImport("ws2_32.dll", SetLastError = true)]
static extern int gethostname(StringBuilder name, int length);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate int Dgethostname(StringBuilder name, int length);
static int gethostname_Hooked(StringBuilder name, int length)
{
ConsoleShow.Log($"gethostname[调用]name->{name} length->{length}");
// call original API...
return gethostname(name, length);
}
#endregion
#region gethostbyaddr
[DllImport("ws2_32.dll", EntryPoint = "gethostbyaddr", CharSet = CharSet.Ansi)]
public static extern IntPtr gethostbyaddr(String addr, int len,int type);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr Dgethostbyaddr(String addr, int len, int type);
static IntPtr gethostbyaddr_Hooked(String addr, int len,int type)
{
ConsoleShow.Log($"gethostbyaddr[调用]addr->{addr} len->{len} type->{type}");
try
{
Main This = (Main)HookRuntimeInfo.Callback;
if (mDictHostToIP.ContainsKey(addr.ToLower()))
{
ConsoleShow.Log($"gethostbyaddr[访问并重定向]{addr}->{mDictHostToIP[addr]}");
addr = mDictHostToIP[addr.ToLower()];
}
else
{
ConsoleShow.Log("gethostbyaddr[访问]" + addr);
}
}
catch
{
}
// call original API...
return gethostbyaddr(addr, len, type);
}
#endregion
#region connect
//[StructLayout(LayoutKind.Sequential)]
//public struct sockaddr_in6
//{
// public short sin6_family;
// public ushort sin6_port;
// public uint sin6_flowinfo;
// [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
// public byte[] sin6_addr;
// public uint sin6_scope_id;
//}
[DllImport("Ws2_32.dll")]
public static extern int connect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate int Dconnect(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize);
static int connect_Hooked(IntPtr SocketHandle, ref sockaddr_in addr, int addrsize)
{
ConsoleShow.Log($"connect[调用]SocketHandle->{SocketHandle} addr->{addr} addrsize->{addrsize}");
ConsoleShow.Log($"connect sockaddr_in 详情 :sin_family->{addr.sin_family} sin_addr->{addr.sin_addr} sin_port->{addr.sin_port}");
// call original API...
return connect(SocketHandle, ref addr, addrsize);
}
#endregion
}
}
Reference in New Issue View Git Blame Copy Permalink