Welcome, guest! Login / Register - Why register?
Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so dont bother with any of their useless mail servers here and just use oauth login instead. Thank the nice Russians for causing that. :)

Paste

Pasted as C++ by Bitnik ( 14 years ago )
#include "stdafx.h"

USHORT ntohs( USHORT netshort )
{
 PUCHAR pBuffer;
 USHORT nResult;

 nResult = 0;
 pBuffer = (PUCHAR )&netshort;

 nResult = ( (pBuffer[ 0 ] << 8) & 0xFF00 )
  | ( pBuffer[ 1 ] & 0x00FF );

 return( nResult );
}

#define htons ntohs

int main(int argc, char* argv[])
{
 TCP_AdapterList  AdList;
 CNdisApi   api;
 ETH_REQUEST   Request;
 INTERMEDIATE_BUFFER PacketBuffer;
 ether_header_ptr pEthHeader = NULL;
 iphdr_ptr   pIpHeader = NULL;
 tcphdr_ptr   pTcpHeader = NULL;
 HANDLE    hEvent[256];
 DWORD    dwAdIndex = 0;
 char    szTempString[1500];
 char    szPattern[256];
 BOOL    bDrop = FALSE;


// Main code

if (argc < 2)
{
return 0;
}

if(!api.IsDriverLoaded())
{
return 0;
}

if ( strlen(argv[1]) > 255 )
{
return 0;
}

printf ("Testing...\n\n");


// Get pattern in upper case

ZeroMemory ( szPattern, 256 );
strcpy ( szPattern, argv[1] );
for ( unsigned i = 0; i < strlen (szPattern); ++i )
{
if (isalpha(((UCHAR)szPattern[i])))
szPattern[i] = (char)toupper((UCHAR)szPattern[i]);
}

// Get system installed network interfaces

api.GetTcpipBoundAdaptersInfo ( &AdList; );

// Initialize common ADAPTER_MODE structure (all network interfaces will operate in the same mode)

ADAPTER_MODE Mode;
Mode.dwFlags = MSTCP_FLAG_SENT_TUNNEL|MSTCP_FLAG_RECV_TUNNEL;

// Create notification events and initialize the driver to pass packets thru us

for (dwAdIndex = 0; dwAdIndex < AdList.m_nAdapterCount; ++dwAdIndex)
{
hEvent[dwAdIndex] = CreateEvent(NULL, TRUE, FALSE, NULL);
if (!hEvent[dwAdIndex])
{
printf("Failed to create notification event for network interface \n");
return 0;
}

Mode.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[dwAdIndex];

// Set MSTCP_FLAG_SENT_TUNNEL|MSTCP_FLAG_RECV_TUNNEL for the network interface

api.SetAdapterMode(&Mode;);

// Set packet notification event for the network interface

api.SetPacketEvent((HANDLE)AdList.m_nAdapterHandle[dwAdIndex], hEvent[dwAdIndex]);
}
 
// Initialize common part of ETH_REQUEST

ZeroMemory ( &Request;, sizeof(ETH_REQUEST) );
ZeroMemory ( &PacketBuffer;, sizeof(INTERMEDIATE_BUFFER) );
Request.EthPacket.Buffer = &PacketBuffer;

// Go into the endless loop (this is just a sample application)

while (TRUE)
{

// Wait before any of the interfaces is ready to indicate the packet

dwAdIndex = WaitForMultipleObjects ( AdList.m_nAdapterCount, hEvent, FALSE, INFINITE ) - WAIT_OBJECT_0;

// Complete initialization of ETH_REQUEST

Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[dwAdIndex];
  
// Read packet from the interface until there are any

while(api.ReadPacket(&Request;))
{

// Get Ethernet header

pEthHeader = (ether_header_ptr)PacketBuffer.m_IBuffer;
   
// Check if Ethernet frame contains IP packet

if(ntohs(pEthHeader->h_proto) == ETH_P_IP)
{
// Get IP header

pIpHeader = (iphdr_ptr)(pEthHeader + 1);

// Check if IP packet contains TCP packet

if (pIpHeader->ip_p == IPPROTO_TCP)
{

// Get TCP header pointer

pTcpHeader = (tcphdr_ptr)((PUCHAR)pIpHeader + pIpHeader->ip_hl*4);

// Check if this HTTP packet (destined to remote system port 80, or received from it)

if (((pTcpHeader->th_dport == htons (80))&&(PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND))|| 
((pTcpHeader->th_sport == htons (80))&&(PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_RECEIVE)))
{

// Get data size in the packet and pointer to the data

DWORD dwDataLength = PacketBuffer.m_Length - (sizeof(ether_header) + pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);
PCHAR pData = (PCHAR)pEthHeader + (sizeof(ether_header) + pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);

// If packet contains any data - process it

if (dwDataLength)
{

// Copy packet payload into the temporary string, replace all 0 bytes with 0x20, convert string to upper case and place \0 at the end

memcpy (szTempString, pData, dwDataLength);
for (unsigned t = 0; t < dwDataLength; ++t)
{
if (szTempString[t] == 0)
szTempString[t] = 0x20;

if (isalpha((UCHAR)szTempString[t]))
szTempString[t] = (char)toupper((UCHAR)szTempString[t]);
}
szTempString[dwDataLength] = 0;
//if (strstr ( szTempString, szPattern))
//bDrop = TRUE;

// Check if this packet payload contains user supplied pattern in ASCII code

if (strstr(szTempString, "http://GOOGLE.COM"                  )) bDrop = TRUE;


// =============================================================================

}
}

}
}
if(bDrop)
{
printf ("TCP %d.%d.%d.%d:%d  ->  %d.%d.%d.%d:%d pattern found & packet dropped \n", 
pIpHeader->ip_src.S_un.S_un_b.s_b1, pIpHeader->ip_src.S_un.S_un_b.s_b2, pIpHeader->ip_src.S_un.S_un_b.s_b3, pIpHeader->ip_src.S_un.S_un_b.s_b4, ntohs(pTcpHeader->th_sport),
pIpHeader->ip_dst.S_un.S_un_b.s_b1, pIpHeader->ip_dst.S_un.S_un_b.s_b2, pIpHeader->ip_dst.S_un.S_un_b.s_b3, pIpHeader->ip_dst.S_un.S_un_b.s_b4, ntohs (pTcpHeader->th_dport));
bDrop = FALSE;
}
else
if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND)
{
// Place packet on the network interface
api.SendPacketToAdapter(&Request;);
}
else
{
// Indicate packet to MSTCP
api.SendPacketToMstcp(&Request;);
}
}
// Reset signalled event
ResetEvent(hEvent[dwAdIndex]); 
}
return 0;
}

 

Revise this Paste

Your Name: Code Language: