代码比较简单,就不做注释了。  包含一个sockethookinject.DLL 和sockethook.exe

有一点不清楚,

SetExclusiveACL可以添加当前线程的hook,  但是easyhook如何 detach dll 并且释放hook呢?  知道的大神麻烦告知一下。
    public class SocketInterFace : MarshalByRefObject

    {

        public delegate void LogArgsHander(BufferStruct argsbuffer);

        public static event LogArgsHander logEvent;

        public void IsInstalled(Int32 InClientPID)

        {

            Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);

        }

        public void OnRecv(byte[] RecvBuffer, int LoginIndex, int LoginIndexEx)

        {

            BufferStruct BufferArgs = new BufferStruct();

            BufferArgs.Buffer = RecvBuffer;

            BufferArgs.BufferSize = RecvBuffer.Length;

            BufferArgs.ObjectType = "recv";

            OnLog(BufferArgs);

        }

        public void OnSend(byte[] RecvBuffer, int LoginIndex, int LoginIndexEx)

        {

            BufferStruct BufferArgs = new BufferStruct();

            BufferArgs.Buffer = RecvBuffer;

            BufferArgs.BufferSize = RecvBuffer.Length;

            BufferArgs.ObjectType = "send";

            OnLog(BufferArgs);

        }

        public void OnLog(string BufferArgs) { Console.WriteLine(BufferArgs); }

        public void OnLog(BufferStruct buf)

        {

            if (logEvent!=null)

            {

                logEvent(buf);

            }

        }

        public struct BufferStruct

        {

            /// <summary>

            /// Socket指针

            /// </summary>

            public IntPtr sockHander;

            /// <summary>

            /// 封包数据

            /// </summary>

            public byte[] Buffer;

            /// <summary>

            /// 封包大小

            /// </summary>

            public int BufferSize;

            /// <summary>

            /// 封包动态序列

            /// </summary>

            public int[] LoginIdent;

            /// <summary>

            /// send recv

            /// </summary>

            public string ObjectType;

        }

    }
    public partial class Form1 : Form

    {

        public Form1()

        {

            InitializeComponent();

            SocketInterFace.logEvent += new SocketInterFace.LogArgsHander(MainSend);

            if (!EasyHook.RemoteHooking.IsAdministrator)

                MessageBox.Show("请用管理员方式启动");

        }

        public void MainSend(socketHook.SocketInterFace.BufferStruct buff)

        {

            Console.WriteLine(string.Format("长度:{0} 类型:{2}\r\n 内容:{1}", buff.BufferSize, byteToHexStr(buff.Buffer, buff.BufferSize),buff.ObjectType));

        }

        public static string byteToHexStr(byte[] bytes, int byteLen)

        {

            string returnStr = "";

            if (bytes != null)

            {

                for (int i = ; i < byteLen; i++)

                {

                    returnStr += bytes[i].ToString("X2");

                }

            }

            return returnStr;

        }

        string ChannelName = null;

        private void button1_Click(object sender, EventArgs e)

        {

            try

            {

                EasyHook.Config.Register(".net远程注入组建", "socketHook.exe", "sockethookinject.dll");

            }

            catch (Exception ex)

            {

            }

            int id=Process.GetProcessesByName("SupARC").First().Id;

            if (id != ) {

            EasyHook.RemoteHooking.IpcCreateServer<SocketInterFace>(ref ChannelName, System.Runtime.Remoting.WellKnownObjectMode.SingleCall);

            EasyHook.RemoteHooking.Inject(id, "sockethookinject.dll", "sockethookinject.dll", ChannelName);

            }

            else

            {

                MessageBox.Show("ARC没有启动");

            }

        }

        private void button2_Click(object sender, EventArgs e)

        {

        }

    }
public class Main : IEntryPoint

    {

        SocketInterFace Interface;

        Stack<String> Queue = new Stack<String>();

        public Main(RemoteHooking.IContext InContext,string InChannelName)

        {

            Interface = RemoteHooking.IpcConnectClient<SocketInterFace>(InChannelName);

            Interface.OnLog("初始化HOOK成功");

        }

        LocalHook RecvHook;

        LocalHook SendHook;

       int MyRecv(IntPtr socket, IntPtr buffer, int length, int flags)

        {

            int bytesCount = recv(socket, buffer, length, flags);

            if (bytesCount>)

            {

                byte[] RecvBuffer = new byte[bytesCount];

                Marshal.Copy(buffer, RecvBuffer, , RecvBuffer.Length);

                Interface.OnRecv(RecvBuffer, , );

            }

            return bytesCount;

        }

       int MySend(IntPtr socket, IntPtr buffer, int length, int flags)

       {

           int bytesCount = send(socket, buffer, length, flags);

           if (bytesCount > )

           {

               byte[] RecvBuffer = new byte[bytesCount];

               Marshal.Copy(buffer, RecvBuffer, , RecvBuffer.Length);

               Interface.OnSend(RecvBuffer, , );

           }

           return bytesCount;

       }

        public void Run(RemoteHooking.IContext InContext,string InChannelName)

        {

            RecvHook = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recv"), new DRecv(MyRecv), this);

            SendHook = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "send"), new DSend(MySend), this);

            SendHook.ThreadACL.SetExclusiveACL(new Int32[] {  });

            RecvHook.ThreadACL.SetExclusiveACL(new Int32[] {  });

            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            dwProHwnd = OpenProcess(PROCESS_ALL_ACCESS, , RemoteHooking.GetCurrentProcessId());

            //EasyHook.RemoteHooking.WakeUpProcess();

            while (true) { Thread.Sleep(); }

        }

        [DllImport("kernel32.dll", EntryPoint = "OpenProcess")]

        public static extern uint OpenProcess(uint dwDesiredAccess, int bInheritHandle, int dwProcessId);

        public const uint PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF);

        public const uint SYNCHRONIZE = 0x00100000;

        public const uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;

        public uint dwProHwnd = ;

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]

        delegate int DRecv(IntPtr socket, IntPtr buffer, int length, int flags);

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]

        static extern int recv(IntPtr socket, IntPtr buffer, int length, int flags);

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]

        delegate int DSend(IntPtr socket, IntPtr buffer, int length, int flags);

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]

        static extern int send(IntPtr socket, IntPtr buffer, int length, int flags);

    }

easyHOOK socket send recv的更多相关文章

  1. [转]Socket send函数和recv函数详解

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  2. Socket send函数和recv函数详解

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  3. linux socket下send()&recv()调用

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  4. 套接字I/O函数write/read writev/readv send/recv sendto/recvfrom sendmsg/recvmsg

    函数原型 read/write系原型 #include <unistd.h> ssize_t read(int fd, void *buf, size_t count); #include ...

  5. linux Socket send与recv函数详解

    转自:http://www.cnblogs.com/blankqdb/archive/2012/08/30/2663859.html linux send与recv函数详解   1 #include ...

  6. linux socket send和recv、write和read

    1 recv和read ssize_t recv(int sockfd, void *buf, size_t len, int flags); ssize_t read(int fd, void *b ...

  7. send+recv注意事项

    [TOC] send 函数原型 ssize_t send( SOCKET s, const char *buf, size_t len, int flags ) 注意事项 待发送数据长度data_le ...

  8. Linux下tcp协议socket的recv函数返回时机分析(粘包)

    http://www.vckbase.com/index.php/wv/10http://blog.csdn.net/zlzlei/article/details/7689409 文章一: 当前在网络 ...

  9. C语言socket send()数据缓存问题

    send()函数默认情况下会使用Nagle算法.Nagle算法通过将未确认的数据存入缓冲区直到积攒到一定数量一起发送的方法.来降低主机发送零碎小数据包的数目.所以假设send()函数发送数据过快的话, ...

随机推荐

  1. 快速上手virtualenv

    五分钟轻松学会管理项目开发环境. 在开发Python应用程序的时候,系统安装的Python3只有一个版本:3.x.所有第三方的包都会被pip安装到Python3的site-packages目录下. p ...

  2. 服务器固件测试--PCI设备的介绍(集成网卡和外插网卡)

    今天2017年9月26号,快三个月的时间,是该梳理一下,我来到这个岗位学到的东西. 网卡是什么 网卡分为俩大类 板载的集成网卡和外插的网卡.外插的网卡又分为很多种. 板载的集成网卡 外插的网卡分为 I ...

  3. .NET 实现Base-64加密解密处理

    .NET 实现Base-64加密解密处理 using System; using System.Collections.Generic; using System.Linq; using System ...

  4. PHP成长之路之PHP连接MySql数据库(一)

    PHP(外文名:PHP: Hypertext Preprocessor,中文名:“超文本预处理器”)是一种通用开源脚本语言.语法吸收了C语言.Java和Perl的特点,利于学习,使用广泛,主要适用于W ...

  5. mac配置java和maven环境变量

    1.打开终端: 2.输入命令:sudo vi ~/.bash_profile进入编辑模式: 3.输入开机密码并按两次enter键进入编辑选择项: 4.输入i键进入文件插入模式输入配置信息: 5.按es ...

  6. iOS----------如何检查域名是否支持ipv6

    http://ipv6-test.com/validate.php  这个地址  也可以检测到! 1.检查你所用到的库,像af 3.0以上什么的(不用改),其他的库自己去搜下是否支持ipv6吧. 2. ...

  7. Mysql 5.6到5.7的mysql.user改变

    很久没配置mysql.昨天在centos服务器上装了个mysql,desc user的时候,找不到password column,看了官方API 才知道原来的password已经修改为authenti ...

  8. 【Zookeeper】源码分析之服务器(三)之LeaderZooKeeperServer

    一.前言 前面分析了ZooKeeperServer源码,由于QuorumZooKeeperServer的源码相对简单,于是直接分析LeaderZooKeeperServer. 二.LeaderZooK ...

  9. 数据库入门(以MySQL为例)

    一.数据库中的概念 1.数据库是用户存放数据.访问数据.操作数据的存储仓库,用户的各种数据被有组织地存放在数据库中.可以随时被有权限的用户查询.统计.添加.删除.和修改.可以说,数据库是长期存储在计算 ...

  10. xml文件生成方式一(字符串拼接,将多实体类对象写入xml文件)

    1.xml文件生成,拼接字符串使用StringBuffer或StringBuilder 2.拼接好后写入文件即可,将多个实体类写入xml文件 3.这种方式比较简单,但是操作也比较麻烦 4.下面是我的代 ...