代码比较简单,就不做注释了。  包含一个sockethookinject.DLL 和sockethook.exe

有一点不清楚,

SetExclusiveACL可以添加当前线程的hook,  但是easyhook如何 detach dll 并且释放hook呢?  知道的大神麻烦告知一下。
    public class SocketInterFace : MarshalByRefObject

    {

        public delegate void LogArgsHander(BufferStruct argsbuffer);

        public static event LogArgsHander logEvent;

        public void IsInstalled(Int32 InClientPID)

        {

            Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);

        }

        public void OnRecv(byte[] RecvBuffer, int LoginIndex, int LoginIndexEx)

        {

            BufferStruct BufferArgs = new BufferStruct();

            BufferArgs.Buffer = RecvBuffer;

            BufferArgs.BufferSize = RecvBuffer.Length;

            BufferArgs.ObjectType = "recv";

            OnLog(BufferArgs);

        }

        public void OnSend(byte[] RecvBuffer, int LoginIndex, int LoginIndexEx)

        {

            BufferStruct BufferArgs = new BufferStruct();

            BufferArgs.Buffer = RecvBuffer;

            BufferArgs.BufferSize = RecvBuffer.Length;

            BufferArgs.ObjectType = "send";

            OnLog(BufferArgs);

        }

        public void OnLog(string BufferArgs) { Console.WriteLine(BufferArgs); }

        public void OnLog(BufferStruct buf)

        {

            if (logEvent!=null)

            {

                logEvent(buf);

            }

        }

        public struct BufferStruct

        {

            /// <summary>

            /// Socket指针

            /// </summary>

            public IntPtr sockHander;

            /// <summary>

            /// 封包数据

            /// </summary>

            public byte[] Buffer;

            /// <summary>

            /// 封包大小

            /// </summary>

            public int BufferSize;

            /// <summary>

            /// 封包动态序列

            /// </summary>

            public int[] LoginIdent;

            /// <summary>

            /// send recv

            /// </summary>

            public string ObjectType;

        }

    }
    public partial class Form1 : Form

    {

        public Form1()

        {

            InitializeComponent();

            SocketInterFace.logEvent += new SocketInterFace.LogArgsHander(MainSend);

            if (!EasyHook.RemoteHooking.IsAdministrator)

                MessageBox.Show("请用管理员方式启动");

        }

        public void MainSend(socketHook.SocketInterFace.BufferStruct buff)

        {

            Console.WriteLine(string.Format("长度:{0} 类型:{2}\r\n 内容:{1}", buff.BufferSize, byteToHexStr(buff.Buffer, buff.BufferSize),buff.ObjectType));

        }

        public static string byteToHexStr(byte[] bytes, int byteLen)

        {

            string returnStr = "";

            if (bytes != null)

            {

                for (int i = ; i < byteLen; i++)

                {

                    returnStr += bytes[i].ToString("X2");

                }

            }

            return returnStr;

        }

        string ChannelName = null;

        private void button1_Click(object sender, EventArgs e)

        {

            try

            {

                EasyHook.Config.Register(".net远程注入组建", "socketHook.exe", "sockethookinject.dll");

            }

            catch (Exception ex)

            {

            }

            int id=Process.GetProcessesByName("SupARC").First().Id;

            if (id != ) {

            EasyHook.RemoteHooking.IpcCreateServer<SocketInterFace>(ref ChannelName, System.Runtime.Remoting.WellKnownObjectMode.SingleCall);

            EasyHook.RemoteHooking.Inject(id, "sockethookinject.dll", "sockethookinject.dll", ChannelName);

            }

            else

            {

                MessageBox.Show("ARC没有启动");

            }

        }

        private void button2_Click(object sender, EventArgs e)

        {

        }

    }
public class Main : IEntryPoint

    {

        SocketInterFace Interface;

        Stack<String> Queue = new Stack<String>();

        public Main(RemoteHooking.IContext InContext,string InChannelName)

        {

            Interface = RemoteHooking.IpcConnectClient<SocketInterFace>(InChannelName);

            Interface.OnLog("初始化HOOK成功");

        }

        LocalHook RecvHook;

        LocalHook SendHook;

       int MyRecv(IntPtr socket, IntPtr buffer, int length, int flags)

        {

            int bytesCount = recv(socket, buffer, length, flags);

            if (bytesCount>)

            {

                byte[] RecvBuffer = new byte[bytesCount];

                Marshal.Copy(buffer, RecvBuffer, , RecvBuffer.Length);

                Interface.OnRecv(RecvBuffer, , );

            }

            return bytesCount;

        }

       int MySend(IntPtr socket, IntPtr buffer, int length, int flags)

       {

           int bytesCount = send(socket, buffer, length, flags);

           if (bytesCount > )

           {

               byte[] RecvBuffer = new byte[bytesCount];

               Marshal.Copy(buffer, RecvBuffer, , RecvBuffer.Length);

               Interface.OnSend(RecvBuffer, , );

           }

           return bytesCount;

       }

        public void Run(RemoteHooking.IContext InContext,string InChannelName)

        {

            RecvHook = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recv"), new DRecv(MyRecv), this);

            SendHook = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "send"), new DSend(MySend), this);

            SendHook.ThreadACL.SetExclusiveACL(new Int32[] {  });

            RecvHook.ThreadACL.SetExclusiveACL(new Int32[] {  });

            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            dwProHwnd = OpenProcess(PROCESS_ALL_ACCESS, , RemoteHooking.GetCurrentProcessId());

            //EasyHook.RemoteHooking.WakeUpProcess();

            while (true) { Thread.Sleep(); }

        }

        [DllImport("kernel32.dll", EntryPoint = "OpenProcess")]

        public static extern uint OpenProcess(uint dwDesiredAccess, int bInheritHandle, int dwProcessId);

        public const uint PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF);

        public const uint SYNCHRONIZE = 0x00100000;

        public const uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;

        public uint dwProHwnd = ;

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]

        delegate int DRecv(IntPtr socket, IntPtr buffer, int length, int flags);

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]

        static extern int recv(IntPtr socket, IntPtr buffer, int length, int flags);

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]

        delegate int DSend(IntPtr socket, IntPtr buffer, int length, int flags);

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]

        static extern int send(IntPtr socket, IntPtr buffer, int length, int flags);

    }

easyHOOK socket send recv的更多相关文章

  1. [转]Socket send函数和recv函数详解

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  2. Socket send函数和recv函数详解

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  3. linux socket下send()&recv()调用

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  4. 套接字I/O函数write/read writev/readv send/recv sendto/recvfrom sendmsg/recvmsg

    函数原型 read/write系原型 #include <unistd.h> ssize_t read(int fd, void *buf, size_t count); #include ...

  5. linux Socket send与recv函数详解

    转自:http://www.cnblogs.com/blankqdb/archive/2012/08/30/2663859.html linux send与recv函数详解   1 #include ...

  6. linux socket send和recv、write和read

    1 recv和read ssize_t recv(int sockfd, void *buf, size_t len, int flags); ssize_t read(int fd, void *b ...

  7. send+recv注意事项

    [TOC] send 函数原型 ssize_t send( SOCKET s, const char *buf, size_t len, int flags ) 注意事项 待发送数据长度data_le ...

  8. Linux下tcp协议socket的recv函数返回时机分析(粘包)

    http://www.vckbase.com/index.php/wv/10http://blog.csdn.net/zlzlei/article/details/7689409 文章一: 当前在网络 ...

  9. C语言socket send()数据缓存问题

    send()函数默认情况下会使用Nagle算法.Nagle算法通过将未确认的数据存入缓冲区直到积攒到一定数量一起发送的方法.来降低主机发送零碎小数据包的数目.所以假设send()函数发送数据过快的话, ...

随机推荐

  1. Java中流-----个人总结心得

    流 字符流 字节流 缓冲区 数据流---用于传输数据.IO流---Input/Output流.数据从外部流向程序---输入流:数据从程序流向外部的时候--输出流.读取一个文件---数据从文件流向程序- ...

  2. strus2项目中百度编辑器运用的几点细节

    百度编辑器的运用可以参考我之前写的一篇文章,在java项目中加入百度富文本编辑器.这篇文章是以maven+spring mvc项目进行的,总得来说配置比较简单,但是如果是想在strus2项目中配置ue ...

  3. 存储与索引------《Designing Data-Intensive Applications》读书笔记3

    在上一篇的笔记之中,我们讨论了数据模型和查询语言.在第三章之中我们来聊一聊不同的数据引擎内部是如何实现存储和检索的,以及不同设计之间的折中与妥协. 1.键值对数据库 键值对数据库是数据库形式之中最简单 ...

  4. Django项目创建02

    Django项目创建(ubuntu环境) 1.    创建项目目录,我是在root下创建了一个workspace文件夹:mkdir workspace  然后cd到该目录下 命令:django-adm ...

  5. python作用域与命名空间

    什么是命名空间 比如有一个学校,有10个班级,在7班和8班中都有一个叫“小王”的同学,如果在学校的广播中呼叫“小王”时,7班和8班中的这2个人就纳闷了,你是喊谁呢!!!如果是“7班的小王”的话,那么就 ...

  6. 【java】网络socket编程简单示例

    package 网络编程; import java.io.IOException; import java.io.PrintStream; import java.net.ServerSocket; ...

  7. 【python】函数参数关键字索引、参数指定默认值、搜集参数

  8. Charles 抓包工具使用部分问题总结

    一. You may need to configure your browser or application to trust the Charles Root Certificate. See ...

  9. 限制ssh远程登陆

    超过十次,就添加到hosts.deny里面去 #!/bin/bash date=`date +%Y%m%d` file="/var/log/secure" max=10 if [[ ...

  10. axios配合vue+webpack使用

    1.安装引用: cnpm install axios --save-dev 2.在组件中引入: import axios from 'axios'; 3.使用示例: 执行GET请求: // 为给定 I ...