代码比较简单,就不做注释了。  包含一个sockethookinject.DLL 和sockethook.exe

有一点不清楚,

SetExclusiveACL可以添加当前线程的hook,  但是easyhook如何 detach dll 并且释放hook呢?  知道的大神麻烦告知一下。
    public class SocketInterFace : MarshalByRefObject

    {

        public delegate void LogArgsHander(BufferStruct argsbuffer);

        public static event LogArgsHander logEvent;

        public void IsInstalled(Int32 InClientPID)

        {

            Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);

        }

        public void OnRecv(byte[] RecvBuffer, int LoginIndex, int LoginIndexEx)

        {

            BufferStruct BufferArgs = new BufferStruct();

            BufferArgs.Buffer = RecvBuffer;

            BufferArgs.BufferSize = RecvBuffer.Length;

            BufferArgs.ObjectType = "recv";

            OnLog(BufferArgs);

        }

        public void OnSend(byte[] RecvBuffer, int LoginIndex, int LoginIndexEx)

        {

            BufferStruct BufferArgs = new BufferStruct();

            BufferArgs.Buffer = RecvBuffer;

            BufferArgs.BufferSize = RecvBuffer.Length;

            BufferArgs.ObjectType = "send";

            OnLog(BufferArgs);

        }

        public void OnLog(string BufferArgs) { Console.WriteLine(BufferArgs); }

        public void OnLog(BufferStruct buf)

        {

            if (logEvent!=null)

            {

                logEvent(buf);

            }

        }

        public struct BufferStruct

        {

            /// <summary>

            /// Socket指针

            /// </summary>

            public IntPtr sockHander;

            /// <summary>

            /// 封包数据

            /// </summary>

            public byte[] Buffer;

            /// <summary>

            /// 封包大小

            /// </summary>

            public int BufferSize;

            /// <summary>

            /// 封包动态序列

            /// </summary>

            public int[] LoginIdent;

            /// <summary>

            /// send recv

            /// </summary>

            public string ObjectType;

        }

    }
    public partial class Form1 : Form

    {

        public Form1()

        {

            InitializeComponent();

            SocketInterFace.logEvent += new SocketInterFace.LogArgsHander(MainSend);

            if (!EasyHook.RemoteHooking.IsAdministrator)

                MessageBox.Show("请用管理员方式启动");

        }

        public void MainSend(socketHook.SocketInterFace.BufferStruct buff)

        {

            Console.WriteLine(string.Format("长度:{0} 类型:{2}\r\n 内容:{1}", buff.BufferSize, byteToHexStr(buff.Buffer, buff.BufferSize),buff.ObjectType));

        }

        public static string byteToHexStr(byte[] bytes, int byteLen)

        {

            string returnStr = "";

            if (bytes != null)

            {

                for (int i = ; i < byteLen; i++)

                {

                    returnStr += bytes[i].ToString("X2");

                }

            }

            return returnStr;

        }

        string ChannelName = null;

        private void button1_Click(object sender, EventArgs e)

        {

            try

            {

                EasyHook.Config.Register(".net远程注入组建", "socketHook.exe", "sockethookinject.dll");

            }

            catch (Exception ex)

            {

            }

            int id=Process.GetProcessesByName("SupARC").First().Id;

            if (id != ) {

            EasyHook.RemoteHooking.IpcCreateServer<SocketInterFace>(ref ChannelName, System.Runtime.Remoting.WellKnownObjectMode.SingleCall);

            EasyHook.RemoteHooking.Inject(id, "sockethookinject.dll", "sockethookinject.dll", ChannelName);

            }

            else

            {

                MessageBox.Show("ARC没有启动");

            }

        }

        private void button2_Click(object sender, EventArgs e)

        {

        }

    }
public class Main : IEntryPoint

    {

        SocketInterFace Interface;

        Stack<String> Queue = new Stack<String>();

        public Main(RemoteHooking.IContext InContext,string InChannelName)

        {

            Interface = RemoteHooking.IpcConnectClient<SocketInterFace>(InChannelName);

            Interface.OnLog("初始化HOOK成功");

        }

        LocalHook RecvHook;

        LocalHook SendHook;

       int MyRecv(IntPtr socket, IntPtr buffer, int length, int flags)

        {

            int bytesCount = recv(socket, buffer, length, flags);

            if (bytesCount>)

            {

                byte[] RecvBuffer = new byte[bytesCount];

                Marshal.Copy(buffer, RecvBuffer, , RecvBuffer.Length);

                Interface.OnRecv(RecvBuffer, , );

            }

            return bytesCount;

        }

       int MySend(IntPtr socket, IntPtr buffer, int length, int flags)

       {

           int bytesCount = send(socket, buffer, length, flags);

           if (bytesCount > )

           {

               byte[] RecvBuffer = new byte[bytesCount];

               Marshal.Copy(buffer, RecvBuffer, , RecvBuffer.Length);

               Interface.OnSend(RecvBuffer, , );

           }

           return bytesCount;

       }

        public void Run(RemoteHooking.IContext InContext,string InChannelName)

        {

            RecvHook = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "recv"), new DRecv(MyRecv), this);

            SendHook = LocalHook.Create(LocalHook.GetProcAddress("WS2_32.dll", "send"), new DSend(MySend), this);

            SendHook.ThreadACL.SetExclusiveACL(new Int32[] {  });

            RecvHook.ThreadACL.SetExclusiveACL(new Int32[] {  });

            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            dwProHwnd = OpenProcess(PROCESS_ALL_ACCESS, , RemoteHooking.GetCurrentProcessId());

            //EasyHook.RemoteHooking.WakeUpProcess();

            while (true) { Thread.Sleep(); }

        }

        [DllImport("kernel32.dll", EntryPoint = "OpenProcess")]

        public static extern uint OpenProcess(uint dwDesiredAccess, int bInheritHandle, int dwProcessId);

        public const uint PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF);

        public const uint SYNCHRONIZE = 0x00100000;

        public const uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;

        public uint dwProHwnd = ;

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]

        delegate int DRecv(IntPtr socket, IntPtr buffer, int length, int flags);

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]

        static extern int recv(IntPtr socket, IntPtr buffer, int length, int flags);

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]

        delegate int DSend(IntPtr socket, IntPtr buffer, int length, int flags);

        [DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]

        static extern int send(IntPtr socket, IntPtr buffer, int length, int flags);

    }

easyHOOK socket send recv的更多相关文章

  1. [转]Socket send函数和recv函数详解

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  2. Socket send函数和recv函数详解

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  3. linux socket下send()&recv()调用

    1.send 函数 int send( SOCKET s, const char FAR *buf, int len, int flags ); 不论是客户还是服务器应用程序都用send函数来向TCP ...

  4. 套接字I/O函数write/read writev/readv send/recv sendto/recvfrom sendmsg/recvmsg

    函数原型 read/write系原型 #include <unistd.h> ssize_t read(int fd, void *buf, size_t count); #include ...

  5. linux Socket send与recv函数详解

    转自:http://www.cnblogs.com/blankqdb/archive/2012/08/30/2663859.html linux send与recv函数详解   1 #include ...

  6. linux socket send和recv、write和read

    1 recv和read ssize_t recv(int sockfd, void *buf, size_t len, int flags); ssize_t read(int fd, void *b ...

  7. send+recv注意事项

    [TOC] send 函数原型 ssize_t send( SOCKET s, const char *buf, size_t len, int flags ) 注意事项 待发送数据长度data_le ...

  8. Linux下tcp协议socket的recv函数返回时机分析(粘包)

    http://www.vckbase.com/index.php/wv/10http://blog.csdn.net/zlzlei/article/details/7689409 文章一: 当前在网络 ...

  9. C语言socket send()数据缓存问题

    send()函数默认情况下会使用Nagle算法.Nagle算法通过将未确认的数据存入缓冲区直到积攒到一定数量一起发送的方法.来降低主机发送零碎小数据包的数目.所以假设send()函数发送数据过快的话, ...

随机推荐

  1. 通过c# 实现mysql 数据库的备份和附加

    近期涉及到通过c# 对mysq数据库的备份和附件功能 由于mysql 有类似的备份和附加的cmd命令.可是一直没用过,今天实践了下,感觉效率挺快.比自己写的效率高.以下我列出c#调用mysql的备份和 ...

  2. CEF中JavaScript与C++交互

    在CEF里,JS和Native(C/C++)代码能够非常方便的交互,这里https://bitbucket.org/chromiumembedded/cef/wiki/JavaScriptIntegr ...

  3. openstack-glance API 镜像管理的部分实现和样例

    感谢朋友支持本博客,欢迎共同探讨交流,因为能力和时间有限.错误之处在所难免.欢迎指正. 假设转载,请保留作者信息. 博客地址:http://blog.csdn.net/qq_21398167 原博文地 ...

  4. C++教程之autokeyword的使用

    一.autokeyword的前世 从C语言開始,autokeyword就被当作是一个变量的存储类型修饰符,表示自己主动变量(局部变量).它不能被单独使用,否则编译器会给出警告. #include &l ...

  5. java文本编辑器v2.0 图形用户界面

    package 文本编辑器; import java.awt.BorderLayout; import java.awt.Color; import java.awt.Dimension; impor ...

  6. 【Sqlserver系列】【转载】事物与锁

    1   概述 本篇文章简要对事物与锁的分析比较详细,因此就转载了. 2   具体内容 并发可以定义为多个进程同时访问或修改共享数据的能力.处于活动状态而互不干涉的并发用户进程的数量越多,数据库系统的并 ...

  7. 分布式:2PC,3PC,Paxos,Raft,ISR [转]

    本文主要讲述2PC及3PC,以及Paxos以及Raft协议. 两类一致性(操作原子性与副本一致性) 2PC协议用于保证属于多个数据分片上的操作的原子性.这些数据分片可能分布在不同的服务器上,2PC协议 ...

  8. PHP是干什么用?

    掌握PHP就是使用电脑制定规则.框架tp3.2/5.2 在结构化编程中,程序围绕着要解决的任务来设计. 面向对象编程中,程序围绕着问题域中的对象来设计. 面对对象的识别事物的方式: ●类比----&g ...

  9. iOS OC利用imageview属性切出类似圆柱图形

    效果一: 效果二: 上边的图形我也数不出来名字,,暂称圆柱正切图形吧,看到这样的需求似不似在想各种插件,各种切图方法了呢... UIImageView的属性可以轻松搞定 UIViewContentMo ...

  10. 网口划VLAN

    do sho run int g0/28 int g0/18 sw mo acc sw acc vlan 220 span portfa exit do wr exit