大体上应该是这样:
B机输入163网址以后,会有一个GET请求通过A机,A机用PASSTHRU中的PtReceivePacket接收到了这个包,但发现不是给自己的,就进行转发。
想要实现我上面说的那个功能,就在PtReceivePacket中修改这个含GET请求的数据包,让这个包伪装成B机输入www.sina.com.cn的情况。这样B机的IE就会出现www.sina.com的内容了吧?
不过这个修改数据包的具体方法有么?? 试着改了改,好像原包不能改啊,反正不断蓝屏…………
校验和IP的是直接算IP头长度?TCP的是算IP头+TCP头+数据包长度?
要是有认知道,麻烦帮帮忙~~
8 个解决方案
#1
那你能不能,整个包都替换了呀?
#2
替换包的步骤我也不清楚,
大体上应该是:
1.把获取的包,包头和数据分开
2.构建一个新包。
3,把原包的包头赋值给新包的包头,
4,另定义一个指针,将含WWW.SINA.COM.CN的GET内容写入
5,将该指针与新包包头联系起来。
6.重新计算IP和TCP的校验和
7.通知上层
应该还缺不少细节,反正我自己定义的新包是没有搞定这个问题的…… 也是一启动就蓝屏死机……
大体上应该是:
1.把获取的包,包头和数据分开
2.构建一个新包。
3,把原包的包头赋值给新包的包头,
4,另定义一个指针,将含WWW.SINA.COM.CN的GET内容写入
5,将该指针与新包包头联系起来。
6.重新计算IP和TCP的校验和
7.通知上层
应该还缺不少细节,反正我自己定义的新包是没有搞定这个问题的…… 也是一启动就蓝屏死机……
#3
不懂.
#4
谁蓝屏?A还是B的
不光是改get request而已吧,还有IP什么的不用处理的么?
返回的包不要处理下再给B么?
至于算checksum什么的自己随便google下吧。
不光是改get request而已吧,还有IP什么的不用处理的么?
返回的包不要处理下再给B么?
至于算checksum什么的自己随便google下吧。
#5
是A蓝屏 B只是打不开网页,ForestDB说的对啊,IP地址虽然不用修改,但MAC地址是要改一改的………… 不过这个应该不是蓝屏的关键地方啊……
#6
下午把相关代码传上来,希望大家帮忙~~
#7
INT
PtReceivePacket(
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_PACKET Packet
)
{
PADAPT pAdapt =(PADAPT)ProtocolBindingContext;
NDIS_STATUS Status;
PNDIS_PACKET MyPacket;
PRSVD Resvd;
//----------我的变量定义在这里--------------------
NDIS_STATUS sss = NDIS_STATUS_SUCCESS;
PUCHAR pPacketContent;
PUCHAR pBuf;
UINT BufLength;
//对构建新包的变量
char *urladr1;
PNDIS_PACKET urlPacket;
NDIS_STATUS urlstatus;
PUCHAR pMemory;
UINT uOffset;
UINT i = 0;
USHORT iLen;
PRSVD urlRsvd;
PUCHAR pData;
PETH urlethd;
PIP_HEADER urliphd;
PTCP_HEADER urltcphd;
unsigned int urlip_len;
PNDIS_BUFFER urlbufff;
UINT paklen;
//------------我的变量定义结束了------------------
DBGPRINT("==> Passthru Protocol PtReceivePacket\n");
if(!pAdapt->MiniportHandle) return 0;
//-------------------------------我自定义的处理-----------------------------
NdisZeroMemory(pPacketContent,2000);
NdisQueryBufferSafe(Packet->Private.Head,&pBuf,&BufLength,32);
NdisMoveMemory(pPacketContent,pBuf,BufLength);
ethd=(PETH) pPacketContent;//定义以太头
iphd=(PIP_HEADER) ((PCHAR)pPacketContent+14);//定义IP头
ip_len = (iphd->iph_verlen&0xf) * 4; //计算IP头实际长度
tcphd=(PTCP_HEADER)((PCHAR)iphd+ip_len);//定义TCP头
NdisDprAllocatePacket(&urlstatus,&urlPacket,pAdapt->RecvPacketPoolHandle);
if(urlstatus != NDIS_STATUS_SUCCESS)
{
DbgPrint("分配空间失败。");
return urlstatus;
}
DbgPrint("分配空间成功。");
urlRsvd = (PRSVD)(urlPacket->MiniportReserved);
urlRsvd->OriginalPkt = Packet;
urlstatus = NdisAllocateMemory(&pMemory,1400,0,HighestAcceptableMax);
if(urlstatus != NDIS_STATUS_SUCCESS)
{
NdisDprFreePacket(urlPacket);
return urlstatus;
}
urlethd=(PETH)pMemory;//定义以太头
urliphd=(PIP_HEADER) ((PCHAR)pMemory+14);//定义IP头
urlip_len = (urliphd->iph_verlen&0xf) * 4; //计算IP头实际长度
urltcphd=(PTCP_HEADER)((PCHAR)urliphd+ip_len);//定义TCP头
for(i = 0;i<6;i++)
urlethd->eth_dest[i] =ethd->eth_dest[i];
for(i = 0;i<6;i++)
urlethd->eth_src[i]= ethd->eth_src[i];
urlethd->eth_len = ethd->eth_len;
urlethd->eth_type=ethd->eth_type;
urliphd->iph_dest.byte1=iphd->iph_dest.byte1;
urliphd->iph_dest.byte2=iphd->iph_dest.byte2;
urliphd->iph_dest.byte3=iphd->iph_dest.byte3;
urliphd->iph_dest.byte4=iphd->iph_dest.byte4;
urliphd->iph_src[0]=iphd->iph_src[0];
urliphd->iph_src[1]=iphd->iph_src[1];
urliphd->iph_src[2]=iphd->iph_src[2];
urliphd->iph_src[3]=iphd->iph_src[3];
urliphd->iph_id=iphd->iph_id;
urliphd->iph_length=iphd->iph_length;
urliphd->iph_offset=iphd->iph_offset;
urliphd->iph_protocol=iphd->iph_protocol;
urliphd->iph_tos=iphd->iph_tos;
urliphd->iph_ttl=iphd->iph_ttl;
urliphd->iph_verlen=iphd->iph_verlen;
urliphd->iph_xsum=Checksum((USHORT *)urliphd,sizeof(PIP_HEADER));
urltcphd->tcph_ack_seq=tcphd->tcph_ack_seq;
urltcphd->tcph_dest=tcphd->tcph_dest;
urltcphd->tcph_flags=tcphd->tcph_flags;
urltcphd->tcph_seq=tcphd->tcph_seq;
urltcphd->tcph_src=tcphd->tcph_src;
urltcphd->tcph_urgent=tcphd->tcph_urgent;
urltcphd->tcph_window=tcphd->tcph_window;
urltcphd->tcph_check=Checksum((USHORT *)urltcphd,sizeof(PTCP_HEADER));
pData=((PCHAR)iphd+ip_len+sizeof(TCP_HEADER));
NdisMoveMemory(pData,bbdd,1400);
NdisAllocateBuffer(
&urlstatus,
&urlbufff,
pAdapt->RecvPacketPoolHandle,
pMemory,
1400);
if(urlstatus != NDIS_STATUS_SUCCESS)
{
NdisFreePacket(urlPacket);
NdisFreeMemory(pMemory,1400,0);
return urlstatus;
}
//将以太网头送入包中
NdisChainBufferAtFront(urlPacket, urlbufff);
urlPacket->Private.Head->Next=NULL;
urlPacket->Private.Tail=NULL;
NDIS_SET_PACKET_HEADER_SIZE(urlPacket,14);
NdisSetPacketFlags(urlPacket, NDIS_FLAGS_DONT_LOOPBACK);
NDIS_SET_ORIGINAL_PACKET(
urlPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NdisGetPacketFlags(urlPacket) = NdisGetPacketFlags(Packet);
urlstatus = NDIS_GET_PACKET_STATUS(Packet);
NDIS_SET_PACKET_STATUS(urlPacket, urlstatus);
NDIS_SET_PACKET_HEADER_SIZE(
urlPacket, NDIS_GET_PACKET_HEADER_SIZE(Packet));
NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &urlPacket, 1);
if(urlstatus == NDIS_STATUS_RESOURCES)
{
NdisDprFreePacket(urlPacket);
}
return((urlstatus != NDIS_STATUS_RESOURCES) ? 1 : 0);
}
}
}
if(pAdapt->isSecondary)
{
DBGPRINT("PASSTHRU GETTING RECEIVES ON SECONDARY\n");
ASSERT(0);
}
NdisDprAllocatePacket(&Status, &MyPacket, pAdapt->RecvPacketPoolHandle);
if(Status == NDIS_STATUS_SUCCESS)
{
Resvd =(PRSVD)(MyPacket->MiniportReserved);
Resvd->OriginalPkt = Packet;
MyPacket->Private.Head = Packet->Private.Head;
MyPacket->Private.Tail = Packet->Private.Tail;
NDIS_SET_ORIGINAL_PACKET(
MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet);
Status = NDIS_GET_PACKET_STATUS(Packet);
NDIS_SET_PACKET_STATUS(MyPacket, Status);
NDIS_SET_PACKET_HEADER_SIZE(
MyPacket, NDIS_GET_PACKET_HEADER_SIZE(Packet));
NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &MyPacket, 1);
PrintPacket(MyPacket);
if(Status == NDIS_STATUS_RESOURCES)
{
NdisDprFreePacket(MyPacket);
}
return((Status != NDIS_STATUS_RESOURCES) ? 1 : 0);
}
else
{
return(0);
}
}
说实话,写这段程序的时候我已经晕了,基本上没什么价值了。我现在只希望有知道的认来给我说说这中间的过程和道理…… 感激不尽
#8
为什么这么好的帖子没有人回?
#1
那你能不能,整个包都替换了呀?
#2
替换包的步骤我也不清楚,
大体上应该是:
1.把获取的包,包头和数据分开
2.构建一个新包。
3,把原包的包头赋值给新包的包头,
4,另定义一个指针,将含WWW.SINA.COM.CN的GET内容写入
5,将该指针与新包包头联系起来。
6.重新计算IP和TCP的校验和
7.通知上层
应该还缺不少细节,反正我自己定义的新包是没有搞定这个问题的…… 也是一启动就蓝屏死机……
大体上应该是:
1.把获取的包,包头和数据分开
2.构建一个新包。
3,把原包的包头赋值给新包的包头,
4,另定义一个指针,将含WWW.SINA.COM.CN的GET内容写入
5,将该指针与新包包头联系起来。
6.重新计算IP和TCP的校验和
7.通知上层
应该还缺不少细节,反正我自己定义的新包是没有搞定这个问题的…… 也是一启动就蓝屏死机……
#3
不懂.
#4
谁蓝屏?A还是B的
不光是改get request而已吧,还有IP什么的不用处理的么?
返回的包不要处理下再给B么?
至于算checksum什么的自己随便google下吧。
不光是改get request而已吧,还有IP什么的不用处理的么?
返回的包不要处理下再给B么?
至于算checksum什么的自己随便google下吧。
#5
是A蓝屏 B只是打不开网页,ForestDB说的对啊,IP地址虽然不用修改,但MAC地址是要改一改的………… 不过这个应该不是蓝屏的关键地方啊……
#6
下午把相关代码传上来,希望大家帮忙~~
#7
INT
PtReceivePacket(
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_PACKET Packet
)
{
PADAPT pAdapt =(PADAPT)ProtocolBindingContext;
NDIS_STATUS Status;
PNDIS_PACKET MyPacket;
PRSVD Resvd;
//----------我的变量定义在这里--------------------
NDIS_STATUS sss = NDIS_STATUS_SUCCESS;
PUCHAR pPacketContent;
PUCHAR pBuf;
UINT BufLength;
//对构建新包的变量
char *urladr1;
PNDIS_PACKET urlPacket;
NDIS_STATUS urlstatus;
PUCHAR pMemory;
UINT uOffset;
UINT i = 0;
USHORT iLen;
PRSVD urlRsvd;
PUCHAR pData;
PETH urlethd;
PIP_HEADER urliphd;
PTCP_HEADER urltcphd;
unsigned int urlip_len;
PNDIS_BUFFER urlbufff;
UINT paklen;
//------------我的变量定义结束了------------------
DBGPRINT("==> Passthru Protocol PtReceivePacket\n");
if(!pAdapt->MiniportHandle) return 0;
//-------------------------------我自定义的处理-----------------------------
NdisZeroMemory(pPacketContent,2000);
NdisQueryBufferSafe(Packet->Private.Head,&pBuf,&BufLength,32);
NdisMoveMemory(pPacketContent,pBuf,BufLength);
ethd=(PETH) pPacketContent;//定义以太头
iphd=(PIP_HEADER) ((PCHAR)pPacketContent+14);//定义IP头
ip_len = (iphd->iph_verlen&0xf) * 4; //计算IP头实际长度
tcphd=(PTCP_HEADER)((PCHAR)iphd+ip_len);//定义TCP头
NdisDprAllocatePacket(&urlstatus,&urlPacket,pAdapt->RecvPacketPoolHandle);
if(urlstatus != NDIS_STATUS_SUCCESS)
{
DbgPrint("分配空间失败。");
return urlstatus;
}
DbgPrint("分配空间成功。");
urlRsvd = (PRSVD)(urlPacket->MiniportReserved);
urlRsvd->OriginalPkt = Packet;
urlstatus = NdisAllocateMemory(&pMemory,1400,0,HighestAcceptableMax);
if(urlstatus != NDIS_STATUS_SUCCESS)
{
NdisDprFreePacket(urlPacket);
return urlstatus;
}
urlethd=(PETH)pMemory;//定义以太头
urliphd=(PIP_HEADER) ((PCHAR)pMemory+14);//定义IP头
urlip_len = (urliphd->iph_verlen&0xf) * 4; //计算IP头实际长度
urltcphd=(PTCP_HEADER)((PCHAR)urliphd+ip_len);//定义TCP头
for(i = 0;i<6;i++)
urlethd->eth_dest[i] =ethd->eth_dest[i];
for(i = 0;i<6;i++)
urlethd->eth_src[i]= ethd->eth_src[i];
urlethd->eth_len = ethd->eth_len;
urlethd->eth_type=ethd->eth_type;
urliphd->iph_dest.byte1=iphd->iph_dest.byte1;
urliphd->iph_dest.byte2=iphd->iph_dest.byte2;
urliphd->iph_dest.byte3=iphd->iph_dest.byte3;
urliphd->iph_dest.byte4=iphd->iph_dest.byte4;
urliphd->iph_src[0]=iphd->iph_src[0];
urliphd->iph_src[1]=iphd->iph_src[1];
urliphd->iph_src[2]=iphd->iph_src[2];
urliphd->iph_src[3]=iphd->iph_src[3];
urliphd->iph_id=iphd->iph_id;
urliphd->iph_length=iphd->iph_length;
urliphd->iph_offset=iphd->iph_offset;
urliphd->iph_protocol=iphd->iph_protocol;
urliphd->iph_tos=iphd->iph_tos;
urliphd->iph_ttl=iphd->iph_ttl;
urliphd->iph_verlen=iphd->iph_verlen;
urliphd->iph_xsum=Checksum((USHORT *)urliphd,sizeof(PIP_HEADER));
urltcphd->tcph_ack_seq=tcphd->tcph_ack_seq;
urltcphd->tcph_dest=tcphd->tcph_dest;
urltcphd->tcph_flags=tcphd->tcph_flags;
urltcphd->tcph_seq=tcphd->tcph_seq;
urltcphd->tcph_src=tcphd->tcph_src;
urltcphd->tcph_urgent=tcphd->tcph_urgent;
urltcphd->tcph_window=tcphd->tcph_window;
urltcphd->tcph_check=Checksum((USHORT *)urltcphd,sizeof(PTCP_HEADER));
pData=((PCHAR)iphd+ip_len+sizeof(TCP_HEADER));
NdisMoveMemory(pData,bbdd,1400);
NdisAllocateBuffer(
&urlstatus,
&urlbufff,
pAdapt->RecvPacketPoolHandle,
pMemory,
1400);
if(urlstatus != NDIS_STATUS_SUCCESS)
{
NdisFreePacket(urlPacket);
NdisFreeMemory(pMemory,1400,0);
return urlstatus;
}
//将以太网头送入包中
NdisChainBufferAtFront(urlPacket, urlbufff);
urlPacket->Private.Head->Next=NULL;
urlPacket->Private.Tail=NULL;
NDIS_SET_PACKET_HEADER_SIZE(urlPacket,14);
NdisSetPacketFlags(urlPacket, NDIS_FLAGS_DONT_LOOPBACK);
NDIS_SET_ORIGINAL_PACKET(
urlPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NdisGetPacketFlags(urlPacket) = NdisGetPacketFlags(Packet);
urlstatus = NDIS_GET_PACKET_STATUS(Packet);
NDIS_SET_PACKET_STATUS(urlPacket, urlstatus);
NDIS_SET_PACKET_HEADER_SIZE(
urlPacket, NDIS_GET_PACKET_HEADER_SIZE(Packet));
NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &urlPacket, 1);
if(urlstatus == NDIS_STATUS_RESOURCES)
{
NdisDprFreePacket(urlPacket);
}
return((urlstatus != NDIS_STATUS_RESOURCES) ? 1 : 0);
}
}
}
if(pAdapt->isSecondary)
{
DBGPRINT("PASSTHRU GETTING RECEIVES ON SECONDARY\n");
ASSERT(0);
}
NdisDprAllocatePacket(&Status, &MyPacket, pAdapt->RecvPacketPoolHandle);
if(Status == NDIS_STATUS_SUCCESS)
{
Resvd =(PRSVD)(MyPacket->MiniportReserved);
Resvd->OriginalPkt = Packet;
MyPacket->Private.Head = Packet->Private.Head;
MyPacket->Private.Tail = Packet->Private.Tail;
NDIS_SET_ORIGINAL_PACKET(
MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet);
Status = NDIS_GET_PACKET_STATUS(Packet);
NDIS_SET_PACKET_STATUS(MyPacket, Status);
NDIS_SET_PACKET_HEADER_SIZE(
MyPacket, NDIS_GET_PACKET_HEADER_SIZE(Packet));
NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &MyPacket, 1);
PrintPacket(MyPacket);
if(Status == NDIS_STATUS_RESOURCES)
{
NdisDprFreePacket(MyPacket);
}
return((Status != NDIS_STATUS_RESOURCES) ? 1 : 0);
}
else
{
return(0);
}
}
说实话,写这段程序的时候我已经晕了,基本上没什么价值了。我现在只希望有知道的认来给我说说这中间的过程和道理…… 感激不尽
#8
为什么这么好的帖子没有人回?