这个是我根据网上的拦截封包源码修改的.. 但是无法弹出连接状态(Connect) 时的IP? . 帮忙看下.. ( 前贴 : http://topic.csdn.net/u/20090808/17/10d90eff-b51e-4aa6-a55b-9b665c84c721.html?17240 )
unit APIHook;
interface
uses
SysUtils,
Windows, dialogs, WinSock;
type
//要HOOK的API函数定义
TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
Tconnect = function (s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;
//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;
var
OldSend, OldRecv: TSockProc; //原来的API地址
OldConnect: Tconnect;
JmpCode: TJmpCode;
OldProc: array [0..2] of TJmpCode;
AddSend, AddRecv , AddConnect: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation
{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行发送的数据处理 //调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend(S, Buf, len, flags);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;
{---------------------------------------}
{函数功能:Recv函数的HOOK
{函数参数:同Recv
{函数返回值:integer
{---------------------------------------}
function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行接收的数据处理 //调用直正的Recv函数
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
Result := OldRecv(S, Buf, len, flags);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);
end;
function connect(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
var
Ip:string;
port:integer;
begin
ip := inet_ntoa(name.sin_addr);
port := ntohs(name.sin_port);
messagebox(0,pchar(ip),'',64);
OldConnect(s, name, namelen);
end;
{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('ws2_32.dll');
AddSend := GetProcAddress(DLLModule, 'send'); //取得API地址
AddRecv := GetProcAddress(DLLModule, 'recv');
AddConnect := GetProcAddress(DLLModule, 'Connect');
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口
ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口 ReadProcessMemory(ProcessHandle, addConnect, @OldProc[2], 8, dwSize);
JmpCode.Address := @connect;
WriteProcessMemory(ProcessHandle, addConnect, @JmpCode, 8, dwSize); //修改Send入口
OldSend := AddSend;
OldRecv := AddRecv;
OldConnect := AddConnect;
end;
{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
end;
end.
unit APIHook;
interface
uses
SysUtils,
Windows, dialogs, WinSock;
type
//要HOOK的API函数定义
TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
Tconnect = function (s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;
//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;
var
OldSend, OldRecv: TSockProc; //原来的API地址
OldConnect: Tconnect;
JmpCode: TJmpCode;
OldProc: array [0..2] of TJmpCode;
AddSend, AddRecv , AddConnect: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation
{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行发送的数据处理 //调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend(S, Buf, len, flags);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;
{---------------------------------------}
{函数功能:Recv函数的HOOK
{函数参数:同Recv
{函数返回值:integer
{---------------------------------------}
function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行接收的数据处理 //调用直正的Recv函数
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
Result := OldRecv(S, Buf, len, flags);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);
end;
function connect(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
var
Ip:string;
port:integer;
begin
ip := inet_ntoa(name.sin_addr);
port := ntohs(name.sin_port);
messagebox(0,pchar(ip),'',64);
OldConnect(s, name, namelen);
end;
{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('ws2_32.dll');
AddSend := GetProcAddress(DLLModule, 'send'); //取得API地址
AddRecv := GetProcAddress(DLLModule, 'recv');
AddConnect := GetProcAddress(DLLModule, 'Connect');
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口
ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口 ReadProcessMemory(ProcessHandle, addConnect, @OldProc[2], 8, dwSize);
JmpCode.Address := @connect;
WriteProcessMemory(ProcessHandle, addConnect, @JmpCode, 8, dwSize); //修改Send入口
OldSend := AddSend;
OldRecv := AddRecv;
OldConnect := AddConnect;
end;
{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
end;
end.
解决方案 »
- 我想用webbrowser模拟鼠标选择radio的第二项,请问怎么做。
- 从字符串转换为datetime时发生语法错误
- 简单问题,高分相送
- ****几个问题,解决马上给分******
- 谁有DBTreeView控件?收到马上送50分!
- 金碟软件中的帐套如何做的?
- 用delphi编程asp组件,能否使用Intnet面板上的组件如:ClientSocket,同另一台机器上的软件进行通讯?如果能的话,怎么接受来自另一台机�
- DBGrid如何确定当前行?
- TTable 的Locate 部分匹配不对劲
- 在程序中定义了Form1和Form2,其中Form2是个永远在上方显示的窗体,那么 Form2.show后,
- mysql查表问题
- DELPHI程序的稳定性
你另外钩 sendto 这个API试下
应该可以读到的
sendto 这个API钩住先
TCP才是有连接的