哪位大侠能告诉在下信使服务的原理或者资料,也就是NetMessageBufferSend的实现原理和过程,或者告诉在下它的包结构也行.在下准备用UDP欺骗IP的方式写一个发送信使服务的软件,这样带宽上能够充分利用,而NetMessageBufferSend的带宽有效果利用率最高才25%(因为有返回包)
申明:在下只是研究目的,不会写这东西拿出去卖.事情起因:
在下遇见一个软件http://www.4vsoft.net,它号称可以隐瞒IP(这个我已经有C++代码,差不多看懂了),更改端口,发送信使服务,我就用IRIS(一个网络分析软件)对它的包进行拆分,并且想看看NetMessageBufferSend是怎么服务的.结果数据如下:
本人软件,通过NetMessageBufferSend发送的:
成功: 发送包 92字节(大小不可变,内容有小变化)
目标端口为NETBIOS_NS 137,本人端口也是137
接收包 325字节(大小不可变,内容有小变化)
重新换2100端口(可能会变)建立TCP连接(注意,是建立TCP连接不是UDP了),目标到NETBIOS_SSN,139端口,来回交互(包括IPX预先探测)共有10余次对方软件,
成功: 发送包 386字节(按发送字数可变)
接收包 126字节(大小不可变,内容有小变化)
注意,这个软件发送的目标端口是135
一次发送成功,无多余的包.
申明:在下只是研究目的,不会写这东西拿出去卖.事情起因:
在下遇见一个软件http://www.4vsoft.net,它号称可以隐瞒IP(这个我已经有C++代码,差不多看懂了),更改端口,发送信使服务,我就用IRIS(一个网络分析软件)对它的包进行拆分,并且想看看NetMessageBufferSend是怎么服务的.结果数据如下:
本人软件,通过NetMessageBufferSend发送的:
成功: 发送包 92字节(大小不可变,内容有小变化)
目标端口为NETBIOS_NS 137,本人端口也是137
接收包 325字节(大小不可变,内容有小变化)
重新换2100端口(可能会变)建立TCP连接(注意,是建立TCP连接不是UDP了),目标到NETBIOS_SSN,139端口,来回交互(包括IPX预先探测)共有10余次对方软件,
成功: 发送包 386字节(按发送字数可变)
接收包 126字节(大小不可变,内容有小变化)
注意,这个软件发送的目标端口是135
一次发送成功,无多余的包.
http://www.codeproject.com/internet/fakesend.asp我记得还有一篇文章也是讲这个的,你自己再找一下,在codeguru或者codeproject上。
The FakeSend (and Net Send) mechanism is very simple. It uses an Interprocess Communication (IPC) resource called "MailSlots". We can create MailSlots to swap messages between applications on a network environment just like we do with Sockets, Named Pipes, etc... The MailSlot internally uses a datagram socket, which means that we cannot be sure if the message has arrived. To learn more about MailSlots read the MailSlot Reference from MSDN Library.Using the code
The code is very straightforward. We have the main function NetSend() that receives three values: szSender - The name of the person who is sending the message (Any name you want);szReceiver - The User Name (Network Login) or Machine name of the person who will receive the message;szMessage - The Message you want to send.
bool NetSend(const char * szSender, const char * szReceiver,
const char * szMessage)
{
// Our main variables
char * pszMailSlot = NULL;
unsigned char * pucMessage = NULL;
unsigned int nMailSlotLen, nMsgFormatLen; HANDLE hHandle;
DWORD dwBytesWritten;
bool bRet = false; // Get the length of the strings
nMailSlotLen = strlen(szReceiver) + sizeof(szMailSlotPath);
nMsgFormatLen = strlen(szSender) + strlen(szReceiver) +
strlen(szMessage) + sizeof(szMsgFormat); // Allocate necessary memory
pszMailSlot = new char[nMailSlotLen];
pucMessage = new unsigned char[nMsgFormatLen]; // Network path for <Receiver> MailSlot:
// "\\Receiver\MAILSLOT\messngr"
sprintf(pszMailSlot, szMailSlotPath, szReceiver); // Message Format:
// "Sender\0Receiver\0Message\0"
// sprintf doesn't work with \0 so here I'm using \r
sprintf((char *)pucMessage, szMsgFormat, szSender,
szReceiver, szMessage); // Replace all '\r' characters with '\0'
for (unsigned short i = 0; i < nMsgFormatLen; i++)
{
if (pucMessage[i] == '\r')
pucMessage[i] = '\0'; else if (pucMessage[i] == '\0')
break;
} // Create the file into Receiver's MailSlot and get a Handle to this file
hHandle = CreateFile(pszMailSlot, GENERIC_WRITE, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); // Do we have a valid handle?
if (hHandle)
{
// Write the message to file
bRet = (WriteFile(hHandle, pucMessage, (DWORD)nMsgFormatLen,
&dwBytesWritten, NULL) == TRUE); // Free the handle
CloseHandle(hHandle);
} return bRet;
}
http://www.codeproject.com/internet/mailslot.asp