WTL的半打开端口扫描器,求指导! 本帖最后由 VisualEleven 于 2011-05-05 09:17:36 编辑 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 #include "StdAfx.h"#include "SynScaner.h"#include <WS2TCPIP.H>#include <WinSock2.h>#include <Mstcpip.h>#pragma comment(lib,"ws2_32.lib")#define SRC_PORT 88#define LISTEN_PORT 7000#define SEND_TIME_OUT 2000CSynScaner::CSynScaner(void):m_hFilterDataThread(NULL),m_hSendSynDataThread(NULL),m_SendSocket(NULL),m_RecvSocket(NULL),m_bListening(FALSE),m_bScaning(FALSE),m_dwCurrentIPAddress(0),m_hNotifyWnd(NULL){ ZeroMemory(m_pLocalIPAddr,sizeof(m_pLocalIPAddr)); // ZeroMemory(m_sin,sizeof(m_sin)); ZeroMemory(m_pSendBuffer,sizeof(m_pSendBuffer)); ZeroMemory((PVOID)&m_ipHeader,sizeof(m_ipHeader)); ZeroMemory((PVOID)&m_tcpHeader,sizeof(m_tcpHeader)); ZeroMemory((PVOID)&m_psdHeader,sizeof(m_psdHeader)); //ZeroMemory(m_pRecvBuffer,sizeof(m_pRecvBuffer)); m_clientAddr.sin_family = AF_INET; m_clientAddr.sin_port =htons(LISTEN_PORT); m_mapScanedIP_Port.empty();}CSynScaner::~CSynScaner(void){ UnInitialize();}BOOL CSynScaner::Initialize(){ BOOL bInitSuc = TRUE;#ifdef _DEBUG DWORD nerr = WSAGetLastError();#endif do { WSADATA stWsaData = {0}; //初始化DLL if (WSAStartup(MAKEWORD(2,2),&stWsaData)!=NO_ERROR) { bInitSuc = FALSE; break; } //通过hostname获取本机IP地址 CHAR pHostName[256+2]={0}; if(gethostname(pHostName,256)!=NO_ERROR) { bInitSuc = FALSE; break; } struct hostent *pLocalIPEnt; pLocalIPEnt = gethostbyname(pHostName); strcpy(m_pLocalIPAddr,inet_ntoa(*((struct in_addr *)pLocalIPEnt->h_addr_list[0]))); //已经是网络字节顺序 m_ulNetworkLocalIP = inet_addr(m_pLocalIPAddr); if (pLocalIPEnt==NULL) { bInitSuc = FALSE; break; } //建立socket监听数据包 m_RecvSocket = socket(AF_INET,SOCK_RAW,IPPROTO_IP); if (m_RecvSocket==INVALID_SOCKET) { bInitSuc = FALSE; break; } m_clientAddr.sin_addr.s_addr = m_ulNetworkLocalIP; if (bind(m_RecvSocket,(sockaddr *)&m_clientAddr,sizeof(m_clientAddr))!=NO_ERROR) { bInitSuc = FALSE; break; } DWORD dwBufferLen[10] ; DWORD dwBufferInLen = 1 ; DWORD dwBytesReturned = 0 ; //指定自己手动接收IP包 if (NO_ERROR!=WSAIoctl(m_RecvSocket,SIO_RCVALL,&dwBufferInLen,sizeof(dwBufferInLen),&dwBufferLen,sizeof(dwBufferLen),&dwBytesReturned,NULL,NULL)) { bInitSuc = FALSE; break; }#ifdef _DEBUG nerr = WSAGetLastError();#endif //创建发送socket m_SendSocket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if (m_SendSocket==INVALID_SOCKET) { bInitSuc = FALSE; break; } BOOL bFlag = TRUE; if(setsockopt(m_SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&bFlag, sizeof(bFlag))==SOCKET_ERROR) { bInitSuc = FALSE; break; } int nTimeOut = SEND_TIME_OUT; if(setsockopt(m_SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&nTimeOut, sizeof(nTimeOut)) == SOCKET_ERROR) { bInitSuc = FALSE; break; } //填充IP首部 m_ipHeader.h_verlen = ((4<<4) | sizeof(m_ipHeader)/sizeof(unsigned long)); m_ipHeader.tos = (UCHAR)0; m_ipHeader.total_len = htons(sizeof(m_ipHeader)+sizeof(TCP_HEADER)); m_ipHeader.ident = htons(0x1234);// htons(1); m_ipHeader.frag_and_flags = (0x40); m_ipHeader.ttl = 128; m_ipHeader.proto = IPPROTO_TCP; m_ipHeader.checksum = 0; //校验和 m_ipHeader.sourceIP = m_ulNetworkLocalIP;//本机IP,可以伪造 m_ipHeader.destIP = 0;//目的IP,待扫描的IP地址 //填充tcp伪首部 m_psdHeader.saddr = m_ipHeader.sourceIP; m_psdHeader.daddr = m_ipHeader.destIP; m_psdHeader.mbz = 0; m_psdHeader.ptcl = m_ipHeader.proto; m_psdHeader.tcpl = htons(sizeof(TCP_HEADER)); //填充TCP首部 m_tcpHeader.th_dport = 0;//目的端口,待扫描的端口 m_tcpHeader.th_sport = htons(SRC_PORT); //源端口本机端口 m_tcpHeader.th_seq = htonl(0x12121212);//这个值可以随机 m_tcpHeader.th_ack = 0; m_tcpHeader.th_lenres = (sizeof(TCP_HEADER)/4<<4|0); m_tcpHeader.th_flag = SYN_TCP;//syn标志位。1,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG(推测,哈哈) m_tcpHeader.th_win =htons((unsigned short)16384) ;// 512;//这个值也可以随意设置,无关紧要 m_tcpHeader.th_urp = 0; m_tcpHeader.th_sum = 0; } while (FALSE); return bInitSuc;}BOOL CSynScaner::UnInitialize(){ EndScan(); EndListen(); if (m_RecvSocket) { closesocket(m_RecvSocket); m_RecvSocket = NULL; } if (m_SendSocket) { closesocket(m_SendSocket); m_SendSocket = NULL; } WSACleanup(); return TRUE;}//在扫描端口之前应该调用此函数进行对IP数据包的分析BOOL CSynScaner::BeginListen(){ if (!m_bListening) { DWORD dwThreadID = 0; //创造监听线程 m_bListening = TRUE; m_hFilterDataThread = CreateThread(NULL,NULL,FilterIPData,this,NULL,&dwThreadID); if (FAILED(m_hFilterDataThread)) { m_bListening = FALSE; return FALSE; } } return TRUE;}BOOL CSynScaner::BeginScan(){ DWORD dwScanThreadID = -1; if (!m_bScaning) { m_bScaning = TRUE; m_hSendSynDataThread = CreateThread(NULL,NULL,SendSynData,this,NULL,&dwScanThreadID); if (FAILED(m_hSendSynDataThread)) { m_bScaning = FALSE; return FALSE; } } return TRUE;}DWORD CSynScaner::FilterIPData(PVOID pSynScaner){ CSynScaner * synScaner = (CSynScaner*)pSynScaner; if (synScaner==NULL) { return -1; } while(synScaner->IsListening()) { synScaner->CheckPort(); } return NO_ERROR;}DWORD CSynScaner::SendSynData(PVOID pSynScaner){ CSynScaner * synScaner = (CSynScaner*)pSynScaner; if (NULL == synScaner) { return -1; } while (synScaner->IsScaning()) { synScaner->ScanCurrentIPAndPort(); } return 0;}BOOL CSynScaner::ScanCurrentIPAndPort(){ SendMessage(m_hNotifyWnd,SCAN_ONE_PORT_NOTIFY_CODE,0,0); USHORT usPort = m_portManager.GetNextCurrentPort(); if (0==usPort) { m_dwCurrentIPAddress = m_ipManager.GetNextIPAddress(); if (m_dwCurrentIPAddress==-1) { m_bScaning = FALSE; //MessageBox(NULL,_T("扫描结束"),NULL,0); } return FALSE; } return SendData(m_dwCurrentIPAddress,usPort);}BOOL CSynScaner::EndScan(){ m_bScaning = FALSE; if (m_hSendSynDataThread) { CloseHandle(m_hSendSynDataThread); m_hSendSynDataThread = NULL; } return TRUE;}VOID CSynScaner::EndListen(){ m_bListening = FALSE; if (m_hFilterDataThread) { CloseHandle(m_hFilterDataThread); m_hFilterDataThread = NULL; }}BOOL CSynScaner::SendData(DWORD dwNetworkIPAddress,USHORT nNetworkPort){ //发往的目的地址 m_destAddr.sin_family = AF_INET; m_destAddr.sin_addr.s_addr = dwNetworkIPAddress; m_destAddr.sin_port = nNetworkPort; m_ipHeader.destIP = (dwNetworkIPAddress); //计算TCP校验和 m_tcpHeader.th_dport = (nNetworkPort); m_psdHeader.daddr = m_ipHeader.destIP; m_ipHeader.checksum = 0; m_tcpHeader.th_sum = 0; ZeroMemory(m_pSendBuffer,SIZE_SEND_BUFFER); memcpy(m_pSendBuffer, &m_psdHeader, sizeof(m_psdHeader)); memcpy(m_pSendBuffer + sizeof(m_psdHeader), &m_tcpHeader, sizeof(m_tcpHeader)); m_tcpHeader.th_sum = CheckSum((USHORT *)m_pSendBuffer, sizeof(m_psdHeader) + sizeof(m_tcpHeader)); 这样子定义类有什么错误? [100分][新手问题]关于不规则按钮的问题 如何用程序访问windows共享文件 高分求助 SetScrollSizes 中的最大范围是? 如何结束一个dos下的进程,请知道的都来说两句,谢谢!!! VC的MSCOMM控件读取GSM模块短信 关于宏! 关于CException的问题,急,急,急,急,特别急。特别急。特别急。特别急。 遇到一个怪怪的小问题 哪位兄弟帮我查查::DuplicateHandle()的用法 请教关于FormView的问题 颜色提取
#include "SynScaner.h"
#include <WS2TCPIP.H>
#include <WinSock2.h>
#include <Mstcpip.h>
#pragma comment(lib,"ws2_32.lib")
#define SRC_PORT 88
#define LISTEN_PORT 7000
#define SEND_TIME_OUT 2000
CSynScaner::CSynScaner(void):
m_hFilterDataThread(NULL),
m_hSendSynDataThread(NULL),
m_SendSocket(NULL),
m_RecvSocket(NULL),
m_bListening(FALSE),
m_bScaning(FALSE),
m_dwCurrentIPAddress(0),
m_hNotifyWnd(NULL)
{
ZeroMemory(m_pLocalIPAddr,sizeof(m_pLocalIPAddr));
// ZeroMemory(m_sin,sizeof(m_sin));
ZeroMemory(m_pSendBuffer,sizeof(m_pSendBuffer));
ZeroMemory((PVOID)&m_ipHeader,sizeof(m_ipHeader));
ZeroMemory((PVOID)&m_tcpHeader,sizeof(m_tcpHeader));
ZeroMemory((PVOID)&m_psdHeader,sizeof(m_psdHeader));
//ZeroMemory(m_pRecvBuffer,sizeof(m_pRecvBuffer));
m_clientAddr.sin_family = AF_INET;
m_clientAddr.sin_port =htons(LISTEN_PORT);
m_mapScanedIP_Port.empty();
}CSynScaner::~CSynScaner(void)
{
UnInitialize();
}
BOOL CSynScaner::Initialize()
{
BOOL bInitSuc = TRUE;
#ifdef _DEBUG
DWORD nerr = WSAGetLastError();
#endif
do
{
WSADATA stWsaData = {0};
//初始化DLL
if (WSAStartup(MAKEWORD(2,2),&stWsaData)!=NO_ERROR)
{
bInitSuc = FALSE;
break;
}
//通过hostname获取本机IP地址
CHAR pHostName[256+2]={0};
if(gethostname(pHostName,256)!=NO_ERROR)
{
bInitSuc = FALSE;
break;
}
struct hostent *pLocalIPEnt;
pLocalIPEnt = gethostbyname(pHostName);
strcpy(m_pLocalIPAddr,inet_ntoa(*((struct in_addr *)pLocalIPEnt->h_addr_list[0])));
//已经是网络字节顺序
m_ulNetworkLocalIP = inet_addr(m_pLocalIPAddr); if (pLocalIPEnt==NULL)
{
bInitSuc = FALSE;
break;
} //建立socket监听数据包
m_RecvSocket = socket(AF_INET,SOCK_RAW,IPPROTO_IP);
if (m_RecvSocket==INVALID_SOCKET)
{
bInitSuc = FALSE;
break;
}
m_clientAddr.sin_addr.s_addr = m_ulNetworkLocalIP;
if (bind(m_RecvSocket,(sockaddr *)&m_clientAddr,sizeof(m_clientAddr))!=NO_ERROR)
{
bInitSuc = FALSE;
break;
}
DWORD dwBufferLen[10] ;
DWORD dwBufferInLen = 1 ;
DWORD dwBytesReturned = 0 ;
//指定自己手动接收IP包
if (NO_ERROR!=WSAIoctl(m_RecvSocket,SIO_RCVALL,&dwBufferInLen,sizeof(dwBufferInLen),&dwBufferLen,sizeof(dwBufferLen),&dwBytesReturned,NULL,NULL))
{
bInitSuc = FALSE;
break;
}
#ifdef _DEBUG
nerr = WSAGetLastError();
#endif
//创建发送socket
m_SendSocket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (m_SendSocket==INVALID_SOCKET)
{
bInitSuc = FALSE;
break;
}
BOOL bFlag = TRUE;
if(setsockopt(m_SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&bFlag, sizeof(bFlag))==SOCKET_ERROR)
{
bInitSuc = FALSE;
break;
} int nTimeOut = SEND_TIME_OUT;
if(setsockopt(m_SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&nTimeOut, sizeof(nTimeOut)) == SOCKET_ERROR)
{
bInitSuc = FALSE;
break;
}
//填充IP首部
m_ipHeader.h_verlen = ((4<<4) | sizeof(m_ipHeader)/sizeof(unsigned long));
m_ipHeader.tos = (UCHAR)0;
m_ipHeader.total_len = htons(sizeof(m_ipHeader)+sizeof(TCP_HEADER));
m_ipHeader.ident = htons(0x1234);// htons(1);
m_ipHeader.frag_and_flags = (0x40);
m_ipHeader.ttl = 128;
m_ipHeader.proto = IPPROTO_TCP;
m_ipHeader.checksum = 0; //校验和
m_ipHeader.sourceIP = m_ulNetworkLocalIP;//本机IP,可以伪造
m_ipHeader.destIP = 0;//目的IP,待扫描的IP地址
//填充tcp伪首部
m_psdHeader.saddr = m_ipHeader.sourceIP;
m_psdHeader.daddr = m_ipHeader.destIP;
m_psdHeader.mbz = 0;
m_psdHeader.ptcl = m_ipHeader.proto;
m_psdHeader.tcpl = htons(sizeof(TCP_HEADER));
//填充TCP首部
m_tcpHeader.th_dport = 0;//目的端口,待扫描的端口
m_tcpHeader.th_sport = htons(SRC_PORT); //源端口本机端口
m_tcpHeader.th_seq = htonl(0x12121212);//这个值可以随机
m_tcpHeader.th_ack = 0;
m_tcpHeader.th_lenres = (sizeof(TCP_HEADER)/4<<4|0);
m_tcpHeader.th_flag = SYN_TCP;//syn标志位。1,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG(推测,哈哈)
m_tcpHeader.th_win =htons((unsigned short)16384) ;// 512;//这个值也可以随意设置,无关紧要
m_tcpHeader.th_urp = 0;
m_tcpHeader.th_sum = 0;
} while (FALSE);
return bInitSuc;
}
BOOL CSynScaner::UnInitialize()
{
EndScan();
EndListen();
if (m_RecvSocket)
{
closesocket(m_RecvSocket);
m_RecvSocket = NULL;
}
if (m_SendSocket)
{
closesocket(m_SendSocket);
m_SendSocket = NULL;
}
WSACleanup(); return TRUE;
}
//在扫描端口之前应该调用此函数进行对IP数据包的分析
BOOL CSynScaner::BeginListen()
{
if (!m_bListening)
{
DWORD dwThreadID = 0;
//创造监听线程
m_bListening = TRUE;
m_hFilterDataThread = CreateThread(NULL,NULL,FilterIPData,this,NULL,&dwThreadID);
if (FAILED(m_hFilterDataThread))
{
m_bListening = FALSE;
return FALSE;
}
}
return TRUE;
}BOOL CSynScaner::BeginScan()
{
DWORD dwScanThreadID = -1;
if (!m_bScaning)
{
m_bScaning = TRUE;
m_hSendSynDataThread = CreateThread(NULL,NULL,SendSynData,this,NULL,&dwScanThreadID);
if (FAILED(m_hSendSynDataThread))
{
m_bScaning = FALSE;
return FALSE;
}
}
return TRUE;
}
DWORD CSynScaner::FilterIPData(PVOID pSynScaner)
{
CSynScaner * synScaner = (CSynScaner*)pSynScaner;
if (synScaner==NULL)
{
return -1;
}
while(synScaner->IsListening())
{
synScaner->CheckPort();
}
return NO_ERROR;
}
DWORD CSynScaner::SendSynData(PVOID pSynScaner)
{
CSynScaner * synScaner = (CSynScaner*)pSynScaner;
if (NULL == synScaner)
{
return -1;
}
while (synScaner->IsScaning())
{
synScaner->ScanCurrentIPAndPort();
}
return 0;
}
BOOL CSynScaner::ScanCurrentIPAndPort()
{
SendMessage(m_hNotifyWnd,SCAN_ONE_PORT_NOTIFY_CODE,0,0); USHORT usPort = m_portManager.GetNextCurrentPort();
if (0==usPort)
{
m_dwCurrentIPAddress = m_ipManager.GetNextIPAddress();
if (m_dwCurrentIPAddress==-1)
{
m_bScaning = FALSE;
//MessageBox(NULL,_T("扫描结束"),NULL,0);
}
return FALSE;
}
return SendData(m_dwCurrentIPAddress,usPort);
}BOOL CSynScaner::EndScan()
{
m_bScaning = FALSE;
if (m_hSendSynDataThread)
{
CloseHandle(m_hSendSynDataThread);
m_hSendSynDataThread = NULL;
}
return TRUE;
}
VOID CSynScaner::EndListen()
{
m_bListening = FALSE;
if (m_hFilterDataThread)
{
CloseHandle(m_hFilterDataThread);
m_hFilterDataThread = NULL;
}
}
BOOL CSynScaner::SendData(DWORD dwNetworkIPAddress,USHORT nNetworkPort)
{
//发往的目的地址
m_destAddr.sin_family = AF_INET;
m_destAddr.sin_addr.s_addr = dwNetworkIPAddress;
m_destAddr.sin_port = nNetworkPort; m_ipHeader.destIP = (dwNetworkIPAddress);
//计算TCP校验和
m_tcpHeader.th_dport = (nNetworkPort);
m_psdHeader.daddr = m_ipHeader.destIP; m_ipHeader.checksum = 0;
m_tcpHeader.th_sum = 0; ZeroMemory(m_pSendBuffer,SIZE_SEND_BUFFER);
memcpy(m_pSendBuffer, &m_psdHeader, sizeof(m_psdHeader));
memcpy(m_pSendBuffer + sizeof(m_psdHeader), &m_tcpHeader, sizeof(m_tcpHeader)); m_tcpHeader.th_sum = CheckSum((USHORT *)m_pSendBuffer, sizeof(m_psdHeader) + sizeof(m_tcpHeader));