0
如果我在我的C#應用程序中加載一個使用服務器B打開套接字的Flash應用程序A,是否可以設置本地掛鉤以便我可以讀取A與服務器B之間交換的數據包?Hook flash應用程序
- 如果需要的話我可以獲取Flash應用程序的來源,但我不是誰寫他們
- 我是新的C#中的一個(說實話,我仍然不知道什麼是對的最佳語言寫這種應用適用於Windows)和掛鉤的,因此任何例如將非常感激:)
- 我正在客戶端
如果我在我的C#應用程序中加載一個使用服務器B打開套接字的Flash應用程序A,是否可以設置本地掛鉤以便我可以讀取A與服務器B之間交換的數據包?Hook flash應用程序
當然可以。 您應該使用EasyHook庫來掛接來自C#的原生套接字API調用。 通過在connect,send和recv函數上掛鉤,可以掛接基於Windows的應用程序中的任何流量。
下面是一個例子:
private IntPtr _socketsLib;
private LocalHook _createConnectHook;
private LocalHook _createRecvHook;
private LocalHook _createSendHook;
_socketsLib = NativeAPI.LoadLibrary("Ws2_32.dll");
_createConnectHook = LocalHook.Create(LocalHook.GetProcAddress("Ws2_32.dll", "connect"), new NativeSocketMethod.DConnect(connect_Hooked), this);
_createRecvHook = LocalHook.Create(LocalHook.GetProcAddress("Ws2_32.dll", "recv"),
new NativeSocketMethod.Drecv(recv_Hooked), this);
_createSendHook = LocalHook.Create(LocalHook.GetProcAddress("Ws2_32.dll", "send"),
new NativeSocketMethod.Dsend(send_Hooked), this);
_createConnectHook.ThreadACL.SetExclusiveACL(new int[1]);
_createRecvHook.ThreadACL.SetExclusiveACL(new int[1]);
_createSendHook.ThreadACL.SetExclusiveACL(new int[1]);
private static int connect_Hooked(IntPtr socketHandle, ref NativeSocketMethod.sockaddr name, ref int namelen)
{
// TODO: do something with data here
return NativeSocketMethod.connect(socketHandle, ref name, ref namelen);
}
private static int recv_Hooked(IntPtr socketHandle, IntPtr buf, int count, int socketFlags)
{
// TODO: do something with data here
return NativeSocketMethod.recv(socketHandle, buf, count, socketFlags);
}
private static int send_Hooked(IntPtr socketHandle, IntPtr buf, int count, int socketFlags)
{
// TODO: do something with data here
return NativeSocketMethod.send(socketHandle, buf, count, socketFlags);
}
而且NativeSocketMethod.cs
public static class NativeSocketMethod
{
[DllImport("Ws2_32.dll")]
public static extern int connect(IntPtr socketHandle, ref sockaddr Address, ref int Addresslen);
[DllImport("Ws2_32.dll")]
public static extern int getpeername(IntPtr s, ref sockaddr Address, ref int namelen);
[DllImport("ws2_32.dll")]
public static extern IntPtr inet_ntoa(in_addr a);
[DllImport("ws2_32.dll")]
public static extern ushort ntohs(ushort netshort);
[DllImport("Ws2_32.dll")]
public static extern int recv(IntPtr socketHandle, IntPtr buf, int Buffercount, int socketFlags);
[DllImport("Ws2_32.dll")]
public static extern int send(IntPtr socketHandle, IntPtr buf, int count, int socketFlags);
public enum AddressFamily
{
AppleTalk = 0x11,
BlueTooth = 0x20,
InterNetworkv4 = 2,
InterNetworkv6 = 0x17,
Ipx = 4,
Irda = 0x1a,
NetBios = 0x11,
Unknown = 0
}
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)]
public delegate int DConnect(IntPtr socketHandle, ref NativeSocketMethod.sockaddr Address, ref int Addresslen);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)]
public delegate int Drecv(IntPtr socketHandle, IntPtr buf, int Buffercount, int socketFlags);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)]
public delegate int Dsend(IntPtr socketHandle, IntPtr buf, int count, int socketFlags);
[StructLayout(LayoutKind.Sequential)]
public struct in_addr
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst=4)]
public byte[] sin_addr;
}
public enum ProtocolType
{
BlueTooth = 3,
ReliableMulticast = 0x71,
Tcp = 6,
Udp = 0x11
}
[StructLayout(LayoutKind.Sequential)]
public struct sockaddr
{
public short sin_family;
public ushort sin_port;
public NativeSocketMethod.in_addr sin_addr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst=8)]
public byte[] sin_zero;
}
public enum SocketType
{
Unknown,
Stream,
DGram,
Raw,
Rdm,
SeqPacket
}
}
嘗試使用Wireshark的? – Amy 2010-12-23 16:16:44
你想達到什麼目的? 如果你想在開發過程中看到要分析的數據包,那麼@ yodaj007就是要走的路! 如果您需要在運行時執行某些操作,那麼在進入API掛鉤之前可能需要考慮pcap庫。 – TCS 2010-12-23 16:22:27