18,363
社区成员
发帖
与我相关
我的任务
分享
...全文
请发表友善的回复…
发表回复
toto996 2011-07-12
- 打赏
- 举报
[Quote=引用 10 楼 tr0j4n 的回复:]
最新发现,ipconfig在DnsGetCacheDataTable之后又逐个DnsQuery了、看来这两个要配合使用
以下为我的逆向之后的大致猜想:
C/C++ code
//微软定义了一个如下的结构体
typedef struct _DnsCacheEntry
{
struct _DnsCacheEntry* pNext; // Pointer to next entry……
[/Quote]
这位兄弟很牛,感谢,看完后给分。
最新发现,ipconfig在DnsGetCacheDataTable之后又逐个DnsQuery了、看来这两个要配合使用
以下为我的逆向之后的大致猜想:
C/C++ code
//微软定义了一个如下的结构体
typedef struct _DnsCacheEntry
{
struct _DnsCacheEntry* pNext; // Pointer to next entry……
[/Quote]
这位兄弟很牛,感谢,看完后给分。
toto996 2011-07-12
- 打赏
- 举报
typedef struct _DnsCacheEntry
{
struct _DnsCacheEntry* pNext; // Pointer to next entry
PWSTR pszName; // DNS Record Name
unsigned short wType; // DNS Record Type
unsigned short wDataLength; // Not referenced
unsigned long dwFlags; // DNS Record Flags
}DNS_CACHE_ENTRY;
int main()
{
HMODULE hM = ::LoadLibrary(TEXT("dnsapi.dll"));
typedef int (WINAPI *_DnsGetCacheDataTable)(DNS_CACHE_ENTRY * par);
_DnsGetCacheDataTable dnsGetCacheDataTable = (_DnsGetCacheDataTable)::GetProcAddress(hM, "DnsGetCacheDataTable");
DNS_CACHE_ENTRY fooEntry = {};
int nRes = dnsGetCacheDataTable(&fooEntry);
DNS_CACHE_ENTRY* _fooEntry = &fooEntry;
while (_fooEntry)
{
PDNS_RECORD dnsr;
DNS_STATUS status = DnsQuery(_fooEntry->pszName, _fooEntry->wType, DNS_QUERY_BYPASS_CACHE, NULL, &dnsr, NULL);
if (status == 0)
{
printf("%S:%s,%d\n", _fooEntry->pszName, inet_ntoa(*(in_addr*)&(dnsr->Data.A.IpAddress)), _fooEntry->wType);
}
DnsRecordListFree(dnsr, DnsFreeRecordListDeep);
_fooEntry = _fooEntry->pNext;
}
//DNS_STATUS WINAPI DnsQuery(TEXT);
::FreeLibrary(hM);
system("pause");
return 0;
}
ndy_w 2011-07-11
- 打赏
- 举报
没看清题,不好意思!
顶下trojan
顶下trojan
MoXiaoRab 2011-07-11
- 打赏
- 举报
此外,DnsQuery的用法见:http://support.microsoft.com/kb/831226
Gloveing 2011-07-11
- 打赏
- 举报
顶楼上!牛X!!!
MoXiaoRab 2011-07-11
- 打赏
- 举报
最新发现,ipconfig在DnsGetCacheDataTable之后又逐个DnsQuery了、看来这两个要配合使用
以下为我的逆向之后的大致猜想:
可能的调用方式应该是这样
以上都为推算,正确性80%。
以下为我的逆向之后的大致猜想:
//微软定义了一个如下的结构体
typedef struct _DnsCacheEntry
{
struct _DnsCacheEntry* pNext; // Pointer to next entry
PWSTR pszName; // DNS Record Name
unsigned short wType; // DNS Record Type
unsigned short wDataLength; // Not referenced
unsigned long dwFlags; // DNS Record Flags
}DNS_CACHE_ENTRY;
可能的调用方式应该是这样
DNS_CACHE_ENTRY fooEntry;
DnsGetCacheDataTable(&pEntry));
以上都为推算,正确性80%。
MoXiaoRab 2011-07-11
- 打赏
- 举报
以上回答请忽略。
刚刚逆向了ipconfig,跟踪了之后发现displaydns命令调用了DNSAPI.dll中的一个未公开的API:DnsGetCacheDataTable
你用LoadLibrary 载入 dnsapi.dll,找到这个函数,然后调用。具体的调用方式,有待LZ进一步研究。
OD逆向下就好了
刚刚逆向了ipconfig,跟踪了之后发现displaydns命令调用了DNSAPI.dll中的一个未公开的API:DnsGetCacheDataTable
你用LoadLibrary 载入 dnsapi.dll,找到这个函数,然后调用。具体的调用方式,有待LZ进一步研究。
OD逆向下就好了
MoXiaoRab 2011-07-11
- 打赏
- 举报
是用DnsAPI
DNS_STATUS WINAPI DnsQuery(
__in PCSTR lpstrName,
__in WORD wType,
__in DWORD fOptions,
__in_out_opt PVOID pExtra,
__in_out PDNS_RECORD* ppQueryResultsSet,
__in_out PVOID* pReserved
);
PDNS_RECORD结构体中的内容很丰富,而且它是个链表,成员函数中有指向PDNS_RECORD结构体类型的指针
toto996 2011-07-11
- 打赏
- 举报
[Quote=引用 6 楼 ndy_w 的回复:]
#include <windows.h>
#include <iphlpapi.h>
#include <stdio.h>
#include <time.h>
void main(void) {
DWORD Err;
PFIXED_INFO pFixedInfo;
DWORD FixedInfoSize = 0;
PIP_ADAPT……
[/Quote]
你的代码只是显示网络配置,并不是我想要的功能
#include <windows.h>
#include <iphlpapi.h>
#include <stdio.h>
#include <time.h>
void main(void) {
DWORD Err;
PFIXED_INFO pFixedInfo;
DWORD FixedInfoSize = 0;
PIP_ADAPT……
[/Quote]
你的代码只是显示网络配置,并不是我想要的功能
ndy_w 2011-07-11
- 打赏
- 举报
#include <windows.h>
#include <iphlpapi.h>
#include <stdio.h>
#include <time.h>
void main(void) {
DWORD Err;
PFIXED_INFO pFixedInfo;
DWORD FixedInfoSize = 0;
PIP_ADAPTER_INFO pAdapterInfo, pAdapt;
DWORD AdapterInfoSize;
PIP_ADDR_STRING pAddrStr;
if ((Err = GetNetworkParams(NULL, &FixedInfoSize)) != 0)
{
if (Err != ERROR_BUFFER_OVERFLOW)
{
printf("GetNetworkParams sizing failed with error %d\n", Err);
return;
}
}
if ((pFixedInfo = (PFIXED_INFO) GlobalAlloc(GPTR, FixedInfoSize)) == NULL)
{
printf("Memory allocation error\n");
return;
}
if ((Err = GetNetworkParams(pFixedInfo, &FixedInfoSize)) == 0)
{
printf("\tHost Name . . . . . . . . . : %s\n", pFixedInfo->HostName);
printf("\tDNS Servers . . . . . . . . : %s\n", pFixedInfo->DnsServerList.IpAddress.String);
pAddrStr = pFixedInfo->DnsServerList.Next;
while(pAddrStr)
{
printf("%52s\n", pAddrStr->IpAddress.String);
pAddrStr = pAddrStr->Next;
}
printf("\tNode Type . . . . . . . . . : ");
switch (pFixedInfo->NodeType)
{
case 1:
printf("%s\n", "Broadcast");
break;
case 2:
printf("%s\n", "Peer to peer");
break;
case 4:
printf("%s\n", "Mixed");
break;
case 8:
printf("%s\n", "Hybrid");
break;
default:
printf("\n");
}
printf("\tNetBIOS Scope ID. . . . . . : %s\n", pFixedInfo->ScopeId);
printf("\tIP Routing Enabled. . . . . : %s\n", (pFixedInfo->EnableRouting ? "yes" : "no"));
printf("\tWINS Proxy Enabled. . . . . : %s\n", (pFixedInfo->EnableProxy ? "yes" : "no"));
printf("\tNetBIOS Resolution Uses DNS : %s\n", (pFixedInfo->EnableDns ? "yes" : "no"));
} else
{
printf("GetNetworkParams failed with error %d\n", Err);
return;
}
AdapterInfoSize = 0;
if ((Err = GetAdaptersInfo(NULL, &AdapterInfoSize)) != 0)
{
if (Err != ERROR_BUFFER_OVERFLOW)
{
printf("GetAdaptersInfo sizing failed with error %d\n", Err);
return;
}
}
if ((pAdapterInfo = (PIP_ADAPTER_INFO) GlobalAlloc(GPTR, AdapterInfoSize)) == NULL)
{
printf("Memory allocation error\n");
return;
}
if ((Err = GetAdaptersInfo(pAdapterInfo, &AdapterInfoSize)) != 0)
{
printf("GetAdaptersInfo failed with error %d\n", Err);
return;
}
pAdapt = pAdapterInfo;
while (pAdapt)
{
switch (pAdapt->Type)
{
case MIB_IF_TYPE_ETHERNET:
printf("\nEthernet adapter ");
break;
case MIB_IF_TYPE_TOKENRING:
printf("\nToken Ring adapter ");
break;
case MIB_IF_TYPE_FDDI:
printf("\nFDDI adapter ");
break;
case MIB_IF_TYPE_PPP:
printf("\nPPP adapter ");
break;
case MIB_IF_TYPE_LOOPBACK:
printf("\nLoopback adapter ");
break;
case MIB_IF_TYPE_SLIP:
printf("\nSlip adapter ");
break;
case MIB_IF_TYPE_OTHER:
default:
printf("\nOther adapter ");
}
printf("%s:\n\n", pAdapt->AdapterName);
printf("\tDescription . . . . . . . . : %s\n", pAdapt->Description);
printf("\tPhysical Address. . . . . . : ");
for (UINT i=0; i<pAdapt->AddressLength; i++)
{
if (i == (pAdapt->AddressLength - 1))
printf("%.2X\n",(int)pAdapt->Address[i]);
else
printf("%.2X-",(int)pAdapt->Address[i]);
}
printf("\tDHCP Enabled. . . . . . . . : %s\n", (pAdapt->DhcpEnabled ? "yes" : "no"));
pAddrStr = &(pAdapt->IpAddressList);
while(pAddrStr)
{
printf("\tIP Address. . . . . . . . . : %s\n", pAddrStr->IpAddress.String);
printf("\tSubnet Mask . . . . . . . . : %s\n", pAddrStr->IpMask.String);
pAddrStr = pAddrStr->Next;
}
printf("\tDefault Gateway . . . . . . : %s\n", pAdapt->GatewayList.IpAddress.String);
pAddrStr = pAdapt->GatewayList.Next;
while(pAddrStr)
{
printf("%52s\n", pAddrStr->IpAddress.String);
pAddrStr = pAddrStr->Next;
}
printf("\tDHCP Server . . . . . . . . : %s\n", pAdapt->DhcpServer.IpAddress.String);
printf("\tPrimary WINS Server . . . . : %s\n", pAdapt->PrimaryWinsServer.IpAddress.String);
printf("\tSecondary WINS Server . . . : %s\n", pAdapt->SecondaryWinsServer.IpAddress.String);
struct tm *newtime;
// Display coordinated universal time - GMT
newtime = gmtime(&pAdapt->LeaseObtained);
printf( "\tLease Obtained. . . . . . . : %s", asctime( newtime ) );
newtime = gmtime(&pAdapt->LeaseExpires);
printf( "\tLease Expires . . . . . . . : %s", asctime( newtime ) );
pAdapt = pAdapt->Next;
}
}
#include <iphlpapi.h>
#include <stdio.h>
#include <time.h>
void main(void) {
DWORD Err;
PFIXED_INFO pFixedInfo;
DWORD FixedInfoSize = 0;
PIP_ADAPTER_INFO pAdapterInfo, pAdapt;
DWORD AdapterInfoSize;
PIP_ADDR_STRING pAddrStr;
if ((Err = GetNetworkParams(NULL, &FixedInfoSize)) != 0)
{
if (Err != ERROR_BUFFER_OVERFLOW)
{
printf("GetNetworkParams sizing failed with error %d\n", Err);
return;
}
}
if ((pFixedInfo = (PFIXED_INFO) GlobalAlloc(GPTR, FixedInfoSize)) == NULL)
{
printf("Memory allocation error\n");
return;
}
if ((Err = GetNetworkParams(pFixedInfo, &FixedInfoSize)) == 0)
{
printf("\tHost Name . . . . . . . . . : %s\n", pFixedInfo->HostName);
printf("\tDNS Servers . . . . . . . . : %s\n", pFixedInfo->DnsServerList.IpAddress.String);
pAddrStr = pFixedInfo->DnsServerList.Next;
while(pAddrStr)
{
printf("%52s\n", pAddrStr->IpAddress.String);
pAddrStr = pAddrStr->Next;
}
printf("\tNode Type . . . . . . . . . : ");
switch (pFixedInfo->NodeType)
{
case 1:
printf("%s\n", "Broadcast");
break;
case 2:
printf("%s\n", "Peer to peer");
break;
case 4:
printf("%s\n", "Mixed");
break;
case 8:
printf("%s\n", "Hybrid");
break;
default:
printf("\n");
}
printf("\tNetBIOS Scope ID. . . . . . : %s\n", pFixedInfo->ScopeId);
printf("\tIP Routing Enabled. . . . . : %s\n", (pFixedInfo->EnableRouting ? "yes" : "no"));
printf("\tWINS Proxy Enabled. . . . . : %s\n", (pFixedInfo->EnableProxy ? "yes" : "no"));
printf("\tNetBIOS Resolution Uses DNS : %s\n", (pFixedInfo->EnableDns ? "yes" : "no"));
} else
{
printf("GetNetworkParams failed with error %d\n", Err);
return;
}
AdapterInfoSize = 0;
if ((Err = GetAdaptersInfo(NULL, &AdapterInfoSize)) != 0)
{
if (Err != ERROR_BUFFER_OVERFLOW)
{
printf("GetAdaptersInfo sizing failed with error %d\n", Err);
return;
}
}
if ((pAdapterInfo = (PIP_ADAPTER_INFO) GlobalAlloc(GPTR, AdapterInfoSize)) == NULL)
{
printf("Memory allocation error\n");
return;
}
if ((Err = GetAdaptersInfo(pAdapterInfo, &AdapterInfoSize)) != 0)
{
printf("GetAdaptersInfo failed with error %d\n", Err);
return;
}
pAdapt = pAdapterInfo;
while (pAdapt)
{
switch (pAdapt->Type)
{
case MIB_IF_TYPE_ETHERNET:
printf("\nEthernet adapter ");
break;
case MIB_IF_TYPE_TOKENRING:
printf("\nToken Ring adapter ");
break;
case MIB_IF_TYPE_FDDI:
printf("\nFDDI adapter ");
break;
case MIB_IF_TYPE_PPP:
printf("\nPPP adapter ");
break;
case MIB_IF_TYPE_LOOPBACK:
printf("\nLoopback adapter ");
break;
case MIB_IF_TYPE_SLIP:
printf("\nSlip adapter ");
break;
case MIB_IF_TYPE_OTHER:
default:
printf("\nOther adapter ");
}
printf("%s:\n\n", pAdapt->AdapterName);
printf("\tDescription . . . . . . . . : %s\n", pAdapt->Description);
printf("\tPhysical Address. . . . . . : ");
for (UINT i=0; i<pAdapt->AddressLength; i++)
{
if (i == (pAdapt->AddressLength - 1))
printf("%.2X\n",(int)pAdapt->Address[i]);
else
printf("%.2X-",(int)pAdapt->Address[i]);
}
printf("\tDHCP Enabled. . . . . . . . : %s\n", (pAdapt->DhcpEnabled ? "yes" : "no"));
pAddrStr = &(pAdapt->IpAddressList);
while(pAddrStr)
{
printf("\tIP Address. . . . . . . . . : %s\n", pAddrStr->IpAddress.String);
printf("\tSubnet Mask . . . . . . . . : %s\n", pAddrStr->IpMask.String);
pAddrStr = pAddrStr->Next;
}
printf("\tDefault Gateway . . . . . . : %s\n", pAdapt->GatewayList.IpAddress.String);
pAddrStr = pAdapt->GatewayList.Next;
while(pAddrStr)
{
printf("%52s\n", pAddrStr->IpAddress.String);
pAddrStr = pAddrStr->Next;
}
printf("\tDHCP Server . . . . . . . . : %s\n", pAdapt->DhcpServer.IpAddress.String);
printf("\tPrimary WINS Server . . . . : %s\n", pAdapt->PrimaryWinsServer.IpAddress.String);
printf("\tSecondary WINS Server . . . : %s\n", pAdapt->SecondaryWinsServer.IpAddress.String);
struct tm *newtime;
// Display coordinated universal time - GMT
newtime = gmtime(&pAdapt->LeaseObtained);
printf( "\tLease Obtained. . . . . . . : %s", asctime( newtime ) );
newtime = gmtime(&pAdapt->LeaseExpires);
printf( "\tLease Expires . . . . . . . : %s", asctime( newtime ) );
pAdapt = pAdapt->Next;
}
}
toto996 2011-07-11
- 打赏
- 举报
[Quote=引用 4 楼 ndy_w 的回复:]
iphelpapi.h, vc6需要装sdk才有
[/Quote]
我也看了这个库,能说一下具休是里面的哪些函数吗
iphelpapi.h, vc6需要装sdk才有
[/Quote]
我也看了这个库,能说一下具休是里面的哪些函数吗
ndy_w 2011-07-11
- 打赏
- 举报
iphelpapi.h, vc6需要装sdk才有
toto996 2011-07-11
- 打赏
- 举报
ipconfig /displaydns
这个命令是用来查看客户端解析程序缓存,GetAdaptersInfo并没有这个功能
这个命令是用来查看客户端解析程序缓存,GetAdaptersInfo并没有这个功能
酒红色的泪 2011-07-11
- 打赏
- 举报
运用操作注册表函数查询 HKEY_LOCAL_MACHINE、SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\网络适配器名称
oyljerry 2011-07-11
- 打赏
- 举报
GetAdaptersInfo()看是否有需要的一些信息.
