110,580
社区成员
发帖
与我相关
我的任务
分享这软件如何做到的反监视?
WinSock Expert v0.7
这是一个用来监视和修改网络发送和接收数据的程序,可以用来帮助您调试网络应用程序,分析网络程序的通信协议(如分析OICQ的发送接收数据),并且在必要的时候能够修改发送的数据。
我用上面软件监视某软件的网络通信情况,这软件竟然自动关闭并弹出对话框说禁止监视?这是怎么做到的?有高手知道不....
这是一个用来监视和修改网络发送和接收数据的程序,可以用来帮助您调试网络应用程序,分析网络程序的通信协议(如分析OICQ的发送接收数据),并且在必要的时候能够修改发送的数据。
我用上面软件监视某软件的网络通信情况,这软件竟然自动关闭并弹出对话框说禁止监视?这是怎么做到的?有高手知道不....
...全文
请发表友善的回复…
发表回复
zlcp520 2011-11-15
- 打赏
- 举报
内容存入剪贴板
zlcp520 2011-11-15
- 打赏
- 举报
内容存入剪贴板
zlcp520 2011-11-15
- 打赏
- 举报
容存入剪贴板
zlcp520 2011-11-14
- 打赏
- 举报
[Quote=引用 7 楼 csnd_freeman 的回复:]
引用 2 楼 zlcp520 的回复:
引用 1 楼 lin_lujian 的回复:
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of ……
[/Quote]
怎么搞成C#啊
引用 2 楼 zlcp520 的回复:
引用 1 楼 lin_lujian 的回复:
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of ……
[/Quote]
怎么搞成C#啊
zlcp520 2011-11-14
- 打赏
- 举报
[Quote=引用 6 楼 chichenzhe 的回复:]
能够侦听网络包的软件就那么几款.能够侦听 还能够直接篡改并封包发送的就更少了
他在自己程序里 写一个列表不就够了...
[/Quote]
国内国外多了去了...
能够侦听网络包的软件就那么几款.能够侦听 还能够直接篡改并封包发送的就更少了
他在自己程序里 写一个列表不就够了...
[/Quote]
国内国外多了去了...
freemangood 2011-11-14
- 打赏
- 举报
[Quote=引用 2 楼 zlcp520 的回复:]
引用 1 楼 lin_lujian 的回复:
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of media insertion -
//……
[/Quote]
c++的啊
引用 1 楼 lin_lujian 的回复:
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of media insertion -
//……
[/Quote]
c++的啊
chichenzhe 2011-11-14
- 打赏
- 举报
能够侦听网络包的软件就那么几款.能够侦听 还能够直接篡改并封包发送的就更少了
他在自己程序里 写一个列表不就够了...
他在自己程序里 写一个列表不就够了...
zlcp520 2011-11-14
- 打赏
- 举报
内容存入剪贴板
heroseven 2011-11-14
- 打赏
- 举报
话说大面积使用的监听软件应该不多吧。。。你自己写个监听软件试试
zlcp520 2011-11-14
- 打赏
- 举报
容存入剪贴板
zlcp520 2011-11-14
- 打赏
- 举报
容存入剪贴
足球中国 2011-11-14
- 打赏
- 举报
用hook把你的hook不断放在最上面。
这种监视方法特笨,不推荐使用。
这种监视方法特笨,不推荐使用。
zlcp520 2011-11-14
- 打赏
- 举报
容存入剪贴板
zlcp520 2011-11-13
- 打赏
- 举报
[Quote=引用 3 楼 xustanly 的回复:]
可能是检测了进程,低层的网络传输应该发现不了问题.
[/Quote]
监视软件 这多,他怎么检测进程?
可能是检测了进程,低层的网络传输应该发现不了问题.
[/Quote]
监视软件 这多,他怎么检测进程?
xuStanly 2011-11-13
- 打赏
- 举报
可能是检测了进程,低层的网络传输应该发现不了问题.
zlcp520 2011-11-13
- 打赏
- 举报
[Quote=引用 1 楼 lin_lujian 的回复:]
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of media insertion -
// allows us to d……
[/Quote]
你这什么语言啊,看不懂啊
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of media insertion -
// allows us to d……
[/Quote]
你这什么语言啊,看不懂啊
幸福的小木鱼 2011-11-13
- 打赏
- 举报
CMyWnd::CMyWnd()
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of media insertion -
// allows us to detect removable media or a multimedia card
HWND hWnd = GetSafeHwnd();
LPITEMIDLIST ppidl;
if(SHGetSpecialFolderLocation(hWnd, CSIDL_DESKTOP, &ppidl) == NOERROR)
{
SHChangeNotifyEntry shCNE;
shCNE.pidl = ppidl;
shCNE.fRecursive = TRUE;
// Returns a positive integer registration identifier (ID).
// Returns zero if out of memory or in response to invalid parameters.
m_ulSHChangeNotifyRegister = SHChangeNotifyRegister(hWnd, // Hwnd to receive notification
SHCNE_DISKEVENTS, // Event types of interest (sources)
SHCNE_MEDIAINSERTED|SHCNE_MEDIAREMOVED, // Events of interest - use // SHCNE_ALLEVENTS for all events
WM_USER_MEDIACHANGED, // Notification message to be sent // upon the event
1, // Number of entries in the pfsne array
&shCNE); // Array of SHChangeNotifyEntry structures that // contain the notifications. This array should // always be set to one when calling SHChnageNotifyRegister
// or SHChangeNotifyDeregister will not work properly.
ASSERT(m_ulSHChangeNotifyRegister != 0); // Shell notification failed
}
else
ASSERT(FALSE); // Failed to get desktop location
}Add a message handler to your message map for the notification message: Collapse | Copy CodeON_MESSAGE(WM_USER_MEDIACHANGED, OnMediaChanged)Together with the corresponding declaration: Collapse | Copy Codeafx_msg LRESULT OnMediaChanged(WPARAM, LPARAM);Then deal with the message as desired: Collapse | Copy Code// The lParam value contains the event SHCNE_xxxx
// The wParam value supplies the SHNOTIFYSTRUCT
typedef struct {
DWORD dwItem1; // dwItem1 contains the previous PIDL or name of the folder.
DWORD dwItem2; // dwItem2 contains the new PIDL or name of the folder.
} SHNOTIFYSTRUCT;
LRESULT CMyWnd::OnMediaChanged(WPARAM wParam, LPARAM lParam)
{
SHNOTIFYSTRUCT *shns = (SHNOTIFYSTRUCT *)wParam;
CString strPath, strMsg;
switch(lParam)
{
case SHCNE_MEDIAINSERTED: // media inserted event
{
strPath = GetPathFromPIDL(shns->dwItem1);
if(!strPath.IsEmpty())
{
// Process strPath as required, for now a simple message box
strMsg.Format("Media inserted into %s", strPath);
AfxMessageBox(strMsg);
}
}
case SHCNE_MEDIAREMOVED: // media removed event
{
strPath = GetPathFromPIDL(shns->dwItem1);
if(!strPath.IsEmpty())
{
// Process strPath as required, for now a simple message box
strMsg.Format("Media removed from %s", strPath);
AfxMessageBox(strMsg);
}
}
//case SHCNE_xxxx: Add other events processing here
}
return NULL;
}
CString CMyWnd::GetPathFromPIDL(DWORD pidl)
{
char sPath[MAX_PATH];
CString strTemp = _T("");
if(SHGetPathFromIDList((struct _ITEMIDLIST *)pidl, sPath))
strTemp = sPath;
return strTemp;
}Finally deregister your request when no longer required: Collapse | Copy Codevoid CMyWnd::OnDestroy()
{
if(m_ulSHChangeNotifyRegister)
VERIFY(SHChangeNotifyDeregister(m_ulSHChangeNotifyRegister));
CWnd::OnDestroy();
}
{
ulSHChangeNotifyRegister = NULL;
}
BOOL CMyWnd::OnInitDialog()
{
CWnd::OnInitDialog();
// Request notification from shell of media insertion -
// allows us to detect removable media or a multimedia card
HWND hWnd = GetSafeHwnd();
LPITEMIDLIST ppidl;
if(SHGetSpecialFolderLocation(hWnd, CSIDL_DESKTOP, &ppidl) == NOERROR)
{
SHChangeNotifyEntry shCNE;
shCNE.pidl = ppidl;
shCNE.fRecursive = TRUE;
// Returns a positive integer registration identifier (ID).
// Returns zero if out of memory or in response to invalid parameters.
m_ulSHChangeNotifyRegister = SHChangeNotifyRegister(hWnd, // Hwnd to receive notification
SHCNE_DISKEVENTS, // Event types of interest (sources)
SHCNE_MEDIAINSERTED|SHCNE_MEDIAREMOVED, // Events of interest - use // SHCNE_ALLEVENTS for all events
WM_USER_MEDIACHANGED, // Notification message to be sent // upon the event
1, // Number of entries in the pfsne array
&shCNE); // Array of SHChangeNotifyEntry structures that // contain the notifications. This array should // always be set to one when calling SHChnageNotifyRegister
// or SHChangeNotifyDeregister will not work properly.
ASSERT(m_ulSHChangeNotifyRegister != 0); // Shell notification failed
}
else
ASSERT(FALSE); // Failed to get desktop location
}Add a message handler to your message map for the notification message: Collapse | Copy CodeON_MESSAGE(WM_USER_MEDIACHANGED, OnMediaChanged)Together with the corresponding declaration: Collapse | Copy Codeafx_msg LRESULT OnMediaChanged(WPARAM, LPARAM);Then deal with the message as desired: Collapse | Copy Code// The lParam value contains the event SHCNE_xxxx
// The wParam value supplies the SHNOTIFYSTRUCT
typedef struct {
DWORD dwItem1; // dwItem1 contains the previous PIDL or name of the folder.
DWORD dwItem2; // dwItem2 contains the new PIDL or name of the folder.
} SHNOTIFYSTRUCT;
LRESULT CMyWnd::OnMediaChanged(WPARAM wParam, LPARAM lParam)
{
SHNOTIFYSTRUCT *shns = (SHNOTIFYSTRUCT *)wParam;
CString strPath, strMsg;
switch(lParam)
{
case SHCNE_MEDIAINSERTED: // media inserted event
{
strPath = GetPathFromPIDL(shns->dwItem1);
if(!strPath.IsEmpty())
{
// Process strPath as required, for now a simple message box
strMsg.Format("Media inserted into %s", strPath);
AfxMessageBox(strMsg);
}
}
case SHCNE_MEDIAREMOVED: // media removed event
{
strPath = GetPathFromPIDL(shns->dwItem1);
if(!strPath.IsEmpty())
{
// Process strPath as required, for now a simple message box
strMsg.Format("Media removed from %s", strPath);
AfxMessageBox(strMsg);
}
}
//case SHCNE_xxxx: Add other events processing here
}
return NULL;
}
CString CMyWnd::GetPathFromPIDL(DWORD pidl)
{
char sPath[MAX_PATH];
CString strTemp = _T("");
if(SHGetPathFromIDList((struct _ITEMIDLIST *)pidl, sPath))
strTemp = sPath;
return strTemp;
}Finally deregister your request when no longer required: Collapse | Copy Codevoid CMyWnd::OnDestroy()
{
if(m_ulSHChangeNotifyRegister)
VERIFY(SHChangeNotifyDeregister(m_ulSHChangeNotifyRegister));
CWnd::OnDestroy();
}
