Advertisement
captmicro

Per-Process packet capture

Aug 15th, 2010
347
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.10 KB | None | 0 0
  1. #include "main.h"
  2.  
  3. _send pSend;
  4. _recv pRecv;
  5. char logfile[MAX_PATH];
  6.  
  7. int WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
  8. {
  9.     if (dwReason == DLL_PROCESS_ATTACH)
  10.     {
  11.         GetModuleFileNameA(NULL, logfile, MAX_PATH);
  12.         lstrcatA(logfile, ".txt");
  13.         MessageBoxA(0, logfile, "pp_capture.dll", 0);
  14.  
  15.         LogFile("DLL_PROCESS_ATTACH\n", 0);
  16.  
  17.         pSend = (_send)DetourFindFunction("ws2_32.dll", "send");
  18.         pRecv = (_recv)DetourFindFunction("ws2_32.dll", "recv");
  19.  
  20.         DisableThreadLibraryCalls(hModule);
  21.  
  22.         DetourTransactionBegin();
  23.         DetourUpdateThread(GetCurrentThread());
  24.         DetourAttach(&(PVOID&)pSend, cSend);
  25.         if (DetourTransactionCommit() == NO_ERROR)
  26.             LogFile("send() detoured successfully\n", 0);
  27.  
  28.         DetourTransactionBegin();
  29.         DetourUpdateThread(GetCurrentThread());
  30.         DetourAttach(&(PVOID&)pRecv, cRecv);
  31.         if (DetourTransactionCommit() == NO_ERROR)
  32.             LogFile("recv() detoured successfully\n", 0);
  33.     }
  34.     else if (dwReason == DLL_PROCESS_DETACH)
  35.     {
  36.         LogFile("DLL_PROCESS_DETACH\n", 0);
  37.         DetourTransactionBegin();
  38.         DetourUpdateThread(GetCurrentThread());
  39.         DetourDetach(&(PVOID&)pSend, cSend);
  40.         if (DetourTransactionCommit() == NO_ERROR)
  41.             LogFile("send() un-detoured successfully\n", 0);
  42.        
  43.         DetourTransactionBegin();
  44.         DetourUpdateThread(GetCurrentThread());
  45.         DetourDetach(&(PVOID&)pRecv, cRecv);
  46.         if (DetourTransactionCommit() == NO_ERROR)
  47.             LogFile("recv() un-detoured successfully\n", 0);
  48.     }
  49. }
  50.  
  51. int WINAPI cSend(SOCKET s, const char *buf, int len, int flags)
  52. {
  53.     LogFile("[SEND]", 6);
  54.     LogFile((char*)buf, len);
  55.     LogFile("\n", 1);
  56.     return pSend(s, buf, len, flags);
  57. }
  58.  
  59. int WINAPI cRecv(SOCKET s, char *buf, int len, int flags)
  60. {
  61.     LogFile("[RECV]", 6);
  62.     LogFile(buf, len);
  63.     LogFile("\n", 1);
  64.     return pRecv(s, buf, len, flags);
  65. }
  66.  
  67. void LogFile(char *str, int len)
  68. {
  69.     HANDLE file = CreateFileA(logfile, FILE_APPEND_DATA,
  70.         FILE_SHARE_READ, 0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
  71.     if (file == INVALID_HANDLE_VALUE) return;
  72.     DWORD dwBytesWritten;
  73.     if (len == 0) len = lstrlenA(str);
  74.     WriteFile(file, str, len, &dwBytesWritten, 0);
  75.     CloseHandle(file);
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement