在迂回的 WSASend 中阻塞数据包
Posted
技术标签:
【中文标题】在迂回的 WSASend 中阻塞数据包【英文标题】:Blocking packets in detoured WSASend 【发布时间】:2013-12-23 01:26:04 【问题描述】:所以我绕了WSASend,当然可以调用它让一切正常,但是有些数据包(我分析后)我想阻止发送,所以我不能调用原来的函数。无论我返回什么,调用代码似乎都知道出了问题。
当一切正常时,WSASend 应该返回 0。具有讽刺意味的是,如果我在尝试阻塞时简单地返回 0,调用代码似乎正在等待某些东西,从而使所有连接延迟并最终关闭。
代码:
int WINAPI myWSASend(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesSent, DWORD dwFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
if(lpBuffers->buf[2] == 0x66 && lpBuffers->buf[3] == 0x78)
FILE *fp = fopen("party_sploit.txt", "a");
fprintf(fp, "0x7866 catched! len: %lu\n", lpBuffers->len);
for (unsigned int i = 0; i < lpBuffers->len-8; i = i + 8)
fprintf(fp,
"%02X %02X %02X %02X %02X %02X %02X %02X"
"\t\t%c %c %c %c %c %c %c %c\n",
static_cast<unsigned char>(lpBuffers->buf[i]),
static_cast<unsigned char>(lpBuffers->buf[i+1]),
static_cast<unsigned char>(lpBuffers->buf[i+2]),
static_cast<unsigned char>(lpBuffers->buf[i+3]),
static_cast<unsigned char>(lpBuffers->buf[i+4]),
static_cast<unsigned char>(lpBuffers->buf[i+5]),
static_cast<unsigned char>(lpBuffers->buf[i+6]),
static_cast<unsigned char>(lpBuffers->buf[i+7]),
(drawable(lpBuffers->buf[i])) ? static_cast<unsigned char>(lpBuffers->buf[i]) : '.',
(drawable(lpBuffers->buf[i+1])) ? static_cast<unsigned char>(lpBuffers->buf[i+1]) : '.',
(drawable(lpBuffers->buf[i+2])) ? static_cast<unsigned char>(lpBuffers->buf[i+2]) : '.',
(drawable(lpBuffers->buf[i+3])) ? static_cast<unsigned char>(lpBuffers->buf[i+3]) : '.',
(drawable(lpBuffers->buf[i+4])) ? static_cast<unsigned char>(lpBuffers->buf[i+4]) : '.',
(drawable(lpBuffers->buf[i+5])) ? static_cast<unsigned char>(lpBuffers->buf[i+5]) : '.',
(drawable(lpBuffers->buf[i+6])) ? static_cast<unsigned char>(lpBuffers->buf[i+6]) : '.',
(drawable(lpBuffers->buf[i+7])) ? static_cast<unsigned char>(lpBuffers->buf[i+7]) : '.'
);
fprintf(fp, "\n-------------------------------------------------------------------\n");
fclose(fp);
if(lpBuffers->len < 26)
lpNumberOfBytesSent = (LPDWORD)lpBuffers->len;
return 0;
else
return (oWSASend)(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
else
//No filtered packet recieved, proceed
return (oWSASend)(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
【问题讨论】:
有人吗?请我尝试修复对我的游戏服务器的攻击.. 【参考方案1】:答案其实很简单……我忘了取消引用 lpNumberOfBytesSent 指针,出于安全原因,我还添加了一个 if-not-null
if(lpBuffers->len != NULL && lpBuffers->len < 26)
*lpNumberOfBytesSent = lpBuffers->len;
return 0;
else
return (oWSASend)(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
【讨论】:
以上是关于在迂回的 WSASend 中阻塞数据包的主要内容,如果未能解决你的问题,请参考以下文章
如何知道完成数据包是针对 WSASend() 还是 WSARecv() 还是 AcceptEx()?
WSASend 是不是将所有 WSABUF 缓冲区作为单个数据包发送?
如何避免使用函数调用 WSAsend 将多个缓冲区组合成一个 UDP 数据包?