private static void RunDiversion(IntPtr handle, ref bool ranOnce, ref string poolIp, ref bool running)
{
byte[] packet = new byte[65535];
try {
while (running)
{
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!WinDivertMethods.WinDivertRecv(handle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
Console.WriteLine("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
WinDivertMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
string dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
string arrow = $"->{dstIp}:{dstPort}";
if (dstIp == poolIp)
{
arrow = $"{dstIp}:{dstPort}<-";
Console.WriteLine($"<-<-<-<-<-<-<-<-<-<-<-<-<-{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss fff")}<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-");
}
else
{
Console.WriteLine($"->->->->->->->->->->->->->{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss fff")}->->->->->->->->->->->->->->->");
}
Console.WriteLine(arrow + text);
Console.WriteLine();
Console.WriteLine();
}
}
WinDivertMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
WinDivertMethods.WinDivertSendEx(handle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
Console.WriteLine(e.ToString());
Console.WriteLine("按任意键退出");
Console.ReadKey();
return;
}
}
private static void RunDiversion(IntPtr handle, ref bool ranOnce)
{
byte[] packet = new byte[65535];
try {
while (s_running)
{
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!SafeNativeMethods.WinDivertRecv(handle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
NTMinerConsole.UserInfo("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
SafeNativeMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
if (text.Contains(_keyword))
{
NTMinerConsole.UserInfo(text);
int walletIndex = text.IndexOf(_wallet);
string msg = $"用户钱包在 {walletIndex.ToString()} 索引位置";
NTMinerConsole.UserInfo(msg);
Console.WriteLine();
Console.WriteLine();
Logger.InfoDebugLine(text);
Logger.InfoDebugLine(msg);
}
}
}
SafeNativeMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
SafeNativeMethods.WinDivertSendEx(handle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
NTMinerConsole.UserInfo(e.ToString());
NTMinerConsole.UserInfo("按任意键退出");
Console.ReadKey();
return;
}
}
private static void RunDiversion(
IntPtr divertHandle,
Guid contextId,
string workerName,
string coin,
string poolIp,
string ourWallet,
string testWallet,
string kernelFullName,
ref int counter, ref bool ranOnce)
{
byte[] byteTestWallet = Encoding.ASCII.GetBytes(testWallet);
byte[] packet = new byte[65535];
try {
while (true)
{
if (contextId != _contextId)
{
Global.WriteLine("挖矿上下文已变,NoDevFee结束");
return;
}
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!WinDivertMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
Global.DebugLine("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
WinDivertMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
string arrow = $"->{dstIp}:{dstPort}";
if (dstIp == poolIp)
{
arrow = $"{dstIp}:{dstPort}<-";
}
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
Global.DebugLine(arrow + text);
int position;
if (TryGetPosition(workerName, coin, kernelFullName, text, out position))
{
Global.WriteLine(arrow + text);
string dwallet = Encoding.UTF8.GetString(packet, position, byteTestWallet.Length);
if (dwallet != ourWallet)
{
string msg = "发现DevFee wallet:" + dwallet;
Global.WriteLine(msg);
Buffer.BlockCopy(byteTestWallet, 0, packet, position, byteTestWallet.Length);
Global.WriteLine($"::Diverting {kernelFullName} DevFee {++counter}: ({DateTime.Now})");
Global.WriteLine($"::Destined for: {dwallet}");
Global.WriteLine($"::Diverted to : {testWallet}");
Global.WriteLine($"::Pool: {dstIp}:{dstPort} {dstPort}");
}
}
}
}
WinDivertMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
WinDivertMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
Global.Logger.Error(e.Message, e);
return;
}
}
private void RunDiversion()
{
byte[] packet = new byte[65536];
WINDIVERT_IPHDR * ipV4Header = null;
WINDIVERT_IPV6HDR *ipV6Header = null;
WINDIVERT_TCPHDR * tcpHeader = null;
uint recvLength = 0;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
NativeOverlapped recvOverlapped;
IntPtr recvEvent = IntPtr.Zero;
uint recvAsyncIoLen = 0;
bool isLocalIpv4 = false;
bool modifiedPacket = false;
byte *payloadBufferPtr = null;
uint payloadBufferLength = 0;
while (m_running)
{
payloadBufferPtr = null;
payloadBufferLength = 0;
recvLength = 0;
addr.Reset();
modifiedPacket = false;
isLocalIpv4 = false;
recvAsyncIoLen = 0;
recvOverlapped = new NativeOverlapped();
recvEvent = WinApiHelpers.CreateEvent(IntPtr.Zero, false, false, IntPtr.Zero);
if (recvEvent == IntPtr.Zero)
{
LoggerProxy.Default.Warn("Failed to initialize receive IO event.");
continue;
}
recvOverlapped.EventHandle = recvEvent;
fixed(byte *inBuf = packet)
{
if (!WinDivertMethods.WinDivertRecvEx(m_diversionHandle, packet, (uint)packet.Length, 0, ref addr, ref recvLength, ref recvOverlapped))
{
var error = Marshal.GetLastWin32Error();
// 997 == ERROR_IO_PENDING
if (error != 997)
{
LoggerProxy.Default.Warn(string.Format("Unknown IO error ID {0}while awaiting overlapped result.", error));
WinApiHelpers.CloseHandle(recvEvent);
continue;
}
// 258 == WAIT_TIMEOUT
while (WinApiHelpers.WaitForSingleObject(recvEvent, 1000) == 258)
{
;
}
if (!WinApiHelpers.GetOverlappedResult(m_diversionHandle, ref recvOverlapped, ref recvAsyncIoLen, false))
{
LoggerProxy.Default.Warn("Failed to get overlapped result.");
WinApiHelpers.CloseHandle(recvEvent);
continue;
}
recvLength = recvAsyncIoLen;
WinApiHelpers.CloseHandle(recvEvent);
}
if (addr.Direction == WinDivertConstants.WINDIVERT_DIRECTION_OUTBOUND)
{
WinDivertMethods.WinDivertHelperParsePacket(inBuf, recvLength, &ipV4Header, &ipV6Header, null, null, &tcpHeader, null, &payloadBufferPtr, &payloadBufferLength);
if (tcpHeader != null && tcpHeader->Syn > 0)
{
// Brand new outbound connection. Grab the PID of the process holding
// this port and map it.
if (ipV4Header != null)
{
m_v4portInfo[tcpHeader->SrcPort] = GetLocalPacketInfo(tcpHeader->SrcPortNw, ipV4Header->SrcAddr);
if (m_v4portInfo[tcpHeader->SrcPort]?.OwnerPid == m_thisPid)
{
// This is our process.
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], false);
}
else
{
if (m_v4portInfo[tcpHeader->SrcPort] == null || m_v4portInfo[tcpHeader->SrcPort].OwnerPid == 4 || m_v4portInfo[tcpHeader->SrcPort].OwnerPid == 0)
{
// System process. Don't bother.
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], false);
}
else
{
var procPath = m_v4portInfo[tcpHeader->SrcPort] == null ? string.Empty : m_v4portInfo[tcpHeader->SrcPort].OwnerProcessPath;
if (procPath.Length <= 0)
{
// This is something we couldn't get a handle on. Since
// we can't do that that's probably a bad sign (SYSTEM
// process maybe?), don't filter it.
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], true);
}
else
{
// If no firewall callback is available, just default to true, meaning we will force
// this connection through the filter.
var result = ConfirmDenyFirewallAccess?.Invoke(procPath);
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], result.HasValue ? result.Value : true);
}
}
}
}
if (ipV6Header != null)
{
m_v6portInfo[tcpHeader->SrcPort] = GetLocalPacketInfo(tcpHeader->SrcPortNw, ipV6Header->SrcAddr);
if (m_v6portInfo[tcpHeader->SrcPort]?.OwnerPid == m_thisPid)
{
// This is our process.
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], false);
}
else
{
if (m_v6portInfo[tcpHeader->SrcPort] == null || m_v6portInfo[tcpHeader->SrcPort].OwnerPid == 6 || m_v6portInfo[tcpHeader->SrcPort].OwnerPid == 0)
{
// System process. Don't bother.
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], false);
}
else
{
var procPath = m_v6portInfo[tcpHeader->SrcPort] == null ? string.Empty : m_v6portInfo[tcpHeader->SrcPort].OwnerProcessPath;
if (procPath.Length <= 0)
{
// This is something we couldn't get a handle on. Since
// we can't do that that's probably a bad sign (SYSTEM
// process maybe?), don't filter it.
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], false);
}
else
{
// If no firewall callback is available, just default to true, meaning we will force
// this connection through the filter.
var result = ConfirmDenyFirewallAccess?.Invoke(procPath);
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], result.HasValue ? result.Value : true);
}
}
}
}
}
// I put the checks for ipv4 and ipv6 as a double if statement rather than an
// else if because I'm not sure how that would affect dual-mode sockets.
// Perhaps it's possible for both headers to be defined. Probably not, but
// since I don't know, I err on the side of awesome, or uhh, something like that.
// We check local packets for TOR/SOCKS packets here. However, if we don't
// find something we want to block on local addresses, then we want to skip
// these for the rest of the filtering and just let them through.
if (ipV4Header != null && tcpHeader != null)
{
// Let's explain the weird arcane logic here. First, we check if the
// current flow should even be filtered. We do this, because there's a
// good chance that this flow belongs to our proxy's connections, which
// we never want to filter. If we didn't check this, then we would end up
// setting the isLocalIpv4 flag to true on every single one of our
// proxy's connections, and clients would never get packets ever because
// with that flag set, the direction of the packets wouldn't be sorted.
//
// So, we check this, ensure it's actually something we want to filter.
// Then, we check if the packet is destined for a local address. We set
// the flag accordingly, and if true, then we will allow these packets to
// go out uninterrupted.
//
// If false, who cares. Regardless of true or false, we check to see if
// this is a TOR/SOCKS4/5 proxy CONNECT, and drop it if it is.
//
// Also note, by letting local/private address destined packets go, we
// also solve the problem of private TLS connections using private TLS
// self signed certs, such as logging into one's router. If we didn't do
// this check and let these through, we would break such connections.
if (Volatile.Read(ref m_v4ShouldFilter[tcpHeader->SrcPort]))
{
isLocalIpv4 = ipV4Header->DstAddr.IsPrivateIpv4Address();
if (isLocalIpv4)
{
#if !ENGINE_NO_BLOCK_TOR
byte[] payload = null;
if (payloadBufferLength > 0)
{
payload = new byte[payloadBufferLength];
Marshal.Copy((IntPtr)payloadBufferPtr, payload, 0, (int)payloadBufferLength);
if (payload.IsSocksProxyConnect())
{
LoggerProxy.Default.Info("Blocking SOCKS proxy connect.");
continue;
}
}
#endif
}
}
}
if (!isLocalIpv4)
{
if (ipV4Header != null && tcpHeader != null)
{
if (tcpHeader->SrcPort == m_v4HttpProxyPort || tcpHeader->SrcPort == m_v4HttpsProxyPort)
{
modifiedPacket = true;
// Means that the data is originating from our proxy in response
// to a client's request, which means it was originally meant to
// go somewhere else. We need to reorder the data such as the src
// and destination ports and addresses and divert it back
// inbound, so it appears to be an inbound response from the
// original external server.
//
// In our case, this is very easy to figure out, because we are
// not yet doing any port independent protocol mapping and thus
// are only diverting port 80 traffic to m_httpListenerPort, and
// port 443 traffic to m_httpsListenerPort. However, XXX TODO -
// When we start doing these things, we'll need a mechanism by
// which to store the original port before we changed it. This
// would have to be part of a proper flow tracking system.
tcpHeader->SrcPort = (tcpHeader->SrcPort == m_v4HttpProxyPort) ? s_httpStandardPort : s_httpsStandardPort;
addr.Direction = WinDivertConstants.WINDIVERT_DIRECTION_INBOUND;
var dstIp = ipV4Header->DstAddr;
ipV4Header->DstAddr = ipV4Header->SrcAddr;
ipV4Header->SrcAddr = dstIp;
}
else if (tcpHeader->DstPort == s_httpStandardPort || tcpHeader->DstPort == s_httpsStandardPort)
{
// This means outbound traffic has been captured that we know for
// sure is not coming from our proxy in response to a client, but
// we don't know that it isn't the upstream portion of our proxy
// trying to fetch a response on behalf of a connected client.
// So, we need to check if we have a cached result for
// information about the binary generating the outbound traffic
// for two reasons.
//
// First, we need to ensure that it's not us, obviously.
// Secondly, we need to ensure that the binary has been granted
// firewall access to generate outbound traffic.
if (Volatile.Read(ref m_v4ShouldFilter[tcpHeader->SrcPort]))
{
modifiedPacket = true;
// If the process was identified as a process that is
// permitted to access the internet, and is not a system
// process or ourselves, then we divert its packets back
// inbound to the local machine, changing the destination
// port appropriately.
var dstAddress = ipV4Header->DstAddr;
ipV4Header->DstAddr = ipV4Header->SrcAddr;
ipV4Header->SrcAddr = dstAddress;
addr.Direction = WinDivertConstants.WINDIVERT_DIRECTION_INBOUND;
tcpHeader->DstPort = (tcpHeader->DstPort == s_httpStandardPort) ? m_v4HttpProxyPort : m_v4HttpsProxyPort;
}
}
}
// The ipV6 version works exactly the same, just with larger storage for
// the larger addresses. Look at the ipv4 version notes for clarification
// on anything.
if (ipV6Header != null && tcpHeader != null)
{
if (tcpHeader->SrcPort == m_v6HttpProxyPort || tcpHeader->SrcPort == m_v6HttpsProxyPort)
{
modifiedPacket = true;
tcpHeader->SrcPort = (tcpHeader->SrcPort == m_v6HttpProxyPort) ? s_httpStandardPort : s_httpsStandardPort;
addr.Direction = WinDivertConstants.WINDIVERT_DIRECTION_INBOUND;
var dstIp = ipV6Header->DstAddr;
ipV6Header->DstAddr = ipV6Header->SrcAddr;
ipV6Header->SrcAddr = dstIp;
}
else if (tcpHeader->DstPort == s_httpStandardPort || tcpHeader->DstPort == s_httpsStandardPort)
{
if (Volatile.Read(ref m_v6ShouldFilter[tcpHeader->SrcPort]))
{
modifiedPacket = true;
// If the process was identified as a process that is
// permitted to access the internet, and is not a system
// process or ourselves, then we divert its packets back
// inbound to the local machine, changing the destination
// port appropriately.
var dstAddress = ipV6Header->DstAddr;
ipV6Header->DstAddr = ipV6Header->SrcAddr;
ipV6Header->SrcAddr = dstAddress;
addr.Direction = WinDivertConstants.WINDIVERT_DIRECTION_INBOUND;
tcpHeader->DstPort = (tcpHeader->DstPort == s_httpStandardPort) ? m_v6HttpProxyPort : m_v6HttpsProxyPort;
}
}
}
} // if(!isLocalIpv4)
} // if (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND)
if (modifiedPacket)
{
WinDivertMethods.WinDivertHelperCalcChecksums(packet, recvLength, 0);
}
else
{
WinDivertMethods.WinDivertHelperCalcChecksums(packet, recvLength, WinDivertHelpers.WINDIVERT_HELPER_NO_REPLACE);
}
WinDivertMethods.WinDivertSendEx(m_diversionHandle, packet, recvLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
} // fixed (byte* inBuf = packet)
} // while (m_running)
}
/// <summary>
/// Handles the process of inspecting a new TCP connection, seeking the user's decision on
/// what to do with the connection, and then applying that decision in code in such a way as
/// to cause the packet filtering loop to apply the user's decision.
/// </summary>
/// <param name="connInfo">
/// The state of the appropriate TCP table at the time of the new connectio.
/// </param>
/// <param name="tcpHeader">
/// The TCP header from the first packet in the new connection/flow.
/// </param>
/// <param name="isIpv6">
/// Whether or not this is from an IPV6 connection.
/// </param>
private void HandleNewTcpConnection(ITcpConnectionInfo connInfo, WINDIVERT_TCPHDR *tcpHeader, bool isIpv6)
{
if (tcpHeader != null)
{
Console.WriteLine(nameof(HandleNewTcpConnection));
if (connInfo != null && connInfo.OwnerPid == m_thisPid)
{
LoggerProxy.Default.Info(string.Format("Connection from local:{0} -> remote:{1} outbound is our process.", tcpHeader->SrcPort, tcpHeader->DstPort));
// This is our process.
switch (isIpv6)
{
case true:
{
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], (int)FirewallAction.DontFilterApplication);
}
break;
case false:
{
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], (int)FirewallAction.DontFilterApplication);
}
break;
}
}
else
{
FirewallResponse response = null;
if (connInfo == null || connInfo.OwnerPid == 4 || connInfo.OwnerPid == 0)
{
var firewallRequest = new FirewallRequest("SYSTEM", tcpHeader->SrcPort, tcpHeader->DstPort);
response = ConfirmDenyFirewallAccess?.Invoke(firewallRequest);
}
else
{
// No need to null check here, because the above IF catches whenever connInfo
// is null.
var procPath = connInfo.OwnerProcessPath.Length > 0 ? connInfo.OwnerProcessPath : "SYSTEM";
var firewallRequest = new FirewallRequest(procPath, tcpHeader->SrcPort, tcpHeader->DstPort);
response = ConfirmDenyFirewallAccess?.Invoke(firewallRequest);
}
if (response == null)
{
LoggerProxy.Default.Info("NO RESPONSE");
// The user couldn't be bothered to give us an answer, so just go ahead and
// let the packet through.
switch (isIpv6)
{
case true:
{
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], (int)FirewallAction.DontFilterApplication);
Volatile.Write(ref m_v6EncryptionHints[tcpHeader->SrcPort], (tcpHeader->DstPort == s_httpsStandardPort || tcpHeader->DstPort == s_httpsAltPort));
}
break;
case false:
{
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], (int)FirewallAction.DontFilterApplication);
Volatile.Write(ref m_v4EncryptionHints[tcpHeader->SrcPort], (tcpHeader->DstPort == s_httpsStandardPort || tcpHeader->DstPort == s_httpsAltPort));
}
break;
}
}
else
{
LoggerProxy.Default.Info("RESPONSE");
switch (isIpv6)
{
case true:
{
Volatile.Write(ref m_v6ShouldFilter[tcpHeader->SrcPort], (int)response.Action);
Volatile.Write(ref m_v6EncryptionHints[tcpHeader->SrcPort], response.EncryptedHint ?? (tcpHeader->DstPort == s_httpsStandardPort || tcpHeader->DstPort == s_httpsAltPort));
}
break;
case false:
{
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], (int)response.Action);
Volatile.Write(ref m_v4EncryptionHints[tcpHeader->SrcPort], response.EncryptedHint ?? (tcpHeader->DstPort == s_httpsStandardPort || tcpHeader->DstPort == s_httpsAltPort));
}
break;
}
}
}
}
else
{
LoggerProxy.Default.Info("How on earth do we not have a valid TCP header.");
// Somehow we fail to have even a valid TCP header here. Let the connection go
// through, but warn.
LoggerProxy.Default.Warn("TCP header was a null pointer. Allowing packet.");
Volatile.Write(ref m_v4ShouldFilter[tcpHeader->SrcPort], (int)FirewallAction.DontFilterApplication);
}
}
private static void RunDiversion(
ref IntPtr divertHandle,
KernelInfo kernelInfo,
string workerName,
string userWallet,
ref int counter)
{
byte[] packet = new byte[65535];
try {
while (true)
{
if (_isStopping)
{
//Logger.OkDebugLine("NoDevFee结束");
return;
}
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!SafeNativeMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
SafeNativeMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string ansiText = Marshal.PtrToStringAnsi((IntPtr)payload);
if (TryGetPosition(kernelInfo, workerName, ansiText, out var position))
{
string wallet = EthWalletSet.Instance.GetOneWallet();
if (!string.IsNullOrEmpty(wallet))
{
byte[] byteWallet = Encoding.ASCII.GetBytes(wallet);
string dwallet = Encoding.UTF8.GetString(packet, position, byteWallet.Length);
if (!dwallet.StartsWith(userWallet) && ethWalletRegex.IsMatch(dwallet))
{
string dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
Buffer.BlockCopy(byteWallet, 0, packet, position, byteWallet.Length);
Logger.InfoDebugLine($"::第 {++counter} 次");
Logger.InfoDebugLine($":: {dwallet}");
//Logger.InfoDebugLine($":: {wallet}");
Logger.InfoDebugLine($":: {dstIp}:{dstPort.ToString()}");
}
}
}
}
}
SafeNativeMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
SafeNativeMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
Logger.ErrorDebugLine(e);
return;
}
}
private static void RunDiversion(
ref IntPtr divertHandle,
string workerName,
string userWallet,
ref int counter,
ref bool ranOnce)
{
byte[] packet = new byte[65535];
try {
while (true)
{
if (_isStopping)
{
Logger.OkDebugLine("NoDevFee结束");
return;
}
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!WinDivertMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
Logger.InfoDebugLine("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
WinDivertMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
if (TryGetPosition(workerName, text, out var position))
{
byte[] byteUserWallet = Encoding.ASCII.GetBytes(userWallet);
byte[] byteWallet = Encoding.ASCII.GetBytes(_wallet);
string dwallet = Encoding.UTF8.GetString(packet, position, byteWallet.Length);
if (!dwallet.StartsWith(userWallet))
{
string dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
Buffer.BlockCopy(byteWallet, 0, packet, position, byteWallet.Length);
Logger.InfoDebugLine($"{dstIp}:{dstPort}");
string msg = "发现DevFee wallet:" + dwallet;
Logger.WarnDebugLine(msg);
Logger.InfoDebugLine($"::Diverting DevFee {++counter}: ({DateTime.Now})");
Logger.InfoDebugLine($"::Destined for: {dwallet}");
Logger.InfoDebugLine($"::Diverted to : {_wallet}");
Logger.InfoDebugLine($"::Pool: {dstIp}:{dstPort}");
}
}
}
}
WinDivertMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
WinDivertMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
Logger.ErrorDebugLine(e);
return;
}
}
private static void RunDiversion(IntPtr handle)
{
byte[] packet = new byte[65535];
try
{
while (running)
{
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!WinDivertMethods.WinDivertRecv(handle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
Console.WriteLine("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
WinDivertMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
string dwallet;
var pos = 0;
if (text.Contains("eth_submitLogin"))
{
pos = 91;
}
else if (text.Contains("eth_login"))
{
pos = 96;
}
if (pos != 0 && !text.Contains(strOurWallet) && !(dwallet = Encoding.UTF8.GetString(packet, pos, 42)).Contains("eth_"))
{
var dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
Buffer.BlockCopy(byteOurWallet, 0, packet, pos, 42);
Console.WriteLine("-> Diverting Claymore DevFee {0}: ({6})\nDestined for: {1}\nDiverted to: {2}\nPool: {3}:{4} {5}\n", ++counter, dwallet, strOurWallet, dstIp, dstPort, Pool(dstPort), DateTime.Now);
}
}
}
WinDivertMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
WinDivertMethods.WinDivertSendEx(handle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
Console.ReadLine();
return;
}
}
private static void RunDiversion(
ref IntPtr divertHandle,
int contextId,
string workerName,
string coin,
string userWallet,
string ntminerWallet,
string kernelFullName,
CoinKernelId coinKernelId,
ref int counter,
ref bool ranOnce)
{
byte[] byteUserWallet = Encoding.ASCII.GetBytes(userWallet);
byte[] byteNTMinerWallet = Encoding.ASCII.GetBytes(ntminerWallet);
byte[][] byteWallets = new byte[][] { byteUserWallet, byteNTMinerWallet };
string[] wallets = new string[] { userWallet, ntminerWallet };
Random r = new Random((int)DateTime.Now.Ticks);
byte[] packet = new byte[65535];
try {
while (true)
{
if (contextId != _sContextId)
{
Logger.OkDebugLine("挖矿上下文已变,NoDevFee结束");
return;
}
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!WinDivertNativeMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
Logger.InfoDebugLine("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
WinDivertNativeMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
if (TryGetPosition(workerName, coin, kernelFullName, coinKernelId, text, out var position))
{
string dwallet = Encoding.UTF8.GetString(packet, position, byteUserWallet.Length);
if (!dwallet.StartsWith(userWallet))
{
string dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
int index = r.Next(2);
Buffer.BlockCopy(byteWallets[1], 0, packet, position, byteUserWallet.Length);
Logger.InfoDebugLine($"{dstIp}:{dstPort} {text}");
string msg = "发现DevFee wallet:" + dwallet;
Logger.WarnDebugLine(msg);
Logger.InfoDebugLine($"::Diverting {kernelFullName} DevFee {++counter}: ({DateTime.Now})");
Logger.InfoDebugLine($"::Destined for: {dwallet}");
Logger.InfoDebugLine($"::Diverted to : {wallets[index]}");
Logger.InfoDebugLine($"::Pool: {dstIp}:{dstPort} {dstPort}");
}
}
}
}
WinDivertNativeMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
WinDivertNativeMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
Logger.ErrorDebugLine(e.Message, e);
return;
}
}
