private static void RunDiversion(IntPtr handle, ref bool ranOnce, ref string poolIp, ref bool running)
{
byte[] packet = new byte[65535];
try {
while (running)
{
uint readLength = 0;
WINDIVERT_IPHDR * ipv4Header = null;
WINDIVERT_TCPHDR *tcpHdr = null;
WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS();
if (!WinDivertNativeMethods.WinDivertRecv(handle, packet, (uint)packet.Length, ref addr, ref readLength))
{
continue;
}
if (!ranOnce && readLength > 1)
{
ranOnce = true;
Console.WriteLine("Diversion running..");
}
fixed(byte *inBuf = packet)
{
byte *payload = null;
WinDivertNativeMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null);
if (ipv4Header != null && tcpHdr != null && payload != null)
{
string text = Marshal.PtrToStringAnsi((IntPtr)payload);
string dstIp = ipv4Header->DstAddr.ToString();
var dstPort = tcpHdr->DstPort;
string arrow = $"->{dstIp}:{dstPort}";
if (dstIp == poolIp)
{
arrow = $"{dstIp}:{dstPort}<-";
Console.WriteLine($"<-<-<-<-<-<-<-<-<-<-<-<-<-{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss fff")}<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-");
}
else
{
Console.WriteLine($"->->->->->->->->->->->->->{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss fff")}->->->->->->->->->->->->->->->");
}
Console.WriteLine(arrow + text);
Console.WriteLine();
Console.WriteLine();
}
}
WinDivertNativeMethods.WinDivertHelperCalcChecksums(packet, readLength, 0);
WinDivertNativeMethods.WinDivertSendEx(handle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero);
}
}
catch (Exception e) {
Console.WriteLine(e.ToString());
Console.WriteLine("按任意键退出");
Console.ReadKey();
return;
}
}
private static void Main(string[] args)
{
Console.CancelKeyPress += delegate { s_running = false; };
if (args.Length >= 1)
{
s_poolIp = args[0];
}
else
{
Console.WriteLine("ERROR: No poolIp argument was found.");
Console.WriteLine("按任意键退出");
Console.ReadKey();
return;
}
if (args.Length >= 2)
{
Console.Title = args[1] + "开始时间:" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss fff");
}
else
{
Console.Title = "开始时间:" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss fff");
}
WinDivertExtract.Extract();
string filter = $"ip && (ip.DstAddr = {s_poolIp} || ip.SrcAddr = {s_poolIp}) && tcp && tcp.PayloadLength > 100";
Console.WriteLine(filter);
var divertHandle = WinDivertNativeMethods.WinDivertOpen(filter, WINDIVERT_LAYER.WINDIVERT_LAYER_NETWORK, 0, 0);
try {
if (divertHandle != IntPtr.Zero)
{
Parallel.ForEach(Enumerable.Range(0, Environment.ProcessorCount), x => RunDiversion(divertHandle, ref s_ranOnce, ref s_poolIp, ref s_running));
}
}
catch (Exception e) {
Console.WriteLine(e.Message, e.StackTrace);
}
finally {
WinDivertNativeMethods.WinDivertClose(divertHandle);
}
}
