public static void OnConnectCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo)
{
/*
* struct sockaddr {
* ushort sa_family;
* char sa_data[14];
* };
*/
INktParamsEnum pms = hookCallInfo.Params();
INktParam p;
p = pms.GetAt(1); //get the second param (const struct sockaddr *name)
if (p.IsNullPointer == false)
{
INktParam pC;
ushort sa_family;
//if not null, analyze it
p = p.Evaluate(); //now p becomes the struct itself not anymore a pointer to
pC = p.Field(0);
sa_family = pC.get_UShortValAt(0);
try
{
pC = p.Field(1);
byte[] bytes_port = new byte[] { pC.get_ByteValAt(0), pC.get_ByteValAt(1) };
ushort port = PortToUShort(bytes_port);
Console.WriteLine("Port: {0}", port);
byte[] ip = new byte[] { pC.get_ByteValAt(2), pC.get_ByteValAt(3), pC.get_ByteValAt(4), pC.get_ByteValAt(5) };
string detected_ip = IPtoString(ip);
Console.WriteLine("IP: {0}", detected_ip);
if (bind_ip == "0.0.0.0" || bind_ip == "*" || IPtoString(ip) == bind_ip) // Match rule IP
{
if (bind_port == 0 || bind_port == port) // Match rule Port
{
byte[] target_ip = StringtoIP(forward_ip);
pC.set_ByteValAt(2, target_ip[0]);
pC.set_ByteValAt(3, target_ip[1]);
pC.set_ByteValAt(4, target_ip[2]);
pC.set_ByteValAt(5, target_ip[3]);
if (forward_port != 0)
{
byte[] forward_port_change = UShorttoPort(forward_port);
pC.set_ByteValAt(0, forward_port_change[0]);
pC.set_ByteValAt(1, forward_port_change[1]);
}
Console.WriteLine("Redirect From {0}:{1} to {1}", detected_ip, (bind_port == 0)?'*':bind_port, forward_ip, (forward_port == 0)?'*':forward_port);
}
}
}
catch (Exception e)
{
Console.WriteLine("Error {0}", e);
throw e;
}
}
}
private void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo)
{
string strDocument = "Document: ";
INktParamsEnum paramsEnum = hookCallInfo.Params();
INktParam param = paramsEnum.First();
param = paramsEnum.Next();
param = paramsEnum.Next();
if (param.PointerVal != IntPtr.Zero)
{
INktParamsEnum paramsEnumStruct = param.Evaluate().Fields();
INktParam paramStruct = paramsEnumStruct.First();
strDocument += paramStruct.ReadString();
strDocument += "\n";
}
Output(strDocument);
}
/// <summary>
/// WriteFile调用事件处理函数
/// </summary>
/// <param name="hook"></param>
/// <param name="process"></param>
/// <param name="hookCallInfo"></param>
private void OnWriteFileCalled(NktHook hook, NktProcess process, NktHookCallInfo hookCallInfo)
{
string strDocument = "Document: ";
INktParamsEnum paramsEnum = hookCallInfo.Params();
INktParam hFile = paramsEnum.First();
//paramsEnum.Next();
//paramsEnum.Next();
//paramsEnum.Next();
//paramsEnum.Next();
INktParam lpBuffer = paramsEnum.Next();
INktParam nNumberOfBytesToWrite = paramsEnum.Next();
#region 着官方示例写的 毛用没有
if (hFile.PointerVal != IntPtr.Zero)
{
INktParamsEnum hFileEnumStruct = hFile.Evaluate().Fields();
INktParam hFileStruct = hFileEnumStruct.First();
}
Console.Out.WriteLine(lpBuffer.ReadString());
Console.Out.WriteLine(lpBuffer.Address);
if (lpBuffer.PointerVal != IntPtr.Zero)
{
strDocument += lpBuffer.ReadString();
strDocument += "\n";
}
Output(strDocument);
#endregion
var h_file = QueryFileHandle(hFile.Address);
ReadBuffer(lpBuffer.Address, nNumberOfBytesToWrite.Address);
}
