private bool ProcessWSARecv(FunctionWrapper f)
{
Core.ProcessFunctions.WSArecv fWSArecv = new Core.ProcessFunctions.WSArecv(f);
byte[] buffer = fWSArecv.GetBuffer();
// Esto ocurre cuando la funcion devuelve -1 bytes leidos. Cuando no quedan mas datos que leer.
// O cuando la primera estructura de wsabuff tiene una longitud de 0 bytes (aunque la segunda tenga datos, se omiten, forwardeando el paquete)
if (buffer == null || buffer.Length == 0)
{
lbFunction.Invoke(new MethodInvoker(delegate
{
lbFunction.Text = "";
}));
// Hacemos forward de la función y aceptamos nuevas
f.status = FunctionWrapper.Status.Forwarded;
//Program.data.AceptingNewFunctions = true;
return(false);
}
DynamicFileByteProvider dynamicFileByteProvider;
mStream = new MemoryStream();
mStream.Write(buffer, 0, buffer.Length);
mStream.Seek(0, SeekOrigin.Begin);
dynamicFileByteProvider = new DynamicFileByteProvider(mStream);
hexBox.Invoke(new MethodInvoker(delegate
{
hexBox.ByteProvider = dynamicFileByteProvider;
}));
Search(0);
return(true);
}
/// <summary>
/// Se encarga de forwardear una funcion cuando no se está interceptando. Tambien aplica los filtros de match and replace
/// </summary>
private void AutoForwardFunction()
{
/* Prepares the function to apply 'matchs and replaces' */
if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Send".ToLower())
{
Core.ProcessFunctions.send s = new Core.ProcessFunctions.send(Program.data.currentFunction);
byte[] sendBuffer = s.GetBuffer();
if (sendBuffer != null && sendBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.send.PrepareFunction(Program.data.currentFunction, sendBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Recv".ToLower())
{
Core.ProcessFunctions.recv r = new Core.ProcessFunctions.recv(Program.data.currentFunction);
byte[] recvBuffer = r.GetBuffer();
if (recvBuffer != null && recvBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!SendTo".ToLower())
{
Core.ProcessFunctions.sendto st = new Core.ProcessFunctions.sendto(Program.data.currentFunction);
byte[] sendToBuffer = st.GetBuffer();
if (sendToBuffer != null && sendToBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, sendToBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!RecvFrom".ToLower())
{
Core.ProcessFunctions.recvfrom rf = new Core.ProcessFunctions.recvfrom(Program.data.currentFunction);
byte[] recvFromBuffer = rf.GetBuffer();
if (recvFromBuffer != null && recvFromBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvFromBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASend".ToLower())
{
Core.ProcessFunctions.WSAsend wsas = new Core.ProcessFunctions.WSAsend(Program.data.currentFunction);
byte[] wsasBuffer = wsas.GetBuffer();
if (wsasBuffer != null && wsasBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.WSAsend.PrepareFunction(Program.data.currentFunction, wsasBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASendTo".ToLower())
{
Core.ProcessFunctions.WSAsendto wsast = new Core.ProcessFunctions.WSAsendto(Program.data.currentFunction);
byte[] wsasendToBuffer = wsast.GetBuffer();
if (wsasendToBuffer != null && wsasendToBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, wsasendToBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecv".ToLower())
{
Core.ProcessFunctions.WSArecv wsar = new Core.ProcessFunctions.WSArecv(Program.data.currentFunction);
byte[] wsarBuffer = wsar.GetBuffer();
if (wsarBuffer != null && wsarBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, wsarBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!EncryptMessage".ToLower())
{
Core.ProcessFunctions.EncryptMessage encMessage = new Core.ProcessFunctions.EncryptMessage(Program.data.currentFunction);
byte[] encMessageBuffer = encMessage.GetBuffer();
if (encMessageBuffer != null && encMessageBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, encMessageBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!DecryptMessage".ToLower())
{
Core.ProcessFunctions.DecryptMessage decMessage = new Core.ProcessFunctions.DecryptMessage(Program.data.currentFunction);
byte[] decMessageBuffer = decMessage.GetBuffer();
if (decMessageBuffer != null && decMessageBuffer.Length > 0)
{
Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, decMessageBuffer);
}
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecvFrom".ToLower())
{
throw new Exception("not implemented");
}
else
{
throw new Exception("Unknow handler");
}
Program.data.currentFunction.status = wrappers.FunctionWrapper.Status.Forwarded;
//Program.data.AceptingNewFunctions = true;
}
/// <summary>
/// Se encarga de forwardear una funcion cuando no se está interceptando. Tambien aplica los filtros de match and replace
/// </summary>
private void AutoForwardFunction()
{
/* Prepares the function to apply 'matchs and replaces' */
if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Send".ToLower())
{
Core.ProcessFunctions.send s = new Core.ProcessFunctions.send(Program.data.currentFunction);
byte[] sendBuffer = s.GetBuffer();
if (sendBuffer != null && sendBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.send.PrepareFunction(Program.data.currentFunction, sendBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Recv".ToLower())
{
Core.ProcessFunctions.recv r = new Core.ProcessFunctions.recv(Program.data.currentFunction);
byte[] recvBuffer = r.GetBuffer();
if (recvBuffer != null && recvBuffer.Length>0)
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!SendTo".ToLower())
{
Core.ProcessFunctions.sendto st = new Core.ProcessFunctions.sendto(Program.data.currentFunction);
byte[] sendToBuffer = st.GetBuffer();
if (sendToBuffer != null && sendToBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, sendToBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!RecvFrom".ToLower())
{
Core.ProcessFunctions.recvfrom rf = new Core.ProcessFunctions.recvfrom(Program.data.currentFunction);
byte[] recvFromBuffer = rf.GetBuffer();
if (recvFromBuffer != null && recvFromBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvFromBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASend".ToLower())
{
Core.ProcessFunctions.WSAsend wsas = new Core.ProcessFunctions.WSAsend(Program.data.currentFunction);
byte[] wsasBuffer = wsas.GetBuffer();
if (wsasBuffer != null && wsasBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.WSAsend.PrepareFunction(Program.data.currentFunction, wsasBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASendTo".ToLower())
throw new Exception("not implemented");
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecv".ToLower())
{
Core.ProcessFunctions.WSArecv wsar = new Core.ProcessFunctions.WSArecv(Program.data.currentFunction);
byte[] wsarBuffer = wsar.GetBuffer();
if (wsarBuffer != null && wsarBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, wsarBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!EncryptMessage".ToLower())
{
Core.ProcessFunctions.EncryptMessage encMessage = new Core.ProcessFunctions.EncryptMessage(Program.data.currentFunction);
byte[] encMessageBuffer = encMessage.GetBuffer();
if (encMessageBuffer != null && encMessageBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, encMessageBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!DecryptMessage".ToLower())
{
Core.ProcessFunctions.DecryptMessage decMessage = new Core.ProcessFunctions.DecryptMessage(Program.data.currentFunction);
byte[] decMessageBuffer = decMessage.GetBuffer();
if (decMessageBuffer != null && decMessageBuffer.Length > 0)
Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, decMessageBuffer);
}
else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecvFrom".ToLower())
throw new Exception("not implemented");
else
throw new Exception("Unknow handler");
Program.data.currentFunction.status = wrappers.FunctionWrapper.Status.Forwarded;
//Program.data.AceptingNewFunctions = true;
}
private bool ProcessWSARecv(FunctionWrapper f)
{
Core.ProcessFunctions.WSArecv fWSArecv = new Core.ProcessFunctions.WSArecv(f);
byte[] buffer = fWSArecv.GetBuffer();
// Esto ocurre cuando la funcion devuelve -1 bytes leidos. Cuando no quedan mas datos que leer.
// O cuando la primera estructura de wsabuff tiene una longitud de 0 bytes (aunque la segunda tenga datos, se omiten, forwardeando el paquete)
if (buffer == null || buffer.Length == 0)
{
lbFunction.Invoke(new MethodInvoker(delegate
{
lbFunction.Text = "";
}));
// Hacemos forward de la función y aceptamos nuevas
f.status = FunctionWrapper.Status.Forwarded;
//Program.data.AceptingNewFunctions = true;
return false;
}
DynamicFileByteProvider dynamicFileByteProvider;
mStream = new MemoryStream();
mStream.Write(buffer, 0, buffer.Length);
mStream.Seek(0, SeekOrigin.Begin);
dynamicFileByteProvider = new DynamicFileByteProvider(mStream);
hexBox.Invoke(new MethodInvoker(delegate
{
hexBox.ByteProvider = dynamicFileByteProvider;
}));
Search(0);
return true;
}