Пример #1
0
        private void frmMainClosed(object sender, EventArgs e)
        {
            Settings.LogOpened  = LogForm.Visible;
            Settings.ViewAsHex  = tsmiViewAsHex.Checked;
            Settings.AutoScroll = tsmiAutoScroll.Checked;
            Settings.SpliterDistanceTabsAndHex           = splitContainerTabsAndHex.SplitterDistance;
            Settings.SpliterDistanceFilterAndConversions = splitFilterAndConversions.SplitterDistance;

            if (WindowState == FormWindowState.Normal)
            {
                Settings.FormLocation = Location;
                Settings.FormSize     = Size;
                Settings.FormState    = FormWindowState.Normal;
            }
            else
            {
                Settings.FormState = WindowState;
            }

            Settings.CurrentTab = tabControlMain.SelectedIndex;
            Settings.CurrentCaptureFilterTab = tabControlCapturesAndFilters.SelectedIndex;
            if (FilterManager.GetNumberOfFiltersInList() > 0)
            {
                FilterManager.SaveTempFilterList();
            }
        }
Пример #2
0
 private void tsmiFilterListAddNew_Click(object sender, EventArgs e)
 {
     if (FilterManager.GetNumberOfFiltersInList() >= 40)
     {
         MessageBox.Show("Cannot create more than 40 filters.");
     }
     else
     {
         new FilterEditorForm();
     }
 }
Пример #3
0
        public FilterEditorForm(int editIndex = -1)
        {
            _filterIndex = editIndex;
            InitializeComponent();
            DrawDataGridViews();
            if (editIndex != -1)
            {
                FillDataGridViewWithFilter(FilterManager.GetFilterAtListIndex(_filterIndex));
            }

            Show();
        }
Пример #4
0
        public void LoadFilterItems()
        {
            lvFilters.Items.Clear();
            var filterList = FilterManager.GetFilterList();

            lvFilters.ItemCheck -= lvFilters_ItemCheck;
            foreach (var filter in filterList)
            {
                var item = lvFilters.Items.Add(filter.Name);
                item.Checked = filter.Active;
            }
            lvFilters.ItemCheck += lvFilters_ItemCheck;
        }
Пример #5
0
        private int _searchLastFound = -1; // Ultimo index del item encontrado

        public MainForm()
        {
            InitializeComponent();
            _captures = new List <CaptureRecord>();
            notifyIcon.ContextMenuStrip = trayMenuStrip;

            // Load settings
            if (!Settings.FormSize.IsEmpty)
            {
                StartPosition = FormStartPosition.Manual;
                Location      = Settings.FormLocation;
                Size          = Settings.FormSize;

                if (Settings.FormState == FormWindowState.Maximized)
                {
                    WindowState = FormWindowState.Maximized;
                }

                if (Settings.LogOpened)
                {
                    LogForm.Show();
                }

                Output.LogEnabled = Settings.LogEnabled;

                _isViewAsHexOn  = Settings.ViewAsHex;
                _isAutoScrollOn = Settings.AutoScroll;
                splitContainerTabsAndHex.SplitterDistance  = Settings.SpliterDistanceTabsAndHex;
                splitFilterAndConversions.SplitterDistance = Settings.SpliterDistanceFilterAndConversions;
            }

            InitListViews();

            Resize += OnResize;
            Closed += frmMainClosed;

            FilterManager.LoadTempFilterList();
            LoadFilterItems();
            LoadSendListItems();
            LoadHotKeys();
            UpdateControls();
        }
Пример #6
0
        public static void PacketReceived(PacketInfo packetInfo, ref byte[] data /*, ref ServerCommand serverResponse*/)
        {
            Packet.Directions direction;
            int ID;

            TotalSize += packetInfo.Size;

            switch (packetInfo.FunctionID)
            {
            case Functions.CODE_RECV:
            case Functions.CODE_RECVFROM:
            case Functions.CODE_WS2RECV:
            case Functions.CODE_WS2RECVFROM:
            case Functions.CODE_WSARECV:
            case Functions.CODE_WSARECVFROM:
            case Functions.CODE_PR_RECV:
            case Functions.CODE_PR_READ:
            case Functions.CODE_SSLDECRYPTPACKET:
            case Functions.CODE_DECRYPTMESSAGE:
            case Functions.CODE_SSL_READ:
                direction          = Packet.Directions.In;
                TotalSizeReceived += packetInfo.Size;
                break;

            case Functions.CODE_SEND:
            case Functions.CODE_SENDTO:
            case Functions.CODE_WS2SEND:
            case Functions.CODE_WS2SENDTO:
            case Functions.CODE_WSASEND:
            case Functions.CODE_WSASENDTO:
            case Functions.CODE_PR_SEND:
            case Functions.CODE_PR_WRITE:
            case Functions.CODE_SSLENCRYPTPACKET:
            case Functions.CODE_ENCRYPTMESSAGE:
            case Functions.CODE_SSL_WRITE:
                direction      = Packet.Directions.Out;
                TotalSizeSent += packetInfo.Size;
                break;

            default:
                throw new IndexOutOfRangeException();
            }

            var functionFlag = FilterManager.GetFilterActionFlagForFunction(packetInfo.FunctionID);

            // If a matching breakpoint type filter is active, we open a new window to edit the data
            if (IsFilteringActived && FilterManager.CheckPacketBreak(data, packetInfo.Size, functionFlag))
            {
                var pckt           = new Packet(packetInfo.FunctionID, packetInfo.SocketId, packetInfo.LocalIp, packetInfo.LocalPort, packetInfo.RemoteIp, packetInfo.RemotePort, data, direction);
                var showPacketForm = new ShowPacketForm(0, pckt, true);
                showPacketForm.ShowDialog();
                if (showPacketForm.DialogResult == System.Windows.Forms.DialogResult.OK)
                {
                    data            = showPacketForm.NewPacketData;
                    packetInfo.Size = showPacketForm.NewPacketSize;
                }
                // Send the new data to the DLL
                DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_SETPACKET, data, packetInfo.Size);
            }

            if (!IsCaptureEnabled) // Capture disabled, return
            {
                return;
            }

            // Don't log Functions, Ips, or Ports that are not activated in the program's settings menu
            if (!LogFunctions.HasFlag(FilterManager.GetFilterActionFlagForFunction(packetInfo.FunctionID)))
            {
                return;
            }
            if ((Settings.LocalIpChecked && packetInfo.LocalIp != (uint)Settings.LocalIp) ||
                (Settings.LocalPortChecked && packetInfo.LocalPort != Settings.LocalPort) ||
                (Settings.RemoteIpChecked && packetInfo.RemoteIp != (uint)Settings.RemoteIp) ||
                (Settings.RemotePortChecked && packetInfo.RemotePort != Settings.RemotePort))
            {
                return;
            }


            IsModifiedList = true;
            var packet = new Packet(packetInfo.FunctionID, packetInfo.SocketId, packetInfo.LocalIp, packetInfo.LocalPort, packetInfo.RemoteIp, packetInfo.RemotePort, data, direction);

            lock (LockingVar)
            {
                ID = PacketList.Count;
                PacketList.Add(packet);
                Program.mainForm.AddPacket(packet);
            }

            if (IsFilteringActived && FilterManager.CheckPacketWatch(data, packetInfo.Size, functionFlag))
            {
                Watch.Add(ID);
            }
            // Don't log ignored packets
            if (IsFilteringActived && FilterManager.CheckPacketIgnore(data, packetInfo.Size, functionFlag))
            {
                return;
            }

            Both.Add(ID);

            switch (direction)
            {
            case Packet.Directions.In:
                Received.Add(ID);
                break;

            case Packet.Directions.Out:
                Sent.Add(ID);
                break;
            }

            SmartRefresh();
        }
Пример #7
0
        public static void WriteCommandToCmdMMF(ServerCodes sc, byte[] data = null, UInt16 newLength = 0, ushort socketId = 0)
        {
            int mmfWriteTimeout = 1000;

            byte[] writtenData;

            if (sc == ServerCodes.SCODE_INJECTPACKET)
            {
                /*
                 |   ServerCode   |  SocketID   |   newLength     |                   Packet                  |
                 |    1-byte      |   2-bytes   |    2-bytes      |---------------     data      -------------|
                 |------------------------------------    writtenData   --------------------------------------|
                 */
                writtenData    = new byte[1 + 2 + 2 + newLength];
                writtenData[0] = (byte)sc;
                Array.Copy(FilterManager.StructToBytes(socketId), 0, writtenData, 1, 2);
                Array.Copy(FilterManager.StructToBytes(newLength), 0, writtenData, 3, 2);
                Array.Copy(data, 0, writtenData, 5, newLength);
            }
            else if (sc == ServerCodes.SCODE_STARTFILTERING)
            {
                /*
                 |   ServerCode   |  FilterCount   |             Filter Data                     |
                 |    1-byte      |   1-byte       |-----------------Data------------------------|
                 |------------------------   writtenData  ---------------------------------------|
                 */
                writtenData    = new byte[FilterManager.FILTERINBYTESSIZE * FilterManager.GetActiveFilterCount() + 2]; // Minimo:  SizeOf(Filter) * cantActivos + 2
                writtenData[0] = (byte)sc;
                writtenData[1] = (byte)FilterManager.GetActiveFilterCount();
                byte[] bytes = FilterManager.ConvertFilterListToBytes();
                Array.Copy(bytes, 0, writtenData, 2, FilterManager.FILTERINBYTESSIZE * FilterManager.GetActiveFilterCount());
            }
            else if (sc == ServerCodes.SCODE_SETPACKET)
            {
                /*
                 |   ServerCode   |  newLength    |             Packet Data                          |
                 |    1-byte      |   2-bytes     |-----------------Data-----------------------------|
                 |-------------------------------------   writtenData    ----------------------------|
                 */
                writtenData    = new byte[1 + 2 + newLength];
                writtenData[0] = (byte)sc;
                Array.Copy(FilterManager.StructToBytes(newLength), 0, writtenData, 1, 2);
                Array.Copy(data, 0, writtenData, 3, newLength);
            }
            else if (sc == ServerCodes.SCODE_LOADDLLEX)
            {
                /*
                 |   ServerCode   |           fileName string        |
                 |    1-byte      |----------  string.Length --------|
                 |-------------------   writtenData    --------------|
                 */
                writtenData    = new byte[1 + Settings.DLLEx.Length];
                writtenData[0] = (byte)sc;
                Array.Copy(Encoding.ASCII.GetBytes(Settings.DLLEx), 0, writtenData, 1, Settings.DLLEx.Length);
            }
            else if (sc == ServerCodes.SCODE_STARTCAPTURE ||
                     sc == ServerCodes.SCODE_STOPCAPTURE ||
                     sc == ServerCodes.SCODE_STOPFILTERING ||
                     sc == ServerCodes.SCODE_UNLOADDLLEX)
            {
                writtenData    = new byte[1];
                writtenData[0] = (byte)sc;
            }
            else
            {
                throw new NotImplementedException("ServerCode " + (int)sc + " NOT IMPLEMENTED");
            }

            // Spawneamos un thread que puede esperar el mmfWriteTimeout para escribir el comando
            //int threadCount = 0;

            //int myThreadIndex = Interlocked.Increment(ref threadCount);

            if (CheckMMFileExists(_cmdMmfName))
            {
                cmdMMF = new SharedMemory.CircularBuffer(_cmdMmfName);
            }
            else
            {
                System.Windows.Forms.MessageBox.Show("ERROR, MMF does not exists!"); // No esta el archivo
                return;
            }

            //The number of milliseconds to wait, or Timeout.Infinite (-1) to wait indefinitely.
            int amount = cmdMMF.Write(writtenData, 0, mmfWriteTimeout);

            if (amount == 0)
            {
                throw new Exception("Write 0 bytes to command MMF!");
            }

            //Output.outString("Write data: {0}", BitConverter.ToString(writtenData));
        }
Пример #8
0
 private void tsmiFilterListSaveAs_Click(object sender, EventArgs e)
 {
     FilterManager.SaveFilterList();
 }
Пример #9
0
 private void tsmiFilterListLoad_Click(object sender, EventArgs e)
 {
     FilterManager.LoadFilterList();
     LoadFilterItems();
 }
Пример #10
0
 private void tsmiFilterListDelete_Click(object sender, EventArgs e)
 {
     FilterManager.DeleteFilter(lvFilters.SelectedIndices[0]);
     lvFilters.Items.RemoveAt(lvFilters.SelectedIndices[0]);
 }
Пример #11
0
 private void lvFilters_ItemCheck(object sender, ItemCheckEventArgs e)
 {
     lastClickTime = DateTime.MinValue;
     FilterManager.SetFilterActive(e.Index, e.NewValue == CheckState.Checked);
 }
Пример #12
0
 private void ActionClearFilterList()
 {
     FilterManager.ClearFilterList();
     LoadFilterItems();
 }
Пример #13
0
        private void btnApply_Click(object sender, EventArgs e)
        {
            var         searches   = new Dictionary <int, byte>();
            var         replaces   = new Dictionary <int, byte>();
            FilterModes filterMode = FilterModes.SearchAndReplaceFromBegin;
            Byte        result;

            for (var i = 0; i < 501; i++)
            {
                if (dataGridViewSearch[i, 0].Value != null && Byte.TryParse(dataGridViewSearch[i, 0].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
                {
                    searches.Add(i, result);
                }
            }

            if ((radioButton2.Checked || radioButton3.Checked) && (searches.Count == 0 || !searches.ContainsKey(0)))
            {
                MessageBox.Show(@"The chain to search must start at the offset 0");
                return;
            }

            if (radioButton1.Checked)
            {
                filterMode = FilterModes.SearchAndReplaceFromBegin;
                for (var i = 0; i < 501; i++)
                {
                    if (dataGridViewSearch[i, 1].Value != null && Byte.TryParse(dataGridViewSearch[i, 1].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
                    {
                        replaces.Add(i, result);
                    }
                }
            }
            else if (radioButton2.Checked)
            {
                filterMode = FilterModes.SearchOcurrenceReplaceFromBegin;
                for (var i = 0; i < 501; i++)
                {
                    if (dataGridViewReplace[i, 0].Value != null && Byte.TryParse(dataGridViewReplace[i, 0].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
                    {
                        replaces.Add(i, result);
                    }
                }
            }
            else if (radioButton3.Checked)
            {
                filterMode = FilterModes.SearchOcurrenceReplaceFromPosition;
                for (var i = 0; i < 501; i++)
                {
                    if (dataGridViewReplace2[i, 0].Value != null && Byte.TryParse(dataGridViewReplace2[i, 0].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
                    {
                        replaces.Add(i, result);
                    }
                }
            }

            FilterCaptureFuncs functions = BuildFunctionsBitMask();
            FilterActions      actions   = BuildActionsBitMask();
            uint packetLengthMin         = 0;
            uint packetLengthMax         = 0;

            if (chkPackeLength.Checked)
            {
                packetLengthMin = (uint)nudPacketLengthMin.Value;
                packetLengthMax = (uint)nudPacketLengthMax.Value;
            }

            string name = txtFilterName.Text;

            if (name == "" && _filterIndex == -1)
            {
                name = "Filter " + (FilterManager.GetNumberOfFiltersInList() + 1).ToString("D2");
            }

            if (_filterIndex == -1)
            {
                FilterManager.NewFilter(chkActive.Checked, filterMode, functions, actions, name, packetLengthMin, packetLengthMax, (uint)nudNumTimesApply.Value, searches, replaces);
            }
            else
            {
                FilterManager.EditFilter(_filterIndex, chkActive.Checked, filterMode, functions, actions, name, packetLengthMin, packetLengthMax, (uint)nudNumTimesApply.Value, searches, replaces);
            }

            Program.mainForm.LoadFilterItems();
            Program.mainForm.ActionStartStopFiltering(false);
            Close();
        }