private void frmMainClosed(object sender, EventArgs e)
{
Settings.LogOpened = LogForm.Visible;
Settings.ViewAsHex = tsmiViewAsHex.Checked;
Settings.AutoScroll = tsmiAutoScroll.Checked;
Settings.SpliterDistanceTabsAndHex = splitContainerTabsAndHex.SplitterDistance;
Settings.SpliterDistanceFilterAndConversions = splitFilterAndConversions.SplitterDistance;
if (WindowState == FormWindowState.Normal)
{
Settings.FormLocation = Location;
Settings.FormSize = Size;
Settings.FormState = FormWindowState.Normal;
}
else
{
Settings.FormState = WindowState;
}
Settings.CurrentTab = tabControlMain.SelectedIndex;
Settings.CurrentCaptureFilterTab = tabControlCapturesAndFilters.SelectedIndex;
if (FilterManager.GetNumberOfFiltersInList() > 0)
{
FilterManager.SaveTempFilterList();
}
}
private void tsmiFilterListAddNew_Click(object sender, EventArgs e)
{
if (FilterManager.GetNumberOfFiltersInList() >= 40)
{
MessageBox.Show("Cannot create more than 40 filters.");
}
else
{
new FilterEditorForm();
}
}
public FilterEditorForm(int editIndex = -1)
{
_filterIndex = editIndex;
InitializeComponent();
DrawDataGridViews();
if (editIndex != -1)
{
FillDataGridViewWithFilter(FilterManager.GetFilterAtListIndex(_filterIndex));
}
Show();
}
public void LoadFilterItems()
{
lvFilters.Items.Clear();
var filterList = FilterManager.GetFilterList();
lvFilters.ItemCheck -= lvFilters_ItemCheck;
foreach (var filter in filterList)
{
var item = lvFilters.Items.Add(filter.Name);
item.Checked = filter.Active;
}
lvFilters.ItemCheck += lvFilters_ItemCheck;
}
private int _searchLastFound = -1; // Ultimo index del item encontrado
public MainForm()
{
InitializeComponent();
_captures = new List <CaptureRecord>();
notifyIcon.ContextMenuStrip = trayMenuStrip;
// Load settings
if (!Settings.FormSize.IsEmpty)
{
StartPosition = FormStartPosition.Manual;
Location = Settings.FormLocation;
Size = Settings.FormSize;
if (Settings.FormState == FormWindowState.Maximized)
{
WindowState = FormWindowState.Maximized;
}
if (Settings.LogOpened)
{
LogForm.Show();
}
Output.LogEnabled = Settings.LogEnabled;
_isViewAsHexOn = Settings.ViewAsHex;
_isAutoScrollOn = Settings.AutoScroll;
splitContainerTabsAndHex.SplitterDistance = Settings.SpliterDistanceTabsAndHex;
splitFilterAndConversions.SplitterDistance = Settings.SpliterDistanceFilterAndConversions;
}
InitListViews();
Resize += OnResize;
Closed += frmMainClosed;
FilterManager.LoadTempFilterList();
LoadFilterItems();
LoadSendListItems();
LoadHotKeys();
UpdateControls();
}
public static void PacketReceived(PacketInfo packetInfo, ref byte[] data /*, ref ServerCommand serverResponse*/)
{
Packet.Directions direction;
int ID;
TotalSize += packetInfo.Size;
switch (packetInfo.FunctionID)
{
case Functions.CODE_RECV:
case Functions.CODE_RECVFROM:
case Functions.CODE_WS2RECV:
case Functions.CODE_WS2RECVFROM:
case Functions.CODE_WSARECV:
case Functions.CODE_WSARECVFROM:
case Functions.CODE_PR_RECV:
case Functions.CODE_PR_READ:
case Functions.CODE_SSLDECRYPTPACKET:
case Functions.CODE_DECRYPTMESSAGE:
case Functions.CODE_SSL_READ:
direction = Packet.Directions.In;
TotalSizeReceived += packetInfo.Size;
break;
case Functions.CODE_SEND:
case Functions.CODE_SENDTO:
case Functions.CODE_WS2SEND:
case Functions.CODE_WS2SENDTO:
case Functions.CODE_WSASEND:
case Functions.CODE_WSASENDTO:
case Functions.CODE_PR_SEND:
case Functions.CODE_PR_WRITE:
case Functions.CODE_SSLENCRYPTPACKET:
case Functions.CODE_ENCRYPTMESSAGE:
case Functions.CODE_SSL_WRITE:
direction = Packet.Directions.Out;
TotalSizeSent += packetInfo.Size;
break;
default:
throw new IndexOutOfRangeException();
}
var functionFlag = FilterManager.GetFilterActionFlagForFunction(packetInfo.FunctionID);
// If a matching breakpoint type filter is active, we open a new window to edit the data
if (IsFilteringActived && FilterManager.CheckPacketBreak(data, packetInfo.Size, functionFlag))
{
var pckt = new Packet(packetInfo.FunctionID, packetInfo.SocketId, packetInfo.LocalIp, packetInfo.LocalPort, packetInfo.RemoteIp, packetInfo.RemotePort, data, direction);
var showPacketForm = new ShowPacketForm(0, pckt, true);
showPacketForm.ShowDialog();
if (showPacketForm.DialogResult == System.Windows.Forms.DialogResult.OK)
{
data = showPacketForm.NewPacketData;
packetInfo.Size = showPacketForm.NewPacketSize;
}
// Send the new data to the DLL
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_SETPACKET, data, packetInfo.Size);
}
if (!IsCaptureEnabled) // Capture disabled, return
{
return;
}
// Don't log Functions, Ips, or Ports that are not activated in the program's settings menu
if (!LogFunctions.HasFlag(FilterManager.GetFilterActionFlagForFunction(packetInfo.FunctionID)))
{
return;
}
if ((Settings.LocalIpChecked && packetInfo.LocalIp != (uint)Settings.LocalIp) ||
(Settings.LocalPortChecked && packetInfo.LocalPort != Settings.LocalPort) ||
(Settings.RemoteIpChecked && packetInfo.RemoteIp != (uint)Settings.RemoteIp) ||
(Settings.RemotePortChecked && packetInfo.RemotePort != Settings.RemotePort))
{
return;
}
IsModifiedList = true;
var packet = new Packet(packetInfo.FunctionID, packetInfo.SocketId, packetInfo.LocalIp, packetInfo.LocalPort, packetInfo.RemoteIp, packetInfo.RemotePort, data, direction);
lock (LockingVar)
{
ID = PacketList.Count;
PacketList.Add(packet);
Program.mainForm.AddPacket(packet);
}
if (IsFilteringActived && FilterManager.CheckPacketWatch(data, packetInfo.Size, functionFlag))
{
Watch.Add(ID);
}
// Don't log ignored packets
if (IsFilteringActived && FilterManager.CheckPacketIgnore(data, packetInfo.Size, functionFlag))
{
return;
}
Both.Add(ID);
switch (direction)
{
case Packet.Directions.In:
Received.Add(ID);
break;
case Packet.Directions.Out:
Sent.Add(ID);
break;
}
SmartRefresh();
}
public static void WriteCommandToCmdMMF(ServerCodes sc, byte[] data = null, UInt16 newLength = 0, ushort socketId = 0)
{
int mmfWriteTimeout = 1000;
byte[] writtenData;
if (sc == ServerCodes.SCODE_INJECTPACKET)
{
/*
| ServerCode | SocketID | newLength | Packet |
| 1-byte | 2-bytes | 2-bytes |--------------- data -------------|
|------------------------------------ writtenData --------------------------------------|
*/
writtenData = new byte[1 + 2 + 2 + newLength];
writtenData[0] = (byte)sc;
Array.Copy(FilterManager.StructToBytes(socketId), 0, writtenData, 1, 2);
Array.Copy(FilterManager.StructToBytes(newLength), 0, writtenData, 3, 2);
Array.Copy(data, 0, writtenData, 5, newLength);
}
else if (sc == ServerCodes.SCODE_STARTFILTERING)
{
/*
| ServerCode | FilterCount | Filter Data |
| 1-byte | 1-byte |-----------------Data------------------------|
|------------------------ writtenData ---------------------------------------|
*/
writtenData = new byte[FilterManager.FILTERINBYTESSIZE * FilterManager.GetActiveFilterCount() + 2]; // Minimo: SizeOf(Filter) * cantActivos + 2
writtenData[0] = (byte)sc;
writtenData[1] = (byte)FilterManager.GetActiveFilterCount();
byte[] bytes = FilterManager.ConvertFilterListToBytes();
Array.Copy(bytes, 0, writtenData, 2, FilterManager.FILTERINBYTESSIZE * FilterManager.GetActiveFilterCount());
}
else if (sc == ServerCodes.SCODE_SETPACKET)
{
/*
| ServerCode | newLength | Packet Data |
| 1-byte | 2-bytes |-----------------Data-----------------------------|
|------------------------------------- writtenData ----------------------------|
*/
writtenData = new byte[1 + 2 + newLength];
writtenData[0] = (byte)sc;
Array.Copy(FilterManager.StructToBytes(newLength), 0, writtenData, 1, 2);
Array.Copy(data, 0, writtenData, 3, newLength);
}
else if (sc == ServerCodes.SCODE_LOADDLLEX)
{
/*
| ServerCode | fileName string |
| 1-byte |---------- string.Length --------|
|------------------- writtenData --------------|
*/
writtenData = new byte[1 + Settings.DLLEx.Length];
writtenData[0] = (byte)sc;
Array.Copy(Encoding.ASCII.GetBytes(Settings.DLLEx), 0, writtenData, 1, Settings.DLLEx.Length);
}
else if (sc == ServerCodes.SCODE_STARTCAPTURE ||
sc == ServerCodes.SCODE_STOPCAPTURE ||
sc == ServerCodes.SCODE_STOPFILTERING ||
sc == ServerCodes.SCODE_UNLOADDLLEX)
{
writtenData = new byte[1];
writtenData[0] = (byte)sc;
}
else
{
throw new NotImplementedException("ServerCode " + (int)sc + " NOT IMPLEMENTED");
}
// Spawneamos un thread que puede esperar el mmfWriteTimeout para escribir el comando
//int threadCount = 0;
//int myThreadIndex = Interlocked.Increment(ref threadCount);
if (CheckMMFileExists(_cmdMmfName))
{
cmdMMF = new SharedMemory.CircularBuffer(_cmdMmfName);
}
else
{
System.Windows.Forms.MessageBox.Show("ERROR, MMF does not exists!"); // No esta el archivo
return;
}
//The number of milliseconds to wait, or Timeout.Infinite (-1) to wait indefinitely.
int amount = cmdMMF.Write(writtenData, 0, mmfWriteTimeout);
if (amount == 0)
{
throw new Exception("Write 0 bytes to command MMF!");
}
//Output.outString("Write data: {0}", BitConverter.ToString(writtenData));
}
private void tsmiFilterListSaveAs_Click(object sender, EventArgs e)
{
FilterManager.SaveFilterList();
}
private void tsmiFilterListLoad_Click(object sender, EventArgs e)
{
FilterManager.LoadFilterList();
LoadFilterItems();
}
private void tsmiFilterListDelete_Click(object sender, EventArgs e)
{
FilterManager.DeleteFilter(lvFilters.SelectedIndices[0]);
lvFilters.Items.RemoveAt(lvFilters.SelectedIndices[0]);
}
private void lvFilters_ItemCheck(object sender, ItemCheckEventArgs e)
{
lastClickTime = DateTime.MinValue;
FilterManager.SetFilterActive(e.Index, e.NewValue == CheckState.Checked);
}
private void ActionClearFilterList()
{
FilterManager.ClearFilterList();
LoadFilterItems();
}
private void btnApply_Click(object sender, EventArgs e)
{
var searches = new Dictionary <int, byte>();
var replaces = new Dictionary <int, byte>();
FilterModes filterMode = FilterModes.SearchAndReplaceFromBegin;
Byte result;
for (var i = 0; i < 501; i++)
{
if (dataGridViewSearch[i, 0].Value != null && Byte.TryParse(dataGridViewSearch[i, 0].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
{
searches.Add(i, result);
}
}
if ((radioButton2.Checked || radioButton3.Checked) && (searches.Count == 0 || !searches.ContainsKey(0)))
{
MessageBox.Show(@"The chain to search must start at the offset 0");
return;
}
if (radioButton1.Checked)
{
filterMode = FilterModes.SearchAndReplaceFromBegin;
for (var i = 0; i < 501; i++)
{
if (dataGridViewSearch[i, 1].Value != null && Byte.TryParse(dataGridViewSearch[i, 1].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
{
replaces.Add(i, result);
}
}
}
else if (radioButton2.Checked)
{
filterMode = FilterModes.SearchOcurrenceReplaceFromBegin;
for (var i = 0; i < 501; i++)
{
if (dataGridViewReplace[i, 0].Value != null && Byte.TryParse(dataGridViewReplace[i, 0].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
{
replaces.Add(i, result);
}
}
}
else if (radioButton3.Checked)
{
filterMode = FilterModes.SearchOcurrenceReplaceFromPosition;
for (var i = 0; i < 501; i++)
{
if (dataGridViewReplace2[i, 0].Value != null && Byte.TryParse(dataGridViewReplace2[i, 0].Value.ToString(), NumberStyles.HexNumber, CultureInfo.InvariantCulture, out result))
{
replaces.Add(i, result);
}
}
}
FilterCaptureFuncs functions = BuildFunctionsBitMask();
FilterActions actions = BuildActionsBitMask();
uint packetLengthMin = 0;
uint packetLengthMax = 0;
if (chkPackeLength.Checked)
{
packetLengthMin = (uint)nudPacketLengthMin.Value;
packetLengthMax = (uint)nudPacketLengthMax.Value;
}
string name = txtFilterName.Text;
if (name == "" && _filterIndex == -1)
{
name = "Filter " + (FilterManager.GetNumberOfFiltersInList() + 1).ToString("D2");
}
if (_filterIndex == -1)
{
FilterManager.NewFilter(chkActive.Checked, filterMode, functions, actions, name, packetLengthMin, packetLengthMax, (uint)nudNumTimesApply.Value, searches, replaces);
}
else
{
FilterManager.EditFilter(_filterIndex, chkActive.Checked, filterMode, functions, actions, name, packetLengthMin, packetLengthMax, (uint)nudNumTimesApply.Value, searches, replaces);
}
Program.mainForm.LoadFilterItems();
Program.mainForm.ActionStartStopFiltering(false);
Close();
}