Check.cpp
上传用户:yitai_qhd
上传日期:2008-04-24
资源大小:31k
文件大小:6k
- #include "check.h"
- #include "packet.h"
- #include "windef.h"
- #include "stdio.h"
- #include "string.h"
- int CheckTcp(
- PIP_HEADER pIpHeader,
- PTCP_HEADER pTcpHeader,
- BOOLEAN IsSend,
- UINT LookaheadBufferSize,
- PVOID pVoid
- )
- {
- NTSTATUS Status;
- NTSTATUS LogStatus;
- UNICODE_STRING UnicodeFilespec;
- UNICODE_STRING UnicodeLogFile;
- OBJECT_ATTRIBUTES ObjectAttributes;
- OBJECT_ATTRIBUTES LogObjectAttributes;
- HANDLE FileHandle;
- HANDLE LogFileHandle;
- DWORD IP;
- IO_STATUS_BLOCK Iosb;
- IO_STATUS_BLOCK LogIosb;
- RtlInitUnicodeString(&UnicodeFilespec, L"\DosDevices\C:\ip.dat");
- RtlInitUnicodeString(&UnicodeLogFile, L"\DosDevices\C:\iplog.dat");
- InitializeObjectAttributes(&ObjectAttributes, // ptr to structure
- &UnicodeFilespec, // ptr to file spec
- OBJ_CASE_INSENSITIVE, // attributes
- NULL, // root directory handle
- NULL ); // ptr to security descriptor
- InitializeObjectAttributes(&LogObjectAttributes, // ptr to structure
- &UnicodeLogFile, // ptr to file spec
- OBJ_CASE_INSENSITIVE, // attributes
- NULL, // root directory handle
- NULL ); // ptr to security descriptor
- Status = ZwCreateFile(&FileHandle, // returned file handle
- (GENERIC_READ| SYNCHRONIZE), // desired access
- &ObjectAttributes, // ptr to object attributes
- &Iosb, // ptr to I/O status block
- 0, // allocation size
- FILE_ATTRIBUTE_NORMAL, // file attributes
- 0, // share access
- FILE_SUPERSEDE, // create disposition
- FILE_SYNCHRONOUS_IO_NONALERT, // create options
- NULL, // ptr to extended attributes
- 0); // length of ea buffer
- LogStatus = ZwCreateFile(&LogFileHandle, // returned file handle
- (FILE_APPEND_DATA| SYNCHRONIZE), // desired access
- &LogObjectAttributes, // ptr to object attributes
- &LogIosb, // ptr to I/O status block
- 0, // allocation size
- FILE_ATTRIBUTE_NORMAL, // file attributes
- 0, // share access
- FILE_SUPERSEDE, // create disposition
- FILE_SYNCHRONOUS_IO_NONALERT, // create options
- NULL, // ptr to extended attributes
- 0);
- //
- // Check the system service status
- //
- if( !NT_SUCCESS(Status) )
- {
- }
- //
- // Check the returned status too...
- //
- if(!NT_SUCCESS(Iosb.Status) )
- {
- }
- Status = ZwReadFile(FileHandle,
- 0,
- NULL,
- NULL,
- &Iosb,
- &IP,
- 4,
- 0,
- NULL);
- if(IsSend)
- {
- while(!NT_SUCCESS(Status)&&!NT_SUCCESS(Iosb.Status))
- {
- Status = ZwReadFile(FileHandle,
- 0,
- NULL,
- NULL,
- &Iosb,
- &IP,
- 4,
- 0,
- NULL);
- if(strcmp((char *)pIpHeader->SourceIp,(char *)IPTrans(IP)))
- {
- LogStatus = ZwWriteFile(LogFileHandle,
- 0,
- NULL,
- NULL,
- &Iosb,
- &IP,
- 4,
- 0,
- NULL);
- return -1;
- }
- }
- }
- else
- {
- while(!NT_SUCCESS(Status)&&!NT_SUCCESS(Iosb.Status))
- {
- Status = ZwReadFile(FileHandle,
- 0,
- NULL,
- NULL,
- &Iosb,
- &IP,
- 4,
- 0,
- NULL);
- if(strcmp((char *)pIpHeader->DestinationIp,(char *)IPTrans(IP)))
- {
- LogStatus = ZwWriteFile(LogFileHandle,
- 0,
- NULL,
- NULL,
- &Iosb,
- &IP,
- 4,
- 0,
- NULL);
- return -1;
- }
- }
- }
- //
- // Well, That's all folks!
- //
- Status = ZwClose(FileHandle);
- return 1;
- }
- int CheckUdp(
- PIP_HEADER pIpHeader,
- PUDP_HEADER pUdpHeader,
- BOOLEAN IsSend,
- UINT LookaheadBufferSize,
- void *pVoid
- )
- {
- if(pUdpHeader->Length!=LookaheadBufferSize)
- return 1;
- return 0;
- }
- int CheckIcmp(
- PIP_HEADER pIpHeader,
- PICMP_HEADER pIcmpHeader,
- BOOLEAN IsSend,
- UINT LookaheadBufferSize
- )
- {
- if(!IsSend) return -1;
- return 1;
- }
- unsigned char* IPTrans(DWORD IP)
- {
- int ip1=(IP&0x000000ff);
- int ip2=(IP&0x0000ff00)>>8;
- int ip3=(IP&0x00ff0000)>>16;
- int ip4=(IP&0xff000000)>>24;
- unsigned char Tmp[4];
- sprintf((char*)Tmp,"%c",(char)ip1);
- sprintf((char *)&Tmp[1],"%c",(char)ip2);
- sprintf((char *)&Tmp[2],"%c",(char)ip3);
- sprintf((char *)&Tmp[3],"%c",(char)ip4);
- return Tmp;
- }
English
