VB 从零开始编外挂(八)-.NET教程,VB.Net语言-IDC资讯中心

private sub form_load()

countid = 0

exitid = false

listview1.columnheaders.add 1, , "源 ip", 1500

listview1.columnheaders.add 2, , "源端口", 1500

listview1.columnheaders.add 3, , "目标 ip", 1500

listview1.columnheaders.add 4, , "目标端口", 1500

listview1.columnheaders.add 5, , "协议", 1500

listview1.columnheaders.add 6, , "时间", 1500

end sub

private sub form_unload(cancel as integer)

call wcleanup(s)

unload me

end sub

private sub listview1_click()

dim coun as long

dim sar as string, sar3 as string

dim sar1 as string, sar2 as string

richtextbox1.text = "" 清除 richtextbox1

dim buffer() as byte

buffer = str

if listview1.selecteditem is nothing then 如果 listview1 控件没有数值则提示错误

exit sub

end if

将 buffer 的值（即通过 recibir 接收的数据包）转换为一定格式并在 richtextbox1 控件下显示出来

for i = 0 to resarray(listview1.selecteditem.index)

coun = coun + 1

if len(hex(buffer(i))) = 1 then

sar = "0" & hex(buffer(i))

else

sar = hex(buffer(i))

end if

sar3 = sar3 & sar

if asc(chr("&h" & hex(buffer(i)))) < 32 then

sar1 = "."

else

sar1 = chr("&h" & hex(buffer(i)))

end if

sar2 = sar2 & sar1

richtextbox1.text = richtextbox1.text & sar & " "

if coun = 15 then

richtextbox1.text = richtextbox1.text & " |" & sar2 & vbcrlf:

coun = 0

sar2 = ""

sar3 = ""

end if

next i

if coun < 15 then

r = 44 – (coun * 3) + 1

es = string(r, chr(32))

richtextbox1.text = richtextbox1.text & es & " |" & sar2

end if

end sub

private sub m_clear_click()

listview1.listitems.clear

richtextbox1.text = ""

end sub

程序开始捕捉

private sub m_start_click()

listview1.listitems.clear

richtextbox1.text = ""

connecting ip(hostname), msghwnd 开始截取封包

end sub

private sub m_stop_click()

exitid = true 停止截取封包

end sub

private sub msghwnd_mouseup(button as integer, shift as integer, x as single, y as single)

countid = countid + 1

recibir s, 1

if exitid = true then

call wcleanup(s)

exitid = false

msgbox "退出", vbokonly, "数据封包截取"

end if

end sub

模块：

option explicit

wsastartup 用来判断 windows 所支持的 winsock 版本，也就是初始化 winsock dll，其中第一个参数为你所想需要的winsock版本！低字节为主版本，高字节为副版本！由于目前winsock有两个版本：1.1和2.2，因此该参数可以是0x101或0x202；第二个参数是一个wsadata结构，用于接收函数的返回信息！wsastartup函数调用成功会返回0，否则返回非0值！

wsacleanup 用来关闭 winsock，与 wsastartup 一起使用，即 wsastartup 也可以看为启动 winsock

gethostbyname 用来返回一个关于主机信息的结构的指针

public declare function wsastartup lib "wsock32.dll" alias "wsastartup" (byval wversionrequired as integer, byref lpwsadata as wsadata) as long

public declare function wsacleanup lib "wsock32.dll" alias "wsacleanup" () as long

public declare sub copymemory lib "kernel32.dll" alias "rtlmovememory" (destination as any, source as any, byval length as long)

public declare function lstrlen lib "kernel32.dll" alias "lstrlena" (byval lpstring as any) as long

public declare function lstrcpy lib "kernel32.dll" alias "lstrcpya" (byval lpstring1 as any, byval lpstring2 as any) as long

public declare function inet_ntoa lib "wsock32.dll" (byval addr as long) as long

public declare function gethostname lib "wsock32.dll" (byval name as string, byval namelen as long) as long

public declare function gethostbyname lib "wsock32.dll" (byval name as string) as long

public declare function closesocket lib "wsock32.dll" (byval s as long) as long

public declare function recv lib "wsock32.dll" (byval s as long, buf as any, byval buflen as long, byval flags as long) as long

public declare function socket lib "wsock32.dll" (byval af as long, byval s_type as long, byval protocol as long) as long

public declare function wsaasyncselect lib "wsock32.dll" (byval s as long, byval hwnd as long, byval wmsg as long, byval levent as long) as long

public declare function wsaioctl lib "ws2_32.dll" (byval s as long, byval dwiocontrolcode as long, lpvinbuffer as any, byval cbinbuffer as long, lpvoutbuffer as any, byval cboutbuffer as long, lpcbbytesreturned as long, lpoverlapped as long, lpcompletionroutine as long) as long

public declare function inet_addr lib "wsock32.dll" (byval cp as string) as long

public declare function bind lib "wsock32.dll" (byval s as integer, addr as sockaddr, byval namelen as integer) as integer

public declare function ntohs lib "wsock32.dll" (byval netshort as long) as integer

public type wsadata

wversion as integer

whighversion as integer

szdescription as string * 255

szsystemstatus as string * 128

imaxsockets as integer

imaxudpdg as integer

lpvendorinfo as long

end type

sock 地址结构

public type sockaddr

sin_family as integer

sin_port as integer

sin_addr as long

sin_zero as string * 8

end type

public type hostent

h_name as long

h_aliases as long

h_addrtype as integer

h_length as integer

h_addr_list as long

end type

ip 头结构

public type ipheader

lenver as byte

tos as byte

len as integer

ident as integer

flags as integer

ttl as byte

proto as byte

checksum as integer

sourceip as long

destip as long

end type

tcp 头结构

public type tcp_hdr

th_sport as integer

th_dport as integer

th_seq as long

th_ack as long

th_lenres as byte

th_flag as byte

th_win as integer

th_sum as integer

th_urp as integer

end type

udp 头结构

public type udp_hdr

th_sport as integer

th_dport as integer

th_len as integer

th_sum as integer

end type

icmp 头结构

public type icmp_hdr

th_type as byte

th_code as byte

th_sum as integer

th_id as integer

th_seq as integer

th_time as long

end type

常量

public const pf_inet = 2

public const sock_raw = 3

public const af_inet = 2

public const fd_read = &h1

public const sio_rcvall = &h98000001

public const em_replacesel = &hc2

public host as hostent

public s as long

public sock as sockaddr

public header as ipheader

public tcphead as tcp_hdr

public udphead as udp_hdr

public icmphead as icmp_hdr

public resarray() as long, str as string

public i as long, countid as long i 为临时变量，循环语句用，countid 用来计算一共有多少个数据包

public protocol as string

public buffer() as byte 存放数据包

public res as long 返回值，临时变量

public exitid as boolean 退出标识

开始

public sub wstartup()

dim data as wsadata

call wsastartup(&h202, data) 初始化 winsock 为 2.2

end sub

结束

public sub wcleanup(s as long)

call wsacleanup 关闭 winsock

closesocket s

end sub

获得当前主机的 ip

public function ip(byref address as string) as string

dim pip as long

dim uip as long

dim s as long

dim ss as string

dim cul as long

copymemory host, byval gethostbyname(address), len(host) 将 gethostbyname 获得的值放到 host

copymemory pip, byval host.h_addr_list, 4 将 host.h_addr_list 的值放到 pip

copymemory uip, byval pip, 4 将 pip 的值放到 uip

s = inet_ntoa(uip) 将 uip 转换为标准的 ipv4 格式

ss = space(lstrlen(s)) 去掉空格

cul = lstrcpy(ss, s)

ip = ss 获得 ipv4 格式的地址并将其放如 ip

end function

获得当前机器的主机名

public function hostname() as string

dim r as long

dim s as string

dim host as string

wstartup

host = string(255, 0)

r = gethostname(host, 255) 获得当前主机的主机名

if r = 0 then

hostname = left(host, instr(1, host, vbnullchar) – 1)

end if

end function

连接 ip

public sub connecting(byref ip as string, pic as picturebox)

dim res as long, buf as long, bufb as long

buf = 1

wstartup 初始化 winsock

s = socket(af_inet, sock_raw, 0) 创建套接字，s 是socket功能返回的文件描述符

if s < 1 then

call wcleanup(s)

exit sub 如果创建失败则退出

end if

sock.sin_family = af_inet socket类型

sock.sin_addr = inet_addr(ip) 所用的ip地址

res = bind(s, sock, len(sock)) 绑定端口

if res <> 0 then

call wcleanup(s)

exit sub 如果绑定失败则退出

end if

res = wsaioctl(s, sio_rcvall, buf, len(buf), 0, 0, bufb, byval 0, byval 0) 改变socket io模式，将其改为混乱模式，即接受与自己无关的数据，则 sio_rcvall

if res <> 0 then

call wcleanup(s)

exit sub

end if

res = wsaasyncselect(s, pic.hwnd, &h202, byval fd_read) 设置套接字处于阻塞方式或者非阻塞方式,消息发送的窗口是 pic，即 form1.picture1

if res <> 0 then

call wcleanup(s)

exit sub

end if

end sub

接收信息

public sub recibir(s as long, byval recformat as long)

if recformat = fd_read then

redim buffer(2000) 重定义缓冲区大小为 2000

do

res = recv(s, buffer(0), 2000, 0&) 接收信息

if res > 0 then

redim preserve resarray(countid) 改变数组大小，并保留以前的数据

str = buffer()

resarray(countid) = res

copymemory header, buffer(0), len(header) 将 buffer 里面的数据复制到 header 结构里面

根据ip头结构的标识来获得是什么类型的数据包，并将 ip 从头结构中分离出来

if header.proto = 1 then

protocol = "icmp"

proticmp inversaip(hex(header.destip)), inversaip(hex(header.sourceip))

end if

if header.proto = 6 then

protocol = "tcp"

protcp inversaip(hex(header.destip)), inversaip(hex(header.sourceip))

end if

if header.proto = 17 then

protocol = "udp"

proudp inversaip(hex(header.destip)), inversaip(hex(header.sourceip))

end if

end if

loop until res <> 2000

end if

end sub

将 16 进制转换为 ip 地址

public function inversaip(byref lng as string) as string

dim ips as string

select case len(lng)

case 1

lng = "0000000" & lng

case 2

lng = "000000" & lng

case 3

lng = "00000" & lng

case 4

lng = "0000" & lng

case 5

lng = "000" & lng

case 6

lng = "00" & lng

case 7

lng = "0" & lng

end select

for i = 1 to len(lng) step 2

ips = ips & val("&h" & mid(lng, len(lng) – i, 2)) & "."

next i

inversaip = mid(ips, 1, len(ips) – 1)

end function

public function proticmp(saa as string, soc as string) as string

dim listtemp as variant

set listtemp = form1.listview1.listitems.add(, , soc)

listtemp.subitems(2) = saa

listtemp.subitems(4) = protocol

listtemp.subitems(5) = time

copymemory icmphead, buffer(0 + 20), len(icmphead)

end function

public sub protcp(saa as string, soc as string)

dim listtemp as variant

copymemory tcphead, buffer(0 + 20), len(tcphead)

set listtemp = form1.listview1.listitems.add(, , soc)

listtemp.subitems(1) = ntohs(tcphead.th_sport)

listtemp.subitems(2) = saa

listtemp.subitems(3) = ntohs(tcphead.th_dport)

listtemp.subitems(4) = protocol

listtemp.subitems(5) = time

end sub

public sub proudp(saa as string, soc as string)

dim listtemp as variant

copymemory udphead, buffer(0 + 20), len(udphead)

set listtemp = form1.listview1.listitems.add(, , soc)

listtemp.subitems(1) = ntohs(udphead.th_sport)

listtemp.subitems(2) = saa

listtemp.subitems(3) = ntohs(udphead.th_dport)

listtemp.subitems(4) = protocol

listtemp.subitems(5) = time

end sub

——————————————————————————————————————————————————–

彩色的太费时间了，所以就直接贴了！呵呵！

——————————————————————————————————————————————————–

点击给我留言

——————————————————————————————————————————————————–