钩子闪光应用程序

如果我在我的C#应用​​程序中加载一个打开带有服务器B的套接字的闪存应用程序A,是否可以设置本地挂钩以便我可以读取A和服务器B之间交换的数据包?

  • 如果需要,我可以获得flash应用程序源代码,但我不是那些编写它们的人
  • 我是C#的新手(说实话,我仍然想知道为Windows编写这种应用程序的最佳语言)和挂钩,所以任何一个例子都会非常感激:)
  • 我在客户端工作

是的你可以。 您应该使用EasyHook库来挂接来自C#的本机套接字API调用。 通过在连接 , 发送和recv函数上放置钩子,您可以挂钩基于Windows的应用程序中的任何流量。

这是一个例子:

private IntPtr _socketsLib; private LocalHook _createConnectHook; private LocalHook _createRecvHook; private LocalHook _createSendHook; _socketsLib = NativeAPI.LoadLibrary("Ws2_32.dll"); _createConnectHook = LocalHook.Create(LocalHook.GetProcAddress("Ws2_32.dll", "connect"), new NativeSocketMethod.DConnect(connect_Hooked), this); _createRecvHook = LocalHook.Create(LocalHook.GetProcAddress("Ws2_32.dll", "recv"), new NativeSocketMethod.Drecv(recv_Hooked), this); _createSendHook = LocalHook.Create(LocalHook.GetProcAddress("Ws2_32.dll", "send"), new NativeSocketMethod.Dsend(send_Hooked), this); _createConnectHook.ThreadACL.SetExclusiveACL(new int[1]); _createRecvHook.ThreadACL.SetExclusiveACL(new int[1]); _createSendHook.ThreadACL.SetExclusiveACL(new int[1]); private static int connect_Hooked(IntPtr socketHandle, ref NativeSocketMethod.sockaddr name, ref int namelen) { // TODO: do something with data here return NativeSocketMethod.connect(socketHandle, ref name, ref namelen); } private static int recv_Hooked(IntPtr socketHandle, IntPtr buf, int count, int socketFlags) { // TODO: do something with data here return NativeSocketMethod.recv(socketHandle, buf, count, socketFlags); } private static int send_Hooked(IntPtr socketHandle, IntPtr buf, int count, int socketFlags) { // TODO: do something with data here return NativeSocketMethod.send(socketHandle, buf, count, socketFlags); } 

和NativeSocketMethod.cs

 public static class NativeSocketMethod { [DllImport("Ws2_32.dll")] public static extern int connect(IntPtr socketHandle, ref sockaddr Address, ref int Addresslen); [DllImport("Ws2_32.dll")] public static extern int getpeername(IntPtr s, ref sockaddr Address, ref int namelen); [DllImport("ws2_32.dll")] public static extern IntPtr inet_ntoa(in_addr a); [DllImport("ws2_32.dll")] public static extern ushort ntohs(ushort netshort); [DllImport("Ws2_32.dll")] public static extern int recv(IntPtr socketHandle, IntPtr buf, int Buffercount, int socketFlags); [DllImport("Ws2_32.dll")] public static extern int send(IntPtr socketHandle, IntPtr buf, int count, int socketFlags); public enum AddressFamily { AppleTalk = 0x11, BlueTooth = 0x20, InterNetworkv4 = 2, InterNetworkv6 = 0x17, Ipx = 4, Irda = 0x1a, NetBios = 0x11, Unknown = 0 } [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)] public delegate int DConnect(IntPtr socketHandle, ref NativeSocketMethod.sockaddr Address, ref int Addresslen); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)] public delegate int Drecv(IntPtr socketHandle, IntPtr buf, int Buffercount, int socketFlags); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)] public delegate int Dsend(IntPtr socketHandle, IntPtr buf, int count, int socketFlags); [StructLayout(LayoutKind.Sequential)] public struct in_addr { [MarshalAs(UnmanagedType.ByValArray, SizeConst=4)] public byte[] sin_addr; } public enum ProtocolType { BlueTooth = 3, ReliableMulticast = 0x71, Tcp = 6, Udp = 0x11 } [StructLayout(LayoutKind.Sequential)] public struct sockaddr { public short sin_family; public ushort sin_port; public NativeSocketMethod.in_addr sin_addr; [MarshalAs(UnmanagedType.ByValArray, SizeConst=8)] public byte[] sin_zero; } public enum SocketType { Unknown, Stream, DGram, Raw, Rdm, SeqPacket } }