分享
 
 
 

使用VB截获WIN98系列下的IP数据包

王朝vb·作者佚名  2006-01-08
窄屏简体版  字體: |||超大  

作者:jyu1221(天同)

QQ:19632995

MSN:jyu1221@hotmail.com

因广大VB爱好者开发捕获IP数据包的需要,我花了一个下午的工夫,终于把它整里出来了,由于时间关系,以下的数据分析部分写的不是很详细。以下代码在WIN98+VB6.0上测试通过,主函数部分比较简单,1。打开设备驱动程序,2。绑定网卡,3。设置捕获数据,4。循环截获IP包。

由于在WIN98下捕获IP数据包,必须要使用VXD技术,它不像WIN2000(可以参照前二天写的,“使用VB捕获WIN2000下的IP数据包”),捕获IP数据包不需要VXD文件,单单只要使用VB就可以了。因为编写VXD的步骤比较麻烦,在以下的源代码中,直接使用IPMAN中的VPACKET.VXD这个驱动程序。可以在网上比较容易得到,需要的朋友也可以跟我联系。以下包含了截获数据包的所有源代码,只要把下面的代码放到一个模块(.BAS)文件中就可以了,里面信息截获到以后,并没有对数据做太多的处理,所有的数据都放在OutBuff数组中,只是简单的分离出了以太网头部m_EtherPacketHead,IP包头部m_IPPacketHead,其中程序中只是简单的输出了源IP地址,目的IP地址,需要更进一不分析里面的内容,可以参照别的资料。在这里为了程序尽量的简单,所以不过多的牵涉。进一步分析的内容可以添加到输出内容的附近代码就可以了。

'--------源代码开始,放到.bas中即可以测试----------

Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, lpSecurityAttributes As Long, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long

Private Declare Function CreateEvent Lib "kernel32" Alias "CreateEventA" (ByVal lpEventAttributes As Long, ByVal bManualReset As Long, ByVal bInitialState As Long, ByVal lpName As String) As Long

Private Declare Function WaitForMultipleObjectsEx Lib "kernel32" (ByVal nCount As Long, lpHandles As Long, ByVal bWaitAll As Long, ByVal dwMilliseconds As Long, ByVal bAlertable As Long) As Long

Private Const INFINITE = &HFFFF

Private Const GENERIC_WRITE = &H40000000

Private Const GENERIC_READ = &H80000000

Private Const OPEN_EXISTING = 3

Private Const FILE_ATTRIBUTE_NORMAL = &H80

Private Const FILE_FLAG_OVERLAPPED = &H40000000

Private Const FILE_FLAG_DELETE_ON_CLOSE = &H4000000

Private Const ERROR_IO_INCOMPLETE = 996&

Private Const NDIS_PACKET_TYPE_DIRECTED = &H1

Private Const IOCTL_PROTOCOL_SET_OID = &H80000004

Private Const IOCTL_PROTOCOL_READ = &H80000010

Private Const OID_GEN_CURRENT_PACKET_FILTER = &H1010E

Private Const WAIT_FAILED = -1

Private Type OVERLAPPED

Internal As Long

InternalHigh As Long

offset As Long

OffsetHigh As Long

hEvent As Long

End Type

Type EtherAddr

AddrByte1 As Byte

AddrByte2 As Byte

AddrByte3 As Byte

AddrByte4 As Byte

AddrByte5 As Byte

AddrByte6 As Byte

End Type

Type EtherPacketHead

DestEther As EtherAddr

SourEther As EtherAddr

ServType As Integer

End Type

Type IPAddr

AddrByte(0 To 3) As Byte

End Type

Type IPPacketHead

VerHLen As Byte

Type1 As Byte

TtlLen As Integer

Id As Integer

FlgOff As Integer

TTL As Byte

Proto As Byte

ChkSum As Integer

SourIP As IPAddr

DestIP As IPAddr

End Type

Type PACKET_OID_DATA

Oid As Long

Length As Long

data As Byte

End Type

Private Declare Function DeviceIoControlAsString Lib "kernel32" Alias "DeviceIoControl" (ByVal hDevice As Long, ByVal dwIoControlCode As Long, ByVal lpInBuffer As String, ByVal nInBufferSize As Long, ByVal lpOutBuffer As String, ByVal nOutBufferSize As Long, lpBytesReturned As Long, lpOverlapped As OVERLAPPED) As Long

Private Declare Function DeviceIoControl Lib "kernel32" (ByVal hDevice As Long, ByVal dwIoControlCode As Long, lpInBuffer As Any, ByVal nInBufferSize As Long, lpOutBuffer As Any, ByVal nOutBufferSize As Long, lpBytesReturned As Long, lpOverlapped As OVERLAPPED) As Long

Private Declare Function GetOverlappedResult Lib "kernel32" (ByVal hFile As Long, lpOverlapped As OVERLAPPED, lpNumberOfBytesTransferred As Long, ByVal bWait As Long) As Long

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)

Private Declare Sub ZeroMemory Lib "kernel32" Alias "RtlZeroMemory" (ByVal dest As Long, ByVal numbytes As Long)

Private Declare Function GetLastError Lib "kernel32" () As Long

Const ETHER_PROTO_IP = &H8

Const IP_PROTO_TCP = &H6

Const ETHER_HEAD_LEN = 14

Const IP_HEAD_BYTE_LEN = 20

Dim bFirst As Boolean

Const SYSERR = -1

Const BUFFER_SIZE = 16384

Const nREAD = 1

Type PacketTable

hEvent As Long

Active As Boolean

Overlap As OVERLAPPED

Size As Long

Buffer(BUFFER_SIZE) As Byte

Length As Long

Type As Integer

End Type

Const RECV_MAX = 32

Dim RecvTab(RECV_MAX) As PacketTable

Dim EventTab(RECV_MAX) As Long

Dim InBuff(1514) As Byte

Dim OutBuff(1514) As Byte

Function Bind(hVxD As Long, inBuffer As String) As Boolean

Dim hEvent As Long

Dim cbRet As Long

Dim ovlp As OVERLAPPED

Dim result As Long

Dim cbIn As Long

cbIn = 5

hEvent = CreateEvent(0, 1, 0, vbNullString)

If hEvent = 0 Then

Bind = False

MsgBox "err bind"

Exit Function

End If

ovlp.hEvent = hEvent

'((0x8000) << 16) | ((0) << 14) | ((7) << 2) | (0))

Const IOCTL_PROTOCOL_BIND = &H8000001C

result = DeviceIoControlAsString(hVxD, _

IOCTL_PROTOCOL_BIND, _

ByVal inBuffer, _

cbIn, _

ByVal inBuffer, _

cbIn, _

cbRet, _

ovlp)

If (result = 0) Then

Call GetOverlappedResult(hVxD, ovlp, cbRet, True)

End If

Call CloseHandle(hEvent)

Bind = True

End Function

Function QueryPacket(ByVal hVxD As Long, ByVal ioctl As Long, ByVal cbIn As Long, ByVal cbOut As Long) As Long

Dim hEvent As Long

Dim cbRet As Long

Dim ovlp As OVERLAPPED

Dim result As Long

hEvent = CreateEvent(0, 1, 0, vbNullString)

If hEvent = 0 Then

QueryPacket = False

MsgBox "err bind"

Exit Function

End If

ovlp.Internal = 0

ovlp.InternalHigh = 0

ovlp.offset = 0

ovlp.OffsetHigh = 0

ovlp.hEvent = hEvent

' ioc = &H80000018

result = DeviceIoControl(hVxD, ioctl, InBuff(0), cbIn, InBuff(0), cbOut, cbRet, ovlp)

If result = 0 Then

If (GetLastError() = ERROR_IO_PENDING) Then

MsgBox "Ok0"

Else

Call CloseHandle(hEvent)

Exit Function

End If

If (0 = GetOverlappedResult(hVxD, ovlp, cbRet, 0)) Then

If (GetLastError() = ERROR_IO_INCOMPLETE) Then

MsgBox "ok2"

Else

Call CloseHandle(hEvent)

Exit Function

End If

End If

result = GetOverlappedResult(hVxD, ovlp, cbRet, 1)

End If

QueryPacket = cbRet

End Function

Function QueryOid(hVxD As Long, ulOid As Long, ulLength As Long) As Long

Dim cbIn As Long

cbIn = 14 + ulLength

Dim cbRet As Long

Dim OidData As PACKET_OID_DATA

OidData.Oid = ulOid

OidData.Length = ulLength

OidData.data = 0

Dim ioctl As Long

Const OID_802_3_PERMANENT_ADDRESS = &H1010101

Const IOCTL_PROTOCOL_QUERY_OID = &H80000000

Const IOCTL_PROTOCOL_STATISTICS = &H80000008

If ulOid >= OID_802_3_PERMANENT_ADDRESS Then

ioctl = IOCTL_PROTOCOL_QUERY_OID

Else

ioctl = IOCTL_PROTOCOL_STATISTICS

End If

Call CopyMemory(InBuff(0), OidData, cbIn)

cbRet = QueryPacket(hVxD, ioctl, cbIn, cbIn)

QueryOid = cbRet

End Function

Function GetHardEtherAddr(ByVal hVxD As Long, petheraddr As EtherAddr) As Boolean

Dim nret As Long

Const OID_802_3_CURRENT_ADDRESS = &H1010102

nret = QueryOid(hVxD, OID_802_3_CURRENT_ADDRESS, 6)

If (nret > 0) Then

Call CopyMemory(petheraddr, InBuff(8), 6)

GetHardEtherAddr = True

Else

GetHardEtherAddr = False

End If

End Function

Function SetOid(ByVal hVxD As Long, ByVal ulOid As Long, ByVal ulLength As Long, ByVal data As Long) As Long

Dim cbIn As Long

Dim cbRet As Long

Dim OidData As PACKET_OID_DATA

Dim ioctl As Long

cbIn = 32

If (ulOid = OID_GEN_CURRENT_PACKET_FILTER) Then ioctl = IOCTL_PROTOCOL_SET_OID

OidData.Oid = ulOid

OidData.Length = ulLength

OidData.data = 1

CopyMemory InBuff(0), OidData, cbIn

cbRet = QueryPacket(hVxD, ioctl, cbIn, cbIn)

SetOid = 0

End Function

Function GetPacket(ByVal hVxD As Long, ByVal ioctl As Long, ByVal cbIn As Long, ByVal cbOut As Long) As Long

Dim hEvent As Long

Dim cbRet As Long

Dim ovlp As OVERLAPPED

Dim result As Long

hEvent = CreateEvent(0, 1, 0, vbNullString)

If hEvent = 0 Then

GetPacket = 0

Exit Function

End If

ovlp.hEvent = hEvent

result = DeviceIoControl(hVxD, ioctl, InBuff(0), cbIn, OutBuff(0), cbOut, cbRet, ovlp)

If (result = 0) Then Call GetOverlappedResult(hVxD, ovlp, cbRet, True)

GetPacket = cbRet

End Function

Function RecvPacket(ByVal hVxD As Long, ByVal pbuf As Variant) As Long

Dim hEvent As Long

Dim I As Long, J As Long, K As Long

Dim len1 As Long

If (bFirst) Then

For I = 0 To RECV_MAX - 1

hEvent = CreateEvent(0, 1, 0, vbNullString)

If (hEvent = 0) Then

MsgBox "ERROR"

RecvPacket = SYSERR

Exit Function

End If

RecvTab(I).hEvent = hEvent

RecvTab(I).Size = BUFFER_SIZE

RecvTab(I).Active = True

RecvTab(I).Type = nREAD

EventTab(I) = hEvent

Call RecvStart(hVxD, RecvTab(I))

Next

bFirst = False

End If

I = WaitForMultipleObjectsEx(RECV_MAX, EventTab(0), 0, INFINITE, 0)

If (I = WAIT_FAILED) Then

MsgBox "error WaitForMultipleObjectsEx"

RecvPacket = SYSERR

Exit Function

End If

For J = 0 To RECV_MAX - 1

If (EventTab(I) = RecvTab(J).hEvent) Then Exit For

Next

K = J

If (RecvTab(K).Type = nREAD And RecvTab(K).Active = True) Then

Call GetOverlappedResult(hVxD, RecvTab(K).Overlap, RecvTab(K).Length, 0)

If (RecvTab(K).Length > BUFFER_SIZE) Then RecvTab(K).Length = BUFFER_SIZE

Call CopyMemory(OutBuff(0), RecvTab(K).Buffer(0), RecvTab(K).Length)

len1 = RecvTab(K).Length

Call CloseHandle(RecvTab(K).hEvent)

For J = I + 1 To RECV_MAX - 1

EventTab(I) = EventTab(J)

I = I + 1

Next

hEvent = CreateEvent(0, 1, 0, vbNullString)

If (hEvent = 0) Then

MsgBox "ERROR CREATEEVENT"

RecvPacket = SYSERR

Exit Function

End If

RecvTab(K).hEvent = hEvent

'memset(RecvTab[k].Buffer,0,BUFFER_SIZE);

RecvTab(K).Size = BUFFER_SIZE

RecvTab(K).Active = True

RecvTab(K).Type = nREAD

EventTab(RECV_MAX - 1) = hEvent

Call RecvStart(hVxD, RecvTab(K))

RecvPacket = len1

Exit Function

Else

RecvPacket = SYSERR

End If

End Function

Function RecvStart(ByVal hVxD As Long, packtab As PacketTable) As Long

Dim result As Long

packtab.Overlap.Internal = 0

packtab.Overlap.InternalHigh = 0

packtab.Overlap.offset = 0

packtab.Overlap.OffsetHigh = 0

packtab.Overlap.hEvent = packtab.hEvent

result = DeviceIoControl(hVxD, _

IOCTL_PROTOCOL_READ, _

packtab.Buffer(0), _

packtab.Size, _

packtab.Buffer(0), _

packtab.Size, _

packtab.Length, _

packtab.Overlap)

If (result <> 0) Then

RecvStart = SYSERR

Else

RecvStart = 0

End If

End Function

Sub Main()

bFirst = True

Dim hVxD As Long

Dim m_EtherPacketHead As EtherPacketHead

Dim m_IPPacketHead As IPPacketHead

Dim m_EtherAddr As EtherAddr

hVxD = CreateFile("\.VPACKET.VXD", _

GENERIC_READ Or GENERIC_WRITE, _

0, _

0, _

OPEN_EXISTING, _

FILE_ATTRIBUTE_NORMAL Or _

FILE_FLAG_OVERLAPPED Or _

FILE_FLAG_DELETE_ON_CLOSE, _

0)

Bind hVxD, "0001"

Call GetHardEtherAddr(hVxD, m_EtherAddr)

SetOid hVxD, OID_GEN_CURRENT_PACKET_FILTER, 4, NDIS_PACKET_TYPE_DIRECTED

Do Until False

DoEvents

'result = GetPacket(hVxD, IOCTL_PROTOCOL_READ, 1514, 1514)

result = RecvPacket(hVxD, OutBuff)

If result = 0 Then Exit Do

If result <> SYSERR Then

Call CopyMemory(m_EtherPacketHead, OutBuff(0), ETHER_HEAD_LEN)

If m_EtherPacketHead.ServType = ETHER_PROTO_IP Then

Call CopyMemory(m_IPPacketHead, OutBuff(ETHER_HEAD_LEN), IP_HEAD_BYTE_LEN)

If m_IPPacketHead.Proto = IP_PROTO_TCP Then

Debug.Print "SourIP:", m_IPPacketHead.SourIP.AddrByte(0) & "." & m_IPPacketHead.SourIP.AddrByte(1) & "." & m_IPPacketHead.SourIP.AddrByte(2) & "." & m_IPPacketHead.SourIP.AddrByte(3)

Debug.Print "DestIP:", m_IPPacketHead.DestIP.AddrByte(0) & "." & m_IPPacketHead.DestIP.AddrByte(1) & "." & m_IPPacketHead.DestIP.AddrByte(2) & "." & m_IPPacketHead.DestIP.AddrByte(3)

End If

End If

End If

Loop

Call CloseHandle(hVxD)

End Sub

'----------------------源代码结束-----------------

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有