VB中api hook | From to Earth

关于VB开发外挂尤其是API HOOK方面的分歧较多其实vb做外挂一点也不逊色!
上过MSDN的开发者都知道 vb vc? c# vj的样例是统一的仅仅是语法表达不一样罢了!也就是说用VC写的功能同样也能用VB写出来!
下面提供一段VB利用API截获RAW SOCKET封包的代码,请不吝赐教!
Dim soc As Long, dwRc As Long
Dim RemoteAddr As sockaddr
Dim LocalAddr As sockaddr
Dim inBuffer, outBuffer As String
Dim byteReturn As Long
Dim RetMsg As String
Dim strData As String
Dim nReceived As Long
Const MAX_PACK_LEN = 4096
Dim keepRun As Boolean
Dim asc() As Byte
Private Type TcpHeader ‘typedef struct tcp_hdr //定义TCP首部
? th_sport As Integer ‘; //16位源端口
? th_dport As Integer ‘; //16位目的端口
? th_seq As Long ‘; //32位序列号
? th_ack As Long ‘; //32位确认号
? th_lenres As Byte ‘; //4位首部长度/6位保留字
? th_flag As Byte ‘; //6位标志位
? th_win As Integer ‘; //16位窗口大小
? th_sum As Integer ‘; //16位校验和
? th_urp As Integer ‘; //16位紧急数据偏移量
End Type
Private Type IpHeader
?? h_len As Byte????????????? ‘ length of the header and? Version of IP
?? tos As Byte??????????????? ‘ Type of service
?? total_len As Integer?????? ‘ total length of the packet
?? ident As Integer?????????? ‘ unique identifier
?? frag_and_flags As Integer? ‘ flags
?? ttl As Byte
?? proto As Byte????????????? ‘ protocol (TCP, UDP etc)
?? CheckSum As Integer??????? ‘ IP checksum
?? sourceIP As Long
?? destIP As Long
End Type
Function GetHostByNameAlias(ByVal hostname As String) As Long
??? On Error Resume Next
??? ‘Return IP address as a long, in network byte order
??? Dim phe As Long??? ‘ pointer to host information entry
??? Dim heDestHost As HostEnt ‘hostent structure
??? Dim addrList As Long
??? Dim retIP As Long
??? ‘first check to see if what we have been passed is a valid IP
??? retIP = inet_addr(hostname)
??? If retIP = INADDR_NONE Then
??????? ‘it wasn’t an IP, so do a DNS lookup
??????? phe = gethostbyname(hostname)
??????? If phe <> 0 Then
??????????? ‘Pointer is non-null, so copy in hostent structure
??????????? CopyMemory heDestHost, ByVal phe, hostent_size
??????????? ‘Now get first pointer in address list
??????????? CopyMemory addrList, ByVal heDestHost.h_addr_list, 4
??????????? CopyMemory retIP, ByVal addrList, heDestHost.h_length
??????? Else
??????????? ‘its not a valid address
??????????? retIP = INADDR_NONE
??????? End If
??? End If
??? GetHostByNameAlias = retIP
??? If Err Then GetHostByNameAlias = INADDR_NONE
End Function
Private Function TCPIPStartup() As Boolean
? Dim rc As Integer?? ‘Return code
? Dim wVersionRequested As Long?? ‘Version requested for winsocks
? Dim WSAData As WSADataType????????? ‘Detais os winsock implementation
?
? wVersionRequested = &H202
? TCPIPStartup = True
? rc = WSAStartup(wVersionRequested, WSAData)
? If rc <> 0 Then
??? MsgBox (“RC: “ & rc & “ Unable to start winsocks” & “, Error “ & Err.LastDllError)
??? Call TCPIPShutDown
??? TCPIPStartup = False
??? Exit Function
? End If
End Function
Private Function TCPIPShutDown() As Boolean
??? WSACleanup
End Function
Private Sub cmdConnect_Click()
cmdConnect.Enabled = False
cmdSendRecv.Enabled = True
? soc = socket(AF_INET, SOCK_RAW, IPPROTO_IP)
? If soc = INVALID_SOCKET Then
??? MsgBox “Couldn’t Create Socket . Error:” & Err.LastDllError
? Else
??? LocalAddr.sin_family = AF_INET
??? LocalAddr.sin_port = 0
??? LocalAddr.sin_addr = inet_addr(“172.17.80.107”)
??? dwRc = bind(soc, LocalAddr, sockaddr_size)
??? dwRc = ioctlsocket(soc, &H98000001, 1)
??? Dim rec As Long
??? If dwRc = SOCKET_ERROR Then
??? MsgBox “Couldn’t connect remote socket. Error: “ & Err.LastDllError
??? End If
? End If
End Sub
Private Sub cmdSendRecv_Click()
keepRun = True
Dim Buff(0 To MAX_PACK_LEN) As Byte
Dim IPH As IpHeader
Do While keepRun
DoEvents
Sleep (50) ‘此处不延时亦可不过最好加
dwRc = recv(soc, Buff(0), MAX_PACK_LEN, 0)
If dwRc = SOCKET_ERROR Then
MsgBox “Error in RecvData::recv”
Exit Do
End If
CopyMemory IPH, Buff(0), Len(IPH) ‘为了访问方便
strData = Buff
Select Case IPH.proto
Case IPPROTO_TCP
Debug.Print HexIp2DotIp(IPH.sourceIP) & “ —–> “ & HexIp2DotIp(IPH.destIP) & “-“ & IPH.total_len & “-“ & dwRc
Dim strMy As String
ReDim asc(0 To 4096) As Byte
For i = 40 To 40 + 4056? ‘去掉IP和TCP包头
?? asc(i - 39) = Buff(i)
Next i
strMy = Trim(StrConv(asc, vbUnicode)) ‘使用strconv将byte数组转换成字符串
Debug.Print strMy
End Select
Loop
End Sub
Private Sub Command1_Click()
keepRun = False
End Sub
Private Sub Form_Load()
If TCPIPStartup Then
? cmdSendRecv.Enabled = True
Else
MsgBox “Windows Sockets not initialized. Error: “ & Err.LastDllError
End If
soc = INVALID_SOCKET
cmdConnect.Enabled = True
cmdSendRecv.Enabled = False
End Sub
Private Sub Form_Unload(Cancel As Integer)
TCPIPShutDown
End Sub
Function HexIp2DotIp(ByVal ip As Long) As String
Dim s As String, p1 As String, p2 As String, p3 As String, p4 As String
s = Right(“00000000” & Hex(ip), 8)
p1 = Val(“&h” & Mid(s, 1, 2))
p2 = Val(“&h” & Mid(s, 3, 2))
p3 = Val(“&h” & Mid(s, 5, 2))
p4 = Val(“&h” & Mid(s, 7, 2))
HexIp2DotIp = p4 & “.” & p3 & “.” & p2 & “.” & p1
End Function