拦截winsock的recvfrom函数提供了无效地址错误
我试图拦截的Winsock2呼吁解决在同一台主机上的进程之间的UDP数据包间歇性消失的情况。当它们“消失”时,它们会消失20秒,这足以中止正在运行的过程。拦截winsock的recvfrom函数提供了无效地址错误
我设法让DLL注入工作,并正确截获了2个winsock调用(我希望),因为我可以做一个简单的打印,但我需要能够处理地址信息,以便我可以跟踪谁发送什么对谁...
不幸的是,我注入的上游过程显然是调用recvfrom(是的,不是WSA ...等价物,这是旧的移植POSIX代码)与NULL的“从”和“fromlen”参数。如果我在所有的接收作品中都不摆弄他们。如果我执行以下操作,则会收到“无效地址”错误(Winsock错误10014)。
的我在做一些愚蠢的事吗?不是说我会感到惊讶....是的,用所需的调试重建目标应用程序会更容易,但由于数据中心迁移,构建环境下降,我需要弹药来说“这不是应用。”
// dllmain.cpp : Defines the entry point for the DLL application. #include "stdafx.h"
#include <stdio.h>
#include <stdlib.h>
#include "mhook.h"
#include <winsock2.h>
// typedefs for function pointers...
typedef int(WINAPI *rcvfrom_ptr) (
SOCKET s,
char *buf,
int len,
int flags,
struct sockaddr *from,
int *fromlen
);
typedef int(WINAPI *sendto_ptr) (
_In_ SOCKET s,
_In_ const char *buf,
_In_ int len,
_In_ int flags,
_In_ const struct sockaddr *to,
_In_ int tolen
);
// Function pointers for original calls.
rcvfrom_ptr orig_rcvfrom;
sendto_ptr orig_sendto;
//
// Helper functions.
//
typedef union sockaddrs {
struct sockaddr from;
struct sockaddr_in in_from;
// Need to verify Ipv6 support. may need to remigrate back to VS 2015
//struct sockaddr_in6 in6_from;
} tsockaddrs;
char *printaddr(char *buff,const int buffsz, const tsockaddrs *addr)
{
...
}
// Shim functions.
//
// Still working on getting them to actually work and do what I need.
// But I may as well develop the skeleton
int WINAPI Myrecvfrom(SOCKET s,
char *buf,
int len,
int flags,
struct sockaddr *from,
int *fromlen
)
{
int result;
struct sockaddr *all_froms;
char addrbuff[100] = "";
int newfromlen = sizeof(struct sockaddr);
all_froms = (struct sockaddr *)malloc(sizeof(struct sockaddr));
memset((void *)all_froms,0,sizeof(struct sockaddr));
printf("Receiving Packet!\n");
if (from == NULL) {
printf("\tFrom addr == null, using internal structures\n");
result = (orig_rcvfrom)(s, buf, len, flags, all_froms, &newfromlen);
} else {
printf("\tFrom addr != null, using passed structures\n");
result = (orig_rcvfrom)(s, buf, len, flags, from, fromlen);
memcpy_s((void*)&all_froms,sizeof(all_froms),(void *)from,*fromlen);
if (fromlen != NULL) {
newfromlen=*fromlen;
} else {
newfromlen=sizeof(struct sockaddr);
}
}
if (result >0) {printf("received %d bytes\n",result);}
else if (result == SOCKET_ERROR) {printf("Socket Error %d occurred!\n",WSAGetLastError());}
if (newfromlen >0) {
if (printaddr(addrbuff,sizeof(addrbuff),(tsockaddrs *)all_froms)!=NULL) {
printf("received %d bytes from on port %d from host %s\n",result,((tsockaddrs *)(all_froms))->in_from.sin_port,addrbuff);
}
if (from != NULL) {
memcpy_s((void*)from,sizeof(struct sockaddr),(void*)&all_froms,newfromlen);
}
else
{
}
if (fromlen != NULL) *fromlen=newfromlen;
}
else {
printf("received %d bytes from unknown port and host\n",result);
}
if (all_froms != NULL) {free(all_froms);}
return result;
}
int WINAPI Mysendto(SOCKET s,
const char *buf,
int len,
int flags,
const struct sockaddr *to,
int tolen
)
{
printf("Sending packet!\n");
return orig_sendto(s, buf, len, flags, to, tolen);
}
BOOL AttachHooks(void)
{
BOOL sethooks;
orig_rcvfrom = (rcvfrom_ptr)GetProcAddress(GetModuleHandle(L"ws2_32"), "recvfrom");
sethooks = Mhook_SetHook((PVOID*)&orig_rcvfrom, Myrecvfrom);
if (sethooks) {
orig_sendto = (sendto_ptr)GetProcAddress(GetModuleHandle(L"ws2_32"), "sendto");
sethooks &= Mhook_SetHook((PVOID*)&orig_sendto, Mysendto);
}
return sethooks;
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
printf_s("This is an attached DLL!\n");
AttachHooks();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
回答:
问题的原因是答复的ACTUAL大小大于“struct sockaddr”的大小。实际上它是一个SOCKADDR_IN6结构。使用一个200字节的任意缓冲区而不是28字节的sockaddr结构,并且我能够接收数据。
在这个过程中,我结束了转换成“偷看”接收到的数据,而不是处理它,它被拉扯了之后,当与源代码的PC完成安装更新,我会后它。
在家工作是相当隔离,并没有任何人谁反正在我的办公室住在winsock的。在评论中“聊天”真的很有帮助。
以上是 拦截winsock的recvfrom函数提供了无效地址错误 的全部内容, 来源链接: utcz.com/qa/267106.html
