3
이 흥미로운 기사를 읽은 후 : 순수한 연구 목적으로 프록시 DLL을 만들려고 시도했습니다. :-)시스템 dll을 프록시 dll로 바꿀 수 있습니까?
나는 ws2_32.dll의 모든 단계를했고, 이것은 내가있어 코드입니다 :
#include <windows.h>
#include <stdio.h>
#pragma pack(1)
HINSTANCE hLThis = 0;
HINSTANCE hL = 0;
FARPROC p[182] = {0};
BOOL WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID)
{
//to get indication whether we were loaded
FILE* f;
fopen_s(&f, "C:\\load.txt", "a+");
fclose(f);
if (reason == DLL_PROCESS_ATTACH)
{
hLThis = hInst;
hL = LoadLibrary("ws2_32_.dll");
if (!hL) return false;
p[0] = GetProcAddress(hL,"FreeAddrInfoEx");
p[1] = GetProcAddress(hL,"FreeAddrInfoExW");
p[2] = GetProcAddress(hL,"FreeAddrInfoW");
p[3] = GetProcAddress(hL,"GetAddrInfoExA");
p[4] = GetProcAddress(hL,"GetAddrInfoExW");
p[5] = GetProcAddress(hL,"GetAddrInfoW");
p[6] = GetProcAddress(hL,"GetNameInfoW");
p[7] = GetProcAddress(hL,"InetNtopW");
p[8] = GetProcAddress(hL,"InetPtonW");
p[9] = GetProcAddress(hL,"SetAddrInfoExA");
p[10] = GetProcAddress(hL,"SetAddrInfoExW");
p[11] = GetProcAddress(hL,"WEP");
p[12] = GetProcAddress(hL,"WPUCompleteOverlappedRequest");
p[13] = GetProcAddress(hL,"WSAAccept");
p[14] = GetProcAddress(hL,"WSAAddressToStringA");
p[15] = GetProcAddress(hL,"WSAAddressToStringW");
p[16] = GetProcAddress(hL,"WSAAdvertiseProvider");
p[17] = GetProcAddress(hL,"WSAAsyncGetHostByAddr");
p[18] = GetProcAddress(hL,"WSAAsyncGetHostByName");
p[19] = GetProcAddress(hL,"WSAAsyncGetProtoByName");
p[20] = GetProcAddress(hL,"WSAAsyncGetProtoByNumber");
p[21] = GetProcAddress(hL,"WSAAsyncGetServByName");
p[22] = GetProcAddress(hL,"WSAAsyncGetServByPort");
p[23] = GetProcAddress(hL,"WSAAsyncSelect");
p[24] = GetProcAddress(hL,"WSACancelAsyncRequest");
p[25] = GetProcAddress(hL,"WSACancelBlockingCall");
p[26] = GetProcAddress(hL,"WSACleanup");
p[27] = GetProcAddress(hL,"WSACloseEvent");
p[28] = GetProcAddress(hL,"WSAConnect");
p[29] = GetProcAddress(hL,"WSAConnectByList");
p[30] = GetProcAddress(hL,"WSAConnectByNameA");
p[31] = GetProcAddress(hL,"WSAConnectByNameW");
p[32] = GetProcAddress(hL,"WSACreateEvent");
p[33] = GetProcAddress(hL,"WSADuplicateSocketA");
p[34] = GetProcAddress(hL,"WSADuplicateSocketW");
p[35] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersA");
p[36] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersExA");
p[37] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersExW");
p[38] = GetProcAddress(hL,"WSAEnumNameSpaceProvidersW");
p[39] = GetProcAddress(hL,"WSAEnumNetworkEvents");
p[40] = GetProcAddress(hL,"WSAEnumProtocolsA");
p[41] = GetProcAddress(hL,"WSAEnumProtocolsW");
p[42] = GetProcAddress(hL,"WSAEventSelect");
p[43] = GetProcAddress(hL,"WSAGetLastError");
p[44] = GetProcAddress(hL,"WSAGetOverlappedResult");
p[45] = GetProcAddress(hL,"WSAGetQOSByName");
p[46] = GetProcAddress(hL,"WSAGetServiceClassInfoA");
p[47] = GetProcAddress(hL,"WSAGetServiceClassInfoW");
p[48] = GetProcAddress(hL,"WSAGetServiceClassNameByClassIdA");
p[49] = GetProcAddress(hL,"WSAGetServiceClassNameByClassIdW");
p[50] = GetProcAddress(hL,"WSAHtonl");
p[51] = GetProcAddress(hL,"WSAHtons");
p[52] = GetProcAddress(hL,"WSAInstallServiceClassA");
p[53] = GetProcAddress(hL,"WSAInstallServiceClassW");
p[54] = GetProcAddress(hL,"WSAIoctl");
p[55] = GetProcAddress(hL,"WSAIsBlocking");
p[56] = GetProcAddress(hL,"WSAJoinLeaf");
p[57] = GetProcAddress(hL,"WSALookupServiceBeginA");
p[58] = GetProcAddress(hL,"WSALookupServiceBeginW");
p[59] = GetProcAddress(hL,"WSALookupServiceEnd");
p[60] = GetProcAddress(hL,"WSALookupServiceNextA");
p[61] = GetProcAddress(hL,"WSALookupServiceNextW");
p[62] = GetProcAddress(hL,"WSANSPIoctl");
p[63] = GetProcAddress(hL,"WSANtohl");
p[64] = GetProcAddress(hL,"WSANtohs");
p[65] = GetProcAddress(hL,"WSAPoll");
p[66] = GetProcAddress(hL,"WSAProviderCompleteAsyncCall");
p[67] = GetProcAddress(hL,"WSAProviderConfigChange");
p[68] = GetProcAddress(hL,"WSARecv");
p[69] = GetProcAddress(hL,"WSARecvDisconnect");
p[70] = GetProcAddress(hL,"WSARecvFrom");
p[71] = GetProcAddress(hL,"WSARemoveServiceClass");
p[72] = GetProcAddress(hL,"WSAResetEvent");
p[73] = GetProcAddress(hL,"WSASend");
p[74] = GetProcAddress(hL,"WSASendDisconnect");
p[75] = GetProcAddress(hL,"WSASendMsg");
p[76] = GetProcAddress(hL,"WSASendTo");
p[77] = GetProcAddress(hL,"WSASetBlockingHook");
p[78] = GetProcAddress(hL,"WSASetEvent");
p[79] = GetProcAddress(hL,"WSASetLastError");
p[80] = GetProcAddress(hL,"WSASetServiceA");
p[81] = GetProcAddress(hL,"WSASetServiceW");
p[82] = GetProcAddress(hL,"WSASocketA");
p[83] = GetProcAddress(hL,"WSASocketW");
p[84] = GetProcAddress(hL,"WSAStartup");
p[85] = GetProcAddress(hL,"WSAStringToAddressA");
p[86] = GetProcAddress(hL,"WSAStringToAddressW");
p[87] = GetProcAddress(hL,"WSAUnadvertiseProvider");
p[88] = GetProcAddress(hL,"WSAUnhookBlockingHook");
p[89] = GetProcAddress(hL,"WSAWaitForMultipleEvents");
p[90] = GetProcAddress(hL,"WSApSetPostRoutine");
p[91] = GetProcAddress(hL,"WSCDeinstallProvider");
p[92] = GetProcAddress(hL,"WSCDeinstallProvider32");
p[93] = GetProcAddress(hL,"WSCEnableNSProvider");
p[94] = GetProcAddress(hL,"WSCEnableNSProvider32");
p[95] = GetProcAddress(hL,"WSCEnumNameSpaceProviders32");
p[96] = GetProcAddress(hL,"WSCEnumNameSpaceProvidersEx32");
p[97] = GetProcAddress(hL,"WSCEnumProtocols");
p[98] = GetProcAddress(hL,"WSCEnumProtocols32");
p[99] = GetProcAddress(hL,"WSCGetApplicationCategory");
p[100] = GetProcAddress(hL,"WSCGetProviderInfo");
p[101] = GetProcAddress(hL,"WSCGetProviderInfo32");
p[102] = GetProcAddress(hL,"WSCGetProviderPath");
p[103] = GetProcAddress(hL,"WSCGetProviderPath32");
p[104] = GetProcAddress(hL,"WSCInstallNameSpace");
p[105] = GetProcAddress(hL,"WSCInstallNameSpace32");
p[106] = GetProcAddress(hL,"WSCInstallNameSpaceEx");
p[107] = GetProcAddress(hL,"WSCInstallNameSpaceEx32");
p[108] = GetProcAddress(hL,"WSCInstallProvider");
p[109] = GetProcAddress(hL,"WSCInstallProvider64_32");
p[110] = GetProcAddress(hL,"WSCInstallProviderAndChains64_32");
p[111] = GetProcAddress(hL,"WSCSetApplicationCategory");
p[112] = GetProcAddress(hL,"WSCSetProviderInfo");
p[113] = GetProcAddress(hL,"WSCSetProviderInfo32");
p[114] = GetProcAddress(hL,"WSCUnInstallNameSpace");
p[115] = GetProcAddress(hL,"WSCUnInstallNameSpace32");
p[116] = GetProcAddress(hL,"WSCUpdateProvider");
p[117] = GetProcAddress(hL,"WSCUpdateProvider32");
p[118] = GetProcAddress(hL,"WSCWriteNameSpaceOrder");
p[119] = GetProcAddress(hL,"WSCWriteNameSpaceOrder32");
p[120] = GetProcAddress(hL,"WSCWriteProviderOrder");
p[121] = GetProcAddress(hL,"WSCWriteProviderOrder32");
p[122] = GetProcAddress(hL,"WahCloseApcHelper");
p[123] = GetProcAddress(hL,"WahCloseHandleHelper");
p[124] = GetProcAddress(hL,"WahCloseNotificationHandleHelper");
p[125] = GetProcAddress(hL,"WahCloseSocketHandle");
p[126] = GetProcAddress(hL,"WahCloseThread");
p[127] = GetProcAddress(hL,"WahCompleteRequest");
p[128] = GetProcAddress(hL,"WahCreateHandleContextTable");
p[129] = GetProcAddress(hL,"WahCreateNotificationHandle");
p[130] = GetProcAddress(hL,"WahCreateSocketHandle");
p[131] = GetProcAddress(hL,"WahDestroyHandleContextTable");
p[132] = GetProcAddress(hL,"WahDisableNonIFSHandleSupport");
p[133] = GetProcAddress(hL,"WahEnableNonIFSHandleSupport");
p[134] = GetProcAddress(hL,"WahEnumerateHandleContexts");
p[135] = GetProcAddress(hL,"WahInsertHandleContext");
p[136] = GetProcAddress(hL,"WahNotifyAllProcesses");
p[137] = GetProcAddress(hL,"WahOpenApcHelper");
p[138] = GetProcAddress(hL,"WahOpenCurrentThread");
p[139] = GetProcAddress(hL,"WahOpenHandleHelper");
p[140] = GetProcAddress(hL,"WahOpenNotificationHandleHelper");
p[141] = GetProcAddress(hL,"WahQueueUserApc");
p[142] = GetProcAddress(hL,"WahReferenceContextByHandle");
p[143] = GetProcAddress(hL,"WahRemoveHandleContext");
p[144] = GetProcAddress(hL,"WahWaitForNotification");
p[145] = GetProcAddress(hL,"WahWriteLSPEvent");
p[146] = GetProcAddress(hL,"__WSAFDIsSet");
p[147] = GetProcAddress(hL,"accept");
p[148] = GetProcAddress(hL,"bind");
p[149] = GetProcAddress(hL,"closesocket");
p[150] = GetProcAddress(hL,"connect");
p[151] = GetProcAddress(hL,"freeaddrinfo");
p[152] = GetProcAddress(hL,"getaddrinfo");
p[153] = GetProcAddress(hL,"gethostbyaddr");
p[154] = GetProcAddress(hL,"gethostbyname");
p[155] = GetProcAddress(hL,"gethostname");
p[156] = GetProcAddress(hL,"getnameinfo");
p[157] = GetProcAddress(hL,"getpeername");
p[158] = GetProcAddress(hL,"getprotobyname");
p[159] = GetProcAddress(hL,"getprotobynumber");
p[160] = GetProcAddress(hL,"getservbyname");
p[161] = GetProcAddress(hL,"getservbyport");
p[162] = GetProcAddress(hL,"getsockname");
p[163] = GetProcAddress(hL,"getsockopt");
p[164] = GetProcAddress(hL,"htonl");
p[165] = GetProcAddress(hL,"htons");
p[166] = GetProcAddress(hL,"inet_addr");
p[167] = GetProcAddress(hL,"inet_ntoa");
p[168] = GetProcAddress(hL,"inet_ntop");
p[169] = GetProcAddress(hL,"inet_pton");
p[170] = GetProcAddress(hL,"ioctlsocket");
p[171] = GetProcAddress(hL,"listen");
p[172] = GetProcAddress(hL,"ntohl");
p[173] = GetProcAddress(hL,"ntohs");
p[174] = GetProcAddress(hL,"recv");
p[175] = GetProcAddress(hL,"recvfrom");
p[176] = GetProcAddress(hL,"select");
p[177] = GetProcAddress(hL,"send");
p[178] = GetProcAddress(hL,"sendto");
p[179] = GetProcAddress(hL,"setsockopt");
p[180] = GetProcAddress(hL,"shutdown");
p[181] = GetProcAddress(hL,"socket");
}
if (reason == DLL_PROCESS_DETACH)
{
FreeLibrary(hL);
}
return 1;
}
// FreeAddrInfoEx
extern "C" __declspec(naked) void __stdcall __E__0__()
{
__asm
{
jmp p[0*4];
}
}
// FreeAddrInfoExW
extern "C" __declspec(naked) void __stdcall __E__1__()
{
__asm
{
jmp p[1*4];
}
}
// FreeAddrInfoW
extern "C" __declspec(naked) void __stdcall __E__2__()
{
__asm
{
jmp p[2*4];
}
}
// GetAddrInfoExA
extern "C" __declspec(naked) void __stdcall __E__3__()
{
__asm
{
jmp p[3*4];
}
}
// GetAddrInfoExW
extern "C" __declspec(naked) void __stdcall __E__4__()
{
__asm
{
jmp p[4*4];
}
}
...
I합니다 (.def 파일)을 컴파일 한 새로운 proxy.dll 파일을 얻었다. :-)
지금까지 그렇게 좋았습니다. 이제 VBox win7 x64에서 원래 ws2_32.dll을 ws2_32_.dll으로 바 꾸었습니다. 내 proxy.dll은 C:\\Windows\\System32\\이고 이름은 ws2_32.dll으로 변경되었습니다. premmisions 문제로 인해이 모든 작업을 라이브 CD로 수행했습니다.
프록시에서 볼 수 있듯이 ws2_32_.dll을로드하면 괜찮을 것입니다. 그러나 시스템이 부팅 할 때마다 모든 프로그램에서 ws2_32.dll을 사용하면 오류가 발생하고 C:\\load.txt 파일이 생성되지 않습니다.
문서의 어떤 사람이 작동하게 만들 었는지 알 수 없습니다. 나는 당신이 (와 이름을 바꿀 필요가있는 Google에 읽었습니다 proxy.dll와 함께 프록시 dll을 실행하려는 프로그램과 같은 디렉토리에 있지만 글로벌 솔루션을 찾고 있는데요.
아마도 체크섬 문제 일 수 있습니까? Microsoft는 시스템 PE에 대해 일부 비밀 체크섬을 사용한다고 읽었습니다.
감사합니다. gfgqtmakia.
지원되는 방법은 계층화 된 서비스 공급자를 통한 것입니다. –
@ RayayChen Thx이 (가) 댓글을 달았습니다. LSP는 Winsock에서만 작동합니다. 그렇지 않습니까? 'ws2_32.dll' 대신'user32.dll'이라면 어떻게 될까요? – assafmo
Windows의 "알려진 DLL"보호 기능이 이와 같은 시도를 차단할 수 있습니다. –