监视API:recv,recvfrom,WSARecvEx,send,sendto,accept,bind,closesocket,connect
socket 版本:wsock32.dll/*ws2_32.dll(暂时有兼容问题)目前还不支持修改封包;
当前实现针对某个进程或多个选定进程的通讯封包的监视功能。
内置HexEditor 实时查看封包内容
保存的日志格式如下:
[1:02:48]-[iexplore.exe]-[recv]-[Length:1]-[success]:
..[1:02:48]-[iexplore.exe]-[send]-[Length:418]-[success]:
GET /search.asp HTTP/1.1..Accept: */*..Referer: ;;zh-cn..Accept-Encoding: gzip, deflate..User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)..Host: hack.gameres.com..Connection: Keep-Alive..Cookie: GameRes=pmpop=1&settings%5Fbbschat=0&userid=3542&password=8c908deb0f4c3bd3&username=S%2EF%2E; ASPSESSIONIDCCRSADQD=AEFGOHGCDPLICBFMGJKFPJPO.....[1:02:48]-[iexplore.exe]-[recv]-[Length:1024]-[success]:
....x..."...h.t.t.p.:././.h.a.c.k...g.a.m.e.r.e.s...c.o.m./.s.e.a.r.c 有问题请给我留言
(522328bytes)
程序为3个文件:SocketMonitor.exe madCHook.dll SocketHook.dll
使用时请复制madCHook.dll 到 \Winnt\System32 或 Windows\System32目录下去.
本文转自suifei博客园博客,原文链接:http://www.cnblogs.com/Chinasf/archive/2005/10/24/260520.html,如需转载请自行联系原作者