一、?安裝EasyHook

從VisualStudio內用NuGet 安裝

二、?組件

1.WinForm窗口

2.webBrowser

三、CPP.cs(Hook注入類)

很少的一段代碼，改了3天，總是報莫名其妙的錯，不是端口打不開，就是c++注入失敗啥東西的

using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; using System.Threading.Tasks;namespace Hook {public class CPP{int hModule = 0;public CPP() {//先將ws2_32.dll加載進來，要不會報找不到錯，我也不知道為什么，前幾天不加這個也沒事hModule = LoadLibrary("WS2_32.dll"); //取模塊句柄 }[DllImport("kernel32.dll", EntryPoint = "LoadLibrary")]public static extern int LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string lpLibFileName);[DllImport("kernel32.dll", EntryPoint = "GetProcAddress")]public static extern IntPtr GetProcAddress(int hModule,[MarshalAs(UnmanagedType.LPStr)] string lpProcName);[DllImport("kernel32.dll", EntryPoint = "FreeLibrary")]public static extern bool FreeLibrary(int hModule);//導入ws2_32中的recv和send函數[DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]static extern int recv(int socket, IntPtr buffer, int length, int flags);[DllImport("WS2_32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]static extern int send(int socket, IntPtr buffer, int length, int flags);//給recv和send匹配委托[UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]delegate int RecvHook(int s, IntPtr buf,int length,int flags);[UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]delegate int SendHook(int s, IntPtr buf, int length, int flags);//Hook后Recv的函數，好像會粘包static private int Recv(int s, IntPtr buf, int length, int flags){byte[] ys = new byte[length];Marshal.Copy(buf, ys, 0, length);String hex = "";//16進制的封包內容int ia = 0;foreach (byte n in ys){hex += n.ToString("X2")+" ";}//Console.WriteLine(length) ;Thread.Sleep(10);int res = recv(s, buf, length, flags);if (res == -1) //SOCKET_ERRORreturn res;return res;}//Hook后的Send函數static private int Send(int s, IntPtr buf, int length, int flags){int res = send(s, buf, length, flags);if (res == -1) //SOCKET_ERRORreturn res;byte[] ys = new byte[length];Marshal.Copy(buf, ys, 0, length);String hex = ""; //16進制的封包內容foreach (byte n in ys){// Console.WriteLine("c");hex+=n.ToString("X2");}return res;}//給當前進程掛鉤public static void Install(String uni) {IntPtr Beep = EasyHook.LocalHook.GetProcAddress("WS2_32.dll", uni);//掛Recvif (uni.Equals("recv")){RecvHook RecvHook = new RecvHook(Recv);EasyHook.LocalHook.Create(Beep, RecvHook, null).ThreadACL.SetInclusiveACL(new int[] { 0 });}else {//掛SendSendHook SendHook = new SendHook(Send);EasyHook.LocalHook.Create(Beep, SendHook, null).ThreadACL.SetInclusiveACL(new int[] { 0 });}}} }

四、Form1.cs

組件就是webBrowser，然后設置url，直接啟動項目

using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading.Tasks; using System.Windows.Forms;namespace Hook {public partial class Form1 : Form{public Form1(){InitializeComponent();}private void Form1_Load(object sender, EventArgs e){//掛上鉤就行了CPP.Install("recv");CPP.Install("send");} } }

---

遺留的問題：Recv那里攔截的包總是6萬多條（我的目標返回的數據），第一條很段，但是后面好長的00

可以攔截到SEND包

總結

以上是生活随笔為你收集整理的[C#]使用EasyHook注入ws2_32.dll，实现send和recv拦截数据封包的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。