Copy Payload

Home Forums Discussions Support Copy Payload

Tagged: 

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • April 24, 2011 at 6:26 pm #5351
    sharok
    Participant

      Hello. I need to analyze packets of different protocols (smtp, aol, jabber). And look at them a certain text if the text is found in the message, then blocked it. Parsing and search for text in the packets is already implemented in C #.

      I would like the following: get the packet through the winpkfilter, passing to the function that parses the packet and looking at it certain text (function written in C #), if found, then block the package.

      I wrote code for this, but can’t copy packet payload into the temporary string:


      
char[] szTempString = new char[1500];
      

      
while (true)
      
{
      
hEvent.WaitOne();
      

      
while (Ndisapi.ReadPacket(hNdisapi, ref Request))
      
{
      
PacketBuffer = (INTERMEDIATE_BUFFER)Marshal.PtrToStructure(PacketBufferIntPtr, typeof(INTERMEDIATE_BUFFER));
      

      
pEthHeader = (ETHER_HEADER*)((byte*)PacketBufferIntPtr + (Marshal.OffsetOf(typeof(INTERMEDIATE_BUFFER), "m_IBuffer")).ToInt32());
      

      
if(ntohs(pEthHeader->proto) == ETHER_HEADER.ETH_P_IP)
      
{
      
pIpHeader = (IPHeader*)((byte*)pEthHeader + Marshal.SizeOf(typeof(ETHER_HEADER)));
      
IPAddress src_addr = new IPAddress(pIpHeader->Src);
      
IPAddress dst_addr = new IPAddress(pIpHeader->Dest);
      

      
// Console.WriteLine("tIP {0} --> {1} PROTOCOL: {2}", src_addr.ToString(), dst_addr.ToString(), pIpHeader->P);
      

      
if (pIpHeader->P == IPHeader.IPPROTO_TCP)
      
{
      
pTcpHeader = (TcpHeader*) ((byte*) pIpHeader + ((pIpHeader->IPLenVer) & 0xF)*4);
      
if (((pTcpHeader->th_dport == htons(80)) &&
      
(PacketBuffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND)) ||
      
((pTcpHeader->th_sport == htons(80)) &&
      
(PacketBuffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_RECEIVE)))
      
{
      
var dwDataLength = (int)PacketBuffer.m_Length -
      
(Marshal.SizeOf(typeof (ETHER_HEADER)) +
      
(pIpHeader->IPLenVer & 0xF)*4 + (pTcpHeader->Off & 0xF)*4);
      

      
var pData = (IntPtr)pEthHeader + (Marshal.SizeOf(typeof(ETHER_HEADER)) +
      
(pIpHeader->IPLenVer & 0xF) * 4 + (pTcpHeader->Off & 0xF) * 4);
      
if(dwDataLength != 0)
      
{
      
Marshal.Copy(pData,szTempString, 0, dwDataLength);
      
Console.WriteLine(szTempString);
      
}
      
}
      
}
      

      
}
      

      
if (PacketBuffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND)
      
Ndisapi.SendPacketToAdapter(hNdisapi, ref Request);
      
else
      
Ndisapi.SendPacketToMstcp(hNdisapi, ref Request);
      
}
      
hEvent.Reset();
      
}


      And another question: Is it possible to get the packet in array of bytes in hex format?

      Thanks.
      ЗЫ. Можно на русском.

      April 25, 2011 at 9:53 am #7009
      sharok
      Participant

        Solved. Problem was in codepage.

        April 30, 2021 at 5:55 am #11542
        Anonymous

          Hello. I’ve been doing this for many years. I can’t change the encoding to see the string. Could you indicate how to change it?

          var bytes = System.Text.Encoding.Unicode.GetBytes(szTempString);
          string s3 = Convert.ToString(bytes);

          This for example does not work

        • Author
          Posts
        Viewing 3 posts - 1 through 3 (of 3 total)
        • You must be logged in to reply to this topic.