
                          RAW-  Win2K/XP
                          -----------------------

       raw-    ,      ,
   .   - , .   29A#6   
   raw-  [1],       .   
  ,        raw-  ,
      ,   ++.
       ,      2K/XP,     - 
 .            raw-    
 ,     ,     .
       ,        Borland  C++  5.5  -   
     ,      8
 ,             .  
 ,   raw-   ,     , 
           ,       
 printf.

     ,  raw-           ,  
 WS2_32.DLL.    WSOCK32.DLL.    ? ,  
   .        raw-,
    ,     ,     win2k'
 WSOCK32.DLL::setsockopt()    -      ,   
 .

       ,         , 
    :

#include <windows.h>
#include <winsock2.h>
#include <ws2tcpip.h>

     ,      ,      windows sockets api.
     WSAStartup',          2.2 - 
      .

  WSADATA WSAData;
  if ( WSAStartup(MAKEWORD(2,2), &WSAData) != 0 )
  {
    printf("ERROR:WSAStartup() error %i\n", WSAGetLastError());
    exit(0);
  }

        raw-.  .

  SOCKET raw_socket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
  if (raw_socket == INVALID_SOCKET)
  {
    printf("ERROR:socket(SOCK_RAW) error %i\n", WSAGetLastError());
    exit(0);
  }

               -   , ,   
 .
                                   
                                   ------

             ,   (spoofer) -   , 
       IP-    .      
   IP- .   .

      ,    raw-  raw ip-, 
       ,     ip-
     ,          
   .    :

  DWORD optval = 1;
  if ( setsockopt(raw_socket, IPPROTO_IP, IP_HDRINCL,
                  (char*)&optval, sizeof(optval)) == SOCKET_ERROR )
  {
    printf("ERROR:setsockopt(IP_HDRINCL) error %i\n", WSAGetLastError());
    exit(0);
  }

                   UDP-,  
 sendto(),        IP-.

          ,   ip-header', 
  BYTE* buf,  int len.

  sockaddr_in addr;
  addr.sin_family      = AF_INET;
  addr.sin_port        = htons(0);           // 
  addr.sin_addr.s_addr = *(DWORD*)&buf[16];  // packet.ip_header.dst_ip  (*)

  int res = sendto(raw_socket, buf, len, 0, (sockaddr*)&addr, sizeof(addr));
  if (res != len)
  {
    printf("ERROR:sendto()=%i, WSAGetLastError=%i\n", res,WSAGetLastError());
    exit(0);
  }

     (*)          .        
 ,     dst ip- .     
   ,      sockaddr,   sendto(). 
             ;    -  
  .

                                  
                                  -------

             ,  (sniffer) -   , 
    ,    .

       ,      ,    "   ". 
 .      .    
     :      (  )  IP-,  
     ,      ,    IP-
    raw-,       bind().

        IP- ,     [1]

  BYTE addrlist[1024];
  DWORD bytesret;
  int res = WSAIoctl(s, SIO_ADDRESS_LIST_QUERY, NULL, 0,
                     &addrlist, sizeof(addrlist), &bytesret, NULL, NULL);
  if (res == SOCKET_ERROR)
  {
    printf("WSAIoctl(SIO_ADDRESS_LIST_QUERY) error %i\n", WSAGetLastError());
    exit(0);
  }

        ,    .

  DWORD addrcount = *(DWORD*)&addrlist[0];
  if (addrcount == 0)
  {
    printf("ERROR:no IP address found\n");
    exit(0);
  }

        IP-.

  for(DWORD i=0; i<addrcount; i++)
    printf("IP=%s\n",
      inet_ntoa( ((sockaddr_in*)(*(DWORD*)&addrlist[4+i*8+0]))->sin_addr ));

       bind() --      IP-.

  sockaddr_in addr;
  addr.sin_family = AF_INET;
  addr.sin_port   = htons(0);
  addr.sin_addr   = ((sockaddr_in*)(*(DWORD*)&addrlist[4+0*8+0]))->sin_addr;

  if (bind(s, (sockaddr*)&addr, sizeof(addr)) == SOCKET_ERROR)
  {
    printf("ERROR:bind(IP=%s) error %i\n",
      inet_ntoa( ((sockaddr_in*)(*(DWORD*)&addrlist[4+0*8+0]))->sin_addr ),
      WSAGetLastError());
    exit(0);
  }

                  . 
 ,   win2k,       .

#define SIO_RCVALL  0x98000001

  DWORD optval = 1;
  res = WSAIoctl(s, SIO_RCVALL,
                 &optval, sizeof(optval), 0,0,&bytesret,0,0);
  if (res == SOCKET_ERROR)
  {
    printf("ERROR:WSAIoctl(SIO_RCVALL) error %i\n", WSAGetLastError());
    exit(0);
  }

               IP-   .
     ,    UDP-,  recv(),  
  ,        IP-.

    static BYTE buf[10000];
    int len = recv(s, buf, sizeof(buf), 0);
    if ((len == SOCKET_ERROR) || (len == 0))
    {
      printf("ERROR:recv()=%i, WSAGetLastError=%i\n", len,WSAGetLastError());
      exit(0);
    }

        ,     .

                                 
                                 ----------

          ,     
   raw-  . -,   
   -        -  ,   . 
   ,       ,    
 ip-        src ip-.      ,
         NT 4,   2K- .   ,
       .     ,     
     raw-.    ,   
      ,   ,    
       . , TCP-  
       ,      - 
 ,  ,  ,  .

                    --     email' 
 /   ,   IP-
  , , ,    .

  See also:

  [1]  29a-6.004 -- Snorting coke (and packets) by GriYo / 29A

                                  (x) 2002
                           http://z0mbie.host.sk

                                   * * *
