static __declspec(naked) void SecureSendAfterEncrypt() { void *parent_ebp; void *self; // ICSecureSocket * void *fsm; // CFsm_SecureSend * int retval; void *bt_address; ICSocket_Upper *sock_upper; CFsm_SecureSend_Upper *fsm_upper; __asm { pushad; mov edi, ebp; // store parent's ebp mov ebp, esp; sub esp, __LOCAL_SIZE; mov [parent_ebp], edi; mov [fsm], esi; mov [retval], eax; } self = *((void **) ((char *) parent_ebp - 0x4)); bt_address = (void *) ((char *) parent_ebp + 0x4); sock_upper = (ICSocket_Upper *) ((char *) self + g_icsocketBaseSize); fsm_upper = (CFsm_SecureSend_Upper *) ((char *) fsm + g_cfsmSecureSendBaseSize); if (fsm_upper->dataLen > 0) { DWORD origLastError = GetLastError(); log_tcp_packet(_T("SecureSend"), bt_address, PACKET_DIRECTION_OUTGOING, sock_upper->fd, fsm_upper->data, fsm_upper->dataLen); SetLastError(origLastError); } __asm { mov esp, ebp; popad; jmp [g_secureSendAfterEncryptReturnTrampoline]; } }
static void log_packet( char *buf, int len ) { not_quite_ip_header_t *header; print_time(); if ( len < sizeof( not_quite_ip_header_t ) ) { printf( "\t\t<error>Packet Too Small</error>\n" ); return; } header = (not_quite_ip_header_t *)buf; printf("\t\t<source>%s</source>\n", fake_inet_ntoa(header->source)); printf("\t\t<destination>%s</destination>\n", fake_inet_ntoa(header->destination)); if ( header->flags & DROP_PACKET ) printf("\t\t<dropped/>\n"); else if ( header->flags & CORRUPT_PACKET ) printf("\t\t<corrupted/>\n"); switch ( header->protocol ) { case IP_PROTO_UDP: printf( "\t\t<udp/>]\n"); break; case IP_PROTO_TCP: printf( "\t\t<tcp>\n" ); log_tcp_packet( buf + sizeof( not_quite_ip_header_t ), len - sizeof( not_quite_ip_header_t ) ); printf( "\t\t</tcp>\n" ); break; default: printf( "\t\t<protocol>%d</protocol>\n", ntohs( header->protocol ) ); } }