00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036 #include "stdafx.h"
00037 #include "TCPPortScannerStealth.h"
00038
00039 #include "ErrorHandlerMacros.h"
00040 #include "GenericCriticalSection.h"
00041 #include "OSManager.h"
00042
00043 #include <vector>
00044
00045 #ifdef _MEMORY_DEBUG
00046 #define new DEBUG_NEW
00047 #define malloc DEBUG_MALLOC
00048 static char THIS_FILE[] = __FILE__;
00049 #endif
00050
00051 KOMODIA_NAMESPACE_START
00052
00053
00054
00055 #define CSniffingSocket_Class "CSniffingSocket"
00056
00057 CTCPPortScannerStealth::CSniffingSocket::CSniffingSocket(CTCPPortScannerStealth* pScanner) : CSniffSocket(),
00058 m_bStop(FALSE),
00059 m_pFather(pScanner)
00060 {
00061 try
00062 {
00063
00064 SetName(CSniffingSocket_Class);
00065 }
00066 ERROR_HANDLER("CSniffingSocket")
00067 }
00068
00069 CTCPPortScannerStealth::CSniffingSocket::~CSniffingSocket()
00070 {
00071 }
00072
00073 BOOL CTCPPortScannerStealth::CSniffingSocket::OnSocketReceive(int iErrorCode)
00074 {
00075 try
00076 {
00077 char cBuffer[2000];
00078
00079
00080 int iReceive;
00081 iReceive=Receive(cBuffer,
00082 sizeof(cBuffer));
00083
00084
00085 if (m_bStop)
00086 return FALSE;
00087
00088 if (iReceive==GetErrorCode())
00089 return FALSE;
00090
00091
00092 IpHeader aHeader;
00093 memcpy(&aHeader,
00094 cBuffer,
00095 IpHeaderLength);
00096
00097
00098 if (aHeader.ucProtocol==IPPROTO_TCP &&
00099 aHeader.ulDestinationAddress==m_pFather->GetBindInterface() &&
00100 aHeader.ulSourceAddress==m_pFather->GetTarget())
00101 {
00102
00103 unsigned long ulHeaderSize;
00104 ulHeaderSize=(aHeader.ucHeaderLength_Version & 0x0f) << 2;
00105
00106
00107 AnalyzeTCP(cBuffer+ulHeaderSize);
00108 }
00109
00110
00111 return TRUE;
00112 }
00113 ERROR_HANDLER_RETURN("OnSocketReceive",TRUE)
00114 }
00115
00116 void CTCPPortScannerStealth::CSniffingSocket::AnalyzeTCP(const char* pTCPBuffer)
00117 {
00118 try
00119 {
00120
00121 TCPHeader aHeader;
00122 memcpy(&aHeader,
00123 pTCPBuffer,
00124 TCPHeaderLength);
00125
00126
00127 unsigned short usPort;
00128 usPort=htons(aHeader.usSourcePort);
00129
00130
00131 int iConnection;
00132 iConnection=-1;
00133
00134
00135 if (aHeader.ucFlags==(TCPFlag_SYN | TCPFlag_ACK))
00136
00137 iConnection=1;
00138 else if (aHeader.ucFlags==(TCPFlag_RST | TCPFlag_ACK))
00139
00140 iConnection=0;
00141
00142
00143 if (iConnection!=-1)
00144 {
00145
00146 m_pFather->RemovePort(usPort);
00147
00148
00149 m_pFather->SocketDone(usPort,
00150 iConnection);
00151 }
00152 }
00153 ERROR_HANDLER("AnalyzeTCP")
00154 }
00155
00156 void CTCPPortScannerStealth::CSniffingSocket::Stop()
00157 {
00158 m_bStop=TRUE;
00159 }
00160
00161
00162
00163 #define CTCPPortScannerStealth_Class "CTCPPortScannerStealth"
00164
00165
00166 #define SCAN_TIMEOUT 5000
00167
00168 CTCPPortScannerStealth::CTCPPortScannerStealth(IP aBindInterface) : CTCPPortScanner(),
00169 m_pScanner(NULL),
00170 m_aBindInterface(aBindInterface),
00171 m_pSniffer(NULL),
00172 m_pCSection(NULL),
00173 m_pThread(NULL)
00174 {
00175 try
00176 {
00177
00178 SetName(CTCPPortScannerStealth_Class);
00179
00180
00181 m_pCSection=COSManager::CreateCriticalSection();
00182 }
00183 ERROR_HANDLER("CTCPPortScannerStealth")
00184 }
00185
00186 CTCPPortScannerStealth::CTCPPortScannerStealth(const std::string& rBindInterface) : CTCPPortScanner(),
00187 m_pScanner(NULL),
00188 m_aBindInterface(0),
00189 m_pSniffer(NULL),
00190 m_pCSection(NULL),
00191 m_pThread(NULL)
00192 {
00193 try
00194 {
00195
00196 SetName(CTCPPortScannerStealth_Class);
00197
00198
00199 m_pCSection=COSManager::CreateCriticalSection();
00200
00201
00202 m_aBindInterface=CSpoofBase::StringToLong(rBindInterface);
00203 }
00204 ERROR_HANDLER("CTCPPortScannerStealth")
00205 }
00206
00207 CTCPPortScannerStealth::~CTCPPortScannerStealth()
00208 {
00209 try
00210 {
00211
00212 delete m_pThread;
00213
00214
00215 delete m_pScanner;
00216
00217
00218 delete m_pSniffer;
00219
00220
00221 delete m_pCSection;
00222 }
00223 ERROR_HANDLER("~CTCPPortScannerStealth")
00224 }
00225
00226 BOOL CTCPPortScannerStealth::CreateSniffer()
00227 {
00228 try
00229 {
00230
00231 if (m_pSniffer)
00232 {
00233 delete m_pSniffer;
00234 m_pSniffer=NULL;
00235 }
00236
00237
00238 CSniffingSocket* pSocket;
00239 pSocket=new CSniffingSocket(this);
00240
00241
00242 std::auto_ptr<CSniffingSocket> pProtection(pSocket);
00243
00244
00245 if (!pSocket->Create())
00246 {
00247
00248 ReportError("CreateSniffer","Failed to create sniffer");
00249
00250
00251 return FALSE;
00252 }
00253
00254
00255 if (!pSocket->Bind(m_aBindInterface,0))
00256 {
00257
00258 ReportError("CreateSniffer","Failed to bind sniffer");
00259
00260
00261 return FALSE;
00262 }
00263
00264
00265 m_pSniffer=pProtection.release();
00266
00267
00268 return TRUE;
00269 }
00270 ERROR_HANDLER_RETURN("CreateSniffer",FALSE)
00271 }
00272
00273 BOOL CTCPPortScannerStealth::Scan(const std::string& rDestinationAddress)
00274 {
00275 try
00276 {
00277 return Scan(CSpoofBase::StringToLong(rDestinationAddress));
00278 }
00279 ERROR_HANDLER_RETURN("Scan",FALSE)
00280 }
00281
00282 BOOL CTCPPortScannerStealth::Scan(IP aTarget)
00283 {
00284
00285 if (GetMaxSockets()<=0 ||
00286 !IsDone() ||
00287 !aTarget)
00288 {
00289
00290 ReportError("Scan","Invalid parameters!");
00291
00292
00293 return FALSE;
00294 }
00295
00296 try
00297 {
00298
00299 delete m_pThread;
00300 m_pThread=NULL;
00301
00302
00303 ResetPair();
00304
00305
00306 if (!CanScan())
00307 {
00308
00309 ReportError("Scan","No ports given!");
00310
00311
00312 SetError(TRUE);
00313
00314
00315 return FALSE;
00316 }
00317
00318
00319 m_aPortsMap.clear();
00320
00321
00322 if (m_pScanner)
00323 delete m_pScanner;
00324
00325
00326 m_pScanner=new CTCPScanner;
00327
00328
00329 if (!m_pScanner->Create())
00330 {
00331
00332 ReportError("Scan","Failed to create socket!");
00333
00334
00335 return FALSE;
00336 }
00337
00338
00339 m_pScanner->SetSourceAddress(m_aBindInterface);
00340
00341
00342 if (!CreateSniffer())
00343 {
00344
00345 ReportError("Scan","Failed to create sniffer!");
00346
00347
00348 SetError(TRUE);
00349
00350
00351 return FALSE;
00352 }
00353
00354
00355 SetError(FALSE);
00356 SetDone(FALSE);
00357
00358
00359 ResetSocketCount();
00360
00361
00362 DeletePortsMap();
00363
00364
00365 ResetData();
00366
00367
00368 SetTarget(aTarget);
00369
00370
00371 if (!m_pSniffer->Sniff(TRUE))
00372 {
00373
00374 ReportError("Scan","Failed to create sniffer!");
00375
00376
00377 SetError(TRUE);
00378
00379
00380 SetDone(TRUE);
00381
00382
00383 return FALSE;
00384 }
00385
00386
00387 StartThread();
00388
00389
00390 for (int iCounter=0;
00391 iCounter<GetMaxSockets();
00392 ++iCounter)
00393 {
00394 BOOL bQuit;
00395 bQuit=FALSE;
00396
00397
00398 while (!bQuit)
00399 {
00400
00401 AdjustNumberOfSockets(1);
00402
00403
00404 if (!(bQuit=NewSocket()))
00405 ReportError("Scan","Failed to create socket!");
00406 }
00407 }
00408
00409
00410 return TRUE;
00411 }
00412 ERROR_HANDLER_RETURN("Scan",FALSE)
00413 }
00414
00415 CTCPSocketAsync* CTCPPortScannerStealth::AllocateSocket(unsigned short usPort)const
00416 {
00417 return m_pScanner;
00418 }
00419
00420 void CTCPPortScannerStealth::DestroySocket(CTCPSocketAsync* pSocket)const
00421 {
00422
00423 }
00424
00425 IP CTCPPortScannerStealth::GetBindInterface()const
00426 {
00427 return m_aBindInterface;
00428 }
00429
00430 void CTCPPortScannerStealth::TCPScanDoneLib(BOOL bError)
00431 {
00432 try
00433 {
00434
00435 if (m_pSniffer)
00436 {
00437
00438 m_pSniffer->Stop();
00439
00440
00441 m_pSniffer->DeleteSocketFromThread();
00442
00443
00444 m_pSniffer=NULL;
00445 }
00446
00447
00448 delete m_pThread;
00449 m_pThread=NULL;
00450 }
00451 ERROR_HANDLER("TCPScanDoneLib")
00452 }
00453
00454 void CTCPPortScannerStealth::PortScanned(unsigned short usPort)
00455 {
00456 try
00457 {
00458
00459 CCriticalAutoRelease aRelease(m_pCSection);
00460
00461
00462 m_aPortsMap.insert(PortsMap::value_type(usPort,GetTickCount()));
00463 }
00464 ERROR_HANDLER("PortScanned")
00465 }
00466
00467 void CTCPPortScannerStealth::RemovePort(unsigned short usPort)
00468 {
00469 try
00470 {
00471
00472 CCriticalAutoRelease aRelease(m_pCSection);
00473
00474
00475 m_aPortsMap.erase(usPort);
00476 }
00477 ERROR_HANDLER("RemovePort")
00478 }
00479
00480 BOOL CTCPPortScannerStealth::TimeoutProc(CPeriodicThread::ThreadStage aStage,
00481 LPVOID pParam)
00482 {
00483 try
00484 {
00485
00486 if (aStage!=CPeriodicThread::tsBody)
00487 return TRUE;
00488
00489
00490 CTCPPortScannerStealth* pClass;
00491 pClass=(CTCPPortScannerStealth*)pParam;
00492
00493
00494 unsigned long ulTimeout;
00495 if (!(ulTimeout=pClass->GetConnectionTimeout()))
00496 ulTimeout=SCAN_TIMEOUT;
00497
00498
00499 typedef std::vector<unsigned short> PortsVector;
00500 PortsVector aVector;
00501
00502 {
00503
00504 DWORD dwTick;
00505 dwTick=GetTickCount();
00506
00507
00508 CCriticalAutoRelease aRelease(pClass->m_pCSection);
00509
00510
00511 PortsMap::iterator aIterator;
00512 aIterator=pClass->m_aPortsMap.begin();
00513 while (aIterator!=pClass->m_aPortsMap.end() &&
00514 !pClass->IsFinished())
00515 {
00516
00517 if (dwTick-aIterator->second>=ulTimeout)
00518 {
00519
00520 aVector.push_back(aIterator->first);
00521
00522
00523 aIterator=pClass->m_aPortsMap.erase(aIterator);
00524 }
00525 else
00526
00527 ++aIterator;
00528 }
00529 }
00530
00531
00532 PortsVector::const_iterator aIterator;
00533 aIterator=aVector.begin();
00534 while (aIterator!=aVector.end() &&
00535 !pClass->IsFinished())
00536 {
00537
00538 pClass->SocketDone(*aIterator,
00539 !pClass->m_bDefaultDisconnected);
00540
00541
00542 ++aIterator;
00543 }
00544
00545
00546 return TRUE;
00547 }
00548 ERROR_HANDLER_STATIC_RETURN(CTCPPortScannerStealth_Class,"TimeoutProc",FALSE)
00549 }
00550
00551 void CTCPPortScannerStealth::ResetPortsData()
00552 {
00553 try
00554 {
00555
00556 m_aPortsMap.clear();
00557 }
00558 ERROR_HANDLER("ResetPortsData")
00559 }
00560
00561 void CTCPPortScannerStealth::StartThread(BOOL bDefaultDisconnected)
00562 {
00563 try
00564 {
00565
00566 m_bDefaultDisconnected=bDefaultDisconnected;
00567
00568
00569 m_pThread=new CPeriodicThread(TimeoutProc);
00570 m_pThread->Start(500,(LPVOID)this);
00571 }
00572 ERROR_HANDLER("StartThread")
00573 }
00574
00575 KOMODIA_NAMESPACE_END