passthru 2010-11-12

最近用passthru简单改，对tcp和udp简单加密的数据包。贴上计算验证和代码 //计算校验和 USHORTchecksum(USHORT*buffer,intsize) { unsignedlongcksum=0; while(size>1) { cksum =*buffer ; size-=sizeof(USHORT); } if(size) { cksum =*(UCHAR*)buffer; } //将32位数转换为16 while(cksum>>16) { cksum=(cksum>>16) (cksum&0xffff); } return(USHORT)(~cksum); } ULONGntohl(INULONGdata) { _asm { movecx,data moveax,ecx movedx,ecx shleax,10h andedx,0FF00h oreax,edx movedx,ecx shredx,10h andecx,0FF0000h oredx,ecx shleax,8 shredx,8 oreax,edx } } USHORTntohs(USHORTdata) { USHORTsRet; _asm { movcx,data movah,cl moval,ch movsRet,ax } returnsRet; } //------------------------------------------------------------------------- //PacketCheckSum //计算数据包的据包 //参数:packet-待处理数据(包装数据的指针) //------------------------------------------------------------------------- voidPacketCheckSum(PUCHARpacket) { Dlc_Header*pdlc_header=NULL;//以太头指针 Ip_Header*pip_header=NULL;//IP头指针 USHORTattachsize=0;///传输层协议头和附加数据的总长度 pdlc_header=(Dlc_Header*)packet;//判断ethertype,如果不是IP不处理包则 if(pdlc_header->ethertype!=0x0008)//不是IP协议直接返回 { return; } pip_header=(Ip_Header*)(packet 14); //TCP包 if(0x06==pip_header->proto) { Tcp_Header*ptcp_header=NULL;//TCP头指针 Tcp_Psd_Header*ptcp_psd_header=NULL; ptcp_header=(Tcp_Header*)(packet 14 ((pip_header->ver_len)&15)*4); attachsize=ntohs(pip_header->total_len)-(((pip_header->ver_len)&15)*4); ptcp_psd_header=(Tcp_Psd_Header*)ExAllocatePoolWithTag(NonPagedPool,attachsize sizeof(Tcp_Psd_Header),'x70'); if(!ptcp_psd_header) { DbgPrint("计算验证和失败，内存不足\n"); return; } RtlZeroMemory(ptcp_psd_header,attachsize sizeof(Tcp_Psd_Header));//填充伪TCP头0 ptcp_psd_header->destip=pip_header->destIP; ptcp_psd_header->sourceip=pip_header->sourceIP; ptcp_psd_header->mbz=0; ptcp_psd_header->ptcl=0x06; ptcp_psd_header->tcpl=ntohs(attachsize);//计算TCP校验和 ptcp_header->chksum=0; RtlCopyMemory((unsignedchar*)ptcp_psd_header sizeof(Tcp_Psd_Header),(unsignedchar*)ptcp_header,attachsize); ptcp_header->chksum=checksum((unsignedshort*)ptcp_psd_header, attachsize sizeof(Tcp_Psd_Header)); //计算ip头的校验和 pip_header->checksum=0; pip_header->checksum=checksum((unsignedshort*)pip_header,20); &nbs;  //计算完成释放内存        ExFreePool(ptcp_psd_header);        return;     }     //UDP包     if(0x11==pip_header->proto)     {        Udp_Header *pudp_header=NULL; //UDP头指针         Udp_Psd_Header *pudp_psd_header=NULL;        pudp_header=(Udp_Header *)(packet+14+((pip_header->ver_len)&15)*4);         attachsize=ntohs(pip_header->total_len)-(((pip_header->ver_len)&15)*4);        pudp_psd_header=(Udp_Psd_Header *)ExAllocatePoolWithTag(NonPagedPool,attachsize+sizeof(Udp_Psd_Header),'x70');        if(!pudp_psd_header)        {         DbgPrint("计算校验和失败，内存不足 \n");         return;        }        RtlZeroMemory(pudp_psd_header,attachsize+sizeof(Udp_Psd_Header));   //填充伪UDP头0        pudp_psd_header->destip=pip_header->destIP;        pudp_psd_header->sourceip=pip_header->sourceIP;        pudp_psd_header->mbz=0;        pudp_psd_header->ptcl=0x11;        pudp_psd_header->udpl=ntohs(attachsize);        //计算UDP校验和        pudp_header->chksum=0;        RtlCopyMemory((unsigned char *)pudp_psd_header+sizeof(Udp_Psd_Header),(unsigned char *)pudp_header,attachsize);        pudp_header->chksum=checksum((unsigned short *)pudp_psd_header,attachsize+sizeof(Udp_Psd_Header));        //计算ip头的校验和        pip_header->checksum=0;        pip_header->checksum=checksum((unsigned short *)pip_header,20);         //计算完成释放内存        ExFreePool(pudp_psd_header);        return;     }     return; }