下面是XX人写的在2k、xp下捕捉IP包的控件,我作了一点点修改。
unit IPCap;
interface
uses
Windows, Messages, Classes, WinSock, SysUtils;
const
WM_CapIp = WM_USER + 200;
STATUS_FAILED = $FFFF; //定义异常出错代码
MAX_PACK_LEN = 65535; //接收的最大IP报文
MAX_ADDR_LEN = 16; //点分十进制地址的最大长度
MAX_PROTO_TEXT_LEN = 16; //子协议名称(如"TCP")最大长度
MAX_PROTO_NUM = 12; //子协议数量
MAX_HOSTNAME_LAN = 255; //最大主机名长度
CMD_PARAM_HELP = True;
IOC_IN = $80000000;
IOC_VENDOR = $18000000;
IOC_out = $40000000;
SIO_RCVALL = IOC_IN or IOC_VENDOR or 1; // or IOC_out;
SIO_RCVALL_MCAST = IOC_IN or IOC_VENDOR or 2;
SIO_RCVALL_IGMPMCAST = IOC_IN or IOC_VENDOR or 3;
SIO_KEEPALIVE_VALS = IOC_IN or IOC_VENDOR or 4;
SIO_ABSORB_RTRALERT = IOC_IN or IOC_VENDOR or 5;
SIO_UCAST_IF = IOC_IN or IOC_VENDOR or 6;
SIO_LIMIT_BROADCASTS = IOC_IN or IOC_VENDOR or 7;
SIO_INDEX_BIND = IOC_IN or IOC_VENDOR or 8;
SIO_INDEX_MCASTIF = IOC_IN or IOC_VENDOR or 9;
SIO_INDEX_ADD_MCAST = IOC_IN or IOC_VENDOR or 10;
SIO_INDEX_DEL_MCAST = IOC_IN or IOC_VENDOR or 11;
type
Tcp_KeepAlive = record
OnOff: Longword;
KeepAliveTime: Longword;
KeepAliveInterval: Longword;
end;
// New WSAIoctl Options
//IP头
_IpHdr = record
H_lenver: Byte; //4位首部长度+4位IP版本号
Tos: Char; //8位服务类型TOS
Total_Len: Char; //16位总长度(字节)
Ident: Word; //16位标识
Frag_And_Flags: Word; //3位标志位
Ttl: Byte; //8位生存时间 TTL
Proto: Byte; //8位协议 (TCP, UDP 或其他)
CheckSum: Word; //16位IP首部校验和
SourIP: Longword; //32位源IP地址
DestIP: Longword; //32位目的IP地址
end;
IP_HEADER = _IpHdr;
_TcpHdr = record //定义TCP首部
TCP_Sport: Word; //16位源端口
TCP_Dport: Word; //16位目的端口
Th_Seq: Longword; //32位序列号
Th_Ack: longword; //32位确认号
Th_Lenres: Byte; //4位首部长度/6位保留字
Th_Flag: Char; //6位标志位
Th_Win: Word; //16位窗口大小
Th_Sum: Word; //16位校验和
Th_Urp: Word; //16位紧急数据偏移量
end;
TCP_HEADER = _TcpHdr;
_UdpHdr = record //定义UDP首部
Uh_Sport: Word; //16位源端口
Uh_Dport: Word; //16位目的端口
Uh_Len: Word; //16位长度
Uh_Sum: Word; //16位校验和
end;
UDP_HEADER = _UdpHdr;
_IcmpHdr = record //定义ICMP首部
I_Type: Byte; //8位类型
I_Code: Byte; //8位代码
I_CkSum: Word; //16位校验和
I_Id: Word; //识别号(一般用进程号作为识别号)
// I_seq: Word ; //报文序列号
TimeStamp: Word; //时间戳
end;
ICMP_HEADER = _IcmpHdr;
_Protomap = record //定义子协议映射表
ProtoNum: Integer;
ProtoText: array[0..MAX_PROTO_TEXT_LEN] of Char;
end;
TPROTOMAP = _Protomap;
ESocketException = class(Exception);
TWSAStartup = function(wVersionRequired: Word; var WSData: TWSAData): Integer; stdcall;
TOpenSocket = function(AF, Struct, Protocol: Integer): TSocket; stdcall;
TInet_Addr = function(Cp: PChar): u_long; stdcall;
Thtons = function(HostShort: u_short): u_short; stdcall;
TConnect = function(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
TWSAIoctl = function(s: TSocket; cmd: DWORD; lpInBuffer: PChar; dwInBufferLen: DWORD;
lpOutBuffer: PCHAR; dwOutBufferLen: DWORD; lpdwOutBytesReturned: LPDWORD;
lpOverLapped: Pointer; lpOverLappedRoutine: POINTER): Integer; stdcall;
TCloseSocket = function(s: TSocket): Integer; stdcall;
TSend = function(s: TSOCKET; Buf: PChar; Len: Integer; Flags: Integer): Integer; stdcall;
TRecv = function(s: TSOCKET; var Buf; Len: Integer; Flags: Integer): Integer; stdcall;
TWSAAsyncSelect = function(s: TSocket; HWindow: HWND; wMsg: u_int; lEvent: Longint): Integer; stdcall;
TWSACleanup = function(): Integer; stdcall;
TOnCap = procedure(Ip, Proto, sourIP, DestIP, SourPort, DestPort: string;
Header: PChar; Header_Size: Integer; Data: PChar; Data_Size: Integer) of object;
TOnError = procedure(Error: string) of object;
TIPCap = class(TComponent)
private
Fhand_dll: HModule; // Handle for mpr.dll
FWindowHandle: HWND;
FOnCap: TOnCap; //捕捉数据的事件
FOnError: TOnError; //发生错误的事件
Fsocket: array of Tsocket;
FActiveIP: array of string; //存放可用的IP
FWSAStartup: TWSAStartup;
FOpenSocket: TOpenSocket;
FInet_Addr: TInet_Addr;
Fhtons: Thtons;
FConnect: TConnect;
FCloseSocket: TCloseSocket;
FSend: Tsend;
FWSAIoctl: TWSAIoctl;
Frecv: Trecv;
FWSACleanup: TWSACleanup;
FWSAAsyncSelect: TWSAAsyncSelect;
protected
procedure WndProc(var MsgRec: TMessage);
function DecodeIpPack(Ip: string; Buf: PChar; iBufSize: Integer): Integer; //IP解包函数
// function DecodeTcpPack(TcpBuf
char;iBufSize:integer):integer; //TCP解包函数
// function DecodeUdpPack(p
char;i:integer):integer; //UDP解包函数
// function DecodeIcmpPack(p
char;i:integer):integer; //ICMP解包函数
function CheckProtocol(iProtocol: Integer): string; //协议检查
procedure IPCAP(Socket_no: Integer);
procedure Get_ActiveIP; //得当前的IP列表
procedure Set_Socket_State; //设置网卡状态
function CheckSockError(iErrorCode: Integer): Boolean; //出错处理函数
public
Fpause: Boolean; //暂停
Finitsocket: Boolean; //是否已初始化
constructor Create(Owner: TComponent); override;
destructor Destroy; override;
function Init_Socket: Boolean; //初始化
procedure StartCap; //开始捕捉
procedure Pause; //暂停
procedure StopCap; //结束捕捉
property Handle: HWND read FWindowHandle;
published
property OnCap: TOnCap read FOnCap write FOnCap;
property OnError: TOnError read FOnError write FOnError;
end;
procedure Register;
implementation
procedure Register;
begin
RegisterComponents('MyControl', [TIPCap]);
end;
function XSocketWindowProc(ahWnd: HWND; auMsg: Integer; awParam: WPARAM; alParam: LPARAM): Integer; stdcall;
var
Obj: TIPCap;
MsgRec: TMessage;
begin
{ At window creation ask windows to store a pointer to our object }
Obj := TIPCap(GetWindowLong(ahWnd, 0));
{ If the pointer is not assigned, just call the default procedure }
if not Assigned(Obj) then
Result := DefWindowProc(ahWnd, auMsg, awParam, alParam)
else
begin
{ Delphi use a TMessage type to pass paramter to his own kind of }
{ windows procedure. So we are doing the same... }
MsgRec.Msg := auMsg;
MsgRec.wParam := awParam;
MsgRec.lParam := alParam;
Obj.WndProc(MsgRec);
Result := MsgRec.Result;
end;
end;
var
XSocketWindowClass: TWndClass = (
style: 0;
lpfnWndProc: @XSocketWindowProc;
cbClsExtra: 0;
cbWndExtra: SizeOf(Pointer);
hInstance: 0;
hIcon: 0;
hCursor: 0;
hbrBackground: 0;
lpszMenuName: nil;
lpszClassName: 'TCap_ip');
function XSocketAllocateHWnd(Obj: TObject): HWND;
var
TempClass: TWndClass;
ClassRegistered: Boolean;
begin
{ Check if the window class is already registered }
XSocketWindowClass.hInstance := HInstance;
ClassRegistered := GetClassInfo(HInstance,
XSocketWindowClass.lpszClassName,
TempClass);
if not ClassRegistered then
begin
{ Not yet registered, do it right now }
Result := Windows.RegisterClass(XSocketWindowClass);
if Result = 0 then Exit;
end;
{ Now create a new window }
Result := CreateWindowEx(WS_EX_TOOLWINDOW, XSocketWindowClass.lpszClassName,
'', { Window name }
WS_POPUP, { Window Style }
0, 0, { X, Y }
0, 0, { Width, Height }
0, { hWndParent }
0, { hMenu }
HInstance, { hInstance }
nil); { CreateParam }
{ if successfull, the ask windows to store the object reference }
{ into the reserved byte (see RegisterClass) }
if (Result <> 0) and Assigned(Obj) then
SetWindowLong(Result, 0, Integer(Obj));
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
{ Free the window handle }
procedure XSocketDeallocateHWnd(Wnd: HWND);
begin
DestroyWindow(Wnd);
end;
//当前机的所有IP地址
procedure TIPCap.Get_ActiveIP;
type
TaPInAddr = array[0..20] of PInAddr;
PaPInAddr = ^TaPInAddr;
var
Phe: PHostEnt;
Pptr: PaPInAddr;
Buffer: array[0..63] of Char;
I: Integer;
begin
SetLength(FActiveIP, 20);
GetHostName(Buffer, SizeOf(Buffer));
Phe := GetHostByName(Buffer);
if Phe = nil then
begin
SetLength(FActiveIP, 0);
if Assigned(FOnError) then FOnError('没有找到可绑定的IP!');
exit;
end;
Pptr := PaPInAddr(Phe^.h_addr_list);
I := 0;
while (Pptr^
<> nil) and (I < 20) do
begin
FActiveIP := inet_ntoa(pptr^^);
Inc(I);
end;
SetLength(FActiveIP, i);
end;
procedure TIPCap.Set_Socket_State;
var
I, iErrorCode: integer;
Sa: tSockAddrIn;
dwBufferLen: array[0..10] of DWORD;
dwBufferInLen: DWORD;
dwBytesReturned: DWORD;
begin
if High(FActiveIP) = -1 then Exit;
SetLength(Fsocket, High(FActiveIP) + 1);
for i := 0 to High(FActiveIP) do
begin
Fsocket := socket(AF_INET, SOCK_RAW, IPPROTO_IP);
Sa.sin_family := AF_INET;
Sa.sin_port := htons(I);
Sa.sin_addr.S_addr := inet_addr(PChar(FActiveIP));
iErrorCode := bind(Fsocket, Sa, SizeOf(Sa));
CheckSockError(iErrorCode);
dwBufferInLen := 1;
dwBytesReturned := 0;
//设置Fsocket为SIO_RCVALL接收所有的IP包
iErrorCode := FWSAIoctl(Fsocket, SIO_RCVALL, @dwBufferInLen, SizeOf(dwBufferInLen),
@dwBufferLen, SizeOf(dwBufferLen), @dwBytesReturned, nil, nil);
CheckSockError(iErrorCode);
iErrorCode := WSAAsyncSelect(Fsocket, FWindowHandle, WM_CapIp + i, FD_READ or FD_CLOSE);
CheckSockError(iErrorCode);
end;
end;
//读IP数据
procedure TIPCap.IPCAP(socket_no: integer);
var
iErrorCode: Integer;
RecvBuf: array[0..MAX_PACK_LEN] of char;
begin
FillChar(RecvBuf, SizeOf(RecvBuf), 0);
iErrorCode := frecv(Fsocket[socket_no], RecvBuf, SizeOf(RecvBuf), 0); CheckSockError(iErrorCode);
if not Fpause then
begin
iErrorCode := DecodeIpPack(FActiveIP[socket_no], RecvBuf, iErrorCode);
CheckSockError(iErrorCode);
end;
end;
//协议识别程序
function TIPCap.CheckProtocol(iProtocol: integer): string;
begin
result := '';
case iProtocol of
IPPROTO_IP: result := 'IP';
IPPROTO_ICMP: result := 'ICMP';
IPPROTO_IGMP: result := 'IGMP';
IPPROTO_GGP: result := 'GGP';
IPPROTO_TCP: result := 'TCP';
IPPROTO_PUP: result := 'PUP';
IPPROTO_UDP: result := 'UDP';
IPPROTO_IDP: result := 'IDP';
IPPROTO_ND: result := 'NP';
IPPROTO_RAW: result := 'RAW';
IPPROTO_MAX: result := 'MAX';
else result := '';
end;
end;
//IP解包程序
function TIPCap.DecodeIpPack(IP: string; Buf: PChar; iBufSize: Integer): Integer;
var
SourPort, DestPort: Word;
iProtocol: Integer;
szProtocol: array[0..MAX_PROTO_TEXT_LEN] of Char;
szSourIP: array[0..MAX_ADDR_LEN] of Char;
szDestIP: array[0..MAX_ADDR_LEN] of Char;
pIpHeader: IP_HEADER;
pTcpHeader: TCP_HEADER;
pUdpHeader: UDP_HEADER;
pIcmpHeader: ICMP_HEADER;
saSour, saDest: TSockAddrIn;
iIphLen, Data_Size: Integer;
// TcpHeaderLen: Integer ;
TcpData: PChar;
begin
Result := 0;
CopyMemory(@pIpheader, Buf, SizeOf(pIpHeader));
//协议甄别
iProtocol := pIpheader.Proto;
StrLCopy(szProtocol, PChar(CheckProtocol(iProtocol)), 15);
//源地址
saSour.sin_addr.s_addr := pIpHeader.sourIP;
strlcopy(szSourIP, inet_ntoa(saSour.sin_addr), MAX_ADDR_LEN);
//目的地址
saDest.sin_addr.s_addr := pIpheader.destIP;
strLcopy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN);
//计算IP首部的长度
iIphLen := SizeOf(pIpheader);
//根据协议类型分别调用相应的函数
case iProtocol of
IPPROTO_TCP:
begin
CopyMemory(@pTcpHeader, Buf + iIphLen, SizeOf(pTcpHeader));
SourPort := ntohs(pTcpHeader.TCP_Sport); //源端口
DestPort := ntohs(pTcpHeader.TCP_Dport); //目的端口
TcpData := Buf + iIphLen + sizeof(pTcpHeader);
Data_Size := iBufSize - iIphLen - SizeOf(pTcpHeader);
end;
IPPROTO_UDP:
begin
CopyMemory(@pUdpHeader, Buf + iIphLen, SizeOf(pUdpHeader));
SourPort := ntohs(pUdpHeader.Uh_Sport); //源端口
DestPort := ntohs(pUdpHeader.Uh_Dport); //目的端口
TcpData := Buf + iIphLen + sizeof(pUdpHeader);
Data_Size := iBufSize - iIphLen - SizeOf(pUdpHeader);
end;
IPPROTO_ICMP:
begin
CopyMemory(@pIcmpHeader, Buf + iIphLen, SizeOf(pIcmpHeader));
SourPort := pIcmpHeader.I_Type; //类型
DestPort := pIcmpHeader.I_Code; //代码
TcpData := Buf + iIphLen + sizeof(pIcmpHeader);
Data_Size := iBufSize - iIphLen - sizeof(pIcmpHeader);
end;
else
begin
SourPort := 0;
DestPort := 0; //代码
TcpData := Buf + iIphLen;
Data_Size := iBufSize - iIphLen;
end;
end;
if Assigned(FOnCap) then
FOnCap(Ip, szProtocol, szSourIP, szDestIP, IntToStr(SourPort), IntToStr(DestPort)
, Buf, iBufSize - Data_Size, TcpData, Data_Size);
end;
//SOCK错误处理程序
function TIPCap.CheckSockError(iErrorCode: integer): boolean; //出错处理函数
begin
if (iErrorCode = SOCKET_ERROR) then
begin
if Assigned(FOnError) then FOnError(inttostr(GetLastError) + SysErrorMessage(GetLastError));
Result := True;
end
else
Result := False;
end;
procedure TIPCap.WndProc(var MsgRec: TMessage);
var
x: Cardinal;
begin
x := WM_CapIp + High(FActiveIP);
with MsgRec do
if (Msg >= WM_CapIp) and (Msg <= x) then
IPCAP(Msg - WM_CapIp)
else
Result := DefWindowProc(Handle, Msg, wParam, lParam);
end;
constructor TIPCap.Create(Owner: TComponent);
begin
inherited Create(Owner);
Fpause := False;
Finitsocket := False;
SetLength(Fsocket, 0);
FWindowHandle := XSocketAllocateHWnd(Self);
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
destructor TIPCap.Destroy;
var
i: Integer;
begin
for i := 0 to High(Fsocket) do FCloseSocket(Fsocket);
if Self.Finitsocket then
begin
FWSACleanup;
if Fhand_dll <> 0 then FreeLibrary(Fhand_dll);
end;
inherited Destroy;
end;
function TIPCap.Init_Socket: Boolean; //初始化
var
GInitData: TWSAData;
begin
Result := True;
if Finitsocket then Exit;
Fhand_dll := LoadLibrary('ws2_32.dll');
if Fhand_dll = 0 then
begin
raise ESocketException.Create('Unable to register ws2_32.dll');
Result := False;
Exit;
end;
@FWSAStartup := GetProcAddress(Fhand_dll, 'WSAStartup');
@FOpenSocket := GetProcAddress(Fhand_dll, 'socket');
@FInet_addr := GetProcAddress(Fhand_dll, 'inet_addr');
@Fhtons := GetProcAddress(Fhand_dll, 'htons');
@FConnect := GetProcAddress(Fhand_dll, 'connect');
@FCloseSocket := GetProcAddress(Fhand_dll, 'closesocket');
@Fsend := GetProcAddress(Fhand_dll, 'send');
@FWSAIoctl := GetProcAddress(Fhand_dll, 'WSAIoctl');
@Frecv := GetProcAddress(Fhand_dll, 'recv');
@FWSACleanup := GetProcAddress(Fhand_dll, 'WSACleanup');
@FWSAAsyncSelect := GetProcAddress(Fhand_dll, 'WSAAsyncSelect');
if (@FWSAStartup = nil) or (@Fhtons = nil) or (@FConnect = nil) or (@Fsend = nil) or
(@FWSACleanup = nil) or (@FOpenSocket = nil) or (@FInet_addr = nil) or (@FCloseSocket = nil)
or (@recv = nil) or (@FWSAIoctl = nil) or (@FWSAAsyncSelect = nil) then
begin
raise ESocketException.Create('加载dll函数错误!');
Result := False;
Exit;
end;
if FWSAStartup($201, GInitData) <> 0 then
begin
raise ESocketException.Create('初始化SOCKET2函数失败!');
Result := False;
Exit;
end;
Finitsocket := True;
end;
procedure TIPCap.StartCap;
begin
if not Finitsocket then
if not Init_Socket then Exit;
Get_ActiveIP;
Set_Socket_State;
end;
procedure TIPCap.pause;
begin
if Finitsocket and (high(Fsocket) > -1) then
Fpause := not Fpause;
end;
procedure TIPCap.StopCap;
var
i: integer;
begin
for i := 0 to high(Fsocket) do FCloseSocket(Fsocket);
end;
end.