局域网内QQ号码的侦测-『提问交流』-AUTOIT CN

魔导发表于 2012-5-30 07:44:56

纯持之水平有限出不了什么力{:1_345:}

见酒就害羞 发表于 2012-5-31 01:36:36

厉害！！！！！！好东西！！！！

见酒就害羞 发表于 2012-5-31 01:37:01

是源码吗？？？想看看！！！！！

楼上风云 发表于 2012-5-31 08:10:12

回复 35# 见酒就害羞

问题还没有解决，尚没有源码。
可能真正的高手对此类问题不屑留意

republican 发表于 2012-6-1 08:18:53

本帖最后由 republican 于 2012-6-1 08:21 编辑

尝试写了一下抓包程序，发现au3的效率确实不行，当流量达到4M的时候已经占用半个核心了，看来研究这个能练习提高代码的效率。

说明：使用winpcap驱动，绑定@IParess1的网卡，所有10，192开头的地址算内网，其余算外网，流量以IP包中的数据长度计算，非抓取长度。

楼上风云 发表于 2012-6-1 15:44:17

回复 37# republican

大侠开始出力了！！！

pusofalse 发表于 2012-6-1 16:35:30

回复 37# republican

为何不开源啊？~

republican 发表于 2012-6-1 19:23:56

本帖最后由 republican 于 2012-6-1 22:56 编辑

写的太烂了，不好意思开源的~~
不过有兴趣者可以试着提高以下代码的效率（以下代码执行起来是非常慢的~）
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <GUIListBox.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>

#include <Array.au3>
#include <Winpcap.au3>

Opt("GUIOnEventMode", 1)
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Form1", 346, 456, 192, 124)
$Label1 = GUICtrlCreateLabel("外网下传：", 16, 16, 64, 17)
$Label2 = GUICtrlCreateLabel("0 KB/s", 80, 16, 52, 17,0x002)
$Label3 = GUICtrlCreateLabel("外网上传：", 136, 16, 64, 17)
$Label4 = GUICtrlCreateLabel("0 KB/s", 200, 16, 51, 17,0x002)
;~ $Label5 = GUICtrlCreateLabel("内网下载：", 16, 40, 64, 17)
;~ $Label6 = GUICtrlCreateLabel("0 KB/S", 80, 40, 54, 17,0x002)
;~ $Label7 = GUICtrlCreateLabel("内网上传：", 136, 40, 64, 17)
;~ $Label8 = GUICtrlCreateLabel("0 KB/S", 200, 40, 54, 17,0x002)
$Button1 = GUICtrlCreateButton("Button1", 264, 16, 65, 25)

GUICtrlSetOnEvent (-1, "_Handle" )
$Edit1 = GUICtrlCreateEdit("", 8, 64, 329, 81)

$Edit2 = GUICtrlCreateEdit("", 8, 152, 329, 113)

$List1 = GUICtrlCreateList("", 8, 272, 329, 149)
$Button2 = GUICtrlCreateButton("Button2", 256, 424, 81, 25)
GUICtrlSetOnEvent (-1, "_Handle" )
$Button3 = GUICtrlCreateButton("Button3", 128, 424, 81, 25)
GUICtrlSetOnEvent (-1, "_Handle" )
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
GUISetOnEvent($GUI_EVENT_CLOSE, "_exit")
Global $CaptureStatue = 0
$WinPcap =_PcapSetup() ;仅仅打开DLl,和ErrorBuffer
;~ MsgBox(64,0,$WinPcap)
$UseAble_Devices = _PcapGetDeviceList() ;包含IP
Local $tAdapter = ''
For $i = 0 To UBound($UseAble_Devices) - 1
If $UseAble_Devices[$i] =@IPAddress1 Then
$tAdapter = $UseAble_Devices[$i]
ExitLoop
EndIf
Next

Global $hPcap
Local $Result,$sTime = TimerInit(),$cTime
Global $DataLen
For $i = 0 To 3
$DataLen[$i] = 0
$DataLen[$i] = 0
Next
Global $WinSock_Direction
$WinSock_Direction = 0

While 1
If TimerDiff($sTime) >= 998 Then
GUICtrlSetData($Label4,_Flow_Format($WinSock_Direction)&'/S')
GUICtrlSetData($Label2,_Flow_Format($WinSock_Direction)&'/S')

$WinSock_Direction = 0
$WinSock_Direction = 0
$sTime = TimerInit()
EndIf

If $CaptureStatue =1 Then
$cTime = TimerInit()
Do
$WinPcap_Capture=_PcapGetPacket($hPcap)
If IsInt($WinPcap_Capture) Then ExitLoop
$Result = _Decode_Data($WinPcap_Capture)
Switch _Deteted_Source($Result,$Result)
Case 1 ;发送
Switch Number($Result)
Case 0x06
;~ If Number($Result) > 65 And Number($Result < 1400) Then
;~ ConsoleWrite(BinaryToString($Result))
;~ EndIf
EndSwitch
_Deteted_ConnetType($Result,$Result,0)
Case 2 ;接受
Switch Number($Result)
Case 0x06
;~ ConsoleWrite('服务器回应...'&@CRLF)
EndSwitch
_Deteted_ConnetType($Result,$Result,1)
Case 0;TNND
EndSwitch
Until TimerDiff($cTime) >= 500
;~ EndIf
EndIf
Sleep(5)
WEnd

Func _Deteted_Source($IP1,$IP2)
If $IP1 = @IPAddress1 Then Return 1
If $IP2 = @IPAddress1 Then Return 2
Return 0
EndFunc

Func _Flow_Format($FlotInt)
If $FlotInt/ 1024 < 5 * 1024 Then
Return Round($FlotInt/1024,1) & ' KB'
Else
Return Round($FlotInt/(1024*1024),1) & " MB"
EndIf
EndFunc

Func _Count_DataLen($Len,$SendorReceive = 0)
$DataLen[$SendorReceive] += $Len
$DataLen += $Len
EndFunc

Func _Deteted_ConnetType($IP,$DataLen,$SendorReceive = 0)
$WinSock_Direction += $DataLen
$WinSock_Direction += $DataLen
For $i = 0 To $WinSock_Direction
If $IP = $WinSock_Direction[$i] Then
$WinSock_Direction[$i] = @HOUR&@MIN&@SEC
$WinSock_Direction[$i] += $DataLen
Return 1
EndIf
Next
If $WinSock_Direction >= UBound($WinSock_Direction) - 2 Then ReDim $WinSock_Direction[$WinSock_Direction+500]
$WinSock_Direction += 1
$WinSock_Direction[$WinSock_Direction] = @IPAddress1
$WinSock_Direction[$WinSock_Direction] = $IP
$WinSock_Direction[$WinSock_Direction] = @HOUR&@MIN&@SEC
$WinSock_Direction[$WinSock_Direction] = @HOUR&@MIN&@SEC
$WinSock_Direction[$WinSock_Direction] = 0
$WinSock_Direction[$WinSock_Direction] = 0
$WinSock_Direction[$WinSock_Direction] += $DataLen
Return 2
EndFunc

Func _Handle()
Switch @GUI_CtrlId
Case $Button1
$CaptureStatue =1
$hPcap = _PcapStartCapture($tAdapter)
Case $Button2
$CaptureStatue =0
_PcapStopCapture($hPcap)
Case $Button3
_ArrayDisplay($WinSock_Direction)
EndSwitch
EndFunc

Func _Exit()
_PcapStopCapture($hPcap)
_PcapFree()
Exit
EndFunc

Func _Decode_Data($bData,$Mode = 0)
Local $ICMPHeader,$IPHeader,$dData;$TCPHeader,$TCPData
;~ $ICMPHeader = BinaryMid($bData,1,14)
$IPHeader = BinaryMid($bData,15,20)
$dData = Dec(Hex(BinaryMid($IPHeader,3,2))) ;数据包长度
$dData = BinaryMid($IPHeader,10,1) ;协议类型；0x01 ICMP; 0x02 IGMP; 0x06 TCP; 0x11 UDP
$dData = BinaryMid($IPHeader,13,4) ;源IP，未解码
$dData = BinaryMid($IPHeader,17,4) ;目标IP，未解码
$dData = _DecIPToString(Number($dData)) ;源IP
$dData = _DecIPToString(Number($dData)) ;目标IP
If $dData = 0x06 Or $dData = 0x11 Then
$dData = Dec(Hex(BinaryMid($bData,35,2)))
$dData = Dec(Hex(BinaryMid($bData,37,2)))
;须加判断读不读取的过程
If $dData > 65 Then
If $dData = 0x06 Then
$dData = BinaryMid($bData,55,$dData - 40 )
Else
$dData = BinaryMid($bData,43,Dec(Hex(BinaryMid($bData,39,2))) - 8 )
EndIf
EndIf
EndIf

Return $dData
EndFunc

Func _DecIPToString($DecIP)
Local $IPString = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", $DecIP)
If @error Then Return SetError(1, "0.0.0.0")
Return $IPString
EndFunc ;==>_DecIPToString

Func _Set_BinaryStruct($sData,ByRef $sStruct)
Local $iSize = BinaryLen($sData)
$sStruct = DllStructCreate("BYTE["&$iSize+1&"]")
DllStructSetData($sStruct, 1, $sData)
Return DllStructGetPtr($sStruct)
EndFunc

话说Au3中没找到字符串到结构体的函数，本来想用_MemMoveMemory来实现的，不过后来发现，这效率更低了，还是BinaryMid快点。

另外，对上午那个加了Q号的获取：

x163169x 发表于 2012-6-1 21:19:41

回复oplmamik

特别说明：
1、需要自行安装WINCAP
2、请自觉遵守法律法规，仅供研究用途，禁止非法 ...
楼上风云发表于 2012-5-29 15:51 http://www.autoitx.com/images/common/back.gif

好东西就是没有钱下载

republican 发表于 2012-6-3 00:29:10

回复 39# pusofalse

对了，今晚改成RAW SOCKET来获取，发现各种丢包，而且在我的机器上要么只能获取发送包，要么只能获取接收包。P版有了解过吗？

wua0550 发表于 2012-6-3 17:41:32

这东西很有用处~~下载了备用

楼上风云 发表于 2012-6-4 12:36:47

回复 40# republican

Q号捕获不成功！

republican 发表于 2012-6-4 14:01:16

回复 44# 楼上风云
Q号是没有加密的，你自己也可以弄。

含有Q号的数据包只存在于本机向Server发送的命令包中。

楼上风云 发表于 2012-6-4 14:52:06

回复 39# pusofalse

终于找到了一份很有参考意义的资料，P版请参考。

308513523 发表于 2012-6-7 10:15:40

{:face (411):} 表示学习了

页: 1 2 [3]

AUTOIT CN's Archiver