[david]

Hello everyone …

I’m trying to do something similar, but when I analise the code, I can’t see what MHdrSize means.

Any help?.
Thanks
David

@SerpentFly wrote:

You should do something like the code below does, but don’t forget to recalculate TCP checksum after doing this:

PINTERMEDIATE_BUFFER ParsePacketHeaders   ( PINTERMEDIATE_BUFFER pBuffer )

{

ether_header_ptr pEthernet = (ether_header_ptr)&pBuffer->m_IBuffer;



if(ntohs(pEthernet->h_proto) ==   ETH_P_IP){



iphdr_ptr pIp =   NULL;

tcphdr_ptr pTcp   = NULL;

pIp   = (iphdr_ptr)&pBuffer->m_IBuffer[MHdrSize];

//printf("%i", MHdrSize);

UCHAR IpProto = pIp->ip_p;



if(IpProto == IPPROTO_TCP){

pTcp = (tcphdr_ptr)(((PUCHAR)pIp) + sizeof(DWORD)*pIp->ip_hl);

in_addr IP = pIp->ip_src;

PUCHAR pTcpData   = (PUCHAR)pTcp + pTcp->th_off*4;



if(ntohs(pTcp->th_sport) == 80){



string foo = (char *)pTcpData;



while(foo.find("sex") != string::npos){

foo.replace(foo.find(sought), sought.size(), replacement);

}



const char* final = foo.c_str();

memcpy(pTcpData, final, foo.length());

printf("Dest Data: %snAddress of pTcpData: %x", pTcpData, &pTcpData);

}//port 80?



}//tcp??



} //IP Packet?





return pBuffer;



}

[Author]

Posts