ãã®ãœãããŠã§ã¢ã®ç°¡åãªèª¿æ»ã«ãããNDIS Miniportãã©ã€ããŒãã€ã³ã¹ããŒã«ãããŠããããšãããããŸãããããã¯ãç¹ã«ã·ã¹ãã äžã§ããŒãæã«åæ¢ãå§ããŸããã ããããã®åé¡ã¯ã©ã®ãããªãã®ã§ããïŒãç§ã¯èãããã©ã€ããŒãªãã§ãã©ãŠã¶ããã¹ããªãŒãã³ã°ãããªãååããå®è£ ãå®éšããããšã«ããŸããã
ãŸããã
ãã®èª¬æã¯ãWindowsãWinAPIãããã³å°ãã®C ++ã®ç¥èãããããšãåæãšããŠããã®ã§ãç§ã«ãšã£ãŠæãããªç¹ããã詳现ãªèª¬æãå¿ èŠãšããå Žåã¯ã質åããŠãã ããã ãã®æçš¿ã§æŠèª¬ããååã«åºã¥ããŠããããªãååããããã®æ¢è£œã®ããã°ã©ã ããªãããšãããã«æ確ã«ããŸãïŒå°ãªããšããã®ãããªããšã¯æžããŠããŸããïŒã äž»ã«NDISããããŒããã©ã€ããŒãšãã«ãŒã¹ã¯ãªãŒã³ã®æ±ºå®ã®æ®æå€ãšããŠåæ©ä»ãããããããã€ãã®ç©ºçœãšçè«çãªåœé ããããŸãã
ä»®ã«ããã©ãŠã¶ããã®HTTPãŸãã¯TCP / IPãã±ãããã€ã³ã¿ãŒã»ããã§ããç¹å®ã®ã¢ãžã¥ãŒã«ããããšä»®å®ããå Žåããããªãã©ã®ããã«æ£ç¢ºã«ãã£ããã§ããŸããïŒ æ¬¡ã®2ã€ã®ãªãã·ã§ã³ããããŸãã
- ã¢ãã¬ã¹ãURLãšããŠè§£æããŸãã
ãããè¡ãã«ã¯ãHTTP GETãå«ãçºä¿¡ãã±ãããã€ã³ã¿ãŒã»ãããããã®GETãæ£ç¢ºã«ã©ãã«åããããŠãããã調ã¹ãå¿ èŠããããŸãã ç¹å®ã®ãµã€ãã«é¢ããç¹å®ã®ç¥èãå¿ èŠãªããããã®æ±ºå®ã¯ããªãçããããã®ã§ãã äžæ¹ãã www.youtube.com/watch?v=o78nFVB1tJA ããªã©ã®ãã³ãã¬ãŒãã«é©ããã¢ãã¬ã¹ã䜿çšãããšãã¹ããªãŒã ãåä¿¡ããåã«ãããªã®ã¹ããªãŒãã³ã°èŠæ±ãçŽæ¥ãã£ã«ã¿ãªã³ã°ã§ããŸãã - ãµãŒããŒããã®å¿çã確èªãã
ãããè¡ãã«ã¯ãçä¿¡ãã±ãããã€ã³ã¿ãŒã»ããããContent-Typeã®HTTPããããŒã確èªããå¿ èŠããããŸãã æããã«ããããªã®å Žåãç¹å®ã®åœ¢åŒã«åºæã®ãã®ã«ãªããŸãã ããšãã°ããµã¯ãœãã©ã³ãæŒå¥ããYouTubeããã®Flash Videoãžã®åè¿°ã®ãªã³ã¯ã®å ŽåããµãŒããŒã®å¿çã«ã¯ããããŒãContent-TypeïŒvideo / x-flvããå«ãŸããFlash VideoãèŠåºãã«åŸã£ãŠããããšãæ確ã«ããããŸãã MPEG4ã®å ŽåãããããŒã«ã¯video / mp4ãªã©ãå«ãŸããŸãã
æçµçãªãœãªã¥ãŒã·ã§ã³ã§ã¯ããããã1ïŒãš2ïŒã®çµã¿åãããå¹æçã«æ©èœããå¿ èŠããããŸããããã®æçš¿ã§ã¯ãŸããã±ãããã£ããã£ã«çŠç¹ãåœãŠãŸãã
DLLãã©ãããšå®è£
ã€ã³ã¿ãŒã»ãã¿ãŒãèšè¿°ããããã«æåã«æãæµ®ãã¶ã®ã¯ããã©ãŠã¶ãŒããã»ã¹ã«DLLãå°å ¥ããããšã§ãã ãã®å Žæã®äžéšã¯ããã¹ãŠãæ確ã§ãããããèªã¿åããåæ¢ããŸãã ãã¹ãŠãç解ã§ãã人ã¯èª°ã§ãããããããœãŒã¹ããããããã³ã³ãã€ã«æžã¿ããŒãžã§ã³ãããŠã³ããŒãã§ããŸã ïŒã¯ãã3Kbã®ã¿ïŒã ãã¹ãŠã®ä»çµã¿ãè©ŠããŠã¿ãããšã«ããå Žåã32ããããã©ãŠã¶ãŒã䜿çšããŠã AdMuncher ïŒhello MurrayïŒshannowïŒïŒãªã©ãåæ§ã®ããªãã¯ã䜿çšãããã¹ãŠã®ãœãããŠã§ã¢ãåæžããããšã匷ããå§ãããŸããä¿®æ£å¯èœïŒã ïŒ TEMPïŒ ã®.logãã¡ã€ã«ãšããŠçµæãæ¢ããŸãã
ã·ã¹ãã ãã©ãããšWindowsããã»ã¹ã§ã®DLLã®å°å ¥ã¯ããªãããã¯ããããããã¯ã§ãããä»ã®ãã¹ãŠã®äººã«ãšã£ãŠã¯ã誰ããäœãã説æããå¿ èŠããããŸãã DLLããã©ãŠã¶ãŒããã»ã¹ã«åã蟌ãããšã®æçµçµæã¯ã次ã®ããã«ãªããŸãã

ã€ãŸããåãã©ãŠã¶ãŒããã»ã¹å ã«ãå¿ èŠãªããã±ãŒãžãã€ã³ã¿ãŒã»ããããæ±çšDLLãé 眮ãããŸãã 2ã€ã®è³ªåãããã«åºãŠããŸãã
- DLLãå®è£ ããæ¹æ³ã¯ïŒ
- ãã±ããããã£ããããæ¹æ³ã¯ïŒ
以äžã«çããŠã¿ãŸããã...
DLLãä»ã®èª°ãã®ããã»ã¹ã«æ¿å ¥ãã
æåã®æ®µéã§ã¯ãã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ãšDLLãšãã2ã€ã®ã¢ãžã¥ãŒã«ãèšè¿°ããå¿ èŠãããããšã¯æããã§ãã ã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ããããã€ãããããã«å¿ããŠDLLããããã€ãããŸãã ããã«èŠåŽããã«ãVistual Studioãèµ·åããããã«ã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ïŒInjector.cppïŒãäœæããŸãã
#pragma comment(linker, "/entry:WinMain /nodefaultlib") void APIENTRY winMain() { HMODULE interceptor = LoadLibrary(TEXT("Interceptor.dll")); if (interceptor != NULL) { HOOKPROC cbtHook = (HOOKPROC) GetProcAddress(interceptor, (LPCSTR) 1); HHOOK hHook = (HHOOK) SetWindowsHookEx(WH_CBT, cbtHook, interceptor, 0); if (hHook != NULL) { MessageBox(NULL, TEXT("Press OK to terminate."), TEXT("Interceptor is working."), MB_OK); UnhookWindowsHookEx(hHook); } FreeLibrary(interceptor); } }
äžèšã®ã³ãŒãã¯äœãããŸããïŒ æåã®è¡ã§ã¯ãã³ãŒãã®ã³ã³ãã¯ããã®çç±ãããã¢ããªã±ãŒã·ã§ã³ãžã®ãšã³ããªãã€ã³ããåæ¯ãªãã§WinMainïŒïŒã«çŽæ¥é 眮ããŸãã ãœãŒã¹ã§ã¯ãéåžžãMSVCRTãäžå¿ èŠã«ã«ããããŸãã
次ã«ãã€ã³ã¿ãŒã»ãã¿ãŒãèªã¿èŸŒã¿ããã®äžã®ãšã¯ã¹ããŒãé¢æ°çªå·1ïŒåºæ°ã«ããã€ã³ããŒãïŒãèŠã€ããäœæããããã©ã¡ãŒã¿ãŒã䜿çšããŠCBTã¿ã€ãã®ã°ããŒãã«ãã©ãããèšå®ããŸãã 次ã«ãã¢ãŒãã«ã¡ãã»ãŒãžã衚瀺ãã[OK]ãã¿ã³ãæŒããŠå®äºããã¢ã¹ãã©ã«ãã¬ãŒã³ã«ç§»åããŸãã ããã ãã§ã ããã¯ãWindowsã§ã®äœæ¥ã«User32 WinAPIãäœããã®åœ¢ã§äœ¿çšãããã¹ãŠã®ããã»ã¹ã«DLLãå®è£ ããã®ã«ååã§ãã
CBTãã³ã³ãã¥ãŒã¿ãŒããŒã¹ã®ãã¬ãŒãã³ã°ã®ç¥ã WH_CBTãã©ããã¯äžè¬çã«åªããŠããŸããâŠã·ã¹ãã ã¯ããŠã£ã³ããŠãã¢ã¯ãã£ãåãäœæãç Žæ£ãæå°åãæ倧åã移åããŸãã¯ãµã€ãºå€æŽããåã«ãã®ãã©ãããåŒã³åºããŸãã ãŸããã·ã¹ãã ã³ãã³ããå®äºããåãããŒããŒããŸãã¯ããŠã¹ã€ãã³ããã¡ãã»ãŒãžãã¥ãŒããåé€ããåãå ¥åãã©ãŒã«ã¹ãèšå®ããåãããã³ã·ã¹ãã ã¡ãã»ãŒãžãã¥ãŒãšåæããåã«âŠãMSDNã®ç¡æ翻蚳ã å®éãããã¯ãæšæºã®ãŠã£ã³ããŠã¢ãŒããã¯ãã£ã«åŸã£ãŠèšè¿°ãããã¢ããªã±ãŒã·ã§ã³ã®99ïŒ ã§æ©èœããããšãæå³ããŸãã
ãã®æ¹æ³ã®å©ç¹ã¯ãWindowsãã©ããã·ã¹ãã èªäœãæ°ã«ããå¿ èŠããªãããšã§ãã
DLLãæžãå§ããŸã
ä»ã®ãã®ã§ã¯ãªãã€ã³ã¿ãŒã»ãã¿ãŒãäœæããŠããã®ã§ã圌ã«ãšã£ãŠã¯ããã§ååã§ãïŒ
- ããã»ã¹ã¯ããã»ã¹ã«ããŒããããšãã«DLLãåæåããŸã
- DLLã¯ãå®äºãããŸã§ããã»ã¹ã®ã¢ãã¬ã¹ç©ºéã«æ®ããŸã
- å®äºæãŸãã¯å€éšã€ãã³ãã«ãããã¢ããªã±ãŒã·ã§ã³ã¯ã¢ã³ããŒãããåã«DLLã®åæåã解é€ããŸã
ãã®ææ³ã§ã¯ãããã深床ãäžèŽããã¢ãžã¥ãŒã«ãå¿ èŠã§ãããšèšã䟡å€ããããŸãã ããã¯ã64ããããã©ãŠã¶ãŒã64ãããDLLã€ã³ã¿ãŒã»ãã¿ãŒãå¿ èŠãšããããšãæå³ããŸãã32ãããã¢ããªã±ãŒã·ã§ã³ã§ãåæ§ã§ãã 32ãããã®ã€ã³ã¿ãŒã»ãã¿ãŒã64ãããã®ã¢ããªã±ãŒã·ã§ã³ã«ããŒããããããšãæåŸ ãã¹ãã§ã¯ãããŸãããéã®å Žåãåæ§ã§ãã
ããã§ã¯ãå°æ¥ã®ã€ã³ã¿ãŒã»ãã¿ãŒïŒInterceptor.cppïŒã®ã¹ã±ã«ãã³ãæžããŸãããã
HINSTANCE g_hDllInstance; // , LRESULT CALLBACK CBT_Hook(int nCode, WPARAM wParam, LPARAM lParam) { return 0; } // BOOL onLoad() { return TRUE; } // BOOL onUnload() { return TRUE; } BOOL WINAPI DllMain(HINSTANCE hDllInstance, DWORD dwReason, LPVOID lpRsrv) { switch(dwReason) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls(hDllInstance); g_hDllInstance = hDllInstance; return onDllLoad(); break; case DLL_PROCESS_DETACH: return onDllUnload(); break; default: break; } return TRUE; }
ããã«ããšã¯ã¹ããŒãã«çªå·1ãæå®ããå¿ èŠããããŸãããã®ããã«ãæšæºDEFãã¡ã€ã«ïŒInterceptor.defïŒãäœæãã/ DEFãã©ã¡ãŒã¿ãŒãä»ããŠãªã³ã«ãŒã«ãã£ãŒãããããšãå¿ããªãã§ãã ããã
LIBRARY Intercept EXPORTS CBT_Hook @1
ããã ãã§ã ããã§ãDLLãããã»ã¹ã«æ¥çãããå®äºãããŸã§ãããã®äžã«çœ®ãããŸãã äžèŠãªããã»ã¹ã«äŸµå ¥ãããã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³å ã§æ£ããåäœããªãããã«ïŒã¯ããDLLãããŒãããŠåæåããããïŒãè¿œå ã®ãã§ãã¯ãè¡ããŸãã
const char *appsToIntercept[] = { "chrome.exe", "iexplore.exe", "opera.exe", "firefox.exe", "safari.exe", 0}; char thisProcessPath[MAX_PATH], *thisProcessName; char thisDllPath[MAX_PATH], *thisDllName; BOOL onLoad() { BOOL rv = FALSE; // thisProcessPath thisProcessName GetModuleFileName(NULL, thisProcessPath, sizeof(thisProcessPath) - 1); GetFullPathName(thisProcessPath, sizeof(thisProcessPath), thisProcessPath, &thisProcessName); *(TCHAR*) ((TCHAR*) (thisProcessName - sizeof(TCHAR))) = 0; // DLL thisDllPath DLL thisDllName GetModuleFileName(g_hDllInstance, thisDllPath, sizeof(thisDllPath) - 1); GetFullPathName(thisDllPath, sizeof(thisDllPath), thisDllPath, &thisDllName); *(TCHAR*) ((TCHAR*) (thisDllName - sizeof(TCHAR))) = 0; // , if (!lstrcmpi(thisProcessPath, thisDllPath)) return TRUE; // for (int i = 0; appsToIntercept[i] != 0; i++) { if (!lstrcmpi(thisProcessName, appsToIntercept[i])) { rv = TRUE; break; } } // , if (!rv) return FALSE; // WinSock2 return installHooks(); }
ãããã£ãŠãã¢ããªã±ãŒã·ã§ã³ãäžæãªå Žåããã®ã¢ããªã±ãŒã·ã§ã³ã«ã¯ããŒããããŸããã 次ã«ãWinSocké¢æ°ã®ã€ã³ã¿ãŒã»ãããçŽæ¥åŠçããŸãã
æ©èœååã¡ã«ããºã
ãŸããæãããªããšãæ確ã«ããå¿ èŠããããŸãã ãã®è¡ãŸã§ãã§ã«ãã¹ãŠãæ確ãªäººã¯ãŸã èªã¿äžããããªãã®ã§ãã€ã³ãã³ãããŸãã é©ããããšã«ãéåžžã«è³¢æã§é«åºŠãªããã°ã©ããŒã®äžã«ã¯ãWindowsããã»ã¹ã§ã·ã¹ãã ã©ã€ãã©ãªãã©ã®ããã«æ©èœããããå¿ ãããæ確ã«æ³åããŠããªã人ãããããšã«æ°ä»ããŸããã ãã®ç¹ã§ãHabréã®å¥ã®æçš¿ãWindowså®è¡å¯èœãã¡ã€ã«ïŒEXEïŒã®ã¹ããããã€ã¹ãããã¬ã€ãããã芧ã«ãªãããšã匷ããå§ãããŸãã
ãããç解ããããšã¯éèŠã§ãïŒ

ã·ã¹ãã ã©ã€ãã©ãªããã³PEããããŒã§ã€ã³ããŒããšããŠæå®ããããã®ãå«ããã¹ãŠã®DLLã¯ããããã䜿çšããã¢ããªã±ãŒã·ã§ã³ã®ã¢ãã¬ã¹ã¹ããŒã¹ã«çŽæ¥ããŒããããŸãã è«ççãªèŠ³ç¹ãããå®è¡äžã®åã¢ããªã±ãŒã·ã§ã³ã«ã¯ãã·ã¹ãã ããã³ä»ã®DLLã®ã³ããŒã®ç¬èªã®åå¥ã®ã»ããããããŸãã
ãããã£ãŠããã©ãŠã¶ã§ãã±ãããã€ã³ã¿ãŒã»ããããæãç°¡åãªæ¹æ³ã¯ããã±ããã®éåä¿¡ãæ åœããã·ã¹ãã ã©ã€ãã©ãªå ã®ç¹å®ã®é¢æ°ãžã®åŒã³åºããã€ã³ã¿ãŒã»ããããããšã§ãã ãã®æç¹ã§ãäžéšã¯åã³èªãã®ããããŸãããªããªãããã¹ãŠãåã³æ確ã«ãªããæ°ãããã®ã¯äœããªãããã§ãã ããããä»ã®çã®ããã«ç§ã¯ç¶ããŸãã
ååã¯ãWinHTTPãWinINetãWinSockãªã©ã®ããŸããŸãªã¬ãã«ã§å®è¡ã§ããŸãã ç§ã«ãšã£ãŠãæãæ®éçãªã®ã¯ãWS2_32.DLLã©ã€ãã©ãªããã®WinSocké¢æ°ã®ã€ã³ã¿ãŒã»ããã§ãã ç¹ã«HTTPSã䜿çšããå ŽåïŒãã±ãããæå·åãããŠããå ŽåïŒãæ¬ ç¹ããããŸãã HTTPSã®å Žåãç§ã®èŠ³ç¹ããèŠããšãWinHTTPé¢æ°ãOpenSSLã©ã€ãã©ãªãããã¯ããããšãæåã®è§£æ±ºçã§ãã ããããç°¡åãªãã®ããå§ããŸãããã
ããã§ãç§ãã¡ãããå¿ èŠãããããšã®äž»ãªãã€ã³ãã匷調ããŸãïŒ
- ã€ã³ã¿ãŒã»ããããé¢æ°ã®ã¢ãã¬ã¹ã決å®ããŸã
- ãšã³ããªãã€ã³ãã§é¢æ°åŒã³åºããæžãæããŠãç¬èªã®ãã³ãã©ãŒãåŒã³åºãããããã«ããŸã
- ç¬èªã®ãã³ãã©ãŒã§ãå ã®é¢æ°ãåŒã³åºãåã«ããã€ãã®ã¢ã¯ã·ã§ã³ãå®è¡ããŸã
- åæé¢æ°ãåŒã³åºã
- çµæãä¿å
- ç¬èªã®ãã³ãã©ãŒã§ãå ã®é¢æ°ãåŒã³åºããåŸã«ããã€ãã®ã¢ã¯ã·ã§ã³ãå®è¡ããŸã
- çµæãåŒã³åºãæç¶ãã«è¿ã
Windowsã®äžäœäºææ§ã®å€ãããã®äŒçµ±ã«ããã°ãç°ãªãæ©èœãåŒã³åºãããšã§åãããšãè¡ãæ¹æ³ã¯ããã€ãããããããã¹ãŠããã£ããããããšããŸãã ãã®ã¿ã¹ã¯ã§ã¯ãWS2_32ãã次ã®ãã®ãã€ã³ã¿ãŒã»ããããã ãã§ååã§ãã
- éä¿¡ïŒïŒ
- WSASendïŒïŒ
- recvïŒïŒ
- WSARecvïŒïŒ
- WSAGetOverlappedResultïŒïŒ
- æ¥ç¶ïŒïŒ
- WSAConnectïŒïŒ
- ã¯ããŒãºãœã±ããïŒïŒ
ããã«ãæåŸã®3ã€ã¯ãç¹å®ã®æ¥ç¶ïŒããå ŽåïŒã«é¢é£ä»ããããã³ã³ããã¹ããäœæããã³ç Žæ£ããããã ãã«å¿ èŠã§ãã ãã®äŸã§ã¯ãäžè¬çãªã³ã³ããã¹ããåãé€ãããšããŸãã ãã ããå®éã«ã¯ãHTTPèŠæ±ãšHTTPå¿çã®ãã¢ãæ£ããåéããããã«å¿ èŠã«ãªããŸãã åæã«ãconnectïŒïŒãšWSAConnectïŒïŒã®ããã¯ã¯å³å¯ã«ã¯å¿ èŠãããŸãããæ°ãããœã±ããã®æ°ããã³ã³ããã¹ãã¯ãæåã«æžã蟌ãŸãããšãã«äºå®äžäœæã§ããããã§ãã
ãããã£ãŠãDLLã«æ§é ãäœæããŠãWinSocké¢æ°ã®ãšã³ããªãã€ã³ããæžãæããŠåŸ©å ããæ¹æ³ã¯æ¬¡ã®ãšããã§ãã
// typedef struct _APIHOOK { BOOL isInstalled; // ? const TCHAR *moduleName; // () const TCHAR *functionName; // LPVOID newAddr; // LPVOID oldAddr; // DWORD oldCodeSize; // char newCode[HOOK_CODE_SIZE]; // char oldCode[HOOK_CODE_SIZE]; // } APIHOOK, *PAPIHOOK;
HOOK_CODE_SIZEã®æŠèŠãšäŸåé¢ä¿ã«ã€ããŠã¯ãå ãèªãã§ãã ããã
ã¢ã»ã³ãã©ãŒã®ããã
ãšã³ããªãã€ã³ãã§é¢æ°åŒã³åºããã€ã³ã¿ãŒã»ããããã«ã¯ãã³ãŒãã«ããããé©çšããå¿ èŠããããŸãã ãããã£ãŠãæãç°¡åãªã¢ã«ãŽãªãºã ã¯æ¬¡ã®ããã«ãªããŸãã
- ãã³ãã©ãŒãå®çŸ©ããŸãã
ãã®å ŽåãcdeclãŸãã¯stdcallã®åŒã³åºãã®ã¿ã€ããããã³ãã¹ãŠã®å ¥åãã©ã¡ãŒã¿ãŒã¯ãå ã®é¢æ°ãšãŸã£ããåãã§ãªããã°ãªããŸãããããããªããšãã¹ã¿ãã¯ãç ŽæããŸãã - é¢å¿ã®ããæ©èœãžã®ãšã³ããªãã€ã³ãã決å®ãã
ããã«ããããã¹ãŠãç°¡åã«ãªããkernel32.dllããGetProcAddressïŒïŒãåŒã³åºãå¿ èŠããããŸãã - é¢æ°ã®ãšã³ããªãã€ã³ãããã³ãŒããä¿åãã
ããã§ãããã¹ãŠãã·ã³ãã«ã§ã-ãã€ãã§äººéé¢ããå Žæã«ã³ããŒããŸã - ããããšã³ããªãã€ã³ã
ãããŸãã«èšã£ãŠãããã¯ãã¹ãŠããªãããããåŒã³åºããšãã«ãã³ãã©ãŒãžã®ç§»è¡ãããããã«ããšã³ããªãã€ã³ãã§ã³ãŒããæžãæããããšã«ãªããŸã

æ©èœçãªèŠ³ç¹ãããã€ã³ã¿ãŒã»ããã«ã¯ããã€ãã®ç°ãªãæ¹æ³ããããŸãã æãç°¡åãªæ¹æ³ã¯ããšã³ããªãã€ã³ãã®æåã«ããã³ãŒããå ã®ã³ãŒãããç¬èªã®ã³ãŒãã«ããŸãã¯ãã®éã«çµ¶ããæžãæããããšã§ãïŒå ã®é¢æ°ãåŒã³åºããšãïŒã åžžã«ã³ãŒããæžãæããå¿ èŠã¯ãããŸããããã€ã³ã¿ãŒã»ãã¿ãŒãå ã®é¢æ°ã®éäžã«æ£ããåã蟌ãããã«åœä»€ããŒãµãŒãèšè¿°ããå¿ èŠããããããè€éãªã¡ãœããããããŸãã æãç°¡åãªãã®-ã³ãŒãã®å é ã§æžãæãã-ã«ã€ããŠèª¬æããŸãããã
ç¹°ãè¿ããŸããããã³ãã©ãŒãåŒã³åºãæ¹æ³ã¯ããã€ããããŸãã 詳现ã«ã¯è§Šããã«ããã®ãã¡ã®2ã€ã匷調ããŸããç¡æ¡ä»¶é·ç§»ãšåŒã³åºãã¹ã¿ãã¯ã§ã®æ»ãã§ãã æåã®å ŽåãæŠå¿µã¯æ¬¡ã®ãšããã§ãã
MyFuncHandler: <blablablablabla> OriginalFunction: JMP MyFunHandler
ããã¯éåžžã«åçŽã§ã32ãããåŒã§ã¯5ãã€ããå¿ èŠã§ãã1ã€ã¯JMPç¡æ¡ä»¶ãžã£ã³ãåœä»€ã³ãŒãçšã§ã4ã€ã¯çžå¯Ÿã¢ãã¬ã¹çšã§ãã ãªãçžå¯Ÿçãªã®ããåŸã§ã 2çªç®ã®å ŽåãæŠå¿µã¯ãããã«ç°ãªããŸãã
MyFuncHandler: <blablablablabla> OriginalFunction: PUSH MyFuncHandler RETN
ããã«ã¯6ãã€ããå¿ èŠã§ããåœä»€ã³ãŒãPUSH <32ãããDWORD>ããã³RETNã«ã¯2ãã€ãã絶察ã¢ãã¬ã¹ã«ã¯4ãã€ããå¿ èŠã§ãã ã¯ããã¯ãã æåã®ã±ãŒã¹ã§ã¯ãã¢ãã¬ã¹ã¯å®è¡å¯èœã³ãŒãã®çŸåšã®ã¢ãã¬ã¹ã«é¢é£ãããšèŠãªãããŸãã 2ã€ç®ã¯ãå®æ°ã§ãããã¢ãã¬ã¹ç©ºéã®å é ã«é¢é£ãããšèŠãªãããŸãã æåã®æ¹æ³ã«è¡ããŸãã
ã€ã³ã¿ãŒã»ãã¿ãŒã€ã³ã¹ããŒã©ãŒãäœæããŸãã
// #define HOOK_CODE_SIZE 5 // JMP XX XX XX XX // BOOL hookInstall(PAPIHOOK thisHook) { UCHAR asmJMP = 0xE9; if (!thisHook || thisHook->isInstalled == TRUE) { SetLastError(ERROR_ALREADY_EXISTS); return FALSE; // , } // if (thisHook->moduleName && thisHook->functionName && !(thisHook->oldAddr = GetProcAddress( GetModuleHandle(thisHook->moduleName), thisHook->functionName) ) ) { SetLastError(ERROR_NOT_FOUND); return FALSE; // , } // if (IsBadReadPtr(thisHook->oldAddr, HOOK_CODE_SIZE)) { SetLastError(ERROR_INVALID_ADDRESS); return FALSE; // } // if ( *(DWORD*)((PBYTE) thisHook->oldAddr + 1) == ((DWORD) thisHook->newAddr - (DWORD) thisHook->oldAddr - HOOK_CODE_SIZE) && *(BYTE*) thisHook->oldAddr == asmJMP) { return TRUE; // , } // DWORD oldFlags; if (!VirtualProtect(thisHook->oldAddr, HOOK_CODE_SIZE, PAGE_EXECUTE_READWRITE, &oldFlags) || IsBadWritePtr(thisHook->oldAddr, HOOK_CODE_SIZE)) { SetLastError(ERROR_WRITE_PROTECT); return FALSE; // } // memcpy(thisHook->oldCode, thisHook->oldAddr, HOOK_CODE_SIZE); // JMP thisHook->newCode[0] = asmJMP; // *(DWORD *) &thisHook->newCode[1] = ((DWORD) thisHook->newAddr - HOOK_CODE_SIZE - (DWORD) thisHook->oldAddr); // thisHook->isInstalled = TRUE; // #define hookEnable(p) memcpy(p->oldAddr, p->newCode, HOOK_CODE_SIZE); // #define hookDisable(p) memcpy(p->oldAddr, p->oldCode, HOOK_CODE_SIZE); // hookEnable(thisHook); return TRUE; }
äžèšã®ã³ãŒãã«ã€ããŠããã«èª¬æããå¿ èŠã¯ãªããšæããŸãã é¢æ°ã€ã³ã¿ãŒã»ãã¿ãŒã«é¢ããæ å ±ã®ã³ã³ãã³ããæ åœããæ§é äœã«ãããæžã¿ã³ãŒããæåã«äœæããmemcpyïŒïŒã䜿çšããŠããããã¯ããçŽæ¥äœæããããšã¯æ³šç®ã«å€ããŸãã çŸåŠã®ãã¡ã³ã¯ããã«ããã¯ãè¿œå ããããšãã§ããŸãããç§ã®æèŠã§ã¯ããã¯äžèŠã§ãããªãã ãšæããŸããïŒ
ãã©ãããæå¹ã«ããã«ã¯ãç¬èªã®ãã³ãã©ãŒã®ã¢ãã¬ã¹ãžã®é·ç§»ã®ã¿ãå«ãæ°ããã³ãŒããã³ããŒããŸãã ãã©ããããªãã«ããã«ã¯ãoldCodeãšããååã§é åã«ä¿åãããŠãã5ã€ã®å ã®ãã€ãã埩å ããŸãã
é¢æ°ã«ãã©ããã®ã€ã³ã¹ããŒã«ãèšè¿°ããã®ã§ãé¢æ°ã³ãŒãã®åæç¶æ ã®åŸ©å ãæžã䟡å€ããããŸãã
// BOOL hookRemove(PAPIHOOK thisHook) { // , if (!thisHook->isInstalled) return FALSE; // hookDisable(thisHook); // thisHook->isInstalled = FALSE; // thisHook->newAddr = (LPVOID) NULL; thisHook->oldAddr = (LPVOID) NULL; return TRUE; }
ããã»ã¹ã«äŸµå ¥ãããã©ãããèšå®ãåé€ããªã³ããªãããæ¹æ³ãããã£ãã®ã§ã次ã¯ç¬èªã®ãã³ãã©ãŒãå®è¡ããŸãã
WinSockãã€ãã£ãé¢æ°ãã³ãã©ãŒ
ããã§ã¯ããŸãæåã«ãã€ã³ã¿ãŒã»ãããããé¢æ°ã®ãããã¿ã€ãã®é åãå®çŸ©ããŸãããã äžèšã®ããã«ãæãå¿ èŠãªæ©èœã®ã¿ãã€ã³ã¿ãŒã»ããããããšããŸãã
// #define DECLARE_HOOK(module, name) {0, module, #name, my_##name} // APIHOOK hookList[] = { DECLARE_HOOK(winSockDll, send), DECLARE_HOOK(winSockDll, WSASend), DECLARE_HOOK(winSockDll, recv), DECLARE_HOOK(winSockDll, WSARecv), DECLARE_HOOK(winSockDll, WSAGetOverlappedResult), DECLARE_HOOK(winSockDll, closesocket), 0};
ãã¯ããããããããã«ãæœè±¡åãnameã®åã·ã¹ãã é¢æ°ã«ã¯ãmy_nameãšããç¬èªã®ãã³ãã©ãŒããããŸãã 次ã«ãé åã§æå®ããããã³ãã©ãŒãå®çŸ©ããå¿ èŠããããŸãã äŸãšããŠsendïŒïŒã䜿çšããŠãããå®è¡ããŸãããã
int WSAAPI my_send(SOCKET s, char *buf, int len, int flags) { PAPIHOOK thisHook = hookFind(my_send); if (NULL == thisHook) return (int) 0; hookDisable(thisHook); int rv; rv = send(s, buf, len, flags); hookEnable(thisHook); return rv; }
ããã¯ãå ã®ã³ãŒããåŒã³åºã以å€ã®äœãããªãã·ã¹ãã é¢æ°ã®ç©ºã®ã©ãããŒã®ããã«èŠããŸãã ã©ãããŒã¯ãããèªäœã®ãã¹ãŠã®ãã³ãã©ãŒã§æ¬è³ªçã«åãã§ããããããã¯ããå®çŸ©ããã®ã«äŸ¿å©ãªããã«ãããã€ãã®ãã¯ããäœæããã®ãçã«ããªã£ãŠããŸãã
// #define DEFINE_HOOK(RTYPE, CTYPE, NAME, ARGS)\ RTYPE CTYPE my_##NAME ##ARGS \ { \ PAPIHOOK thisHook = hookFind(my_##NAME); \ if (NULL == thisHook) \ return (RTYPE) 0; \ hookDisable(thisHook); \ RTYPE rv;
ãŸããé¢æ°ãçµäºããã«ã¯ïŒ
// #define LEAVE_HOOK() } \ hookEnable(thisHook); \ return rv;
次ã«ããããã®ãã¯ãã䜿çšããŠãé åããæ®ãã®ãã©ããã決å®ããŸãã
ãã©ãããèšå®ãã
OnLoadïŒïŒã®æåŸã®è¡ã¯ãç¹å®ã®ããžãã¯é¢æ°InstallHooksïŒïŒãåŒã³åºããŸãã ãœãªã¥ãŒã·ã§ã³ã®ãã¹ãŠã®ã³ã³ããŒãã³ããããã®ã§ãå®çŸ©ããããã¹ãŠã®ãã©ããã®ãããã€ã³ã¹ããŒã«ãäœæããŸãã
// BOOL installHooks() { BOOL rv = FALSE; for (int i = 0; hookList[i].moduleName; i++) { if (hookInstall(&hookList[i])) rv = TRUE; } return rv; }
ç°¡æœã«ã ããããã©ããã®åé€ãç°¡æœã§ãã
// BOOL removeHooks() { BOOL rv = FALSE; for (int i = 0; hookList[i].moduleName; i++) { if (hookRemove(&hookList[i])) rv = TRUE; } return rv; }
HTTPãã±ãããã£ããã£
ããŠãç§ãã¡ã¯ã¹ã ãŒãºã«æãèå³æ·±ããã®ã«å°éããŸããã ãããã£ãŠãHTTPãªã¯ãšã¹ããšHTTPã¬ã¹ãã³ã¹ã®2çš®é¡ã®ãã±ããããããŸãã ãããã£ãŠãåè ã¯sendïŒïŒåã®é¢æ°ã«ãã£ãŠéä¿¡ãããåŸè ã¯recvïŒïŒåã®é¢æ°ã«ãã£ãŠåãå ¥ããããŸãã éä¿¡é¢æ°ã¯ãå ã®ã³ãŒããåŒã³åºãåã«ã€ã³ã¿ãŒã»ããããå¿ èŠããããŸãããéä¿¡ãããã¡ãŒã¯æªåŠçã®ãŸãŸã§ãã ããããã®åä¿¡é¢æ°ã¯ãåæã³ãŒãã®å®è¡åŸã«ã€ã³ã¿ãŒã»ããããå¿ èŠããããŸããããããªããšãäœãæ£ç¢ºã«åãå ¥ããããããããããŸããã
éåæé¢æ°ããããŸãã ããã§ã®èãæ¹ã¯ç°¡åã§ãã WSASendïŒïŒãŸãã¯WSARecvïŒïŒãåŒã³åºããšãã€ãã³ããç»é²ãããWSAOVERLAPPEDæ§é ãæå®ãããŸãã éåæé¢æ°ã¯å³åº§ã«çµäºããå®äºæã«GetLastErrorïŒïŒãWSA_IO_PENDINGã«èšå®ããŠSOCKET_ERRORãã¹ããŒããŸãã 次ã«ãã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ã¯ãWaitForSingleObjectïŒïŒãªã©ãäœããã®æ¹æ³ã§ã€ãã³ããåŸ æ©ããã€ãã³ãã®ã¹ããŒã¿ã¹ãèšå®ããããšããã«ãWSAGetOverlappedResultïŒïŒãä»ããŠãããã¡ãŒãèªã¿åããŸãã
åæé¢æ°ããããŒã¿ãåé€ããã®ãé£ãããªãå Žåãéåæã§ã¯å°ãæãå ããå¿ èŠããããŸãã æçš¿ã®åé ã§ãã³ã³ããã¹ããå®å šã«åé€ããããšã¯ã§ããªããšè¿°ã¹ãŸããããéåææäœããã®çç±ã§ãã ãã詳现ã«ã WSAGetOverlappedResultïŒïŒåŒã³åºãã¯ãéä¿¡ãããã¡ãŒãŸãã¯åä¿¡ãããã¡ãŒã«é¢ããæ å ±ãäŒããŸããã ãããã£ãŠãã³ã³ããã¹ããäœæããããã«ãããã¡ãžã®ãã€ã³ã¿ãä¿åããå¿ èŠãããããšã¯æããã§ãã
ã³ã³ããã¹ããå¿ èŠãªå¥ã®çç±ããããŸãã ã¹ããªãŒãã³ã°ãããªã®ååã«ã¯HTTPãªã¯ãšã¹ããšã¬ã¹ãã³ã¹ãå¿ èŠãªãããæãè«ççãªè§£æ±ºçã¯ãsendïŒïŒãrecvïŒïŒãå¥ã ã«åŒã³åºãããšã§ãã ããã§ã¯ãã³ã³ããã¹ãã®æ§é ãäœæããŸããããããã¯ãHTTPãªã¯ãšã¹ããšã¬ã¹ãã³ã¹ã®ãã¢ãåéãã
éåæé¢æ°ïŒ
struct REQUEST { SOCKET socket; char *request; LPWSABUF wsaBuf; PREQUEST next; }
äžèšã®ãã¹ãŠãå¿ èŠãªã®ã¯ãªãã§ããïŒ ãœã±ããçªå·ã«ããããªã¯ãšã¹ããšã¬ã¹ãã³ã¹ã®å¯Ÿå¿ã決å®ããŸãã ã€ãŸããã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ã¯åãTCPãœã±ããäžã§ãªã¯ãšã¹ããéåä¿¡ããŸããããããªããšããªã¯ãšã¹ããéåä¿¡ã§ããŸããã èŠæ±ãã€ã³ã¿ãŒã¯HTTPèŠæ±ãåç §ããŸãã LPWSABUFãã€ã³ã¿ãŒã¯ãéåæé¢æ°ã«äœ¿çšãããŸãã ã€ãŸããWSASendïŒïŒ/ WSARecvïŒïŒãåŒã³åºããããšããããã¡ãŒãžã®ãã€ã³ã¿ãŒãä¿åããWSAGetOverlappedResultïŒïŒã®å®äºæã«ããããåé€ããŸãã ç¹°ãè¿ããŸãããäžèŽã¯ãœã±ããçªå·ã«ãã£ãŠæ±ºå®ãããŸãã
ä»åŸãWSASendïŒïŒã®å Žåããã®æçš¿ãšã€ã³ã¿ãŒã»ãã¿ãŒãã©ã³ã¯ã®äœæäžã«ãã¹ããããã©ãŠã¶ãŒã®ãããã§ãéåæåŒã³åºãã¯äœ¿çšãããŸããã
次ã¯äœã§ããïŒ åäžãªã³ã¯ãªã¹ããæŽçããŸãã èŠæ±ãšå¿çã®ãã¢ã®ã³ã³ããã¹ãã¯ã倱ãããªãããã«ã©ããã«é 眮ããå¿ èŠãããã®ã¯è«ççã§ãã ããã°ã©ã ã®ãµã€ãºãèšããŸãããSTLãã³ãã¬ãŒãã®ãããªãã®ã䜿çšããªãããã«ãåŠæ ¡ã®ãªãªã³ããã¯ã®åé¡ã解決ããåçŽã«æ¥ç¶ããããªã¹ãã®å®è£ ãèšè¿°ããã®ãæãç°¡åã§ããã ããã¯ããªãã«ãšã£ãŠããè¯ãã§ããããããªãèªèº«ã§èŠãŠãã ããã
詳现ã«å ¥ãããšãªãããªã¯ãšã¹ã/ã¬ã¹ãã³ã¹ã³ã³ããã¹ãã®ãªã³ã¯ãªã¹ããæäœããããã®é¢æ°ã«ã€ããŠèª¬æããŸãïŒè©³çŽ°ã«ã€ããŠã¯ããœãŒã¹ãåç §ããŠãã ããïŒã
// PREQUEST findRequest(SOCKET s); // - PREQUEST addRequest(SOCKET s, char *request); // void delRequest(SOCKET s);
次ã«ããã¹ãŠã®sendïŒïŒé¢æ°ã®å ±éãã³ãã©ãŒãäœæããŸãã
// BOOL commonSendHandler(PAPIHOOK thisHook, SOCKET s, char *buf, int len, BOOL isWsa) { // 'GET ' if ⊠// HTTP char *request = getHttpHeaders((const char *) buf, len); if (request != NULL) addRequest(s, request); return TRUE; }
ãããŠããã¹ãŠã®recvïŒïŒã®å ±éãã³ãã©ãŒïŒ
// BOOL commonRecvHandler(PAPIHOOK thisHook, SOCKET s, char *buf, int len, BOOL isWsa) { // 'HTTP' if ⊠// , PREQUEST req = findRequest(s); if (NULL == req) return FALSE; // HTTP char *response = getHttpHeaders((const char *) buf, len); if (response != NULL) { // ... delRequest(s); } return TRUE; }
ãã¬ããŒã±ããã ãŸã è¿œãã€ããŠãã人ã®ããã«èª¬æããŸãã ãã±ãããéä¿¡ãããšãããã±ããã®å 容ã¯æåã«ãGETããååšãããã©ãããã§ãã¯ãããŸããHTTP GETã®å ŽåãHTTPããããŒãåãåãããéããŠãããœã±ããã®ã³ã³ããã¹ãã«ä¿åãããŸããããã«å¿ããŠããã±ãããåä¿¡ãããšã 'HTTP'ãååšãããã©ããã³ã³ãã³ãããã§ãã¯ããŸãããããçãã§ããå Žåããœã±ããã³ã³ããã¹ããã以åã«éä¿¡ãããGETãèŠã€ããããšããŠããŸããèŠæ±ãšå¿çãèŠã€ãã£ãå Žåã¯ãããã«åæã§ããŸãããã®äŸã§ã¯ãåã«ïŒ TEMPïŒ \ <ããã»ã¹å.exe>-<ããã»ã¹ID> .logã®ãã°ãã¡ã€ã«ã«ãã³ãã
ãŸããéåæé¢æ°ãåŠçããããã«æ®ããŸãããã®ãããäŸãšããŠWSARecvïŒïŒã䜿çšããŸãã
// WSARecv() DEFINE_HOOK(int, WSAAPI, WSARecv, (SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)) { rv = WSARecv(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine); // if (!rv && NULL != lpNumberOfBytesRecvd) { commonRecvHandler(thisHook, s, lpBuffers->buf, *lpNumberOfBytesRecvd, TRUE); } else // if (rv == SOCKET_ERROR && WSAGetLastError() == WSA_IO_PENDING) { // WSARecv , WSA , PREQUEST req = findRequest(s); if (req != NULL) req->wsaBuf = lpBuffers; } LEAVE_HOOK(); }
ã€ãŸããåŒã³åºããéåæã®å Žåããœã±ããã®ã³ã³ããã¹ããèŠã€ããããã«ãããã¡ãŒãžã®ãã€ã³ã¿ãŒãæžã蟌ã¿ãŸãã次ã«ããããæœåºããreadïŒïŒã®ãããªãã¹ãŠã®é¢æ°ã®æ±çšãã³ãã©ãŒã«ãã¹ãŠãæž¡ããŸãã
// WSAGetOverlappedResult() DEFINE_HOOK(BOOL, WSAAPI, WSAGetOverlappedResult, (SOCKET s, LPWSAOVERLAPPED lpOverlapped, LPDWORD lpcbTransfer, BOOL fWait, LPDWORD lpdwFlags)) { rv = WSAGetOverlappedResult(s, lpOverlapped, lpcbTransfer, fWait, lpdwFlags); if (rv && NULL != lpcbTransfer && *lpcbTransfer > MIN_HTTP_HEADER_SIZE) { // , ? PREQUEST req = findRequest(s); if (req != NULL && req->wsaBuf != NULL) commonRecvHandler(thisHook, s, req->wsaBuf->buf, *lpcbTransfer, TRUE); } LEAVE_HOOK(); }
åäºè©©ã®çµè«ãšããŠãå¿çãåä¿¡ããåã«ãœã±ãããæ»ã¬ããšãèš±å¯ããå Žåãäžå¿ èŠãªã³ã³ããã¹ããæã€ããã«closesocketïŒïŒãã³ãã©ãŒãäœæããŸããæŽç·Žãã³ã³ãã€ã«ãèµ·åããã©ãŠã¶ã®èµ·åãYouTubeãžã®ç§»å...
ãããŠãæªåé«ãã¢ãã¬ã¹www.youtube.com/watch?v=o78nFVB1tJAïŒãã°ããçŽæ¥ååŸïŒã§ãããªãèŠèŽããããã«Google ChromeããååŸããèå³æ·±ãããã±ãŒãžã次ã«ç€ºããŸãã
[22:28:48] [SOCKET = 0EB0, REQUEST = 1327 bytes, RESPONSE = 329 bytes] ->GET /videoplayback?algorithm=throttle-factor&burst=40&cp=U0hTS1RRU19OTUNOM19MS1dBOlR1eGNSd1JHRkdy&expire=1346465093&factor=1.25&fexp=926900%2C910103%2C922401%2C920704%2C912806%2C924412%2C913558%2C912706&gcr=fi&id=a3bf27155075b490&ip=91.155.190.10&ipbits=8&itag=34&keepalive=yes&key=yt1&ms=au&mt=1346441292&mv=m&range=13-1781759&signature=7415093589702691B2E46681B2EF24EC370C2F1F.D6D55168E2211687994A3F47D8919AC5470C567D&source=youtube&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cgcr%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cupn%2Cexpire&sver=3&upn=GlJDbjcQ-2w HTTP/1.1 Host: oo---preferred---elia-hel1---v11---lscache1.c.youtube.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.26 Safari/537.4 Accept: */* Referer: http://www.youtube.com/watch?v=o78nFVB1tJA Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: VISITOR_INFO1_LIVE=UxycPwPFJBs; __utma=27069237.1349026492.1343302158.1343302158.1343302158.1; __utmz=27069237.1343302158.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); use_hitbox=d5c5516c3379125f43aa0d495d100d6ddAEAAAAw; recently_watched_video_id_list=697d12b6b10771c1d93bb1bb4cf53148WwEAAABzCwAAAG83OG5GVkIxdEpB; PREF=fv=11.3.31; ACTIVITY=1346441327664 <-HTTP/1.1 200 OK Last-Modified: Wed, 09 May 2012 00:20:14 GMT Content-Type: video/x-flv Date: Fri, 31 Aug 2012 19:28:48 GMT Expires: Fri, 31 Aug 2012 19:28:48 GMT Cache-Control: private, max-age=23465 Accept-Ranges: bytes Content-Length: 1781747 Connection: keep-alive X-Content-Type-Options: nosniff Server: gvs 1.0
å®éãããã®ãããªã¹ããªãŒã ã¯HTTPããããŒã®æåŸã®è¡ã®çŽåŸããå§ãŸããŸãã
ãã®åŸãããã©ã€ããŒãªãã§ã¹ããªãŒãã³ã°ãããªçšã®ã€ã³ã¿ãŒã»ãã¿ãŒãäœæã§ãããã©ããçåã«æã£ãŠããŸããå人çã«ã¯ãã¿ã¹ã¯ã¯åºæ¬çã«éæãããŠãããšæãã®ã§ãçµè«ã«é²ã¿ãŸãã
çµè«
ã€ã³ã¿ãŒã»ãã¿ãŒã¯ãæ¢ã«èª¬æãããšããã«æ©èœããŸããéåžžã®å®è£ ã§ã¯ãå€ãã®ã€ã³ã¿ãŒã»ãã¿ãŒãšã¡ã€ã³ã€ã³ãžã§ã¯ã¿ãŒã¢ããªã±ãŒã·ã§ã³éã®éä¿¡çšã«IPCãèšè¿°ããå¿ èŠããããŸããããéžæããããã€ãã®ãªãã·ã§ã³ããããŸãã
- ãããªURLãã€ã³ã¿ãŒã»ãã¿ãŒããã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ã«è»¢éãããããããã«ããŸãã
- èŠèŽäžã«ã€ã³ã¿ãŒã»ãã¿ãŒãããããªèªäœã転éããŸãããã©ãã£ãã¯ã¯IPCãä»ããŠè€è£œãããŸãããããŒã«ã«ãã©ãã£ãã¯ããã³ãã³ã°ããã³ã¹ãã¯ããã»ã©éèŠã§ã¯ãªããããããã¯æãããããšã§ã¯ãããŸããã
- ã€ã³ã¿ãŒã»ãã¿ãŒããã¹ããªãŒã ããã£ã¹ã¯ã«çŽæ¥æžã蟌ã¿ãããã»ã¹ã®é²è¡ç¶æ³ã®ã¿ãã¡ã€ã³ã¢ããªã±ãŒã·ã§ã³ã«éç¥ããŸãã
å¥ã®ãã€ã³ãããããŸã§ã®ãšãããYouTube / Flash Videoã®ã¿ã䜿çšããŠããŸãããä»ã®ãµã€ãããã³ãããªã³ãŒããã¯ã«ã¯ãä»ã®æ©èœããããŸããããã§ãã90ïŒ ã®ã±ãŒã¹ã§ããContent-typeãããããŒã®ã³ã³ãã³ãã«ã®ã¿çŠç¹ãåœãŠããã«ãã¡ãã£ã¢ã¹ããªãŒã ãã€ã³ã¿ãŒã»ããããããšã¯å¯èœã§ãã
ãã®å®è£ ã®æ¬ ç¹ïŒ
- åžžã«ãã©ããã®ä»£ããã«ã³ãŒããæžãæããŸãã
äžã§æžããããã«ãå ã®é¢æ°ãåŒã³åºããšãã«ã³ãŒããæžãæããªãããã«ããã¡ãœããããããŸãããã ãããã®ãããªæ¹æ³ã§ã¯ãã³ãŒãã®ãã詳现ãªåæãåœä»€ã®ãµã€ãºã®æ±ºå®ãå Žåã«ãã£ãŠã¯éã¢ã»ã³ããªãå¿ èŠã§ããããã誰ãã«ãšã£ãŠæ¬åœã«èå³æ·±ããã®ã§ãããªããç§ã¯ããã«ã€ããŠå¥ã®æçš¿ãæžãããšãè©Šã¿ãããšãã§ããŸãã - HTTPSãåå
ã§ããªãããšå®éãNDISããããŒããã©ã€ããŒã®å ŽåãHTTPSãååããå¯èœæ§ãèŠåœãããŸãããããã§ãããã®ææ³ã䜿çšãããšãWinHTTPãOpenSSLãªã©ã®å¥ã®ã©ã€ãã©ãªã®ã¬ãã«ã§ãããè¡ãããšãã§ããŸãã
ä»ã«äœïŒ 2ã€ã®åŽé¢ïŒ
- ãã®ææ³ã¯ãã¹ã¬ãããååããããã¹ããã¡ãŒã®ãããªã¢ããªã±ãŒã·ã§ã³ãå®è£ ãããããããã ãã«äœ¿çšããããšã¯ã§ããŸãããããšãã°ãå¿ èŠã«å¿ããŠãHTTPãã©ãã£ãã¯çšã®ãã£ã«ã¿ãŒãäœæããããåºåãããªãã³ã°ãããã§ããŸããããã«ããã¹ãŠã®ãã©ãŠã¶ãTCP / IPã¬ãã«ã§æ©èœãããšããæ ¹æ¬çãªéãã¯ãããŸããã
- ãã®ææ³ã¯ãWinSockã ãã§æ©èœããŸãããã€ãŸããååãšããŠãããããªå€æŽãå ããã ãã§ãã€ã³ã¿ãŒã»ãã¿ãŒãã©ãã«ã§ã貌ãä»ããŠã奜ããªæ©èœãã€ã³ã¿ãŒã»ããã§ããŸããããã«ãããè¡åãšæèã®éé¿ã®ç¯å²ãäžããããŸãã
ãã®æçš¿ã誰ãã«ãšã£ãŠèå³æ·±ããã®ã«ãªãããšãé¡ã£ãŠããŸãã
UPDïŒ2çªç®ã®éšåã¯ãåžžã«ã³ãŒããæžãæããããšãªãããã©ããã«ã€ããŠæžãããŠããŸãã
ãããã
// st