From 8dd29e0b335c17f79b82b0129a93c4b981c99396 Mon Sep 17 00:00:00 2001
From: kahotv <root@kaho.tv>
Date: Fri, 8 Jul 2022 18:40:22 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84demo?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md              | 23 +++++++++++
 TestNSP/TestNSP.cpp    | 28 ++++++-------
 fakensp/NSProvider.cpp | 18 +--------
 fakensp/defines.h      |  2 +-
 nspinstall/main.cpp    | 89 +++++++++++++++++++++---------------------
 nspinstall/stdafx.h    |  1 +
 6 files changed, 85 insertions(+), 76 deletions(-)

diff --git a/README.md b/README.md
index 38ffdb0..cc5306e 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,29 @@
 
 vs2015_xp
 
+## 使用
+
+TestNSP(64).exe里对`aaaa.kaho.tv`用GetHostByName解析了IPv4，用GetAddrInfo解析了IPv4和IPv6。
+
+此域名正常结果应该是
+
+```
+C:\Users\admin>nslookup aaaa.kaho.tv
+服务器:  public1.114dns.com
+Address:  114.114.114.114
+
+非权威应答:
+名称:    aaaa.kaho.tv
+Addresses:  2a00:8642:1000:1::3
+          47.56.236.129
+```
+
+用以下步骤测试NSP劫持效果
+
+1、管理员权限启动`install(64).exe`，并输入`1`进行安装FakeNSP。
+
+2、安装成功后，打开TestNSP(64).exe，输入任意键，会展示Fake IP。
+
 
 
 ## gethostbyname
diff --git a/TestNSP/TestNSP.cpp b/TestNSP/TestNSP.cpp
index 28a7f36..7b08ba4 100644
--- a/TestNSP/TestNSP.cpp
+++ b/TestNSP/TestNSP.cpp
@@ -110,12 +110,12 @@ void testGetAddrInfoA(int family, const char* name)
 {
     addrinfo req = {};
     req.ai_family = family;
-    //req.ai_socktype = 0;
-    //req.ai_protocol = 0;
-    req.ai_flags = AI_ALL;
+    req.ai_socktype = SOCK_STREAM;
+    req.ai_protocol = IPPROTO_TCP;
+    req.ai_flags = AI_V4MAPPED | AI_ALL;
     addrinfo* resp = NULL;
-    INT ret = getaddrinfo(name, NULL, &req, &resp);
-    printf("getaddrinfo ret :%d\n", ret);
+    INT ret = GetAddrInfoA(name, NULL, &req, &resp);
+    printf("GetAddrInfoA ret :%d\n", ret);
     if (resp != NULL) 
     {
         printAddrInfoA(resp);
@@ -126,12 +126,12 @@ void testGetAddrInfoW(int family, const wchar_t* name)
 {
     ADDRINFOW req = {};
     req.ai_family = family;
-    //req.ai_socktype = 0;
-    //req.ai_protocol = 0;
-    req.ai_flags = AI_ALL;
+    req.ai_socktype = SOCK_STREAM;
+    req.ai_protocol = IPPROTO_TCP;
+    req.ai_flags = AI_V4MAPPED | AI_ALL;
     ADDRINFOW* resp = NULL;
     INT ret = GetAddrInfoW(name, NULL, &req, &resp);
-    printf("getaddrinfo ret :%d\n", ret);
+    printf("GetAddrInfoW ret :%d\n", ret);
     if (resp != NULL) {
 
         printAddrInfoW(resp);
@@ -142,18 +142,18 @@ void testGetAddrInfoW(int family, const wchar_t* name)
 int main()
 {
     WSADATA wsaData;
-    WSAStartup(0x0101, &wsaData);
-    const char* name = "www.baidu.com";
-    const wchar_t* name2 = L"www.baidu.com";
+    WSAStartup(MAKEWORD(2,2), &wsaData);
+    const char* name = "aaaa.kaho.tv";
+    const wchar_t* name2 = L"aaaa.kaho.tv";
     while (true)
     {
         system("pause");
         testGetHostByName(name);
         testGetAddrInfoA(AF_INET,name);
-        testGetAddrInfoW(AF_INET, name2);
+        //testGetAddrInfoW(AF_INET, name2);
         printf("=============================================\n");
         testGetAddrInfoA(AF_INET6, name);
-        testGetAddrInfoW(AF_INET6, name2);
+        //testGetAddrInfoW(AF_INET6, name2);
     }
     WSACleanup();
     system("pause");
diff --git a/fakensp/NSProvider.cpp b/fakensp/NSProvider.cpp
index 6278e06..0d84843 100644
--- a/fakensp/NSProvider.cpp
+++ b/fakensp/NSProvider.cpp
@@ -142,7 +142,7 @@ int WSPAPI NSPLookupServiceBegin(
 
 		//���ƽ���
 		std::wstring path = UtilString::ToLower(Util::GetCurrentExePath());
-		if (!UtilString::EndWith(path, L"testnsp.exe") && name != L"www.baidu.com")
+		if (!(UtilString::EndWith(path, L"testnsp.exe") || UtilString::EndWith(path, L"testnsp64.exe") || name == L"aaaa.kaho.tv"))
 		{
 			err = WSAEINVAL; break;
 		}
@@ -271,22 +271,6 @@ NSPLookupServiceNext(
 				err = WSA_NOT_ENOUGH_MEMORY;
 				break;
 			}
-			addr6->sin6_addr.u.Byte[0] = 0x11;
-			addr6->sin6_addr.u.Byte[1] = 0x22;
-			addr6->sin6_addr.u.Byte[2] = 0x33;
-			addr6->sin6_addr.u.Byte[3] = 0x44;
-			addr6->sin6_addr.u.Byte[4] = 0x55;
-			addr6->sin6_addr.u.Byte[5] = 0x66;
-			addr6->sin6_addr.u.Byte[6] = 0x77;
-			addr6->sin6_addr.u.Byte[7] = 0x88;
-			addr6->sin6_addr.u.Byte[8] = 0x99;
-			addr6->sin6_addr.u.Byte[9] = 0x11;
-			addr6->sin6_addr.u.Byte[10] = 0x22;
-			addr6->sin6_addr.u.Byte[11] = 0x33;
-			addr6->sin6_addr.u.Byte[12] = 0x44;
-			addr6->sin6_addr.u.Byte[13] = 0x55;
-			addr6->sin6_addr.u.Byte[14] = 0x66;
-			addr6->sin6_addr.u.Byte[15] = 0x77;
 		}
 
 		if (ctx->Flags & LUP_API_ANSI)
diff --git a/fakensp/defines.h b/fakensp/defines.h
index cd5e95f..3167327 100644
--- a/fakensp/defines.h
+++ b/fakensp/defines.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#define LOG_TYPE							1
+#define LOG_TYPE							2
 
 #define LUP_DISABLE_IDN_ENCODING    0x00800000
 #define LUP_API_ANSI				0x01000000		//存在时，表示用的getaddrinfoA
diff --git a/nspinstall/main.cpp b/nspinstall/main.cpp
index 1197c74..a812485 100644
--- a/nspinstall/main.cpp
+++ b/nspinstall/main.cpp
@@ -33,11 +33,11 @@ void show()
     std::vector< WSANAMESPACE_INFO2W> list;
     if (!(Util::NspGetAll(list)))
     {
-        printf("error: %d", WSAGetLastError());
+        printf("ȡNSP�б�ʧ�� err: %d", WSAGetLastError());
         return;
     }
     setlocale(LC_ALL, "chs");
-    wprintf(L"WSAEnumNameSpaceProviders succeeded with provider data count = %zd\n", list.size());
+    wprintf(L"NSP����: %zd\n", list.size());
     for (size_t i = 0; i < list.size(); i++) 
     {
         if (list[i].dwNameSpace != NS_DNS && list[i].dwNameSpace != NS_ALL)
@@ -49,7 +49,7 @@ void show()
         if (iRet == 0)
             wprintf(L"StringFromGUID2 failed\n");
         else
-            wprintf(L"NameSpace ProviderId[%zu] = %ws\n", i, GuidString);
+            wprintf(L"NameSpace[%zu] GUID = %ws\n", i, GuidString);
 
         wprintf(L"NameSpace[%zu] = ", i);
         switch (list[i].dwNameSpace) {
@@ -89,13 +89,13 @@ void show()
         }
 
         if (list[i].fActive)
-            wprintf(L"Namespace[%zu] is active\n", i);
+            wprintf(L"Namespace[%zu] is �״̬\n", i);
         else
-            wprintf(L"Namespace[%zu] is inactive\n", i);
+            wprintf(L"Namespace[%zu] is �ǻ״̬\n", i);
 
-        wprintf(L"NameSpace Version[%zu] = %u\n", i, list[i].dwVersion);
+        wprintf(L"NameSpace[%zu] Version = %u\n", i, list[i].dwVersion);
 
-        wprintf(L"Namespace Identifier[%zu] = %ws\n\n", i, list[i].lpszIdentifier.c_str());
+        wprintf(L"Namespace[%zu] Identifier = %ws\n\n", i, list[i].lpszIdentifier.c_str());
     }
 }
 
@@ -104,30 +104,30 @@ void uninstall()
     INT ret = WSCUnInstallNameSpace(&MY_NAMESPACE_GUID);
     if (ret == SOCKET_ERROR)
     {
-        printf("Failed to remove provider: %d\n", WSAGetLastError());
+        printf("ж��FakeNSPʧ�� err: %d\n", WSAGetLastError());
     }
     else
     {
-        printf("Successfully removed name space provider\n");
+        printf("ж��FakeNSP�ɹ�\n");
     }
 }
 
 void install(bool totop, wchar_t* dllname)
 {
-    show();
+    //show();
     uninstall();
-    show();
+    //show();
     std::wstring path = GetCurrentExtDir() + dllname;
-    INT ret = WSCInstallNameSpace(L"Custom Name Space Provider",
+    INT ret = WSCInstallNameSpace(L"Fake NSP",
         &path[0], NS_DNS, 1, &MY_NAMESPACE_GUID);
     if (ret == SOCKET_ERROR)
     {
-        printf("Failed to install name space provider: %d\n",
+        printf("��װʧ�� err: %d\n",
             WSAGetLastError());
     }
     else
     {
-        printf("Successfully installed name space provider\n");
+        printf("��װFakeNSP�ɹ�\n");
         if (totop)
         {
             //�������ȼ�
@@ -147,7 +147,14 @@ void install(bool totop, wchar_t* dllname)
                 //����˳��
                 Util::NspToGuidList(listNsp2, listGuid);
                 INT r = WSCWriteNameSpaceOrder(&listGuid[0], listGuid.size());
-                printf("WSCWriteNameSpaceOrder: %d\n", r);
+                if (r == 0)
+                {
+                    printf("NSP����ɹ�\n");
+                }
+                else
+                {
+                    printf("NSP����ʧ��  ret: %d, err: %d\n", r, WSAGetLastError());
+                }
 
             } while (false);
         }
@@ -158,45 +165,39 @@ void install(bool totop, wchar_t* dllname)
 int main(int argc, char** argv)
 {
     WSADATA        wsd;
-    char* ptr;
-
-    // Check for the appropriate number of arguments.
-    if (argc != 2)
-    {
-        printf("usage: %s install | remove\n", argv[0]);
-        return -1;
-    }
 
     if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0)
     {
-        printf("WSAStartup() failed: %d\n", GetLastError());
+        printf("WSAStartup() ʧ�� err: %d\n", GetLastError());
         return -1;
     }
 
-    // Convert any arguments to lower case
-    ptr = argv[1];
-    while (*ptr)
-        *ptr++ = tolower(*ptr);
-
-    if (!strncmp(argv[1], "install", 6))
+    while (true)
     {
+        std::string cmd;
+        
+        printf("����ָ��: \n1 ��װ\n2 ж��\n3 չʾ\n");
+        std::cin >> cmd;
+        if (cmd == "1")
+        {
 #ifdef _WIN64
-		install(true, L"fakensp64.dll");  // Install the name space provider
+            install(true, L"fakensp64.dll");  // Install the name space provider
 #else
-		install(true, L"fakensp.dll");  // Install the name space provider
+            install(true, L"fakensp.dll");  // Install the name space provider
 #endif
-    }
-    else if (!strncmp(argv[1], "remove", 6))
-    {
-        uninstall();    // Remove the name space provider
-    }
-    else if (!strncmp(argv[1], "show", 4))
-    {
-        show();         // Show
-    }
-    else
-    {
-        printf("usage: %s install | remove\n", argv[0]);
+        }
+        else if (cmd == "2")
+        {
+            uninstall();
+        }
+        else if(cmd == "3")
+        {
+            show();
+        }
+        else 
+        {
+            printf("δ֪������\n");
+        }
     }
 
     WSACleanup();
diff --git a/nspinstall/stdafx.h b/nspinstall/stdafx.h
index 7ab4611..1a0a219 100644
--- a/nspinstall/stdafx.h
+++ b/nspinstall/stdafx.h
@@ -19,6 +19,7 @@
 #include <Windows.h>
 
 
+#include <iostream>
 #include <string>
 #include <vector>