Modifying windows TCP/IP responses - c++

I have written a small program that returns a custom response to receiving SYN packets to some ports in Linux. This required me to make a minor edit to the Linux Kernel and recompile. I have tested this and i have the functionality i require in Linux.
I wish to have the same functionality in Windows XP/7. To achieve this i believe i would need to edit a driver/file/registry setting that controls tcpip functions. The goal would be to disable the default action of sending RST packets when a SYN is received on a closed port?
The research i have done so far has pointed me towards something like tcpip.sys or the tcpip settings in registry?
I am realistic that this may not be possible due to the drivers being unsigned if i modify them, but hopefully someone can put my mind at ease about the plausibility of this being possible?

Related

How to modify outbound UDP traffic with a Winsock LSP?

I'm building an application that needs to modify DHCPv6 packets dynamically before they hit the wire. I'm doing some heavily proprietary work with DHCPv6 vendor options, and I need the ability to examine and modify those options in-memory before they are transmitted.
I've built a proof-of-concept layered service provider on top of Winsock by modifying the Microsoft sample code. It intercepts outgoing HTTP packets, changes the referrer-agent to something funny, and sends the packet on its way. Verified in Wireshark, works great.
It was also straightforward to change my installer code so that my LSP gets chained in on top of UDP/IPv6 rather than TCP/IPv4, and now, with a debugger attached, I can see myself getting callbacks with stacks leading into the DHCP server. However, I can no longer see the buffers in memory.
WSPSend and WSPConnect don't get called, since we're on a connectionless protocol--that makes sense. I do get a consistent callback in WSPSendTo but the lpBuffers member, which in my HTTP prototype contained the buffer representing the outgoing packet, is NULL.
Am I going about this completely the wrong way, or is there another Winsock operation I need to override? I'd be happy to go in another direction if an LSP is the wrong way to go, but outside libraries are a very tough sell for this application--otherwise, I'd be looking at Winpcap.
EDIT: Wow, this was a long time ago. For those coming behind me, this ultimately worked fine. I'm embarrassed to say that the issue was that I was compiling with optimizations that prevented me from seeing the correct data in the debugger. When I stopped being lazy and dumped the bytes to a file, I saw that all was well.
LSP does can only intercept Winsock traffic, DHCP is at a lower layer, you need a different technology to do this, for example: NDIS, TDI (Will not work on Win8) or WFP (Will not work on XP)

Testing Serial port application

I have a code to send data to serial port. I just want to make sure that it is sending the data properly. I checked the function's return value and the number of bytes written and it is success. Is there any other way to actually see the data whatever i am writing?
if(WriteFile(m_hSerialComm, pszBuf, dwSize, &dwNumberOfBytesWritten, NULL) != 0)
I tried to use "Advanced Terminal Port software"
but the data is not coming in that window.
There are several ways to test your software. If you have two serial ports then connect them with a cable and listen on the other port with a terminal application such as the one you mentioned. Otherwise, you could loop back on the same port by connecting pins 2 and 3 together. A hardware-free option would be to use virtual serial ports as provided by tools like com0com.
Assuming from your piece of code that you are developing on a Microsoft Windows operating system, I would recommend the Portmon for Windows "official" serial port monitoring utility. I have used it in in the past, and found it simple enough, and also quite useful specifically for its multiple filtering/search options (since sometimes the amount of data passed on your serial port is huge).
If all you want is a log of the data you have written to your own port, why not encapsulate your WriteFile (and maybe also your ReadFile) functions in some "utility" function(s) that reads/writes both on your serial port and in some log file? You could even add timestamps, and filter "whatever you are looking for" straight from your own code.
I found this last option really useful when remotely debugging applications with customers. You add a button in your application that toggles the logging on and off, then you simply have to ask your customer to hit the "log" button and to send you the results.

Help me get started (traffic manipulation)

My main goal is to create an advanced program for manipulating the packets that route within my network via the router. Let my program have total control over the router. Set the download/upload speeds to my inputs, apply the effect to certain devices within in my network. Block upload or download traffic. Set second delay for either the upload or download speed. Specify % of loss packets, and the list goes on.
The problem is that I don't know where to start. I know most languages at the very most basic level. I'd like to create this program in either C, C++ or C# but I don't know yet. What else do I need to know before creating this program? Winsock or something? Winpcap APIs?
This goal is my motivation to learn programming to the extreme, and I'm really looking forward to it.
Thanks in advance!
Hmmm I guess you would want to look at pcap(?):
pcap
Check out:
http://beej.us/guide/bgnet/html/multi/index.html
'Beej's Guide to Network Programming
Using Internet Sockets'
All you could possibly need to know about programming sockets for capture and manipulation.
If I were you I'd write it in C, I'm writing a similar project at the moment in C++ and it's hell but too late to stop and start again.
Hope that helps.
Bear in mind that you either need a router that you can re-program or you need to use your PC as a router to do this.
Either way you want to look into how IPTABLES are implemented.
I've never seen Desktop Windows used as a router only Windows Server, though it may still be possible. libpcap is for packet capture, but not interception as I understand it. Programs like Wireshark use it to monitor copies of packets, but not to modify them. If you want to attempt this, my impression has been that there is a lot more documentation and tools for doing something like this with NetFilter/IPTables on Linux. You can even install something like OpenWRT on a compatible router and get a small, cheap Linux router, though having Desktop Linux will probably help for development. The NetFilter QUEUE library can be used with some IPTables firewall rules to redirects specific (or all) packets to a regular user program. That program can then read the packet and modify it or even request it to be dropped.
http://www.netfilter.org/projects/libnetfilter_queue/
If you want to manipulate network traffic on a Windows machine (as you mentioned), you will need some extra software. This operating system wont give you the full control over itself, which is fine for some reasons.
I think what you want to do, should be done with either winpcap or win10pcap if you are using Win10. These packages contains a windows driver and the libpcap user space library.

communication between two computers with 2 c++ programs [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have one computer that is running a c++ program to control a robot and another computer that is running a computer vision system (also written in c++). I would like for these two programs to be able to talk to one another. The communication would not have to be complex, I would just need the robot computer to be able to tell the vision computer when a trial begins and ends (when to start and stop a data collection sequence). Do any of you have advice on how to approach this problem? Rs232 communication between the computers? Some kind of networking solution? smoke signals? Any suggestions would be welcome.
thank you in advance
(edit) In case you think the statement above is vague:
I need to pass a binary (go/don't go) signal from one computer to another. Unfortunately I can't be more specific about what this will look like because (obviously) I don't know what is available. Both computers are on a network, and both computers are running windows. The goal is to syncronize data collected by the computer vision system with actions performed by the robot. The communication does need to be fast enough that it will not slow down either the robot or the computer-vision program. a "good" solution would be 1) easy to implement 2) fast. I do not know much about networking and I am looking for a place to start looking.
thank you again for your assistance
You might use a simple UDP protocol - the advantage being that if you understand the concepts of simple packet protocols on RS232 you'll find it easy to transfer that knowledge to sending the packets via UDP.
If you want a reliable (as in, other parts of the system will worry about errors and retries) stream of bytes between the two PCs, then TCP/IP is not much more complicated to use than UDP.
Both UDP and TCP are accessed through 'sockets'. I'm afraid you'll find that from C++ there is rather a lot of tedious boilerplate to getting that working, but there are lots and lots of examples around.
If they are network-connected you could just use sockets.
The best option will be to use network communication. The easiest way to approach this should be to look at the networking examples in Qt.
You basically will create a client and a server application. You decide what the client does when it sees a certain message from the server. That's all. Qt should take care of the rest of the stuff.
Other answers suggests TCP/IP, UDP, RS232, ... All those things are just options when you use QtNetwork module. I assume that since you ask your question, you don't know about the difference between those. So the safest bet will be to use the highest level (free) library, hence the suggestion to look into Qt.
Another option is to use Boost.Asio. I tend to prefer Qt solution since their API is nicer.
That sounds like a fairly good use for the network socket. If both your machines are on Windows you can even use named pipes.
For Windows, you will need to open the COM n port as a file to communicate over a serial port[1]. I don't have access to my code now, I can look it up when I get home.
RS232 is easy and I like it. However, it it is slow. You need to consider that in your design.
[1] For C++.
Most modern computers have Ethernet capability, so get yourself a cheap hub or switch and look at networking APIs. There's usually some fairly easy socket stuff. One advantage of this is that, if you want to increase communication ability later, such as having your vision software provide instructions and guidance to your robot, you've got the basics set up.
Alternately, set up your vision program so you can start and stop it by hitting random keys. When you're going to use it, put the keyboard in front of the robot computer's CD drive, and eject at the start and end of the robot run.
This may be overkill in your situation, but if I were in your shoes I would probably implement it using the HTTP protocol. The vision computer would run a HTTP server and the robot computer would communicate the state changes using POST requests. The Poco C++ Net library provides you with the facilities required to do this.
I would use a TCP/IP socket for communications. TCP guarantees that the data will make it. So, all you need to do is parse the data.
RS232 is an easy option to program for, however modern PCs don't tend to have RS232 ports. You may need to get USB-RS232 adapters or install a PCI card.
The other problem with RS232 is that you have an additional wire to worry about which can be a nusiance. Also RS232 cables can be limited in length (5-15m) unless you invest in some clunky RS232 repeaters or bluetooth connectors, etc.
On top of all that you're also adding one more item to your project that can go wrong and cost you time in deploying and debugging.
IMO, an elegant engineering solution would be to utilise the hardware that you have and use TCP/IP sockets to communicate.
The web is awash with examples on passing messages between servers and clients:
If you're using Linux:
http://www.linuxhowtos.org/C_C++/socket.htm
Using Windows:
http://www.adp-gmbh.ch/win/misc/sockets.html
I also might look at something like 0MQ to make the connection more robust. It will transmit and reassemble messages regardless of the transport, and handle buffering in the case of temporary loss of connectivity.
But the bottom line is that I would use TCP/IP, but depending on the nature of the robot you may want a slightly more robust connection system than TCP sockets. UDP is nice because it's connectionless-- if the robot temporarily travels out of range/sight/etc you wont have to rebuild the socket and context.

Linux's Windows Filtering Platform equivalent?

More than once I picked myself wanting to have an easy way to edit packets on-the-fly in my LAN, so I thought it was time for me to make some "machinery" to do the job. I think WFP would do exactly what I needed.
Not only I wanted to filter and edit packets off the computer my program would be running, but I would also like to ARP poison a machine in my LAN and edit the packets routed through the other one (I don't know wheter I could do this using WFP; that's another part of my question. If anyone knows, please tell me).
The problem is I'm not being able to download Visual C++, and I need it to use the WFP (it's part of the Windows SDK, which is not fully available for MinGW; porting the headers myself is generally a headache). Also I simply would like to know how to do that in Linux.
Anyone?
(Complementary question at ServerFault.com: https://serverfault.com/questions/74915/best-way-to-live-edit-packets-from-another-computer)
The most common way to capture and store packets in linux is through libpcap. You can use standard sockets to send the packets or generic libraries (boost::asio).
You can accomplish the same using wireshark. I believe wireshark will allow replay and/or injection.
As far as arp poisoning, you will probably have to do that directly with arp packets yourself.