ARP 欺骗的过程中,首先是要得到目标计算机的MAC 地址,通过在局域网络中发布ARP 请求可以得到目标计算机的MAC 地址,同时也可以通过这个方法来得到局域网中的存活主机的情况。
程序代码如下:
// Vin1.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <iphlpapi.h>
#include "winsock2.h"
#include <malloc.h>
#include <stdlib.h>
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"IpHlpApi.lib")
UINT bVbose= 0;
BOOL IsActive(char *pDestIp);
void Usage(char *pszProm);
UINT TranToLong(char *pDestIp);
UINT NN(int nBase ,int nPoint);
BOOL LongtoString(UINT nIp, char **pRet);
int __cdecl main(int argc,char *argv[])
{
ULONG uStartIp = 0,uEndIp = 0;
//0xbe68f0f3 0x0bddca0d
if(argc != 2 && argc != 3 && argc != 4)
{
Usage(argv[0]);
return 0;
}
if(argc == 2)
{
if(!strcmp(argv[1],"-v"))
{
Usage(argv[0]);
return 0;
}
uStartIp = TranToLong(argv[1]);
uEndIp = uStartIp;
}
else if(argc == 3)
{
if(!strcmp(argv[1],"-v"))
{
bVbose ++;
uStartIp = TranToLong(argv[2]);
uEndIp = uStartIp;
bVbose ++;
}
else
{
uStartIp = TranToLong(argv[1]);
uEndIp = TranToLong(argv[2]) ;
}
}
else if(argc == 4)
{
if(!strcmp(argv[1],"-v"))
{
bVbose ++;
}
else
{
Usage(argv[0]);
return 0;
}
uStartIp = TranToLong(argv[2]);
uEndIp = TranToLong(argv[3]);
}
if(uEndIp - uStartIp < 0)
{
uStartIp += uEndIp;
uEndIp = uStartIp - uEndIp;
uStartIp = uStartIp - uEndIp;
}
char szBuf[64];
char *pTemp = szBuf;
for(UINT i = uStartIp ; i <= uEndIp ;i ++)
{
LongtoString(i,&pTemp);
IsActive(szBuf);
}
return 0;
}
BOOL IsActive(char *pDestIp)
{
HRESULT hr;
IPAddr ipAddr ;
ULONG pulMac[2];
ULONG ulLen;
if(pDestIp == NULL || strlen(pDestIp ) == 0)
{
if(bVbose)
{
printf("Input Error, the Input Ip Address is [%s]\r\n",pDestIp);
}
return FALSE;
}
ipAddr = inet_addr (pDestIp);
if(ipAddr == INADDR_NONE)
{
if(bVbose)
{
printf("Input Error, the Input Ip Address is [%s]\r\n",pDestIp);
return FALSE;
}
}
memset (pulMac, 0xff, sizeof (pulMac));
ulLen = 6;
hr = SendARP (ipAddr, 0, pulMac, &ulLen);
if(hr != NO_ERROR)
{
if(bVbose)
{
printf("IP Address : %s <===> ",pDestIp);
LPVOID lpMsgBuf;
if (FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
hr,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL ))
{
printf("Error: %s", lpMsgBuf);
}
LocalFree( lpMsgBuf );
}
return 0;
}
//printf ("Return %08x, length %8d\n", hr, ulLen);
size_t i, j;
char * szMac = new char[ulLen*3];
PBYTE pbHexMac = (PBYTE) pulMac;
//
// Convert the binary MAC address into human-readable
//
for (i = 0, j = 0; i < ulLen - 1; ++i) {
j += sprintf (szMac + j, "%02X:", pbHexMac[i]);
}
printf("IP Address : %s <===> ",pDestIp);
sprintf (szMac + j, "%02X", pbHexMac[i]);
printf ("MAC address %s\r\n", szMac);
delete [] szMac;
return TRUE;
}
void Usage(char *pszProm)
{
printf(" You can use the program to detect if the machine is active.\r\n");
printf(" and Get the machine mac address \r\n");
printf("%s Usage : \r\n%s DestionIP or\r\n%s StartIp EndIp\r\n",pszProm,pszProm,pszProm);
}
UINT TranToLong(char *pDestIp)
{
if(pDestIp == NULL || strlen(pDestIp) == 0)
{
return -1;
}
int nDot = 0;
int nTemp = 0;
UINT nRet = 0;
char *pTemp = pDestIp;
while (nDot < 3)
{
while(*pTemp != '.')
{
pTemp ++;
}
*pTemp = '\0';
nTemp = atoi(pDestIp);
nRet += nTemp * NN(255,3 - nDot);
nDot ++;
pDestIp = pTemp + 1;
nTemp = 0;
}
nTemp = atoi(pDestIp);
nRet += nTemp;
return nRet;
}
UINT NN(int nBase ,int nPoint)
{
UINT nTmep = 1;
for(int i = 0 ;i < nPoint ; i ++)
nTmep = nTmep * nBase;
return nTmep;
}
BOOL LongtoString(UINT nIp, char **pRet)
{
char *pTemp = *pRet;
long lTemp[4] = {0};
char szBuffer[32];
**pRet = '\0';
for(int i = 0 ; i < 4; i ++)
{
lTemp[i] = nIp / (NN(255,3 - i) );
nIp -= lTemp[i] * NN (255,3 - i);
}
for(i = 0; i < 4; i ++)
{
ltoa(lTemp[i],szBuffer,10);
strcat(*pRet,szBuffer);
if(i != 3)
{
strcat(*pRet,".");
}
}
return TRUE;
}
本文地址:http://com.8s8s.com/it/it27340.htm