unit main;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, Grids, uallProcess, uallHook, uallUtil, StdCtrls;

type
  TForm1 = class(TForm)
    trafficgrid: TStringGrid;
    Label1: TLabel;
    procedure FormCreate(Sender: TObject);
    procedure WMNOTIFYCD(var Msg: TWMCopyData); message WM_COPYDATA;
    procedure FormCloseQuery(Sender: TObject; var CanClose: Boolean);
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
  private
    { Private-Deklarationen }
  public
    { Public-Deklarationen }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

type Tmydata = packed record
      exe: array[0..60] of char;
      prid: integer;
      datacount: integer;
      ind: boolean;
     end;

var notclosed: Boolean = true;
    gesamt: longint = 0;
    mydata: TMydata;

procedure TForm1.WMNOTIFYCD(var Msg: TWMCopyData);
var exeanz: string;
begin
  if Msg.CopyDataStruct^.cbData = sizeof(TMydata) then
  begin
    CopyMemory(@myData,Msg.CopyDataStruct^.lpData,sizeof(TMyData));
    gesamt := gesamt+mydata.datacount;
    label1.Caption := 'transfered: '+inttostr(Gesamt);
    exeanz := mydata.exe+' '+inttostr(mydata.prid);
    if trafficgrid.Cols[0].IndexOf(exeanz) = -1 then
    begin
      trafficgrid.Cells[0,trafficgrid.RowCount-1] := exeanz;
      if mydata.ind then
        trafficgrid.Cells[1,trafficgrid.RowCount-1] :=
          inttostr(strtointdef(trafficgrid.Cells[1,trafficgrid.RowCount-1],0)+mydata.datacount) else
        trafficgrid.Cells[2,trafficgrid.RowCount-1] :=
          inttostr(strtointdef(trafficgrid.Cells[2,trafficgrid.RowCount-1],0)+mydata.datacount);
      trafficgrid.RowCount := trafficgrid.RowCount+1;
    end else
    begin
      trafficgrid.Cells[0,trafficgrid.Cols[0].IndexOf(exeanz)] := exeanz;
      if mydata.ind then
        trafficgrid.Cells[1,trafficgrid.Cols[0].IndexOf(exeanz)] :=
          inttostr(strtointdef(trafficgrid.Cells[1,trafficgrid.Cols[0].IndexOf(exeanz)],0)+mydata.datacount) else
        trafficgrid.Cells[2,trafficgrid.Cols[0].IndexOf(exeanz)] :=
          inttostr(strtointdef(trafficgrid.Cells[2,trafficgrid.Cols[0].IndexOf(exeanz)],0)+mydata.datacount);
    end;
  end;
end;

function ProcessSearch(p: pointer): integer;
var listpr, listmd: TStringList;
    i, j: integer;
    addtopr: boolean;
begin
  listpr := TStringlist.Create;
  listmd := TStringlist.Create;
  while notclosed do
  begin
    listpr.text := uallProcess.FindAllProcesses;
    for i := 0 to listpr.Count-1 do
    begin
      listmd.Text := uallProcess.FindModulesInProcess(PChar(listpr[i]));
      addtopr := true;
      for j := 0 to listmd.count-1 do
      begin
        if pos('TRAFFICREAD',uppercase(listmd[j])) > 0 then
          addtopr := false;
      end;
      if addtopr then
        uallHook.InjectLibrary(uallProcess.FindProcess(PChar(listpr[i])),
                               pchar(uallUtil.GetExeDirectory+'trafficread.dll'));
    end;
    sleep(1000);
  end;
  listmd.free;
  listpr.free;
  result := 0;
end;

procedure TForm1.FormCreate(Sender: TObject);
var tidpr: cardinal;
begin
  BeginThread(nil,0,@ProcessSearch,nil,0,tidpr);
// InjectLibrary(FindProcess('firefox.exe'),
// pchar(uallUtil.GetExeDirectory+'trafficread.dll'));
  trafficgrid.Cells[0,0] := 'program executable';
  trafficgrid.Cells[1,0] := 'in';
  trafficgrid.Cells[2,0] := 'out';
  trafficgrid.ColWidths[0] := 400;
  trafficgrid.ColWidths[1] := 80;
  trafficgrid.ColWidths[2] := 80;
end;

procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);
begin
  notclosed := false;
end;

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
  uallHook.GlobalUnloadLibrary('trafficread.dll');
end;

end.

library trafficread;

uses
  windows,

  uallHook in '..\..\uallHook.pas',
  uallUtil in '..\..\uallUtil.pas',
  uallDisasm in '..\..\uallDisasm.pas',
  uallDisasmEx in '..\..\uallDisasmEx.pas',
  uallProcess in '..\..\uallProcess.pas',
  uallKernel in '..\..\uallKernel.pas';

const
  WM_COPYDATA = $004A;

type Tmydata = packed record
      exe: array[0..60] of char;
      prid: integer;
      datacount: integer;
      ind: boolean;
     end;

var
  oldsendto, nextsendto: function(s: dword; var Buf; len, flags: Integer; var addrto: dword;
                                  tolen: Integer): Integer; stdcall;
  oldsend, nextsend: function(s: dword; var Buf; len, flags: Integer): Integer; stdcall;
  oldrecv, nextrecv: function(s: dword; var Buf; len, flags: Integer): Integer; stdcall;
  oldrecvfrom, nextrecvfrom: function(s: dword; var Buf; len, flags: Integer;
                      var from: dword; var fromlen: Integer): Integer; stdcall;

  CDS: TCopyDataStruct;
  winh: integer;
  mydata: TMyData;
  lenstr: cardinal;

procedure sendapp(len: integer; indata: boolean);
begin
  ZeroMemory(@mydata.exe[0],61);
  lenstr := GetModuleFilenameA(GetModuleHandleA(nil),@mydata.exe[0],50);
  mydata.prid := GetCurrentProcessID;
  mydata.datacount := len;
  mydata.ind := indata;
  SendMessageA(winh,WM_COPYDATA,0,cardinal(@CDS));
end;


function myrecvfrom(s: dword; var Buf; len, flags: Integer;
                      var from: dword; var fromlen: Integer): Integer; stdcall;
begin
  sendapp(len,true);
  result := nextrecvfrom(s,buf,len,flags,from,fromlen);
end;

function myrecv(s: dword; var Buf; len, flags: Integer): Integer; stdcall;
begin
  sendapp(len,true);
  result := nextrecv(s,buf,len,flags);
end;

function mysend(s: dword; var Buf; len, flags: Integer): Integer; stdcall;
begin
  sendapp(len,false);
  result := nextSend(s,buf,len,flags);
end;

function mysendto(s: dword; var Buf; len, flags: Integer; var addrto: dword;
  tolen: Integer): Integer; stdcall;
begin
  sendapp(len,false);
  result := nextSendTo(s,buf,len,flags,addrto,tolen);
end;

procedure injectmain;
var h: integer;
    usr: integer;
begin
  @oldsendto := nil;
  @oldsend := nil;
  @oldrecvfrom := nil;
  @oldrecv := nil;

  usr := GetModuleHandle('user32.dll');
  h := GetModuleHandle('wsock32.dll');

  CDS.dwData := 0;
  CDS.cbData := sizeof(TMyData);
  CDS.lpData := @mydata;

  if (h > 0) and (usr > 0) then
  begin
    winh := FindWindowA(nil,'ShowTraffic');

    @oldsendto := GetProcAddress(h,'sendto');
    if @oldsendto <> nil then
      uallHook.HookCode(@oldsendto, @mysendto, @nextsendto);

    @oldsend := GetProcAddress(h,'send');
    if @oldsend <> nil then
      uallHook.HookCode(@oldsend, @mysend, @nextsend);

    @oldrecv := GetProcAddress(h,'recv');
    if @oldrecv <> nil then
      uallHook.HookCode(@oldrecv, @myrecv, @nextrecv);

    @oldrecvfrom := GetProcAddress(h,'recvfrom');
    if @oldrecvfrom <> nil then
      uallHook.HookCode(@oldrecvfrom, @myrecvfrom, @nextrecvfrom);
  end;
end;

procedure uninjectmain;
begin
  if @oldsendto <> nil then
    uallHook.UnhookCode(@nextsendto);
  if @oldsend <> nil then
    uallHook.UnhookCode(@nextsend);
  if @oldrecv <> nil then
    uallHook.UnhookCode(@nextrecv);
  if @oldrecvfrom <> nil then
    uallHook.UnhookCode(@nextrecvfrom);
end;

procedure dllmain(dwReason: integer);
begin
  case dwreason of
    DLL_PROCESS_ATTACH:
      injectmain;
    DLL_PROCESS_DETACH:
      uninjectmain;
  end;
end;

begin
  DLLProc := @DLLMain;
  DLLMain(1);
end.