Search the Community
Showing results for tags 'Packet'.
-
LAST VERSION - 1.0 22-Mar-12 I think many of you would like to combine any data of your project, for example skin images, into a single file (package), and as necessary extract them from it. Moreover, it would be better to avoid creating temporary files on the disk. Yes, of course, you can use a resources of the executable file or native FileInstall() function, but in the first case you can not add data after compilation the script, the second case leads inevitably to write data to disk that is not good. Alternatively, you can use, for example, .zip archives, but here again you are limited to using only the files. For this reason, I decided to invent their own file format (.pkr) for storing any data (it can be a files or a memory data directly), and devoid of all the above shortcomings. Below is the detailed structure of the .pkr file (package). As you can see from the screenshot, the package consists of a header and one or more data packets following one another. The package header has a length of 256 bytes and represents PKHEADER structure that contains a basic information about .pkr file, including a short text comment. Here is a description of the PKHEADER structure. -------------------------------------------------------------------------------------------------- | PKHEADER | |--------------------------------------------------------------------------------------------------| | Offset | Length | Purpose | |--------|--------|--------------------------------------------------------------------------------| | 0 | 4 | The file signature (0x504B5221) | |--------|--------|--------------------------------------------------------------------------------| | 4 | 4 | The package version, 1.0 | |--------|--------|--------------------------------------------------------------------------------| | 8 | 8 | The file size, in bytes | |--------|--------|--------------------------------------------------------------------------------| | 16 | 4 | The number of packets in the package | |--------|--------|--------------------------------------------------------------------------------| | 20 | 4 | Reserved | |--------|--------|--------------------------------------------------------------------------------| | 24 | 8 | The absolute offset, in bytes, of the first packet in package | |--------|--------|--------------------------------------------------------------------------------| | 32 | 224 | The package comment, max 224 bytes (112 characters) | --------------------------------------------------------------------------------------------------The first four bytes of the .pkr file always contain the same sequence of bytes (signature) - 0x504B5221 ("PKR!" in ASCII characters). This allows to uniquely identify the package. Then follows a DWORD value representing the package version, currently 1.0 (0x00000100). Next is the size of the package file (INT64), in bytes. Although the size of the .pkr file is not limited, the length of one packet may not exceed a little more than 4 gigabytes (see below). Note that the value of this member should be equal to the actual file size, otherwise it is assumed that the package is damaged. The next member (DWORD) of the structure contains the number of packets in the package. It should not be zero, since it is not allowed to create empty packages. The next four bytes are reserved for future use. The sixth member (INT64) of the PKHEADER structure is the most important and contains an offset of the first packet in the package from the beginning of a file, in bytes. This means that the first packet does not necessarily follow immediately after the header. The latest in the package header is a comment. The length of the comment is limited to 224 bytes (112 wide characters, including the null-terminating character). After the packet header may be located a Packet Relocation Table (PRT) of variable size that contains information for fast packets searching, but is not currently used and has a zero length. Following the PKHEADER and PRT begins a packets. Each packet consists of its own header and three data sections: Description, Info, and Data. Why three? Because so much easier to classify the data within the package. You will understand this when you try to use the library for their projects. A description of the packet (PKPACKET structure) shown in the following table. -------------------------------------------------------------------------------------------------- | PKPACKET | |--------------------------------------------------------------------------------------------------| | Offset | Length | Purpose | |--------|--------|--------------------------------------------------------------------------------| | 0 | 4 | The size, in bytes, of the packet header structure (40 bytes) | |--------|--------|--------------------------------------------------------------------------------| | 4 | 4 | The size, in bytes, of the description block, max 8192 bytes (4096 characters) | |--------|--------|--------------------------------------------------------------------------------| | 8 | 4 | The size, in bytes, of the information block, max 64 KB | |--------|--------|--------------------------------------------------------------------------------| | 12 | 4 | The size, in bytes, of the data block, max 4 GB | |--------|--------|--------------------------------------------------------------------------------| | 16 | 8 | The 64-bit unique identifier of the packet | |--------|--------|--------------------------------------------------------------------------------| | 24 | 4 | The checksum (CRC32) of the compressed data, or zero if no compression | |--------|--------|--------------------------------------------------------------------------------| | 28 | 4 | The uncompressed data size, in bytes, or zero if no compression | |--------|--------|--------------------------------------------------------------------------------| | 32 | 8 | Reserved | |--------------------------------------------------------------------------------------------------| | Description | |--------------------------------------------------------------------------------------------------| | Information | |--------------------------------------------------------------------------------------------------| | Data | --------------------------------------------------------------------------------------------------The first member (DWORD) of the PKPACKET structure always contains the length, in bytes, of the packet header and currently is 40 bytes, but can be changed in the future. The second, third, and fourth members (DWORD) of the structure contains the lengths of the corresponding data sections, in bytes. If any section is missing, the value of its length is zero. A full packet length, in bytes, can be calculated by summing the four values is listed above. The fifth member (INT64) of the structure represents a unique packet identifier (ID). It is a 64-bit positive number that uniquely identifies a packet within the package. The sixth and seventh members (DWORD) of the PKPACKET structure is used only if a data of the Data sections are compressed, otherwise have a zero values. In the case of compression, the sixth member of the structure contains the exact data size of the Data section, in bytes, after uncompression. The last member (INT64) of the packet header is reserved for future use. Immediately after the packet header begins a three data sections that are described in more detail below. The Description section is the first in the packet and designed to store any text information. It may be, for example, the name of the file, in the case of adding a file into the packet, or just a short description of the data that is in the packet. The maximum length of the this section is 8 kilobytes (8,192 bytes) or 4096 wide characters (including the null-terminating character). The Info section immediately follows after the Description section. Here you can store any auxiliary binary data, for example, the attributes of the file, the date and time that a file was created, last accessed, and last modified., or something else. Alternatively, you can store in this section are small files such as cursors, icons, etc. The length of this section is limited to 64 kilobytes (65,535 bytes). The Data section is the third in the packet, and used to store main packet data. The maximum length of this section may be up to 4 gigabytes (4,294,967,295 bytes). Moreover, the data of this section can be compressed by using the native LZ algorithm (not the most optimal but fast enough). These three data sections represents a one packet, and must follow continuously each other that as shown above. Furthermore, any or all of these sections can be missing in the packet. Then after the first packet immediately begins another packet, if any, etc. As you can see, the .pkr files have a simple structure consisting of the sequential blocks of data. Especially for ease of use of packages, I wrote the UDF library which you can download below. A detailed description of each function you can find inside the library. Also, the archive includes all the examples and supporting files. As an additional example, you can download the Package.pkr file containing the same files as the .zip archive, but only created by using this library. I hope this UDF library will be useful for your projects. Also, if anyone have any questions or comments, please post it in this thread. I will be glad to any feedback and constructive suggestions. Almost forgot, this library requires >WinAPIEx UDF library version 3.7 or later. Available functions Package UDF Library v1.0 Package.zip Examples Extracting file (Simple) Adding binary data (Simple) Extracting binary data (Simple) Addition Extraction GUI (Advanced)
-
Hi, I have worked on a project for a friend and it needed to retreive some data in UDP packets, it was a challenge because I didn't know anything about that packets, and after few days of work I have managed to do what I wanted. The hardest part was to set a very strict filter for the cpu usage and for the script optimisation, so here is one : ;use filters with _PcapStartCapture ;retreive only tcp packets containing AABBCCDD, at the start of 8 and with a length of 4; like the StringMid func. tcp[8:4] == 0xAABBCCDD ;8th byte from the beginning of the tcp DATA, 4bytes length; always include the 0x to specify you are dealing with hex. And some funcs to split the different data from packets : ;$hCapture is the handle returned by _PcapStartCapture ; #FUNCTION# ==================================================================================================================== ; Name...........: _TCP_Recv ; Description ...: Retreives a TCP Packet and returns its data splitted ; Syntax.........: _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _UDP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aTCPPacket[21] $aTCPPacket[0] = StringMid($aPacket[3], 3, 12) ;Destination Mac Address $aTCPPacket[1] = StringMid($aPacket[3], 15, 12) ;Source Mac Address $aTCPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aTCPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aTCPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aTCPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aTCPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aTCPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aTCPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aTCPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aTCPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aTCPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aTCPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aTCPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aTCPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aTCPPacket[15] = StringMid($aPacket[3], 79, 8) ;Sequence number $aTCPPacket[16] = StringMid($aPacket[3], 87, 8) ;Acknowledgment number $aTCPPacket[17] = StringMid($aPacket[3], 95, 4) ;Flags $aTCPPacket[18] = StringMid($aPacket[3], 99, 4) ;Window size value $aTCPPacket[19] = StringMid($aPacket[3], 103, 4) ;Checksum ;107 to 110 = NULL data $aTCPPacket[20] = StringTrimLeft($aPacket[3], 110) ;Data Return $aTCPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_TCP_Recv ; #FUNCTION# ==================================================================================================================== ; Name...........: _UDP_Recv ; Description ...: Retreives an UDP Packet and returns its data splitted ; Syntax.........: _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _TCP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aUDPPacket[18] $aUDPPacket[0] = StringMid($aPacket[3], 3, 12) ;Source Mac Address $aUDPPacket[1] = StringMid($aPacket[3], 15, 12) ;Destination Mac Address $aUDPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aUDPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aUDPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aUDPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aUDPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aUDPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aUDPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aUDPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aUDPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aUDPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aUDPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aUDPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aUDPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aUDPPacket[15] = StringMid($aPacket[3], 79, 4) ;Length $aUDPPacket[16] = StringMid($aPacket[3], 83, 4) ;Checksum $aUDPPacket[17] = StringTrimLeft($aPacket[3], 86) ;Data Return $aUDPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_UDP_Recv ;for example convert the packet's source/dest IP Address to text ; #FUNCTION# ==================================================================================================================== ; Name...........: _HexIPAddressToText ; Description ...: Converts Hex IP Adress to text ; Syntax.........: _HexIPAddressToText($vhexIPAddress) ; Parameters ....: $vIPAddress - IP Address v4 (string, int) ; Return values .: Success - Converted IP Address ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _HexIPAddressToText($vhexIPAddress) Local $sIPAddress For $iOffset = 1 To 8 Step 2 $sIPAddress &= Dec(StringMid($vhexIPAddress, $iOffset, 2)) & "." Next Return StringTrimRight($sIPAddress, 1) EndFunc ;==>_UDP_DecodeIPAddress Ops, almost forgot the Winpcap UDF available here : http://opensource.grisambre.net/pcapau3/ PS : If you find this helpful, please "like"/rate this post. Enjoy