Description: Drive level domain hijacking is to visit A.com to b.com, of course, if A is dropping into access, it becomes blocked designated site. First discovered by capturing tool, visit a website, (if there is no local DNS cache of the site) will first send a DNS query packets (UDP), then establish a connection with the site, and then send http request packet. Observe the contents of the package, we need to change the target packet sent our goal, then put the package in response to the things we turn to come back, that is, superiors and subordinates. Code much focus is to demonstrate how to get the contents of TCP and UDP packets received. Only applies to XP: bin will www.baidu.com hijacked to ip138.com
To Search:
File list (Check if you may need any files):
DNS_Redirect\makefile
............\sources
............\DNS_Redirect.c
............\buildchk_wxp_x86.log
............\objchk_wxp_x86\_objects.mac
............\..............\i386\DNS_Redirect.sys
............\..............\i386
............\objchk_wxp_x86
DNS_Redirect