zatorg

Hey Ajomon, I think that what you are basically looking at is an adaptation of the original example script <server.au3> which accepts multiple connections and then waits for Winsock to notify about events regarding those connections (e.g. in your case, you'd be interested in being notified about (and reading) received data as well as knowing which client in particular sent you that data -- and it's all in that script). http://www.autoitscript.com/forum/index....le=attach&section=attach&attach_id=14413 (I hope this is reachable by all users; in any case, it's attached in this post: http://www.autoitscript.com/forum/index....?showtopic=45189&view=findpost&p=336722) I think that the original script will no longer work due to AutoIt language changes (unfortunately, I no longer have AutoIt around), but e.g. rover has addressed one of the issues here. On a very abstract level, what you need to do is to have an array of sockets (connection identifiers). When you establish all the connections with the clients (see source code of the script), you do whatever you want. Once data from a specific client is received, OnSocketEvent() is called. This line determines which client has sent the data (it is the socket number in your array of sockets): Local $nSocket = $iMsgID - $WM_USER - 1 In order for this to work, you have to previously inform WinSock that for each socket, you want to receive a specific ID ($iMsgID): (this is executed when a new connection has been accepted; on each such event, FreeSock() is called which returns the number of an unused element in the array of sockets) _ASockSelect( $hSockets[ $iFreeSock ], $hNotifyGUI, $WM_USER + $iFreeSock + 1, BitOR( $FD_READ, $FD_WRITE, $FD_CLOSE ) ) _ASockSelect() "registers" the socket in the sense that it tells Winsock to notify the program when certain events that interest us (in this case, receival of data, closure of the connection and perfect conditions to send data to that client (this last one is not that interesting)) take place. Notice the "$WM_USER + $iFreeSock + 1" part: $iFreeSock is the number of an unused element in the socket array ($iFreeSock stores the number returned by FreeSock()); "$WM_USER + 1" is needed because the notification process uses Windows Graphics Device callback mechanism; what this means is that the mechanism might send events unrelated to the socket concerned (it might be about the dummy GUI window needed to receive notifications from Winsock). Starting with a constant "WM_USER" + 1 (WM_USER is the last (biggest) constant still reserved for Winsock-unrelated events), you are free to choose a number that will be received by OnSocketEvent(). In this script, the number is basically the socket's in question position in the array. Perhaps you can tell why your current implementation (which, as I understand, uses AutoIt's built-in socket functions) does not satisfy you? I gather you want to do more useful stuff (e.g. handle the GUI) rather than just poll for socket events which Winsock can do for you? If so, then maybe you just need to adapt the script <server.au3> - if I'm totally wrong, maybe you can paste relevant excerpts of your code here/somewhere that we can look at. Edit: oh, sorry, I haven't actually answered your question - yes (see server.au3 - the part in OnSocketEvent() where there is a TrayTip displayed telling what and from where was received - you could simply change that line(s) to TCPSend($hSocket, "response data")) Edit 2: I also forgot to mention that in order to "register" a socket, you also need to GUIRegisterMsg($id_to_use, "FunctionName"): For $i = 0 To $N_MAXSOCKETS - 1 $hSockets[ $i ] = -1 GUIRegisterMsg( $WM_USER + 1 + $i, "OnSocketEvent" ) Next In this script, it is done before any actual socket operations (listening etc.) are performed.

Oh, so this is what you want to do! Alright, good luck then. I suggest you using SoftICE to trace the program flow. It is also possible to search for a particular string etc.

Hey, I'm back. I hope I can help you. It seems what you need to do is to listen on a socket, accept connections, receive data from those connections, connect to remote host(s) and forward them the data received. This is more or less like tunneling. If you have any specific questions, don't hesitate asking. Good luck!!! And thanks everyone for the warm comments

NP, have fun Good luck

OK, here's a PoC but it's not tested cause my Windows is going nuts. Will prob switch to OS X Leopard some time soon #include <ASock.au3> Const $MYMSG = 1024 Global $bConnectResult = 0 Global $hSocket = -1 ;;; Const $IP2CONNECT2 = "127.0.0.1" Const $PORT2CONNECT2 = 42775 ;;; If Not TCPStartup( ) Then Exit 1 _StartConnecting( $IP2CONNECT2, $PORT2CONNECT2, "EventHandler" ) If @extended Then ConsoleWrite( "+> Connected IMMEDIATELY. You have a darn good connection..." & @CRLF ) Else; Wait for the result of the connection attempt. Do Sleep( 100 ) Until $bConnectResult <> 0; $bConnectResult = 0 => connecting // = 1 => connected // = -1 => failed EndIf If $bConnectResult = -1 Then ConsoleWrite( "+> FAILED to connect to " & $IP2CONNECT2 & ":" & $PORT2CONNECT2 & "." & @CRLF ) Else ConsoleWrite( "+> YAY, connected!!! :)" & @CRLF ) TCPSend( $hSocket, "Howdy!" ) ; Will catch any response in "EventHandler". You can, however, TCPRecv() but this will be the usual BLOCKING function. ; Thus, you shouldn't use TCPRecv() :) ; Do whatever you desire.... While $bConnectResult = 1 TCPSend( $hSocket, "Fl000d..." ) Sleep( 1000 ) WEnd EndIf TCPCloseSocket( $hSocket ) TCPShutdown( ) Exit 0 Func EventHandler _ ( _ $hWnd, _ ; Equals to $hNotifyGUI (see _StartConnecting()) $iMsgID, _ ; Equals to $MYMSG if it's coming from Winsock $WParam, _ ; Equals to $hSocket $LParam _ ; Mixture of an error encountered (if any) and the type of event ) Local $iError = _HiWord( $LParam ); If $iError = 0 then it means the event indicates a success Local $iEvent = _LoWord( $LParam ); The event: connected / failed to conenct / data received / perfect conditions to send / conn closed Local $sDataBuff If $iMsgID = $MYMSG Then; Winsock, not Windows GDI Switch $iEvent Case $FD_CONNECT If $iError <> 0 Then $bConnectResult = -1; Failed to connect. Else $bConnectResult = 1; Connected! EndIf Case $FD_WRITE If $iError <> 0 Then $bConnectResult = -1; Error related to TCPSend(), probably failed sending data. EndIf Case $FD_READ If $iError <> 0 Then $bConnectResult = -1; Failed while attempting to receive data. Else ; Data arrived! $sDataBuff = TCPRecv( $hSocket, 65536 ); 64K buffer ConsoleWrite( "+> " & $IP2CONNECT2 & " says: " & $sDataBuff & @CRLF ) EndIf Case $FD_CLOSE ConsoleWrite( "+> Connection _gracefully_ closed." & @CRLF ) $bConnectResult = -1 EndSwitch EndIf EndFunc Func _StartConnecting( $sIP, $iPort, $sFunc ) Local $hNotifyGUI $hSocket = _ASocket( ) If @error Then Return False Local $hNotifyGUI = GUICreate( "notify" ) _ASockSelect( $hSocket, $hNotifyGUI, $MYMSG, BitOR( $FD_READ, $FD_WRITE, $FD_CONNECT, $FD_CLOSE ) ) If @error Then Return False GUIRegisterMsg( $MYMSG, $sFunc ) _ASockConnect( $hSocket, $sIP, $iPort ) If @extended Then; Have connected IMMEDIATELY, no point in waiting for _ASockConnect() result SetExtended( 1 ) Return True EndIf ; Connection attempt issued. Return True EndFunc

Right, will try if I find some time. And that's either NOW or Saturday, cause will be totally N/A all this week.

Hey,ooh, it has been a long time since I last visited these forums... Let me see. Which part don't you understand? I admit it's a bit confusing with all those new function names etc. Maybe I should comment on what the script does?

I like the concept.. hell, every program needing to be debugged could "talk" to a debug/whatever handler like this I suppose one is not able to get a pointer to an inner AutoIt variable :/ Though this would be useful.. Mm

And yes you're right, like I said (or haven't I? Amnesia ) this could be done in AutoIt3.. Anyway: If one is using small variables and he/she needs to share them between processes, CreateFileMapping() is easy and efficient. If one wants to share large memory regions, I suggest he/she using memory allocation the "normal" way (malloc(), or DllStructCreate() in AutoIt), and then accessing that memory from another process..Just a thought..

HANDLE WINAPI CreateFileMapping( HANDLE [i]hFile[/i], Darn! CreateFileMapping() always allocates memory on a physical hard disk, not in physical memory This means that DllStructCreate() / memory allocation at runtime should (only thought, no experience) be faster than CreateFileMapping(). Although CreateFileMapping() is intended for shared memory access etc. and DllStructCreate() is not, DllStructCreate() may allocate memory pages in physical memory whereas CreateFileMapping (darn I'm stupid) allocates memory on a paging file. => Either way, memory is allocated on the hard disk, not in the real (physical) RAM. Edit: some mistakes..

(Have been away for some time..) Physical memory is the memory in RAM disks. When an OS runs out of physical RAM, it uses virtual memory (setting up VM). Windows allocates a paging file (PF, typically pagefile.sys) on the hard disk to use it instead of physical RAM when running low on free physical memory. So when one isn't using physical memory ("real" RAM) then he/she is using virtual memory which is on a hard disk thus much slower to read/write to. (Actually, to be accurate virtual memory is physical memory plus "swap" (paging/swap files)) Anyway, sorry for the ignorance, too lazy and haven't got much time.

Try GNU's g++, it's open source (default in Code::Blocks and Dev-Cpp IDE). An alternative would be Microsoft Visual C++ or Microsoft Visual Studio. I suppose Visual Studio is the best choice when programming Windows applications.

Nice. Simple and pretty CreateFileMapping( INVALID_HANDLE_VALUE, // ... Question: why do you want to explicitly use swap? I mean, using physical memory would be faster... And now, everytime the memory is accessed, a paging fault occurs and the system moves the data from pagefile.sys (or whatever) to physical RAM... :/ Anyway, I like the simplicity

Concerning the ApiHook: as I understand, you hook the Beep() API function inserting a modified header... So theoretically one can create a userland rootkit using AutoIt3!

Have just noticed this topic. Very nice work! Thank you! int (*_cb)(char*) = pcb;So this creates a symbol "_cb" which represents a function which takes an array of chars (pointer to char) and returns an int... pcb is the function pointer which is received by cdecl_test()... correct me if I'm wrong. Nice assembly, thanks again! Edit: by 'symbol "_cb"' I mean pointer to function which accepts char* and returns int

This is nice because this can be used in other languages as well.. I mean AutoIt has Execute() but this is AutoIt-specific. Nice and thanks!

Ah I see Cool, will test it as soon as I can. Thank you for your continued contribution to this great thing!

Compile the script. Then either run it with the parameter "/c" or put the compiled EXE (if you want it to load faster, make the compiler not to UPX it) into %windir%\system32 changing the extension from ".exe" to ".scr". Then go to "Display Properties" (ie right-click on Desktop and choose "Properties") -> Screen Saver -> Choose the one which name matches the freshly made .scr -> Click on "Settings".

Like Al Pacino in "Scent of a Woman" said, whoo-aa! Nice work. This will take some reading time to understand.. And all the work (a fully working screensaver) that has been done to get this - THANKS! Local $x = $x_radius + Sin($x_frequency1 * (($x_phase1 + $i_) / 100 + $frame)) * ($x_amplitude1 / 100) * $x_radius Local $y = $y_radius + Cos($y_frequency1 * (($y_phase1 + $i_) / 100 + $frame)) * ($y_amplitude1 / 100) * $y_radius $x += Sin($x_frequency2 * (($x_phase2 + $i_) / 100 + $frame)) * ($x_amplitude2 / 100) * $x_radius $y += Cos($y_frequency2 * (($y_phase2 + $i_) / 100 + $frame)) * ($y_amplitude2 / 100) * $y_radiusOMFG Edit: Global Const $pi = 3.1415926535897932384626433832795028841971693993751058209749445923078164062Note that AutoIt strips everything past the tenth fraction (a nature of floats/doubles in C) so all this is not necessary...

Nice. Someone has finally adapted UDP... Concerning the UDP vs TCP, well, UDP is faster because the packet headers are not so complicated..

Very nice... I suppose a lot of effort was put into this

Hey Apocalypse, have just read your post, maybe you've already figured it out, but I'll still explain it a bit. So as I understand, you're trying to write some sort of a sniffer (by 'prespecified IP' you mean a local interface IP?). If so, well, some time ago I've written a minisniffer for my classmate... It's in Lithuanian besides being commented in Lithuanian as well... Whatever. Here are the microsources k.jakeliunas.com/sniukst Anyway, I will tell you how sniffing is done. Basically, you create a RAW (not a TCP nor UDP) socket: SOCKET s = socket( AF_INET, SOCK_RAW, IPPROTO_IP ); (You have to be an admin to create a RAW socket).Next, you bind() it to your preferred local interface. char name[ 256 ]; hostent * pHE; sockaddr_in sa; gethostbyname( name ); // get the name of localhost pHE = gethostbyname( name ); // get info about localhost inc. the local IP ZeroMemory( &sa, sizeof( sockaddr_in ) ); sa.sin_family = AF_INET; sa.sin_addr.s_addr = // fill the struct: the IP to bind to ( (in_addr *) // cast pHE->h_addr_list[ 0 ] // the first occurence ) -> s_addr; // it holds various info. We need the IP // then you bind() like this: bind( s, (SOCKADDR *) /* cast again */ &sa, sizeof( SOCKADDR ) )And then, you put the socket into promiscous mode. When the socket is in promiscous mode, it receives ALL the data that passes through your LAN/WLAN card. Pretty nifty [see the sources for how it is done, I'm too lazy to comment... Or refer to MSDN instead...] And then, you poll for data with the usual recv(): for(;; ) { i /* how much received */ = recv( s, Buffer, sizeOfTheBuffer, 0 ); if( i <= 0 ) { // end of the game. } printf( "\n <<< A new packet has arrived >>>\n" ); for( j = 0; j < i; j ++ ) { if( (unsigned int) Buffer[ j ] >= 32 && (unsigned int) Buffer[ j ] <= 126 ) // if it's a writable char { putchar( Buffer[ j ] ); } else { putchar( '?' ); } } printf( "\n [End of Packet]\n" ); }You can change it to log everything to a file (with std.C's fprintf() or with C++'s <iostream>, should be pretty simple). As you can see, it's more like an example/PoC than a real program... Anyway, hope everything goes well (for some reason WSAIoctl() didn't work on my PC whereas it worked on my friend's. Anyway, if you remove WSAIoctl() you will only sniff the incoming traffic). Cheers Kostas

Great then. And thanks, yeah, I somehow missed it...

Alrighty here we go... A simple server... Start it, then connect to it with some client and send some data... Then disconnect from it. Notice that you don't have to poll on the sockets in the main While() loop. #include <ASock.au3> Const $MYMSG = 1024 ;;; Const $PORT2LISTEN = 42775 ;;; Global $hNotifyGUI = GUICreate( "notify" ) Global $hListen Global $hAccepted = -1 If Not TCPStartup( ) Then Exit 1 If Not _StartServer( "0.0.0.0", $PORT2LISTEN, "OnEvent" ) Then Exit 2 ConsoleWrite( "+> Waiting for connection on port #" & $PORT2LISTEN & "..." & @CRLF ) While $hAccepted = -1; You can alse use a flag like $bConnected which would be changed by OnAccept() ; when a connection is accepted... ; blah blah... WEnd ; Connection accepted! ConsoleWrite( "Connection accepted, socket #" & $hAccepted & @CRLF ) While $hAccepted <> -1; While still connected ; Do whatever you like here. ; Do GUI handling etc. WEnd TCPCloseSocket( $hListen ) TCPShutdown( ) Exit 0 ; This is called when an event has happened on a socket. Func OnEvent( $hWnd, $iMsgID, $WParam, $LParam ) Local $hSocket = $WParam; Get the socket involved (either $hListen or $hAccepted in this example) Local $iError = _HiWord( $LParam ); If error is 0 then the event indicates about a success Local $iEvent = _LoWord( $LParam ); The event: incoming conn / data received / perfect conditions to send / conn closed Local $sDataBuff If $iMsgID = $MYMSG Then; Winsock, not Windows GDI Switch $iEvent Case $FD_ACCEPT; Incoming connection! If $iError <> 0 Then Exit MsgBox( 16, "simpleServer error", "Failed to listen to " & $PORT2LISTEN & "." ) EndIf $hAccepted = TCPAccept( $hListen ) Case $FD_READ; Data has arrived! If $iError <> 0 Then TCPCloseSocket( $hAccepted ) $hAccepted = -1 Else $sDataBuff = TCPRecv( $hAccepted, 8192 ) If @error Then TCPCloseSocket( $hAccepted ) $hAccepted = -1 Else ConsoleWrite( "{{" & $sDataBuff & "}}" & @CRLF ) TrayTip( "Data has arrived!", $sDataBuff, 30 ) EndIf EndIf Case $FD_WRITE If $iError <> 0 Then TCPCloseSocket( $hAccepted ) $hAccepted = -1 EndIf Case $FD_CLOSE; Bye bye _ASockShutdown( $hAccepted ); Graceful shutdown. Sleep( 1 ) TCPCloseSocket( $hAccepted ) $hAccepted = -1 EndSwitch EndIf EndFunc Func _StartServer( $sIP, $iPort, $sFunc ) $hListen = _ASocket( ) If @error Then Return False _ASockSelect( $hListen, $hNotifyGUI, $MYMSG, BitOR( $FD_ACCEPT, $FD_READ, $FD_WRITE, $FD_CLOSE ) ) If @error Then Return False GUIRegisterMsg( $MYMSG, $sFunc ) _ASockListen( $hListen, $sIP, $iPort ) If @error Then Return False Return True EndFunc Cheers. Don't hesitate to ask what you don't understand... Edit: some foolish grammar. Edit2: slightly edited the script to TCPCloseSocket() properly. Not a bug, but still...

I second you.. Async stuff ain't simple Will try writing one when I have time (and that is today)...