Index
> Windows > Some Winsock Functions Questions..Goto page Previous 1, 2, 3, 4 Next |
| Author |
|
|
Overflowz 09 Nov 2010, 21:01
All right. If you're lazy just tell me someone what does SHR and ROR instrictuon does ? I found example here: http://www.daniweb.com/forums/thread111008.html but I have problem. Here's what I mean:
Code: mov eax,7 bswap eax ;eax=07000000 shr eax,5 ;If I guess EAX must be 00000070 but it gave me something like EAX=00380000 WHY ?  |
|||
09 Nov 2010, 21:01 |
|
|
asmhack 09 Nov 2010, 22:08
to shift 1 byte you write:
Code: shr eax,8*1 ;1 byte = 8 bits shift <> rotate just use olly dbg and watch the magic |
|||
|
09 Nov 2010, 22:08 |
|
|
windwakr 09 Nov 2010, 22:26
Overflowz wrote: All right. If you're lazy just tell me someone what does SHR and ROR instrictuon does ? I found example here: http://www.daniweb.com/forums/thread111008.html but I have problem. Here's what I mean: Your best friends are right here: http://www.intel.com/Assets/PDF/manual/253666.pdf http://www.intel.com/Assets/PDF/manual/253667.pdf |
|||
|
09 Nov 2010, 22:26 |
|
|
Overflowz 09 Nov 2010, 23:02
asmhack, right.. I forgot that grr!
windwakr, thanks but I don't understand much..  |
|||
|
09 Nov 2010, 23:02 |
|
|
Overflowz 10 Nov 2010, 00:05
Finally I wrote example but of course I have an error.. Here's my code and maybe someone will explain me why window is freezing ? Debugger says on "recv" function.. I think I'm not getting response from server.. Here's code.
Code: format PE console 4.0 include 'WIN32AX.INC' entry main section '.data' data readable writeable CR EQU 0x0D LF EQU 0x0A m_pause db "pause>NUL",0 g_header1 db "HEAD / HTTP/1.1",CR,LF sizeof.g_header1 = $ - g_header1 g_header2 db "Host:localhost",CR,LF sizeof.g_header2 = $ - g_header2 g_header3 db "Connection:Close",CR,LF sizeof.g_header3 = $ - g_header3 testbuffer rb 2000 szIp db "127.0.0.1",0 sizeof.szIp = $ - szIp hSock dd ? saddr sockaddr_in sizeof.saddr = $ - saddr wsaData WSADATA section '.text' code readable executable proc main invoke WSAStartup,0202h,wsaData invoke socket,AF_INET,SOCK_STREAM,0 mov [hSock],eax mov [saddr.sin_family],AF_INET invoke htons,80 mov [saddr.sin_port],ax invoke inet_addr,szIp mov [saddr.sin_addr],eax invoke connect,[hSock],saddr,sizeof.saddr invoke send,[hSock],g_header1,sizeof.g_header1,0 invoke send,[hSock],g_header2,sizeof.g_header2,0 invoke send,[hSock],g_header3,sizeof.g_header3,0 invoke recv,[hSock],testbuffer,2000,0 invoke closesocket,[hSock] invoke WSACleanup cinvoke printf,testbuffer cinvoke system,m_pause invoke ExitProcess,0 endp section '.idata' import data readable library user32,'user32.dll',\ kernel32,'kernel32.dll',\ ws2_32,'ws2_32.dll',\ msvcrt,'msvcrt.dll' include 'API\USER32.INC' include 'API\KERNEL32.INC' include 'API\WS2_32.INC' import msvcrt,printf,'printf',system,'system' section '.reloc' fixups data discardable |
|||
|
10 Nov 2010, 00:05 |
|
|
revolution 10 Nov 2010, 00:07
HTTP requires two CRLFs in sequence to close the request.
|
|||
|
10 Nov 2010, 00:07 |
|
|
Overflowz 10 Nov 2010, 00:12
Ahh.. What a MISS! Thanks it works perfect now!
|
|||
|
10 Nov 2010, 00:12 |
|
|
Overflowz 10 Nov 2010, 00:21
1 more question. If I need some data to be transformed but size is too much, how I can get data in "buffer" or somewhere else ? for example. I'm trying to GET /file.txt HTTP/1.1 and file.txt are like 10MB in size. How can I save result ? :/
|
|||
|
10 Nov 2010, 00:21 |
|
|
asmhack 10 Nov 2010, 11:22
you could replace:
Code: testbuffer rb 2000 ;with: hMem dd $0 and use win api: Code: invoke LocalAlloc,0,size mov [hMem],eax ... invoke LocalFree,[hMem] Last edited by asmhack on 10 Nov 2010, 16:34; edited 1 time in total |
|||
|
10 Nov 2010, 11:22 |
|
|
Overflowz 10 Nov 2010, 14:34
Hmm can you explain me what does hMem dd $0 and LocalAlloc = Allocation in stack I guess ? But I don't know what Alloc does exactly..
and If hMem is LocalAlloc Handle, How can I put data there ? Can you write little example how to store data there and then printf that data ? And 1 more question, when I'm allocating data in memory it uses memory right ? and if someone has for example 256 MB RAM there can't be done more then current RAM size allocation ? and 1 more question, if I need to download that file how can I do that ? maybe with WriteFile API but I don't understand how can I write data what I don't have received fully.. Help I'm stuck  |
|||
|
10 Nov 2010, 14:34 |
|
|
asmhack 10 Nov 2010, 16:53
recv can handle each time 65536 bytes maximum
so make a loop with recv to receive all the data you will also need the select function http://msdn.microsoft.com/en-us/library/ms740141(v=VS.85).aspx |
|||
|
10 Nov 2010, 16:53 |
|
|
Overflowz 10 Nov 2010, 18:10
mate I don't understand so much
( just write little example can you please ? and how to stop loop then ? I should compare eax to null-byte ? but if in text exists null-bytes too what the hell should I do then ? maybe check for EOF ? and how ? |
|||
|
10 Nov 2010, 18:10 |
|
|
drobole 11 Nov 2010, 09:52
Are you familiar with C?
I would suggest you do it in C first, then you know what to do and when to do it in asm. http://beej.us/guide/bgnet/output/html/singlepage/bgnet.html |
|||
|
11 Nov 2010, 09:52 |
|
|
Overflowz 11 Nov 2010, 11:52
drobole, if I knew C, in google are so many examples on C. But I don't know it.
ok another example. I'm stuck on recv loop thing.. what I'm doing wrong here ? Code: format PE console 4.0 include 'WIN32AX.INC' entry main section '.data' data readable writeable CR EQU 0x0D LF EQU 0x0A hSock dd ? hSock2 dd ? wsaData WSADATA saddr sockaddr_in sizeof.saddr = $ - saddr saddrlen dd sizeof.sockaddr_in w_startup db "Initializing winsock...",CR,LF,0 w_socket db "Creating new socket...",CR,LF,0 w_bind db "Binding on port 713...",CR,LF,0 w_listen db "Going on Listening State...",CR,LF,0 w_accept db "Success, Listening on port 714",CR,LF,0 o_msg db "Received request: " tmpBuff rb 4096 section '.text' code readable executable proc main cinvoke printf,w_startup invoke WSAStartup,0202h,wsaData cinvoke printf,w_socket invoke socket,AF_INET,SOCK_STREAM,0 mov [hSock],eax mov [saddr.sin_family],AF_INET mov [saddr.sin_addr],0 invoke htons,714 mov [saddr.sin_port],ax cinvoke printf,w_bind invoke bind,[hSock],saddr,sizeof.sockaddr_in cinvoke printf,w_listen invoke listen,[hSock],1 cinvoke printf,w_accept invoke accept,[hSock],saddr,saddrlen mov [hSock2],eax .recv_data: invoke recv,[hSock2],tmpBuff,4096,0 cmp [hSock2],0 je .process_data jmp .recv_data .process_data: cinvoke printf,o_msg invoke closesocket,[hSock] invoke WSACleanup endp section '.idata' import data readable library kernel32,'kernel32.dll',ws2_32,'ws2_32.dll',msvcrt,'msvcrt.dll' include 'API\KERNEL32.INC' include 'API\WS2_32.INC' import msvcrt,printf,'printf' section '.reloc' fixups data discardable buffer is 4096 bytes long and I'm trying to send 5000 bytes from "client". this is just server. but when I'm trying to recv in loop, it stucks.. Why I have error here ? :< WSAGetLastError shows nothing.. just looping infinitely.. |
|||
|
11 Nov 2010, 11:52 |
|
|
drobole 12 Nov 2010, 08:08
Hey,
I was playing around with your example and here is what I ended up with: Code: format PE console 4.0 include 'WIN32AX.INC' entry main section '.data' data readable writeable hSock dd ? hSock2 dd ? wsaData WSADATA saddr sockaddr_in sizeof.saddr = $ - saddr saddrlen dd sizeof.sockaddr_in w_startup db "Initializing winsock...",10,0 w_socket db "Creating new socket...",10,0 w_bind db "Binding on port 7100...",10,0 w_listen db "Going on Listening State...",10,0 w_accept db "Success, Listening on port 7100",10,0 tmpBuff rb 4096 section '.text' code readable executable proc main cinvoke printf, w_startup invoke WSAStartup, 0202h, wsaData cinvoke printf, w_socket invoke socket, AF_INET, SOCK_STREAM, 0 mov [hSock], eax mov [saddr.sin_family], AF_INET mov [saddr.sin_addr], 0 invoke htons, 7100 mov [saddr.sin_port], ax cinvoke printf, w_bind invoke bind, [hSock], saddr, sizeof.sockaddr_in cinvoke printf, w_listen invoke listen, [hSock], 1 cinvoke printf, w_accept invoke accept, [hSock], saddr, saddrlen mov [hSock2], eax recv_loop: invoke recv, [hSock2], tmpBuff, 4096, 0 cmp eax, 0 jle end_loop mov [tmpBuff + eax], 0 cinvoke printf, tmpBuff jmp recv_loop end_loop: invoke closesocket,[hSock2] invoke closesocket,[hSock] invoke WSACleanup endp section '.idata' import data readable library kernel32,'kernel32.dll',\ ws2_32,'ws2_32.dll',\ msvcrt,'msvcrt.dll' include 'API\KERNEL32.INC' include 'API\WSOCK32.INC' import ws2_32, WSAStartup, 'WSAStartup',\ WSACleanup, 'WSACleanup',\ socket, 'socket',\ htons, 'htons',\ bind, 'bind',\ listen, 'listen',\ accept, 'accept',\ recv, 'recv',\ closesocket, 'closesocket' import msvcrt, printf, 'printf' section '.reloc' fixups data discardable I am much more used to high level languages than assembly so this is probably not a good example, but it works... kinda... I did some obvious changes, like adding references to all the library functions (I had a file called API\WSOCK32.INC. You may have to change this back to API\WS2_32.INC to make it work for you) The other major change I did is inside this Code: recv_loop: invoke recv, [hSock2], tmpBuff, 4096, 0 cmp eax, 0 jle end_loop mov [tmpBuff + eax], 0 cinvoke printf, tmpBuff jmp recv_loop end_loop: cmp eax, 0 As far as I know the cmp instruction will set the ZERO flag (ZF) after comparing its operands. jle end_loop If the return value from recv (eax) is zero or less, we jump out of the loop. (0 = No more to read, -1 = error) mov [tmpBuff + eax], 0 recv does not add a EOL sign at the end of the buffer so we have to do it ourself cinvoke printf, tmpBuff jmp recv_loop Print and continue to read Note that I am using port number 7100. This port is a random choise, but make sure you choose a port number above 1024. Ports below that is reserved and may be restricted in unimaginable ways depending on your OS. You can test it by opening a console window and type: $ telnet localhost 7100 <type some text> CTRL-C (In the server console) If the telnet session is brutally closed, the server process seems to crash. I'm not quite sure why this happens Last edited by drobole on 12 Nov 2010, 10:53; edited 1 time in total |
|||
|
12 Nov 2010, 08:08 |
|
|
Overflowz 12 Nov 2010, 09:57
Hey, you've forgot ExitProcess.. but this example works nice but I don't understand why I should do mov [tmpBuff+eax],0 .. never mind I'll think about that. anyway thank you..
|
|||
|
12 Nov 2010, 09:57 |
|
|
drobole 12 Nov 2010, 10:09
mov [tmpBuff+eax],0
When you declare a string in the data segment you do this right hello_world db "Hello world",0 Notice that 0 at the end? Thats basically the EOL (end of line) sign. printf need that to know where the string ends. If you receive a buffer over the network, the recv function does not append this sign at the end of the buffer content, so if we received the hello_world string from the net the buffer would contain this: Hello world???????????... It makes sense becouse the recv function is also designed to work with other things than strings, so it can not add a 0 at the end. It basically doesn't know that what it just received was a string. PS. There might be something fishy with the cmp/jle logic in my example but I'm sure you can figure it out. At least the bytes get transferred =) |
|||
|
12 Nov 2010, 10:09 |
|
|
Overflowz 12 Nov 2010, 10:15
Ahh I got it but I mean if it would be binary file for example and I need to writefile that data. Should I move there [buff+eax],0 too ?
|
|||
|
12 Nov 2010, 10:15 |
|
|
drobole 12 Nov 2010, 10:24
In that case you dont want to do that, so you would remove that line, yes
 |
|||
|
12 Nov 2010, 10:24 |
|
| Goto page Previous 1, 2, 3, 4 Next < Last Thread | Next Thread > |
Forum Rules:
|