flat assembler
Message board for the users of flat assembler.

Index > Main > socket raw sniffer nasm xpsp2

Author
Thread Post new topic Reply to topic
gavin



Joined: 20 Jul 2008
Posts: 23
gavin 10 Aug 2008, 02:39
My program for some strange reason only receives icmp echo replies and doesn't capture anything else.
It's supposed to capture all traffic .

If someone would be so kind as to compile my code on a different windows xp version I would appreciate it .


Code:
;Connection

; 1.  Initialize WSA  WSAStartup().
; 2. Create a raw socket  socket().
;3.  Bind the socket to interface  bind().
;4. Set socket to promiscuous mode - WSAIoctl()


;compile with:
;   NASMW.EXE -fobj sniff.asm
;link with:
;   ALINK.EXE sniff.obj -c -oPE -subsys console



%include "D:\programming\nasm\include\windows.inc"


EXTERN __getmainargs
IMPORT __getmainargs Msvcrt.dll
EXTERN ExitProcess
IMPORT ExitProcess kernel32.dll
EXTERN printf
IMPORT printf Msvcrt.dll 
EXTERN WSAStartup
IMPORT WSAStartup Ws2_32.dll
EXTERN WSAGetLastError
IMPORT WSAGetLastError Ws2_32.dll
EXTERN socket
IMPORT socket Ws2_32.dll
EXTERN htons 
IMPORT htons Ws2_32.dll
EXTERN inet_addr
IMPORT inet_addr Ws2_32.dll 
EXTERN closesocket
IMPORT closesocket Ws2_32.dll
EXTERN WSACleanup
IMPORT WSACleanup  Ws2_32.dll
EXTERN connect
IMPORT connect Ws2_32.dll
EXTERN bind
IMPORT bind Ws2_32.dll
EXTERN send
IMPORT send Ws2_32.dll
EXTERN recv
IMPORT recv Ws2_32.dll
EXTERN WSAIoctl
IMPORT WSAIoctl Ws2_32.dll
EXTERN strtol
IMPORT strtol Msvcrt.dll
EXTERN memcpy
IMPORT memcpy Msvcrt.dll
EXTERN memset
IMPORT memset Msvcrt.dll  
EXTERN gethostname
IMPORT gethostname Ws2_32.dll

STRUC  IPHEADER
  ip_hlv            RESB 1
  ip_tos            RESB 1
  ip_len            RESW 1 
  ip_id             RESW 1  
  ip_off            RESW 1                
  ip_ttl            RESB 1               
  ip_p              RESB 1                
  ip_cksum          RESW 1
  ip_src            RESD 1
  ip_dest           RESD 1
ENDSTRUC

STRUC  TCPHEADER;
  source_port       RESW 1 
  destination_port  RESW 1 
  seq_number        RESD 1       
  ack_number        RESD 1      
  info_ctrl         RESW 1    
  window            RESW 1       
  checksum          RESW 1 
  urgent_pointer    RESW 1 
ENDSTRUC


STRUC WSADATA 
  wVersion          RESW 1 
  wHighVersion      RESW 1 
  szDescription     RESB 256+1 
  szSystemStatus    RESB 128+1
  iMaxSockets       RESW 1
  iMaxUdpDg         RESW 1
  lpVendorInfo      RESW 1
ENDSTRUC


STRUC SOCKADDR_IN
  sin_family        RESW 1              
  sin_port              RESW 1              
  sin_addr              RESB 4              
  sin_zero              RESB 8              
ENDSTRUC


        
segment .DATA USE32

    CR             equ 0Dh
    LF               equ 0Ah
   SIO_RCVALL    equ 98000001h
 maxpacketsize equ 65535

    wsaData       dd WSADATA         
    sockAddr      dd SOCKADDR_IN            
    tcpHeader    dd TCPHEADER;
    ipHeader      dd IPHEADER
     
    argc          dd 1                           
       argv          dd 255                        
        env           dd 1
    InBuffer      dd 0
        BytesReturned dd 0
    bytesread     dd 0
        ipaddress     db "192.168.1.1",0

segment .DATA? USE32

    tempbuff resb 1024    
    packet times 65535 db 00h
   hSocket resd 1
      
segment .code USE32

..start

;-------------------
;startup code
;-------------------

start:
    push dword 0
    push dword env
     push dword argv
     push dword argc
    call[__getmainargs]
  add esp,16
  
    
;-----------------------------------------
;initialize the winsock library
;-----------------------------------------

    push dword wsaData 
    push dword 2
  call [WSAStartup]
   
;-----------------------
;Create a socket
;-----------------------

    push dword IPPROTO_IP
       push dword SOCK_RAW
 push dword AF_INET
  call [socket]
       mov [hSocket],eax
   
    
;---------------------------------------
;initialise the structure
;---------------------------------------

    push dword ipaddress
       call [inet_addr]
    mov [sockAddr+sin_addr],eax

    mov[sockAddr+sin_family],dword AF_INET
       ;mov[sockAddr+sin_addr],dword INADDR_ANY
    
    push dword 0
    call[htons]
    mov [sockAddr+sin_port],ax
   
;---------------------------------------
;bind socket to address
;---------------------------------------     
     
   push dword 16
       push dword sockAddr
 push dword [hSocket]
        call[bind]
  
;------------------------------------------
;Set socket to promiscuous mode
;------------------------------------------

    push dword 0
    push dword 0
    push dword BytesReturned
    push dword 0
   push dword 0
        push dword 4
        push dword InBuffer         
        push dword SIO_RCVALL      
 push dword[hSocket]         
        call[WSAIoctl]
      
    
    
;------------------------------------------
;recieve packets
;------------------------------------------
    looptop:
      push dword 0
        push dword 1024
     push dword tempbuff         ;<-watch this with the debugger to look at packet
    push dword[hSocket]
 call [recv]
    jmp looptop  

        
;------------------------------------------
;
;------------------------------------------     
    
    
    
    push dword 0
        call[ExitProcess]  
 
    
    
    




Code:
00402000  45 00 00 3C 69 F3 00 00  E..<ió..
00402008  FF 01 CD 7D C0 A8 01 FE  ÿÍ}À¨þ  ;second bye from the left is the protocol 01 is for icmp
00402010  C0 A8 01 01 00 00 B3 5A  À¨..³Z
00402018  02 00 A0 01 61 62 63 64  . abcd
00402020  65 66 67 68 69 6A 6B 6C  efghijkl
00402028  6D 6E 6F 70 71 72 73 74  mnopqrst
00402030  75 76 77 61 62 63 64 65  uvwabcde
00402038  66 67 68 69 00 00 00 00  fghi....
    
Post 10 Aug 2008, 02:39
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 11 Aug 2008, 06:49
I think, filter driver is what you need. Maybe WinPcap will help? It comes with source, devpack, documentation...

Raw winsockets is way too restricted in intercepting network traffic.
Post 11 Aug 2008, 06:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.