zatorg

Hey Ajomon, I think that what you are basically looking at is an adaptation of the original example script <server.au3> which accepts multiple connections and then waits for Winsock to notify about events regarding those connections (e.g. in your case, you'd be interested in being notified about (and reading) received data as well as knowing which client in particular sent you that data -- and it's all in that script). http://www.autoitscript.com/forum/index....le=attach&section=attach&attach_id=14413 (I hope this is reachable by all users; in any case, it's attached in this post: http://www.autoitscript.com/forum/index....?showtopic=45189&view=findpost&p=336722) I think that the original script will no longer work due to AutoIt language changes (unfortunately, I no longer have AutoIt around), but e.g. rover has addressed one of the issues here. On a very abstract level, what you need to do is to have an array of sockets (connection identifiers). When you establish all the connections with the clients (see source code of the script), you do whatever you want. Once data from a specific client is received, OnSocketEvent() is called. This line determines which client has sent the data (it is the socket number in your array of sockets): Local $nSocket = $iMsgID - $WM_USER - 1 In order for this to work, you have to previously inform WinSock that for each socket, you want to receive a specific ID ($iMsgID): (this is executed when a new connection has been accepted; on each such event, FreeSock() is called which returns the number of an unused element in the array of sockets) _ASockSelect( $hSockets[ $iFreeSock ], $hNotifyGUI, $WM_USER + $iFreeSock + 1, BitOR( $FD_READ, $FD_WRITE, $FD_CLOSE ) ) _ASockSelect() "registers" the socket in the sense that it tells Winsock to notify the program when certain events that interest us (in this case, receival of data, closure of the connection and perfect conditions to send data to that client (this last one is not that interesting)) take place. Notice the "$WM_USER + $iFreeSock + 1" part: $iFreeSock is the number of an unused element in the socket array ($iFreeSock stores the number returned by FreeSock()); "$WM_USER + 1" is needed because the notification process uses Windows Graphics Device callback mechanism; what this means is that the mechanism might send events unrelated to the socket concerned (it might be about the dummy GUI window needed to receive notifications from Winsock). Starting with a constant "WM_USER" + 1 (WM_USER is the last (biggest) constant still reserved for Winsock-unrelated events), you are free to choose a number that will be received by OnSocketEvent(). In this script, the number is basically the socket's in question position in the array. Perhaps you can tell why your current implementation (which, as I understand, uses AutoIt's built-in socket functions) does not satisfy you? I gather you want to do more useful stuff (e.g. handle the GUI) rather than just poll for socket events which Winsock can do for you? If so, then maybe you just need to adapt the script <server.au3> - if I'm totally wrong, maybe you can paste relevant excerpts of your code here/somewhere that we can look at. Edit: oh, sorry, I haven't actually answered your question - yes (see server.au3 - the part in OnSocketEvent() where there is a TrayTip displayed telling what and from where was received - you could simply change that line(s) to TCPSend($hSocket, "response data")) Edit 2: I also forgot to mention that in order to "register" a socket, you also need to GUIRegisterMsg($id_to_use, "FunctionName"): For $i = 0 To $N_MAXSOCKETS - 1 $hSockets[ $i ] = -1 GUIRegisterMsg( $WM_USER + 1 + $i, "OnSocketEvent" ) Next In this script, it is done before any actual socket operations (listening etc.) are performed.

Oh, so this is what you want to do! Alright, good luck then. I suggest you using SoftICE to trace the program flow. It is also possible to search for a particular string etc.

Hey, I'm back. I hope I can help you. It seems what you need to do is to listen on a socket, accept connections, receive data from those connections, connect to remote host(s) and forward them the data received. This is more or less like tunneling. If you have any specific questions, don't hesitate asking. Good luck!!! And thanks everyone for the warm comments

NP, have fun Good luck

OK, here's a PoC but it's not tested cause my Windows is going nuts. Will prob switch to OS X Leopard some time soon #include <ASock.au3> Const $MYMSG = 1024 Global $bConnectResult = 0 Global $hSocket = -1 ;;; Const $IP2CONNECT2 = "127.0.0.1" Const $PORT2CONNECT2 = 42775 ;;; If Not TCPStartup( ) Then Exit 1 _StartConnecting( $IP2CONNECT2, $PORT2CONNECT2, "EventHandler" ) If @extended Then ConsoleWrite( "+> Connected IMMEDIATELY. You have a darn good connection..." & @CRLF ) Else; Wait for the result of the connection attempt. Do Sleep( 100 ) Until $bConnectResult <> 0; $bConnectResult = 0 => connecting // = 1 => connected // = -1 => failed EndIf If $bConnectResult = -1 Then ConsoleWrite( "+> FAILED to connect to " & $IP2CONNECT2 & ":" & $PORT2CONNECT2 & "." & @CRLF ) Else ConsoleWrite( "+> YAY, connected!!! :)" & @CRLF ) TCPSend( $hSocket, "Howdy!" ) ; Will catch any response in "EventHandler". You can, however, TCPRecv() but this will be the usual BLOCKING function. ; Thus, you shouldn't use TCPRecv() :) ; Do whatever you desire.... While $bConnectResult = 1 TCPSend( $hSocket, "Fl000d..." ) Sleep( 1000 ) WEnd EndIf TCPCloseSocket( $hSocket ) TCPShutdown( ) Exit 0 Func EventHandler _ ( _ $hWnd, _ ; Equals to $hNotifyGUI (see _StartConnecting()) $iMsgID, _ ; Equals to $MYMSG if it's coming from Winsock $WParam, _ ; Equals to $hSocket $LParam _ ; Mixture of an error encountered (if any) and the type of event ) Local $iError = _HiWord( $LParam ); If $iError = 0 then it means the event indicates a success Local $iEvent = _LoWord( $LParam ); The event: connected / failed to conenct / data received / perfect conditions to send / conn closed Local $sDataBuff If $iMsgID = $MYMSG Then; Winsock, not Windows GDI Switch $iEvent Case $FD_CONNECT If $iError <> 0 Then $bConnectResult = -1; Failed to connect. Else $bConnectResult = 1; Connected! EndIf Case $FD_WRITE If $iError <> 0 Then $bConnectResult = -1; Error related to TCPSend(), probably failed sending data. EndIf Case $FD_READ If $iError <> 0 Then $bConnectResult = -1; Failed while attempting to receive data. Else ; Data arrived! $sDataBuff = TCPRecv( $hSocket, 65536 ); 64K buffer ConsoleWrite( "+> " & $IP2CONNECT2 & " says: " & $sDataBuff & @CRLF ) EndIf Case $FD_CLOSE ConsoleWrite( "+> Connection _gracefully_ closed." & @CRLF ) $bConnectResult = -1 EndSwitch EndIf EndFunc Func _StartConnecting( $sIP, $iPort, $sFunc ) Local $hNotifyGUI $hSocket = _ASocket( ) If @error Then Return False Local $hNotifyGUI = GUICreate( "notify" ) _ASockSelect( $hSocket, $hNotifyGUI, $MYMSG, BitOR( $FD_READ, $FD_WRITE, $FD_CONNECT, $FD_CLOSE ) ) If @error Then Return False GUIRegisterMsg( $MYMSG, $sFunc ) _ASockConnect( $hSocket, $sIP, $iPort ) If @extended Then; Have connected IMMEDIATELY, no point in waiting for _ASockConnect() result SetExtended( 1 ) Return True EndIf ; Connection attempt issued. Return True EndFunc

Right, will try if I find some time. And that's either NOW or Saturday, cause will be totally N/A all this week.

Hey,ooh, it has been a long time since I last visited these forums... Let me see. Which part don't you understand? I admit it's a bit confusing with all those new function names etc. Maybe I should comment on what the script does?

I like the concept.. hell, every program needing to be debugged could "talk" to a debug/whatever handler like this I suppose one is not able to get a pointer to an inner AutoIt variable :/ Though this would be useful.. Mm

And yes you're right, like I said (or haven't I? Amnesia ) this could be done in AutoIt3.. Anyway: If one is using small variables and he/she needs to share them between processes, CreateFileMapping() is easy and efficient. If one wants to share large memory regions, I suggest he/she using memory allocation the "normal" way (malloc(), or DllStructCreate() in AutoIt), and then accessing that memory from another process..Just a thought..

HANDLE WINAPI CreateFileMapping( HANDLE [i]hFile[/i], Darn! CreateFileMapping() always allocates memory on a physical hard disk, not in physical memory This means that DllStructCreate() / memory allocation at runtime should (only thought, no experience) be faster than CreateFileMapping(). Although CreateFileMapping() is intended for shared memory access etc. and DllStructCreate() is not, DllStructCreate() may allocate memory pages in physical memory whereas CreateFileMapping (darn I'm stupid) allocates memory on a paging file. => Either way, memory is allocated on the hard disk, not in the real (physical) RAM. Edit: some mistakes..

(Have been away for some time..) Physical memory is the memory in RAM disks. When an OS runs out of physical RAM, it uses virtual memory (setting up VM). Windows allocates a paging file (PF, typically pagefile.sys) on the hard disk to use it instead of physical RAM when running low on free physical memory. So when one isn't using physical memory ("real" RAM) then he/she is using virtual memory which is on a hard disk thus much slower to read/write to. (Actually, to be accurate virtual memory is physical memory plus "swap" (paging/swap files)) Anyway, sorry for the ignorance, too lazy and haven't got much time.

Try GNU's g++, it's open source (default in Code::Blocks and Dev-Cpp IDE). An alternative would be Microsoft Visual C++ or Microsoft Visual Studio. I suppose Visual Studio is the best choice when programming Windows applications.

Nice. Simple and pretty CreateFileMapping( INVALID_HANDLE_VALUE, // ... Question: why do you want to explicitly use swap? I mean, using physical memory would be faster... And now, everytime the memory is accessed, a paging fault occurs and the system moves the data from pagefile.sys (or whatever) to physical RAM... :/ Anyway, I like the simplicity

Concerning the ApiHook: as I understand, you hook the Beep() API function inserting a modified header... So theoretically one can create a userland rootkit using AutoIt3!

Have just noticed this topic. Very nice work! Thank you! int (*_cb)(char*) = pcb;So this creates a symbol "_cb" which represents a function which takes an array of chars (pointer to char) and returns an int... pcb is the function pointer which is received by cdecl_test()... correct me if I'm wrong. Nice assembly, thanks again! Edit: by 'symbol "_cb"' I mean pointer to function which accepts char* and returns int