Sparcz, a tiny telnet server - MASM winsock example code
SparcZerver is a funny network utility, precision crafted for remote access of CDROM drive eject mechanism via an IP based network such as the Internet..! ie. it enables to open and close cdrom drive tray of the computer in which this program is running; from a telnet terminal of an other computer connected to the same network. It also includes options for passing messages, opening files and starting programs on the other end. Keeping this program in the windows startup list will be extremely wise. Originally developed for KGB by a CIA double agent, the program is specially coded to create no windows, it works in hidden in the dark background. It is a bare basic socket server program using winsock API to makes Windows 9x machines telnet accessible [TCP/IP, port=23]. Entire source code of the secret program is included below this page; simply ignore it if you are not a coder. Due to written in assembly language and not even having an icon; the executable weights only about 6kB, zip'ed along with the source code to 4k7 bytes. And it downloads faster than this webpage..!
Download Sparcz - ( Freeware )
Before starting.. the first thing you should know is the IP address of the machine where you are running 'sparcz.exe'. If you don't know your IP number, get MS-DOS prompt and enter command 'ipconfig'.
Note: If you are using dial-up connection, the IP address changes each time you login. B'coz dial-up connections use Dynamic IP address protocol, at each login the client is automatically configured with a new IP address, free available at that time in an IP address pool of your Internet Service Provider.
If your computer is not configured or not connected to any network, you can use the internal loopback address 127.0.0.1 for testing. Opening 'sparcz.exe' won't show up any windows.. the program works in background and visible on Ctrl+Alt+Delete table. Now run (Start menu -> Run) Telnet program either on current machine or any other computer connected to the network,
give the IP address of SparcZerver as argument (eg. telnet 203.129.253.10). You can do the same in a Unix (Linux, BSD) shell, telnet actually belongs to Unix. Telnet terminal programs are usually available with all operating systems.
Be sure that the 'Local Echo' option is 'ON' at Terminal->Preferences
From the telnet terminal you can send the following commands to the sparcz server:
open filename - open the file or program
msg message - place message plainly over screen
box message - show within a messagebox
cdopen - to open CDROM drive door
cdclose - to close CDROM drive door
bye - terminate connection, handles one user at a time
kill - terminate sparczerver
open d:\Louis Armstrong\What a Wonderful World.mp3
open c:\Firework3.exe
open telnet://255.255.255.255
open http://www.ronybc.com
Complete source code of 'sparcz', Winsock example
win32 assembly language (MASM) :
; SparcZ - A Funny little Network utility
; by ronybc ( url: http://www.ronybc.com )
.486p
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\wsock32.inc
include \masm32\include\kernel32.inc
include \masm32\include\gdi32.inc
include \masm32\include\winmm.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\wsock32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\winmm.lib
include \masm32\include\shell32.inc
includelib \masm32\lib\shell32.lib
.data
ClassName db "Kunthrandam",0
AppName db "SPARCz",0
fname1 db "C:\Zerver.log",0
ftxt1 db "connected from : ",0
welcome db 13,10,
"You are connected to -",13,10,13,10,
" __ __ __ __ ___________________________",13,10,
" (_ |__) |__| |__) / ",13,10,
" _____) | | | | \ \__ ZERVER BY RONYBC ",13,10,
13,10,13,10,13,10,0
killed db "You killed that poor Zerver..! ",13,10,0
thankz db "bye.... visit http://www.ronybc.com",13,10,0
gotit db "ok..... ",0
errrr db "error.. ",0
cm00 db "open",0
cm01 db "box",0
cm02 db "kill",0
cm03 db "bye",0
cm04 db "cd",0
cm05 db "line",0
cm06 db "msg",0
mci1 db "set cdaudio door open",0
mci2 db "set cdaudio door closed",0
mci3 db 0
buff db 512 dup (0) ; vulnerable to buffer overflow attacks :)
buff2 db 512 dup (0)
.data?
s1 SOCKET ?
s2 SOCKET ?
sin1 sockaddr_in <>
sin2 sockaddr_in <>
wsaData WSADATA <>
hFile dd ?
fwritten dd ?
temp dd ?
deskdc HDC ?
font LOGfont <>
.code
start:
invoke WSAStartup,0101h,ADDR wsaData
invoke socket,PF_INET,SOCK_STREAM,0
mov s1,eax
mov ax,AF_INET
mov sin1.sin_family,ax
xor eax,eax
mov sin1.sin_addr,eax
invoke htons,23 ;Telnet port
mov sin1.sin_port,ax
invoke bind,s1,ADDR sin1,SIZEOF sockaddr_in
cmp eax,SOCKET_ERROR
jne @F
invoke WSACleanup
xor eax,eax
ret
@@:
invoke listen,s1,1
next_user:
invoke closesocket,s2
mov eax,SIZEOF sockaddr_in
mov temp,eax
invoke accept,s1,ADDR sin2,ADDR temp
mov s2,eax
invoke send,s2,ADDR welcome,SIZEOF welcome,0
invoke CreateFile,ADDR fname1,GENERIC_WRITE,FILE_SHARE_READ,0,
OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax
invoke SetFilePointer,hFile,0,0,FILE_END
mov eax,sin2.sin_addr ;get IP address of user
invoke inet_ntoa,eax
mov temp,eax
mov edi,OFFSET buff2
invoke lstrcpy,edi,ADDR ftxt1
add edi,SIZEOF ftxt1
invoke lstrcpy,edi,temp
invoke lstrlen,temp
add edi,eax
mov eax,0a0d0000h
mov [edi],eax
add edi,4
mov eax,edi
sub eax,OFFSET buff2
mov temp,eax ; log new connection to C:\Zerver.log
invoke WriteFile,hFile,ADDR buff2,eax,ADDR fwritten,0
invoke send,s2,ADDR buff2,temp,0
invoke send,s2,ADDR gotit,SIZEOF gotit,0
invoke CloseHandle,hFile
next_command:
mov edi,OFFSET buff
mov eax,SIZEOF buff
call clrbuff
mov edi,OFFSET buff
crecv:
invoke recv,s2,edi,500,0
or eax,eax
jz next_user
cmp eax,SOCKET_ERROR
je next_user
add edi,eax
mov al,[edi-1]
cmp al,08h ; check for 'Backspace'
jne @F
xor eax,eax
mov [edi],ax
dec edi
dec edi
@@:
cmp al,0Ah
jne crecv
invoke CreateFile,ADDR fname1,GENERIC_WRITE,FILE_SHARE_READ,0,
OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax ; log commands to file C:\Zerver.log
invoke SetFilePointer,hFile,0,0,FILE_END
invoke lstrlen,ADDR buff
invoke WriteFile,hFile,ADDR buff,eax,ADDR fwritten,0
invoke CloseHandle,hFile
; this block seems ugly
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm06
invoke lstrcmpi,ADDR buff2,ADDR cm06
or eax,eax
jz dmsg
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm05
invoke lstrcmpi,ADDR buff2,ADDR cm05
or eax,eax
jz dline
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm04
invoke lstrcmpi,ADDR buff2,ADDR cm04
or eax,eax
jz cdrom
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm03
invoke lstrcmpi,ADDR buff2,ADDR cm03
or eax,eax
jz byebye
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm02
invoke lstrcmpi,ADDR buff2,ADDR cm02
or eax,eax
jz killer
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm01
invoke lstrcmpi,ADDR buff2,ADDR cm01
or eax,eax
jz msgbx
invoke lstrcpyn,ADDR buff2,ADDR buff,SIZEOF cm00
invoke lstrcmpi,ADDR buff2,ADDR cm00
or eax,eax
jnz err
invoke lstrlen,OFFSET buff
mov edx,OFFSET buff
xor ebx,ebx
mov [edx+eax-2],ebx
add edx,5
invoke ShellExecute,NULL,ADDR cm00,edx,NULL,NULL,SW_SHOWNORMAL
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
err:
invoke send,s2,ADDR errrr,SIZEOF errrr,0
jmp next_command
msgbx:
mov eax,OFFSET buff
add eax,3
mov ebx,MB_OK
or ebx,MB_TOPMOST
or ebx,MB_SYSTEMMODAL
or ebx,MB_ICONINFORMATION
invoke MessageBox,NULL,eax,ADDR AppName,ebx
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
dline:
invoke GetDC,0 ;get desktop DC
mov deskdc,eax
invoke MoveToEx,deskdc,100,300,NULL
invoke LineTo,deskdc,250,100 ; draw it annoying
invoke LineTo,deskdc,550,400
invoke LineTo,deskdc,600,430
invoke ReleaseDC,0,deskdc
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
dmsg:
invoke GetDC,0
mov deskdc,eax
invoke SystemParametersInfo,
SPI_GETICONTITLELOGfont,SIZEOF font,ADDR font,0
mov edi,OFFSET font
mov edx,36 ;font size
mov [edi],edx
invoke CreateFontIndirect,ADDR font
invoke SelectObject,deskdc,eax
invoke lstrlen,ADDR buff
sub eax,3 ;'msg'
sub eax,2 ; carriage return
mov ecx,eax
mov eax,OFFSET buff
add eax,3
invoke TextOut,deskdc,100,200,eax,ecx
invoke ReleaseDC,0,deskdc
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
cdrom:
mov edi,OFFSET buff
mov eax,[edi+2]
cmp eax,"nepo" ;open or close
je cdopen
cmp eax,"solc"
jne err
cdclose:
invoke mciSendString,ADDR mci2,ADDR mci3,0,0
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
cdopen:
invoke mciSendString,ADDR mci1,ADDR mci3,0,0
invoke send,s2,ADDR gotit,SIZEOF gotit,0
jmp next_command
clrbuff:
xor edx,edx
mov [edi],edx
add edi,4
mov ebx,[edi]
test ebx,ebx
jnz clrbuff
ret
byebye:
invoke send,s2,ADDR thankz,SIZEOF thankz,0
jmp next_user
killer:
invoke send,s2,ADDR killed,SIZEOF killed,0
invoke closesocket,s1
invoke closesocket,s2
invoke WSACleanup
xor eax,eax
ret
end start
Copyright © 2000 - 2007 Rony B Chandran. All Rights Reserved.
NAVIGATION PANEL:
Ø Parallel Resistance Calculator
Ø Voltage Divider Calculator
Ø LM317 Calculator
Ø Volume Control Pot with Parallel Resistor Graph tool
Ø Power Dissipation Across Transistor/MOSFET
Ø Display PPI Calculator
Ø Blogandrum - The Complete Conundrum
Ø Parallel Resistance Calculator
Ø Voltage Divider Calculator
Ø LM317 Calculator
Ø Volume Control Pot with Parallel Resistor Graph tool
Ø Power Dissipation Across Transistor/MOSFET
Ø Display PPI Calculator
Ø Blogandrum - The Complete Conundrum
Ø
The Eight Queens Puzzle
Ø Fireworkx : Linux version
Ø Kunthrantum - very low distortion audio power amplifier
Ø Creative AudioPCI soundcard mods (Ensoniq ES1370, AK4531)
Ø Buffered Flash memory access routines for PIC microcontrollers
Ø Fireworks : Windows version, coded using Win32 ASM
Ø SparcZ - tiny telnet server with remote desktop administration powers
Ø Fireworkx : Linux version
Ø Kunthrantum - very low distortion audio power amplifier
Ø Creative AudioPCI soundcard mods (Ensoniq ES1370, AK4531)
Ø Buffered Flash memory access routines for PIC microcontrollers
Ø Fireworks : Windows version, coded using Win32 ASM
Ø SparcZ - tiny telnet server with remote desktop administration powers