作者:jhkdiy
邮件:jhkdiy_gzb@21cn.net
论坛:0feK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0t1H3j5$3&6Q4x3X3g2F1k6i4b7`.
日期:06年3月24日
有一段时间没有去过ASMCommunity Messageboard(9c6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4K6L8h3y4G2L8h3#2#2L8X3W2@1P5g2)9J5k6h3&6W2N6q4)9J5c8X3u0G2j5i4u0V1i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4c8f1k6Q4b7V1y4Q4z5o6W2Q4c8e0c8Q4b7V1q4Q4z5o6k6Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0c8Q4b7V1u0Q4b7e0g2Q4c8e0g2Q4z5o6W2Q4z5p5c8Q4c8e0N6Q4z5f1u0Q4b7U0c8Q4c8e0k6Q4z5p5g2Q4b7e0g2Q4c8e0g2Q4z5p5k6Q4b7f1k6Q4c8e0c8Q4b7V1u0Q4b7e0g2Q4c8e0S2Q4b7f1g2Q4b7V1k6Q4c8e0W2Q4z5e0N6Q4b7f1g2Q4c8e0y4Q4z5o6m8Q4z5o6t1`.
现在只能通过代理才能访问,至少我这边是这样。在里面随便逛了逛,无意看到一位论坛会员问怎样用Asm来做一个端口扫描器,
结果其他会员给了一个源代码,在window的控制台窗口下运行,以阻塞模式扫描一个目标主机的端口。我觉得这个代码对刚学习
Windows Socket编程的朋友来说很有启发性,所以现在详细讲解一下这份代码,希望对大家有所帮助。若各位读者想先试试该程序
可以先用RadAsm建立一个console工程,然后将下面的代码粘贴到asm文件中,编译&链接。在控制台下运行该程序即可。
源代码如下,只做了一点的格式编排:
; Conscan - CLI "test"
.386
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
include kernel32.inc
include masm32.inc
include wsock32.inc
includelib user32.lib
includelib kernel32.lib
includelib masm32.lib
includelib wsock32.lib
print macro lpszText:VARARG
local txt
.data
txt db lpszText,13,10,0
.code
invoke StdOut,addr txt
ENDM
SOCKADDR_IN struct
sin_family WORD ?
sin_port WORD ?
sin_addr DWORD ?
sin_zero BYTE 8 dup (?)
SOCKADDR_IN ends
.data
szusg db "usage: conscan <hostname>",13,10,0
fmt db "%d OPEN",13,10,0
sa SOCKADDR_IN <>
wsa WSADATA <>
sfd dd 0
port dd 0
pl dd 21
dd 22
dd 23
dd 25
dd 80
dd 137
dd 350
dd 8080
dd 6667
dd 31337
dd 0
.data?
hostname db 2024 dup (?)
buffer db 100 dup (?)
.code
conscan:
call main
call ExitProcess
main proc
invoke GetCL,1,addr hostname
cmp eax,1
jne Arg_Error
mov sa.sin_family, AF_INET
lea edi,pl
Port_Scan_Loop:
mov eax,[edi]
cmp eax,0
je Port_Scan_Complete
inc edi
mov port,eax
invoke WSAStartup,101h,addr wsa
invoke socket, AF_INET, SOCK_STREAM, 0
mov sfd,eax
invoke htons, port
mov sa.sin_port, ax
invoke gethostbyname, addr hostname
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]
mov sa.sin_addr,eax
invoke connect,sfd,addr sa,SIZEOF sa
cmp eax, 0
jne Port_Closed
invoke wsprintf,addr buffer,addr fmt,port
invoke StdOut,addr buffer
Port_Closed:
invoke closesocket,sfd
call WSACleanup
jmp Port_Scan_Loop
Arg_Error:
invoke StdOut,addr szusg
ret
Port_Scan_Complete:
print "-- Scan Complete --"
ret
main endp
end conscan
.code
conscan:
call main ;主函数,全部流程都在这里了。
call ExitProcess ;正常终止程序必须的。
main proc
invoke GetCL,1,addr hostname ;GetCL是masm32.inc中函数
cmp eax,1
jne Arg_Error
mov sa.sin_family, AF_INET
lea edi,pl
Port_Scan_Loop:
mov eax,[edi]
cmp eax,0
je Port_Scan_Complete
inc edi
mov port,eax
invoke WSAStartup,101h,addr wsa
invoke socket, AF_INET, SOCK_STREAM, 0
mov sfd,eax
invoke htons, port
mov sa.sin_port, ax
invoke gethostbyname, addr hostname
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]
mov sa.sin_addr,eax
invoke connect,sfd,addr sa,SIZEOF sa
cmp eax, 0
jne Port_Closed
invoke wsprintf,addr buffer,addr fmt,port
invoke StdOut,addr buffer
Port_Closed:
invoke closesocket,sfd
call WSACleanup
jmp Port_Scan_Loop
Arg_Error:
invoke StdOut,addr szusg
ret
Port_Scan_Complete:
print "-- Scan Complete --"
ret
main endp
end conscan
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
