作者:jhkdiy
邮件:jhkdiy_gzb@21cn.net
论坛:www.20cn.net
日期:06年3月24日
有一段时间没有去过ASMCommunity Messageboard(http://www.asmcommunity.net/board/index.php)了,以前直接可以访问。
现在只能通过代理才能访问,至少我这边是这样。在里面随便逛了逛,无意看到一位论坛会员问怎样用Asm来做一个端口扫描器,
结果其他会员给了一个源代码,在window的控制台窗口下运行,以阻塞模式扫描一个目标主机的端口。我觉得这个代码对刚学习
Windows Socket编程的朋友来说很有启发性,所以现在详细讲解一下这份代码,希望对大家有所帮助。若各位读者想先试试该程序
可以先用RadAsm建立一个console工程,然后将下面的代码粘贴到asm文件中,编译&链接。在控制台下运行该程序即可。
源代码如下,只做了一点的格式编排:
; Conscan - CLI "test"
.386
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
include kernel32.inc
include masm32.inc
include wsock32.inc
includelib user32.lib
includelib kernel32.lib
includelib masm32.lib
includelib wsock32.lib
print macro lpszText:VARARG
local txt
.data
txt db lpszText,13,10,0
.code
invoke StdOut,addr txt
ENDM
SOCKADDR_IN struct
sin_family WORD ?
sin_port WORD ?
sin_addr DWORD ?
sin_zero BYTE 8 dup (?)
SOCKADDR_IN ends
.data
szusg db "usage: conscan <hostname>",13,10,0
fmt db "%d OPEN",13,10,0
sa SOCKADDR_IN <>
wsa WSADATA <>
sfd dd 0
port dd 0
pl dd 21
dd 22
dd 23
dd 25
dd 80
dd 137
dd 350
dd 8080
dd 6667
dd 31337
dd 0
.data?
hostname db 2024 dup (?)
buffer db 100 dup (?)
.code
conscan:
call main
call ExitProcess
main proc
invoke GetCL,1,addr hostname
cmp eax,1
jne Arg_Error
mov sa.sin_family, AF_INET
lea edi,pl
Port_Scan_Loop:
mov eax,[edi]
cmp eax,0
je Port_Scan_Complete
inc edi
mov port,eax
invoke WSAStartup,101h,addr wsa
invoke socket, AF_INET, SOCK_STREAM, 0
mov sfd,eax
invoke htons, port
mov sa.sin_port, ax
invoke gethostbyname, addr hostname
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]
mov sa.sin_addr,eax
invoke connect,sfd,addr sa,SIZEOF sa
cmp eax, 0
jne Port_Closed
invoke wsprintf,addr buffer,addr fmt,port
invoke StdOut,addr buffer
Port_Closed:
invoke closesocket,sfd
call WSACleanup
jmp Port_Scan_Loop
Arg_Error:
invoke StdOut,addr szusg
ret
Port_Scan_Complete:
print "-- Scan Complete --"
ret
main endp
end conscan
.code
conscan:
call main ;主函数,全部流程都在这里了。
call ExitProcess ;正常终止程序必须的。
main proc
invoke GetCL,1,addr hostname ;GetCL是masm32.inc中函数
cmp eax,1
jne Arg_Error
mov sa.sin_family, AF_INET
lea edi,pl
Port_Scan_Loop:
mov eax,[edi]
cmp eax,0
je Port_Scan_Complete
inc edi
mov port,eax
invoke WSAStartup,101h,addr wsa
invoke socket, AF_INET, SOCK_STREAM, 0
mov sfd,eax
invoke htons, port
mov sa.sin_port, ax
invoke gethostbyname, addr hostname
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]
mov sa.sin_addr,eax
invoke connect,sfd,addr sa,SIZEOF sa
cmp eax, 0
jne Port_Closed
invoke wsprintf,addr buffer,addr fmt,port
invoke StdOut,addr buffer
Port_Closed:
invoke closesocket,sfd
call WSACleanup
jmp Port_Scan_Loop
Arg_Error:
invoke StdOut,addr szusg
ret
Port_Scan_Complete:
print "-- Scan Complete --"
ret
main endp
end conscan
[注意]APP应用上架合规检测服务,协助应用顺利上架!