internet.gif (4356 bytes)

Fisrt of all, i'm sorry 4 my english mistakes, this is not my native language.

Greetz:

Vecna - You teach me with your emails, ideas, codes ( like Babylonia, Updater and Vecna Server ). Thanx

All VX on #virus/#vir channels

[MATRiX] team:

Ultras, Mort, Nbk, Tgr, Del_Armg0

HTTP ( Hypertext Transfer Protocol )

It's the network protocol used on the World Wide Web. Like most network protocols, uses client and servers. An HTTP client opens a connection and sends a request
message to an HTTP server; the server then returns a response message, usually containing the resource that was requested.

API'S:

My programs usually use this api's from WSOCK32.DLL:

WSAStartup - Before use Windows sockets operations, you must make a successful <WSAStartup>. If success, will return NULL in eax.

socket - Creates a socket

gethostbyname - Get IP address from a specific site.
EX: 'www.geocities.com'

connect - Establishes a connection to a peer

send - Sends data on a connected socket.

recv - Receives data from a socket.

closesocket - Closes a socket.

WSACleanup - Terminates use of the Windows Sockets DLL

WSAGetLastError - Gets the error status for the last operation that failed

CODING:

As my english is terrible, i'll just show a program connecting itself to an internet address and request a dummy file. You can get more RFC(S) at internet, but I prefer a tutorial from James Marshall that could be found at:

<http://www.jmarshall.com/easy/>


;________________________CUT HERE_______________________

.586p
.model flat

; KERNEL32.DLL

extrn ExitProcess:proc

; WSOCK32.DLL

extrn WSACleanup:proc
extrn socket:proc
extrn connect:proc
extrn send:proc
extrn recv:proc
extrn WSAStartup:proc
extrn WSAGetLastError:proc
extrn gethostbyname:proc
extrn closesocket:proc

; USER32.DLL

extrn MessageBoxA:proc


.data

buffer db 512 dup (0)
sock dd 0
geocities db 'www.geocities.com',0

request db 'GET MATRIX.VX HTTP/1.1',13,10 ; CRLF
db 'Host: www.geocities.com',13,10 ; CRLF
db 'User-Agent: [MATRiX]/1.0',13,10 ; CRLF
db 'Accept: *.*, */*',13,10,13,10 ; CRLF CRLF
request_size equ $ - request
error1 db 'ERROR',0

sockaddr:

dd 050000002h ; Port number = 80 = http
ipnumber dd 0 ; Host in hex.
dd 0
dd 0

.code

start:

push offset buffer ;
push 101h ; The program is asking the system if
; this socket version is valid (1.01)
call WSAStartup

test eax,eax ; If eax return 0 the version was
jnz error ; accepted

push 00H ; Particular protocol to be used
push 01H ; Type specification for the new socket
push 02H ; PF_INET (format currently supported)
call socket

mov [sock],eax ; If eax = 0FFFFFFFFh, the socket can't be
inc eax ; created
jz error

; Let's get the IP number from geocities

push offset geocities
call gethostbyname

test eax,eax ; If eax = 0 the function fail
jz error

mov eax,[eax+4]
mov eax,[eax+4]
mov [ipnumber],eax ; Save IP number in eax

; Now we can connect our socket to
; an specific site

push 16 ; The size of connect structure
push offset sockaddr ; Point for it
push [sock] ; Use our socket
call connect

test eax,eax ; If eax = 0 we are connected
jnz error ; to geocities


; I have to request files.
; I'll request a file called
; <MATRIX.VX>
; Geocities don't have this file,
; then the server will return
; a line with the error:

; 404 NOT FOUND

repeat_send:

push 0 ; Specifies the way the call is made
push request_size ; The size of my request to the server
push offset request ; Where my request can be found
push [sock] ; And our socket (connected to geocities)
call send

inc eax ; If eax = 0FFFFFFFFh the function
jnz sendok ; fail. But this is very common for
; <send> function, and can be just an
; ERROR called <WSAEWOULDBLOCK> (see more above)
; When this error occur, we have just to
; repeat the operation.

call WSAGetLastError

; You can add much more routines for
; error codes. You can found an error
; codes list at the end of this file.
cmp eax, 10035
je repeat_send

jmp error

sendok:

; The request was done, now the program will
; get the WEB SERVER response and show it in
; a message box

mov esi,offset buffer

repeat_recv:

push 0
push 4096
push esi
push [sock]
call recv

inc eax
jnz recvok

call WSAGetLastError

cmp eax, 10035 ; check for <WSAEWOULDBLOCK> error
je repeat_recv

jmp error

recvok:

dec eax
jz done

; We have to update the offset for the buffer

add esi,eax
jmp repeat_recv

done:

; Ok, the response was sent
; Now i'll print it in the screen

push 0
push offset $
push offset buffer
push 0
call MessageBoxA
jmp theend

error:

push 0
push offset error1
push offset error1
push 0
call MessageBoxA

theend:

push 0
call ExitProcess

end start

;________________________CUT HERE_______________________


---===== ERROR CODES =====---


These error codes are very usefull when a function fail

WSAEINTR 10004 Interrupted system call.
WSAEBADF 10009 Bad file number.
WSEACCES 10013 Permission denied.
WSAEFAULT 10014 Bad address.
WSAEINVAL 10022 Invalid argument.
WSAEMFILE 10024 Too many open files.
WSAEWOULDBLOCK 10035 Operation would block.
WSAEINPROGRESS 10036 Operation now in progress. This error is
returned if any Windows Sockets API
function is called while a blocking
function is in progress.
WSAEALREADY 10037 Operation already in progress.
WSAENOTSOCK 10038 Socket operation on nonsocket.
WSAEDESTADDRREQ 10039 Destination address required.
WSAEMSGSIZE 10040 Message too long.
WSAEPROTOTYPE 10041 Protocol wrong type for socket.
WSAENOPROTOOPT 10042 Protocol not available.
WSAEPROTONOSUPPORT 10043 Protocol not supported.
WSAESOCKTNOSUPPORT 10044 Socket type not supported.
WSAEOPNOTSUPP 10045 Operation not supported on socket.
WSAEPFNOSUPPORT 10046 Protocol family not supported.
WSAEAFNOSUPPORT 10047 Address family not supported by protocol
family.
WSAEADDRINUSE 10048 Address already in use.
WSAEADDRNOTAVAIL 10049 Cannot assign requested address.
WSAENETDOWN 10050 Network is down. This error may be
reported at any time if the Windows
Sockets implementation detects an
underlying failure.
WSAENETUNREACH 10051 Network is unreachable.
WSAENETRESET 10052 Network dropped connection on reset.
WSAECONNABORTED 10053 Software caused connection abort.
WSAECONNRESET 10054 Connection reset by peer.
WSAENOBUFS 10055 No buffer space available.
WSAEISCONN 10056 Socket is already connected.
WSAENOTCONN 10057 Socket is not connected.
WSAESHUTDOWN 10058 Cannot send after socket shutdown.
WSAETOOMANYREFS 10059 Too many references: cannot splice.
WSAETIMEDOUT 10060 Connection timed out.
WSAECONNREFUSED 10061 Connection refused.
WSAELOOP 10062 Too many levels of symbolic links.
WSAENAMETOOLONG 10063 File name too long.
WSAEHOSTDOWN 10064 Host is down.
WSAEHOSTUNREACH 10065 No route to host.
WSASYSNOTREADY 10091 Returned by WSAStartup(), indicating that
the network subsystem is unusable.
WSAVERNOTSUPPORTED 10092 Returned by WSAStartup(), indicating that
the Windows Sockets DLL cannot support
this application.
WSANOTINITIALISED 10093 Winsock not initialized. This message is
returned by any function except
WSAStartup(), indicating that a
successful WSAStartup() has not yet been
performed.
WSAEDISCON 10101 Disconnect.
WSAHOST_NOT_FOUND 11001 Host not found. This message indicates
that the key (name, address, and so on)
was not found.
WSATRY_AGAIN 11002 Nonauthoritative host not found. This
error may suggest that the name service
itself is not functioning.
WSANO_RECOVERY 11003 Nonrecoverable error. This error may
suggest that the name service itself is
not functioning.
WSANO_DATA  11004 Valid name, no data record of requested
type. This error indicates that the key
(name, address, and so on) was not found.