.::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
::                                                              ::
::            ::::::: :::   ::: ::::::: :::::::  ::::: :::::::: ::
:: :::    :::   :::   ::::: :::    :::  :::     :::  ::   :::   ::
:: ::: :: :::   :::   ::: ::::: :. :::  ::::::  :::       :::   ::
:: :::.::.::;   :::   :::  :::: :: ::;  :::     :::  :;   :::   ::
::  '''  '''  ::::::: :::   ::;  :::;   ::::::;  ::::;    :::   ::
:: [wINJECT v0.94b] by moofz@bonbon.net  http://big.badlink.net ::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

DISCLAIMER: The information contained in this text is legal 'as is'
            but I can in no way be held responsible for illegal use
            of this material or any damage caused.  Be careful :)

                          -+ wINJECT +-
                       [drugs for Windows]

                      .:[Table of content]:.
                        1. Welcome and NEWS! (new lowlevel shit!)
                        2. Getting started
                        3. Limitations and warnings
                        4. Protocol info 
                        5. Last words


..................................................................
                        .:[Welcome and NEWS!]:.

Hi! and welcome to THE packet injector for Windows 9x.

First I would like to point out that this is a BETA version of wINJECT.
This means alot of limitations and you may also get dumb and annoying
warnings when you build packets. Sorry! but this is a one man project
and it is not easy. I will try as hard as possible to make this a
usefull program. This release is actually quite usefull. It includes
some great features and I am very happy with it.

+NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+

[lowlevel: IP Changer]: (click on the letter 'I' [in the wINJECT logo!])   
One of the most exciting new features of version 0.94b is the lowlevel
IP Changer. It tries to change your IP without redialing your ISP.
:) hehehe, cool!    BUT it is not everytime you can change the IP,  only
if there is another free IP for you. The MagicID must be correct/"in sync"
when you try to change your IP. I cant tell you which MagicID to use
because it has something to do with your dialup settings.

Go to "my computer" -> "Dial-Up Networking" and right click on your
connection and select "Properties". Select the "Server Types" tab and
see what you have "clicked/flagged". (by the way: the "Server Types" must
be PPP!)

I ONLY click the "TCP/IP" flag which works as it should, there is
no need to turn on compression, encryption since most ISPs does not support
these options (and wINJECT will probably not work..) But if you REALLY want
them on then you need to experiment with the MagicID in wINJECT.

Here is how to find the correct "initial" MagicID: (default is 4)
You go online :)  start wINJECT and select the IP changer.
Then you hit the "Change!" button - wait 5 seconds. wINJECT will tell you
if the magic id is wrong and you can try another one.
So start at 4 and add one when it fails. If the magic id is correct you
will see the ip change to 0.0.0.0 and then hopefully you can get a new
IP after some seconds. Remember to save the correct magic id value to disk
(the one that made the ip jump to 0.0.0.0 - NOT the value after a successful
ip change!!!).

Ok, so it changed now!! ?!  cool!  but if you go offline and online again
then you need to use the "initial" magic id you just found because Windows
always starts from 0 when you log on. wINJECT does not take care of this for
you. You must know/remember this yourself. But it is simple.. isn't it??

Now I hear some of you say, "Phh crap, why do I need this??". I tried to
make something new never seen before shit and thought it would be nice
if one could change IP and jump around. Ex. if your current IP gets
banned (by some 2 lee7o h@cker admin blah who thinks you are 2 l@me) then you
just change ip and continue whatever you were doing :)

Ex 2: you are paranoid, you think a really hardcore hacker is after you so
you feel safe by jumping around and hiding yourself :)) hehe.. why not?

And there are other more exotic reasons why you would need to change IP.
Go figure :)

Warnings: dont change you IP while you are connected to some server
(web, telnet, ftp, mail, tcp whatever....) You know why!! it is stupid.

Please understand that this is experimental shit.. :)    I have more cool
ideas that I want to put in wINJECT, so just wait and see.
It will be awsome!

Another great feature is "Global IP" : let me give you an example..
Lets say that you have a project with 100 packets that you want to send to
some IP.  Argghh, it really takes some time to edit the ip_dst field
in all those packets!!  Well, not anymore. The new Global IP thing
makes it easy to change the IP in all the 100 packets.

I also fixed some serious bugs, and added more checking so it doesnt crash
so easy.

About the [winject.vxd]:
Maybe some of you have noticed the new winject.vxd in the archive.
It is for LAN/ADSL support (well, the IP Changer uses it too).
The LAN/ADSL code is not 100% done (not even 20%), but I thought you
should have a little fun with the IP Changer until it is ready.
I am also thinking about making a little network sniffer, + some more
exotic never seen before goodies. All these COOL things are only
possible with a VxD.

..................................................................
                     .:[Getting started]:.

Ok, so you want to build a packet? then let me tell you what you MUST
include in it. The first layer is the IP layer (transport).
Minimum length is 20 bytes. There are actually too many important
fields you must include to mention here so I recommend that you
open one of the included examples and then start from there. It is
alot easier than starting from scratch.
ALSO; download some TCP/IP primer or some unix exploits that deal
with raw sockets, you can learn alot from them.

I think these will help you in most cases:
http://www.bitpunk.com/tcpip_ill/       (GREAT!, AWSOME, !!!!)
http://www.faqs.org/rfcs/               (Ok - raw info)


How to add/edit a field:
Click on "New" or double click on a item from the list. 

If you start from scratch then the Layer is "1" (it must be!).
Then enter a Name. It could start with ip_ but you decide.
Select a format you would like to enter:

Decimal:   Most of the times you use this one (0 -> 9)
Hex:       Sometimes it is easier to enter in hex (0 -> f)
Chars:     (or bytes) Use this when you enter characters. Ex when
           you make an ICMP echo request (or a dns packet). 

Checksum:   This field is for auto calc checksum, only one per layer!
IP:         When you enter an IP
Dynamic IP: This will insert you current IP when online
Random IP:  Just a random IP, ok? from 0.0.0.0 to 255.255.255.255
GlobalIP1+2: If you select these, then it takes the IPs from the "Global IP"
             button in the main dialog.

Click the "Pseudo data" option if you are making TCP/IP or UDP packets
with real checksums.

Then you enter a bit/byte size if it is not set.
NOTE: Legal bit values: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,32 which should
      cover most situations.

Then you enter the value (also; if it is not set).
Click OK, and if you dont get a warning then it "should" be ok.

Build the rest of the packet and hit then inject button. Done..
off it goes,  easy? you bet!


..................................................................
                  .:[Limitations and warnings]:.

Bit related warnings:
When you add a 16 or 32 bit field then the bits/bytes are swapped (network
byte order).

Future releases will include more options! I hope.

Next limitation: also called ("Bad bit: #001")
This is illegal, and I will show you why.

# Name  Size  Value
1 --    b: 15 --
1 --    b: 2  --
1 --    b: 7  --

Concentrate on the Size fields :)
If you add up these you get 24 bits, that is 3 bytes. The problem
is that when wINJECT adds them it tries to stop at 8/16 bit and then
store the result in another buffer. So it first gets the 15 bit,
BUT: then it sees then next 2 which will be 17 bit and that is TOO much.

In future releases I will try to fix this. With this release you
just have to think a little yourself. Yeah, I am sorry! Make sure
wINJECT can add the bits so they end on 8/16 bit.

Like this one:
# Name  Size  Value
1 --    b: 15 --
1 --    b: 1  --
1 --    b: 1  --
1 --    b: 7  --

       
..................................................................
                       .:[Protocol info]:.

I have collected some protocol information to help beginners build
packets.

icmphdr:
{
  8 bit type;
  8 bit code;
  16 bit checksum;
  16 bit id;
  16 bit seq;
}

// definition of IP header version 4 as per RFC 791 
ip_hdr:
{
   4 bit ip_v;      // version 
   4 bit ip_hl;     // header length 
   8 bit ip_tos;    // type of service 
  16 bit ip_len;    // total length 
  16 bit ip_id;     // identification 
  16 bit ip_off;    // fragment offset field 
   8 bit ip_ttl;    // time to live 
   8 bit ip_p;      // protocol 
  16 bit ip_cksum;  // checksum 
  32 bit ip_src;    // source address 
  32 bit ip_dst;    // destination address 
}

#define IPROTO_GGP  3
#define IPROTO_IGMP 2

#define ICMP_ECHOREPLY          0   // Echo Reply
#define ICMP_DEST_UNREACH       3   // Destination Unreachable
#define ICMP_SOURCE_QUENCH      4   // Source Quench
#define ICMP_REDIRECT           5   // Redirect (change route)
#define ICMP_ECHO               8    // Echo Request
#define ICMP_TIME_EXCEEDED      11   // Time Exceeded
#define ICMP_PARAMETERPROB      12   // Parameter Problem
#define ICMP_TIMESTAMP          13   // Timestamp Request
#define ICMP_TIMESTAMPREPLY     14   // Timestamp Reply
#define ICMP_INFO_REQUEST       15   // Information Request
#define ICMP_INFO_REPLY         16   // Information Reply
#define ICMP_ADDRESS            17   // Address Mask Request
#define ICMP_ADDRESSREPLY       18   // Address Mask Reply

#define NR_ICMP_TYPES           18 // Codes for UNREACH.
#define ICMP_NET_UNREACH        0  // Network Unreachable
#define ICMP_HOST_UNREACH       1  // Host Unreachable
#define ICMP_PROT_UNREACH       2  // Protocol Unreachable
#define ICMP_PORT_UNREACH       3  // Port Unreachable
#define ICMP_FRAG_NEEDED        4  // Fragmentation Needed/DF set
#define ICMP_SR_FAILED          5  // Source Route failed
#define ICMP_NET_UNKNOWN	6
#define ICMP_HOST_UNKNOWN	7
#define ICMP_HOST_ISOLATED	8
#define ICMP_NET_ANO		9
#define ICMP_HOST_ANO		10
#define ICMP_NET_UNR_TOS	11
#define ICMP_HOST_UNR_TOS	12
#define ICMP_PKT_FILTERED       13  // Packet filtered
#define ICMP_PREC_VIOLATION     14  // Precedence violation
#define ICMP_PREC_CUTOFF        15  // Precedence cut off

// Codes for REDIRECT.
#define ICMP_REDIR_NET          0   // Redirect Net
#define ICMP_REDIR_HOST         1   // Redirect Host
#define ICMP_REDIR_NETTOS       2   // Redirect Net for TOS
#define ICMP_REDIR_HOSTTOS      3   // Redirect Host for TOS

// Codes for TIME_EXCEEDED. 
#define ICMP_EXC_TTL            0   // TTL count exceeded
#define ICMP_EXC_FRAGTIME       1   // Fragment Reass time exceeded


..................................................................
                       .:[Last words]:.

Yep, that was all for this release of wINJECT, Remember, if you
find bugs, have any suggestions, ideas, comments, other things
related to wINJECT (except source code questions), then mail me!! Thanks..

BYE! and enjoy!
[moofz@bonbon.net]
..................................................................
                        -+ wINJECT +-
                      [drugs for Windows]
..................................................................
