.::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
::                                                              ::
::            ::::::: :::   ::: ::::::: :::::::  ::::: :::::::: ::
:: :::    :::   :::   ::::: :::    :::  :::     :::  ::   :::   ::
:: ::: :: :::   :::   ::: ::::: :. :::  ::::::  :::       :::   ::
:: :::.::.::;   :::   :::  :::: :: ::;  :::     :::  :;   :::   ::
::  '''  '''  ::::::: :::   ::;  :::;   ::::::;  ::::;    :::   ::
:: [wINJECT v0.93b] by moofz@bonbon.net  http://big.badlink.net ::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

DISCLAIMER: The information contained in this text is legal 'as is'
            but I can in no way be held responsible for illegal use
            of this material or any damage caused.  Be careful :)

                          -+ wINJECT +-
                       [drugs for Windows]

                      .:[Table of content]:.
                        1. Welcome and NEWS!
                        2. Getting started
                        3. Limitations and warnings
                        4. Protocol info 
                        5. Last words


..................................................................
                        .:[Welcome and NEWS!]:.

Hi! and welcome to THE packet injector for Windows 9x.

First I would like to point out that this is a BETA version of wINJECT.
This means alot of limitations and you may also get dumb and annoying
warnings when you build packets. Sorry! but this is a one man project
and it is not easy. I will try as hard as possible to make this a
usefull program. This release is actually quite usefull. It includes
some great features and I am very happy with it.

First lets dive into the structure of the program. The main packet
window contains these sub fields:   (# Name Size Value)

Ex:
# Name     Size  Value
1 ip_blah  b: 8  111   (this field is a 8 bit (one byte) field
                        with the value 111)

1 ip_bluh  B: 8  AAAAAAAA (this field is a 8 bytes field with 8*A)

The b became a B, big difference. :) the rest is also easy. 

OK, that was a short intro but you are smart. Just try it and you will see
how easy it is to use.

+NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+ +NEWS+

Multi packet feature:
Now you can edit & inject more than one packet. You can also make a
Project that includes ex. 3 different packets and inject them in
a sequence.
You can loop and delay packets if you like. With this so called
multi feature it is now possible to create fragmented packets (oh boy!).

NOTE: when you save one packet the Loop+Delay information is
      NOT saved. But when you save a Project then the Loop+Delay
      settings of all the packets are saved and ALSO the Loop+Delay for
      the Project. The packets must be saved before you save a
      Project else you get an error.
          
Packet "Info" button:
This button is for comments/notes/anything you want to include in
the .pkt file when you save it. You could write your name or email
so other users can see who made the packet and maybe contact the person.
It could also be a little description of the packet so you know what it
does - you decide.

NOTE: The Info length is limited to 255 characters which should be
      enough for everybody.

This release also removes (well, it moves/pushes) some of the annoying
limits. Now you can create a bit field with a size of 1...16 bits BUT
you cant create a 17...31 bit field - but 32 bit is legal.

Packet Loops and Delays: (for flooding and for NOT flooding)
Sometimes it can be useful to send the same packet more than once.
This is what the "Loop" up/down control is for. The "Delay" control
inserts a delay after the packet (no waaay! :).
You delay when you dont want to flood the destination. 1000 is 1 second.

Project Loops and Delays:
Same thing here, but for the Project. Nothing new. Just try it.

..................................................................
                     .:[Getting started]:.

Ok, so you want to build a packet? then let me tell you what you MUST
include in it. The first layer is the IP layer (transport).
Minimum length is 20 bytes. There are actually too many important
fields you must include to mention here so I recommend that you
open one of the included examples and then start from there. It is
alot easier than starting from scratch.
ALSO; download some TCP/IP primer or some unix exploits that deal
with raw sockets, you can learn alot from them.

I think these will help you in most cases:
http://www.bitpunk.com/tcpip_ill/       (GREAT!, AWSOME, !!!!)
http://www.faqs.org/rfcs/               (Ok - raw info)


How to add/edit a field:
Click on "New" or double click on a item from the list. 

If you start from scratch then the Layer is "1" (it must be!).
Then enter a Name. It could start with ip_ but you decide.
Select a format you would like to enter:

Decimal:   Most of the times you use this one (0 -> 9)
Hex:       Sometimes it is easier to enter in hex (0 -> f)
Chars:     (or bytes) Use this when you enter characters. Ex when
           you make an ICMP echo request (or a dns packet). 

Checksum:   This field is for auto calc checksum, only one per layer!
IP:         When you enter an IP
Dynamic IP: This will insert you current IP when online
Random IP:  Just a random IP, ok? from 0.0.0.0 to 255.255.255.255

Click the "Pseudo data" option if you are making TCP/IP or UDP packets
with real checksums.

Then you enter a bit/byte size if it is not set.
NOTE: Legal bit values: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,32 which should
      cover most situations.

Then you enter the value (also; if it is not set).
Click OK, and if you dont get a warning then it "should" be ok.

Build the rest of the packet and hit then inject button. Done..
off it goes,  easy? you bet!


..................................................................
                  .:[Limitations and warnings]:.

Bit related warnings:
When you add a 16 or 32 bit field then the bits/bytes are swapped (network
byte order).

Future releases will include more options! I hope.

Next limitation: also called ("Bad bit: #001")
This is illegal, and I will show you why.

# Name  Size  Value
1 --    b: 15 --
1 --    b: 2  --
1 --    b: 7  --

Concentrate on the Size fields :)
If you add up these you get 24 bits, that is 3 bytes. The problem
is that when wINJECT adds them it tries to stop at 8/16 bit and then
store the result in another buffer. So it first gets the 15 bit,
BUT: then it sees then next 2 which will be 17 bit and that is TOO much.

In future releases I will try to fix this. With this release you
just have to think a little yourself. Yeah, I am sorry! Make sure
wINJECT can add the bits so they end on 8/16 bit.

Like this one:
# Name  Size  Value
1 --    b: 15 --
1 --    b: 1  --
1 --    b: 1  --
1 --    b: 7  --

       
..................................................................
                       .:[Protocol info]:.

I have collected some protocol information to help beginners build
packets.

icmphdr:
{
  8 bit type;
  8 bit code;
  16 bit checksum;
  16 bit id;
  16 bit seq;
}

// definition of IP header version 4 as per RFC 791 
ip_hdr:
{
   4 bit ip_v;      // version 
   4 bit ip_hl;     // header length 
   8 bit ip_tos;    // type of service 
  16 bit ip_len;    // total length 
  16 bit ip_id;     // identification 
  16 bit ip_off;    // fragment offset field 
   8 bit ip_ttl;    // time to live 
   8 bit ip_p;      // protocol 
  16 bit ip_cksum;  // checksum 
  32 bit ip_src;    // source address 
  32 bit ip_dst;    // destination address 
}

#define IPROTO_GGP  3
#define IPROTO_IGMP 2

#define ICMP_ECHOREPLY          0   // Echo Reply
#define ICMP_DEST_UNREACH       3   // Destination Unreachable
#define ICMP_SOURCE_QUENCH      4   // Source Quench
#define ICMP_REDIRECT           5   // Redirect (change route)
#define ICMP_ECHO               8    // Echo Request
#define ICMP_TIME_EXCEEDED      11   // Time Exceeded
#define ICMP_PARAMETERPROB      12   // Parameter Problem
#define ICMP_TIMESTAMP          13   // Timestamp Request
#define ICMP_TIMESTAMPREPLY     14   // Timestamp Reply
#define ICMP_INFO_REQUEST       15   // Information Request
#define ICMP_INFO_REPLY         16   // Information Reply
#define ICMP_ADDRESS            17   // Address Mask Request
#define ICMP_ADDRESSREPLY       18   // Address Mask Reply

#define NR_ICMP_TYPES           18 // Codes for UNREACH.
#define ICMP_NET_UNREACH        0  // Network Unreachable
#define ICMP_HOST_UNREACH       1  // Host Unreachable
#define ICMP_PROT_UNREACH       2  // Protocol Unreachable
#define ICMP_PORT_UNREACH       3  // Port Unreachable
#define ICMP_FRAG_NEEDED        4  // Fragmentation Needed/DF set
#define ICMP_SR_FAILED          5  // Source Route failed
#define ICMP_NET_UNKNOWN	6
#define ICMP_HOST_UNKNOWN	7
#define ICMP_HOST_ISOLATED	8
#define ICMP_NET_ANO		9
#define ICMP_HOST_ANO		10
#define ICMP_NET_UNR_TOS	11
#define ICMP_HOST_UNR_TOS	12
#define ICMP_PKT_FILTERED       13  // Packet filtered
#define ICMP_PREC_VIOLATION     14  // Precedence violation
#define ICMP_PREC_CUTOFF        15  // Precedence cut off

// Codes for REDIRECT.
#define ICMP_REDIR_NET          0   // Redirect Net
#define ICMP_REDIR_HOST         1   // Redirect Host
#define ICMP_REDIR_NETTOS       2   // Redirect Net for TOS
#define ICMP_REDIR_HOSTTOS      3   // Redirect Host for TOS

// Codes for TIME_EXCEEDED. 
#define ICMP_EXC_TTL            0   // TTL count exceeded
#define ICMP_EXC_FRAGTIME       1   // Fragment Reass time exceeded


..................................................................
                       .:[Last words]:.

Yep, that was all for this release of wINJECT, Remember, if you
find bugs, have any suggestions, ideas, comments, other things
related to wINJECT (except source code questions), then mail me!! Thanks..

BYE! and enjoy!
[moofz@bonbon.net]
..................................................................
                        -+ wINJECT +-
                      [drugs for Windows]
..................................................................