Less than 10KB, multi-threaded, CGI supported

http://base.3322.org/miniweb/

Full source code available (Open with RadASM)
Posted on 2003-09-27 02:15:15 by optimus
Looks pretty nice, well done :)

Thomas
Posted on 2003-09-27 08:19:46 by Thomas
It does have a big bug though, from what I can see, you assume you get the request (or at least the first line) in one recv call. That's not true..
Open a telnet session to port 80, type 'G' (first letter of the GET request) and the server will close the connection...

edit: Also, services should never ever create windows. Having a window allows all kind of attacks (though limited if you don't have any controls on it). Since services run with localsystem priviliges (usually), a successful exploit gives full access to the system.
In your case, the window doens't contain controls so its pretty safe (if you have installed the patch for the WM_TIMER bug :)), but still, even a guest user could shutdown the server (well disable it at least) by sending a WM_DESTROY messsage to your window.

Thomas
Posted on 2003-09-27 08:29:04 by Thomas
Thanks for your "powerful" suggestions, which I have never heard except from this forum. I will look into the problems u mentioned. (the guys in my college's BBS never understand win32 assembly programs)
I am still not clear about the first issue u talked about. Why can't I get a HTTP request with one recv?
btw: if without a window, how to handle winsock messages with good efficiency?
Posted on 2003-09-27 11:50:55 by optimus

Thanks for your "powerful" suggestions, which I have never heard except from this forum. I will look into the problems u mentioned. (the guys in my college's BBS never understand win32 assembly programs)
I am still not clear about the first issue u talked about. Why can't I get a HTTP request with one recv?

Because it's not guaranteed that you get the full request in one time. You may receive any amount of bytes currently available. This might be 1 byte (the first byte of the request), 3 bytes, 200 bytes, anything!


btw: if without a window, how to handle winsock messages with good efficiency?

Events are pretty efficient and not hard to use either. Have a look at WSAEventSelect. Also take a look at chapter 5 of my networking tutorial.

Thomas
Posted on 2003-09-27 14:08:18 by Thomas
WSAEventSelect is an API of Winsock 2.
I hope to use only APIs from winsock 1.1, so that MiniWeb can work on all 32-bit Windows versions including the first release of Windows 95 (in this case, MiniWeb works as a stand-alone app). As u might have seen, the service version and stand-alone app version share the same code, so I don't wanna make them seperate versions. Any solution for using winsock 1.1?

btw: I have ever ripped a very small version of Win95, and put it into an old x86-based POS machine(a 486 with 8M RAM). That becomes a cute, tiny web server.
Posted on 2003-09-28 00:01:45 by optimus
Winsock 1.1 is really outdated, but there's even a winsock2 update for windows 95...
See http://tangentsoft.net/wskfaq/general.html#version

Thomas
Posted on 2003-09-28 03:04:18 by Thomas
thanx dude!!!
Posted on 2003-09-28 03:12:09 by optimus
just curious how big is your compressed win95 install.. was thinking about serving a website from a windows machine that could run from some spare ancient parts i got laying around... wonder how secure it would be
Posted on 2003-09-28 19:17:05 by illwill
The minimum ripped version of win95 I made is only 2MB big. I referenced to the book "Unauthrized Windows 95" and ripped out the core files. I made it 2 compressed package, decompressing the first one to ramdisk (need a 1.7M ramdisk) before booting, and during the boot process, erasing the loaded files from ramdisk and decompressing the second one. This version supports standard win32 apps, but with no networking and multimedia supports and only with 16 color display. (I'm now seek a way to implement network support on it with DOS tcp/ip driver)

The other fully functional version is around 18MB big, with true-color display, winsock 2 and NTFS supports.

I used the latter to make a tiny web server and it works just fine. I wish the first ver. could be used to be a web server.
Posted on 2003-09-28 23:21:07 by optimus
... speaking about tiny stuph

would be nice if miniweb would support REBOL scripts as the REBOL interpreter is only ~260kb and can do a lot of things.

docs:
Download REBOL 217k zip (Windows)
Quick and Easy CGI - A Beginner's Tutorial and Guide
REBOL cookbook (easy examples)
Posted on 2003-09-30 08:56:26 by TBD
i will look at it.
Posted on 2003-09-30 13:52:46 by optimus
I know this thread existed long ago, but why not utilize select()?


Thanks for your "powerful" suggestions, which I have never heard except from this forum. I will look into the problems u mentioned. (the guys in my college's BBS never understand win32 assembly programs)
I am still not clear about the first issue u talked about. Why can't I get a HTTP request with one recv?

Because it's not guaranteed that you get the full request in one time. You may receive any amount of bytes currently available. This might be 1 byte (the first byte of the request), 3 bytes, 200 bytes, anything!


btw: if without a window, how to handle winsock messages with good efficiency?

Events are pretty efficient and not hard to use either. Have a look at WSAEventSelect. Also take a look at chapter 5 of my networking tutorial.

Thomas
Posted on 2004-08-31 19:16:14 by Al_Leitch
Hi,
Good work!. I am checking it out.

Thomas Antony 8) :) 8)
Posted on 2004-09-01 05:45:50 by thomasantony