logo - Click here to go to the site home page... Click here to go to the site home page... Click here to go to the Blog page... Click here to go to the archives page... Click here to go to the about page...
"extremely impressive work"
- Mark Russinovich,
(referring to my BugChecker)
my face...
Homepage of Vito Plantamura (@, LinkedIn), Windows Researcher and Developer. [user=Guest] - updated: August 08, 2007

Essential WWW Server is an I/O completion port web server with support for dynamic content generation and HTTP basic authentication written in 2001 by Vito Plantamura.


With years, I became progressively more obsessed with HTML interfaces and with the DOM object model in general in my programs. The code that I have packaged here in this Essential Web Server has been included in more than one project I have developed in the past. In those cases its primary purpose was to show and render the application user interface to the user, with the implicit and important advantage of location transparency over traditional user interfaces. Why not using IIS and ISAPI extensions in those cases? Simply because in my programs I was rendering HTML content on the screen for presenting to the user what was essentially a desktop interface in the context of a desktop application. I could NOT rely on the presence on the end-user computers of the Internet Information Services installed and on complex installation procedures for my software. In those cases I simply link the core code of the Web Server against the executable of my application and then fill the wwwroot of the server with the DLL extensions that generate dinamically the content. Those DLL Extensions may eventually talk with the application itself through a set of ordinary communication systems.

The source codes of the server are available only upon explicit request and only in special cases. I have omitted to provide the source codes of my Web Server here on my site for obvious security reasons: despite its slimness and size and despite the fact that I have tested it thoroughly, I would avoid to make public eventual flaws or bugs in its implementation (posing a risk of attack to all the applications that actually use it).


Unpack the zip archive that can be downloaded at the bottom of this page in a folder, locate the executable file with name "EssentialWs" and lauch it with the option "/register". This will register the service with the SCM on your computer. Then run from the console the command "services.msc": this will open the Services Snap-In of Windows; locate in the list the "Essential WWW Server" service and then start it.

Before starting the service you can specify the username and password pair enforced through HTTP Basic Authentication for accessing the root of the server. Simply edit the "basic.inf" file and write in it a single line with this format "username:password". Note that the Basic Authentication scheme is only enforced for requests that come from the local network (all the requests from the local computer, i.e. from the address, are granted access by default).

In the same manner, you can set the listening port of the server editing the "port.inf" file.


Here is a summary list of its capabilities:

     Slim and optimized C++ implementation (the executable file of the service is only 76Kb in size)
     Thoroughly tested multi-threaded implementation.
     Support for static and dynamic content through the writing and publishing of Server Extensions.
     Support in the Server Extensions for all HTTP methods: GET, POST etc.
     Smart caching mechanism for both dynamic and static content.
     I/O completion port based winsock server listening by default at the TCP port 49274.
     Customizable listening port: in the release available from this page the port is set to 48001 through the "port.inf" file.
     "MZ signature check" on all the returned content: no user can get by mistake a Server Extension (that actually is a Windows PE Module) suitable for reverse engineering attacks.


WWW Server Extensions are similar in concept to the IIS Extensions in the Microsoft Server.

What you have to do for writing an Extension is simply summarized in this step-by-step list:

     Create a DLL module with Visual Studio.
     Include the file "WebServerCommon.h", whose source is included below in this same page.
     Define an exported function with this prototype and name:

extern "C" __declspec(dllexport) size_t _cdecl ProcessHttpRequest(
      UINT uiProtocolVersion,
      SServerFunctions& ssf,
      BYTE* pbRequest,
      size_t sRequestLen,
      BYTE* pbResponse,
      size_t sResponseBufferLen,
      unsignedlong ulLocalAddr,
      unsignedlong ulRemoteAddr
     Examine the request data available through the variables pbRequest/sRequestLen and write the HTTP response in the pbResponseBuffer, that is sResponseBufferLen bytes in size. Return the number of bytes written in the buffer as the return value of the export function itself.
     Compile, build and rename the dll with a ".dyn" extension.
     Copy the ".dyn" file in the wwwroot directory or in one of its subfolders in order to publish it through the WWW Server.

That's all. For a very clarifying demonstration of the WWW Server potentialities in an end-user desktop application, download the WWW Server Extension "MsdnTreeXmlGen" example.

This is the source code of the "WebServerCommon.h" include file:

// WebServerCommon.h
#pragma once
// definitions
#define HTTPREQ_METHOD_MAXLEN         16
#define HTTPREQ_URI_MAXLEN                  1024
#define HTTPPROTOCOL_VERSION_1_0      0
#define HTTPPROTOCOL_VERSION_1_1      1
// common structures and types used by the server and by the extensions
struct SResponseCharacteristics
      UINT        uiProtocolVersion;
      UINT        uiStatusCode;
      BOOL        bDate;
      char*       pszServer;
      char*       pszWwwAuthenticate;
      char*       pszContentType;
      char*       pszLastModified;
      UINT        uiContentLength;
      BYTE*       pbData;
typedef size_t (_cdecl *fnReturn_Response)(
            SResponseCharacteristics& srchrs,
            BYTE* pbResponse,
            size_t sResponseBufferLen
typedef void (_cdecl *fnInitializeResponseCharacteristics)(
            UINT uiProtocolVersion,
            SResponseCharacteristics& srchrs
typedef size_t (_cdecl *fnReturn_Error)(
            UINT uiProtocolVersion,
            BYTE* pbResponse,
            size_t sResponseBufferLen
typedef size_t (_cdecl *fnReturn_Unauthorized401)(
            UINT uiProtocolVersion,
            char* pszWwwAuthenticate,
            BYTE* pbResponse,
            size_t sResponseBufferLen
struct SServerFunctions
      // server response creation
      fnReturn_Response                               pfnReturn_Response;
      fnInitializeResponseCharacteristics       pfnInitializeResponseCharacteristics;
      // server error management
      fnReturn_Error                      pfnReturn_BadRequest400;
      fnReturn_Unauthorized401      pfnReturn_Unauthorized401;
      fnReturn_Error                      pfnReturn_Forbidden403;
      fnReturn_Error                      pfnReturn_NotFound404;
      fnReturn_Error                      pfnReturn_InternalServerError500;

The structure SServerFunctions is passed as parameter to the extension export function. It contains pointers to several helper functions that may come in handy when writing a typical HTTP extension.

The "pfnReturn_Response" function is used to write an HTTP response in the buffer pointed by "pbResponse" discussed above. It takes a "SResponseCharacteristics" reference that has to be initialized by calling the "pfnInitializeResponseCharacteristics" function. The other function pointers refer to functions that can be used to return standard error responses to the user.


Click here to download the binaries of the WWW Server (33KB).

"Among the Windows experts I know personally, no one can beat Vito Plantamura."
- Francesco Balena, Code Architects SRL

"Your NDIS Monitor application, is amongst the most impressive networking code I have seen on the .Net framework."
- Ben Hakim.
Various images from italian conferences and events (keep the mouse on a thumbnail for a short description):
Me at the Microsoft/HP/Intel organized Route64 event in Milan in May 2005, explaining how COM+ behaves on 64-bit Microsoft operating systems. I was there with the friends of Code Architects.
Me at the Microsoft Security Roadshow event in Bari in April 2006, explaining how the logon process works in Windows NT. There were 250 attendees.
Microsoft Security Roadshow 2006 in Treviso. This is an image of the huge 700-seats conference room.
Me at the Microsoft Security Roadshow 2006 in Treviso. This is a moment of the 3-hours session.
 Site login
NOTE: Actually the login feature is used only for administrative and content management purposes.


Everything here (code, binaries, text, graphics, design, html) is © 2010 Vito Plantamura and VPC Technologies SRL (VATID: IT06203700965).
If you download something (compilable or not) from the site, you should read the license policy file.
If you want to contact me via email, write at this address.