question for dumps
Juan Carlos Montes
jcmontes at cert.inteco.es
Fri Jan 25 02:20:15 CST 2008
Ok, i can make the patch.
what do you need to make the new channel?
I use this code to dump:
////////////////////////////////////////////////////////////////////////////
// Insert to dump buffers
// Inserted by Juan Carlos Montes
// Date: 23/01/08
char file_name[255] = "";
sprintf( file_name, "dumps\\wsasendto_%d", GetTickCount()+rand() );
HANDLE file = CreateFileA( file_name, GENERIC_WRITE | GENERIC_READ, 0, NULL,
CREATE_ALWAYS, 0, NULL );
DWORD bytes = 0, pos = 0;
for (pos=0; pos<dwBufferCount; pos++)
WriteFile( file, lpBuffers[pos].buf, lpBuffers[pos].len, &bytes, NULL );
CloseHandle( file );
TRACE( "filename %s\n", file_name );
// End to insert
At this time, i have dumps for WriteFile, ReadFile, WSASendTo and WSARecvFrom.
But i need it for Registry set value functions...
Do you want that i make a diff with all change?
Alex Villacís Lasso escribió:
> Alex Villacís Lasso escribió:
>> Juan Carlos Montes escribió:
>>
>>> I dont like change the source to use all versions of wine... but...
>>>
>>> I'll try make a debugger to dump the memory.
>>>
>>> So... thanks a lot.
>>>
>>> Stefan Dösinger escribió:
>>>
>>>
>>>> Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
>>>>
>>>>
>>>>> Hi all,
>>>>>
>>>>> I need dump the data using the debug log.
>>>>>
>>>>> trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to
>>>>> (nil), tolen 0, ovl (nil), func (nil)
>>>>>
>>>>> if have this one, can i dump the data in 0x34e1e0 with another option in
>>>>> debug, or i need change the source?
>>>>>
>>>>>
>>>> You have to change the source, or attach a debugger and read the memory I
>>>> think.
>>>>
>>>>
>>>>
>> Could you please explain *why* you need to peek into the buffer data? Is
>> there a mismatch between what the app intends to send to the socket and
>> the actual wire contents of the packet? Do you have a bug opened for
>> whatever issue the app is experiencing? It seems strange that you
>> mention making this change for *all* versions of Wine, unless I have
>> misunderstood your comment, or somehow you are interested in dumping the
>> data for a reason other than debugging Wine itself.
>>
>> BTW: se habla español (fuera de la lista de discusión).
>>
>>
> You could add a new debugging channel, for example "winsock_buffer",
> that will do what you want. This channel might be actually useful for
> purposes other than malware scanning, as the buffers the app prepares
> (or receives) could reveal mistakes in data processed with Wine's
> implementation of functions. I suggest that you create a patch for this
> and send it to wine-patches. If your patch is accepted, future versions
> of Wine will have your required functionality added, which happens to be
> useful to others too.
>
> To the rest of the list, what do you think?
>
--
_______________________________________________________________________________
Juan Carlos Montes Senra
INTECO-CERT
Instituto Nacional de Tecnologías de la Comunicación
email: juancarlos.montes at inteco.es | jcmontes at cert.inteco.es
Tlf. 0034 987 877 189 - ext. 532
_______________________________________________________________________________
More information about the wine-devel
mailing list