question for dumps

[Alex Villací­s Lasso]

Alex Villací­s Lasso escribió:
> Juan Carlos Montes escribió:
>   
>> I dont like change the source to use all versions of wine... but...
>>
>> I'll try make a debugger to dump the memory.
>>
>> So... thanks a lot.
>>
>> Stefan Dösinger escribió:
>>   
>>     
>>> Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
>>>     
>>>       
>>>> Hi all,
>>>>
>>>> I need dump the data using the debug log.
>>>>
>>>> trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to
>>>> (nil), tolen 0, ovl (nil), func (nil)
>>>>
>>>> if have this one, can i dump the data in 0x34e1e0 with another option in
>>>> debug, or i need change the source?
>>>>       
>>>>         
>>> You have to change the source, or attach a debugger and read the memory I 
>>> think.
>>>
>>>     
>>>       
> Could you please explain *why* you need to peek into the buffer data? Is 
> there a mismatch between what the app intends to send to the socket and 
> the actual wire contents of the packet? Do you have a bug opened for 
> whatever issue the app is experiencing? It seems strange that you 
> mention making this change for *all* versions of Wine, unless I have 
> misunderstood your comment, or somehow you are interested in dumping the 
> data for a reason other than debugging Wine itself.
>
> BTW: se habla español (fuera de la lista de discusión).
>
>   
You could add a new debugging channel, for example "winsock_buffer", 
that will do what you want. This channel might be actually useful for 
purposes other than malware scanning, as the buffers the app prepares 
(or receives) could reveal mistakes in data processed with Wine's 
implementation of functions. I suggest that you create a patch for this 
and send it to wine-patches. If your patch is accepted, future versions 
of Wine will have your required functionality added, which happens to be 
useful to others too.

To the rest of the list, what do you think?

-- 
perl -e '$x=2.4;print sprintf("%.0f + %.0f = %.0f\n",$x,$x,$x+$x);'