question for dumps

Juan Carlos Montes jcmontes at
Fri Jan 25 02:20:15 CST 2008

Ok, i can make the patch.

what do you need to make the new channel?

I use this code to dump:

// Insert to dump buffers
// Inserted by Juan Carlos Montes
// Date: 23/01/08
char file_name[255] = "";
sprintf( file_name, "dumps\\wsasendto_%d", GetTickCount()+rand() );
HANDLE file = CreateFileA( file_name, GENERIC_WRITE | GENERIC_READ, 0, NULL,
	                   CREATE_ALWAYS, 0, NULL );
DWORD bytes = 0, pos = 0;
for (pos=0; pos<dwBufferCount; pos++)	
	WriteFile( file, lpBuffers[pos].buf, lpBuffers[pos].len, &bytes, NULL );	
CloseHandle( file );
TRACE( "filename %s\n", file_name );
// End to insert

At this time, i have dumps for WriteFile, ReadFile, WSASendTo and WSARecvFrom.
But i need it for Registry set value functions...

Do you want that i make a diff with all change?

Alex Villací­s Lasso escribió:
> Alex Villací­s Lasso escribió:
>> Juan Carlos Montes escribió:
>>> I dont like change the source to use all versions of wine... but...
>>> I'll try make a debugger to dump the memory.
>>> So... thanks a lot.
>>> Stefan Dösinger escribió:
>>>> Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
>>>>> Hi all,
>>>>> I need dump the data using the debug log.
>>>>> trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to
>>>>> (nil), tolen 0, ovl (nil), func (nil)
>>>>> if have this one, can i dump the data in 0x34e1e0 with another option in
>>>>> debug, or i need change the source?
>>>> You have to change the source, or attach a debugger and read the memory I 
>>>> think.
>> Could you please explain *why* you need to peek into the buffer data? Is 
>> there a mismatch between what the app intends to send to the socket and 
>> the actual wire contents of the packet? Do you have a bug opened for 
>> whatever issue the app is experiencing? It seems strange that you 
>> mention making this change for *all* versions of Wine, unless I have 
>> misunderstood your comment, or somehow you are interested in dumping the 
>> data for a reason other than debugging Wine itself.
>> BTW: se habla español (fuera de la lista de discusión).
> You could add a new debugging channel, for example "winsock_buffer", 
> that will do what you want. This channel might be actually useful for 
> purposes other than malware scanning, as the buffers the app prepares 
> (or receives) could reveal mistakes in data processed with Wine's 
> implementation of functions. I suggest that you create a patch for this 
> and send it to wine-patches. If your patch is accepted, future versions 
> of Wine will have your required functionality added, which happens to be 
> useful to others too.
> To the rest of the list, what do you think?

Juan Carlos Montes Senra
Instituto Nacional de Tecnologías de la Comunicación
email: juancarlos.montes at | jcmontes at
Tlf. 0034 987 877 189 - ext. 532

More information about the wine-devel mailing list