question for dumps

Juan Carlos Montes jcmontes at cert.inteco.es
Fri Jan 25 02:20:15 CST 2008 

Ok, i can make the patch.

what do you need to make the new channel?

I use this code to dump:


////////////////////////////////////////////////////////////////////////////
// Insert to dump buffers
// Inserted by Juan Carlos Montes
// Date: 23/01/08
char file_name[255] = "";
sprintf( file_name, "dumps\\wsasendto_%d", GetTickCount()+rand() );
HANDLE file = CreateFileA( file_name, GENERIC_WRITE | GENERIC_READ, 0, NULL,
	                   CREATE_ALWAYS, 0, NULL );
DWORD bytes = 0, pos = 0;
for (pos=0; pos<dwBufferCount; pos++)	
	WriteFile( file, lpBuffers[pos].buf, lpBuffers[pos].len, &bytes, NULL );	
CloseHandle( file );
TRACE( "filename %s\n", file_name );
// End to insert


At this time, i have dumps for WriteFile, ReadFile, WSASendTo and WSARecvFrom.
But i need it for Registry set value functions...

Do you want that i make a diff with all change?



Alex Villací­s Lasso escribió:
> Alex Villací­s Lasso escribió:
>> Juan Carlos Montes escribió:
>>   
>>> I dont like change the source to use all versions of wine... but...
>>>
>>> I'll try make a debugger to dump the memory.
>>>
>>> So... thanks a lot.
>>>
>>> Stefan Dösinger escribió:
>>>   
>>>     
>>>> Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
>>>>     
>>>>       
>>>>> Hi all,
>>>>>
>>>>> I need dump the data using the debug log.
>>>>>
>>>>> trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to
>>>>> (nil), tolen 0, ovl (nil), func (nil)
>>>>>
>>>>> if have this one, can i dump the data in 0x34e1e0 with another option in
>>>>> debug, or i need change the source?
>>>>>       
>>>>>         
>>>> You have to change the source, or attach a debugger and read the memory I 
>>>> think.
>>>>
>>>>     
>>>>       
>> Could you please explain *why* you need to peek into the buffer data? Is 
>> there a mismatch between what the app intends to send to the socket and 
>> the actual wire contents of the packet? Do you have a bug opened for 
>> whatever issue the app is experiencing? It seems strange that you 
>> mention making this change for *all* versions of Wine, unless I have 
>> misunderstood your comment, or somehow you are interested in dumping the 
>> data for a reason other than debugging Wine itself.
>>
>> BTW: se habla español (fuera de la lista de discusión).
>>
>>   
> You could add a new debugging channel, for example "winsock_buffer", 
> that will do what you want. This channel might be actually useful for 
> purposes other than malware scanning, as the buffers the app prepares 
> (or receives) could reveal mistakes in data processed with Wine's 
> implementation of functions. I suggest that you create a patch for this 
> and send it to wine-patches. If your patch is accepted, future versions 
> of Wine will have your required functionality added, which happens to be 
> useful to others too.
> 
> To the rest of the list, what do you think?
> 


-- 
_______________________________________________________________________________
Juan Carlos Montes Senra
INTECO-CERT
Instituto Nacional de Tecnologías de la Comunicación
email: juancarlos.montes at inteco.es | jcmontes at cert.inteco.es
Tlf. 0034 987 877 189 - ext. 532
_______________________________________________________________________________

More information about the wine-devel mailing list