Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
thanks a lot,
Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
You have to change the source, or attach a debugger and read the memory I think.
I dont like change the source to use all versions of wine... but...
I'll try make a debugger to dump the memory.
So... thanks a lot.
Stefan Dösinger escribió:
Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
You have to change the source, or attach a debugger and read the memory I think.
Juan Carlos Montes escribió:
I dont like change the source to use all versions of wine... but...
I'll try make a debugger to dump the memory.
So... thanks a lot.
Stefan Dösinger escribió:
Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
You have to change the source, or attach a debugger and read the memory I think.
Could you please explain *why* you need to peek into the buffer data? Is there a mismatch between what the app intends to send to the socket and the actual wire contents of the packet? Do you have a bug opened for whatever issue the app is experiencing? It seems strange that you mention making this change for *all* versions of Wine, unless I have misunderstood your comment, or somehow you are interested in dumping the data for a reason other than debugging Wine itself.
BTW: se habla español (fuera de la lista de discusión).
I'll send u a mail to detail the process, :)
Alex Villacís Lasso escribió:
Juan Carlos Montes escribió:
I dont like change the source to use all versions of wine... but...
I'll try make a debugger to dump the memory.
So... thanks a lot.
Stefan Dösinger escribió:
Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
You have to change the source, or attach a debugger and read the memory I think.
Could you please explain *why* you need to peek into the buffer data? Is there a mismatch between what the app intends to send to the socket and the actual wire contents of the packet? Do you have a bug opened for whatever issue the app is experiencing? It seems strange that you mention making this change for *all* versions of Wine, unless I have misunderstood your comment, or somehow you are interested in dumping the data for a reason other than debugging Wine itself.
BTW: se habla español (fuera de la lista de discusión).
Alex Villacís Lasso escribió:
Juan Carlos Montes escribió:
I dont like change the source to use all versions of wine... but...
I'll try make a debugger to dump the memory.
So... thanks a lot.
Stefan Dösinger escribió:
Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
You have to change the source, or attach a debugger and read the memory I think.
Could you please explain *why* you need to peek into the buffer data? Is there a mismatch between what the app intends to send to the socket and the actual wire contents of the packet? Do you have a bug opened for whatever issue the app is experiencing? It seems strange that you mention making this change for *all* versions of Wine, unless I have misunderstood your comment, or somehow you are interested in dumping the data for a reason other than debugging Wine itself.
BTW: se habla español (fuera de la lista de discusión).
You could add a new debugging channel, for example "winsock_buffer", that will do what you want. This channel might be actually useful for purposes other than malware scanning, as the buffers the app prepares (or receives) could reveal mistakes in data processed with Wine's implementation of functions. I suggest that you create a patch for this and send it to wine-patches. If your patch is accepted, future versions of Wine will have your required functionality added, which happens to be useful to others too.
To the rest of the list, what do you think?
Ok, i can make the patch.
what do you need to make the new channel?
I use this code to dump:
//////////////////////////////////////////////////////////////////////////// // Insert to dump buffers // Inserted by Juan Carlos Montes // Date: 23/01/08 char file_name[255] = ""; sprintf( file_name, "dumps\wsasendto_%d", GetTickCount()+rand() ); HANDLE file = CreateFileA( file_name, GENERIC_WRITE | GENERIC_READ, 0, NULL, CREATE_ALWAYS, 0, NULL ); DWORD bytes = 0, pos = 0; for (pos=0; pos<dwBufferCount; pos++) WriteFile( file, lpBuffers[pos].buf, lpBuffers[pos].len, &bytes, NULL ); CloseHandle( file ); TRACE( "filename %s\n", file_name ); // End to insert
At this time, i have dumps for WriteFile, ReadFile, WSASendTo and WSARecvFrom. But i need it for Registry set value functions...
Do you want that i make a diff with all change?
Alex Villacís Lasso escribió:
Alex Villacís Lasso escribió:
Juan Carlos Montes escribió:
I dont like change the source to use all versions of wine... but...
I'll try make a debugger to dump the memory.
So... thanks a lot.
Stefan Dösinger escribió:
Am Dienstag, 22. Januar 2008 16:19:54 schrieb Juan Carlos Montes:
Hi all,
I need dump the data using the debug log.
trace:winsock:WSASendTo socket 00f8, wsabuf 0x34e1e0, nbufs 1, flags 0, to (nil), tolen 0, ovl (nil), func (nil)
if have this one, can i dump the data in 0x34e1e0 with another option in debug, or i need change the source?
You have to change the source, or attach a debugger and read the memory I think.
Could you please explain *why* you need to peek into the buffer data? Is there a mismatch between what the app intends to send to the socket and the actual wire contents of the packet? Do you have a bug opened for whatever issue the app is experiencing? It seems strange that you mention making this change for *all* versions of Wine, unless I have misunderstood your comment, or somehow you are interested in dumping the data for a reason other than debugging Wine itself.
BTW: se habla español (fuera de la lista de discusión).
You could add a new debugging channel, for example "winsock_buffer", that will do what you want. This channel might be actually useful for purposes other than malware scanning, as the buffers the app prepares (or receives) could reveal mistakes in data processed with Wine's implementation of functions. I suggest that you create a patch for this and send it to wine-patches. If your patch is accepted, future versions of Wine will have your required functionality added, which happens to be useful to others too.
To the rest of the list, what do you think?
"Juan Carlos Montes" jcmontes@cert.inteco.es wrote:
At this time, i have dumps for WriteFile, ReadFile, WSASendTo and WSARecvFrom. But i need it for Registry set value functions...
Do you want that i make a diff with all change?
This dumping feature doesn't belong to Wine, if you need it use either specialized traffic shaping tools or add your own custom code for debugging.
I'm working in a new patch to add the new channel to can dump the buffers.
regards,
Dmitry Timoshkov wrote:
"Juan Carlos Montes" jcmontes@cert.inteco.es wrote:
At this time, i have dumps for WriteFile, ReadFile, WSASendTo and WSARecvFrom. But i need it for Registry set value functions...
Do you want that i make a diff with all change?
This dumping feature doesn't belong to Wine, if you need it use either specialized traffic shaping tools or add your own custom code for debugging.
-
Alex Villacís Lasso -
Dmitry Timoshkov -
Juan Carlos Montes -
Stefan Dösinger