Thank you mvern!
You did an awesome job.
Type: Posts; User: a_necro00
Thank you mvern!
You did an awesome job.
yes dude, SOE won, please stop trying to use SEQ, telling anyone that SEQ exists and most important, stop visiting this forums.
Excuse me, but you are not telling us that you really think that you need to cycle 15 times more to power a 3GHz PIV instead of a 200Mhz Pentium.
right? Because you only need to cycle twice,...
And what about Arthur C. Clarke's Rendezvouz with Rama four books.
I know I know that is in pre-production but I don't really believe it, I think that the site just got stuck. :D
...
Compiles perfect with lcc also, a very simple & easy to use C compiler, it will even includes the needed libs automatically.
http://www.cs.virginia.edu/~lcc-win32/
Excellent work baelang, it...
Yes Mad Poet.
That's another thing, today finally someone posted a very good doc that has good examples of how to hook API Calls (I am glad that you like to search :D ). I started a week ago the...
Sorry mad poet you are wrong in this thing.
This is from another of my posts:
As mvern and Mr. Spock confirmed in this thread: http://seq.sourceforge.net/showthread.php?s=&threadid=2359 (end of...
With KD you can only debug Kernel-mode drivers.
You could use CDB or NTSD (I haven't used them) to try to debug user-mode eqgame.exe, but I bet my balls that this will set the I-am-being-debugged...
i) yes, but you are at your own. I recommend you read this answer from FAQ, and then use search using the right keywords.
2.14 Can I run ShowEQ in VMware or on other virtual i386 computers?
While...
Your code will NEVER work, as they can't catch those events.
From MSDN public site (I am at my home now):
The WaitForDebugEvent function waits for a debugging event to occur in a process being...
As far as I know you can not set a trap on memory addresses. You could interfere the ReadProcessMemory() call and do it there, and it's not pretty simple.
Some people is starting to work in a...
I don't think so.
the DEBUG_EVENT group triggers only if you are debuggin the app with a call to DebugActiveProcess(). At least, that is what is said in the MSDN docs.
The real thing is to see...
Octavius.
I believe that you need to call DebugActiveProcess to set that flag (that you are being debugged, ouch)
Please confirm, I am checking the available docs right now. If you are right...
Ok mvern
XP DDK is going up soon (my CD librarian is out to lunch)
I sent you a private message with the IP address. If anyone else need it or want to help with this titanic task send me a...
I have used two hours looking for a document, that I am starting to believe is no longer on the MSDN CDs (sic, yesterday I installed the October version, I read it in the July version) anyway I am...
Yueh
If EQ runs in XP Home as non-administrator, then how they COULD have access to read other processes memory, and catch our sniffers using that approach?
Correct me if I am wrong, but...
Yueh, under what mode is your skeleton created? after some research, there are two types of device drivers. The ones that run in User Mode and have Win API access and the ones that run in Kernel Mode...
Interesting Mr. Spock. I didn't know that. Have some example code from Microsoft and they use standard APIs.
If you are right, then that barrier is gone. I saw yesterday some posts about EQ...
yes yes yes, I am a risky man (oops, they know that now )
as MQ continue working I am sure that eqgame.exe wasn't changed.
Sorry Folks.
As EQ likes to run with administrator privileges they could just intercept ReadProcessMemory and catch everyone looking some particular address (like 0x00773b90) at some particular...
Adding some suggestions to Duck's comments.
FIRST about Compiler Settings
If you modify any sniffer source code (as you MUST do to be different from the rest). Disable any code optimization...
The easy setup implies that you will need vmware in bridged networking mode, so you will need more than one IP assigned. It's very easy to setup the Linux Guest to use DHCP then.
If you are NOT...
Thanks BlueAdept. It was my fault to not look for this error on another boards.
That is one chance and another is the ICMP pass-through implementation of my crappy DSL router/firewall. I am pretty...
Thanks S_B_R, I disabled the ICS anyway.
It's working perfect now that I installed the hub in front of both machines. The weird thing is that I can not ping (or traceroute)
from inside the RH 7.2...
Hello there.
I have SEQ working at my desktop PC at the office using VMWare thanks to the (excellent work!) Howto RH 7.2.
But at my home I have an ARESCOM NetDSL 1000 IP ADSL Router that is...