Thread for those crashing using the V1 or V2 sniffers ...

[emmt33]

Originally posted by devnul
Could you post the lines you changed?

dn

sure - here's the modified InjectCode function with sizeof(inj) statements added in (what I think are) the right places:

Code:

// V2 - Allocates memory, injects our sniffer code into it, and gets it started.
BOOL InjectCode()
{
  LPVOID pvCode;
  LPVOID pvMem;
  INJECTSTRUCT inj;
  LPVOID pvStart;
  DWORD  dwLen;
  MEMORY_BASIC_INFORMATION mbi;
  DWORD  dwOffset = MAKELONG(MAKEWORD(0, INJECT_OFFSET), 0);
  DWORD  dwFuncOffset;

  // The start of the function we're injecting
  pvStart = (LPVOID)InternalHookProc;  

  // Figure out how large our memory block is that contains our sniffer code.
  VirtualQuery(pvStart, &mbi, sizeof(mbi));
  dwFuncOffset = (DWORD)pvStart - (DWORD)mbi.BaseAddress;

  // Determine the length of the code to inject, and add the size of the offset to it.
  dwLen = (DWORD)mbi.RegionSize + dwOffset;

#ifdef _SNIFFDEBUG
  TCHAR szMsg[MAX_PATH];
  wsprintf(szMsg, _T("Injecting code length %d ...\n"), dwLen + sizeof(inj));
  OutputDebugString(szMsg);
#endif

  // Allocate a writeable memory block in preparation for injection ... 
  pvCode = VirtualAlloc(NULL, dwLen + sizeof(inj), MEM_COMMIT, PAGE_READWRITE);
  if (!pvCode) return FALSE; // Failed to allocate memory

#ifdef _SNIFFDEBUG
  wsprintf(szMsg, _T("Code allocated at 0x%8.8X\n"), pvCode);
  OutputDebugString(szMsg);
#endif

  // Get the memory address to sniff for, and de-xor it.
  pvMem = gsh_pvEQKey;
  xormem(&pvMem, gsh_xorby, sizeof(pvMem));

  // Clear and fill out the struct with pointers to our API calls and some other useful stuff
  // such as the SEQ box socket addr, the memory pointer to sniff, etc.
  ZeroMemory(&inj, sizeof(inj));
  inj.addr = gsh_SEQAddr;
  inj.pvmem = pvMem;
  inj.ullLastKey = MAXDWORD;
  inj.func_VirtualQuery =   (VIRTUALQUERY)  GetProcAddress(GetModuleHandle(_T("KERNEL32")), "VirtualQuery");
  inj.func_IsBadReadPtr =   (ISBADREADPTR)  GetProcAddress(GetModuleHandle(_T("KERNEL32")), "IsBadReadPtr");
  inj.func_socket =         (CREATESOCKET)  GetProcAddress(GetModuleHandle(_T("WSOCK32")), "socket");
  inj.func_sendto =         (SENDTO)        GetProcAddress(GetModuleHandle(_T("WSOCK32")), "sendto");
  inj.func_closesocket =    (CLOSESOCKET)   GetProcAddress(GetModuleHandle(_T("WSOCK32")), "closesocket");
  inj.func_CallNextHookEx = (CALLNEXTHOOKEX) GetProcAddress(GetModuleHandle(_T("USER32")), "CallNextHookEx");

  // Write the injection struct to the beginning of the memory page.
  CopyMemory(pvCode, &inj, sizeof(inj));

  // Copy our DLL code into the memory page starting at the offset specified.
  CopyMemory((LPBYTE)pvCode + dwOffset + sizeof(inj), mbi.BaseAddress, dwLen - dwOffset);

  // Mark the code's memory to allow execution.
  VirtualProtect(pvCode, dwLen + sizeof(inj), PAGE_EXECUTE_READWRITE, &dwLen);

#ifdef _SNIFFDEBUG
  OutputDebugString(_T("Setting hook procedure...\n"));
#endif

  // Set a hook into the message pump of the process's main thread.
  ((LPINJECTSTRUCT)pvCode)->hHook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)((LPBYTE)pvCode + dwOffset + sizeof(inj) + dwFuncOffset), NULL, GetCurrentThreadId());

  return TRUE;
}

[Pascal7]

Just wondering...
A friend and I both live in the same city, on different ISPs. Both of us were using SEQ with the V2 sniffer. And both of us had LD at the same exact time.... Humm... Just wondering if anyone else is experiencing this? And if anyone thinks this could be an attempt to localize SEQ users?

I was thinking, maybe they are sending some code segment that they know would crash the sniffer causing LD within a min.. Then watch the server logs to see who goes LD about that time. Those accounts are flagged for further interigation attempts or just outright bannishment. Just wondering if any of the more skilled programmers see that this could be a possibility or I'm just being really parinoid?

[Dedpoet]

Doubful, Pascal7. If you guys both live in the same place, chances are very good that your ISP's use the same backbone. Even if they don't, at some point they're going to go through a common router somewhere. One of those router's probably hiccuped so you both LD'd. Ever been on a raid where 10 people LD at the same time? It happens all the time.

[datadog]

Changing the Code Generation->Basic Runtime Checks to Default also fixed my crash-on-keypress problems.

This also cured my crash on keypress problems.

I have 2 WinXP Home systems. Both were crashing on keypress until I recompiled with this change.

Just an FYI...

[Hades42]

Seems like the keypress error is caused by the default compiler setting of 8 bytes struct alignment, it's actually a quite common error when doing tricky memory stuff. Try setting the struct alignment to 1 byte.

It worked for me. In VC++6 this setting can be found under Code Generation

Hades

[Nstalkerga]

any idea why your program doesnt seem to agree with the default microsoft telnet server on XP?

Works great with the trial add on ...
Works fine with the purchased SSH server addon (minus the fact i cant copy and paste the key until i end the SSH session).

however with the microsoft client it launch the program but never gives any terminal display results for the key... I can CTRL-C and end it but ... /shrug who knows im grasping at straws here



I know the details are sketchy and i'll fill you in on anything else that might be usefull.
but this looks like something simple....

doenst seem really related to the program.. more related to the lack of the program echoing results back to the deafult telnet server and then through to the client.

[Mr. Suspicious]

Don't crosspost! (http://seq.sourceforge.net/showthrea...7945#post17945)

It's not ShowEQ related, not even keysniffer related. It's purely a Telnet client issueI suggest you go and find yourself a Windows Telnet related forum and ask there. Asking how to repair my Toaster here won't get me any helpfull help either.

[Nstalkerga]

If you dont have something constructive to say...why bother.

I addressed it to him directly and tried to delete the original post NOTICE THE edit on it....

I figured since the author would read it here he might have an idea.

And yes i did guess it was related to thge client ... but know what ...other things work just with the server too..
Who knows ... isnt that the point of asking.

I guess you could have used the tried and true version ..
"use search before posting"

[Fooksheng]

I am using VC++6 and for the life of me cannot find this setting. God help me.

[Fooksheng]

Though I do not see any form field under the "Code Generation" tab that is "Basic Runtime Check???"
The only form fields under "Code Generation" that I see are: Processor, Calling convention, Use run-time library, Struct-member alignment