New version of my sniffer for Windows 2000+
(requires admin rights).

h.

(Added commented .ini file)

(Download the v1.6 below)
Posted on 2003-10-24 10:32:17 by hitchhikr
is where for program to work correctly?
Posted on 2003-10-25 01:31:08 by stanks
Here it is.
Posted on 2003-10-25 08:02:25 by hitchhikr
Thank you very much :D
Posted on 2003-10-25 13:26:14 by stanks
Nice clean code - for those who have already been initiated :)
Posted on 2003-10-26 21:33:20 by Homer
Hello there,
very nice source, but I have a problem.

If I open the zip, and run the exe from within, no errors.
After I extracted the zip, now when I run the exe windows kills the app and wants to send a report.

Is there something I'm missing? I've tried it several times with the same results.

Thanks again for the nice source...
Posted on 2003-11-04 22:15:24 by mrkasai
hi,

What do you mean by "wants to send a report." ?
And what the exact error ?
And are you using windows xp ?

h.
Posted on 2003-11-04 22:48:36 by hitchhikr
yes, xp home (came with vaio didn't have a choice)

It says that packetsview.exe has encountered an error and needs to close.

I thought this was a rather odd error since it only occurs when running the app standalone.

I can send you the xml file windwows creates when sending in its error report if that would help...
Posted on 2003-11-04 23:01:37 by mrkasai
It could help.
But you'd rather build it with debug infos turned on and see for yourself where it crashes.

I won't mind a complete report.

h.
Posted on 2003-11-04 23:35:51 by hitchhikr
for me it crashes here in argclc

cl2Out:
mov al, 0
stosb

; ---------------------------------
; replace substitutions with spaces
; ---------------------------------
mov esi, ItemBuffer
mov edi, ItemBuffer

with a messed up EDI

I'll try to think about it tonight
Posted on 2003-11-05 03:22:12 by Hiroshimator
I'm relieved, i thought it was me, but it's masm32lib again.

Btw, the argcl/argclc proc are probably subject to a buffer overflow (or at least a denial of service attack) when used for eg. cgi scripts, a network server or something else that requires command line arguments passed from the network, so beware.

What's the value of edi when it crashes ? And it is the first or second argument ?

Notice that both arguments are optionals.

Report me the problem if you find it (i'll try to test it myself but it's working perfectly under windows 2000).

h.
Posted on 2003-11-05 10:24:46 by hitchhikr
I'm just beginning to get back into assembly, and am pretty rusty on most of this stuff.

I haven't had the chance to debug yet, but I noticed another thing.

Please don't take my posts in this thread as complaints, just helping you out with the program.

Noticed that when running the program it's eating as much CPU as it can gather. It's currently holding around 96-100%.

Just FYI.
Posted on 2003-11-05 12:09:11 by mrkasai
Here is the v1.6:

- Added handling for console signals.
- Added Sleep(1) to avoid the report of 100% CPU usage.
- Sourcecode Slightly cleaned up.
- Increased length of arguments buffers.

I don't know if it works under windows xp.

h.
Posted on 2003-11-05 15:51:09 by hitchhikr
Everything's happy here. CPU is within some sanity now :)

I've had it running for several minutes now surfing around the web and no errors yet. I did notice that by executing the program via double-click the process is dropped, but if you execute the file from within 'cmd' you are OK and it stays alive. Is the new sleep state the culprit?

Other than that nuance, it looks nice, thanks.
Posted on 2003-11-05 17:50:30 by mrkasai
haven't had any more time to test

some remarks: memalloc (or whatever you use in there) is a registered API with a totally different argumentcount

it does not crash when I call it from a CMD box :|

sorry I write it down sloppily but it's over midnight and I just got home for today and am ready to turn in
Posted on 2003-11-05 17:53:46 by Hiroshimator

I did notice that by executing the program via double-click the process is dropped, but if you execute the file from within 'cmd' you are OK and it stays alive.


Could you be a little bit more precise ?


some remarks: memalloc (or whatever you use in there) is a registered API with a totally different argumentcount


AllocMem only exists in IIService.
More precision would be welcome too.

h.
Posted on 2003-11-05 18:21:26 by hitchhikr
Sorry,
When I double click the application from within windows to execute it, it flashes up the dos box and immediately exits. If, however, I drop into "dos," navigate to the application and execute it, the application stays up and runs correctly.

I hope that clears it up.
Posted on 2003-11-05 19:56:18 by mrkasai