GithubHelp home page GithubHelp logo

gvanem / wsock-trace Goto Github PK

View Code? Open in Web Editor NEW
24.0 24.0 7.0 314.61 MB

Tracing library for Winsock calls.

C 84.59% Lua 11.77% Batchfile 0.44% Makefile 0.60% C++ 0.43% Python 2.00% Shell 0.04% M4 0.14%
c-programming geoip hook-functions mingw msvc network-tools winsock-calls

wsock-trace's People

Contributors

googlecodeexporter avatar gvanem avatar sgeto avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

sgeto useful-stuff mbr001 hexcolors60 mu-l fadinglr ds-fabricio

wsock-trace's Issues

About geoip.exe

So it seems that geoip.exe looks for the geoip files in %HOME%.
I think it should rather look in the parent folder (src..) because %HOME% is by default not set and because you can't expect people to have the files in their user folder. The geoip files that come with this repo are also expected to be more up-to-date.

Another thing is that the command geoip.exe -6g geoip-gen6.c outputs this when failing:
'geoip4' file '"C:\Users\Ali\geoip' not found. This is needed for these tests.

Shouldn't it be looking for geoip6? Or is it and this is just a mistake?

Possible stack-based buffer overrun

can you confirm this? The test.exe and all apps linked with wsock-trace die pretty much at the end of program execution.

It could be just me as I am having some troubles with my VS installation.

I really need to learn how to debug these kinds of things. If it helps, stepped through it with my rudimentary debugging skills:

Exception thrown at 0x00007FFF4BEA1BD5 (KernelBase.dll) in test.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.
If there is a handler for this exception, the program may be safely continued.

in
common.c on line 580

next (after "continuing"):

Unhandled exception at 0x00007FFF1BD4B478 (wsock_trace_x64.dll) in test.exe: Stack cookie instrumentation code detected a stack-based buffer overrun.

in C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\crt\src\vcruntime\gs_report.c on line 199

not sure if you have this exact file or not, so I just gonna paste the whole function:
I marked the break point with a ----->

#if defined _CRT_APP || defined _M_ARM || defined _M_ARM64

    #pragma warning(push)
    #pragma warning(disable: 4100) // unreferenced formal parameter
    __declspec(noreturn) void __cdecl __report_gsfailure(GSFAILURE_PARAMETER)
    {
        __fastfail(FAST_FAIL_STACK_COOKIE_CHECK_FAILURE);
    }
    #pragma warning(pop)

#elif defined _M_IX86 || defined _M_X64

    __declspec(noreturn) void __cdecl __report_gsfailure(GSFAILURE_PARAMETER)
    {
        if (IsProcessorFeaturePresent(PF_FASTFAIL_AVAILABLE))
        {
----->      __fastfail(FAST_FAIL_STACK_COOKIE_CHECK_FAILURE);
        }

        volatile UINT_PTR cookie[2];

        // Set up a fake exception, and report it via UnhandledExceptionFilter.
        // We can't raise a true exception because the stack (and therefore
        // exception handling) can't be trusted after a buffer overrun.  The
        // exception should appear as if it originated after the call to
        // __security_check_cookie, so it is attributed to the function where the
        // buffer overrun was detected.

        #if defined _M_IX86
        // On x86, we reserve some extra stack which won't be used.  That is to
        // preserve as much of the call frame as possible when the function with
        // the buffer overrun entered __security_check_cookie with a JMP instead of
        // a CALL, after the calling frame has been released in the epilogue of
        // that function.
        ULONG volatile dw[(sizeof(CONTEXT) + sizeof(EXCEPTION_RECORD)) / sizeof(ULONG)];

        // Save the state in the context record immediately.  Hopefully, since
        // opts are disabled, this will happen without modifying ECX, which has
        // the local cookie which failed the check.
        __asm
        {
            mov dword ptr [GS_ContextRecord.Eax  ], eax
            mov dword ptr [GS_ContextRecord.Ecx  ], ecx
            mov dword ptr [GS_ContextRecord.Edx  ], edx
            mov dword ptr [GS_ContextRecord.Ebx  ], ebx
            mov dword ptr [GS_ContextRecord.Esi  ], esi
            mov dword ptr [GS_ContextRecord.Edi  ], edi
            mov word ptr  [GS_ContextRecord.SegSs], ss
            mov word ptr  [GS_ContextRecord.SegCs], cs
            mov word ptr  [GS_ContextRecord.SegDs], ds
            mov word ptr  [GS_ContextRecord.SegEs], es
            mov word ptr  [GS_ContextRecord.SegFs], fs
            mov word ptr  [GS_ContextRecord.SegGs], gs
            pushfd
            pop [GS_ContextRecord.EFlags]

            // Set the context EBP/EIP/ESP to the values which would be found
            // in the caller to __security_check_cookie.
            mov eax, [ebp]
            mov dword ptr [GS_ContextRecord.Ebp], eax
            mov eax, [ebp+4]
            mov dword ptr [GS_ContextRecord.Eip], eax
            lea eax, [ebp+8]
            mov dword ptr [GS_ContextRecord.Esp], eax

            // Make sure the dummy stack space looks referenced.
            mov eax, dword ptr dw
        }

        GS_ContextRecord.ContextFlags       = CONTEXT_CONTROL;
        GS_ExceptionRecord.ExceptionAddress = (PVOID)(ULONG_PTR)GS_ContextRecord.Eip;

        #else // ^^^ _M_IX86 ^^^ // vvv _M_X64 vvv //

        capture_previous_context(&GS_ContextRecord);
        GS_ContextRecord.Rip                = (ULONGLONG)_ReturnAddress();
        GS_ContextRecord.Rsp                = (ULONGLONG)_AddressOfReturnAddress()+8;
        GS_ExceptionRecord.ExceptionAddress = (PVOID)GS_ContextRecord.Rip;
        GS_ContextRecord.Rcx                = stack_cookie;

        #endif // _M_X64

        GS_ExceptionRecord.ExceptionCode           = STATUS_SECURITY_CHECK_FAILURE;
        GS_ExceptionRecord.ExceptionFlags          = EXCEPTION_NONCONTINUABLE;
        GS_ExceptionRecord.NumberParameters        = 1;
        GS_ExceptionRecord.ExceptionInformation[0] = FAST_FAIL_STACK_COOKIE_CHECK_FAILURE;

        // Save the global cookie and cookie complement locally - using an array
        // to defeat any potential stack-packing.
        cookie[0] = __security_cookie;
        cookie[1] = __security_cookie_complement;

        // Raise the security failure by passing it to the unhandled exception
        // filter and then terminate the process.
        __raise_securityfailure((EXCEPTION_POINTERS*)&GS_ExceptionPointers);
    }

#else

    #error Unsupported architecture

#endif

geoip2.exe build error

Trying to build geoip2.exe using the the command nmake -f Makefile.vc6 geoip2.exe exits with the following error (I increased the warning level to 4 [-W4] just in case):

Microsoft (R) Program Maintenance Utility Version 14.00.23918.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        geoip.exe -g4 > geoip-gen4.c
        geoip.exe -g6 > geoip-gen6.c
        cl -nologo -I. -W4 -Zi -DWIN32 -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -MD -Ot -Gs -DUSE_DEF_FILE -IC:\Users\Ali\projects\luajit-2.0/src -DUSE_LUA -D_CRT_SECURE_NO_WARNINGS -DTEST_GEOIP -DUSE_FWRITE -DUSE_GEOIP_GENERATED geoip.c common.c in_addr.c init.c getopt.c  -Fegeoip2.exe -link -nologo -map -debug -verbose -incremental:no -subsystem:console -machine:x86 ws2_32.lib ole32.lib > link.tmp
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.

I'm using the latest LUAjit from the their public git repository. I don't think that's the problem though.

HELP request

mine is a help request
I'm trying to use wsock_trace with vs2013
the WSAStartup call fails because it cannot find the address of WSAStartup !
What am I missing ?
image

best regards
bob

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.