[Help]Problem with bytes
[Help]Problem with bytes
Hi everyone
I'm still stuck on the readable part of my winsock application, Apart from being not readable, I'm also unable to print the raw bytes (instead of chars1, ints or huge seemingly random numbers that popup if I print them as a DWORD)
I've so I decided to see if my packets were legit at all, so I fired up wireshark and anilized the packets, just as all references said these packets all start with the most significant bit ( '00' ) my misterious packets all start with '69' (or E, or other blurish shit depending on how you try to print them)
And example of a packet dump from my app:
I've tried almost everything I could think of but I still cann't print them in pure hex
For example is I do this:
cout<<(int)wbuf.buf[ai]<<" "; it somehow menages to print numbers like:
-104 and -128
The code I use:
Main.h
Capture Trafic.cpp
Please anyone, help me out, I've been stuck here for days now and I don't like being stuck
I'm still stuck on the readable part of my winsock application, Apart from being not readable, I'm also unable to print the raw bytes (instead of chars1, ints or huge seemingly random numbers that popup if I print them as a DWORD)
I've so I decided to see if my packets were legit at all, so I fired up wireshark and anilized the packets, just as all references said these packets all start with the most significant bit ( '00' ) my misterious packets all start with '69' (or E, or other blurish shit depending on how you try to print them)
And example of a packet dump from my app:
Code:
E ܐP@ <gDR^ä’
— P »‡üºŠSõšŒP åI² TҨyïŝC¯ƒ£¼ê‡ÖÙZá$
Y¹NJâìÐ ”տ:
Á3%
d£$‡Yÿؐî|Ã,LÂÕ**RK×'Ö[}ü¡qÉÊ1t`”߬?"žº´řÊipa>PÊ¢$“|ֹÁ¨àFq
“ƒS9nu‚P¸ÅGzÖxHy(ŠSx7âîa…$Ÿ%Õyt8fȪÑ×öêW*3ª;f{Í]Øæ±,ÅüR}>TtXL§¢'p,-¡"¨9ßSÿ¨›n*sö*)šþâ?š£ñp§Ÿ
®aúiœ!$/ìÑMåТ3”õG#j›œ™y ;gfK]œiY a˜ØAEÃYÓTz<j]6åÓ9¥–üŸ¤¾ÜŽQ¼GÚ*®pú¼¹Ìø?Œç‘…չS?/g´YÛ /BáäàZQÜ}*—‡ ³»ù÷=!sÊ[ìåXœcW•ö¾$¼Ä9>¹/fœ3‡Ä_¸V¾þúp
ÈU*RØm[åìpâ&ÀG±¶œåñE^ÄɅ3ÓØFE”ÿª(ò”Tˆ£U–#Ÿþ?PíD¥ûoôˆ@LÁ=
c@B¸äД¢
0
+ ç*íΦÚ+*)Þiݐ62èÆ£›hÖž+¥'4dqtúU(yê3Ë^öIåÉlÚ ÃŸ›ܸÌ÷3=\ÙûÛÞ+» uì¬I»*¡˜}Âñ‡´”£ƒD÷U
&Edc`†LªÉqfd{ÄnYl@Ʉh=$á,O
I—=÷gc1rÕ×TºgÃÑ?Ç 2A>Æ~ÝyÞ`¤¾SÆç
ž" A*‰Š˜*@O½1¶·‚
ÈfŷÐj:0>[
+XwäJŠ†Ýd3úåk ]àK7¥hL$¦ùö÷QeÑÐl߇ÞR×9yáÝ#ÀŒakýÒ\ó¦ða òÇ
ª`úÏèŠÿ “Åù8à ¤L¤ïCܱ¥R²‚õ\Êg-ü½¨0ÉœÐô\UÑ‘|†u´ìhX2|YŒ
Km·pcö£ãàAì‰}Iûˆ^ «
7GøÞ¤–ò.I¤® ãâ?XOðƸo@«3xÅòü^Å8ÕÇ8”ñÙX7Ýj_mÓË{l¸Ç «˜<ê,íXuyãðAë`}¶Äotbse°£ñS“*á~
}V”#\>mæØn?å!¨½hoNÆ*$·Êh
¾sȴPbÓì1¤ccm}ÿ0«F†tçpÑ=‹ÝV
ˆf-P—²9›þHBYP`ÕùÕiî<n
º吗×ˌ4U
A®S/FÕY1¦+ÝOÀ€©öµb*M¾"ʺÐ #ÚÓlÚhqó(ëߴˆ9Œa끖G%kT&°VáU¬º€§ÿ4úü~ò
~Q „*“±©v—ô‹[©0
)Åm€»¦WóÃ
)>$€
uT†+4Çq¨xÈìªÙ°A•äŠ©…³Ø\™S6‡—#üÄŠ‘˜¨®1”R¤A×z5PiZait~t®M~ŐfÖ]Vœ–æH¹×Ï(
Èl&-° é³s¡s){î€êÏ?ç¥r–8]
Í·ƒ–͇wg*I–
=DZ©0‡b:xBÍñµw†¨Råä¨@ý¥ý ^t2È!,A—LTvpÃÕҟ}{l“vª‚®Žû+ÕÐðkE…]üc'Õ¸´ª
צ^ÐH/EMõ0rôCC¿Ma½I‡ö£’u§Êû/>¤nUXG¡jcʑ
Й8e0°ÅëT
¶'Pñ~Y ….xoõJã
K÷íê^÷,í¾ b§[º*£Á9é¸×úï6—Mýǟù¨læEùÍzÍÈëªðö,,Ýroi»¿<‘¨¯ÀŒØ~Le/ZÆ(g˜U<Û72֫UŽ^.)ùeûï_w&ä¯?,Å`*s
KÌì·*I*?ïþ‘‘žÜp8x°olµ±6
For example is I do this:
cout<<(int)wbuf.buf[ai]<<" "; it somehow menages to print numbers like:
-104 and -128
The code I use:
Main.h
Code:
#pragma comment "Main.h" #define MAX_IP_SIZE 65535 #define HI_WORD(byte) (((byte) >> 4) & 0x0F) #define LO_WORD(byte) ((byte) & 0x0F) #include <iostream> #include <winsock2.h> #include <iphlpapi.h> #include <Mstcpip.h> #include <string> #include <fstream> #pragma comment(lib, "iphlpapi.lib") #pragma comment(lib, "ws2_32.lib") int Initialize(); using namespace std;
Capture Trafic.cpp
Code:
#include "Main.h"
DWORD dwBytesRet;
DWORD dwFlags;
WSADATA wsaData;
WSABUF wbuf;
SOCKET s1;
struct sockaddr_in Lip;
char rcvbuf[MAX_IP_SIZE];
char ac[80];
unsigned int optval;
void* buffer; // I've also changed the bufer type a few times, no effect
string str;
ostream& operator<<(ostream& out, const WSADATA& WsaData) { //Overloading for WSADATA
out<< "MaxSockets: "<< WsaData.iMaxSockets << endl;
out<< "MaxiMaxUdpDg: "<< WsaData.iMaxUdpDg << endl;
out<< "Description: "<< WsaData.szDescription << endl;
out<< "SystemStatus: "<< WsaData.szSystemStatus << endl;
out<< "Winsock High Version: "<< WsaData.wHighVersion << endl;
out<< "Version: "<< WsaData.wVersion << endl;
return out; //return exectution
}
int Initialize(){
cout<<"\n\n#########DATA TRAFIC ANILIZING COMPONENT#########\n\n";
if( WSAStartup( MAKEWORD(2, 2), &wsaData ) != NO_ERROR ) //initialize winsock
{
cerr<<"Socket Initialization: wsa startup error\n";
WSACleanup();
return -1;
}
cout<<"WsaStartup succesfully initialized\n\nWSADATA: "<< wsaData <<"\n\n"; //using overloaded operator
// ( s1 = socket( AF_UNSPEC, SOCK_RAW, IPPROTO_ICMP ) ) //initialize raw socket
if ( (s1 = WSASocket(AF_INET, SOCK_RAW, IPPROTO_IP, NULL, 0, WSA_FLAG_OVERLAPPED) ) == INVALID_SOCKET) { //check for errors
cout << "Invailid socket error: "<< WSAGetLastError() << endl; // call wsagetlasterror if there are any errors
WSACleanup();
return -2;
} else {
cout<<"Raw socket is succesfully bound: "<< s1 << endl;
}
if (gethostname(ac, sizeof(ac)) == SOCKET_ERROR) {
cout<<"Can not resolve host name: "<< WSAGetLastError() << endl;
WSACleanup();
return -3;
} else {
cout<<"Host address name is: "<< ac << endl;
}
struct hostent *phe = gethostbyname(ac);
if (phe == 0) {
cerr << "Hostlookup failed" << endl;
return -4;
}
struct in_addr addr;
memcpy(&addr, phe->h_addr_list[0], sizeof(struct in_addr));
cout<<"Host address is: "<< inet_ntoa(addr) << endl;
Lip.sin_family = AF_INET;
Lip.sin_addr.s_addr = inet_addr( inet_ntoa( addr ) );
Lip.sin_port = htons( 0 );
cout<<"Addres bound to inet_addr! "<< Lip.sin_addr.s_addr <<endl;
if ( bind(s1, (SOCKADDR*) &Lip, sizeof(Lip)) != 0 ){
cout<<"Cannot bind socket: "<< WSAGetLastError() << endl;
WSACleanup();
closesocket(s1);
return -5;
} else {
cout<<"Socket succesfully bound: "<< s1 << endl;
}
int i = WSAIoctl( s1, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
if( i != 0) {
cout << "WSAIoctl error: "<< WSAGetLastError() << endl; // call wsagetlasterror if there are any errors
WSACleanup();
closesocket(s1);
return -6;
} else{
cout<<"WSAioctl succesfully called"<<endl;
}
wbuf.len = MAX_IP_SIZE;
wbuf.buf = rcvbuf;
dwFlags = 0;
while(1){
int ret = WSARecv(s1, &wbuf,1 , &dwBytesRet, &dwFlags, NULL, NULL);
// recv(s1, buffer, sizeof(buffer), NULL);
if (ret == SOCKET_ERROR){
cout<<"WSARecv ERROR: "<<WSAGetLastError() << endl;
WSACleanup();
closesocket(s1);
return -7;
}else{
cout<<"\n #######Packet Length: "<<wbuf.len<<endl;
cout<<" #######Packet data#######\n";
for(int ai = 0; ai < dwBytesRet; ai++){
cout<<(int)wbuf.buf[ai]<<" "; //I've tried litraly everything here, all data types I know have ended up casting it....
}
}
}
cout<<"\n\n#########DATA TRAFIC ANILIZING COMPONENT#########\n\n#########END#########\n\n";
return 0;
}
You can use sprintf, which will write the byte to an allocated buffer in the desired format. Read here : sprintf - C++ Reference Note, some ascii keys have no character representation, and pasting the dump in ascii form on a thread will likely cause damage to the data as the forum posting system usually filters these obscure characters out.
If your logging some sort of secure application, It is very likely this data goes under some sort of encryption process, and thus I would recommend you open your target in a disassembler and follow the execution back from the send routine. You need to find the source of the data buffer, so a breakpoint on read\write would be worth a go. Ofc it's always safer to do offline analysis, so if you can get your target unpacked then you're good to go.
After you get the decrypted form of the data, you need to perform what is called "data reverse engineering". Which is the process of figuring out what the data fields inside the send dump mean. I.e, the first word may be a signature, the second may be a array of characters describing the player's name. This will likely require tracing the buffer back to it's source and determining where all the fields are set.
Good luck.
If your logging some sort of secure application, It is very likely this data goes under some sort of encryption process, and thus I would recommend you open your target in a disassembler and follow the execution back from the send routine. You need to find the source of the data buffer, so a breakpoint on read\write would be worth a go. Ofc it's always safer to do offline analysis, so if you can get your target unpacked then you're good to go.
After you get the decrypted form of the data, you need to perform what is called "data reverse engineering". Which is the process of figuring out what the data fields inside the send dump mean. I.e, the first word may be a signature, the second may be a array of characters describing the player's name. This will likely require tracing the buffer back to it's source and determining where all the fields are set.
Good luck.
cout<<hex<<(int)wbuf.buf[ai]; ?
Originally Posted by Jetamay
You can use sprintf, which will write the byte to an allocated buffer in the desired format. Read here : sprintf - C++ Reference Note, some ascii keys have no character representation, and pasting the dump in ascii form on a thread will likely cause damage to the data as the forum posting system usually filters these obscure characters out.
If your logging some sort of secure application, It is very likely this data goes under some sort of encryption process, and thus I would recommend you open your target in a disassembler and follow the execution back from the send routine. You need to find the source of the data buffer, so a breakpoint on read\write would be worth a go. Ofc it's always safer to do offline analysis, so if you can get your target unpacked then you're good to go.
After you get the decrypted form of the data, you need to perform what is called "data reverse engineering". Which is the process of figuring out what the data fields inside the send dump mean. I.e, the first word may be a signature, the second may be a array of characters describing the player's name. This will likely require tracing the buffer back to it's source and determining where all the fields are set.
Good luck.
If your logging some sort of secure application, It is very likely this data goes under some sort of encryption process, and thus I would recommend you open your target in a disassembler and follow the execution back from the send routine. You need to find the source of the data buffer, so a breakpoint on read\write would be worth a go. Ofc it's always safer to do offline analysis, so if you can get your target unpacked then you're good to go.
After you get the decrypted form of the data, you need to perform what is called "data reverse engineering". Which is the process of figuring out what the data fields inside the send dump mean. I.e, the first word may be a signature, the second may be a array of characters describing the player's name. This will likely require tracing the buffer back to it's source and determining where all the fields are set.
Good luck.
But I'll look into sprintf
cout<<hex<<(int)wbuf.buf[ai]; ?
Code:
40 0 5 ffffffffdc 77 fffffffc 40 0 3c 6 7f ffffff9a 52 5e ffffffe4 ffffff90 a 0 0
But well I ques this is step forward...
Similar Threads
- 17Last post
- 11Last post
- 1Last post
- [Help]Problem with Player Stats?By mastermods in Combat Arms Hack Coding / Programming / Source Code7Last post
- 0Last post