More feeder fixes.

daeken · Sep 16, 2010 · 3d28b5a · 3d28b5a
1 parent e08a3ee
commit 3d28b5a
Show file tree

Hide file tree

Showing 8 changed files with 669 additions and 3,502 deletions.
diff --git a/DataFeeder/Common.boo b/DataFeeder/Common.boo
@@ -18,16 +18,16 @@ public class DatafeederInterface(MarshalByRefObject):
 			Temp = array(byte, 32)
 			Packet = array(byte, 33)
 
+		Array.Copy(Data[I], 0, Temp, 0, 32)
+		I = (I + 1) % Data.Length
+
 		Temp[0] = Counter
 		Counter += 1
 		if Counter == 128:
-			Counter = 0xE9
-		elif Counter == 0xEA:
+			Counter = 0xF1
+		elif Counter == 0xF2:
 			Counter = 0
 
-		Array.Copy(Data[I], 0, Temp, 1, 31)
-		I = (I + 1) % Data.Length
-
 		rijn = RijndaelManaged()
 		rijn.Mode = CipherMode.ECB
 		crypt = rijn.CreateEncryptor(Key, array(byte, 0))

diff --git a/DataFeeder/Datafeeder.Common.dll b/DataFeeder/Datafeeder.Common.dll
diff --git a/DataFeeder/Datafeeder.Inject.dll b/DataFeeder/Datafeeder.Inject.dll
diff --git a/DataFeeder/Datafeeder.boo b/DataFeeder/Datafeeder.boo
@@ -22,8 +22,8 @@ class Datafeeder:
 			if line == null:
 				break
 			elems = line.Split(char(' '))
-			edata = array(byte, 31)
-			for i in range(31):
+			edata = array(byte, 32)
+			for i in range(32):
 				edata[i] = int.Parse(elems[i], System.Globalization.NumberStyles.AllowHexSpecifier)
 			data.Add(edata)
 

diff --git a/DataFeeder/Datafeeder.exe b/DataFeeder/Datafeeder.exe
diff --git a/DataFeeder/Inject.boo b/DataFeeder/Inject.boo
@@ -30,8 +30,8 @@ class Inject(EasyHook.IEntryPoint):
 			)
 		ChannelServices.RegisterChannel(channel_, false)
 
-	[DllImport('Kernel32.dll', CallingConvention: CallingConvention.StdCall)]
-	static def CreatePipe(ref read as IntPtr, ref write as IntPtr, attr as IntPtr, size as int) as bool:
+	[DllImport('Kernel32.dll', SetLastError: true)]
+	static def CreateNamedPipe(lpName as string, dwOpenMode as uint, dwPipeMoed as uint, nMaxInstances as uint, nOutBufferSize as uint, nInBufferSize as uint, nDefaultTimeout as uint, lpSecurityAttributes as IntPtr) as IntPtr:
 		pass
 
 	[DllImport('Kernel32.dll', CallingConvention: CallingConvention.StdCall, CharSet: CharSet.Ansi)]
@@ -54,6 +54,19 @@ class Inject(EasyHook.IEntryPoint):
 	static def CloseHandleHooker(handle as IntPtr) as bool:
 		return CloseHandle(handle)
 
+	[DllImport('Kernel32.dll', CallingConvention: CallingConvention.StdCall, CharSet: CharSet.Ansi)]
+	static def CancelIo(handle as IntPtr) as bool:
+		pass
+	[UnmanagedFunctionPointer(CallingConvention.StdCall)]
+	callable DCancelIo(handle as IntPtr) as bool
+	static def CancelIoHooker(handle as IntPtr) as bool:
+		if handle in Handles:
+			handle = RPipe
+			App.Log('Cancel')
+		else:
+			App.Log('other cancel')
+		return CancelIo(handle)
+
 	[DllImport('Kernel32.dll', CallingConvention: CallingConvention.StdCall, CharSet: CharSet.Ansi)]
 	static def ReadFile(handle as IntPtr, buf as IntPtr, toRead as int, read as IntPtr, olapped as IntPtr) as bool:
 		pass
@@ -67,12 +80,27 @@ class Inject(EasyHook.IEntryPoint):
 	def Run(context as RemoteHooking.IContext, _channel as string):
 		App.Log('Started')
 
-		wpipe as IntPtr
-		if not CreatePipe(RPipe, wpipe, IntPtr(0), 16*33):
-			App.Log('Pipe creation failed')
-			return
+		wpipe = CreateNamedPipe(
+				'\\\\.\\pipe\\emopipe', 
+				0x00000003 | 0x40000000, 
+				0,#0x00000004 | 0x00000002 | 0x00000000, 
+				2, 
+				16*33, 
+				16*33, 
+				5000, 
+				IntPtr.Zero
+			)
+		RPipe = CreateFileA(
+				'\\\\.\\pipe\\emopipe', 
+				0x80000000, 
+				0, 
+				IntPtr.Zero, 
+				3, 
+				0x40000000, 
+				IntPtr.Zero
+			)
 
-		App.Log('Pipe created')
+		App.Log('Pipe created {0}' % (RPipe, ))
 		CreateFileAHook = LocalHook.Create(
 				LocalHook.GetProcAddress('Kernel32.dll', 'CreateFileA'), 
 				DCreateFileA(CreateFileAHooker), 
@@ -85,6 +113,12 @@ class Inject(EasyHook.IEntryPoint):
 				self
 			)
 		CloseHandleHook.ThreadACL.SetExclusiveACL((0, ))
+		CancelIoHook = LocalHook.Create(
+				LocalHook.GetProcAddress('Kernel32.dll', 'CancelIo'), 
+				DCancelIo(CancelIoHooker), 
+				self
+			)
+		CancelIoHook.ThreadACL.SetExclusiveACL((0, ))
 		ReadFileHook = LocalHook.Create(
 				LocalHook.GetProcAddress('Kernel32.dll', 'ReadFile'), 
 				DReadFile(ReadFileHooker), 
@@ -98,4 +132,4 @@ class Inject(EasyHook.IEntryPoint):
 		while true:
 			packet = App.NextPacket()
 			stream.Write(packet, 0, packet.Length)
-			Thread.Sleep(1)
+			Thread.Sleep(1000 / 512)
diff --git a/data/brain.log b/data/brain.log
diff --git a/read.py b/read.py
@@ -18,11 +18,19 @@ def decrypt(data):
 	return ''.join(map(chr, dec + dec2))
 
 count = 0
+last = 0
 def sample_handler(data):
-	global count
+	global count, last
 	assert data[0] == 0
 	data = ''.join(map(chr, data[1:]))
-	print ' '.join('%02x' % ord(c) for c in decrypt(data)[1:]) # Cut off the counter for datafeeding purposes.
+	data = decrypt(data)
+	#print ' '.join('%02x' % ord(c) for c in data)
+	counter = ord(data[0])
+	if last == 0x7F:
+		print '%02x' % counter
+		last = None
+	else:
+		last = counter
 	count += 1
 
 def bci_handler(data):