0

I'm making simple dll packet sniffer using C++, that will hook to the apps, and write the received packet into INI file. Unfortunately after 20-30 minutes it crashed the main apps.

When the packet is received, receivedPacket() will be called. After 20+ minutes, WriteCount value is around 150,000-200,000.. and starting to get C++ runtime error/crash, GetLastError() code that I get is 0x8, which is ERROR_NOT_ENOUGH_MEMORY, and the WritePrivateProfileStringA() returns 0

void writeToINI(LPCSTR iSec,LPCSTR iKey,int iVal){
    sprintf(inival, _T("%d"), iVal);
    WritePrivateProfileStringA(iSec,iKey,inival,iniloc);

//sprintf(strc, _T("%d \n"), WriteCount);
//WriteConsole(GetStdHandle(STD_OUTPUT_HANDLE), strc, strlen(strc), 0, 0);

    WriteCount++;

}

void receivedPacket(char *packet,WORD size){
    switch ( packet[2] )
    {
    case 0x30:
        // Size : 0x5F
        ID = *(signed char*)&packet[0x10];
        X = *(signed short*)&packet[0x20];
        Y = *(signed short*)&packet[0x22];
        Z = *(signed short*)&packet[0x24];

        sprintf(inisec, _T("PACKET_%d"), (ID+1));

        writeToINI(inisec,"id",ID);
        writeToINI(inisec,"x",X);
        writeToINI(inisec,"y",Y);
        writeToINI(inisec,"z",Z);
     }

     [.....OTHER CASES.....]

}

Thanks :)

Ahmad Hafiz
  • 358
  • 2
  • 6
  • 13
  • I'm not sure I understand; why are you writing the packet information to an INI file and not a regular file? – Joachim Isaksson Aug 19 '12 at 05:23
  • because I don't want the Raw packet, I only want certain data from it, such as X, Y, Z values for each IDs... with INI, I could easily manage each data.. eg. [PACKET_1] X=4212 Y=3819 Z=1628 – Ahmad Hafiz Aug 19 '12 at 05:35
  • 3
    The reason I ask is that INI files have all kinds of caching going on to be able to insert keys anywhere in the file, it's not an append-only file so you should expect memory use to be quite unreliable. I can't say for sure that that's your problem, but your included code doesn't really dynamically allocate any memory itself. – Joachim Isaksson Aug 19 '12 at 05:47

2 Answers2

2

WritePrivateProfileString() and GetPrivateProfileString() are very slow (due to parsing INI file each call), instead you can:

  • use one of existing parsing libraries, but i am not sure about memory efficiency nor supporting sequential write.
  • write your own sequential INI writter:
    1. read file (or only part, by part, if it is too big)
    2. find section and key (if not found, create new section at end of file, or find insertion position, if you want sorted sections), save file position of key and next key
    3. change value
    4. save (beginning of original file to position of key + actual changed key + position of next key in original file to end of file) (if new section is created at end, you can simply append new section to original file) (if packets rewrite same ID often, you can add padding whitespace after each key, large to hold any value of desired type (example: change X=1---\n to X=100-\n (change - to whitespace), so you have constant size of key, you can update only part of file) )
  • database, for example MySQL
  • write binary file (fastest solution) and make program to read values, or to convert to text

Little note: I use GetPrivateProfileString() few years ago to read settings file (about 1KB of size), reading form HDD: 50ms, reading from USB flash disk: 1000ms!, after changing (1. read file to memory 2. run my own parser) it run in 1ms both on HDD and USB.

Community
  • 1
  • 1
ErikEsTT
  • 356
  • 1
  • 3
  • 14
0

Thanks for the reply guys, but looks like the problem wasn't come from WritePrivateProfileStringA().

I just need to add extra size in malloc() for the Hook.

:)

Ahmad Hafiz
  • 358
  • 2
  • 6
  • 13
  • Just like that? Added an ad-hoc `malloc()` call without any argument at any arbitrary place of the code, and the issue vanished? Could you elaborate? I have the same issue with `WritePrivateProfileStringW()` and baffled on what could cause it. – Adam L. S. Oct 21 '22 at 14:27