stackoom
  简体   繁体   中英

C++ Strange hex dump of WSAsend Packets

 原文  2013-12-21 11:57:46       c++/ hex/ dump/ packets

Question

http://prntscr.com/2ctnoz

I'm hooking a WSAsend function and dumping the packets. ASCII dump works but HEX dump sometimes shows things like you can see on the screen (the FFFFFFDD), any idea why?

code: 

int WINAPI myWSASend(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesSent, DWORD dwFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
{   
    //Packet Log
    if (bLogPacketS == TRUE)
    {
        for (unsigned int i = 0; i < lpBuffers->len; i = i + 8)
        {
            printf("%02X %02X %02X %02X %02X %02X %02X %02X\t\t%c %c %c %c %c %c %c %c\n",
                  (unsigned int)lpBuffers->buf[i], (unsigned int)lpBuffers->buf[i+1], (unsigned int)lpBuffers->buf[i+2],
                  (unsigned int)lpBuffers->buf[i+3], (unsigned int)lpBuffers->buf[i+4], (unsigned int)lpBuffers->buf[i+5],
                  (unsigned int)lpBuffers->buf[i+6], (unsigned int)lpBuffers->buf[i+7],
                  (drawable((unsigned int)lpBuffers->buf[i])) ? (unsigned int)lpBuffers->buf[i] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+1])) ? (unsigned int)lpBuffers->buf[i+1] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+2])) ? (unsigned int)lpBuffers->buf[i+2] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+3])) ? (unsigned int)lpBuffers->buf[i+3] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+4])) ? (unsigned int)lpBuffers->buf[i+4] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+5])) ? (unsigned int)lpBuffers->buf[i+5] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+6])) ? (unsigned int)lpBuffers->buf[i+6] : '.',
                  (drawable((unsigned int)lpBuffers->buf[i+7])) ? (unsigned int)lpBuffers->buf[i+7] : '.');
        }
        printf("\n\n");
    }
    return (oWSASend)(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
}

bool drawable(unsigned int value)
{
    if (value > 32 && value < 127)
        return true;
    else
        return false;
}

1 answers

solution1
 3 ACCPTED  2013-12-21 13:11:19

You're casting to the wrong type.

You only want to change signedness, but you're expanding each byte to a four-byte word as well. In the presence of signed-to-unsigned conversion (and the resulting negative-value wraparound), this is resulting in a monstrously high value.

Each "element" of lpBuffers->buf[i] is a char , but you're casting to unsigned int . If your char is signed on your system then 0xDD is off the top of the type's range, so it wraps around to -35 . Then casting it to unsigned int results in 0xFFFFFFDD .

The printf specifier %02X won't truncate this.

Presumably you wish to interpret all the bytes as unsigned , to get the full 0x000xFF range. Personally I'd convert to unsigned char (instead of unsigned int ), for which the value of 0xDD is 221 .

In the code below I've also made a safety adjustment to your loop condition. 

for (unsigned int i = 0; i < lpBuffers->len-8; i = i + 8)
//                                         ^^
{
    printf(
        "%02X %02X %02X %02X %02X %02X %02X %02X"
          "\t\t%c %c %c %c %c %c %c %c\n",

        static_cast<unsigned char>(lpBuffers->buf[i]),
        static_cast<unsigned char>(lpBuffers->buf[i+1]),
        static_cast<unsigned char>(lpBuffers->buf[i+2]),
        static_cast<unsigned char>(lpBuffers->buf[i+3]),
        static_cast<unsigned char>(lpBuffers->buf[i+4]),
        static_cast<unsigned char>(lpBuffers->buf[i+5]),
        static_cast<unsigned char>(lpBuffers->buf[i+6]),
        static_cast<unsigned char>(lpBuffers->buf[i+7]),
        (drawable(lpBuffers->buf[i]))   ? static_cast<unsigned char>(lpBuffers->buf[i])   : '.',
        (drawable(lpBuffers->buf[i+1])) ? static_cast<unsigned char>(lpBuffers->buf[i+1]) : '.',
        (drawable(lpBuffers->buf[i+2])) ? static_cast<unsigned char>(lpBuffers->buf[i+2]) : '.',
        (drawable(lpBuffers->buf[i+3])) ? static_cast<unsigned char>(lpBuffers->buf[i+3]) : '.',
        (drawable(lpBuffers->buf[i+4])) ? static_cast<unsigned char>(lpBuffers->buf[i+4]) : '.',
        (drawable(lpBuffers->buf[i+5])) ? static_cast<unsigned char>(lpBuffers->buf[i+5]) : '.',
        (drawable(lpBuffers->buf[i+6])) ? static_cast<unsigned char>(lpBuffers->buf[i+6]) : '.',
        (drawable(lpBuffers->buf[i+7])) ? static_cast<unsigned char>(lpBuffers->buf[i+7]) : '.'
    );
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Dump hex float in C++ Visual Studio C++ Debugger: No hex dump? Hex Dump Utility C++ Displaying Hex and Ascii Assembler and hex dump change when formatting c++ code Off-the-Shelf C++ Hex Dump Code How would I create a hex dump utility in C++? TCP/IP - Send HEX packets in C/C++ to control a relay board c++ and php HEX Lua Dump in C++ Dropping Packets By IP With C++
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM