i am working on a digital forensics case study and am attempting to write a c/c++ program on how to check the date and time or dates and specific times an IP address was given access to by this program. I am wondering on what would be the best way to implement this into my program. i have already checked to see if the string entered is a valid ipv4 or ipv6 address and was wondering if there is any functions or lib's that can make this process much easier.
Thanks
If I understand you correctly, you are trying to write a C++ program that takes an IP address as an input, keeps checking to see if that particular IP address is accessible by you (your program).
You could try to monitor changes in firewall (bigger scope) 2)
You could run a command line tool like ping and parser the output 3)
You could do C/C++ coding to do the pinging yourself like suggested
in this post
You could try to keep connecting, at brief intervals, to the IPaddress at a particular TCP/UDP port.
Related
Suppose I'm running a small program on the server. for example, a random number generator and sending the result to a client every second. I know that my server is about to be turned off. Is there a way to clone the program to another server so that the client doesn't notice it?
ideally i would want to save the dynamic object of the small program, send it to another server and re-link it with another server using dynamic linking. If that is possible then the question is how to save/hibernate that small program.
another obvious solution is to serialize the all states of the project and send it to another server but that would involve changing the small program, which is not desirable.
I'm not even sure what keywords to search for.
(i would like to avoid system calls, if possible. if not then it's fine.)
update (1)
the defult platform is linux but i'm also interested in embedded systems and nacl
Is there a way to assert that a variable (or more specifically, a fact) in puppet has a particular value, and to abort the installation if it doesn't?
For background, here is the situation:
In most cases I can refer to hostnames, but sometimes I need to use an IP address. For example, our log collector host needs to open a port in the firewall for several specific machines (and not a whole subnet). I need to use IP addresses to open a hole in the firewall. Since the IP addresses of machines don't change, I was planning on encoding the IP address as part of the configuration, but I'd like to check on the individual hosts that the actual IP address matches the one in its configuration and fail if it doesn't. Is that possible?
I believe something like this would work:
if $ipaddress != $expectedipaddress {
fail("IP mismatch")
}
The fail() function causes a parse failure. Wrapping it in a conditional should get the assert behavior you want.
I haven't tested this specific usage, but if parsing fails a new catalog isn't compiled and the client doesn't get anything.
My application does a CreateIC (and later, an OpenPrinter) for the user's default printer. When this is a remote printer, and that printer is powered down or otherwise not present on the network, it takes over 20 seconds for the CreateIC to return.
I'm looking for some call I can make that will give me a quick answer if the server is down (so I can return a status and not try to do the CreateIC/OpenPrinter).
My environment is c/c++ (non-managed).
I would recommend using the cURL library. They are available for all langues, allow you to hit addresses, and support timeouts. You could ping something on that IP address and make sure it responds in a quarter of a second, for instance.
Good luck!
Sometimes a network drive that is already mapped to a drive letter because "disconnected". Using the normal Windows functions to access files / folders on that drive fail. As soon as the user manually clicks on that drive it the Windows Explorer dialog, it's magically repaired.
Since my program is a batch program I'd like to start this "magic" from my program (C++) but I haven't found a Windows function for that. There's nothing in the usual WNet... functions...
NET USE V: /DELETE
NET USE V: "\\server1\videos"
NET USE L: /DELETE
NET USE L: "\\server2\archive"
When the path is inserted, you could check to see if it is a network resource and before opening files, use WNetGetConnection() to get the network resource.
You could also try to use WNetRestoreConnectionW(), which seems to have more spurious support, depending on the environment.
Try re-connecting to the share via net use:
net use \\server\folder [/user:[domain\]username] [password]
If that doesn't work, you can net use /delete it first, then re-connect.
Isn't this what WNetAddConnection and WNetAddConnection2 are for?
I suspect that is really the same thing, though. Explorer probably caches the connection info somewhere in the registry. When the user tries to go to that drive Explorer sees that the mapping is disconnected, reads the connection info from the registry, and re-creates the connection. Maybe you could try running regmon while you create a drive mapping and see if you can figure out where and how the connection information is cached.
I had trouble with this at a client of mine not long ago. I don't know if it's possible in your situation, but our fix was to tweak the Server's network settings to stop the timeouts and disconnects. See MSKB 297684 for details.
I agree with the comment from CMB, above. I've been down this path (excuse the pun) in the past and it caused me no end of trouble.
If the path is user configurable, they could use m:\pathonserver or they could use \server\c\pathonserver.
It shouldn't make any difference to your code, opening a file as m:\blahdeblah.dat or \server\c\blahdeblah.dat will be identical.
Using the UNC path is far more reliable, Windows will reconnect to that path automatically whether or not the mapped letter is there.
If you map a drive to a network
share, the mapped drive may be disconnected after a regular interval
of inactivity, and Windows Explorer may display a red "X" on the icon
of the mapped drive. However, if you try to access or browse the
mapped drive, it reconnects quickly.
To avoid this behavior use the following command:
net config server /autodisconnect:-1
Explanation of Microsoft on this topic:
https://support.microsoft.com/da-dk/help/297684/mapped-drive-connection-to-network-share-may-be-lost
I'm trying to read variables from memory. Variables, that doesn't belong to my own program. For instance, let's say I have this Adobe Shockwave (.dcr) application running in browser and I want to read different variables from it. How it's being done? Do I need to hook the process? But it's running under virtual machine, so I don't know how to do it.
This task is pretty much trivial in normal w32 applications (as it is mainly just
CBT-hooking / subclassing), but as I mentioned before, I've got no idea how it's being
done with flash / shockwave.
I'm using C++ (VS9) as my development-environment, in case you wish to know.
Any hints would be highly appreciated, so thank you in advance.
Best regards,
nhaa123
If you're trying to do it manually just for one or two experiments, it's easy.
Try a tool like Cheat engine which is like a free and quick and simple process peeker. Basically it scans the process's memory space for given key values. You can then filter those initial search hits later as well. You can also change those values you do find, live. The link above shows a quick example of using it to find a score or money value in a game, and editing it live as the game runs.
without having debug Binaries/DLLs of the Apps, your only chance is asking some hackers.
Normally you can connect to a process with a debugger, but without the debugging symbols of the binaries you don't see any variable names - just memory addresses.
Further the Flash/Shockwave code runs inside a sandbox inside the browser to prevent security holes by manipulated Flash code. So you don't have a real chance to get access to the running Flash code / to the plugin executing the Flash code - except you have a manipulated version of such a plugin.
So your task is quite hard to solve without using less legal methods. The next hard thing is the virtual machine - this could be solved by implementing your app as a client/server solution, where the "inspector" / watchdog runs as server inside the virtual machine and the client requesting the variable status/content running on your normal host. The communication could be done as simple socket connection.
If you have the chance to write your own Flash/Shockwave plugin, you maybe could be able to see contents of variables.
Sorry, that I cannot help you any further.
ciao,
3DH