I adapted this code example from MSDN here. It works fine if I build it alone, but if I add it to my application it fails. For convenience I include the exact adaptation of the class I have.
I only want to do a simple ping every second. Raw Sockets don't work without admin rights, and this ICMP.dll approach doesn't work within my application and I don't understand why. Error 183 goes along the lines of "Cannot create a file because it already exists" which makes no sense in this context.
Can anyone spot the problem? Thanks so much for your help.
Ping.h
#pragma once
#include "Ping.h"
#include "LogBase.h"
class WinPing :
public Ping
{
public:
WinPing(char* address, int period);
~WinPing();
unsigned long GetRTT();
private:
HANDLE _hIcmpFile;
unsigned long _ipaddr;
DWORD _dwRetVal;
LPVOID _replyBuffer;
DWORD _replySize;
static HANDLE _inputTimer;
int _period;
unsigned long _lastRTT;
static DWORD WINAPI AsyncPingHandler(void* Param);
void DoPing();
};
WinPing.h
#pragma once
#include "Ping.h"
#include "LogBase.h"
class WinPing :
public Ping
{
public:
WinPing(char* address, int period);
~WinPing();
unsigned long GetRTT();
private:
HANDLE _hIcmpFile;
unsigned long _ipaddr;
DWORD _dwRetVal;
LPVOID _replyBuffer;
DWORD _replySize;
static HANDLE _inputTimer;
int _period;
unsigned long _lastRTT;
static DWORD WINAPI AsyncPingHandler(void* Param);
void DoPing();
};
WinPing.cpp
#include "WinPing.h"
#include <winsock2.h>
#include <iphlpapi.h>
#include <icmpapi.h>
#include <stdio.h>
#include "utils.h"
#pragma comment(lib, "iphlpapi.lib")
#pragma comment(lib, "ws2_32.lib")
HANDLE WinPing::_inputTimer = NULL;
char SendData[32] = "Data Buffer";
unsigned long WinPing::GetRTT()
{
return _lastRTT;
}
void WinPing::DoPing()
{
LARGE_INTEGER t;
t.HighPart = t.LowPart = 0;
SetWaitableTimer(_inputTimer, &t, _period, NULL, NULL, TRUE);
while (true)
{
int r = WaitForSingleObject(_inputTimer, _period * 2);
if (r != WAIT_OBJECT_0)
{
LogLog("InputHandler: Bad Timer return", LogError);
}
_dwRetVal = IcmpSendEcho(_hIcmpFile, _ipaddr, SendData, sizeof(SendData),
NULL, _replyBuffer, _replySize, 1000);
if (_dwRetVal != 0) {
PICMP_ECHO_REPLY pEchoReply = (PICMP_ECHO_REPLY)_replyBuffer;
struct in_addr ReplyAddr;
ReplyAddr.S_un.S_addr = pEchoReply->Address;
LogLog("\tSent icmp message to %s\n", LogDebug, _address);
if (_dwRetVal > 1) {
LogLog("\tReceived %ld icmp message responses\n", LogDebug, _dwRetVal);
LogLog("\tInformation from the first response:\n", LogDebug);
}
else {
LogLog("\tReceived %ld icmp message response\n", LogDebug, _dwRetVal);
LogLog("\tInformation from this response:\n", LogDebug);
}
LogLog("\t Received from %s\n", LogDebug, inet_ntoa(ReplyAddr));
LogLog("\t Status = %ld\n", LogDebug,
pEchoReply->Status);
LogLog("\t Roundtrip time = %ld milliseconds\n", LogDebug,
pEchoReply->RoundTripTime);
//needs synchronization here. Probably not very important
_lastRTT = pEchoReply->RoundTripTime;
LogLog("\t Roundtrip time = %ld milliseconds\n", LogDebug, _lastRTT);
IcmpCloseHandle(_hIcmpFile);
}
else {
LogLog("\tCall to IcmpSendEcho failed.\n", LogError);
LogLog("\tIcmpSendEcho returned error: %ld\n", LogError, GetLastError());
}
}
}
DWORD WINAPI WinPing::AsyncPingHandler(void* Param)
{
_inputTimer = CreateWaitableTimer(NULL, false, NULL);
if (!_inputTimer)
{
LogLog("Unable to create input waitable timer", LogError);
return 1;
}
LogLog("RTT Ping Thread started", LogDebug);
WinPing* This = (WinPing*)Param;
This->DoPing();
return 0;
}
WinPing::WinPing(char* address, int period)
:Ping(address),
_period(period)
{
// Declare and initialize variables
_ipaddr = INADDR_NONE;
_dwRetVal = 0;
_replyBuffer = NULL;
_replySize = 0;
_ipaddr = inet_addr(address);
if (_ipaddr == INADDR_NONE) {
LogLog("Not an IP Address:%s", LogError, address);
return;
}
_hIcmpFile = IcmpCreateFile();
if (_hIcmpFile == INVALID_HANDLE_VALUE) {
LogLog("\tUnable to open handle.\n", LogError);
LogLog("IcmpCreatefile returned error: %ld\n", LogError, GetLastError());
return;
}
_replySize = sizeof(ICMP_ECHO_REPLY) + sizeof(SendData);
_replyBuffer = (VOID*)malloc(_replySize);
if (_replyBuffer == NULL) {
LogLog("\tUnable to allocate memory\n", LogError);
return;
}
//Spawn thread on AsyncPingHandler()
CreateClassThread(AsyncPingHandler, this);
}
WinPing::~WinPing()
{
}
You are not calling GetLastError() immediately after IcmpSendEcho() fails (same when calling IcmpCreateFile()). You are calling LogLog() first, which is likely altering the error code that GetLastError() returns, for instance if it is logging to a file that cannot be found. ALWAYS call GetLastError() before doing anything that may call a system function.
else {
DWORD dwErrCode = GetLastError(); // <-- call GetLastError() first
LogLog("\tCall to IcmpSendEcho failed.\n", LogError);
LogLog("\tIcmpSendEcho returned error: %u\n", LogError, dwErrCode); // <-- then use the value when needed
return;
}
I found out that a much easier, much more stable way of doing ping is using GetRTTandHopCount. Here is an example.
UINT ip = inet_addr(serverAddress);
ULONG hopCount = 0;
ULONG RTT = 0;
if (GetRTTAndHopCount(ip, &hopCount, 30, &RTT) == TRUE) {
printf("Hops: %ld\n", hopCount);
printf("RTT: %ld\n", RTT);
}
else {
printf("Error: %ld\n", GetLastError());
}
return RTT;
Related
I'm investigating the use of PThread.
The main process opens the camera and gets a matrix. Then calls the thread that running job in robot and I want it to be parallel. Basically it works and runs. But still feel unprofessional- because of the bool.
In the code below, this is an example (with fprintf).
I'd love to know how I can fix it without harm parallelism.
In the next code I do not show the call to the robot or camera opening.
There is a feeling that a mutex is needed.
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <opencv2/opencv.hpp>
#include <unistd.h> /// for sleep
bool inThread = false;
void *print_message_function( void *ptr );
int main()
{
char mkey = 0;
pthread_t thread1;
char *message1 = "Thread 1";
int iret1;
cv::Mat bgr_image = imread("image.bmp",cv::IMREAD_COLOR);
while(mkey!=27){
if(!inThread){
inThread = true;
iret1 = pthread_create( &thread1, NULL, print_message_function, (void*) message1);
}
printf("In Main");
imshow("mat", bgr_image);
mkey = cv:: waitKey(5);
}
return 0;
}
void *print_message_function( void *ptr )
{
char *message;
message = (char *) ptr;
printf("%s \n", message);
sleep(2);
inThread = false;
pthread_exit(NULL);
}
The code works great and does not fall, but it seems unprofessional. Is there a chance that when you update the flag, it will check what is in the flag and fall?
inThread is concurrently read/written so its access shall be protected.
Using a mutex this can for example be done like follows.
Define a global mutex and initialise it:
pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;
Include errno to be able to do convenient error checking/logging for the pthread_*() calls:
#include <errno.h>
Change this
if(!inThread){
inThread = true;
iret1 = pthread_create( &thread1, NULL, print_message_function, (void*) message1);
}
to become
errno = pthread_mutex_lock(&m);
if (errno) {
perror("pthread_mutex_lock() failed");
exit(EXIT_FAILURE);
}
if (!inThread) {
inThread = true;
errno = pthread_mutex_unlock(&m);
if (errno) {
perror("pthread_mutex_unlock() failed");
exit(EXIT_FAILURE);
}
...
}
else {
errno = pthread_mutex_unlock(&m);
if (errno) {
perror("pthread_mutex_unlock() failed");
exit(EXIT_FAILURE);
}
}
And change this
inThread = false;
to become
errno = pthread_mutex_lock(&m);
if (errno) {
perror("pthread_mutex_lock() failed");
exit(EXIT_FAILURE);
}
inThread = false;
errno = pthread_mutex_unlock(&m);
if (errno) {
perror("pthread_mutex_unlock() failed");
exit(EXIT_FAILURE);
}
I'm just beginning with directx/directinput development and I'm running some tests with some code samples I've found online. Anyway, I want to hook an application that uses dinput8 to send my own custom input to the forewindow and I'm working with this base to do it:
// dllmain.cpp : Defines the entry point for the DLL application.
#define _CRT_SECURE_NO_WARNINGS // ignore some warnings...
#define _CRT_NON_CONFORMING_SWPRINTFS // ...
#include "stdio.h"
#include <windows.h>
#include "detours.h"
#include <cstdio>
#include <string>
#include <cstring>
#include <vector>
#include <time.h>
#include "dinput.h"
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "user32.lib")
typedef HRESULT(__stdcall* GetDeviceState_t)(LPDIRECTINPUTDEVICE, DWORD, LPVOID *);
HRESULT __stdcall hkGetDeviceState(LPDIRECTINPUTDEVICE pDevice, DWORD cbData, LPVOID *lpvData);
DWORD Base = 0;
DWORD GetDeviceStateOffset = 0x7670; // This is the offset of GetDeviceState from DInput8.dll
// Open IDA and Import the DInput8.dll, then look in the Functions Table for DirectInput8Create
// There is an Address (1000XXXX or 0CXXXXX) - copy it and save it for later
// Then take a look for CDIDev_GetDeviceState and copy that address too
// Now substract the Address from CDIDev_GetDeviceState from DIrectInput8Create and u'll get your offset
HANDLE tmpHandle = NULL;
HMODULE hModDInput8 = NULL;
DWORD dwGetDeviceState = NULL;
FARPROC dwDirectInput8Create = NULL;
struct MyKeys
{
BYTE Key;
DWORD StartTime;
DWORD TTL;
BOOLEAN isDown;
};
MyKeys KeyBuffer[256];
DWORD WINAPI HookThread();
void add_log(char* format, ...);
void SendKeyDInput(byte DIK_, DWORD time);
GetDeviceState_t pGetDeviceState;
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
add_log("==========LOG START==========");
add_log("DLL Attached");
add_log("Creating Thread...");
tmpHandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&HookThread, 0, 0, 0);
if (!tmpHandle)
{
add_log("ThreadCreation Failed!");
}
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
DWORD WINAPI HookThread()
{
Base = (DWORD)GetModuleHandleA("test.exe");
add_log("Thread Created");
add_log("game.exe Base: %x", Base);
while (!hModDInput8)
{
add_log("Searching dinput8.dll...");
hModDInput8 = GetModuleHandle(L"dinput8.dll");
Sleep(100);
}
add_log("Found dinput8.dll: %x !", hModDInput8);
while (!dwDirectInput8Create)
{
add_log("Searching GetDeviceState...");
dwDirectInput8Create = GetProcAddress(hModDInput8, "DirectInput8Create");
Sleep(100);
}
add_log("Found DirectInput8Create: %x !", dwDirectInput8Create);
dwGetDeviceState = (DWORD)((DWORD)dwDirectInput8Create - GetDeviceStateOffset);
add_log("GetDevicestate is here (DirectInput8Create - %x): %x", GetDeviceStateOffset, dwGetDeviceState);
add_log("Hooking GetDeviceState...");
pGetDeviceState = (GetDeviceState_t)DetourAttach(&(PVOID&)dwGetDeviceState, (PBYTE)hkGetDeviceState);
add_log("Initiate Keyboard Buffer...");
//initiate buffer
for (int i = 0; i < 256; i++)
{
KeyBuffer[i].isDown = false;
KeyBuffer[i].Key = 0;
KeyBuffer[i].StartTime = 0;
KeyBuffer[i].TTL = 0;
}
add_log("Going into Main Loop...");
while (true)
{
if (GetAsyncKeyState(VK_F5) & 1 << 15)
{
// We check the Most Sigificant Bit from VK_F5 (F5) whilst we shifted it with 15 bits to left 1
// and then a small delay so we have enaught time to release the key
add_log("F5 pushed attempting to sendkey");
// Sleep a short time so we have time to release the F5 Key
Sleep(500);
// Now we send a A Key with 1 sec time to our Game
SendKeyDInput(DIK_A, 1000);
}
}
return 0;
}
void SendKeyDInput(byte DIK, DWORD time)
{
KeyBuffer[DIK].Key = DIK;
KeyBuffer[DIK].TTL = time;
KeyBuffer[DIK].StartTime = GetTickCount();
}
HRESULT __stdcall hkGetDeviceState(LPDIRECTINPUTDEVICE lpDevice, DWORD cbData, LPVOID *lpvData)
{
HRESULT hResult = DI_OK;
static BYTE buffer[256];
int key_count = 0;
for (int i = 0; i<256; i++)
{
if (KeyBuffer[i].Key != 0 && KeyBuffer[i].TTL>0 && KeyBuffer[i].StartTime != 0)
{
if (GetTickCount() > KeyBuffer[i].StartTime + KeyBuffer[i].TTL && KeyBuffer[i].isDown)
{
KeyBuffer[i].Key = 0;
KeyBuffer[i].StartTime = 0;
KeyBuffer[i].TTL = 0;
KeyBuffer[i].isDown = false;
buffer[KeyBuffer[i].Key] = 0;
}
else {
KeyBuffer[i].isDown = true;
buffer[KeyBuffer[i].Key] = 0x80;
key_count += 1;
add_log("Sending Key %x for %i milliseconds count: %i", KeyBuffer[i].Key, KeyBuffer[i].TTL, key_count);
}
}
}
if (key_count != 0)
{
cbData = 256;
memcpy(lpvData, buffer, cbData);
}
else {
hResult = pGetDeviceState(lpDevice, cbData, lpvData);
}
return hResult;
}
//Creates a Logfile in the Game Directory
void add_log(char* format, ...)
{
HANDLE filehandle;
DWORD dwReadBytes;
char buffer[2048];
char writebuffer[2048];
va_list args;
va_start(args, format);
vsprintf_s(buffer, format, args);
filehandle = CreateFile(L"Log.txt", GENERIC_WRITE, 0, 0, OPEN_ALWAYS, 0, 0);
SetFilePointer(filehandle, 0, 0, FILE_END);
sprintf_s(writebuffer, 2048, "Log Added: %s\r\n", buffer);
WriteFile(filehandle, writebuffer, strlen(writebuffer), &dwReadBytes, 0);
CloseHandle(filehandle);
}
The only issue in this code is when I attempt to send input, it doesn't go through. I've gotten some help and narrowed down a solution to this, which was: "Try GetDeviceState hk just memset(buffer, 0, size) or SendDeviceData". I've searched around a bit and I've been unable to find more on how to implement this solution and I'm stumped.
Could one of you kind people show me how I could use this information to fix this base? I'd be extremely grateful, thanks.
I am trying to make a program to store the value 500 into the calculator's memory address for the MR (Memory Restore) button on the calculator application.
I know that the address for this integer is
"calc.exe"+00073320 + 0 + C
If I use a program like cheat engine, I can get the current address for the instance of the calculator.exe i'm running, and write to it just fine that way. However, since this is not a static address, I need a way to get the module base address.
I tried using this GetModuleBase function (see code below) to get the Base Address of the calc.exe, but my issue is that I cannot get the base address. The function always returns 0 instead of the correct address.
I debugged it and found that in the GetModuleBase function, it is not even cycling once through the while loop because bModule is returning 0 from the Module32First function.
#include <tchar.h>
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <Psapi.h>
#include <wchar.h>
#pragma comment( lib, "psapi" )
using namespace std;
DWORD GetModuleBase(LPSTR lpModuleName, DWORD dwProcessId)
{
MODULEENTRY32 lpModuleEntry = {0};
HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcessId );
if(!hSnapShot)
return NULL;
lpModuleEntry.dwSize = sizeof(lpModuleEntry);
BOOL bModule = Module32First( hSnapShot, &lpModuleEntry );
while(bModule)
{
if(!strcmp( lpModuleEntry.szModule, lpModuleName ) )
{
CloseHandle( hSnapShot );
return (DWORD)lpModuleEntry.modBaseAddr;
}
bModule = Module32Next( hSnapShot, &lpModuleEntry );
}
CloseHandle( hSnapShot );
return NULL;
}
int main() {
HWND hWnd = FindWindow(0, "Calculator");
DWORD BaseAddr;
if(hWnd == 0){
MessageBox(0, "Error cannot find window.", "Error", MB_OK|MB_ICONERROR);
} else {
DWORD proccess_ID;
GetWindowThreadProcessId(hWnd, &proccess_ID);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proccess_ID);
if(!hProcess){
MessageBox(0, "Could not open the process!", "Error!", MB_OK|MB_ICONERROR);
} else {
int newdata = 500;
BaseAddr = GetModuleBase("calc.exe",proccess_ID);
//GetModuleBase is always returning 0, so I am not getting the correct base address
DWORD newdatasize = sizeof(newdata);
if(WriteProcessMemory(hProcess, (LPVOID)0x002413FC, &newdata, newdatasize, NULL)){
cout << "Memory successfully written." << endl;
} else {
cout << "Memory failed to write." << endl;
}
CloseHandle(hProcess);
}
}
return 0;
}
Summary: I cannot get the correct base address using my GetModuleBase function, and I need to figure out what I am doing wrong so that I can get the correct base address for the "calc.exe" process.
You should read the modules like this:
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
//You don't have to use this function if you don't want to..
int strcompare(const char* One, const char* Two, bool CaseSensitive)
{
#if defined _WIN32 || defined _WIN64
return CaseSensitive ? strcmp(One, Two) : _stricmp(One, Two);
#else
return CaseSensitive ? strcmp(One, Two) : strcasecmp(One, Two);
#endif
}
//You read module information like this..
MODULEENTRY32 GetModuleInfo(std::uint32_t ProcessID, const char* ModuleName)
{
void* hSnap = nullptr;
MODULEENTRY32 Mod32 = {0};
if ((hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID)) == INVALID_HANDLE_VALUE)
return Mod32;
Mod32.dwSize = sizeof(MODULEENTRY32);
while (Module32Next(hSnap, &Mod32))
{
if (!strcompare(ModuleName, Mod32.szModule, false))
{
CloseHandle(hSnap);
return Mod32;
}
}
CloseHandle(hSnap);
return {0};
}
int main()
{
//Change the process ID below..
BYTE* BaseAddr = GetModuleInfo(5172, "calc.exe").modBaseAddr;
std::cout<<"BASE ADDRESS: "<<(void*)BaseAddr<<"\n";
return 0;
}
EDIT: After further investigation, I found that Visual Studio was compiling for an x32 platform but calc.exe is an x64 process..
To get Visual Studio to compile for x64 you need to do the following:
Then click and select "NEW" from the following drop-down menu:
Next in the following drop down, select x64:
Save the settings and rebuild the project and it should work..
I recently started using libspotify and were writing a simple hello world, based on the sample code of jukebox.h.
My code currently looks like this:
#include <stdio.h>
#include "libspotify/api.h"
#include "Key.h"
#include "Password.h"
#include <stdlib.h>
#include <pthread.h>
#include <time.h>
#define true 1
#define false 0
sp_session *g_session;
bool g_notify_do;
static pthread_mutex_t g_notify_mutex;
static pthread_cond_t g_notify_cond;
#define DEBUG 1
__stdcall static void debug(const char *format, ...) {
if (!DEBUG)
return;
va_list argptr;
va_start(argptr, format);
vprintf(format, argptr);
printf("\n");
}
void assertSpotify(sp_error error, char *details) {
if (error != SP_ERROR_OK) {
debug("Fatal error: %s", details);
exit(1);
}
}
__stdcall static void notify_main_thread(sp_session *sess) {
pthread_mutex_lock(&g_notify_mutex);
g_notify_do = 1;
pthread_cond_signal(&g_notify_cond);
pthread_mutex_unlock(&g_notify_mutex);
}
__stdcall static void logged_in(sp_session *sess, sp_error error) {
assertSpotify(error, "Could not log in.");
sp_playlistcontainer *pc = sp_session_playlistcontainer(sess);
printf("Looking at %d playlists\n", sp_playlistcontainer_num_playlists(pc));
}
int main(void) {
sp_error err;
static sp_session_callbacks session_callbacks = {};
static sp_session_config spconfig = {};
int next_timeout = 0;
printf("Starting up...\n");
session_callbacks.notify_main_thread = ¬ify_main_thread;
session_callbacks.logged_in = &logged_in;
spconfig.api_version = SPOTIFY_API_VERSION;
spconfig.cache_location = "tmp";
spconfig.settings_location = "tmp";
spconfig.application_key = g_appkey;
spconfig.application_key_size = g_appkey_size;
spconfig.user_agent = "Hello-World";
spconfig.callbacks = &session_callbacks;
pthread_mutex_init(&g_notify_mutex, NULL);
pthread_cond_init(&g_notify_cond, NULL);
err = sp_session_create(&spconfig, &g_session);
assertSpotify(err, "Could not create Spotify Session.");
debug("Session created.");
err = sp_session_login(g_session, spotify_user, spotify_pw, 0, NULL); //Defined in Password.h
assertSpotify(err, "Could not log in.");
debug("Username: %s", sp_session_user_name(g_session));
err = sp_session_set_connection_type(g_session, SP_CONNECTION_TYPE_WIRED );
assertSpotify(err, "Could not set connection type.");
pthread_mutex_lock(&g_notify_mutex);
while (true) {
if (next_timeout == 0) {
while(!g_notify_do)
pthread_cond_wait(&g_notify_cond, &g_notify_mutex);
} else {
time_t now = time(NULL);
struct timespec ts;
ts.tv_sec = now;
ts.tv_sec = now / 1000000;
ts.tv_sec += next_timeout / 1000;
ts.tv_nsec += (next_timeout % 1000) * 1000000;
pthread_cond_timedwait(&g_notify_cond, &g_notify_mutex, &ts);
}
g_notify_do = false;
pthread_mutex_unlock(&g_notify_mutex);
do {
sp_session_process_events(g_session, &next_timeout);
} while (next_timeout == 0);
pthread_mutex_lock(&g_notify_mutex);
}
return 0;
}
The problem is, that sp_playlistcontainer_num_playlists returns 0, even if my account has about 10 Playlists.
My System: Windows 7 x64 with MinGW.
What am I doing wrong?
Looking at the source of jukebox.c it seems like you should make sure that the playlist container is fully loaded before trying to query it for playlists.
So if I understand it correctly you should add a callback for container_loaded.
I also think you should setup a callback so you will be notified when the user is logged in and when logged in you should try to get the playlist container. Something like this might help:
static sp_playlistcontainer_callbacks pc_callbacks = {
NULL, /* playlist_added */
NULL, /* playlist_removed */
NULL, /* playlist_moved */
&container_loaded,
};
static sp_session_callbacks session_callbacks = {
&logged_in,
¬ify_main_thread,
NULL, /* music_delivery */
NULL, /* metadata_updated */
NULL, /* play_token_lost */
NULL, /* log_message */
NULL /* end_of_track */
};
static void container_loaded(sp_playlistcontainer *pc, void *userdata)
{
// container is fully loaded now it should be safe to query the container
int num_playlists = sp_playlistcontainer_num_playlists(pc);
}
static void logged_in(sp_session *sess, sp_error error)
{
// get playlist when user is logged in
sp_playlistcontainer *pc = sp_session_playlistcontainer(sess);
// add callbacks
sp_playlistcontainer_add_callbacks(
pc,
&pc_callbacks,
NULL);
/* rest of code */
}
I have been developing an application that uses winapi to get administrator group members. I used NetLocalGroupGetMembers method for that purpose. My problem is when i try to free buffer's heap space i get ERROR_INVALID_PARAMETER (Error Code 87) from NetApiBufferFree method. I have administrator privileges for the application.
Here is the code:
#include <stdio.h>
#include <windows.h>
#include <process.h>
#include <lm.h>
#include <time.h>
#include <assert.h>
#define SLEEP_TIME 2000
#define OS_GROUP_NAME L"administrators"
void createServiceThread();
DWORD WINAPI mainServiceThread( LPVOID lpParam );
char** getUsersByLocalGroup();
void freeNetApiBuffer(LPVOID buffer);
int localGroupUserCount;
int WriteToLog(char* str)
{
printf("%s\n", str);
return 0;
}
int main()
{
createServiceThread();
}
void createServiceThread(){
WriteToLog("Application Started...");
while(TRUE){
mainServiceThread(NULL);
Sleep(SLEEP_TIME);
}
WriteToLog("Application Closed...");
}
//-------------------------------------------
// A function that represents Main Service Thread
//-------------------------------------------
DWORD WINAPI mainServiceThread( LPVOID lpParam )
{
time_t startTime;
time (&startTime);
char startTimeText[30];
sprintf(startTimeText, "Service Loop Started %s", ctime(&startTime));
WriteToLog(startTimeText);
localGroupUserCount = 0;
char** localGroupUsers = getUsersByLocalGroup();
WriteToLog("User not found...");
time_t endTime;
time (&endTime);
char endTimeText[30];
sprintf(endTimeText, "Service Loop Ended %s", ctime(&endTime));
WriteToLog(endTimeText);
}
char** getUsersByLocalGroup(){
WriteToLog("getUsersByLocalGroup started");
LOCALGROUP_MEMBERS_INFO_3 *pBuf;
DWORD dwLevel = 3;
DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
DWORD dwEntriesRead = 0;
DWORD dwTotalEntries = 0;
DWORD dwResumeHandle = 0;
NET_API_STATUS nStatus;
WriteToLog("Call NetLocalGroupGetMembers");
nStatus = NetLocalGroupGetMembers(
NULL,
OS_GROUP_NAME,
dwLevel,
(LPBYTE *) &pBuf,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries,
NULL
);
// nStatus = ERROR_SUCCESS;
WriteToLog("NetLocalGroupGetMembers called");
//
// If the call succeeds,
//
if (nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA)
{
DWORD i;
DWORD dwTotalCount = 0;
WriteToLog("Correct Status");
if (pBuf != NULL)
{
//
// Loop through the entries.
//
for (i = 0; (i < dwEntriesRead); i++)
{
assert(pBuf != NULL);
if (pBuf == NULL)
{
char bufError[] = "";
sprintf(bufError, "An access violation has occurred %d", stderr);
WriteToLog(bufError);
break;
}
LPWSTR userNameOnBuffer = pBuf->lgrmi3_domainandname;
pBuf++;
dwTotalCount++;
}
localGroupUserCount = dwTotalCount;
char totalCount[] = "";
sprintf(totalCount, "Entries enumerated: %d", dwTotalCount);
WriteToLog(totalCount);
}
//
// Otherwise, print the system error.
//
else{
char systemError[] = "";
sprintf(systemError, "An system error has occurred %d - %d", stderr, nStatus);
WriteToLog(systemError);
}
}
//
// Free the allocated buffer.
//
if (pBuf != NULL)
{
NET_API_STATUS nBufferFreeStatus = NetApiBufferFree((LPVOID)pBuf);
if(nBufferFreeStatus == NERR_Success){
WriteToLog("Succesfully freed buffer");
}
else{
WriteToLog("Error occured freeing buffer");
}
pBuf = NULL;
}
WriteToLog("getUsersByLocalGroup finished");
return NULL;
}
In your loop you have the line pBuf++;. This modifies pBuf which means that the value you are freeing is not the value that was allocated. Hence the invalid parameter.
Also, these lines
char totalCount[] = "";
sprintf(totalCount, "Entries enumerated: %d", dwTotalCount);
create a stack buffer overflow, which is probably corrupting your pBuf variable. There is another instance of it a few lines later.
In general, here's how you debug it: Set a breakpoint as soon as NetLocalGroupGetMembers returns. Look at the value in pBuf and write it down in a safe place. Set another breakpoint when you are about to call NetApiBufferFree. Look at the value of pBuf you are passing. Is it equal to the value you wrote down earlier? If not, then you have a bug. Use the debugger to find out why you are passing the wrong value.