I've built the Qt+Bonjour integration demo from Qt Quarterly, but one thing I can't wrap my head around is that a single call to DNSServiceProcessResult() is calling the DNSServiceResolveReply callback function twice.
It should be calling it once! What I mean is, this single line:
DNSServiceErrorType err = DNSServiceProcessResult(dnssref);
Results in the DNSServiceResolveReply callback I passed to DNSServiceResolve to be called twice.
The interfaceIndex is different - first time it is 10000010, second time it is 20, but I have no idea what that means.
All other parameters are the same between calls (except flags, of course, which is kDNSServiceFlagsMoreComing the first time and 0 the second).
Edit
This is how I call the DNSServiceResolve function.
DNSServiceErrorType err = DNSServiceResolve(&dnssref, 0, 0,
record.serviceName.toUtf8().constData(),
record.registeredType.toUtf8().constData(),
record.replyDomain.toUtf8().constData(),
(DNSServiceResolveReply)bonjourResolveReply, this);
I found the problem, it was that I was passing 0 for the interfaceIndex when calling DNSServiceResolve.
The docs say that:
If this resolve call is
as a result of a currently active DNSServiceBrowse() operation, then the
interfaceIndex should be the index reported in the DNSServiceBrowseReply
callback. If this resolve call is using information previously saved
(e.g. in a preference file) for later use, then use interfaceIndex 0, because
the desired service may now be reachable via a different physical interface.
Related
For some reason, I cannot get the address of IUnknown_AddRef_Proxy and IUnknown_Release_Proxy using the DetourFindFunction() or locate it using SymEnumSymbols(). I found another one in rpcrt4, but have determined that there is one in combase that is the one I'm looking for.
The two functions I've used can locate the one in rpcrt4 but not in combase, and yet, when I get to the line in comip.h where it calls the respective functions, it does not call the one in rpcrt4 but the one in combase. This information must be available somewhere since the VS debugger shows it on the call stack. How do I get the address of the one in combase?
I'm trying to change Intel network adapter settings using WMI. Accessing the classes works fine but according to the Intel documentation page 40 i need to call two methods in order to apply those changes.
So the IANet_NetService class should have the methods BeginApply and Apply. When I check this using PowerShell command get-wmiobject -namespace root\intelncs2 -class IAnet_NetService | get-member I can confirm that these methods are present.
The Intel documentation says I should enumerate the single instance in IANet_NetService.
So when I use CreateInstanceEnum method it will give me one result in the enumeration, but when I try to enumerate the methods for this instance, it won't find any.
Later I tried to use CreateClassEnum which had no results.
At last I tried a simple GetObject call to get the IANet_NetService item. With this item I was also able to enumerate the methods and find the BeginApply and Apply methods.
It is also possible to call GetMethod to receive the signature information. For the BeginApply method it has no input parameters which is correct according to the Intel docs. So I try to execute this method using pService->ExecMethod(L"IAnet_NetService", L"BeginApply", 0, 0, 0, &pOutInst, 0); which return WBEM_E_INVALID_METHOD_PARAMETERS. MSDN says this may be returned when the input parameters are wrong or I'm missing a [static] qualifier on the method.
The input parameters are correct, but I do not know what the missing [static] qualifier means in this case.
Anyone knows how to call this method?
The problem was, that i needed to use the GetObject/GetMethod combination to retrieve the input parameters and after this get the only instance of the object and ask for it's path. This path replaced L"IAnet_NetService" on the ExecMethod call and it's working.
WMI Method call without parameters:
This one is the exact code reference:
IEnumWbemClassObject * enum_obj;
hres = pSvc>CreateInstanceEnum(_bstr_t(L"IANet_NetService"),WBEM_FLAG_RETURN_IMMEDIATELY , NULL ,&enum_obj);
IWbemClassObject * spInstance;
ULONG uNumOfInstances = 0;
hres = enum_obj->Next(10000, 1,&spInstance,&uNumOfInstances);
VARIANT path;
hres = spInstance->Get(_bstr_t("__Path"), 0,&path, 0, 0);
IWbemClassObject *results = NULL;
hres = pSvc->ExecMethod( path.bstrVal, _bstr_t( L"Apply" ), 0,
NULL,NULL,&results, NULL );
I wanna to use NPAPI plugin in my app and i created a functions, provides by a browser to plugin. Load library, initialization and start, all goes well, until it comes to a function NPP_New. This function makes crash, because NPP pointer (tried instead to specify 0 - the function returns an error code 2 "Invalid Instance" and not crash). I think there is a problem in memory access.Found several ways of memory sharing, but I do not know exactly what is appropriate in this case.
// ...
char szMimeType[] = "application/x-some-plugin";
NPP_t npp; npp.pdata = 0; npp.ndata = &npp;
UINT result = NPP_New(szMimeType, &npp, NP_FULL, 0, 0, 0, NULL);
// ...
#Georg Fritzsche, you were right! The problem was in pointers to NPN_ functions. Variable NPNetscapeFuncs pNpnFuncs create and fill as a local in one of my functions and thus destroyed on completion of the function. When I did pNpnFuncs global variable - everything was fine work.
I need to call a function of an object and pass it a variable. Because I need to make multiple call to function of this object I've tried to make one only handler that invoke the specific function by the form value I pass it. The code works, but CFBuilder show me that there is an error (missing semicolon on the last row). I'm on Railo.
local.myReport = seoUtility.init();
local.func = form.action;
local.report = local.myReport[local.func](form.user);
So the question is: this code is correct? I could simply ignore the cfbuilder error icon?
If you don't want CFBuilder to nag you about the syntax, you can change to this:
local.myReport = seoUtility.init();
local.func = local.myReport[form.action];
local.myReport.func = local.func;
local.report = local.myReport.func(form.user);
This sets local.func to the instance of seoUtility as a reference to the actual function you want to call, preserving its relationship to the parent object. This way the offending []() syntax isn't needed.
However, this only works if seoUtility.init() is returning a fresh instance every time, as opposed to a singleton shared by the application, in which case there would be a race condition on all calls to local.myReport.func().
Problem:
I am injecting into a program and patching calls but I was wondering if there is any way to walk through the application line by line and find specific calls. _IE: Lets say the program 'Foo.exe' has a call to MessageBox at some location in memory.
If I did the following code: ( just a rough idea )
a = GetModuleHandle ( "<dll>" );
b = GetProcAddress ( a , "<name>" );
swap ( b , (DWORD)*fake_function );
-- Everything works out fine, until you start calling the actual function - which creates a huge loop that goes on forever (ouch).
Now I am not sure about this and I may be wrong but ... does the above code replace the 'Foo.exe' calls in memory, or does it replace the dll's function with 'fake_function'?
I am interested in a few things ...
A ) How can I find all the memory locations in 'Foo,exe' that call MessageBox and replace the memory locations with a call to 'fake_function'?
B ) How does detours solve this problem?
You don't need to locate all the instances where MessageBox gets called, instead you can hook the function. It seems like you have the general idea down, but what you want to do is walk the PE import table for the module in question. When you're walking it, you look for the function you want to hook and then you do the swap. From then on whenever the module calls the MessageBox function it will look for a reference to the function in the import table and find the address to your function where it previously would have found the address to Microsoft's implementation of MessageBox. In your function you can do whatever you want and you can even call the original address of the MessageBox function that you would have had to save upon swap.