I'm working on a utility that would enable me to identify what interfaces/adapters are available for use on windows, using c++.
My question is are there any functions or programs already available to identify interfaces or adapters(bluetooth, wifi, wifi-direct, nfc) available with simple output (Either I have it or I don't have it, true/false, etc).
While there exists functions that enumerate interfaces (See: http://msdn.microsoft.com/en-us/library/windows/desktop/ms706749%28v=vs.85%29.aspx) , the data returned from calling these is much too excessive and or unique, I'm simply looking for a true/false on whether the system has bluetooth, wifi, wifi-direct, and/or nfc, before I begin attempting to create sockets / call services from them.
It looks to be an uphill battle at the moment to do this, which makes me curious if this is not already available to me by calling some more convenient functions, or has been done by someone else. I've considered that simply trying to connect could give me an error which I could use as "proof" that there isn't some interface available, but this seems very inappropriate and error prone.
If not I will begin writing it but it's looking like I'd be running through more output than should be necessary for something this simple.
Any information would be useful, and thank you!
EDIT: Jerry Coffin's suggestion works, although I'm waiting on getting hardware to so I can test it against wifi-direct and nfc.
Related
I have an unmanaged c++ application that I'd like to port to Windows Raspberry Pi. It was originally developed on an embedded platform but was written to be highly portable using a pseudo-HAL to wall off the 10-15% of platform specific code. So it easily ports to / runs on windows desktop as well with zero changes to the common ~85%. It's currently written to support ANT+ sensors though we would like to add (or may possibly replace ANT with) BT/LE support. That said from looking at a ton of docs and examples online it's not super clear if it's even possible without a rewrite. If it comes to that though we would probably target linux instead. Anyway, three questions -
(1) Is it even possible?
(2) If so what is the best approach (i.e. what API's should I be looking at, and how should I wrap them for unmanaged use)?
(3) Is there a way to programatically pair the RP with our target sensors on the fly, i.e. scan for available sensors and pair by a predefined type and possibly ID (and again if so what API's should I look at)?
I hate to ask such open ended questions but it's just not clear from the examples I've been looking at online since everything is pretty much UWP oriented and I'm not really familiar with any of that at all. Just looking to get a yes/no on feasibility and a point in the right direction if so. Thanks for any input, chris
Figured I'd follow up on this for anyone else that goes down the same path... here's what I found eventually -
1) Is it even possible... Yes it's possible. I was able to get it working though due to the lack of documentation/examples what I came up with may not be the optimum solution. It does seem solid though from the limited testing I've done.
2) If so what is the best approach... Again, not sure this is the best approach but the very short answer is that do make it work you need to use WRL via COM. All the interfaces needed for both scanning and pairing are found in "windows.devices.enumeration.h" and you'll want to use the following namespaces - ABI::Windows::Foundation; Microsoft::WRL; Microsoft::WRL::Wrappers; ABI::Windows::Devices::Enumeration. Since many of the objects/interfaces you'll need are not documented at all (e.g. "IDeviceInformationStatics2") you'll need to use QueryInterface a good bit to find out what's available.
3) Is there a way to programatically pair... Yes, as noted above it's possible. It took me a few weeks to pick through it all and get it working but looking at the various related examples online and piecing it together it seems to work. One thing that I was concerned about was passing BLE pin codes where needed without a UI. That works too though again not really documented (see "AcceptWithPin")....
So I've studied some reverse engineering lately and I'd really like to have a more better idea about how things like sa-mp and mafia 2 multiplayer are actually made. When I connect to a server in sa-mp and it starts the game. Does it inject a dll or something at this point to control the flow of the game and remove all the npcs from the cities etc? I am not really asking anything really specific but just the idea. I looked at the source codes of a few similar projects but didn't really get how it all starts. I would appreciate that someone who has knowledge about these things could enlighten me.
This is really something that has interested me since I discovered these mods so I look forward to hearing from you.
A big part of the work that needs to be done when developing such software is reverse-engineering.
This includes figuring out how the game client works and how you will be able to perform tasks with it. Things to generally look for may include:
the data structure / container that holds all entities of the game
the structure of important classes from which you will need to read information (positions, health, ammunition... )
ways to control the client. This starts with simple stuff like emulating key presses to calling controlling functions of the game or to directly manipulate the network traffic.
After that the preferred way to interact with the target process is to write a dynamic library (DLL). This has the main advantage that you have shared virtual memory with the target and therefore are able to dereference pointers like you would own all the data. You can directly read and write memory, call functions, detour functions etc.
If you have enough understanding of the client you can modify it up to the limits of you imagination.
It seems to me that the mod you linked also created its own server. The server will just be a regular game server (built with the information you gathered) which you have full control over. The client side needs to be implemented inside the DLL.
Could people please give me pointers (no pun intended) for topics I will need to research in order to be able to do this? I'm not really an expert on Windows, however I'm very quick at picking up new concepts.
I saw the process monitor program which Mark Russinovich and Bryce Cogswell wrote:
http://technet.microsoft.com/en-gb/sysinternals/bb896645
which can look at everything happening registry key-wise within the kernel. I've been able to do this sort of thing using C# and user-level registry accesses in the past, but i couldnt reach the kernel using the wrapper suite I got from codeproject.
Can people please help with me regards to where i should start? I guess i'm asking more for help on the Windows/OS aspect of this.
Reason for doing this:
(I'm more of a Java than C++ programmer, however I want to get into the latter. The best way to learn is to do something which interests you, so as i'm interested in real-time applications, this is the cheapest one I could think of (without having to pay for data).)
For kernel-mode, take a look at CmRegisterCallback.
I believe Process Monitor uses the Event Tracing for Windows functions, however; see, for example, EtwRegister.
Writing a kernel-mode driver to intercept registry reads/writes is extremely difficult. If you just want to see both user and kernel-mode registry accesses, the best way to do so is via a real-time ETW trace listener. With this, you get all of the monitoring you want, without the terrifying proposition of modifying a running kernel. Mark doesn't use this because at the time it didn't exist, but nowadays I'm sure he'd recommend you do this instead. If you're familiar with DTrace on Linux, ETW is Windows' closest equivalent (it's as performant as DTrace, but not nearly as user-friendly or scriptable)
Check out http://blogs.msdn.com/b/matt_pietrek/archive/2005/03/23/401080.aspx for an intro to ETW, and here's a question on SO related to real-time ETW consumers: How do I register as a real-time ETW consumer for NT Kernel Events?
I have embedded Lua in a C++ application. I need to be able to kill rogue (i.e. badly written scripts) from hogging resources.
I know I will not be able to cater for EVERY type of condition that causes a script to run indefinitely, so for now, I am only looking at the straightforward Lua side (i.e. scripting side problems).
I also know that this question has been asked (in various guises) here on SO. Probably the reason why it is constantly being re-asked is that as yet, no one has provided a few lines of code to show how the timeout (for the simple cases like the one I described above), may actually be implemented in working code - rather than talking in generalities, about how it may be implemented.
If anyone has actually implemented this type of functionality in a C++ with embedded Lua application, I (as well as many other people - I'm sure), will be very grateful for a little snippet that shows:
How a timeout can be set (in the C++ side) before running a Lua script
How to raise the timeout event/error (C++ /Lua?)
How to handle the error event/exception (C++ side)
Such a snippet (even pseudocode) would be VERY, VERY useful indeed
You need to address this with a combination of techniques. First, you need to establish a suitable sandbox for the untrusted scripts, with an environment that provides only those global variables and functions that are safe and needed. Second, you need to provide for limitations on memory and CPU usage. Third, you need to explicitly refuse to load pre-compiled bytecode from untrusted sources.
The first point is straightforward to address. There is a fair amount of discussion of sandboxing Lua available at the Lua users wiki, on the mailing list, and here at SO. You are almost certainly already doing this part if you are aware that some scripts are more trusted than others.
The second point is question you are asking. I'll come back to that in a moment.
The third point has been discussed at the mailing list, but may not have been made very clearly in other media. It has turned out that there are a number of vulnerabilities in the Lua core that are difficult or impossible to address, but which depend on "incorrect" bytecode to exercise. That is, they cannot be exercised from Lua source code, only from pre-compiled and carefully patched byte code. It is straightforward to write a loader that refuses to load any binary bytecode at all.
With those points out of the way, that leaves the question of a denial of service attack either through CPU consumption, memory consumption, or both. First, the bad news. There are no perfect techniques to prevent this. That said, one of the most reliable approaches is to push the Lua interpreter into a separate process and use your platform's security and quota features to limit the capabilities of that process. In the worst case, the run-away process can be killed, with no harm done to the main application. That technique is used by recent versions of Firefox to contain the side-effects of bugs in plugins, so it isn't necessarily as crazy an idea as it sounds.
One interesting complete example is the Lua Live Demo. This is a web page where you can enter Lua sample code, execute it on the server, and see the results. Since the scripts can be entered anonymously from anywhere, they are clearly untrusted. This web application appears to be as secure as can be asked for. Its source kit is available for download from one of the authors of Lua.
Snippet is not a proper use of terminology for what an implementation of this functionality would entail, and that is why you have not seen one. You could use debug hooks to provide callbacks during execution of Lua code. However, interrupting that process after a timeout is non-trivial and dependent upon your specific architecture.
You could consider using a longjmp to a jump buffer set just prior to the lua_call or lua_pcall after catching a time out in a luaHook. Then close that Lua context and handle the exception. The timeout could be implemented numerous ways and you likely already have something in mind that is used elsewhere in your project.
The best way to accomplish this task is to run the interpreter in a separate process. Then use the provided operating system facilities to control the child process. Please refer to RBerteig's excellent answer for more information on that approach.
A very naive and simple, but all-lua, method of doing it, is
-- Limit may be in the millions range depending on your needs
setfenv(code,sandbox)
pcall (function() debug.sethook(
function() error ("Timeout!") end,"", limit)
code()
debug.sethook()
end);
I expect you can achieve the same through the C API.
However, there's a good number of problems with this method. Set the limit too low, and it can't do its job. Too high, and it's not really effective. (Can the chunk get run repeatedly?) Allow the code to call a function that blocks for a significant amount of time, and the above is meaningless. Allow it to do any kind of pcall, and it can trap the error on its own. And whatever other problems I haven't thought of yet. Here I'm also plain ignoring the warnings against using the debug library for anything (besides debugging).
Thus, if you want it reliable, you should probably go with RB's solution.
I expect it will work quite well against accidental infinite loops, the kind that beginning lua programmers are so fond of :P
For memory overuse, you could do the same with a function checking for increases in collectgarbage("count") at far smaller intervals; you'd have to merge them to get both.
I have a DLL which I intend to send to a 3rd party and I'd like to protect it by restricting it to run only if a specific USB device is connected.
I'm using the setupapi to get the device's serial number (by calling SetupDiGetDeviceInstanceId()).
I would like to make the verification hard to track in case someone disassembles the DLL.
for example, a simple call to SetupDiGetDeviceInstanceId is trackable and if someone wants to use my DLL without the proper serial from the USB, he could easily look for my strcmp in the assembly code and change if(strcmp(...) == 0) to if(strcmp(...) == 1).
What would be a good (and preferably "easy") approach for protecting my code against reverse engineering? Is there maybe a different API (other than setupapi) I could use that would take care of that?
Thanks in advance!
I find restricting software like that usually comes and bites you later. The work of finding a way to implement it in a "fool proof" manner is often underestimated and could also unintentionally cripple the product in the end annoying legit customers. Better to instead to provide good support and do frequent updates. Any protection can be circumvented so I wouldn't spend too much time on that.
You clearly cannot just read the serial number and compare to a known-good value -- that's trivial to find and remove.
To make things a bit more difficult, use a cryptographic hash (e.g., SHA-256) of the serial number to a cryptographic hash of the correct serial number. Make sure the code for the hash is generated inline, so you a fairly large mess of "stuff" between reading the serial number and doing the jump based on the comparison of the hash value. This won't stop a determined attacker, but it'll stop most people who just glance at the code in a debugger and aren't willing to spend a lot of time on reverse engineering it.
If you want to make things more difficult still, store some of your code in encrypted form, with the correct serial number as the key. At run time, read the serial number and use it to decrypt the code. If it's wrong, the result will be bad code, which you can either execute as is (knowing it will quickly crash and burn) or you can do some sort of checksum to verify the result, and fail a bit more gracefully (i.e., display an error message and die) if the code didn't decrypt correctly.
In my opinion it cannot be easy for you and hard for the 3rd party. An id check is too easily found and disabled. I would try to move some essential, hard to figure out computation of your DLL into the external device.