[mdlug] Reverse-engineering data protocols
David McMillan
skyefire at skyefire.org
Thu Mar 3 15:08:17 EST 2011
On 3/3/2011 2:22 PM, Ingles, Raymond wrote:
>
> Well, there's one other option if you can't reverse-engineer the
> handshake. Set up a virtual machine on Linux, running Windows. Run the
> logging software in there. Export the drive so that the Linux host can
> read it. Have the Linux host watch for data files and copy them off
> somewhere safe.
No good, I'm afraid. Without a manual intervention pushing
keys/clicking mouse, the server software produces no files at all --
it's all buffered in RAM until the user manually directs the software to
export a log file. One side-effect of this is that on occasions where
I've left the data stream running for too long (as in, tens of minutes),
my pagefile usage soars until the entire computer chokes.
>
> Well, if the raw file is just binary floats (with possibly integer
> timestamps) then you'll have some work to do. Write a simple program
> that'll take different 4-byte chunks, interpret them as a float, and
> print them out (possibly with the endianness flipped). Compare the
> values with the numbers in the text file, and see if they match up. If
> so, look at the bytes immediately around the bytes you've identified,
> and see if they can be interpreted as a timestamp. (They should
> increment...)
Ahhh, yes, I think I see what you're getting at. Okay, yeah,
that's the kind of starting point I was looking for. Thanks!
More information about the mdlug
mailing list