[mdlug] Reverse-engineering data protocols
Stan Green
Stan at mcomputersolutions.com
Thu Mar 3 22:53:26 EST 2011
On Thursday 03 March 2011 03:08:17 pm David McMillan wrote:
> On 3/3/2011 2:22 PM, Ingles, Raymond wrote:
> > Well, there's one other option if you can't reverse-engineer the
> > handshake. Set up a virtual machine on Linux, running Windows. Run the
> > logging software in there. Export the drive so that the Linux host can
> > read it. Have the Linux host watch for data files and copy them off
> > somewhere safe.
>
> No good, I'm afraid. Without a manual intervention pushing
> keys/clicking mouse, the server software produces no files at all --
> it's all buffered in RAM until the user manually directs the software to
> export a log file. One side-effect of this is that on occasions where
> I've left the data stream running for too long (as in, tens of minutes),
> my pagefile usage soars until the entire computer chokes.
>
If you could allow a timed log dump (e.g. every 5 min.) then you could use a
product like Autoit (http://www.autoitscript.com/site/autoit/), which is a
scripted keyboard and mouse simulator, on the Windows box to dump the log.
This product can run just about any Windows program from a script. I use it
every day to do little task and some days to do big ones. It is not open
source, but it is freeware.
> > Well, if the raw file is just binary floats (with possibly integer
> > timestamps) then you'll have some work to do. Write a simple program
> > that'll take different 4-byte chunks, interpret them as a float, and
> > print them out (possibly with the endianness flipped). Compare the
> > values with the numbers in the text file, and see if they match up. If
> > so, look at the bytes immediately around the bytes you've identified,
> > and see if they can be interpreted as a timestamp. (They should
> > increment...)
>
> Ahhh, yes, I think I see what you're getting at. Okay, yeah,
> that's the kind of starting point I was looking for. Thanks!
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
More information about the mdlug
mailing list