Trying to determine where a message is coming from - detours

I have a complex application. There is a WM_MOUSEMOVE message coming from somewhere with the same coordinates as the last WM_MOUSEMOVE.
So I tried to iterate through all loaded modules to try and detour (using MS Detours 3.0) any ::PostMessageA() and ::PostMessageW() call from every one of them. When I did this, the only module that showed up as having these functions was C:\WINDOWS\SYSTEM32\USER32.dll (well duh!).
I had thought that every module would have it's own call jump table, which is why I thought I could detour on a per module basis, but this doesn't seem to be the case, or if it is, then it is not recognized by the DetourFindFunction() command. Detouring from the local module from C:\WINDOWS\SYSTEM32\USER32.dll will result in only the calls from the local module will be detoured (I think).
Is there some way to detour the same function in each module that is loaded from a common executable?
Might it be possible to have code execute from the POV of the loaded module?

Seems that I was wrong. I do appear to be intercepting all messages, which is awesome!
However, the message isn't the result of a PostMessage() command. Not exactly sure what is causing lower down as yet (or that I really need to know, probably there is some other internal windows mechanism used to add to the message queue), but it would appear that it is triggered by a DLL that is using SendMessage(hwnd, WM_MOUSEMOVE, 0, MAKELPARAM(-1, -1)). This is making it appear to the system that the mouse is moving, and thus sending out another WM_MOUSEMOVE with the same position.

Related

RPG program error: Error MCH3601 was detected in file

We have been facing a very strange issue with one of our RPGLE programs that bombs intermittently with the subjected error.
This happens specifically at a line where a write operation is performed to a subfile record format. I have debugged and checked all the values assigned to variables during runtime and could not find absolutely no issues. As per the https://www.ibm.com/support/pages/node/644069 IBM page, I can only assume that this might be related to the parameter definitions of the programs called within the RPG. But I have checked the parameters of each and every prototyped program call and everything seems to be in sync.
Can some one please guide on the direction to go to find out the root cause of this problem?
But I have checked the parameters of each and every prototyped program
call
Assuming you're using prototypes properly, ie. there is one prototype defined in a separate source member and it is /INCLUDE into BOTH the caller and the callee...
Then prototype calls aren't the problem, as long as you're properly handling any *OMIT and *NOPASS parameters.
Look at any old style CALL or CALLB calls and anyplace you're not using prototypes properly...meaning there's a explicit PR coded in both caller & callee.
Note that you it's not just old-style calls made by the program that bombs, it's calls made anywhere down the call chain.
And if the program is repeatedly called with LR=*OFF or without reclaiming resources, then it could be any old style calls up the call chain also.
Lastly, old style calls include any made by CL or CLLE programs.
Good luck!

safely executing arbitrary code

I have a program that can get code from a user as input (This question is language-agnostic, though I am primarily interested in answers for Java and Python). Usually, this code is going to be useful, but I don't have a guarantee that the user isn't making a mistake, or even deliberately giving malicious code.
I want to be able to execute this code safely, i.e. without harmful side effects if it turns out to be faulty or malicious.
More specifically:
the user specifies that the input code should operate on some objects that exist in the primary program (the program that gets the code from the user and executes it). Optimally, it should be able to access these objects directly, but sending them over to the child program through some communication protocol or a file is also fine.
in the same way, the code should generate some output that is transmitted back to the parent program.
the user can specify whether the code should be allowed to access any other data, whether it should be allowed to read or write to files, and whether it should have access to any other interfaces or OS methods.
it is possible to specify a maximum runtime after which the code will be interrupted if it hasn't finished executing yet.
the parent program and the code to execute may be different languages. You can assume that the programs necessary to compile and execute the given code are installed and available to the parent program. If the languages are different assume that some standard format like JSON can be used for transmitting the data (or is there a way to do this more efficiently?)
I think that this should be doable with a Virtual Machine. However, speed is a concern and I want to be able to execute many code blocks quickly, so that creating and tearing down a VM for each of them may be prohibitively expensive.
Another option is creating a sandbox, which e.g. Java can do, but as far as I am aware only for executing other Java code. I am unable to find a solution to do this with arbitrary languages.
For which languages does this work well, for which is it difficult?
Is this easier on some OS than on others?

libspotify: music_delivery callback not firing

I've successfully loaded a Spotify track from a playlist (verified by tracing the track name out to the screen), passed it to be played using sp_session_player_load and sp_session_player_play(sess, 1).
However my music_delivery callback is never called (I've have some trace in there to show when it is). The libspotify FAQ seems to imply that it will be invoked by an internal thread inside the API and I do not need to invoke sp_session_process_events to start the streaming.
My application is singly threaded so I'm assuming there is no locking issue in my code.
Sources:
libspotify Haskell binding:
https://github.com/mrehayden1/libspotify
(You will need libspotify installed to get this to compile: https://developer.spotify.com/technologies/libspotify/#download)
The application code:
https://github.com/mrehayden1/harmony
A few ideas:
I do not need to invoke sp_session_process_events to start the streaming.
This is somewhat correct, however, you must trigger sp_session_process_events when you get a notify_main_thread callback — this comes in on another thread, so you need to correctly delegate this back to your main thread to make the call.
Since you mention you only have a single thread, make sure you're not spinning in a tight loop somewhere — something like while (!sp_track_is_loaded(track)) {} — since a lot of work in libspotify goes on in the thread you make the calls on, doing this will cause libspotify to be unable to do any work, and everything will grind to a halt.
passed it to be played using sp_session_player_load and sp_session_player_play(sess, 1).
What are the results of these calls? Loading metadata isn't the same as loading for playback, so you might be getting SP_ERROR_IS_LOADING back from the play call. In addition, the track might not be playable for some other reason, so the error is important.
If you're still having trouble, the problem may be in the bindings or elsewhere in your code. Check the jukebox example that comes with libspotify for an example C implementation of playback.

How to make asynchronous HTTP call with callback in Lua?

I need to make asynchronous HTTP call to my server in order to receive XML response.
After I get the response I will call a [previously specified] function if it is success or some other function if it's an error.
So what I thought about in the first place was coroutines. Unfortunately, after I make the http.get call I cannot yield, as it will wait for the whole thing to finish. I know I can use separate functions to read the response, however I have to wait at least for the first bytes of data in order for this function to be triggered which would allow me to yield. Anyway, for what I wan to do using coroutines doesn't look like the way to go.
Then I've tried calling a C function from lua, creating separate thread to get the XML and then call a function in Lua, however this doesn't work because of lua_state changing after a new thread is created. Before the thread is created I can see 3 parameters on the stack, and after creation of the new thread [I am passing lua_State as the argument] it has only one. Anyway, from what I understand lua_State will be closed once the original cfunction call is finished, so I won't be able to call back.
Since I'm just starting with lua and I'm even less familiar with lua to c bindings I can only hope I'm making some stupid mistakes and it will be easy to solve. For now however I'm stuck with no idea on how to progress further.
The story behind this issue:
I'm porting my game from Cocos2D objective C framework to Cocos2d-X C++ framework. I want to use Lua bindings as I think I will fail to port it to C++. Anyway I want to do it in Lua.
So I've got a scene where someone accesses a list of inventory they have in the game. If the response is immediate they will basically see a window opened with list of inventory. However, if it takes a tad bit longer to get the data [connection issues, sever overload... whatever] screen will fade out and some animation indicating data transfer will be shown on screen. At least this is how it works on the objc version of the game and I want the same thing.
Is there something I have missed during my research, is it possible to do it?
BTW I have seen Lua socket asynchronous calls and it doesn't help me because it still waits for the beginning of the transfer before it will start another one.
Something like Luvit ?
Luvit is an attempt to do something crazy by taking nodeJS's awesome
architecture and dependencies and seeing how it fits in the Lua
language.
This project is still under heavy development, but it's showing
promise. In initial benchmarking with a hello world server, this is
between 2 and 4 times faster than nodeJS.
I was able to do it using https://github.com/Neopallium/lua-llthreads
This seems to work fine on both iOS and Android platforms.

Linux iNotify one shot and event mask problem

I'm trying to use iNotify in linux rhel5, kernel 2.6.18, glibc 2.5-18. I did not define the event as one shot but for some some reason it behaves as if I did. The impact is that I have to re-add a watch after each event. Any one ever used iNotify? Another problem is that the mask returned in the event object contains only one flag: IN_ONE_SHOT.
Write the smallest example you can and test that. If it demonstrates the behaviour you are talking about then add it to your question. If it behaves normally then add a little more of your code and test again. Keep repeating until you have reproduced the error or you have your code working. Often I find that building a toy program tells me exactly what I am doing wrong that I could not see in a larger program.
It is probable that inotify is implicitly deleting the watch because the file is being deleted. The behaviour is subtly referred to by the manual page (see the section on the IN_IGNORED event). You can check if this is happening by checking if the flag IN_IGNORED is set in the inotify_event populated by your call to read.
See also inotify delete_self when modifying and saving a file for why the file may be deleted without your knowledge or action during what you think is just a modification.

Resources