Post Reply 
Proxomitron reduces RWIN to 32768
Nov. 30, 2005, 03:56 PM
Post: #121
 
Hello,

I haven't followed this thread for a while, but I can say that the byte change from 04 to 00
finally solved the problem and the correct RWIN is used now.

Thanks to all.
Quote this message in a reply
Dec. 01, 2005, 06:34 AM
Post: #122
 
Quote:Is Proxomitron using another Proxy?

Are you sure the exe you hacked is the one you are using?

Use the patch at rapidshare to hack an original exe and see if that's ok.
No, no other proxy is being used.
Yes, the one I am using is the one which had the byte altered.
I patched an original copy unarchived from the zip file with the patch N45jrwin.exe and it made no difference. The RWIN is still 32768. Only without Prox does it go to 256960.
Add Thank You Quote this message in a reply
Dec. 01, 2005, 03:33 PM
Post: #123
 
Siamesecat Wrote:No, no other proxy is being used.
Yes, the one I am using is the one which had the byte altered.
I patched an original copy unarchived from the zip file with the patch N45jrwin.exe and it made no difference. The RWIN is still 32768. Only without Prox does it go to 256960.
Hmm....
So the only difference between a speedguide test with Proxomitron and without is RWIN?
If you have Proxomitron in bypass or use another proxy instead of Proxomitron, then what?
Have you tried it with IE and another browser?
Which OS are you using.

Maybe there is a second setting for proxies in the OS or elsewhere but I've not read of that.
As far a Proxomitron goes, I don't see another 32768 that looks like RWIN.

Hmmm...
What happens if you change
00 80 00 00 6a 04
to
00 40 00 00 6a 04
??

--
JJoe
Add Thank You Quote this message in a reply
Dec. 01, 2005, 11:45 PM
Post: #124
 
Ah, that's it. Edited it, and now no more problems. :-)

Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

Kevin
Add Thank You Quote this message in a reply
Dec. 02, 2005, 12:56 AM
Post: #125
 
laighleas Wrote:Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

One potato, two potato, .... ;-)

http://en.wikipedia.org/wiki/Decompiler
http://en.wikipedia.org/wiki/Debugger

--
JJoe
Add Thank You Quote this message in a reply
Dec. 02, 2005, 12:59 AM
Post: #126
 
laighleas;
Quote:Ah, that's it. Edited it, and now no more problems. :-)

Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

Kevin
Ah, that is the great secret, grasshopper! Microphone When you have learned how to use a run-time debugger, only then will you be ready to leave the temple. Popcorn Santa Claus Cool Cheers


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Dec. 02, 2005, 08:23 AM
Post: #127
 
Quote:If you have Proxomitron in bypass or use another proxy instead of Proxomitron, then what?
Have you tried it with IE and another browser?
Which OS are you using.

What happens if you change
00 80 00 00 6a 04
to
00 40 00 00 6a 04
I have no other proxy to use instead of Proxomitron. Bypass mode made no difference to the RWIN. I tried testing with Firefox (my usual browser) and IE, with no difference in results. I am using Windows XP Home SP 2.
I tried changing 8000006A00 to C000006A04 and then to 4000006A04 with no change in results. I even cleared the Prefetch out before making the first change - to C000006A04 - but it made no difference. Interestingly, the SpeedGuide also indicates that MTU Discovery is off, though I set it to "yes" with TCP Optimizer.
Add Thank You Quote this message in a reply
Dec. 02, 2005, 02:50 PM
Post: #128
 
Siamesecat,

are u going thru a router?

if so ck those settings
Quote this message in a reply
Dec. 02, 2005, 03:34 PM
Post: #129
 
Siamesecat Wrote:I have no other proxy to use instead of Proxomitron. Bypass mode made no difference to the RWIN. I tried testing with Firefox (my usual browser) and IE, with no difference in results. I am using Windows XP Home SP 2.
I tried changing 8000006A00 to C000006A04 and then to 4000006A04 with no change in results. I even cleared the Prefetch out before making the first change - to C000006A04 - but it made no difference. Interestingly, the SpeedGuide also indicates that MTU Discovery is off, though I set it to "yes" with TCP Optimizer.

I have a router that likes to pick its own settings but it uses the same settings proxy or no proxy.
Might be the adapter but ...

First, lets see if we can rule out Proxomitron.
Privoxy nor BFilter is suppose to have this problem.
http://www.privoxy.org/
http://bfilter.sourceforge.net/
Use Privoxy or BFilter instead of Proxomitron and see if you get 32768.

--
JJoe
Add Thank You Quote this message in a reply
Dec. 02, 2005, 04:58 PM
Post: #130
 
JJoe Wrote:
laighleas Wrote:Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

One potato, two potato, .... ;-)

http://en.wikipedia.org/wiki/Decompiler
http://en.wikipedia.org/wiki/Debugger

Ah! Now out of curiosity, does it make any difference which language was used to write the program? What's the output of the decompiler or debugger in?

Bear in mind I know nowt about this side of computing. Furthest I've gone so far is the registry and (under DOS, years back) manually editing boot sectors when they'd been buggered.

Kevin
Add Thank You Quote this message in a reply
Dec. 02, 2005, 05:00 PM
Post: #131
 
Oddysey Wrote:Ah, that is the great secret, grasshopper! Microphone When you have learned how to use a run-time debugger, only then will you be ready to leave the temple. Popcorn Santa Claus Cool Cheers

:-) I take it learning something about programming might also be useful?! :-)

So which runtime debugger>

Kevin
Add Thank You Quote this message in a reply
Dec. 02, 2005, 11:35 PM
Post: #132
 
laighleas Wrote:
JJoe Wrote:http://en.wikipedia.org/wiki/Decompiler
http://en.wikipedia.org/wiki/Debugger
Ah! Now out of curiosity, does it make any difference which language was used to write the program? What's the output of the decompiler or debugger in?
Hi Kevin,

The wiki and its links can explain things better than I can.
http://www.itee.uq.edu.au/~cristina/dcc.html
http://www.itee.uq.edu.au/~csmweb/decomp...sible.html
http://www.itee.uq.edu.au/~csmweb/decomp...thics.html
http://www.debugmode.com/dcompile/

The language used to write the program and many other things can get in the way.
Decompiler output may not be in the language of the original program but that may not matter.
In this case, I'd guess the original patch's author searched for 32768 and then recognized the code.

Download a couple of programs and take a look.
http://www.ollydbg.de/ looks good.
http://www.backerstreet.com/rec/rec.htm has some problems regarding C++ and crashing Win98.
The sites are informative regardless.
http://www.backerstreet.com/rec/rec2.htm

--
JJoe
Add Thank You Quote this message in a reply
Dec. 03, 2005, 12:03 AM
Post: #133
 
Kevin,

Yes, some knowledge of coding would be good. (tongue in cheek).

Here's the deal..... In essence, a debugger is a program that can look at code as it is loaded from the disk (or other storage medium), and display it for you in static mode. Or it can look at and display code as it is executing within the processor, all in real time. That latter mode can get real informative, if you have an idea of what to look for, hence, the erstwhile need to know something about programming in assembly language.

Debuggers can only display what's going on in hexadecimal format, and in the machine's native assembly language. (That language differs from chip maker to chip maker.) But, if you're willing to deal with things in static mode, then a decompiler will attempt to read all that code from the disk, and then make educated guesses as to how the code was generated from a source language, usually C (or a variant), BASIC, perhaps Java, or even one of the .NET modules. If you guessed that this is a much more time consuming (and expensive to buy) method, you're right, it is. But if you don't want to get down in the bowels, then it is the only way to go, plus, most of these efforts are pretty mature these days.

When I used Periscope (in the pioneer days, with an outboard monitor hooked up to a CTTY port), it was all done in one flavor - assembly, and without any comments to accompany the results. Now, as I understand it, things are a whole lot better, for those who wish to do this kind of thing. I still do (so wish), but sadly I have too many other irons in the fire, so I just don't have any time for it any more.

If you're still interested, then by all means, JJoe lists several sites that are of great benefit to both beginners and pros in this field. In addition, if you want to hone your skills, or just get a good laugh (after you start understanding what's going on), then visit The Daily WTF, a site where they break down obvious errors in programming, and from which you can learn what not to do. Pervert

Report back in 6 months, and tell us when they're gonna let you outta the booby hatch! Crazy


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Dec. 03, 2005, 12:13 AM
Post: #134
 
JJoe Wrote:The wiki and its links can explain things better than I can.

Ah, thanks! :-) I shall tinker with it a bit. :-)

Kevin
Add Thank You Quote this message in a reply
Dec. 03, 2005, 07:15 PM
Post: #135
 
peakaboo g,
Quote:are u going thru a router?
Yes, I have a router. I cannot check settings like that with this router. Anyhow, I was using the router when I tested without going thru Proxomitron and the RWIN then was 256960.

JJoe,
I'll try Privoxy.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: