Henrik wrote: > Arno, >> Can you rule out that an application that has set a global hook is >> actually working correctly? i.e. RealVNC server injects a wm_hook.dll >> into each process space, if such interception was buggy one can >> imagine that it would hurt, ICS may be hit especially since TWSocket >> is being notified about socket events by window messages. View the >> DLLs linked to a process with ProcessExplorer: > http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExp > lorer.mspx > > I've downloaded the application above but I don't know how too > proceed. > What am I looking for and how do I do to get that information in > ProcessExplorer?
At first, my above question has a typo, it should read "Can you rule out that an application that has set a global hook is not working correctly?" Ok, start Wilfried's test app., in ProcessExplorer click on the ICS test application, the listview at the bottom will either list linked DLLs or handles, toggle the view to display DLLs. Take a closer look at any DLL that's not from Microsoft, for instance if Sygate personal firewall was running you would find a SSSensor.dll from Sygate Technologies, this is an injected DLL. Try to find it's parent application or service and stop it unless you think that test program's process space is clean (you need to restart the test application to make changes visible). > >> It also may help to see a packet dump logged with Ethereal. > It's a packet logger/analizer, it shows you exactly any byte that passes your nic. I would set a capture filter like "port 25 or port 53" to only get traffic on ports 25 and 53 logged. Start the capture and run the ICS test app. unless the error happens, close the test app., the stop the capture and save the log as Ethereal/tcpdump(*.cap,*.pcap), file format libpcap to a file, upload the log somewhere and post the link here. --- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
