I'm hooking a WSAsend function and dumping the packets. ASCII dump works but HEX dump sometimes shows things like you can see on the screen (the FFFFFFDD), any idea why?
code:
int WINAPI myWSASend(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesSent, DWORD dwFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
{
//Packet Log
if (bLogPacketS == TRUE)
{
for (unsigned int i = 0; i < lpBuffers->len; i = i + 8)
{
printf("%02X %02X %02X %02X %02X %02X %02X %02X\t\t%c %c %c %c %c %c %c %c\n",
(unsigned int)lpBuffers->buf[i], (unsigned int)lpBuffers->buf[i+1], (unsigned int)lpBuffers->buf[i+2],
(unsigned int)lpBuffers->buf[i+3], (unsigned int)lpBuffers->buf[i+4], (unsigned int)lpBuffers->buf[i+5],
(unsigned int)lpBuffers->buf[i+6], (unsigned int)lpBuffers->buf[i+7],
(drawable((unsigned int)lpBuffers->buf[i])) ? (unsigned int)lpBuffers->buf[i] : '.',
(drawable((unsigned int)lpBuffers->buf[i+1])) ? (unsigned int)lpBuffers->buf[i+1] : '.',
(drawable((unsigned int)lpBuffers->buf[i+2])) ? (unsigned int)lpBuffers->buf[i+2] : '.',
(drawable((unsigned int)lpBuffers->buf[i+3])) ? (unsigned int)lpBuffers->buf[i+3] : '.',
(drawable((unsigned int)lpBuffers->buf[i+4])) ? (unsigned int)lpBuffers->buf[i+4] : '.',
(drawable((unsigned int)lpBuffers->buf[i+5])) ? (unsigned int)lpBuffers->buf[i+5] : '.',
(drawable((unsigned int)lpBuffers->buf[i+6])) ? (unsigned int)lpBuffers->buf[i+6] : '.',
(drawable((unsigned int)lpBuffers->buf[i+7])) ? (unsigned int)lpBuffers->buf[i+7] : '.');
}
printf("\n\n");
}
return (oWSASend)(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
}
bool drawable(unsigned int value)
{
if (value > 32 && value < 127)
return true;
else
return false;
}
You're casting to the wrong type.
You only want to change signedness, but you're expanding each byte to a four-byte word as well. In the presence of signed-to-unsigned conversion (and the resulting negative-value wraparound), this is resulting in a monstrously high value.
Each "element" of lpBuffers->buf[i]
is a char
, but you're casting to unsigned int
. If your char
is signed on your system then 0xDD
is off the top of the type's range, so it wraps around to -35
. Then casting it to unsigned int
results in 0xFFFFFFDD
.
The printf
specifier %02X
won't truncate this.
Presumably you wish to interpret all the bytes as unsigned
, to get the full 0x00
→0xFF
range. Personally I'd convert to unsigned char
(instead of unsigned int
), for which the value of 0xDD
is 221
.
In the code below I've also made a safety adjustment to your loop condition.
for (unsigned int i = 0; i < lpBuffers->len-8; i = i + 8)
// ^^
{
printf(
"%02X %02X %02X %02X %02X %02X %02X %02X"
"\t\t%c %c %c %c %c %c %c %c\n",
static_cast<unsigned char>(lpBuffers->buf[i]),
static_cast<unsigned char>(lpBuffers->buf[i+1]),
static_cast<unsigned char>(lpBuffers->buf[i+2]),
static_cast<unsigned char>(lpBuffers->buf[i+3]),
static_cast<unsigned char>(lpBuffers->buf[i+4]),
static_cast<unsigned char>(lpBuffers->buf[i+5]),
static_cast<unsigned char>(lpBuffers->buf[i+6]),
static_cast<unsigned char>(lpBuffers->buf[i+7]),
(drawable(lpBuffers->buf[i])) ? static_cast<unsigned char>(lpBuffers->buf[i]) : '.',
(drawable(lpBuffers->buf[i+1])) ? static_cast<unsigned char>(lpBuffers->buf[i+1]) : '.',
(drawable(lpBuffers->buf[i+2])) ? static_cast<unsigned char>(lpBuffers->buf[i+2]) : '.',
(drawable(lpBuffers->buf[i+3])) ? static_cast<unsigned char>(lpBuffers->buf[i+3]) : '.',
(drawable(lpBuffers->buf[i+4])) ? static_cast<unsigned char>(lpBuffers->buf[i+4]) : '.',
(drawable(lpBuffers->buf[i+5])) ? static_cast<unsigned char>(lpBuffers->buf[i+5]) : '.',
(drawable(lpBuffers->buf[i+6])) ? static_cast<unsigned char>(lpBuffers->buf[i+6]) : '.',
(drawable(lpBuffers->buf[i+7])) ? static_cast<unsigned char>(lpBuffers->buf[i+7]) : '.'
);
}