O meni:

Sem še relativno mlad (v '30 letih) inženir informatike iz Ljubljane. Teme, ki me najbolj zanimajo: dogodki po svetu (novice, politika), zgodovina, znanost (sploh vesolje)

Kako shekati tcpip.sys drajver v Windows XP

No in pa še ena malo bolj hard-core objava (v smislu hard-core računalniških reči), v tej pa bom opisal, kako sem že kar nekaj cajta nazaj uspel shekati svoj “tcpip.sys” drajver (to pa sem naredil zaradi “TCP/IP has reached the security limit…” opozoril v Event Viewer-ju; glej tudi spodaj), kar sem vse na dolgo in široko opisal v “On patching the Win XP SP2’s “tcpip.sys” driver …“: http://episteme.arstechnica.com/…/172002228731 topic-u, ki sem ga kot rečeno o tem odprl na mojem priljubljenem “Ars OpenForum” forumu. Tam opišem vse detajle, npr., da moraš iti na offset “4F322” hex (ali decimalno “324386”) in vrednost “0A 00 00 00” spremeniti v “00 00 0A 00“, pri čemer v mojem hex-editor programu (glej spodaj za link) za prvi dve cifri samo izbereš “Reset Selection” (da se “0A” spremeni v “00“), pri zadnjih dveh cifrah pa moraš paziti, da kot prvo zbrišeš vrednost in jo potem prepišeš ali s “Paste / Writeover”, ali s “Paste external text” (in to ne z možnostjo “As Is” ampak “As Hex”), seveda, če imaš takrat hex vrednost “0A” v (mislim da v programovem in ne Windows-ovem) clipboard-u.

Ja, stvar je namreč v tem, da so se pri MS-ju v omenjeni drajver od Windows SP2 (ali “Service Pack 2”) odločili dodati t.i. “security limit”, ki določa/omejuje koliko “HTTP connection endpoints” je lahko uporabljanih (oz. HTTP konekšnov vzpostavljenih) naenkrat, česar pa ne marajo p2p (naprimer moj Soulseek) in torrent programi.

Yesterday I finally patched the “tcpip.sys” driver with the help of Hexplorer hex-editor; here are the three links: http://www.icy.prv.pl, http://artemis.wszib.edu.pl/~mdudek, http://hexplorer.sourceforge.net (not sure which one is the right one at the moment)

It is all really simple. All you need to do is open the file in a hex-editor, go to offset 4F322 hex (decimal 324386), and change 0A 00 00 00 to 00 00 0A 00. I guess there is no need to note this for you IT gurus, but I will do it anyway: be careful how you do this, i.e. in the hex-editor linked above, for the first value it’s really straight-forward, i.e. you just need to choose “Reset Selection” menu-item (so that “0A” will be changed to “00”), and for the third value, you need to first delete an old value and then paste a new one by choosing the “Paste / Writeover” or “Paste external text”, but not “As Is” but “As Hex” (i.e. if you have “0A” on your clipboard); if you need further and more complete instructions, plese see this article here: http://www.speedguide.net/read_articles.php?id=1497

In the end, when you compare the patched and original/un-patched version of the “tcpip.sys” driver, note that there must be only one single difference between them. Well, actually there are two values that are different, but my file-manager’s “File Compare” utility sees any number of differences in a single line as a single difference.

P.S., I am just reporting how everything went in my case, since the repective TCP/IP has reached the security limit… was already closed/archived, and well, since I’ve already written this post in advance (and I also don’t want that this experience would go into the “oblivion” by not posing about it)

shirker

Moram pa posebej poudariti, da sem to zanalašč naredil na daljši oz. bolj zapleten način (torej z uporabo hex-editor programa), pač, ker poleg tega, da bolj zaupam sebi in hex-editorju, kot nekemu X programu (napisanem pd bogsigavedi koga), sem preprosto hotel “v živo” videti in sam preiskusiti, kako se tako stvar sploh izpelje. Vam pa priporočam (seveda, če se boste sploh lotili tega), da namesto hex-editorja raje uporabite kakšnega od mnogih “patch programov”; en tak je npr. na voljo na eni od strani linkani v postu “quotanem” zgoraj.

/DODATEK: Danes, štiri dni po objavljenju te objave pa dodajam še kar celoten tekst tistega opozorila iz Event Viewer-ja. Še posebno pomembni so Event Type: “Warning“, Event Source: “Tcpip“, Event Category: “None“, Event ID: “4226” in pa seveda zadnja vrstica Description: “TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.“, ki je tudi daleč najbolj pomembna.

Event Type:       Warning
Event Source:    Tcpip
Event Category: None
Event ID:           4226
Date:                 5.6.2005
Time:                 0:45:51
User:                 N/A
Computer:         TADEJ
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00   ……T.
0008: 00 00 00 00 82 10 00 80   ….‚..€
0010: 01 00 00 00 00 00 00 00   ……..
0018: 00 00 00 00 00 00 00 00   ……..
0020: 00 00 00 00 00 00 00 00   ……..

Naj pa povem še to, da je v temle postu uporabnik z nickom PeterB (on je eden izmed najbolj recimo temu spoštovanih Arsian-ov) napisal, citiram: “Finally, shirker making a change to his system that is actually wortwhile!“, torej kot vidite on celo “brani” mojo odločitev o hekanju omenjenegas drajverja.

P.S. – Aja in pa še tole: pod kategorijo “Osebno” pa sem to objavo objavil zato, ker v njej tudi najavljam (prav tule), da imam danes rojstni dan, star pa sem 27 let, no, bom ob deset do polnoči. Poleg tega pa, da imam svoj rojstni dan že itak (torej vsako leto) na recimo temu “magični” dan trinajstega julija (dve magični/pravljični številki: 13 in 7), je to leto spet padel ravno na petek; skratka na petek trinajstega, heh.

Pozdrave, Tadej

Advertisements

2 komentarja on “Kako shekati tcpip.sys drajver v Windows XP”

  1. tadej pravi:

    Well, that website of yours that you linked is a typical “MFA” website (with no actual/original content etc.), not to mention all the keyword stuffing and so on. And also, I speculate that this comment of yours was submitted/posted through a bot. So uhmm, fuck you man!!

    Tadej

  2. tadej pravi:

    Aha in pa glej tudi tole čisto novo diskusijo, kjer pišem o tem, da sem z xp-AntiSpy programom ugotovil par novih zanimivih reči!!

    Tadej


Oddajte komentar

Fill in your details below or click an icon to log in:

WordPress.com Logo

Komentirate prijavljeni s svojim WordPress.com računom. Odjava / Spremeni )

Twitter picture

Komentirate prijavljeni s svojim Twitter računom. Odjava / Spremeni )

Facebook photo

Komentirate prijavljeni s svojim Facebook računom. Odjava / Spremeni )

Google+ photo

Komentirate prijavljeni s svojim Google+ računom. Odjava / Spremeni )

Connecting to %s