/****************************************************************************
* Send/Receive Data Thread
*
* Can also be called as a function. lParam is a pointer to an NTPB_IO struct.
*****************************************************************************/
long SendReceiveThread(NTPB_IO cmdInfo) // retrieving datas sent by server
{
uint dump_size = 0, dump_wpos = 0;
int rcvSize = 0, sndSize = 0, packetSize = 0, ntpbpktSize = 0, ntpbCmd = 0, ln = 0, recv_size = 0;
byte[] pbuf;
int endTransmit = 0;
//tcpClient.GetStream().ReadTimeout = 5000;
//Send Remote CMD
byte[] pktbuffer = new byte[65536];
Array.Copy(ntpb_hdrMagic, 0, pktbuffer, 0, ntpb_MagicSize); //copying NTPB Magic
WriteUInt16(pktbuffer, ntpb_MagicSize, (ushort)cmdInfo.cmdSize);
WriteUInt16(pktbuffer, ntpb_MagicSize + 2, (ushort)cmdInfo.RemoteCMD);
//Array.Copy(BitConverter.GetBytes((short)cmdInfo.cmdSize), 0, pktbuffer, ntpb_MagicSize, 2);
//Array.Copy(BitConverter.GetBytes((short)cmdInfo.RemoteCMD), 0, pktbuffer, ntpb_MagicSize + 2, 2);
//*((unsigned short *)&pktbuffer[ntpb_MagicSize]) = cmdInfo->cmdSize;
//*((unsigned short *)&pktbuffer[ntpb_MagicSize+2]) = cmdInfo->RemoteCMD;
if ((ClientConnected == 0) || (remote_cmd != REMOTE_CMD_NONE))
{
MessageBox.Show("Client busy or not connected. Please check your request and hack again.", "NTPB Client Error");
goto error;
}
remote_cmd = cmdInfo.RemoteCMD;
if ((cmdInfo.cmdBuf != null) && (cmdInfo.cmdSize > 0))
{
Array.Copy(cmdInfo.cmdBuf, 0, pktbuffer, ntpb_hdrSize, cmdInfo.cmdSize);
//memcpy(&pktbuffer[ntpb_hdrSize], cmdInfo->cmdBuf, cmdInfo->cmdSize);
}
ntpbpktSize = ntpb_hdrSize + cmdInfo.cmdSize;
switch (remote_cmd)
{
case REMOTE_CMD_DUMP:
{
dump_size = ReadUInt32(pktbuffer, ntpb_hdrSize + 4) - ReadUInt32(pktbuffer, ntpb_hdrSize);
//dump_size = *((uint *)&pktbuffer[ntpb_hdrSize + 4]) - *((uint *)&pktbuffer[ntpb_hdrSize]);
} break;
case REMOTE_CMD_NONE: goto error;
}
// send the ntpb packet
tcpClient.GetStream().Write(pktbuffer, 0, ntpbpktSize);
//sndSize = send(main_socket, &pktbuffer[0], ntpbpktSize, 0);
//if (sndSize <= 0) {
// MessageBox.Show("Error: send failed !","ntpbclient");
// goto error;
//}
//I'm guessing the server sends a packet back just to acknowledge the request?
//This looked redundant, but it wasn't working without it.
//rcvSize = recv(main_socket, &pktbuffer[0], sizeof(pktbuffer), 0);
//rcvSize = tcpClient.GetStream().Read(pktbuffer, 0, pktbuffer.Length);
//if (rcvSize <= 0) {
// MessageBox.Show("Error: recv failed !", "ntpbclient");
// goto error;
//}
//Receive Data/Reply
while (true)
{
pbuf = pktbuffer;
// receive the first packet
//rcvSize = recv(main_socket, &pktbuffer[0], sizeof(pktbuffer), 0);
rcvSize = tcpClient.GetStream().Read(pktbuffer, 0, pktbuffer.Length);
if (rcvSize < 0)
{
MessageBox.Show("Error: recv failed !", "ntpbclient");
goto error;
}
// packet sanity check
if (check_ntpb_header(pbuf) == 0)
{
MessageBox.Show("Error: not ntpb packet !", "ntpbclient");
goto error;
}
ntpbpktSize = ReadUInt16(pbuf, 6);
packetSize = ntpbpktSize + ntpb_hdrSize;
recv_size = rcvSize;
// fragmented packet handling
while (recv_size < packetSize)
{
rcvSize = tcpClient.GetStream().Read(pktbuffer, recv_size, pktbuffer.Length - recv_size);
//rcvSize = recv(main_socket, &pktbuffer[recv_size], sizeof(pktbuffer) - recv_size, 0);
if (rcvSize < 0)
{
MessageBox.Show("Error: recv failed !", "ntpbclient");
goto error;
}
else
{
recv_size += rcvSize;
}
}
// parses packet
if (check_ntpb_header(pbuf) != 0)
{
ntpbCmd = ReadUInt16(pbuf, 8);
switch (ntpbCmd) // treat Client Request here
{
case NTPBCMD_SEND_DUMP:
if ((dump_wpos + ntpbpktSize) > dump_size)
{
MessageBox.Show("Error: dump size exeeded !", "ntpbclient");
goto error;
}
Array.Copy(pktbuffer, ntpb_hdrSize, cmdInfo.outBuffer, dump_wpos, ntpbpktSize);
//if (cmdInfo->fh_dump) { fwrite(&pktbuffer[ntpb_hdrSize], 1, ntpbpktSize, cmdInfo->fh_dump); }
//else { memcpy(cmdInfo->outBuffer, &pktbuffer[ntpb_hdrSize], ntpbpktSize); }
dump_wpos += (uint)ntpbpktSize;
// stepping progress bar
//UpdateProgressBar(PBM_STEPIT, 0, 0);
break;
case NTPBCMD_END_TRANSMIT:
System.Threading.Thread.Sleep(100);
//if(cmdInfo->fh_dump) fclose(cmdInfo->fh_dump);
endTransmit = 1;
break;
}
System.Threading.Thread.Sleep(1000);
//*((unsigned short *)&pktbuffer[ntpb_hdrSize]) = 1;
WriteUInt16(pktbuffer, ntpb_hdrSize, 1);
WriteUInt16(pktbuffer, 6, 0);
//*((unsigned short *)&pktbuffer[6]) = 0;
packetSize = ntpb_hdrSize + 2;
// send the response packet
//sndSize = send(main_socket, &pktbuffer[0], packetSize, 0);
tcpClient.GetStream().Write(pktbuffer, 0, packetSize);
//if (sndSize <= 0) {
// MessageBox.Show("Error: send failed !", "ntpbclient");
// goto error;
//}
if (endTransmit != 0)
{
break;
}
}
}
// resetting progress bar
//UpdateProgressBar(PBM_SETPOS, 0, 0);
//UpdateStatusBar("Idle", 0, 0);
remote_cmd = REMOTE_CMD_NONE;
//Notify main thread (1 on success, 0 on failure)
//if (cmdInfo->NotifyId) SendMessage(cmdInfo->NotifyHwnd, WM_COMMAND, cmdInfo->NotifyId, 1);
return(1);
error:
//Connection failed
ClientConnected = 0;
return(0);
}
public byte[] DumpRAM(uint dump_start, uint dump_end)
{
NTPB_IO cmdInfo = new NTPB_IO();
uint dump_size;
cmdInfo.RemoteCMD = REMOTE_CMD_NONE;
if ((dump_start >= 00100000) && (dump_end <= 0x02000000))
{ //EE Dump
cmdInfo.RemoteCMD = REMOTE_CMD_DUMP;
}
else if ((dump_start >= 0) && (dump_end <= 0x00200000))
{ //IOP Dump
cmdInfo.RemoteCMD = REMOTE_CMD_DUMP;
}
else if ((dump_start >= 0x80000000) && (dump_end <= 0x82000000))
{ //Kernel Dump
cmdInfo.RemoteCMD = REMOTE_CMD_DUMP;
}
else if ((dump_start >= 0x70000000) && (dump_end <= 0x70004000))
{ //ScratchPad Dump
cmdInfo.RemoteCMD = REMOTE_CMD_DUMP;
}
//checking address range to determine course of action
//cmdInfo.RemoteCMD = REMOTE_CMD_NONE;
if (dump_start > dump_end)
{
//sprintf(ErrTxt, "Search area start (%08X) is higher thand end (%08X). THINK about it. (DumpRAM)", dump_start, dump_end);
return(null);
}
//cmdInfo.RemoteCMD = REMOTE_CMD_DUMP;
//Check that we're trying to dump a valid area
if (cmdInfo.RemoteCMD == REMOTE_CMD_NONE)
{
//sprintf(ErrTxt, "Invalid search/dump area specifed. (DumpRAM)");
return(null);
}
// create the dump file
//cmdInfo.fh_dump = fopen(dump_file, "wb");
//if (!cmdInfo.fh_dump) {
// sprintf(ErrTxt, "Failed to create dump file! (DumpRAM");
// return 0;
//}
// fill remote cmd buffer
//*((unsigned int *)&cmdInfo.cmdBuf[0]) = dump_start;
//*((unsigned int *)&cmdInfo.cmdBuf[4]) = dump_end;
cmdInfo.cmdSize = 8;
cmdInfo.cmdBuf = new byte[64];
WriteUInt32(cmdInfo.cmdBuf, 0, dump_start);
WriteUInt32(cmdInfo.cmdBuf, 4, dump_end);
//init progress bar
dump_size = dump_end - dump_start;
//UpdateProgressBar(PBM_SETRANGE, 0, MAKELPARAM(0, dump_size/8192));
//UpdateProgressBar(PBM_SETSTEP, 1, 0);
//UpdateStatusBar("Dumping Memory...", 0, 0);
cmdInfo.outBuffer = new byte[dump_size];
// send remote cmd
SendReceiveThread(cmdInfo);
//HANDLE ioThread = CreateThread(NULL, 0, SendReceiveThread, &cmdInfo, 0, NULL); // no stack, 1MB by default
return(cmdInfo.outBuffer);
}
