30 June 2003

Share

So very, very stressed

Well, it looks like our offer on the house has been accepted, but now we have to go through the stressful organizing the money thing. Because this was quite unplanned, we don’t have preapproval for anything, so now we need to rush.

And people keep not returning my calls.

Share

29 June 2003

Share

usblogdump

Well, my first bug report today. I’ve whipped up a fix I think should work, and it’s online on the usblogdump page now. The problem was that the fellow had an unknown URB, and the code didn’t abort, it just went off into the sun set…

Housing

Argh! I drove past a friend’s house yesterday to borrow a multimeter, and saw that their front neighbour’s house is for sale (they live in a battle axe block). This is of interest because it would be cool to live near them (free child care?), its a bigger house the growing kids would fit better in, and because last time that house was on the market it got us looking at buying our first home. We couldn’t afford that house then, but we should be able to now.

Not sure what will happen, we’ll just have to wait and see. I’m taking Catherine and the kids through it today.

Share

28 June 2003

Share

In the words of the annoucement email:

    To:  linux-usb-devel@lists.sourceforge.net
    cc:  linux-kernel@vger.kernel.org
    Subject: [Announce] Linux command line Snoopy Pro logfile dumper
    
    I had two maths exams last week. This of course means that I had to find
    something to distract me. That thing was whipping up a SnoopyPro logfile
    dumper for the command line. This was motivated by generalised frustration
    with the SnoopyPro user interface.
    
    For those wondering, SnoopyPro is a Source Force hosted USB traffic dumper
    for Windows. It's useful when reverse engineering USB device drivers.
    
    This version of the dumper only implements the URB types which I
    immediately needed. Adding additional URBs isn't hard, but I didn't have
    any samples. Feel free to mail me usblogs, and I'll add them to the
    decoder.
    
    The only really cool feature in this version is that it implements
    "repeated URB sequence suppression", so if the Windows driver says to the
    USB device "hey, you still there" every second for 60 seconds, and there
    is no other traffic between the machine and that device, then the output
    will only show one of those interactions, and let you know it hid 59 more.
    This feature can be turned on and off with the -r command line option.
    
    You can get the GPL'ed CVS version of the source code from:
    http://www.stillhq.com/extracted/usblogdump.tgz
    
    There is sample output et cetera at:
    http://www.stillhq.com/cgi-bin/getpage?area=usblogdump
    
    The next step is to modify the display of the URBs so that they're closer
    to the Linux data structures.
    
    Cheers,
    Mikal
    
    --
    
    Michael Still (mikal@stillhq.com) | Stage 1: Steal underpants
    http://www.stillhq.com            | Stage 2: ????
    UTC + 10                          | Stage 3: Profit
    
Share

24 June 2003

Share

Stats exam
Well, I had my stats exam, and let’s just say I hope to pass the unit.

SnoopyPro log dumper

My SnoopyPro log dumper is finished (or at least the bits I need for ICM 532 work). You can find the dumper online and as a tarball. This input currently gives this text output — beware, those files are a little big.

I’ll announce it more formally soon, and see who yells for features. The current storage format is also so inefficient that I am tempted to come up with a new file format…

Are all secondary students this dumb?

My mother in law came over quite upset last night — she thought she might have found some plagarism in year 12 student’s work. Within about 30 minutes with google, I had prooven at least five of these people (out of about 40) had plagarised. How can you be that stupid? In year 12?!?

Some talk of automating the googling for this sort of thing. I will think about this some more when I have more time, and it sounds like a good excuse to have a play with the relatively recent google SOAP interface.

One more exam to go

Assuming I pass everything, the next exam on Thursday should be my last ever (unless I go and do another degree by coursework, which I think is unlikely at this stage). I really should study for it now…

Share

21 June 2003

Share

SnoopyPro logfile dumper has stalled — I am theoretically studying for my statistics exam at the moment. It’s very hard to motivate myself though. I’m hoping excess quantities of coffee will help.

Tandy Tuggeranong is closing down. I’m amazed it took that long for people to work out they were being ripped off.

Share

19 June 2003

Share

SnoopyPro logfile dumper progresses. The format is quite inefficient — some data is stored up to three times. A sample of what I have so far:

      Value might be a short: (short) 1970 [2 bytes]
    Number of packets: 1970
    1970 URB pointers skipped
      Value might be a short: (short) 65535 [2 bytes]
      Value might be an integer: (int) 17147967 [4 bytes]
    Plugin timestamp: 17147967
      Value might be a short: (short) 1 [2 bytes]
    Timestamp is relative (1 == true): 1
    
    -----------------------------------------------
    URB 0 starts at 7890 within file
    
    Sequence: (unsigned short) 1 [2 bytes]
      Length might be a short: (short) 4 [2 bytes]
    SnoopyPro URB object name: CURB
    Unknown: (int) 1 [4 bytes]
    
    Function: GET_DESCRIPTOR_FROM_DEVICE (0x000b)
    Time relative to start of dump: 10
      Value might be a short: (short) 0 [2 bytes]
    Endpoint: 0
    Pipe handle: 0x00000000
    Flags: (unsigned int) 4 [4 bytes]
    Status: (int) 0 [4 bytes]
    Link: (unsigned int) 0 [4 bytes]
    
    Length: (unsigned int) 96 [4 bytes]
    Direction (0 to, 1 from): (int) 0 [4 bytes]
    Sequence number: (unsigned int) 1 [4 bytes]
    Timestamp: (unsigned int) 17147977 [4 bytes]
    
    URB header:
    Length: (unsigned short) 80 [2 bytes]
    Function: (unsigned short) 11 [2 bytes]
    Status: (unsigned int) 0 [4 bytes]
    Skipped device handle pointer
    Flags: (unsigned int) 34 [4 bytes]
    
    -----------------------------------------------
    URB 1 starts at 7964 within file
    
    Sequence: (unsigned short) 1 [2 bytes]
      Length might be a short: (short) 20 [2 bytes]
    SnoopyPro URB object name: CURB_ControlTransfer
    Unknown: (int) 1 [4 bytes]
    
    Function: CONTROL_TRANSFER (0x0008)
    Time relative to start of dump: 10
      Value might be a short: (short) 0 [2 bytes]
    Endpoint: 0
    Pipe handle: 0x82af53d8
    Flags: (unsigned int) 6 [4 bytes]
    Status: (int) 0 [4 bytes]
    Link: (unsigned int) 0 [4 bytes]
    

…And so on…

Share

17 June 2003

Share

Because I have two maths exams next week, I spent some time working on a command line dumper for SnoopyPro log files (SnoopyPro is used to dump the USB traffic between a device and it’s driver on a Windows machine, and is very useful for reverse engineering).

This happened because I have three USB dumps of interest, but not the tools to be able to correlate them conveniently. SnoopyPro does XML export, but it is evil.

I should one day study for those exams.

Share