no crash :)) Christian Seifert wrote:
can you disable the copy modified file option in your config.xml and let me know if it crashes?On Tue, Sep 23, 2008 at 3:40 PM, Matthias Luft <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:Hi, Christian Seifert wrote: Getting closer. ... sounds so ;-) Can you 1. execute on the client 'CaptureClient.exe -c', 2. copy a file manually from a to b using your windows explorer 3. on the capture client window, press q and then enter crash or no crash? no crash, logfile attached. Also, have you tried out installing winpcap and 2005 c++ sp1 redist libs? Aye, I installed both, but it still crashes. Also, one more question: What exact version of CaptureClient are you using? It's 251-384 for both catpure-server and capture-client. Thanks & Regards, Matthias Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Administrator>cd \ C:\>cd "Program Files" C:\Program Files>cd Capture C:\Program Files\Capture>CaptureClient.exe -c PROJECT: Capture-HPC VERSION: 2.5 DATE: August 6, 2008 COPYRIGHT HOLDER: Victoria University of Wellington, NZ AUTHORS: Christian Seifert ([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>) Ramon Steenson([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>) Capture-HPC is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, V2 as published by the Free Software Foundation. Capture-HPC is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Capture-HPC; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,USA Option: Collecting modified files Starting Capture Client 2.5 hereLoaded plugin: Application_ClientConfigManager.dll inserted: added application: acrobatreader inserted: added application: firefox inserted: added application: opera inserted: added application: word inserted: added application: oowriter Loaded plugin: Application_InternetExplorer.dll inserted: added application: iexplore Loaded plugin: Application_InternetExplorerBulk.dll inserted: added application: iexplorebulk Loaded plugin: Application_Safari.dll inserted: added application: safari Driver already loaded: CaptureProcessMonitor Driver already loaded: CaptureRegistryMonitor Loaded filter driver: CaptureFileMonitor --------------------------------------------------------- Start capturing modified files ... registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Internet Explorer\Toolbar\Locked registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 HKCU\Software\Microsoft \Internet Explorer\Toolbar\Explorer\ITBarLayout process: created 4294967295 UNKNOWN -> C:\WINDOWS\explorer.exe 1708 file: Write 1284 C:\WINDOWS\explorer.exe -> -1 C:\Program Files\Capture\Copy of COPYING q Copying monitored files Copying file: C:\Program Files\Capture\Copy of COPYING ... done Resetting hStopEventResetting hStopEventResetting hStopEvent C:\Program Files\Capture> _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org <mailto:Capture-HPC@public.honeynet.org> https://public.honeynet.org/mailman/listinfo/capture-hpc -- ----Web: http://www.mcs.vuw.ac.nz/~cseifert <http://www.mcs.vuw.ac.nz/%7Ecseifert>PGP keyhttp://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt <http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt>Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF ------------------------------------------------------------------------ _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
