asm, can you try the same and see whether this will "solve" your problem?
Matthias, when running capture with the server vs just running the client exe with option -c is the zipping of the logs dir. I am wondering whether the 7z.exe is causing your trouble. Can you try running it on the client manually to zip up the log dir? Also, what happens if you enable network capture and copying of client files on the server. Crash? Thanks for helping me to track this issue down remotely. Once I have a repro case on my end I will investigate on my end and release a patch.... Christian On Tue, Sep 23, 2008 at 5:12 PM, Matthias Luft < [EMAIL PROTECTED]> wrote: > no crash :)) > > Christian Seifert wrote: > >> can you disable the copy modified file option in your config.xml and let >> me know if it crashes? >> >> On Tue, Sep 23, 2008 at 3:40 PM, Matthias Luft < >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >> wrote: >> >> Hi, >> >> Christian Seifert wrote: >> >> Getting closer. ... >> >> sounds so ;-) >> >> >> Can you >> 1. execute on the client 'CaptureClient.exe -c', >> 2. copy a file manually from a to b using your windows explorer >> 3. on the capture client window, press q and then enter >> >> crash or no crash? >> >> no crash, logfile attached. >> >> >> Also, have you tried out installing winpcap and 2005 c++ sp1 >> redist libs? >> >> Aye, I installed both, but it still crashes. >> >> >> Also, one more question: What exact version of CaptureClient >> are you using? >> >> It's 251-384 for both catpure-server and capture-client. >> >> Thanks & Regards, >> Matthias >> >> Microsoft Windows XP [Version 5.1.2600] >> (C) Copyright 1985-2001 Microsoft Corp. >> >> C:\Documents and Settings\Administrator>cd \ >> >> C:\>cd "Program Files" >> >> C:\Program Files>cd Capture >> >> C:\Program Files\Capture>CaptureClient.exe -c >> PROJECT: Capture-HPC >> VERSION: 2.5 >> DATE: August 6, 2008 >> COPYRIGHT HOLDER: Victoria University of Wellington, NZ >> AUTHORS: >> Christian Seifert ([EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>) >> Ramon Steenson([EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>) >> >> >> Capture-HPC is free software; you can redistribute it and/or modify >> it under the terms of the GNU General Public License, V2 as >> published by >> the Free Software Foundation. >> >> Capture-HPC is distributed in the hope that it will be useful, >> but WITHOUT ANY WARRANTY; without even the implied warranty of >> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> GNU General Public License for more details. >> >> You should have received a copy of the GNU General Public License >> along with Capture-HPC; if not, write to the Free Software >> Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA >> 02110-1301,USA >> >> Option: Collecting modified files >> Starting Capture Client 2.5 >> hereLoaded plugin: Application_ClientConfigManager.dll >> inserted: added application: acrobatreader >> inserted: added application: firefox >> inserted: added application: opera >> inserted: added application: word >> inserted: added application: oowriter >> Loaded plugin: Application_InternetExplorer.dll >> inserted: added application: iexplore >> Loaded plugin: Application_InternetExplorerBulk.dll >> inserted: added application: iexplorebulk >> Loaded plugin: Application_Safari.dll >> inserted: added application: safari >> Driver already loaded: CaptureProcessMonitor >> Driver already loaded: CaptureRegistryMonitor >> Loaded filter driver: CaptureFileMonitor >> --------------------------------------------------------- >> Start capturing modified files ... >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Internet Explorer\Toolbar\Locked >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Internet >> Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} >> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >> HKCU\Software\Microsoft >> \Internet Explorer\Toolbar\Explorer\ITBarLayout >> process: created 4294967295 UNKNOWN -> C:\WINDOWS\explorer.exe 1708 >> file: Write 1284 C:\WINDOWS\explorer.exe -> -1 C:\Program >> Files\Capture\Copy of >> COPYING >> q >> Copying monitored files >> Copying file: C:\Program Files\Capture\Copy of COPYING >> ... done >> Resetting hStopEventResetting hStopEventResetting hStopEvent >> C:\Program Files\Capture> >> _______________________________________________ >> Capture-HPC mailing list >> Capture-HPC@public.honeynet.org >> <mailto:Capture-HPC@public.honeynet.org> >> https://public.honeynet.org/mailman/listinfo/capture-hpc >> >> >> >> >> -- >> ---- >> Web: >> http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert>< >> http://www.mcs.vuw.ac.nz/%7Ecseifert> >> >> PGP key >> http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt>< >> http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> >> Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Capture-HPC mailing list >> Capture-HPC@public.honeynet.org >> https://public.honeynet.org/mailman/listinfo/capture-hpc >> >> > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
