The Un-Official Proxomitron Forum
Proxomitron reduces RWIN to 32768 - Printable Version

+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: Proxomitron Program (/forumdisplay.php?fid=4)
+--- Thread: Proxomitron reduces RWIN to 32768 (/showthread.php?tid=641)

Pages: 1 2 3 4 5 6 7 8 9 10 11

- Tony Tough - Nov. 30, 2005 03:56 PM

Hello,

I haven't followed this thread for a while, but I can say that the byte change from 04 to 00
finally solved the problem and the correct RWIN is used now.

Thanks to all.

- Siamesecat - Dec. 01, 2005 06:34 AM

Quote:Is Proxomitron using another Proxy?

Are you sure the exe you hacked is the one you are using?

Use the patch at rapidshare to hack an original exe and see if that's ok.
No, no other proxy is being used.
Yes, the one I am using is the one which had the byte altered.
I patched an original copy unarchived from the zip file with the patch N45jrwin.exe and it made no difference. The RWIN is still 32768. Only without Prox does it go to 256960.

- JJoe - Dec. 01, 2005 03:33 PM

Siamesecat Wrote:No, no other proxy is being used.
Yes, the one I am using is the one which had the byte altered.
I patched an original copy unarchived from the zip file with the patch N45jrwin.exe and it made no difference. The RWIN is still 32768. Only without Prox does it go to 256960.
Hmm....
So the only difference between a speedguide test with Proxomitron and without is RWIN?
If you have Proxomitron in bypass or use another proxy instead of Proxomitron, then what?
Have you tried it with IE and another browser?
Which OS are you using.

Maybe there is a second setting for proxies in the OS or elsewhere but I've not read of that.
As far a Proxomitron goes, I don't see another 32768 that looks like RWIN.

Hmmm...
What happens if you change
00 80 00 00 6a 04
to
00 40 00 00 6a 04
??

--
JJoe

- laighleas - Dec. 01, 2005 11:45 PM

Ah, that's it. Edited it, and now no more problems. :-)

Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

Kevin

- JJoe - Dec. 02, 2005 12:56 AM

laighleas Wrote:Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

One potato, two potato, .... ;-)

http://en.wikipedia.org/wiki/Decompiler
http://en.wikipedia.org/wiki/Debugger

--
JJoe

- Oddysey - Dec. 02, 2005 12:59 AM

laighleas;
Quote:Ah, that's it. Edited it, and now no more problems. :-)

Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

Kevin
Ah, that is the great secret, grasshopper! Microphone When you have learned how to use a run-time debugger, only then will you be ready to leave the temple. Popcorn Santa Claus Cool Cheers


Oddysey

- Siamesecat - Dec. 02, 2005 08:23 AM

Quote:If you have Proxomitron in bypass or use another proxy instead of Proxomitron, then what?
Have you tried it with IE and another browser?
Which OS are you using.

What happens if you change
00 80 00 00 6a 04
to
00 40 00 00 6a 04
I have no other proxy to use instead of Proxomitron. Bypass mode made no difference to the RWIN. I tried testing with Firefox (my usual browser) and IE, with no difference in results. I am using Windows XP Home SP 2.
I tried changing 8000006A00 to C000006A04 and then to 4000006A04 with no change in results. I even cleared the Prefetch out before making the first change - to C000006A04 - but it made no difference. Interestingly, the SpeedGuide also indicates that MTU Discovery is off, though I set it to "yes" with TCP Optimizer.

- peakaboo g - Dec. 02, 2005 02:50 PM

Siamesecat,

are u going thru a router?

if so ck those settings

- JJoe - Dec. 02, 2005 03:34 PM

Siamesecat Wrote:I have no other proxy to use instead of Proxomitron. Bypass mode made no difference to the RWIN. I tried testing with Firefox (my usual browser) and IE, with no difference in results. I am using Windows XP Home SP 2.
I tried changing 8000006A00 to C000006A04 and then to 4000006A04 with no change in results. I even cleared the Prefetch out before making the first change - to C000006A04 - but it made no difference. Interestingly, the SpeedGuide also indicates that MTU Discovery is off, though I set it to "yes" with TCP Optimizer.

I have a router that likes to pick its own settings but it uses the same settings proxy or no proxy.
Might be the adapter but ...

First, lets see if we can rule out Proxomitron.
Privoxy nor BFilter is suppose to have this problem.
http://www.privoxy.org/
http://bfilter.sourceforge.net/
Use Privoxy or BFilter instead of Proxomitron and see if you get 32768.

--
JJoe

- laighleas - Dec. 02, 2005 04:58 PM

JJoe Wrote:
laighleas Wrote:Out of curiosity, how the devil do you find out which bit to edit? Assuming someone doesn't tell you, but then how do they know? Because the stuff in the hex editor looks like gibberish to me! :-)

One potato, two potato, .... ;-)

http://en.wikipedia.org/wiki/Decompiler
http://en.wikipedia.org/wiki/Debugger

Ah! Now out of curiosity, does it make any difference which language was used to write the program? What's the output of the decompiler or debugger in?

Bear in mind I know nowt about this side of computing. Furthest I've gone so far is the registry and (under DOS, years back) manually editing boot sectors when they'd been buggered.

Kevin

- laighleas - Dec. 02, 2005 05:00 PM

Oddysey Wrote:Ah, that is the great secret, grasshopper! Microphone When you have learned how to use a run-time debugger, only then will you be ready to leave the temple. Popcorn Santa Claus Cool Cheers

:-) I take it learning something about programming might also be useful?! :-)

So which runtime debugger>

Kevin

- JJoe - Dec. 02, 2005 11:35 PM

laighleas Wrote:
JJoe Wrote:http://en.wikipedia.org/wiki/Decompiler
http://en.wikipedia.org/wiki/Debugger
Ah! Now out of curiosity, does it make any difference which language was used to write the program? What's the output of the decompiler or debugger in?
Hi Kevin,

The wiki and its links can explain things better than I can.
http://www.itee.uq.edu.au/~cristina/dcc.html
http://www.itee.uq.edu.au/~csmweb/decompilation/possible.html
http://www.itee.uq.edu.au/~csmweb/decompilation/ethics.html
http://www.debugmode.com/dcompile/

The language used to write the program and many other things can get in the way.
Decompiler output may not be in the language of the original program but that may not matter.
In this case, I'd guess the original patch's author searched for 32768 and then recognized the code.

Download a couple of programs and take a look.
http://www.ollydbg.de/ looks good.
http://www.backerstreet.com/rec/rec.htm has some problems regarding C++ and crashing Win98.
The sites are informative regardless.
http://www.backerstreet.com/rec/rec2.htm

--
JJoe

- Oddysey - Dec. 03, 2005 12:03 AM

Kevin,

Yes, some knowledge of coding would be good. (tongue in cheek).

Here's the deal..... In essence, a debugger is a program that can look at code as it is loaded from the disk (or other storage medium), and display it for you in static mode. Or it can look at and display code as it is executing within the processor, all in real time. That latter mode can get real informative, if you have an idea of what to look for, hence, the erstwhile need to know something about programming in assembly language.

Debuggers can only display what's going on in hexadecimal format, and in the machine's native assembly language. (That language differs from chip maker to chip maker.) But, if you're willing to deal with things in static mode, then a decompiler will attempt to read all that code from the disk, and then make educated guesses as to how the code was generated from a source language, usually C (or a variant), BASIC, perhaps Java, or even one of the .NET modules. If you guessed that this is a much more time consuming (and expensive to buy) method, you're right, it is. But if you don't want to get down in the bowels, then it is the only way to go, plus, most of these efforts are pretty mature these days.

When I used Periscope (in the pioneer days, with an outboard monitor hooked up to a CTTY port), it was all done in one flavor - assembly, and without any comments to accompany the results. Now, as I understand it, things are a whole lot better, for those who wish to do this kind of thing. I still do (so wish), but sadly I have too many other irons in the fire, so I just don't have any time for it any more.

If you're still interested, then by all means, JJoe lists several sites that are of great benefit to both beginners and pros in this field. In addition, if you want to hone your skills, or just get a good laugh (after you start understanding what's going on), then visit The Daily WTF, a site where they break down obvious errors in programming, and from which you can learn what not to do. Pervert

Report back in 6 months, and tell us when they're gonna let you outta the booby hatch! Crazy


Oddysey

- laighleas - Dec. 03, 2005 12:13 AM

JJoe Wrote:The wiki and its links can explain things better than I can.

Ah, thanks! :-) I shall tinker with it a bit. :-)

Kevin

- Siamesecat - Dec. 03, 2005 07:15 PM

peakaboo g,
Quote:are u going thru a router?
Yes, I have a router. I cannot check settings like that with this router. Anyhow, I was using the router when I tested without going thru Proxomitron and the RWIN then was 256960.

JJoe,
I'll try Privoxy.