DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabilit

Discussion in 'Port Explorer' started by Wayne - DiamondCS, Jun 17, 2003.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    We've just released a new utility for Port Explorer and it's available free to all licensed Port Explorer users! Simply log into the Members Area at http://www.diamondcs.com.au/portexplorer/ and you'll see the download link near the bottom in the Members Only Downloads section :)


    From the readme ...

    => What is DiamondCS SLoader?
    ----------
    DiamondCS Loader is a small tool that starts a process in a
    suspended state (the program is loaded into memory as a process,
    but isn't actually started). After creating the process, SLoader
    displays a message informing you of the new process ID (PID).
    This PID can then be used by a program such as DiamondCS Port
    Explorer to monitor that process. Pressing the OK button on the
    PID message is all it takes to then start the created process.


    => Usage
    ----------
    sloader.exe <target>
    Example: sloader.exe d:\winnt\system32\calc.exe


    => Using SLoader with Port Explorer's Socket Spy (load and watch)
    ----------
    1. Use SLoader.exe to start the process you want to spy on.
    2. SLoader will tell you the PID of the created process, add this
    to the Socket Spy list.
    3. Return to the SLoader PID message, and press the OK button to
    start the created process.
    That's all. Port Explorer will now be capturing all packets sent
    and received from the created process.


    => Normal process creation, no debug APIs used
    ===
    No debug APIs are used so it isn't susceptible to anti-debug
    or anti-disassembly tricks (if you can run the process on your
    system, so can DiamondCS SLoader). Consequently, it is also
    immune to the IsDebuggerPresent() API call which is a common
    method of debugger detection.

    Enjoy!
     
  2. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    great idea.
    i thought it should have been rather easy to code something like it - but i couldn't possibly have done it. So i thought as an end-user i would have to wait for the "load and watch" feature. But now there are new possibilities to think about...

    When i find the time, i will try if i can put it in the registry as the "execute-*.exe-files-with-this-command" value... I suspect that would bring a lot of messageboxes into my day-to-day work, but it would also increase control a lot. Almost like a sandbox... well, almost...

    Thanks a lot for it,
    CU,
    Andreas
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Sitting here kind of open-mouthed at the speed of the response on that request.

    "Thank you" hardly seems adequate! (But - THANK YOU!). Pete
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Um, guys?

    When I try to click on sloader.exe (it's sitting in my "Unzipped" folder at the moment), this is what I get.

    I've also tried starting it from the "Run" menu, both with and without putting in "Cmd" first, but it just tells me that it's not a valid W32 application.

    This thing does work with NTFS, right?
     

    Attached Files:

  5. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Wow!!!

    That was a FAST response to spy1's input!!! My great respect for DiamondCS's support has reached even higher levels.

    Thanks all!
     
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Hmm, spy1, get the same msgbox here (I run 2kPro SP3). It's 1:30 am in Perth now, I'm sure we will get a quick response once they are "back at the oars"
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Dan - Is your system NTFS, too? Pete
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Joining the club. :)
    XP Pro SP1 FAT32
    Getting the same mysterious message.

    Regards,

    Pieter
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Is it Sloader.exe or sloader.exe? Pete
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Hi Pete,

    Both give me the same messagebox.
    Ehrm, just a thought. The partition of the OS, is that on C: or another one? (Mine is on H:)

    Regards,

    Pieter
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    "Take C!" <g> Pete
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Then I´m out of ideas. I even tried comptability mode, but no go. :doubt:

    Regards,

    Pieter
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    It's gotta be a problem with the d/l itself - bless their hearts - they did kinda put that one out in a hurry.

    No un-install for it - guess you just nuke the folder? Pete
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Hi Pete,

    Since there was no actual install involved, "nuking it" should do it.

    Regards,

    Pieter
     
  15. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Yes I have NTFS as well. I tried a target path that would not require placing the target within double-quotes but that made no difference. I agree, it is probably that they were so eager to place their upload they may have uploaded an earlier (less than perfect) version. :eek:
     
  16. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    ...finally tried it out as well and guess what: i get the same msgbox.
    Also, when i look at the file with bintext to see the strings in there, bintext says it's having problems and they look garbled - even the DiamondCS company string isn't in one piece. So i guess the file is indeed corrupt.
    We'll see...
    CU,
    Andreas

    (I'll postpone the registry experiment a little :rolleyes: )
     
  17. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Sorry guys, try re-downloading, problem fixed :)

    Cheers
     
  18. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Hmm, I get a SLoader Error msgbox indicating "Unable to create process"

    this on attempting two different executeables
     
  19. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Found the problem! Very small flag issue that I wouldnt have noticed if you didnt mention that, give me two minutes please :)
     
  20. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    OK, $5 says all problems are fixed. Redownload please :)
     
  21. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    My clock's running behind because I'm running Eraser at the moment - is two minutes up yet? <g> Pete

    *Ooops! darn those pesky simultaneous posts!
     
  22. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Fair go Pete, that was only a little over one minute ... :D
     
  23. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    Wayne - Do we need to put the program anywhere in particular when installing? Create a folder for it? Put it in with PE, what? Meant to ask earlier. Pete
     
  24. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    HI Wayne,

    one of the two tests worked fine ("testing" ddosping.exe) but attempting to do the same with mIRC (using Invision) came up with the same error as previously except it added a comma and "PID = 0". Could it be the Invision script interfering?
     
  25. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re:DiamondCS SLoader released to enable new Socket Spy 'load and watch' capabi

    It's a standalone program (you don't have to use it with PE) so unzip it (it's just sloader.exe and sloader.txt) to any directory you want -- your Port Explorer directory is also fine, and probably the best place to put them if you're only using it with PE.

    If you ever want to 'uninstall', just delete sloader.exe and sloader.txt :)
     
Thread Status:
Not open for further replies.