maillist | 14 Feb 22:15 2005

v0.956 pre-release, still crashes with imap

Hi
I have still crashes with IMAP using ssl or not. If I'm using SSL I get
crashes more often, gpgrelay usually checks only one or two folders (fetches
mail ok) and then crashes. Withouh ssl (I'm using VPN connection) I still
get crashes when I'm checking mail, gpgrelay crashes about  four cases out
of five.
Im using Wxp Pro sp2, Outlook Express, gpg 1.4.0a, my IMAP server is
courier-imap and smtp-server is Exim3.

Also I sometimes get warnings that some other process is trying to read my
password, I have scanned my computer with AdAware, Spybot and Norton
antivirus corporate edition 8.1 and they find nothing. Any ideas? Is there a
way to get pid of the malicious process?

Heres the log of the crash (I dont get this log always), I also attached it.

{71E94836} C:\Program Files\GPGrelay\GPGrelay.exe [tid:00000844] raised an
exception at: 0x00491762 (Section 01:Offset 00090762)

EAX=00000000  EBX=0012F678  ECX=0033FD18  EDX=0033FDF8  ESI=0033D2D8
EDI=00080093  EBP=00C20382  ESP=0058CB0C  EIP=0000000F  FLG=00010206
CS=001B   DS=0023  SS=0023  ES=0023  FS=003B  GS=0000
---------------------
EXCEPTION_ACCESS_VIOLATION: The thread tried to read from or write to a
virtual address for which it does not have the appropriate access.
Write to virtual address 0x0008009f

Call stack:
Address   Frame     Function            SourceFile
00491762  0012F658  BTreeNode<unsigned int,unsigned int,1,8>::add+102
(Continue reading)

maillist | 17 Feb 20:20 2005

Re: v0.956 pre-release, still crashes with imap

> Also I sometimes get warnings that some other process is trying to read my
> password, I have scanned my computer with AdAware, Spybot and Norton
> antivirus corporate edition 8.1 and they find nothing. Any ideas? Is there 
> a
> way to get pid of the malicious process?

Btw:
Should the "current ProcessID" in PasswordSpy Warning be gpgrelays or 
hostile processes pid? I converted it from hex to decimal, it was gpgrelays 
pid.

Markus

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
dynacore//.tSCc. | 17 Feb 19:39 2005
Picon

Re: v0.956 pre-release (unusable) key


Hi!

> The only frustrating part (not your fault) is the window closes when I
> attempt to capture it with my screen capture tool. Any keypress closes
> the window. <sigh>
Hm, isn't PrntScrn working this way anymore?

> Fortunately I can pick out the one that I want .. I just have to pay
> attention. :)
No problem, I'll remove it for the popups :)

Bye!

Kevin Coates | 18 Feb 00:41 2005

Re: v0.956 pre-release (unusable) key


Hi dynacore//.tSCc.,

On Thu, 17 Feb 2005 19:39:20 +0100 (1:39 PM here), dynacore//.tSCc.
[dt] wrote in <mid:01da01c5153e$7f10f2e0$75a5e4d9 <at> tesla>:

>> The only frustrating part (not your fault) is the window closes
>> when I attempt to capture it with my screen capture tool. Any
>> keypress closes the window. <sigh>

dt> Hm, isn't PrntScrn working this way anymore?

That might work but I usually capture a region rather than the whole
screen.

>> Fortunately I can pick out the one that I want .. I just have to pay
>> attention. :)

dt> No problem, I'll remove it for the popups :)

Keep the gpg Comment field though.

--
Kevin Coates
Dewitt, NY  USA

Using GPGrelay v0.956 under Windows XP 5.1.2600 SP2
________________________________________________________________
dynacore//.tSCc. | 19 Feb 13:53 2005
Picon

Re: v0.956 pre-release, still crashes with imap


Hi!

> Also I sometimes get warnings that some other process is trying to read my
> password, I have scanned my computer with AdAware, Spybot and Norton
> antivirus corporate edition 8.1 and they find nothing. Any ideas? Is there a
> way to get pid of the malicious process?
I'm not sure how to get that info. GPGrelay is checking if the thread that requests the passphrase in the
WindowProc is actually the one that requested the passphrase (using GetCurrentThreadID). Simple idea,
simple code.
But actually I'm starting to believe that that piece of code is broken and only works for Win9x.
I'm really not sure anymore if it's worthwhile to check for a solution (esp. as it's quite easy to circumvent
that check).
So I'll just kick it out...

But out of curiosity: When does that message pop up? Immediately when the passphrase is asked? Whenever you
type a key? When you push the OK-Button?
Also I'm puzzled about the "sometimes". Hm, before I kill it, I'll try one more thing: Delaying the check
until the edit-control has at least some content (the Passphrase-Controls always start empty, so it's no harm).

> Heres the log of the crash (I dont get this log always), I also attached it.
>[...]
> 00491348  0012F6AC  CLogListBox::DrawItem+288 E:\MyProjects\GPGrelay\LogListBox.cpp line 201
The crash occured in the paint-method of the log-listbox?
That's strange...

> 2A0D1516#### ASSERTION FAILED! #### FALSE #### E:\MyProjects\GPGrelay\ServerIMAPAcceptThread.cpp,336
That's more of a reason what's can crash GPGrelay.
Okay, I'll remove the try/catch, so it should crash instead of ASSERT - hopefully with the callstack we get
then, we can track down where the problem lies.
(Continue reading)

maillist | 20 Feb 17:21 2005

Re: v0.956 pre-release, still crashes with imap


>> Also I sometimes get warnings that some other process is trying to read
>> my
>> password, I have scanned my computer with AdAware, Spybot and Norton
>> antivirus corporate edition 8.1 and they find nothing. Any ideas? Is
>> there a
>> way to get pid of the malicious process?
>I'm not sure how to get that info. GPGrelay is checking if the thread that
>requests the passphrase in the WindowProc is actually the one that
>requested the passphrase (using GetCurrentThreadID). Simple >idea, simple
>code.
>But actually I'm starting to believe that that piece of code is broken and
>only works for Win9x.
>I'm really not sure anymore if it's worthwhile to check for a solution
>(esp. as it's quite easy to circumvent that check).
>So I'll just kick it out...

>But out of curiosity: When does that message pop up? Immediately when the
>passphrase is asked? Whenever you type a key? When you push the OK-Button?
>Also I'm puzzled about the "sometimes". Hm, before I kill it, I'll try one
>more thing: Delaying the check until the edit-control has at least some
>content (the Passphrase-Controls always start empty, so it's no >harm).

Message pops up Immediately after the passphrase is asked. Now it gives me
warning everytime.

>> Heres the log of the crash (I dont get this log always), I also attached
>> it.
>>[...]
>> 00491348  0012F6AC  CLogListBox::DrawItem+288
(Continue reading)

maillist | 21 Feb 13:54 2005

Re: v0.956 pre-release, still crashes with imap


Version 0.957 doesn't give warnings about spyware, did you remove the code
or fixed it? I'll mail a report about imap related crashes when I have some
spare time.

Markus

dynacore//.tSCc. | 21 Feb 20:57 2005
Picon

Re: v0.956 pre-release, still crashes with imap


Hi!

> Version 0.957 doesn't give warnings about spyware, did you remove the code
> or fixed it?
Neither. I simply delayed the check: It's active after the dialog is shown - the passphrase-edit is empty at
that point, so no data can be harvested.
You can try to read the edit with some password-spy-tools; hope it does respond... (although it's not too
hard to circumvent the check at all)

>I'll mail a report about imap related crashes when I have some
> spare time.
Don't haste :)

Bye!

maillist | 22 Feb 09:56 2005

Re: v0.956 pre-release, still crashes with imap


Hi!

>> Version 0.957 doesn't give warnings about spyware, did you remove the
>> code
>> or fixed it?
>Neither. I simply delayed the check: It's active after the dialog is
>shown - the passphrase-edit is empty at that point, so no data can be
>harvested.
>You can try to read the edit with some password-spy-tools; hope it does
>respond... (although it's not too hard to circumvent the check at all)

At least with Captain Mnemo (http://www.refog.com/captainmnemo/) Gpg-relay
didn't warn about password logger.

Markus


Gmane