Jump to content
Sign in to follow this  
pinkfoyd

Need help to adapt a python script, Thank

Recommended Posts

pinkfoyd

Hi all,

I need help to adapt this script on autoit.

The udprecv fonction don't work ( i see nothing in my lan ) but i have find a solution by using WinDump.exe ( http://www.winpcap.org/windump/ ) in command line

Now i have the lan information :

18:55:21.506953 IP XBOX360.1032 > 255.255.255.255.7030: UDP, length 512
0x0000:  4500 021c b221 0000 4011 05ee c0a8 001a  E....!..@.......
0x0010:  ffff ffff 0408 1b76 0208 ead1 075a 3127  .......v.....Z1'
0x0020:  40e9 3a69 1e2c 0000 0000 0000 4672 6565  @.:i.,......Free
0x0030:  7374 796c 652e 6578 6500 0000 0000 0154  style.exe......T
0x0040:  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x0070:  0000 0000 0000 0000 0000 0000 5c44 6576  ............Dev
0x0080:  6963 655c 4d61 7373 305c 5f46 7265 6573  iceMass0_Frees
0x0090:  7479 6c65 6461 7368 5c64 6566 6175 6c74  tyledashdefault
0x00a0:  2e78 6578 0000                        .xex..

but i don't understand how, in this python script, the data are converted to 'readable' value.

seem to be this lines in the python script

if ord(message[0]) == 0x7:
  cpu = float((ord(message[1])+(ord(message[2])<<8))/divisor)
  gpu = float((ord(message[3])+(ord(message[4])<<8))/divisor)
  edr = float((ord(message[5])+(ord(message[6])<<8))/divisor)
  mob = float((ord(message[7])+(ord(message[8])<<8))/divisor)
  unk = ord(message[9])

Can someone help ? would be very appreciated

Here is the full python script :

# this is a simple python script to capture the UDP packets
# that are broadcast by dash launch, display that info in human readable form and log the data to a csv file
# note, there is also another sample for using this data on a PC in launch_sysdll_exports.c
import socket, sys, time
port = 7030
dgr = unichr(176)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
s.bind(('', port))
divisor = float(256)
header = 'CPU,GPU,EDRAM,MOBO,UNK,Time,Date,PEName,Path,TID,MIDn'
def get_len(var, max):
for i in range(max):
  if ord(var[i]) == 0x0:
   return (i)
return 0
def tempPoll(lf):
message = s.recv(0x200)

if ord(message[0]) == 0x7:
  cpu = float((ord(message[1])+(ord(message[2])<<8))/divisor)
  gpu = float((ord(message[3])+(ord(message[4])<<8))/divisor)
  edr = float((ord(message[5])+(ord(message[6])<<8))/divisor)
  mob = float((ord(message[7])+(ord(message[8])<<8))/divisor)
  unk = ord(message[9])
  pename = "%s" % (message[0x10:(get_len(message[0x10:], 0x50))+0x10])
  image = "%s" % (message[0x60:(get_len(message[0x60:], 0x100)+0x60)])
  tid = (ord(message[0x160])<<24)+(ord(message[0x161])<<16)+(ord(message[0x162])<<8)+ord(message[0x163])
  mid = (ord(message[0x164])<<24)+(ord(message[0x165])<<16)+(ord(message[0x166])<<8)+ord(message[0x167])
  st = "%0.1f,%0.1f,%0.1f,%0.1f,%d,%s,%s,%s,%08x,%08xn" % (cpu, gpu, edr, mob, unk, time.strftime("%H:%M:%S,%m/%d/%Y"), pename, image, tid, mid)
  lf.write(st)
  print "CPU: %0.1f%sC GPU: %0.1f%sC EDRAM: %0.1f%sC MOBO: %0.1f%sC Unk: %d %s image: %s @ %s T: 0x%08x M: 0x%08x" % (cpu, dgr, gpu, dgr, edr, dgr, mob, dgr, unk, time.strftime("%I:%M:%S%p"), pename, image, tid, mid)
else:
  print "ERRROR!!! 0x%x is not a temp reply!!!" % (ord(message[0]))
if __name__ == '__main__':
logfile = 'temps.csv'
if (len(sys.argv) == 1):
  logfile = "temps_%s.csv" % (time.strftime("%I.%M.%S%p_%m.%d.%Y"))
  lfile = open(logfile, 'w')
else:
  logfile = sys.argv[0]
print "Opening log: %s" % (logfile)
lfile = open(logfile, 'w')
lfile.write(header)
while True:
  try:
   tempPoll(lfile)
  except KeyboardInterrupt:
   lfile.close()
   sys.exit()

if this can help, here is the 'same' but in C language :

EXPORTS
    ldat   @1 DATA
    dlaunchStartSysModule @2
dlaunchStartTemps @3
// see below for more info/examples
pldata ldat; // ordinal 1
DWORD (*dlaunchStartSysModule)(char*); // ordinal 2
BOOL (*dlaunchStartTemps)(DWORD timeInS, DWORD port, BOOL broadcast); // ordinal 3
/********************************** example *******************************************/
#ifdef __cplusplus
extern "C" {
#endif
UINT32 __stdcall XexGetModuleHandle(char* module, PVOID hand);
UINT32 __stdcall XexGetProcedureAddress(UINT32 hand ,UINT32, PVOID);
#ifdef __cplusplus
}
#endif
#define NT_SUCCESS(Status)            (((NTSTATUS)(Status)) >= 0)
DWORD (*launchStartSysModule)(char*);
VOID (*someFunct1)(VOID);
VOID (*someFunct2)(VOID);
DWORD resolveFunct(PCHAR modname, DWORD ord)
{
DWORD ptr2=0;
HANDLE hand;
if(NT_SUCCESS(XexGetModuleHandle(modname, &hand)))
  XexGetProcedureAddress(hand, ord, &ptr2);
return ptr2; // function not found if return is 0
}
//.... in your code
if(launchStartSysModule == 0)
  launchStartSysModule = (DWORD (__cdecl *)(char*))(resolveFunct("launch.xex", 2));
DWORD ret = launchStartSysModule("GAME:somedll.xex");
dprintf("launch GAME:somedll.xex returned %08xn"); // returns 0x00000000 on success
if(someFunct1 == 0)
  someFunct1 = (VOID (__cdecl *)(VOID))(resolveFunct("somedll.xex", 2));
if(someFunct2 == 0)
  someFunct2 = (VOID (__cdecl *)(VOID))(resolveFunct("somedll.xex", 3));
// etc

//This is the variable exported on ordinal 1
typedef struct _ldata{
DWORD ID;
DWORD ltype;
char link[MAX_PATH];
char dev[MAX_PATH];
USHORT versionMaj;
USHORT versionMin;
USHORT targetKernel;
USHORT svnVer;
DWORD options; // for external apps that want to know what dash launch has set/parsed
DWORD DebugRoutine; // for external apps that want to recursively hook and call the first/last chance exception trap on their own
DWORD DebugStepPatch; // address to patch single step exception to not be skipped (write 0x60000000/nop to this address to enable it)
} ldata, *pldata;
/********************************** options bitfields *******************************************/
// options are enumerated by bitmasks, note that changing the var in memory doesn't necissarily enforce the option
// ones that are noted as modifiable can be changed externally, ones that are noted as status it is dangerous to change on the fly
// option bitfields
#define OPT_NXEMINI 0x00000001 // if 1 nxemini miniblade exits in dash are hooked (modifiable)
#define OPT_CONTPATCH   0x00000002 // if 1 LIVE containers will be patched on loads (status)
#define OPT_REGION  0x00000004 // if 1 kernel region was bypassed for this load (status)
#define OPT_DVDEXIT 0x00000008 // if 1 ejecting dvd video will return to official dash (modifiable)
#define OPT_XBLAEXIT   0x00000010 // if 1 quitting a xbla will return to official dash (modifiable)
#define OPT_SOCKPATCH   0x00000020 // if 1 all titles have privs modified for insecure sockets (modifiable)
#define OPT_NOSYSEXIT   0x00000040 // if 1 using miniblades to get to system settings will not work (modifiable)
#define OPT_PASS_LAUNCHD  0x00000080 // if 1 launch data will be passed as-is to the next application (modifiable)
#define OPT_FATAL_NOFREEZE  0x00000100 // if 1 dash launch tries to catch non-fatal exceptions (status)
#define OPT_FATAL_REBOOT  0x00000200 // if 1 dash launch will try to reboot on fatal exceptions (modifiable/status, depends on NOFREEZE at boot time)
#define OPT_PING_PATCH   0x00000400 // if 1 ping limit has been patched in xam (status)
#define OPT_SAFE_REBOOT   0x00000800 // if 1 changes reboot method to hard reboot for jtag that can't soft reboot (modifiable/status, depends on NOFREEZE at boot time and)
#define OPT_EXCEPT_HANDLE  0x00001000 // if 1 dash launch has hooked the kernel exception handler (status)
#define OPT_DEBUG_OUTPUT  0x00002000 // if 1 dash launch will output dbgprint to UART (status, depends on EXCEPT HANDLE being 1)
#define OPT_UPDATE_BLOCK  0x00004000 // if 1 dash launch is blocking updaters by one-time patching xam strings (status)
#define OPT_LIVE_BLOCK   0x00008000 // if 1 xbox is prevented from resolving known live servers (modifiable)
#define OPT_HUD_DISABLE   0x00010000 // if 1 xbox is preventing HUD miniblades from coming up (status)
#define OPT_XHTTP_PATCHED  0x00020000 // if 1 xam is patched to allow XHTTP to work w/o signing in (status)
#define OPT_SIGN_NOTICE_DISABLE 0x00040000 // if 1 dash launch is dispatching single button warnings generated by singin.xex (status)
#define OPT_SELECT_SHUTDOWN  0x00080000 // if 1 holding guide button will autoselect shutdown console item (modifiable)
#define OPT_FORCE_SHUTDOWN  0x00100000 // if 1 holding guide button will shut down console (modifiable)
#define OPT_BCAST_TEMPS   0x00200000 // if 1 then a task is broadcasting temps and the tempdata export is getting updated (status)
#define OPT_HDALIVE 0x00400000 // if 1 then a task is trying to keep usb hdd from spinning down (status)

//To use the export, you'd do something like:
pldata ldat = (pldata)resolveFunct("launch.xex", 1);

/********************************** temp broadcast info *******************************************/
// this export can be called multiple times, but the task is not set up to be stopped once started
// setting broadcast to TRUE causes it to start broadcasting on a net link if available
// setting it to FALSE stops it from broadcasting, but the task will remain active
// this function returns true if the task is set up successfully (at time of call or before)
BOOL (*dlaunchStartTemps)(DWORD timeInS, DWORD port, BOOL broadcast); // ordinal 3
#define loadBe32(x) (((x[0]&0xFF)<<24)|((x[1]&0xFF)<<16)|((x[2]&0xFF)<<8)|(x[3]&0xFF))
// temps will be broadcast on a UDP datagram port as specified by the ini
// the basic struct of the data is:
typedef struct _tempMessage {
BYTE commandIdent; // for temp this will be 0x7
BYTE cpuLower;
BYTE cpuUpper;
BYTE gpuLower;
BYTE gpuUpper;
BYTE edramLower;
BYTE edramUpper;
BYTE moboLower;
BYTE moboUpper;
BYTE unk[7]; // the first byte of this may be smc/southbridge temp in celcius...
char peName[0x50]; // starts at offset 0x10, the name the title xex has stored for PE name
char pePath[0x100]; // starts at offset 0x60, the path kernel has launched the xex from (will be a fake device for containers)
DWORD titleId; // starts at offset 0x160, the title ID of the current title, in big endian
DWORD mediaId; // starts at offset 0x164, the media ID of the current title, in big endian
BYTE forLaterUse[0x98];
} temps, *ptemps;
BYTE recvData[0x200];
ptemps temp = (ptemps)recvData;
// << receive the data from UDP here >>
if(temp->commandIdent == 0x7)
{
  double cpu = (temp->cpuLower | (temp->cpuUpper << 8)) / 256.0;
  double gpu = (temp->gpuLower | (temp->gpuUpper << 8)) / 256.0;
  double edram = (temp->edramLower | (temp->edramUpper << 8)) / 256.0;
  double mb = (temp->moboLower | (temp->moboUpper << 8)) / 256.0;
  DWORD tid = loadBe32(&temp->titleId);
  DWORD mid = loadBe32(&temp->mediaId);
  printf("CPU:%3.1fC GPU:%3.1fC EDRAM:%3.1fC MB:%3.1fC TID: 0x%08x MID: 0x%08x", cpu, gpu, edram, mb, tid, mid);
  if(temp->peName[0] != 0)
   printf("PE: %s", temp->peName);
  if(temp->pePath[0] != 0)
   printf("Path: %s", temp->pePath);
  printf("n");
}
else
{ // shouldn't ever happen, but just in case...
  printf("wth is command 0x%x supposed to mean anyway?", temp.commandIdent);
}

PS : For information, i try to create a better application to trace temperature from JTAG/GLITCH XBOX 360 console.

Edited by pinkfoyd

Share this post


Link to post
Share on other sites
pinkfoyd

Find antoher solution, running the .c version in exe command line :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×