Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 8 May 2015 09:57:29 -0400
From: Mathieu Laprise <mathlaprise@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: [core john] [Johnny] Windows event loop

Important info from one of my last message :

> On Windows (tested on 8.1), Johnny can't terminate cleanly the main(and
> only) process of JtR(equivalent of unix sigterm). So, start attack/pause
> attack don't work. However, if we use the windows equivalent of SIGKILL, it
> works.
> From the Qt documentation,
> On Windows, QProces::terminate() posts a WM_CLOSE message to all toplevel
> windows of the process and then to the main thread of the process itself. Console
> applications on Windows that do not run an event loop, or whose event loop
> does not handle the WM_CLOSE message, can only be terminated by
> calling kill(). However, kill() doesn't give you a chance to do some
> cleanup.


I continued working on this and read A LOT of websites about this problem
and tried a lot of solutions. Here is for example one site that talks about
this issue
http://stackoverflow.com/questions/813086/can-i-send-a-ctrl-c-sigint-to-an-application-on-windows

Core-John handles CTRL_C events nicely. However, Qt sends WM_Close message
with Process::terminate() which isn't working with console application that
don't have windows.

I don't seem to find a clean solution that works. So here are those that
works so far, but I prefer to warn you in case you don't want to accept
that kind of workarounds in your code.

Solution 1 and 2 allows cleanup(it's like sigterm on unix)

Solution 1) This requires modifications to john. On Windows, for
john_main_process, create a invisible window, and an event loop on a
separate thread which will forward WM_CLOSE event to a function in john.
I've done a prototype(not in john) and this solution works.

Solution 2) Do like the guy named Shakta on stackoverflow. This doesn't
require changes on John. On johnny, use AttachConsole(johnProcessId);
GenerateConsoleCtrlEvent()
and send a CTRL_BREAK to john. The problem is that we receive it too and
it'll kill Johnny. So that's why we create a simple software Helper.exe
with those 3 lines. We'll launch it and it will send the signal for us.
This works, I've tested it too, the details are in Shakta stackoverflow's
answer. Cons : we have a new executable that will be called by johnny.

Solution 3) Send QProcess::kill() but that doesn't give the chance for John
to cleanup and Solar said it's important.

I've tested answer from KingDragon and it doesn't work, maybe it's qt's
fault ? I've tested a lot of other stuffs too. Unfortunately, I didn't find
a clean solution so far to this problem.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.