ZoneAlarm...

Technical discussion about the NMDC and <a href="http://dcpp.net/ADC.html">ADC</A> protocol. The NMDC protocol is documented in the <a href="http://dcpp.net/wiki/">Wiki</a>, so feel free to refer to it.

Moderator: Moderators

Locked
arnetheduck
The Creator Himself
Posts: 296
Joined: 2003-01-02 17:15

ZoneAlarm...

Post by arnetheduck » 2003-02-06 06:33

Anyone knows of a good way of detecting this one (code please, I really don't feel like polluting my computer with it...)? I'm thinking about putting up a big fat warning to get rid of (i suspect) 90% of the "corrupted file" problems...

ender
Posts: 224
Joined: 2003-01-03 17:47

Post by ender » 2003-02-06 07:30

A quick search through the "infected" Windows 2000 system reveals these files:
winnt\system32: vsdata.dll, vsdatant.dll, vsmonapi.dll, vspubapi.dll, vsutil.dll
winnt\system32\zonelabs\html.tdr, ssleay32.dll, vsdb.dll, vsmon.exe, vsruledb.dll

All of these files are signed with ZoneLabs certificate...

Also, vsmon.exe is running while ZoneAlarm is loaded (remember that it's enough that ZA is installed to corrupt downloads, it doesn't need to be running).

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-04-10 21:57

souce: http://www.unixwiz.net/backstealth/

It looks like you can look for a window with a class of NULL and a window title of "ZoneAlarm" or "ZoneAlarm Pro." After quite a bit of googling, this is the "cleanest" way I could find to do it.

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-04-10 22:27

In fact, this code should pretty much do it. It's not DC++ style friendly - it hardcodes a string instead of putting it in the ResourceManager.

Code: Select all

#ifdef WIN32
// ZoneAlarm?
	if (FindWindow(NULL, "ZoneAlarm") || FindWindow(NULL, "ZoneAlarm Pro")) {
		MessageBox("ZoneAlarm has been detected on your computer.  It is frequently responsible for corrupted downloads and is the cause of many \"rollback inconsistency\" errors.  Please uninstall it and use an alternate product.  DC++ will bug you about this every time you start the program.  Tough noogies.", APPNAME " " VERSIONSTRING, MB_OK | MB_ICONERROR);
	}
#endif
I put it in after the version check. The error message is also crude. And I haven't tested it against an install of ZoneAlarm. And I'm not sure if we have problems with both ZoneAlarm and the ZoneAlarm Pro product.

HaArD
Posts: 147
Joined: 2003-01-04 02:20
Location: Canada http://hub-link.sf.net
Contact:

Post by HaArD » 2003-04-10 22:40

I know ZA has been the scapegoat for corrupted downloads for some time and I know that people who un-installed ZA were able to solve their issues but.....

I have been running ZA on one of my machines with DC++ for over a year and I don't have rollback issues. Several users on my hub also run ZA without issue.

Has anyone taken the time to dig deeper and figure out the real cause? It is obviously more complicated then "ZA causes rollback errors"

HaArD

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-04-11 20:09

I, for one, haven't. I just recalled Arne's call for code, and I felt that after reading about another user whose rollback problems were solved by uninstalling ZoneAlarm, code could be contributed to DC++ to at least warn users about the problem.

Of course it's a bandaid over the real problem of what sequence of events or versions cause the problems between DC++ and ZA. But if nobody (I know I'm not) is looking into the root cause, a bandaid is better than nothing.

AlleyKat
Posts: 40
Joined: 2003-01-31 15:37
Location: Denmark

Post by AlleyKat » 2003-04-12 06:47

The "issue" is also getting smaller, as the latest versions of ZoneAlarm Pro seems to run fine. No, actually, it runs correctly - ZoneLabs has even kinda admitted the error(!)

Ofcouse I still think Arne should put it in - it's still the cause in 1 of every 3 "corrupted download" cases imhe.

arnetheduck
The Creator Himself
Posts: 296
Joined: 2003-01-02 17:15

Post by arnetheduck » 2003-04-14 05:45

So it boils down to a version check...gargoyle? =)

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-04-14 06:49

arnetheduck wrote:So it boils down to a version check...gargoyle? =)
:) I've done some googling about getting version numbers from EXEs. I'll use my sacrificial Win98 drive on my laptop and mutilate it with ZoneAlarm to see if I can get something to detect certain ZA versions.

Then comes the "fun" part of actually figuring out what versions are giving people problems. :-|

Locked