LCF-AT Posted August 15, 2017 Share Posted August 15, 2017 Hi guys, after a longer time of coding I would like to share my new app.So with this app you can grab / store / edit / play / record / watch / debug and test play your RTMP streams and much more.In the app I use latest librtmp and it works similar as the rtmpdump commandline tool and you can use also almost all original rtmpdump commands (see synopsis).My main goal was it to build a tool to handle all streams at once in a GUI with a simple and quickly handling.I also added much extra features which should be helpfully to get more needed informations about streams if they don't play (special cases) or if you need to get stream datas manually.All necessary information about the app and features I wrote detailed into included text files and I also created four little videos how to use it and what to do in some special cases specially if you didn't know or worked with rtmpdump before.If yes then its of course a advantage for you. I embedded two file into the app you do need to grab rtmp streams on fly running in your browser.Both files will created (if not present already) if you start the hook.The unhook function does restore original state back if processes are still present.The hook feature works similar as the RTMPDumpHelper tool and it does pipe the traffic to localhost so that rtmpsuck gets it without to record anything and just used to get the stream datas which you then can see in the app to work go on with them.You can use Firefox (flash hook),Chrome or InternetExplorer to use the hook function.The best choice would be Firefox and for Chrome not all sites are working (see video). Embedded Files ------------------------------------- - unpacked rtmpsuck.exe version (disabled record functions) - ConnectHook.dll (coded by me to hook processes) System requirements ------------------------------------- Windows x86 (32 bit) - I coded the app in MASM (WinASM IDE) on Windows 7 and didn't test it on lower systems like XP now etc. - Installed VLC player - Firefox or Chrome or Internet Explorer browser Optional: SWF ID (Check for running flash player / Chrome / IE / download for HMAC check) JPEXS Decompiler (Find secureToken or custom command etc) RTMP Store and Play 1.0 + Videos.rar PS: Have fun with my app and maybe you will like to use it in the future so I tried my best (as good as possible for me) to create a simple and good alternative free app. Feedback or possible bugs reports etc are welcome of course. greetz 10 5 Link to comment Share on other sites More sharing options...
Teddy Rogers Posted August 18, 2017 Share Posted August 18, 2017 Good to see you got there in the end with results to show! Ted. 1 Link to comment Share on other sites More sharing options...
LCF-AT Posted September 4, 2017 Author Share Posted September 4, 2017 Hi guys, just wanna ask whether the app works so far for you?So someone told me that it failed with the play / record function on Windows 10 32 bit.I would like to know whether anyone else of you who is using Win 10 32 bit has same trouble or not.The person who told me about that problem is using a China language + VPN.Now I thought it could be have to do with that China language maybe.All in all the person gets 2 excetpion (I did send him a test version with exception logging),one for play and one for record.I tried to check that out and something is going wrong using CompareStringA API (called from lstrcpyA).Seems that its trying to compare with a value and not with a string.Also exception for record function is also strange so it dosent write in stack using REP MOVSB command.All in all strange so far.Problem is I cant debug that problems without having Win 10 and just wanna ask whether anyone of you who is using Win 10 32 bit could check that out to find more infos what the reason could be.Below some infos I build toghether so far.... Play Function Error ------------------------------ Exception: C0000005 regEax 00000000 regEcx FFFFFFFF regEdx 00000000 regEbx 00000400 regEsp 04E2EB90 regEbp 04E2EF84 regEsi FFFFFFFF regEdi 00566550 regEip 73FCF748 BaseAddress: 73FCF000 AllocationBase: 73EE0000 ------------------------------- Exception Address: 73FCF748 ------------------------------- Exception occurs into module KERNELBASE.dll Next API Address & Name above before Exception: 73FCF610 CompareStringA 73FCF610 MOV EDI , EDI 73FCF612 PUSH EBP 73FCF613 MOV EBP , ESP 73FCF615 AND ESP , F8H 73FCF618 SUB ESP , 000003E4H 73FCF61E MOV EAX , DWORD PTR [74074BC0H] 73FCF623 XOR EAX , ESP 73FCF625 MOV DWORD PTR [ESP+000003E0H] , EAX 73FCF62C MOV EDX , DWORD PTR [EBP+0CH] 73FCF62F MOV ECX , DWORD PTR [EBP+10H] 73FCF632 PUSH EBX 73FCF633 MOV EBX , DWORD PTR [EBP+08H] 73FCF636 PUSH ESI 73FCF637 MOV ESI , DWORD PTR [EBP+14H] 73FCF63A MOV DWORD PTR [ESP+38H] , EDX 73FCF63E MOV DWORD PTR [ESP+14H] , ECX 73FCF642 PUSH EDI 73FCF643 MOV EDI , DWORD PTR [EBP+18H] 73FCF646 MOV DWORD PTR [ESP+20H] , EDI 73FCF64A TEST ESI , ESI 73FCF64C JNS 73FCFAE0H 73FCF652 MOV EAX , DWORD PTR [EBP+1CH] 73FCF655 TEST EAX , EAX 73FCF657 JNS 73FCFAE0H 73FCF65D MOV DWORD PTR [ESP+34H] , 00000001H 73FCF665 XOR EAX , EAX 73FCF667 MOV DWORD PTR [ESP+0CH] , EAX 73FCF66B MOV DWORD PTR [ESP+10H] , EAX 73FCF66F TEST EDX , 60000000H 73FCF675 JNE 73FCFB6DH 73FCF67B CMP EBX , 00000401H 73FCF681 JC 73FCFAB3H 73FCF687 CMP EBX , 00000800H 73FCF68D JNC 73FCFAB3H 73FCF693 CMP DWORD PTR [74076848H] , 00H 73FCF69A JE 73FCFBA6H 73FCF6A0 MOV EAX , DWORD PTR [74076848H] 73FCF6A5 CMP EBX , DWORD PTR [EAX] 73FCF6A7 JNE 740173C3H 73FCF6AD TEST EAX , EAX 73FCF6AF JE 740173C3H 73FCF6B5 MOV EAX , DWORD PTR [EAX+10H] 73FCF6B8 MOVZX EDI , WORD PTR [EAX+6EH] 73FCF6BC TEST EDI , EDI 73FCF6BE JE 74017404H 73FCF6C4 MOV DWORD PTR [ESP+24H] , 00000000H 73FCF6CC MOV DWORD PTR [ESP+1CH] , 00000000H 73FCF6D4 MOV DWORD PTR [ESP+30H] , 00000000H 73FCF6DC CMP EDI , 0000CAEDH 73FCF6E2 JE 74017413H 73FCF6E8 CMP EDI , 000096C6H 73FCF6EE JE 7401741DH 73FCF6F4 CMP EDI , 03H 73FCF6F7 JE 74017427H 73FCF6FD CMP EDI , DWORD PTR [7407673CH] 73FCF703 JNE 7401745BH 73FCF709 MOV EDX , DWORD PTR [7407698CH] 73FCF70F MOV DWORD PTR [ESP+0CH] , EDX 73FCF748 MOV AL , BYTE PTR [ECX] <--------------- Excep. 73FCF74A INC ECX 73FCF74B TEST AL , AL 73FCF74D JNE 73FCF748H 73FCF74F SUB ECX , EDX ------------------------------ called via CreateThread PLAYSTREAMTEST2 proc A:DWORD,B:DWORD,BB:DWORD,StringArrayPointer:DWORD mov edi,StringArrayPointer mov ebx,ARRAYCOUNTTESTPLAY mov esi,[edi] invoke lstrcmp,esi,chr$("-C") <---- Exception inside In Olly: ----------------------------- 00412169 MOV ESI,DWORD PTR DS:[EDI] 0041216B PUSH 0x566550 ; ASCII "-C" 00412170 PUSH ESI 00412171 CALL 00451080 ; <JMP.&kernel32.lstrcmpA> Record Function Error ------------------------------ Exception: C0000005 regEax 00000000 regEcx 00000014 <-- should be 38h regEdx 00000000 regEbx 023C0000 regEsp 053AEE18 regEbp 053AFF80 regEsi 053B0000 regEdi 053AFD5C regEip 0040FD9F BaseAddress: 0040F000 AllocationBase: 00400000 ------------------------------- Exception Address: 0040FD9F ------------------------------- 0040FD9F REP MOVSB <--------------- Excep. 0040FDA1 PUSH DWORD PTR [EBP-0000022CH] 0040FDA7 LEA EAX , DWORD PTR [EBP-000003AAH] 0040FDAD PUSH EAX 0040FDAE CALL 0045108CH 0040FDB3 CMP DWORD PTR [005787B4H] , 01H 0040FDBA JE 0040FDDDH 0040FDBC PUSH 0057D352H 0040FDC1 PUSH 00000101H 0040FDC6 CALL 00451F32H 0040FDCB OR EAX , EAX 0040FDCD JNE 00411DA3H 0040FDD3 MOV DWORD PTR [005787B4H] , 00000001H 0040FDDD CALL 0046AE26H 0040FDE2 OR EAX , EAX 0040FDE4 JE 00411D7EH 0040FDEA MOV DWORD PTR [EBP-04H] , EAX 0040FDED PUSH DWORD PTR [EBP-04H] 0040FDF0 CALL 0046AE56H 0040FDF5 ADD ESP , 04H ------------------------------ Called via CreateThread PLAYSTREAM_RECORD proc A:DWORD,B:DWORD,BB:DWORD,StringArrayPointer:DWORD ......... mov ecx,sizeof checko lea edi,checkoIN mov esi,StringArrayPointer REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] 0040FD91 MOV ECX,0x38 0040FD96 LEA EDI,DWORD PTR SS:[EBP-0x248] 0040FD9C MOV ESI,DWORD PTR SS:[EBP+0x14] 0040FD9F REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] ; copy bytes to edi stack = exception ....so if you like to check that out also if you just do use Win 10 32 bit only to make a quick test without to debug and send me results whether it work or not for you then you can use this streamlink.... -r rtmp://31.13.223.103:1935/359tv/codefashion.stream ...if you dont have any.Just add it and press play or also record to test both. So for Win 7 32 bit I do use all is working without problems.Maybe problem is really Win 10 (any API not working right I do use maybe or protection stack issue or whatever).Maybe you can see more if you can debug that 2 issues out. Thank you so far and till later Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now