Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: [Wireshark-dev] [ANNOUNCE] WinPcap 4.0.2 has been released

Re: [Wireshark-dev] [ANNOUNCE] WinPcap 4.0.2 has been released

From: Gianluca Varenni <gianluca.varenni_at_gmail.com>
Date: Thu, 15 Nov 2007 12:30:29 -0800

I'm able to replicate the crash on Vista with 4.23RC1. It happens when you
only have the wireless card active (I tried with both an atheros card and a
realtek one).

I recompiled nmap in debug mode and loaded the memory dump in windbg. here
is the stack trace

00129354 0067c23d nmap!_find_ifindex(struct intf_handle * intf = 0x001ece00,
char * device = 0x0012994c "net7")+0x6f
00129798 0067cdb4 nmap!intf_get(struct intf_handle * intf = 0x001ece00,
struct intf_entry * entry = 0x00129948)+0x4d
001299d8 0061115d nmap!intf_get_pcap_devname(char * ifname = 0x001e9b9c
"net7", char * pcapdev = 0x00129abc "???", int pcapdevlen = 128)+0x84
00129b50 00611348 nmap!DnetName2PcapName(char * dnetdev = 0x001e9b9c "net7",
char * pcapdev = 0x00129c40 "???", int pcapdevlen = 128)+0xdd
00129ddc 005e07d4 nmap!my_pcap_open_live(char * device = 0x001e9b9c "net7",
int snaplen = 100, int promisc = 0, int to_ms = 2)+0x68
0012ac0c 005d5c8d nmap!begin_sniffer(class UltraScanInfo * USI = 0x00305e60,
class std::vector<Target *,std::allocator<Target *> > * Targets =
0x0012affc)+0x194
0012af04 0060df4b nmap!ultra_scan(class std::vector<Target
*,std::allocator<Target *> > * Targets = 0x0012affc, struct scan_lists *
ports = 0x00000000, stype scantype = PING_SCAN (13), struct timeout_info *
to = 0x0079680c)+0x27d
0012b02c 0060d39a nmap!massping(class Target ** hostbatch = 0x003661a8, int
num_hosts = 1, int pingtype = 50)+0x11b
0012b734 00525ea7 nmap!nexthost(class HostGroupState * hs = 0x001e93e8,
class TargetGroup * exclude_group = 0x00000000, struct scan_lists * ports =
0x001e93a0, int pingtype = 50)+0x73a
0012d538 005208e1 nmap!nmap_main(int argc = 3, char ** argv =
0x001e17f0)+0x49b7
0012ff34 0069d4c3 nmap!main(int argc = 3, char ** argv = 0x001e17f0)+0x281
0012ff98 0069d27d nmap!__tmainCRTStartup(void)+0x233
0012ffa0 76893833 nmap!mainCRTStartup(void)+0xd
0012ffac 7743a9bd kernel32!BaseThreadInitThunk+0xe
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x23

static int
_find_ifindex(intf_t *intf, const char *device)
{
 char *p = (char *)device;
 int n, type = _ifcombo_type(device);

 while (isalpha(*p)) p++;
 n = atoi(p);

 return (intf->ifcombo[type].idx[n]);
}

it crashes accessing idx[n], as idx is NULL.
n=7
type=1
device="net7"
intf is a valid pointer, all the items in the array intf::ifcombo are
zero'ed.

Have a nice day
GV

----- Original Message -----
From: "Gianluca Varenni" <gianluca.varenni_at_gmail.com>
To: "Fyodor" <fyodor_at_insecure.org>; "Rob Nicholls"
<robert_at_everythingeverything.co.uk>
Cc: "'Nmap Dev'" <nmap-dev_at_insecure.org>
Sent: Tuesday, November 13, 2007 9:14 PM
Subject: Re: [Wireshark-dev] [ANNOUNCE] WinPcap 4.0.2 has been released

> Tomorrow i'll see if i can replicate some of the problems with some
> atheros wireless cards that use a native wifi driver (on vista). As a
> matter of facts I suspect that all the problems come from wireless network
> cards that have a native wifi miniport. The ones whose description is just
> a mysterious "Microsoft" string.
>
> Have a nice day
> GV
>
>
>
>
> ----- Original Message -----
> From: "Fyodor" <fyodor_at_insecure.org>
> To: "Rob Nicholls" <robert_at_everythingeverything.co.uk>
> Cc: "'Nmap Dev'" <nmap-dev_at_insecure.org>
> Sent: Tuesday, November 13, 2007 6:09 PM
> Subject: Re: [Wireshark-dev] [ANNOUNCE] WinPcap 4.0.2 has been released
>
>
>> On Fri, Nov 09, 2007 at 08:20:38PM -0000, Rob Nicholls wrote:
>>>
>>> NB: The reference to "winpcap 3.1" must be hardcoded in nmap, as you can
>>> see
>>> on the line immediately below it that I'm using 4.0.2.
>>
>> Just FYI, I've fixed this bogus-hardwired-version-number problem. But
>> that won't help your problem with Nmap on Vista using wireless
>> devices. Also Gianluca Varenni mentioned problems using Nmap on Vista
>> with his Intel 4965 wireless card. Is there anyone else here who is
>> running (or trying to run) Nmap on Vista with a WiFi card? Is it
>> working for you? And if it isn't, what problems are you seeing?
>>
>> Thanks,
>> Fyodor
>>
>> _______________________________________________
>> Sent through the nmap-dev mailing list
>> http://cgi.insecure.org/mailman/listinfo/nmap-dev
>> Archived at http://SecLists.Org
>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Nov 15 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]