Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: Re: [BUG]? Unrecognized option --resume

Re: [BUG]? Unrecognized option --resume

From: David Fifield <david_at_bamsoftware.com>
Date: Fri, 14 Dec 2007 02:14:41 -0700

On Tue, Dec 11, 2007 at 02:35:50PM -0000, Rob Nicholls wrote:
> I know, I know, bad practice to reply to myself, but I think I might have
> found a solution. This error appears to have been spotted (and ignored?)
> back in 2005: http://seclists.org/nmap-dev/2005/q1/0113.html
>
> Anyway, after a bit of trial and error, it looks like the
> CreateFileMapping call needs to use NULL instead of 0 for the
> dwMaximumSizeHigh and dwMaximumSizeLow DWORDs. I think line 993 of
> utils.cc should say:
>
> gmap = CreateFileMapping (fd, NULL, mflags, NULL, NULL, NULL);
>
> I also changed line 977 to:
>
> mflags = PAGE_READWRITE;
>
> I did this because, according to
> http://msdn2.microsoft.com/en-us/library/aa366537.aspx
>
> "This parameter can be one of the following values"
>
> But mflags is originally, if openflags != O_RDONLY, assigned the value
> PAGE_READONLY | PAGE_READWRITE. Which looks wrong to me. According to the
> link above, one or more of the *attributes* for the file mapping object
> can be stated in that way after the page protection value, i.e. in the
> form PAGE_READWRITE | SEC_COMMIT. Note: SEC_COMMIT is the default if
> nothing is stated after the file protection parameter. Seeing as openflags
> != O_RDONLY, I think it makes more sense to simply put PAGE_READWRITE.
> PAGE_READWRITE specifies that the file must be created with the
> GENERIC_READ and GENERIC_WRITE access rights, which matches what's seen at
> line 976. Note: I haven't tried changing 993 without modifying 977.
>
> Anyway, after making the changes to lines 977 and 993 and compiling, I now
> get:
>
> >nmap --resume testresume
> Unable to parse supposed log file testresume. Perhaps the Nmap execution
> had not finished at least one host? In that case there is no use
> "resuming"
> QUITTING!

Hi Robert. Thanks for doing the research on this. Your analysis is good.
You're right, PAGE_READONLY | PAGE_READWRITE seems wrong. I have
committed the fix you suggested.

I don't think NULL had anything to do with it though. The parameters for
which you passed NULL as an argument have the type DWORD, which is an
integer type (I'm pretty sure, not too familiar with the Windows API).
Passing NULL doesn't hurt but it doesn't change anything either. The
MSDN page you referenced specifically says to use 0 to enable certain
special behavior.

> Apologies for not sending a diff, I haven't worked out how to create them
> yet *blush* but at least it's only (1 or) 2 lines of code that need to be
> modified.

It's easy to make diffs if you're using Subversion. Instructions for how
to get Nmap with Subversion are at
http://insecure.org/nmap/install/index.html#inst-svn. Once you have done
that you can just say "svn diff > file.diff".

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 14 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]