Home page logo

nmap-dev logo Nmap Development mailing list archives

Yang's status report - #7 of 16
From: "veotax" <hsluoyz () qq com>
Date: Tue, 23 Jul 2013 23:35:16 +0800

Hi everyone,Here's my status report for week #7.
I have resolved the BindContext parameter bug within function NdisOpenAdapterEx. The adapter binding and unbinding now 
are carried out by the driver itself instead of the application level. If some software wants to open an adapter for 
multiple times, the driver will return the same handle because the driver only can open an adapter for one time. Side 
effects for this change need further research.
When testing my driver, I mainly used wireshark as the application-layer program for debugging last week. However, 
Wireshark is a little weird in the interface info list function, I traced the packet.dll and npf6x.sys (NDIS 6.x edtion 
for npf.sys) but found no track of the interface info list function. The sourcecode of Wireshark uses some kind of pipe 
and is difficult to compile and understand, I decide to use nmap as the application-layer program for debugging this 
Also some packet.dll bugs for npf6x have been found, at first I use "NPcap" string for the service name and driver 
name, but I found Wireshark use the "npf" string for detecting WinPcap service, this will cause Wireshark off. so I 
changed the service name back to "npf", and for migration purpose back to WinPcap trunk, I changed the driver name to 
"npf6x" which means "npf for NDIS6.x". Also some npf6x.sys bugs have been found. The orginal adapter release function 
also need to be changed, because now the driver takes charge of the adapter release instead of the application.

Accomplishments: * Finished the correcting of the BindContext parameter bug using the open-once method. Removed some 
other memory bugs of npf6x.sys * Modified the service name, driver name, protocol name and so on in both npf6x.sys and 
packet.dll, in order to keep compatible with Wireshark and original npf.sys driver.  * Read lots of source code of 
npf.sys, packet.dll and Wireshark. Understand the call sequence among the three. Priorities: * Stuck at a bug, I cannot 
trace the call in the packet.dll when Wireshark refreshes its adapter list. I will solve this next week. * Remove other 
bugs of current npf6x.sys. * Have a meeting with my mentor for the next step.
Cheers, Yang Luo http://veotax.com
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Yang's status report - #7 of 16 veotax (Jul 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]