mailing list archives
Yang's status report - #7 of 16
From: "veotax" <hsluoyz () qq com>
Date: Tue, 23 Jul 2013 23:35:16 +0800
Hi everyone,Here's my status report for week #7.
I have resolved the BindContext parameter bug within function NdisOpenAdapterEx. The adapter binding and unbinding now
are carried out by the driver itself instead of the application level. If some software wants to open an adapter for
multiple times, the driver will return the same handle because the driver only can open an adapter for one time. Side
effects for this change need further research.
When testing my driver, I mainly used wireshark as the application-layer program for debugging last week. However,
Wireshark is a little weird in the interface info list function, I traced the packet.dll and npf6x.sys (NDIS 6.x edtion
for npf.sys) but found no track of the interface info list function. The sourcecode of Wireshark uses some kind of pipe
and is difficult to compile and understand, I decide to use nmap as the application-layer program for debugging this
Also some packet.dll bugs for npf6x have been found, at first I use "NPcap" string for the service name and driver
name, but I found Wireshark use the "npf" string for detecting WinPcap service, this will cause Wireshark off. so I
changed the service name back to "npf", and for migration purpose back to WinPcap trunk, I changed the driver name to
"npf6x" which means "npf for NDIS6.x". Also some npf6x.sys bugs have been found. The orginal adapter release function
also need to be changed, because now the driver takes charge of the adapter release instead of the application.
Accomplishments: * Finished the correcting of the BindContext parameter bug using the open-once method. Removed some
other memory bugs of npf6x.sys * Modified the service name, driver name, protocol name and so on in both npf6x.sys and
packet.dll, in order to keep compatible with Wireshark and original npf.sys driver. * Read lots of source code of
npf.sys, packet.dll and Wireshark. Understand the call sequence among the three. Priorities: * Stuck at a bug, I cannot
trace the call in the packet.dll when Wireshark refreshes its adapter list. I will solve this next week. * Remove other
bugs of current npf6x.sys. * Have a meeting with my mentor for the next step.
Cheers, Yang Luo http://veotax.com
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/
- Yang's status report - #7 of 16 veotax (Jul 23)