Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Running Nmap several times within the same process

From: Andy Woods <andywoodseyr () gmail com>
Date: Wed, 23 Sep 2009 06:53:25 +0000
Hey,

I'm playing around with a project where I want to run Nmap several times
within the same process.
Currently I'm doing some tests to see if it is possible, or really just a
bad idea.

To make some kind of proof-of-concept I renamed the entry-function main(..)
in main.cc to main_entry(..),
and created a new main(..) function with the following code;

int main(int argc, char *argv[]) {
    printf("Starting first scan...\n
    printf("----------------------\n");
    main_entry(argc, argv);

    printf("\n");
    printf("Starting second scan...\n");
    printf("-------------------------\n");
    main_entry(argc, argv);
    return 0;
}

The idea is to run two scans in the same process, which I think requires
Nmap to clean up
global memory allocations in the first run to turn out well.

1. TEST (standard arguments)
=================================================================
In this test I passed standard arguments to Nmap, but as you can see
of the results the second scan fails (probably because some global
variables,
or heap allocated pointers are not deleted)

C:\Src\NmapTest\nmap-5.00\mswin32\Debug>nmap.exe -n 192.168.119.1
Starting first scan...
----------------------

Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-23 07:57 Central Europe
Standard Time
Interesting ports on 192.168.119.1:
Not shown: 995 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
912/tcp   open  unknown
12345/tcp open  netbus
MAC Address: 00:50:aa:bb:cc:dd (VMWare)

Nmap done: 1 IP address (1 host up) scanned in 5.16 seconds

Starting second scan..
----------------------

Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-23 07:58 Central Europe
Standard Time
PortList::initializePortMap: portmap for protocol 6 already initialized
QUITTING!

OUTPUT (with --release-memory):
=================================================================
I also tried to use the --release-memory argument (which calls
nmap_free_memory() in nmap.cc),
but this resulted in an exception claiming "Access Violation". I fixed the
first
exception, but as soon I applied this fix I got a new exception. My guess is
that
nmap_free_memory() is probably just releasing _some_ memory.

C:\Src\NmapTest\nmap-5.00\mswin32\Debug>nmap.exe --release-memory -n
192.168.119.1
Starting first scan...
---------------------------------

Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-23 08:01 Central Europe
Standard Time
Interesting ports on 192.168.119.1:
Not shown: 995 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
912/tcp   open  unknown
12345/tcp open  netbus
MAC Address: 00:50:aa:bb:cc:dd (VMWare)

Nmap done: 1 IP address (1 host up) scanned in 4.92 seconds

Starting second scan..
---------------------------------

Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-23 08:01 Central Europe
Standard Time

(Exception, debugger pops up, Access Violation)




Is the whole concept just a really bad idea, or is not nmap_free_memory()
doing enough, which
could be considered as a bug?

I also tried to call nmap_main(..) from main(..), but no difference.

- AW

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: