Nmap Development mailing list archives
RE: NPCAP Blue screen
From: "Luff, Vince" <vince.luff () anite com>
Date: Mon, 29 Feb 2016 12:59:31 +0000
Hi, In the Virtual PC settings, I assign one of the adaptors to be the “Microsoft Loopback Adaptor”. This adaptor is then used to create a TCP connection between the Win7 machine and the NetBSD OS running on the virtual machine. [cid:image001.png@01D172F1.07AD55A0] Please let me know if I have not answered your question fully. Regards, Vince From: 食肉大灰兔V5 [mailto:hsluoyz () gmail com] Sent: 29 February 2016 12:53 To: Luff, Vince Cc: dev () nmap org; Piekarski, Pawel Subject: Re: NPCAP Blue screen Hi Luff, I think your code simply create a loopback adapter using "devcon.exe install Inf\\Netloop.inf *msloop" command. But what do you mean by "Microsoft Loopback Adapter which is used for a virtual machine" in your first post? How to connect this loopback adapter with your Virtual PC VM? The second issue is fixed in the latest Npcap 0.05 R16: https://github.com/nmap/npcap/releases Cheers, Yang On Mon, Feb 29, 2016 at 7:56 PM, Luff, Vince <vince.luff () anite com<mailto:vince.luff () anite com>> wrote: Hi Yang, Thank you for the bug fix. When will this be in a release? I am using Windows Virtual PC, 32 bit from Microsoft: https://www.microsoft.com/en-gb/download/details.aspx?id=3702 We install the Microsoft Loopback Adaptor as follows: public bool InstallNewMsLoopBackAdpt() { bool retVal = true; if (!File.Exists(Constants.File_DevconFile)) // File_DevconFile points to Devcon.exe (https://msdn.microsoft.com/en-us/library/windows/hardware/ff544707(v=vs.85).aspx ) { DebugLog.WriteLine("ERROR : Installation files not copied properly", true); return false; } /// string IniFilePath = Environment.GetFolderPath(Environment.SpecialFolder.Windows); IniFilePath = Path.Combine(IniFilePath, "Inf\\Netloop.inf"); string parameter = "install " + IniFilePath + " *MSLOOP"; string resp = ConsoleCmd.run(Constants.File_DevconFile, parameter, 2); if (!resp.Contains("Drivers updated successfully")) { DebugLog.WriteLine("ERROR : Failed to create loop back NIC ", true); return false; } return retVal; } Regards, Vince From: 食肉大灰兔V5 [mailto:hsluoyz () gmail com<mailto:hsluoyz () gmail com>] Sent: 28 February 2016 15:31 To: Luff, Vince Cc: dev () nmap org<mailto:dev () nmap org>; Piekarski, Pawel Subject: Re: NPCAP Blue screen Hi Luff, Using reverse engineering technique, I'm able to analyze those dump files now. The 1st dump file is a KERNEL_MODE_EXCEPTION_NOT_HANDLED_M BSoD. It's caused by the NdisFOidRequest call in NPF_GetDeviceMTU function of Openclos.c. This is a known issue. I posted a question in stackoverflow: http://stackoverflow.com/questions/31869373/get-system-service-exception-bluescreen-when-starting-wireshark-on-win10-vmware. But still no answers. I want to know which virtual machine software you are using. VMware Workstation or VirtualBox, and its version? What are the exact steps you used to bind a Microsoft Loopback Adapter to your virtual machine? I know that virtualization softwares usually create some adapters for networking. But I didn't know that they can use Microsoft Loopback Adapter? The 2nd and 3rd dump files points to the same issue, which is caused by a illegal memory read bug in the driver. I have fixed this bug in: https://github.com/nmap/npcap/commit/eafa222e8367024c96c6c17fb7f6db9a25658863. Cheers, Yang On Sun, Feb 28, 2016 at 6:34 PM, 食肉大灰兔V5 <hsluoyz () gmail com<mailto:hsluoyz () gmail com>> wrote: Hi Luff, First thanks for the report! Unfortunately Npcap has updated to VS2015 Update1, WDK 10 10586 and SDK 10 10586 since version 0.05 R11. Versions prior to 0.05 R11 needs to be built with the legacy WDK 10 10240 and SDK 10 10240, which I both already uninstalled (and I don't have those installers kept). Currently Microsoft only has the link to the latest WDK and SDK (which is 10586). So it's impossible for me to recompile that version's binaries for now. So without those built debug symbols I can't analyze the cause of the BSoD. So I wonder would you mind to reproduce the BSoD in a recent Npcap version? The latest 0.05 R14 is best. But a version not prior than 0.05 R11 is also OK. Thanks! Cheers, Yang On Tue, Feb 23, 2016 at 5:57 PM, Luff, Vince <vince.luff () anite com<mailto:vince.luff () anite com>> wrote: Hello, I am using Npcap on Windows7 32bit SP1, and have seen a blue screen 3 times over the past month. I’ve attached the .dmp files: Date of crash NPCAP version DMP file Suspected file 29 Jan 0.05 r3 012916-15038-01.dmp npf.sys 4 Feb 0.05 r3 020416-15428-01.dmp npf.sys 10 Feb 0.05 r10 curr021016-18252-01.dmp npcap.sys When these crashes happened I was tracing two adaptors simultaneously using tshark. One of them was a Microsoft Loopback Adapter which is used for a virtual machine. Since I got the third crash I disabled tracing on the Microsoft Loopback Adapter and have not had a blue screen since. Please let me know if I should provide more information. By the way, I work for telecoms company Anite Telecoms in the UK. Regards, Vince Luff. Please refer to www.anite.com<http://www.anite.com/> for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast<http://www.mimecast.co.uk>. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ Scanned for viruses by Mimecast<http://www.mimecast.co.uk/>. Please refer to www.anite.com<http://www.anite.com/> for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast<http://www.mimecast.co.uk>. Scanned for viruses by Mimecast<http://www.mimecast.co.uk/>. Please refer to www.anite.com for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NPCAP Blue screen Luff, Vince (Feb 25)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)
- RE: NPCAP Blue screen Luff, Vince (Feb 29)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 29)
- RE: NPCAP Blue screen Luff, Vince (Feb 29)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 29)
- Message not available
- Re: NPCAP Blue screen 食肉大灰兔V5 (Mar 03)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)