Nmap Development mailing list archives
Re: nping localhost
From: Luis MartinGarcia <luis.mgarc () gmail com>
Date: Sun, 2 Oct 2016 11:44:33 +0100
Great work! Luis -- Sent from a mobile phone. Please excuse typos and brevity. On 2 Oct 2016 11:20 a.m., "食肉大灰兔V5" <hsluoyz () gmail com> wrote:
Hi list, I confirmed that this issue. It should be Nping's bug. This is because in Nping's win_init(), Npcap DLL's path is NOT added because NpingOps->isRoot == 0. isRoot == 0 is because isRoot is set in o.validateOptions() call, and this function is even not called when win_init() executes. The order is wrong. win_init() should be placed after o.validateOptions() just like what Nmap did. NmapOps->isR00t is initialized to 1 in NmapOps::Initialize(). And keeps that way in parse_options(argc, argv); Then win_init() gets called, and everything is fine. But why didn't we find this issue before? This is because the *pcap_driver* var in win_init() was not initialized to 0 before. So it is probably not 0 at that time. And this covers this bug. But this commit: https://github.com/nmap/nmap/commit/3a01e58f36cf395e707dc5f4b3fe07 bc3c338ce1 fixed it by *pcap_driver = 0. *So this bug comes out. The fix to this issue is very simple. Just do what Nmap did to Nping. Put win_init() call after o.validateOptions(). After doing this, the nping becomes good with "nping 127.0.0.1". Cheers, Yang -------------------------------------------------------------------- The code is shown as below: https://github.com/nmap/nmap/blob/master/nping/nping.cc#L178 1) nping.cc /* Init a few things on Windows */ #ifdef WIN32 win_pre_init(); win_init(); <----------------------------- at this function, the folder of wpcap.dll is added to the process's DLL search list. #endif /* Register the SIGINT signal so when the users presses CTRL-C we print stats * before quitting. */ #if HAVE_SIGNAL signal(SIGINT, signal_handler); #endif /* Let's parse and validate user supplied args */ a.parseArguments(argc, argv); o.validateOptions(); <------------------------------ 2) winfix.cc of Nping /* Requires that win_pre_init() has already been called, also that options processing has been done so that o.debugging is available */ void win_init() { // variables DWORD cb = 0; DWORD nRes; OSVERSIONINFOEX ver; PMIB_IPADDRTABLE pIp = 0; int i; int numipsleft; int pcap_driver = PCAP_DRIVER_NONE; <------------------------------ init value = 0 init_dll_path(); ver.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); if(!GetVersionEx((LPOSVERSIONINFO)&ver)) { ver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if(!GetVersionEx((LPOSVERSIONINFO)&ver)) fatal("GetVersionEx failed\n"); ver.wServicePackMajor = 0; ver.wServicePackMinor = 0; } // Try to initialize winpcap #ifdef _MSC_VER __try #endif { HANDLE pcapMutex; DWORD wait; ULONG len = sizeof(pcaplist); o.have_pcap = true; if(o.debugging > 2) printf("Trying to initialize Windows pcap engine\n"); /* o.isr00t will be false at this point if the user asked for --unprivileged. In that case don't bother them with a potential UAC dialog when starting NPF. */ if (o.isr00t) { <------------------------------------ isr00t == 0, so the code does not go into this condition if (start_service("npcap")) pcap_driver = PCAP_DRIVER_NPCAP; else if (start_service("npf")) pcap_driver = PCAP_DRIVER_WINPCAP; else { if (o.debugging) { error("Unable to start either npcap or npf service"); } pcap_driver = PCAP_DRIVER_NONE; o.have_pcap = false; } } if (pcap_driver == PCAP_DRIVER_NPCAP) <-------------------- pcap_driver == 0, so not go into init_npcap_dll_path() function init_npcap_dll_path(); 3) nmap.cc main #ifdef WIN32 win_pre_init(); #endif parse_options(argc, argv); <------------------------ keep o.isR00t == 1 tty_init(); // Put the keyboard in raw mode #ifdef WIN32 // Must come after parse_options because of --unprivileged // Must come before apply_delayed_options because it sets o.isr00t win_init(); <-------------------------- set Npcap's folder #endif On Sun, Oct 2, 2016 at 4:49 PM, Michael D. Lawler <mdlawler () lawlers us> wrote:The only copy of wpcap.dll that I see on my system is in c:\windows\system32\npcap\wpcap.dll At 04:45 AM 10/2/2016, Gisle Vanem wrote:Michael D. Lawler wrote:I get the same results as the original poster when nping.exe is inc:\windows\system32\npcap and when it is not I getthis. I also get the issue when I ping other hosts on my network notjust localhost.WARNING: Could not import all necessary Npcap functions. You may needto upgrade to version 0.07 or higher fromhttp://www.npcap.org <http://www.npcap.org/> . Resorting toconnect() mode Because nping/winfix.cc calls '__HrLoadAllImportsForDll()' on the wrong wpcap.dll. You may have a shadow wpcap.dll in your PATH? It's IMHO better to avoid delay-loading completely. -- --gv _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- Michael D. Lawler email mailto:mdlawler () lawlers us _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nping localhost 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: nping localhost Michael D. Lawler (Oct 02)
- Message not available
- Re: nping localhost Michael D. Lawler (Oct 02)
- Re: nping localhost Gisle Vanem (Oct 02)
- Re: nping localhost Michael D. Lawler (Oct 02)
- Re: nping localhost 食肉大灰兔V5 (Oct 02)
- Re: nping localhost Luis MartinGarcia (Oct 02)
- Re: nping localhost Michael D. Lawler (Oct 02)
- Message not available