Nmap Development mailing list archives
Dana's SP2 patch
From: Fyodor <fyodor () insecure org>
Date: Fri, 13 Aug 2004 00:38:11 -0700
Here is Dana's patch for the Windows SP2 problem. Let me know if you
have any suggestions for improvement. For one thing, I suppose the
test should be for NT 5.1sp2 OR LATER instead of checking only for
SP2. Or, maybe MS will come to their senses and remove these silly
limitations for the next version.
-F
diff -ruw nmap-3.55-orig/mswin32/winip/iphlpapi.c nmap-3.55/mswin32/winip/iphlpapi.c
--- nmap-3.55-orig/mswin32/winip/iphlpapi.c 2000-11-07 01:00:56.000000000 -0800
+++ nmap-3.55/mswin32/winip/iphlpapi.c 2004-08-12 18:53:27.000000000 -0700
@@ -21,9 +21,13 @@
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+Update: 12/08/04 = Added hook to support SendARP for XP SP2
+ - Dana Epp (dana () vulscan com)
+
*/
void __declspec(dllexport) __stdcall GetIpAddrTable(int p1, int p2, int p3) {}
void __declspec(dllexport) __stdcall GetIpForwardTable(int p1, int p2, int p3) {}
void __declspec(dllexport) __stdcall GetIfTable(int p1, int p2, int p3) {}
void __declspec(dllexport) __stdcall GetIpNetTable(int p1, int p2, int p3) {}
\ No newline at end of file
+void __declspec(dllexport) __stdcall SendARP( int p1, int p2, int p3, int p4) {}
\ No newline at end of file
diff -ruw nmap-3.55-orig/mswin32/winip/iphlpapi.def nmap-3.55/mswin32/winip/iphlpapi.def
--- nmap-3.55-orig/mswin32/winip/iphlpapi.def 2001-09-08 10:13:08.000000000 -0700
+++ nmap-3.55/mswin32/winip/iphlpapi.def 2004-08-12 17:58:10.000000000 -0700
@@ -19,6 +19,9 @@
;License along with this library; if not, write to the Free Software
;Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+;Update: 12/08/04 = Added hook to support SendARP for XP SP2
+; - Dana Epp (dana () vulscan com)
+
LIBRARY iphlpapi.dll
EXPORTS
@@ -26,3 +29,4 @@
GetIpForwardTable
GetIfTable
GetIpNetTable
\ No newline at end of file
+SendARP
\ No newline at end of file
diff -ruw nmap-3.55-orig/mswin32/winip/iphlpapi.h nmap-3.55/mswin32/winip/iphlpapi.h
--- nmap-3.55-orig/mswin32/winip/iphlpapi.h 2000-11-07 01:00:56.000000000 -0800
+++ nmap-3.55/mswin32/winip/iphlpapi.h 2004-08-12 19:41:15.000000000 -0700
@@ -41,6 +41,7 @@
DWORD __declspec(dllimport) __stdcall GetIpNetTable(PMIB_IPNETTABLE, DWORD*, BOOL);
DWORD __declspec(dllimport) __stdcall GetIpForwardTable(PMIB_IPFORWARDTABLE, DWORD*, BOOL);
DWORD __declspec(dllimport) __stdcall GetIfEntry(PMIB_IFROW);
+DWORD __declspec(dllimport) __stdcall SendARP( int, int, PULONG, PULONG );
#ifdef __cplusplus
diff -ruw nmap-3.55-orig/mswin32/winip/pcapsend.c nmap-3.55/mswin32/winip/pcapsend.c
--- nmap-3.55-orig/mswin32/winip/pcapsend.c 2003-04-19 20:26:26.000000000 -0700
+++ nmap-3.55/mswin32/winip/pcapsend.c 2004-08-12 19:47:49.000000000 -0700
@@ -96,6 +96,8 @@
static void releaseadapter();
static void send_arp(DWORD ifi, DWORD ip);
+static void send_arp_iphlpapi( DWORD ifi, DWORD ip );
+static void send_arp_raw( DWORD ifi, DWORD ip );
static int lookupip(DWORD ip, DWORD ifi);
// ARP cache
@@ -512,9 +514,52 @@
return;
}
-// this needs to change for non-Ethernet
+// Function added to support XP SP2 properly for arp cache
static void send_arp(DWORD ifi, DWORD ip)
{
+ OSVERSIONINFOEX ver;
+ ver.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+ if(!GetVersionEx((LPOSVERSIONINFO)&ver))
+ {
+ ver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+ if(!GetVersionEx((LPOSVERSIONINFO)&ver))
+ fatal("GetVersionEx failed\n");
+
+ ver.wServicePackMajor = 0;
+ ver.wServicePackMinor = 0;
+ }
+
+ if( ver.dwMajorVersion >= 5 && ver.dwMinorVersion == 1 && ver.wServicePackMajor == 2 )
+ {
+ send_arp_iphlpapi( ifi, ip );
+ }
+ else
+ {
+ send_arp_raw( ifi, ip );
+ }
+}
+
+static void send_arp_iphlpapi( DWORD ifi, DWORD ip )
+{
+ HRESULT ret;
+ ULONG uMACAddr[2];
+ ULONG uSize = 6;
+ PBYTE pBuffer;
+ struct in_addr myip;
+
+ ret = SendARP( ip, 0, uMACAddr, &uSize );
+
+ if( NO_ERROR == ret )
+ {
+ pBuffer = (PBYTE)uMACAddr;
+ AddToARPCache( ip, ifi, pBuffer, (int)uSize );
+ }
+
+}
+
+// this needs to change for non-Ethernet
+static void send_arp_raw(DWORD ifi, DWORD ip)
+{
struct arp_hdr arp_h;
LPADAPTER pAdap;
BYTE mymac[6];
@@ -525,7 +570,7 @@
memset(bcastmac, 0xFF, 6);
if(0 != ifi2ipaddr(ifi, &myip))
- fatal("sendarp: failed to find my ip ?!?\n");
+ fatal("send_arp_raw: failed to find my ip ?!?\n");
// get the MAC et al
len = 6;
@@ -534,7 +579,7 @@
{
// do nothing for localhost scan
if(myip.s_addr == 0x0100007f) return;
- else fatal("send_arp: can't send on this interface\n");
+ else fatal("send_arp_raw: can't send on this interface\n");
}
arp_h.ar_hrd=0x0100;
diff -ruw nmap-3.55-orig/mswin32/winip/winip.c nmap-3.55/mswin32/winip/winip.c
--- nmap-3.55-orig/mswin32/winip/winip.c 2004-02-22 14:15:58.000000000 -0800
+++ nmap-3.55/mswin32/winip/winip.c 2004-08-12 16:04:56.000000000 -0700
@@ -379,6 +379,13 @@
rawsock_avail = 0;
}
+ // Disable rawsock support if its XP SP2
+ if( ver.dwMajorVersion >= 5 && ver.dwMinorVersion == 1 && ver.wServicePackMajor == 2 )
+ {
+ winbug = 1;
+ rawsock_avail = 0;
+ }
+
if(pcap_avail)
{
if(wo.trace) printf("***WinIP*** reading winpcap interface list\n");
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Dana's SP2 patch Fyodor (Aug 13)
- <Possible follow-ups>
- RE: Dana's SP2 patch Yonatan Bokovza (Aug 14)