Nmap 3.75 crashing in win95

["Ganga Bhavani" <GBhavani () everdreamcorp com>]

Hi,

  During my testing of latest nmap-3.75, I found that it is crashing on windows 95. During initialization on window 95, 
nmap tries to load iphlpapi.dll and in the case of failure to load this dll, nmap uses inetmib1 instead. The method 
SendARP() in pcapsend.c which makes use of iphlpapi.dll is causing this crash. The older version nmap-3.50 used to work 
as it used to send raw arp packet instead of using SendARP().  I have come up with the following patch which checks 
iphlp_avail and if that dll is not available executes send_raw_arp() (old code for send_arp() to send raw arp packet). 
Please let me if you see any issues with this patch.

Thanks,
Ganga


The diff looks as follows:

--- pcapsend.c.org      2004-11-04 12:50:33.657840200 -0800
+++ pcapsend.c  2004-11-04 13:05:02.383956300 -0800
@@ -99,6 +99,7 @@
 static void releaseadapter();

 static void send_arp(DWORD ifi, DWORD ip);
+static void send_raw_arp(DWORD ifi, DWORD ip);
 static int lookupip(DWORD ip, DWORD ifi);

 //     ARP cache
@@ -113,6 +114,7 @@
 //     For rawsock fallback
 extern SOCKET global_raw_socket;
 extern int rawsock_avail;
+extern int iphlp_avail;

 extern NmapOps o;

@@ -537,6 +539,14 @@
   PBYTE pBuffer;
   struct in_addr myip;

+  /* For windows95 machines that does not load iphlpapi.dll, send raw
+     ARP packet */
+  if( !iphlp_avail )
+    {
+      send_raw_arp(ifi,ip);
+      return;
+    }
+
   ret = SendARP( ip, 0, uMACAddr, &uSize );

   if( NO_ERROR == ret )
@@ -546,6 +556,48 @@
     }
 }

+//      this to send raw arp packet
+static void send_raw_arp(DWORD ifi, DWORD ip)
+{
+        struct arp_hdr  arp_h;
+        LPADAPTER pAdap;
+        BYTE mymac[6];
+        int len;
+        unsigned long mytype;
+        struct in_addr myip;
+        BYTE bcastmac[6];       //      more Ethernet code !
+        memset(bcastmac, 0xFF, 6);
+
+        if(0 != ifi2ipaddr(ifi, &myip))
+                fatal("sendarp: failed to find my ip ?!?\n");
+
+        //      get the MAC et al
+        len = 6;
+        pAdap = if2adapter(ifi, mymac, &len, &mytype);
+        if(!pAdap)
+        {
+                //      do nothing for localhost scan
+                if(myip.s_addr == 0x0100007f) return;
+                else fatal("send_arp: can't send on this interface\n");
+        }
+
+        arp_h.ar_hrd=0x0100;
+
+        arp_h.ar_pro=0x0008;                    /* format of protocol address *
/
+        arp_h.ar_hln=6;                         /* length of hardware address *
/
+    arp_h.ar_pln=4;                         /* length of protocol addres */
+    arp_h.ar_op=0x0100 ;
+        memcpy(arp_h.ar_sha,mymac,6);
+        memcpy(arp_h.ar_spa,&myip.s_addr,4);
+        memset(arp_h.ar_tha,0,6);
+        memcpy(arp_h.ar_tpa,&ip,4);
+
+        realsend(pAdap, (char*)&arp_h, sizeof(arp_h),
+                bcastmac, mymac, len, mytype, ETH_ARP);
+
+        releaseadapter();
+}
+
 //     resolves an ip addr into a nexthop and index
 static int ip2route(const struct in_addr *dest, DWORD *nexthop, DWORD *ifi)
 {

Attachment: pcapsend.c.patch
Description: pcapsend.c.patch

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org