flat assembler
Message board for the users of flat assembler.

Index > Windows > winpcap problems

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
zxcv
Guest




zxcv 28 Dec 2007, 17:09
Code:
push 0
push buff
push 0
push string
call [pcap_findalldevs_ex]
mov ebx, dword [buff]
push 0
push 0
push 0
push 0
push 0
push dword [ebx+4]
call [pcap_open]
push 20
push packet
push eax
call [pcap_sendpacket] ;return -1
add esp, 52
ret
buff db 128 dup ?
packet db 'this is a test not a packet'    

Can someone explain me why it doesnt work? I did all following documentation, i thing smth erong in pcap_open, i dont understand those arguments.
Post 28 Dec 2007, 17:09
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 28 Dec 2007, 19:30
Post 28 Dec 2007, 19:30
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 29 Dec 2007, 07:48
Code:
push 0
push 0
push 1000
push 1 ;#define PCAP_OPENFLAG_PROMISCUOUS   1
push 100
push dword [ebx+4]
call [pcap_open]    

and still -1.
Post 29 Dec 2007, 07:48
Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 29 Dec 2007, 10:07
Doesn't pcap have anything to report information about error? It must have.
Post 29 Dec 2007, 10:07
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
zxcv
Guest




zxcv 29 Dec 2007, 18:39
pcap_sendpacket dont have error argument, open return nothing there
Post 29 Dec 2007, 18:39
Reply with quote
zxcv
Guest




zxcv 30 Dec 2007, 19:10
bump
i was googling for it long time, and only thing i found was the shitty maillist with unanswered questions.
Post 30 Dec 2007, 19:10
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 30 Dec 2007, 19:19
BTW, have you verified that pcap_open returns successfully? Also, perhaps your first device is not available for raw sending? You should check what device you are opening (for example in one of my computers WireShark lists "Adapter for generic dialup and VPN capture" first, not one of the Ethernet adapters).
Post 30 Dec 2007, 19:19
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 30 Dec 2007, 19:27
well, i tried both.
rpcap://\Device\NPF_{386849E5-B765-4BDA-B0CC-81AF2D85EDA2}
rpcap://\Device\NPF_GenericDialupAdapter
-- strings returned by pcap_findalldevs_ex

pcap_open return >0
pcap_sendpacket -1 always
Post 30 Dec 2007, 19:27
Reply with quote
zxcv
Guest




zxcv 04 Jan 2008, 18:55
bump
Post 04 Jan 2008, 18:55
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 04 Jan 2008, 20:13
You also help a little and post complete code so we can test and see what happens easily Smile
Post 04 Jan 2008, 20:13
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 13:45
the code in first post is all io have now.
imports are 100% correct
Code:
push 0
push buff
push 0
push string
call [pcap_findalldevs_ex]
;return 0

mov ebx, dword [buff]
push 0
push 0
push 0
push 0
push 0
push dword [ebx+4]
call [pcap_open]
;return 0, so device is correct


push 10
push packet
push eax
call [pcap_sendpacket]
;return -1, wtf!

add esp, 52
ret
buff db 128 dup ?
packet db '0123456789'
string db 'rpcap://',0    
Post 05 Jan 2008, 13:45
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 14:28
No zxcv, I said complete code, I want (and I bet others too) to copy&paste and test. At least provide minimal code that compiles with fasm for Windows package.
Post 05 Jan 2008, 14:28
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 17:01
Code:
format pe console
section '.code' code executable readable
push 512
call [malloc]
mov ebx, eax
push 20
call [malloc]
mov esi, eax
push ebx
push esi
push 0
push string
mov byte [ebx], 0
call [pcap_findalldevs_ex]
push eax
push ebx
push f
call [printf]
push ebx
push 0
push 0
push 0
push 0
mov eax, dword [esi]
push dword [eax+4]
mov byte [ebx], 0
call [pcap_open]
mov edi, eax
push eax
push ebx
push f
call [printf]
push 3
push string
push edi
call [pcap_sendpacket]
push eax
push 0
push f
call [printf]
push ebx
call [free]
push esi
call [free]
add esp, 104
ret
section '.data' data readable writeable
f db 'ERROR: %s',13,10,'RETURN: %i',13,10,13,10,0
string db 'rpcap://',0
section '.idata' import data readable
dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table
dd 0,0,0,RVA wpcap_name,RVA wpcap_table
dd 0,0,0,0,0
msvcrt_table:
printf dd RVA _printf
malloc dd RVA _malloc
free dd RVA _free
dd 0
wpcap_table:
pcap_findalldevs_ex dd RVA _pcap_findalldevs_ex
pcap_sendpacket dd RVA _pcap_sendpacket
pcap_open dd RVA _pcap_open
dd 0
msvcrt_name db 'msvcrt.dll',0
wpcap_name db 'wpcap.dll',0
_printf db 0,0,'printf',0
_malloc db 0,0,'malloc',0
_free db 0,0,'free',0
_pcap_findalldevs_ex db 0,0,'pcap_findalldevs_ex',0
_pcap_sendpacket db 0,0,'pcap_sendpacket',0
_pcap_open db 0,0,'pcap_open',0    
Post 05 Jan 2008, 17:01
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 18:23
Quote:
ERROR:
RETURN: 0

ERROR:
RETURN: 8200856

ERROR: (null)
RETURN: 0


And WireShark says:
Quote:
3 0.469679 Ethernet [Malformed Packet]
0000 72 70 63 rpc



Perhaps your network adapter driver refuses to send malformed packets (and perhaps even my network driver reports that all is OK but later the hardware doesn't sends anything). I tried the following changes to silent the "[Malformed Packet]" warns:
Code:
; Replaced call to send with:
push sizeof.data_to_send
push data_to_send
push edi 
call [pcap_sendpacket] 

; added:
data_to_send db 1, 1, 1, 1, 1, 1,\ ; source MAC
                2, 2, 2, 2, 2, 2   ; dest MAC
             dw $0800              ; protocol type
times 46/4   dd "fasm"             ; data (46 bytes is the minimun amount of bytes accepted for Ethernet and altough I haven't recieved any warning by using less bytes I suggest to never send less anyway).

sizeof.data_to_send = $ - data_to_send 
    


Try with that, make sure that the device you open is REALLY your Ethernet card and if it still fails then try sending a fully legal TCP/IP packet

[edit]I forgot to ask: Have you installed WinPcap or you are just using the DLL? WireShark works on your PC?[/edit]

[edit2]Added missing line of code[/edit2]


Last edited by LocoDelAssembly on 05 Jan 2008, 18:54; edited 1 time in total
Post 05 Jan 2008, 18:23
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 18:49
Quote:
WireShark works on your PC?

yes

Quote:
Have you installed WinPcap or you are just using the DLL?

if i hadnt install winpcap, other functions would rtn -1

ive added mov eax, dword [eax] to get 2nd adapter and:
Code:
ERROR:
RETURN: 0

ERROR:
RETURN: 4136896

ERROR: (null)
RETURN: -1    


Code:
format pe console
section '.code' code executable readable
push 512
call [malloc]
mov ebx, eax
push 20
call [malloc]
mov esi, eax
push ebx
push esi
push 0
push string
mov byte [ebx], 0
call [pcap_findalldevs_ex]
push eax
push ebx
push f
call [printf]
push ebx
push 0
push 0
push 0
push 0
mov eax, dword [esi]
mov eax, dword [eax]
push dword [eax+4]
mov byte [ebx], 0
call [pcap_open]
mov edi, eax
push eax
push ebx
push f
call [printf]
push 69
push packet
push edi
call [pcap_sendpacket]
push eax
push 0
push f
call [printf]
push ebx
call [free]
push esi
call [free]
add esp, 104
ret
section '.data' data readable writeable
packet db 0x8a, 0x09, 0x20, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x37, 0xa4, 0xb6, 0x00, 0x00, 0x80, 0x11, 0x69, 0xcf, 0x57, 0xcf, 0x57, 0xcd, 0xaf, 0x4c, 0xd5, 0xf1, 0x4f, 0x25, 0x05, 0x49, 0x00, 0x35, 0x00, 0x23, 0x50, 0xf9, 0xc7, 0x4d, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x02, 0x70, 0x6c, 0x00, 0x00, 0x01, 0x00, 0x01
f db 'ERROR: %s',13,10,'RETURN: %i',13,10,13,10,0
string db 'rpcap://',0
section '.idata' import data readable
dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table
dd 0,0,0,RVA wpcap_name,RVA wpcap_table
dd 0,0,0,0,0
msvcrt_table:
printf dd RVA _printf
malloc dd RVA _malloc
free dd RVA _free
dd 0
wpcap_table:
pcap_findalldevs_ex dd RVA _pcap_findalldevs_ex
pcap_sendpacket dd RVA _pcap_sendpacket
pcap_open dd RVA _pcap_open
pcap_geterr dd RVA _pcap_geterr
dd 0
msvcrt_name db 'msvcrt.dll',0
wpcap_name db 'wpcap.dll',0
_printf db 0,0,'printf',0
_malloc db 0,0,'malloc',0
_free db 0,0,'free',0
_pcap_findalldevs_ex db 0,0,'pcap_findalldevs_ex',0
_pcap_sendpacket db 0,0,'pcap_sendpacket',0
_pcap_open db 0,0,'pcap_open',0
_pcap_geterr db 0,0,'pcap_geterr',0    


did i tell you it hungs?

im using latest version of winpcap:
Code:
WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5    


maybe my adapter send data, but wireshark dont cach it, and sendpacket return -1, but i dont accept it, thers smth wrong smwere else.

im using usb sagem 800.


i cant compile your example

push sizeof.data_to_send
error: undefined symbol.


edit:
i forgot about pcap_geterr

after pcap_sendpacket it returned:
send error: PacketSendPacket failed
Post 05 Jan 2008, 18:49
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 19:03
Sorry, I missed one line of code when I copied. Check now.

Quote:
im using usb sagem 800.


USB Ethernet???? Although it is possibly an ADSL modem that you use with PPPoE it perhaps doesn't support raw Ethernet sending. You will have to capture with Wireshark a frame that goes to Internet and then send an exact copy of it in your program to see if it continues to fail. But first try my code and if fails try using as protocol type 0x8863 and later 0x8864 if still fails.
Post 05 Jan 2008, 19:03
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 19:31
Code:
You will have to capture with Wireshark a frame that goes to Internet and then send an exact copy of it in your program to see if it continues to fail.    

check my code, dns query

Quote:
USB Ethernet????

adsl modem

Howewer hardware dont know whats ip, arp or tcp, it just send data. So it must be possible to send anything. But i always have uncommon errors Sad
Post 05 Jan 2008, 19:31
Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 05 Jan 2008, 19:42
lol I lov the giant packet string of bytes Smile so if the hardware you're using doesn't know IP and stuff, how is it supposed to form the packet header? I haven't ever done internet stuff before, but I know that's common sense to have a header on anything these days Very Happy
Post 05 Jan 2008, 19:42
View user's profile Send private message Visit poster's website Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 19:45
Quote:
so if the hardware you're using doesn't know IP and stuff, how is it supposed to form the packet header?

isnt that software part?
Post 05 Jan 2008, 19:45
Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 05 Jan 2008, 19:50
Nice timing on response, I haven't done internet stuff before, and IDK if you're libarary there will do it for you Smile. So if you're sending it across an ethernet wire, set up a little hardware LED circuit to catch the traffic you're sending. Another thing, isn't Windows kind of crazy when it comes to using USB com ports? I've had a lot of troubles with hardware I've tried to use in the past, maybe when the software you're using is supposed to be installed it sets up some sort of required registry key or port setting in windows? No way to know except to check (lol) the documentation or spend a few days reading the thousands of lines of code in that library Smile. Just a thought...

[EDIT]: Is there some sort of driver package that comes with the software? It looks like you're only using the DLL or something, you should take a more patient approach and make something utilizing the Windows API just to make sure it's not Windows itself. I had to manually put in drivers, comm ports, and the dll's in the right locations when I had to get my nice TI-89 using USB to the computer.


Last edited by AlexP on 05 Jan 2008, 19:54; edited 1 time in total
Post 05 Jan 2008, 19:50
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.