flat assembler
Message board for the users of flat assembler.
Index
> Windows > winpcap problems Goto page 1, 2 Next |
Author |
|
LocoDelAssembly 28 Dec 2007, 19:30
Try following this example http://www.winpcap.org/docs/docs_40_2/html/group__wpcap__tut8.html
|
|||
28 Dec 2007, 19:30 |
|
zxcv 29 Dec 2007, 07:48
Code: push 0 push 0 push 1000 push 1 ;#define PCAP_OPENFLAG_PROMISCUOUS 1 push 100 push dword [ebx+4] call [pcap_open] and still -1. |
|||
29 Dec 2007, 07:48 |
|
vid 29 Dec 2007, 10:07
Doesn't pcap have anything to report information about error? It must have.
|
|||
29 Dec 2007, 10:07 |
|
zxcv 29 Dec 2007, 18:39
pcap_sendpacket dont have error argument, open return nothing there
|
|||
29 Dec 2007, 18:39 |
|
zxcv 30 Dec 2007, 19:10
bump
i was googling for it long time, and only thing i found was the shitty maillist with unanswered questions. |
|||
30 Dec 2007, 19:10 |
|
LocoDelAssembly 30 Dec 2007, 19:19
BTW, have you verified that pcap_open returns successfully? Also, perhaps your first device is not available for raw sending? You should check what device you are opening (for example in one of my computers WireShark lists "Adapter for generic dialup and VPN capture" first, not one of the Ethernet adapters).
|
|||
30 Dec 2007, 19:19 |
|
zxcv 30 Dec 2007, 19:27
|
|||
30 Dec 2007, 19:27 |
|
zxcv 04 Jan 2008, 18:55
bump
|
|||
04 Jan 2008, 18:55 |
|
LocoDelAssembly 04 Jan 2008, 20:13
You also help a little and post complete code so we can test and see what happens easily
|
|||
04 Jan 2008, 20:13 |
|
zxcv 05 Jan 2008, 13:45
the code in first post is all io have now.
imports are 100% correct Code: push 0 push buff push 0 push string call [pcap_findalldevs_ex] ;return 0 mov ebx, dword [buff] push 0 push 0 push 0 push 0 push 0 push dword [ebx+4] call [pcap_open] ;return 0, so device is correct push 10 push packet push eax call [pcap_sendpacket] ;return -1, wtf! add esp, 52 ret buff db 128 dup ? packet db '0123456789' string db 'rpcap://',0 |
|||
05 Jan 2008, 13:45 |
|
LocoDelAssembly 05 Jan 2008, 14:28
No zxcv, I said complete code, I want (and I bet others too) to copy&paste and test. At least provide minimal code that compiles with fasm for Windows package.
|
|||
05 Jan 2008, 14:28 |
|
zxcv 05 Jan 2008, 17:01
Code: format pe console section '.code' code executable readable push 512 call [malloc] mov ebx, eax push 20 call [malloc] mov esi, eax push ebx push esi push 0 push string mov byte [ebx], 0 call [pcap_findalldevs_ex] push eax push ebx push f call [printf] push ebx push 0 push 0 push 0 push 0 mov eax, dword [esi] push dword [eax+4] mov byte [ebx], 0 call [pcap_open] mov edi, eax push eax push ebx push f call [printf] push 3 push string push edi call [pcap_sendpacket] push eax push 0 push f call [printf] push ebx call [free] push esi call [free] add esp, 104 ret section '.data' data readable writeable f db 'ERROR: %s',13,10,'RETURN: %i',13,10,13,10,0 string db 'rpcap://',0 section '.idata' import data readable dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table dd 0,0,0,RVA wpcap_name,RVA wpcap_table dd 0,0,0,0,0 msvcrt_table: printf dd RVA _printf malloc dd RVA _malloc free dd RVA _free dd 0 wpcap_table: pcap_findalldevs_ex dd RVA _pcap_findalldevs_ex pcap_sendpacket dd RVA _pcap_sendpacket pcap_open dd RVA _pcap_open dd 0 msvcrt_name db 'msvcrt.dll',0 wpcap_name db 'wpcap.dll',0 _printf db 0,0,'printf',0 _malloc db 0,0,'malloc',0 _free db 0,0,'free',0 _pcap_findalldevs_ex db 0,0,'pcap_findalldevs_ex',0 _pcap_sendpacket db 0,0,'pcap_sendpacket',0 _pcap_open db 0,0,'pcap_open',0 |
|||
05 Jan 2008, 17:01 |
|
LocoDelAssembly 05 Jan 2008, 18:23
Quote: ERROR: And WireShark says: Quote: 3 0.469679 Ethernet [Malformed Packet] Perhaps your network adapter driver refuses to send malformed packets (and perhaps even my network driver reports that all is OK but later the hardware doesn't sends anything). I tried the following changes to silent the "[Malformed Packet]" warns: Code: ; Replaced call to send with: push sizeof.data_to_send push data_to_send push edi call [pcap_sendpacket] ; added: data_to_send db 1, 1, 1, 1, 1, 1,\ ; source MAC 2, 2, 2, 2, 2, 2 ; dest MAC dw $0800 ; protocol type times 46/4 dd "fasm" ; data (46 bytes is the minimun amount of bytes accepted for Ethernet and altough I haven't recieved any warning by using less bytes I suggest to never send less anyway). sizeof.data_to_send = $ - data_to_send Try with that, make sure that the device you open is REALLY your Ethernet card and if it still fails then try sending a fully legal TCP/IP packet [edit]I forgot to ask: Have you installed WinPcap or you are just using the DLL? WireShark works on your PC?[/edit] [edit2]Added missing line of code[/edit2] Last edited by LocoDelAssembly on 05 Jan 2008, 18:54; edited 1 time in total |
|||
05 Jan 2008, 18:23 |
|
zxcv 05 Jan 2008, 18:49
Quote: WireShark works on your PC? yes Quote: Have you installed WinPcap or you are just using the DLL? if i hadnt install winpcap, other functions would rtn -1 ive added mov eax, dword [eax] to get 2nd adapter and: Code: ERROR: RETURN: 0 ERROR: RETURN: 4136896 ERROR: (null) RETURN: -1 Code: format pe console section '.code' code executable readable push 512 call [malloc] mov ebx, eax push 20 call [malloc] mov esi, eax push ebx push esi push 0 push string mov byte [ebx], 0 call [pcap_findalldevs_ex] push eax push ebx push f call [printf] push ebx push 0 push 0 push 0 push 0 mov eax, dword [esi] mov eax, dword [eax] push dword [eax+4] mov byte [ebx], 0 call [pcap_open] mov edi, eax push eax push ebx push f call [printf] push 69 push packet push edi call [pcap_sendpacket] push eax push 0 push f call [printf] push ebx call [free] push esi call [free] add esp, 104 ret section '.data' data readable writeable packet db 0x8a, 0x09, 0x20, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x37, 0xa4, 0xb6, 0x00, 0x00, 0x80, 0x11, 0x69, 0xcf, 0x57, 0xcf, 0x57, 0xcd, 0xaf, 0x4c, 0xd5, 0xf1, 0x4f, 0x25, 0x05, 0x49, 0x00, 0x35, 0x00, 0x23, 0x50, 0xf9, 0xc7, 0x4d, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x02, 0x70, 0x6c, 0x00, 0x00, 0x01, 0x00, 0x01 f db 'ERROR: %s',13,10,'RETURN: %i',13,10,13,10,0 string db 'rpcap://',0 section '.idata' import data readable dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table dd 0,0,0,RVA wpcap_name,RVA wpcap_table dd 0,0,0,0,0 msvcrt_table: printf dd RVA _printf malloc dd RVA _malloc free dd RVA _free dd 0 wpcap_table: pcap_findalldevs_ex dd RVA _pcap_findalldevs_ex pcap_sendpacket dd RVA _pcap_sendpacket pcap_open dd RVA _pcap_open pcap_geterr dd RVA _pcap_geterr dd 0 msvcrt_name db 'msvcrt.dll',0 wpcap_name db 'wpcap.dll',0 _printf db 0,0,'printf',0 _malloc db 0,0,'malloc',0 _free db 0,0,'free',0 _pcap_findalldevs_ex db 0,0,'pcap_findalldevs_ex',0 _pcap_sendpacket db 0,0,'pcap_sendpacket',0 _pcap_open db 0,0,'pcap_open',0 _pcap_geterr db 0,0,'pcap_geterr',0 did i tell you it hungs? im using latest version of winpcap: Code: WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5 maybe my adapter send data, but wireshark dont cach it, and sendpacket return -1, but i dont accept it, thers smth wrong smwere else. im using usb sagem 800. i cant compile your example push sizeof.data_to_send error: undefined symbol. edit: i forgot about pcap_geterr after pcap_sendpacket it returned: send error: PacketSendPacket failed |
|||
05 Jan 2008, 18:49 |
|
LocoDelAssembly 05 Jan 2008, 19:03
Sorry, I missed one line of code when I copied. Check now.
Quote: im using usb sagem 800. USB Ethernet???? Although it is possibly an ADSL modem that you use with PPPoE it perhaps doesn't support raw Ethernet sending. You will have to capture with Wireshark a frame that goes to Internet and then send an exact copy of it in your program to see if it continues to fail. But first try my code and if fails try using as protocol type 0x8863 and later 0x8864 if still fails. |
|||
05 Jan 2008, 19:03 |
|
zxcv 05 Jan 2008, 19:31
Code: You will have to capture with Wireshark a frame that goes to Internet and then send an exact copy of it in your program to see if it continues to fail. check my code, dns query Quote: USB Ethernet???? adsl modem Howewer hardware dont know whats ip, arp or tcp, it just send data. So it must be possible to send anything. But i always have uncommon errors |
|||
05 Jan 2008, 19:31 |
|
AlexP 05 Jan 2008, 19:42
lol I lov the giant packet string of bytes so if the hardware you're using doesn't know IP and stuff, how is it supposed to form the packet header? I haven't ever done internet stuff before, but I know that's common sense to have a header on anything these days
|
|||
05 Jan 2008, 19:42 |
|
zxcv 05 Jan 2008, 19:45
Quote: so if the hardware you're using doesn't know IP and stuff, how is it supposed to form the packet header? isnt that software part? |
|||
05 Jan 2008, 19:45 |
|
AlexP 05 Jan 2008, 19:50
Nice timing on response, I haven't done internet stuff before, and IDK if you're libarary there will do it for you . So if you're sending it across an ethernet wire, set up a little hardware LED circuit to catch the traffic you're sending. Another thing, isn't Windows kind of crazy when it comes to using USB com ports? I've had a lot of troubles with hardware I've tried to use in the past, maybe when the software you're using is supposed to be installed it sets up some sort of required registry key or port setting in windows? No way to know except to check (lol) the documentation or spend a few days reading the thousands of lines of code in that library . Just a thought...
[EDIT]: Is there some sort of driver package that comes with the software? It looks like you're only using the DLL or something, you should take a more patient approach and make something utilizing the Windows API just to make sure it's not Windows itself. I had to manually put in drivers, comm ports, and the dll's in the right locations when I had to get my nice TI-89 using USB to the computer. Last edited by AlexP on 05 Jan 2008, 19:54; edited 1 time in total |
|||
05 Jan 2008, 19:50 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.