flat assembler
Message board for the users of flat assembler.
Index
> Windows > winpcap problems Goto page Previous 1, 2 |
Author |
|
zxcv 05 Jan 2008, 19:53
I was thinking to send instructions through usb port, somehow... But i dont know how =/
So im on winpcap now, thanx to microsoft =/ |
|||
05 Jan 2008, 19:53 |
|
LocoDelAssembly 05 Jan 2008, 20:24
zxcv, your new code crashes at "push dword [eax+4]" and by changing to "lea eax, [eax+4] / push eax" the program crashes in a copy routine inside the DLL.
Check copying and pasting and running your posted code to check if it happens only on my side. [edit]BTW, using the old code to send your new packet gives me:Length: 53 (bogus, payload length 35)[/edit] |
|||
05 Jan 2008, 20:24 |
|
zxcv 05 Jan 2008, 21:51
Quote: zxcv, your new code crashes at "push dword [eax+4]" and by changing to "lea eax, [eax+4] / push eax" the program crashes in a copy routine inside the DLL. what do you mean? what lea? i never used lea before, i didnt even understand purpose of if. |
|||
05 Jan 2008, 21:51 |
|
LocoDelAssembly 05 Jan 2008, 21:55
Gets the address, is like mov but instead of retrieve the memory contents it store the calculated address (LEA = load effective address).
Anyway, even without the modification the program crashes. |
|||
05 Jan 2008, 21:55 |
|
zxcv 05 Jan 2008, 22:38
Code: mov eax, buffer Code: lea eax, buffer |
|||
05 Jan 2008, 22:38 |
|
LocoDelAssembly 05 Jan 2008, 23:09
yes, but it has not much sense to use on those cases. It is better in things like this
Code: mov eax, ebp sub eax, 4 push eax call func = Code: lea eax, [ebp-4] push eax call func |
|||
05 Jan 2008, 23:09 |
|
zxcv 05 Jan 2008, 23:14
ok, and what about my problem? I understand that winpcap isnt way to raw packet on adsl hardware.
|
|||
05 Jan 2008, 23:14 |
|
LocoDelAssembly 05 Jan 2008, 23:55
Don't know, didn't work anything I said before? Try sending raw data starting from IP layer (so no Ethernet, no PPP and no PPPoE).
Have you tested if nmap for Windows works for you? Try doing the tests that requires the use of raw TCP which uses WinPcap, if nmap does not succeeds then I think you are really out of luck. |
|||
05 Jan 2008, 23:55 |
|
LocoDelAssembly 06 Jan 2008, 01:11
Try this
Code: include 'win32a.inc' format pe console push ebx cinvoke pcap_findalldevs_ex, string, 0, pDevList, errbuf cinvoke printf, f, errbuf, eax mov eax, dword [pDevList] mov byte [errbuf], 0 cinvoke pcap_open, [eax+4], 0, 0, 0, 0, errbuf mov ebx, eax cinvoke printf, f, errbuf, eax cinvoke pcap_sendpacket, ebx, data_to_send, sizeof.data_to_send cinvoke printf, f, NULL, eax pop ebx ret f db 'ERROR: %s',13,10,'RETURN: %i',13,10,13,10,0 string db 'rpcap://',0 ; http://www.cs.utk.edu/~cs594np/unp/checksum.html macro checksum address, len, res_var { local datum, length, p, sum p = address sum = 0 length = len while length > 1 load datum word from p p = p + 2 sum = sum + datum if sum and $80000000 ; /* if high order bit set, fold */ sum = (sum and 0xFFFF) + (sum shr 16) end if length = length - 2 end while if length ; /* take care of left over byte */ load datum byte from p sum = sum + datum end if while sum shr 16 sum = (sum and 0xFFFF) + (sum shr 16) end while res_var = not sum and $FFFF } ethernet = 1 ; Set to zero to remove Ethernet layer ;;;;;;;;;;;;;;;;;;;;;;;;;;;;; PACKET/FRAME ;;;;;;;;;;;;;;;;;;;;;;;; data_to_send: if ethernet Ethernet: .Destination_MAC db $02, $E0, $7D, $EC, $2A, $CA ; Put the MAC address of your gateway here .Source_MAC db $00, $11, $09, $D1, $69, $22 ; Put your real MAC address here to improve chances of success .Type db $08, $00 ; If you change to PPPoE you will need to add the PPPoE and PPP layers below end if IP: .Version_and_IHL db (4 shl 4) or 5 .TOS db 0 .Total_Length db (data_end-IP) shr 8, (data_end-IP) and $FF .Identification dw $3412 .Flags_and_Fragment_Offset dw 0 .TLL db 64 .Protocol db $11 ; UDP .Checksum dw 0 .Source_Address db 192, 168, 0, 38 ; Put your real IP here .Destination_Address db 208, 67, 222, 222 ; OpenDNS nameserver UDP: .Source_Port db $34, $12 .Destination_Port db 0, 53 .Length db (data_end-UDP) shr 8, (data_end-UDP) and $FF .Checksum dw 0 ; Since it is optional it will remain zero DNS: .Transaction_ID dw $0100 .Flags db 1, 0 .Questions db 0, 1 .Im_Tired dw 0, 0, 0 .Name db @f - $-1, "google" @@: db @f - $-1, "com" @@: db @f - $-1, "ar" @@: db 0 .Type db 00, 01 .Class db 00, 01 data_end: sizeof.data_to_send = $ - data_to_send checksum IP, UDP-IP, ip_checksum store word ip_checksum at IP.Checksum align 4 ; Just to be safe data import library msvcrt,'msvcrt.dll',\ wpcap, 'wpcap.dll' import msvcrt,\ printf, 'printf' import wpcap,\ pcap_findalldevs_ex,'pcap_findalldevs_ex',\ pcap_open,'pcap_open',\ pcap_sendpacket,'pcap_sendpacket' end data pDevList dd ? errbuf rb 256 ; #define, PCAP_ERRBUF_SIZE 256 You should recieve response from OpenDNS (at least I do), followed by an ICMP destination port unreachable sent by your PC (because the TCP/IP stack driver was never informed that you will use port $1234 to recieve UDP data). If fails then try switching Ethernet variable to zero and check again, it still fails then or you need to send ATM cells, or raw format of your modem or it is impossible. I suggest a try to nmap after unsuccessful try of my code. PS: As you can see I translated your code to use macros of the windows package, I did it to motivate more people to check around since it is faster to see than raw assembly. [edit]Removed unneeded memory handling code[/edit] |
|||
06 Jan 2008, 01:11 |
|
zxcv 06 Jan 2008, 12:35
Quote: Have you tested if nmap for Windows works for you? Dont work, thats why i write here. this code dont work too: ERROR: RETURN: 0 ERROR: RETURN: 4136896 ERROR: (null) RETURN: -1 |
|||
06 Jan 2008, 12:35 |
|
LocoDelAssembly 06 Jan 2008, 15:18
Damn, even with "ethernet = 0"?
BTW check with WireShark since you should recieve response and hence you could verify if your suspicious about fake failure is true (or you have concluded that was real error?). BTW, in the devs list don't you have a PPP adapter? Check with ipconfig /all what ethernet capable devices you have (not before connecting to Internet). Code: C:\Documents and Settings\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : dvserver Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No Ethernet adapter MODEM: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : ENCORE 10/100Mbps Fast Ethernet PCI Adapt er Physical Address. . . . . . . . . : 00-06-4F-55-CC-9A DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter Network Bridge: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : MAC Bridge Miniport Physical Address. . . . . . . . . : 02-E0-7D-EC-2A-CA DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : PPP adapter Speedy: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 201.255.X.X Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 201.255.X.X DNS Servers . . . . . . . . . . . : 200.51.212.7 200.51.211.7 NetBIOS over Tcpip. . . . . . . . : Disabled Note I didn't test the program on the computer where I took that ipconfig, is very posible that it will not work because there is no PPPoE nor PPP layers so perhaps it will send but later I will get no response at all. I'll do some tests later but in the meantime you also keep trying |
|||
06 Jan 2008, 15:18 |
|
zxcv 06 Jan 2008, 18:43
Quote: BTW check with WireShark since you should recieve response and hence you could verify if your suspicious about fake failure is true (or you have concluded that was real error?). when i write network stuff my wireshark is always on (yes, on same adapter im using with pcap_open). Code: C:\Documents and Settings\Administrator>ipconfig /all Konfiguracja IP systemu Windows Nazwa hosta . . . . . . . . . . . : noname Sufiks podstawowej domeny DNS . . . . . . : Typ wzBa . . . . . . . . . . . . : Nieznany Routing IP wBczony . . . . . . . : Nie Serwer WINS Proxy wBczony. . . . : Nie Karta PPP adsl: Sufiks DNS konkretnego poBczenia : Opis . . . . . . . . . . . . . . : WAN (PPP/SLIP) Interface Adres fizyczny. . . . . . . . . . : 00-53-45-00-00-00 DHCP wBczone . . . . . . . . . . : Nie Adres IP. . . . . . . . . . . . . : 77.253.89.162 Maska podsieci. . . . . . . . . . : 255.255.255.255 Brama domy[lna. . . . . . . . . . : 77.253.89.162 Serwery DNS . . . . . . . . . . . : 213.241.79.37 83.238.255.76 NetBIOS przez Tcpip . . . . . . . : WyBczony i hope language dont complicate it. if im not connected list is empty how can you have so many adapters? Edit by loco: Please use quote tags instead of code tags when you need to quote somebody |
|||
06 Jan 2008, 18:43 |
|
LocoDelAssembly 06 Jan 2008, 19:06
Because that computer has three network adapters, two of them bridged and one conected directly to an ethernet ADSL modem (bridge modem).
|
|||
06 Jan 2008, 19:06 |
|
LocoDelAssembly 06 Jan 2008, 20:15
I have tried nmap on that computer, and something odd happens, it transmits successfuly but sets the protocol as 0xFF instead of 0x06 (TCP) as I requiered and obviously reports all dead when it shouldn't (But works just fine on this computer with no direct access to Internet)
Could you save a Wireshark (*.pcap, *.cap) session of at least three or four frames and upload it here? I have realised that it is too long work to prepare a correct frame (you need more APIs apart of pcap to get MACs for example), and before getting deeper I wan't to know that I will have chances of success PS: Did you have the same problem with nmap or it didn't work at all for you? [edit]Forget it, I even can't send my own captured frames and when I close the PPP device the program hungs at pcap_close function If this continues to fail then seems that writing your own driver is the way... However, considering that Nmap was able to send data but with corrupted protocol number perhaps looking at the sources and trying to find the reason for the corruption... Well, I'm tired of all this [/edit] [edit2]Later check http://www.ntkernel.com/w&p.php?id=7 [/edit2] |
|||
06 Jan 2008, 20:15 |
|
Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.