flat assembler
Message board for the users of flat assembler.

Index > Windows > winpcap problems

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
zxcv
Guest




zxcv 05 Jan 2008, 19:53
I was thinking to send instructions through usb port, somehow... But i dont know how =/
So im on winpcap now, thanx to microsoft =/
Post 05 Jan 2008, 19:53
Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 05 Jan 2008, 19:59
WinPCap? Trust me, I know a lot less than u do when it comes to what you're trying to do. and by instructions do you mean to execute? Brings to mind a story of somebody who did that once with a wireless USB network adapter hooked up to the back of someone's desktop Smile. I thought that all internet stuff could be done through the Windows API, like I said try to figure out how Windows sets up comm ports and do it yourself. Then use that USB comm port and it should be pretty trivial to send data through it. Also, you said that the USB is an ethernet adapter?! Maybe the USB part of it is messing up you're data when you send it through the wire. Like I said, a trip to RadioShack and a few electrocutions later and anyone can set up an LED checking hardware for ports. There are many tutorials about how to do it with the printer port, just google it. Maybe you could do the same thing with the USB (ethernet cord) if u put your mind to it Smile

[EDIT] Ohh I see what WinPCap is... Kind of... Exactly what are you trying to send? And do you want to use regular internet or some special device that you have? If it's just basic sending packets and such, just use the API. All the functions for WinSock are already in fasm includes, so it should be easy to read up on MSDN.
Post 05 Jan 2008, 19:59
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 20:24
zxcv, your new code crashes at "push dword [eax+4]" and by changing to "lea eax, [eax+4] / push eax" the program crashes in a copy routine inside the DLL.

Check copying and pasting and running your posted code to check if it happens only on my side.

[edit]BTW, using the old code to send your new packet gives me:Length: 53 (bogus, payload length 35)[/edit]
Post 05 Jan 2008, 20:24
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 21:51
Quote:
zxcv, your new code crashes at "push dword [eax+4]" and by changing to "lea eax, [eax+4] / push eax" the program crashes in a copy routine inside the DLL.

what do you mean? what lea? i never used lea before, i didnt even understand purpose of if.
Post 05 Jan 2008, 21:51
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 21:55
Gets the address, is like mov but instead of retrieve the memory contents it store the calculated address (LEA = load effective address).

Anyway, even without the modification the program crashes.
Post 05 Jan 2008, 21:55
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 22:38
Code:
mov eax, buffer    
=
Code:
lea eax, buffer    
?
Post 05 Jan 2008, 22:38
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 23:09
yes, but it has not much sense to use on those cases. It is better in things like this

Code:
mov eax, ebp
sub eax, 4
push eax
call func    


=

Code:
lea eax, [ebp-4]
push eax
call func    
Post 05 Jan 2008, 23:09
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 05 Jan 2008, 23:14
ok, and what about my problem? I understand that winpcap isnt way to raw packet on adsl hardware.
Post 05 Jan 2008, 23:14
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 05 Jan 2008, 23:55
Don't know, didn't work anything I said before? Try sending raw data starting from IP layer (so no Ethernet, no PPP and no PPPoE).

Have you tested if nmap for Windows works for you? Try doing the tests that requires the use of raw TCP which uses WinPcap, if nmap does not succeeds then I think you are really out of luck.
Post 05 Jan 2008, 23:55
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 06 Jan 2008, 01:11
Try this
Code:
include 'win32a.inc'

format pe console
  push    ebx

  cinvoke pcap_findalldevs_ex, string, 0, pDevList, errbuf

  cinvoke printf, f, errbuf, eax

  mov     eax, dword [pDevList]
  mov     byte [errbuf], 0
  cinvoke pcap_open, [eax+4], 0, 0, 0, 0, errbuf
  mov     ebx, eax

  cinvoke printf, f, errbuf, eax

  cinvoke pcap_sendpacket, ebx, data_to_send, sizeof.data_to_send

  cinvoke printf, f, NULL, eax

  pop     ebx
  ret

f db 'ERROR: %s',13,10,'RETURN: %i',13,10,13,10,0 
string db 'rpcap://',0



; http://www.cs.utk.edu/~cs594np/unp/checksum.html 

macro checksum address, len, res_var 
{ 
local datum, length, p, sum 

  p = address 
  sum = 0 
  length = len 

  while length > 1 
    load datum word from p 
    p = p + 2 
    sum = sum + datum 

    if sum and $80000000 ;   /* if high order bit set, fold */ 
      sum = (sum and 0xFFFF) + (sum shr 16) 
    end if 

    length = length - 2 
  end while 

  if length  ;     /* take care of left over byte */ 
    load datum byte from p 
    sum = sum + datum 
  end if 
           
  while sum shr 16 
    sum = (sum and 0xFFFF) + (sum shr 16) 
  end while 

  res_var = not sum and $FFFF 
} 



ethernet = 1 ; Set to zero to remove Ethernet layer 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;; PACKET/FRAME ;;;;;;;;;;;;;;;;;;;;;;;; 
data_to_send: 
if ethernet 
Ethernet: 
  .Destination_MAC              db $02, $E0, $7D, $EC, $2A, $CA ; Put the MAC address of your gateway here
  .Source_MAC                   db $00, $11, $09, $D1, $69, $22 ; Put your real MAC address here to improve chances of success
  .Type                         db $08, $00                     ; If you change to PPPoE you will need to add the PPPoE and PPP layers below
end if 
IP: 
  .Version_and_IHL              db (4 shl 4) or 5 
  .TOS                          db 0 
  .Total_Length                 db (data_end-IP) shr 8, (data_end-IP) and $FF 
  .Identification               dw $3412 
  .Flags_and_Fragment_Offset    dw 0 
  .TLL                          db 64 
  .Protocol                     db $11 ; UDP 
  .Checksum                     dw 0 
  .Source_Address               db 192, 168,   0,  38 ; Put your real IP here 
  .Destination_Address          db 208,  67, 222, 222 ; OpenDNS nameserver 
UDP: 
  .Source_Port                  db $34, $12 
  .Destination_Port             db 0, 53 
  .Length                       db (data_end-UDP) shr 8, (data_end-UDP) and $FF 
  .Checksum                     dw 0 ; Since it is optional it will remain zero  
DNS: 
  .Transaction_ID               dw $0100 
  .Flags                        db 1, 0 
  .Questions                    db 0, 1 
  .Im_Tired                     dw 0, 0, 0 
  .Name                         db @f - $-1, "google"
@@:                             db @f - $-1, "com" 
@@:                             db @f - $-1, "ar" 
@@:                             db 0 
  .Type                         db 00, 01 
  .Class                        db 00, 01 
data_end: 

sizeof.data_to_send = $ - data_to_send 

  checksum IP, UDP-IP, ip_checksum 
  store word ip_checksum  at IP.Checksum 

align 4 ; Just to be safe
data import 
 library msvcrt,'msvcrt.dll',\ 
         wpcap, 'wpcap.dll' 

 import msvcrt,\ 
        printf, 'printf'

 import wpcap,\ 
        pcap_findalldevs_ex,'pcap_findalldevs_ex',\ 
        pcap_open,'pcap_open',\ 
        pcap_sendpacket,'pcap_sendpacket' 
end data

pDevList dd ?
errbuf   rb 256 ; #define, PCAP_ERRBUF_SIZE 256    


You should recieve response from OpenDNS (at least I do), followed by an ICMP destination port unreachable sent by your PC (because the TCP/IP stack driver was never informed that you will use port $1234 to recieve UDP data). If fails then try switching Ethernet variable to zero and check again, it still fails then or you need to send ATM cells, or raw format of your modem or it is impossible. I suggest a try to nmap after unsuccessful try of my code.

PS: As you can see I translated your code to use macros of the windows package, I did it to motivate more people to check around since it is faster to see than raw assembly.

[edit]Removed unneeded memory handling code[/edit]
Post 06 Jan 2008, 01:11
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 06 Jan 2008, 12:35
Quote:
Have you tested if nmap for Windows works for you?

Dont work, thats why i write here.


this code dont work too:

ERROR:
RETURN: 0

ERROR:
RETURN: 4136896

ERROR: (null)
RETURN: -1
Post 06 Jan 2008, 12:35
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 06 Jan 2008, 15:18
Damn, even with "ethernet = 0"?

BTW check with WireShark since you should recieve response and hence you could verify if your suspicious about fake failure is true (or you have concluded that was real error?).

BTW, in the devs list don't you have a PPP adapter?

Check with ipconfig /all what ethernet capable devices you have (not before connecting to Internet).

Code:
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dvserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter MODEM:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ENCORE 10/100Mbps Fast Ethernet PCI Adapt
er
   Physical Address. . . . . . . . . : 00-06-4F-55-CC-9A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Network Bridge:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : MAC Bridge Miniport
   Physical Address. . . . . . . . . : 02-E0-7D-EC-2A-CA
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

PPP adapter Speedy:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 201.255.X.X
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 201.255.X.X
   DNS Servers . . . . . . . . . . . : 200.51.212.7
                                       200.51.211.7
   NetBIOS over Tcpip. . . . . . . . : Disabled    


Note I didn't test the program on the computer where I took that ipconfig, is very posible that it will not work because there is no PPPoE nor PPP layers so perhaps it will send but later I will get no response at all.

I'll do some tests later but in the meantime you also keep trying Razz
Post 06 Jan 2008, 15:18
View user's profile Send private message Reply with quote
zxcv
Guest




zxcv 06 Jan 2008, 18:43
Quote:
BTW check with WireShark since you should recieve response and hence you could verify if your suspicious about fake failure is true (or you have concluded that was real error?).

when i write network stuff my wireshark is always on (yes, on same adapter im using with pcap_open).

Code:
C:\Documents and Settings\Administrator>ipconfig /all

Konfiguracja IP systemu Windows

        Nazwa hosta . . . . . . . . . . . : noname
        Sufiks podstawowej domeny DNS . . . . . . :
        Typ wzBa . . . . . . . . . . . . : Nieznany
        Routing IP wBczony . . . . . . . : Nie
        Serwer WINS Proxy wBczony. . . . : Nie

Karta PPP adsl:

        Sufiks DNS konkretnego poBczenia :
        Opis . . . . . . . . . . . . . . :  WAN (PPP/SLIP) Interface
        Adres fizyczny. . . . . . . . . . : 00-53-45-00-00-00
        DHCP wBczone . . . . . . . . . . : Nie
        Adres IP. . . . . . . . . . . . . : 77.253.89.162
        Maska podsieci. . . . . . . . . . : 255.255.255.255
        Brama domy[lna. . . . . . . . . . : 77.253.89.162
        Serwery DNS . . . . . . . . . . . : 213.241.79.37
                                            83.238.255.76
        NetBIOS przez Tcpip . . . . . . . : WyBczony    

i hope language dont complicate it.

if im not connected list is empty

how can you have so many adapters?

Edit by loco: Please use quote tags instead of code tags when you need to quote somebody
Post 06 Jan 2008, 18:43
Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 06 Jan 2008, 19:06
Because that computer has three network adapters, two of them bridged and one conected directly to an ethernet ADSL modem (bridge modem).
Post 06 Jan 2008, 19:06
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 06 Jan 2008, 20:15
I have tried nmap on that computer, and something odd happens, it transmits successfuly but sets the protocol as 0xFF instead of 0x06 (TCP) as I requiered Confused and obviously reports all dead when it shouldn't (But works just fine on this computer with no direct access to Internet)

Could you save a Wireshark (*.pcap, *.cap) session of at least three or four frames and upload it here? I have realised that it is too long work to prepare a correct frame (you need more APIs apart of pcap to get MACs for example), and before getting deeper I wan't to know that I will have chances of success

PS: Did you have the same problem with nmap or it didn't work at all for you?

[edit]Forget it, I even can't send my own captured frames and when I close the PPP device the program hungs at pcap_close function Confused
If this continues to fail then seems that writing your own driver is the way...

However, considering that Nmap was able to send data but with corrupted protocol number perhaps looking at the sources and trying to find the reason for the corruption... Well, I'm tired of all this Razz[/edit]

[edit2]Later check http://www.ntkernel.com/w&p.php?id=7 [/edit2]
Post 06 Jan 2008, 20:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.