Nmap Development mailing list archives
Re: nmap -P0 reboots Windows XP
From: Casey Williams <Lists () aviditysoftware com>
Date: Wed, 8 Mar 2006 16:00:53 -0600
On 12:54 Wed 03/08/06 Mar , Loris Degioanni wrote:
Let's try to clarify a bit. IRQL_NOT_LESS_OR_EQUAL is one of the most common Windows kernel bugchecks, and doesn't normally have anything to do with corrupted memory. It just tells you "one of the component of the OS kernel, most probably a driver, did something wrong, and therefore the OS will stop".
Excuse me, I should have spoken more clearly. I didn't mean that I thought it was a memory issue. What I meant was that I thought something was going awry during the driver unload process. What would go wrong? I'm not sure, I'm not knowledgable about such things, however here's what I know: When I start my program, and close it without scanning it will never crash. However if I DO scan something (thus initializing the winpcap driver), it will crash...intermitantly. And it only crashed on exit from the application. This seems to be the same issue that Kris is having with Nmap...
The most probable cause of the error, if this happens while you use nmap, is the kernel driver that nmap uses to send and receive raw network frames, i.e. WinPcap's NPF.sys. In most cases, in fact, you can see if the fault is in winpcap by checking if around the bottom of the blue screen you see somewhere "npf.sys".
I didn't see anything on the BSOD that indicated any specific driver, I don't know how I would have missed it, but I'm sure it's possible. :) And I agree, it's probably the winpcap driver causing the issue.
If the fault is in winpcap, first of all you should make sure you are using the latest version of the driver, which can be found at http://www.winpcap.org/install/default.htm. If the problem persists with the latest version, you can report the bug to the developers as explained at http://www.winpcap.org/contact.htm, under "Need to report a bug?".
Yep, I have the latest libraries, and I'd like to file a bug report, but I don't have any solid proof of who's to blame, and since we're on the topic I'm posting my finding here in hopes to be of some help. Sorry if I'm being a nuisance. :) -- -C _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- nmap -P0 reboots Windows XP Kris Katterjohn (Mar 07)
- Re: nmap -P0 reboots Windows XP Bryan (Mar 07)
- Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 07)
- Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 07)
- Re: nmap -P0 reboots Windows XP Casey Williams (Mar 08)
- Re: nmap -P0 reboots Windows XP Loris Degioanni (Mar 08)
- Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 08)
- Re: nmap -P0 reboots Windows XP Bryan (Mar 08)
- Re: nmap -P0 reboots Windows XP Casey Williams (Mar 08)
- Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 07)
- Re: nmap -P0 reboots Windows XP Bryan (Mar 07)
- <Possible follow-ups>
- RE: nmap -P0 reboots Windows XP Mike C (Mar 08)
- RE: nmap -P0 reboots Windows XP Sean Warnock (Mar 08)
- RE: nmap -P0 reboots Windows XP Sean Warnock (Mar 08)
- Re: nmap -P0 reboots Windows XP Kris Katterjohn (Mar 08)