Nmap Development mailing list archives
Yang's status report - #7 of 16
From: "veotax" <hsluoyz () qq com>
Date: Tue, 23 Jul 2013 23:35:16 +0800
Hi everyone,Here's my status report for week #7. I have resolved the BindContext parameter bug within function NdisOpenAdapterEx. The adapter binding and unbinding now are carried out by the driver itself instead of the application level. If some software wants to open an adapter for multiple times, the driver will return the same handle because the driver only can open an adapter for one time. Side effects for this change need further research. When testing my driver, I mainly used wireshark as the application-layer program for debugging last week. However, Wireshark is a little weird in the interface info list function, I traced the packet.dll and npf6x.sys (NDIS 6.x edtion for npf.sys) but found no track of the interface info list function. The sourcecode of Wireshark uses some kind of pipe and is difficult to compile and understand, I decide to use nmap as the application-layer program for debugging this week. Also some packet.dll bugs for npf6x have been found, at first I use "NPcap" string for the service name and driver name, but I found Wireshark use the "npf" string for detecting WinPcap service, this will cause Wireshark off. so I changed the service name back to "npf", and for migration purpose back to WinPcap trunk, I changed the driver name to "npf6x" which means "npf for NDIS6.x". Also some npf6x.sys bugs have been found. The orginal adapter release function also need to be changed, because now the driver takes charge of the adapter release instead of the application. Accomplishments: * Finished the correcting of the BindContext parameter bug using the open-once method. Removed some other memory bugs of npf6x.sys * Modified the service name, driver name, protocol name and so on in both npf6x.sys and packet.dll, in order to keep compatible with Wireshark and original npf.sys driver. * Read lots of source code of npf.sys, packet.dll and Wireshark. Understand the call sequence among the three. Priorities: * Stuck at a bug, I cannot trace the call in the packet.dll when Wireshark refreshes its adapter list. I will solve this next week. * Remove other bugs of current npf6x.sys. * Have a meeting with my mentor for the next step. Cheers, Yang Luo http://veotax.com _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Yang's status report - #7 of 16 veotax (Jul 23)