Comments (17)
I got the same output. I tried to track it down and to me it seems like a defect. In SuPutPacket() there is a call to SeFree(buf). The buffer freed is allocated by my application and given to Win10Pcap in the PacketSendPacket() call. But for some reason SuPutPacket() wants to free it. The magic check in the SeFree() will trigger the log and return without doing anything. Remove the mentioned call to SeFree(buf) and you should be fine.
Npcap didn't work for me since it couldn't catch packets from the host itself. I am trying to run a application that captures all packets on an interface and can send packets to/from other windows applications as well as to/from other hosts on the network.
from win10pcap.
You would like to try Npcap: https://github.com/nmap/npcap
from win10pcap.
it couldn't catch packets from the host itself
I don't quite understand it. Npcap supports capturing incoming and outgoing packets. It can also send packets to network or inject packets to pretend they are coming from network. The usage is very flexible.
from win10pcap.
My application can send packets which can be seen by the host. But the host's response, like on a ARP request, is never seen by my application. This works fine if I use Win10Pcap. Npcap seems to never pickup the packet so I prefer Win10Pcap. Seems more predictable to me.
from win10pcap.
Hi @mab0 ,
But the host's response, like on a ARP request, is never seen by my application.
I think you mean ARP response?
- If you can't see the response, does the application work normally? I want to differ whether the response is just unseen or doesn't even exist.
- Have you tried capturing in Wireshark? Let me know if the response shows up in Wireshark.
Thanks!
Cheers,
Yang
from win10pcap.
I checked again with Wireshark. I ran my application twice. One time with Npcap and one time for Win10Pcap.
And it's like I described before. ARP reqest is sent out by my application and seen in Wireshark in both cases. But for Npcap no ARP response can be seen from my host. For other hosts on the network, ARP responses can be seen in both cases.
Win10Pcap has the correct behavior and are consistent with earlier versions of WinPcap. For some unknown reason Npcap breaks the functionality.
I worked around the malloc/free defect I described earlier in Win10Pcap by allocating the buffer to send and appending the expected magic so Win10Pcap can free the buffer correctly. But the fix would be to not free the buffer at all in PacketSendPacket().
from win10pcap.
Hi @mab0 ,
I have fixed this bug in latest Npcap 0.06 R7.1. Please try it at: https://github.com/nmap/npcap/releases
from win10pcap.
Hi,
Thanks for your help but I tried Npcap 0.06 r7 and it's still not working. The Vmware interface support is nice though.
from win10pcap.
Hi @mab0 ,
I can't reproduce your issue.
I used a Win10 x64 VMware VM. It has an Ethernet adapter which is NATed with the host. Then I ping the gateway: 192.168.47.1
, and it shows that the ARP request and response are good as this picture:
I think this has something to do with your application. So can I have your application that causes this issue? Better source code, if you don't want to share your source code, providing me the binary is also OK. And another way is giving me a simple example that can trigger this issue with source code. I will fix this issue ASAP.
Thanks!
from win10pcap.
I can't provide you with any code or binary. The code I run is proprietary.
If I understand your setup correctly it's not like my setup. No virtualization is involved. I have a Windows 10 workstation. I run a application on that machine that has it's own network stack. Everything including layer 2 and up. So I want everything transmitted on the wire of an network adapter to be picked up by my application. Windows 10 and my application should work separately as if they were two different host on the same LAN.
This works for the most part. But there seems to be an exception with packets being sent from Windows 10 to may application. Windows 10 and my application uses different MAC addresses. Windows 10 uses the MAC for the adapter but the application picks a new MAC and IP addresses. When I ping the IP of windows 10 from my application, my application first sends an ARP request for the IP of the Windows 10 adapter. This request can be picked up by Windows 10 (and Wireshark if I run that at the same time) but the response is never seen. It's never picked up by Wireshark or my application.
My application does basically this to open the device:
adapter = PacketOpenAdapter(...)
PacketSetHwFilter(adapter, NDIS_PACKET_TYPE_PROMISCUOUS)
PacketSetBuff(adapter, 512*1024)
When sending packets:
packet = PacketAllocatePacket()
PacketInitPacket(packet, L2Data, L2DataLen)
`PacketSendPacket(adapter, packet, TRUE)
When receiving packets:
packet = PacketAllocatePacket()
PacketInitPacket(packet, recvBuf, 2048)
`PacketReceivePacket(adapter, packet, TRUE)
That is a condensed version of what I am doing. Quite straight forward. Works with Win10Pcap and WinPcap.
I'll try to compile NPcap myself if I find the time for it so I can dig deeper into this.
from win10pcap.
I am having the same issue, I tried the latest npcap SDK (downloaded from nmap since I don't have vs 2013 installed to compile.). The code I used is from https://github.com/jquesnelle/ethernet_pause/blob/master/sender.c but for x64. I am compiling on VS 2017 with Window SDK 10.0.15063.0 on the v141 Platform Toolset. Unless Npcap SDK 0.1 (ZIP). is the old SDK?
from win10pcap.
I'm getting the same error. "FATAL bad memory block" I get it both with sending single messages or sending using a queue.
from win10pcap.
@mab0 hello,i get the same error-"FATAL bad memory block". and i saw your answer.but i can't find this function. en i don't know how to remove.could you give me a detail explanation. it's already spend my two days.thank you first.
from win10pcap.
magic
Hello, I am having the same problem and trying to understand how to fix. can you explain what do you mean by magic?
from win10pcap.
I am facing the same issue , Any solution to fix the problem
from win10pcap.
Actually yes you have two options. The easiest one you can move from Win10Pcap to WinPcap and the error will not be there. The second option is to find Win10Pcap code files and locate the function where they are trying to free the variable magic and remove that code. Then you will need to recompile the Win10Pcap.
from win10pcap.
I see this memory issue, too. Why using Win10Pcap? The WinPcap 4.1.2 (with NDIS 5) works as expected on Windows 10/11. Win10Pcap sometimes swallow packets.
from win10pcap.
Related Issues (20)
- Blue Screen Of Death blamed on Win10PCap.sys HOT 2
- CoS fields (from 802.1Q header) is always zero
- Incorrect endianness check
- The windows I/O is too high
- matching SDK headers to installation download
- why the performance of win10pcap for capturing live stream is lower than original winpcap
- Win10Pcap Crash in Windows10 PC
- 阁下你好,请看一下NPcap HOT 1
- Questions: Get corresponding process
- Order of operations error and missing exception handling
- Memory.c - SeSwap memory leak
- Issue in PacketGetStats, buffer overrun
- Fail to link vs SDK static libs
- pcap_open_live is not thread safe HOT 1
- Different Adapter Listing compared to WinPCap / NpCap
- Windows on ARM, Support?
- Abandoned?
- Wrong netmask and further development.
- RPCAP support?
- Compatibility with NPcap? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from win10pcap.