7.12 crash

[techtonik]

It may be a lame command, but it crashes nmap on Vista:

nmap -v -sn --unprivileged 192.168.128.0/24 -sL

Problem signature:
  Problem Event Name:   APPCRASH
  Application Name: nmap.exe
  Application Version:  7.0.12.0
  Application Timestamp:    56faa177
  Fault Module Name:    kernel32.dll
  Fault Module Version: 6.0.6002.23936
  Fault Module Timestamp:   56ec318c
  Exception Code:   c06d007e
  Exception Offset: 0003fc9e
  OS Version:   6.0.6002.2.2.0.768.2
  Locale ID:    1033
  Additional Information 1: 2315
  Additional Information 2: 7760935103aa7696e3476ac43b0c0097
  Additional Information 3: eda2
  Additional Information 4: bbf2193402e872d5755684cf7a43b483

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

[dmiller-nmap]

@techtonik Did you perhaps not have WinPcap installed? We recently fixed some issues with Nmap on Windows related to --unprivileged and WinPcap/Npcap. One of them, 2c6666cb34, fixed a problem that could lead to a crash in a scan just like you used, but only if WinPcap was not installed.

Please try our latest Beta release, Nmap 7.25BETA2, which contains this fix. Let us know if this solves your problem or if you still have trouble. Full output with -d3 would be helpful in that case.

[techtonik]

@dmiller-nmap yes, I was using npcap 0.09-r3 installed without reboot. Let me try this again with newer Nmap version.

[techtonik]

Seems to work. At least doesn't crash now.

WARNING: Could not import all necessary Npcap functions.  You may need to upgrade to version 0.07 or higher from http://www.npcap.org.  Resorting to connect() mode -- Nmap may not fu
nction completely

Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2016-09-08 09:44 E. Africa Standard Time
Initiating Parallel DNS resolution of 256 hosts. at 09:44

[hsluoyz]

Please try Npcap 0.09 r4 here: https://github.com/nmap/npcap/releases

[hsluoyz]

Since there's no feedback, I will close it for temporarily for now.

[techtonik]

I'd say that NpcapHelper.exe asks for administrative permission too much - 4 times when Wireshark loads and once more during capture. Otherwise 0.09 r5 seems to work fine.

[hsluoyz]

This issue has already been discussed here: https://github.com/nmap/nmap/issues/435. It's a low priority issue but already in our TODO list. For now, I will just recommend not to choose the Restrict Npcap driver's access to Administrators only option in installer if you are using Npcap with Wireshark.