Ethereal-dev: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: TJ Li <tiejli@xxxxxxxxx>
Date: Wed, 11 Aug 2004 11:04:25 -0700 (PDT)
Note: Build 0.10.0 works fine when decoding MAPI traffic.
TJ
--- TJ Li <tiejli@xxxxxxxxx> wrote:
>
> --- Guy Harris <gharris@xxxxxxxxx> wrote:
>
> > On Tue, Aug 10, 2004 at 09:35:23PM -0700, TJ Li wrote:
> > > Codes are from latest ethereal branch.
> >
> > I.e., the current Subversion main line?
>
> yes. I think so. I attached backtrace here. It crashed in add_new_data_source. where is
> that function defined?
>
> "Following tcp stream" crashes sometimes on windows. I can get some information for you
> guys next time.
>
> Let me know whatelse I can do to help you fix the crash.
>
> TJ
>
> > > I made it by myself. I attached back trace here.
> > >
> > > To reproduce it, select Preference-> Protocol -> Mapi Decrypt MAPI PDUs,
> > > ethereal crashes sometimes, not always, seems crash once the other
> > > time.
> > >
> > > I also attachmented a mapi traffic here too.
> >
> > I can't make it crash with that capture on my FreeBSD 4.6 machine
> > (current Subversion code). There could be some OS difference that keeps
> > it from crashing.
> >
> > > What should I do when I make ethereal so that it would show real function
> > > names instead of ?? when I backtrace core in gdb?
> >
> > Try running
> >
> > ./libtool gdb ethereal core.3920
> >
> > When you build a binary that requires libtool (as Ethereal does), you
> > need to use "libtool gdb" rather than just "gdb" to debug the version of
> > the binary built in that tree (but not to debug the installed version) -
> > the "ethereal" file isn't the executable image for Ethereal, it's a
> > shell script wrapper, generated by libtool, to run that executable image
> > with the appropriate environment variable settings so that it'll find
> > shared libraries (such as libethereal.so).
> >
> > Note the
> >
> > "/usr/home/nfs/tli/work/riverbed/ethereal-latest/ethereal/ethereal": not in
> executable
> > format: File format not recognized
> >
> > error, and the
> >
> > Core was generated by `lt-ethereal'.
> >
> > "lt-ethereal" is the actual Ethereal binary; it's in a subdirectory
> > (".libs", I think) - but you can't necessarily do
> >
> > gdb .libs/lt-ethereal core.3920
> >
> > You should, instead, do "./libtool gdb ethereal core.3920".
> >
> > > Also, the latest ethereal windows version seems have problem with
> > > "follow tcp stream" .
> >
> > What kind of problem?
> >
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail> [ethereal]$ ./libtool gdb ethereal core.3920
> GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
> Copyright 2003 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-redhat-linux-gnu"...
> Core was generated by `lt-ethereal'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from
> /u/tli/work/riverbed/ethereal-latest/ethereal/wiretap/.libs/libwiretap.so.0...done.
> Loaded symbols for
> /u/tli/work/riverbed/ethereal-latest/ethereal/wiretap/.libs/libwiretap.so.0
> Reading symbols from
> /u/tli/work/riverbed/ethereal-latest/ethereal/epan/.libs/libethereal.so.0...
> done.
> Loaded symbols for
> /u/tli/work/riverbed/ethereal-latest/ethereal/epan/.libs/libethereal.so.0
> Reading symbols from /lib/libcrypto.so.4...done.
> Loaded symbols for /lib/libcrypto.so.4
> Reading symbols from /usr/lib/libpcap.so.0.6.2...done.
> Loaded symbols for /usr/lib/libpcap.so.0.6.2
> Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done.
> Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
> Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done.
> Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
> Reading symbols from /usr/lib/libatk-1.0.so.0...done.
> Loaded symbols for /usr/lib/libatk-1.0.so.0
> Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done.
> Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
> Reading symbols from /lib/tls/libm.so.6...done.
> Loaded symbols for /lib/tls/libm.so.6
> Reading symbols from /usr/lib/libpangoxft-1.0.so.0...done.
> Loaded symbols for /usr/lib/libpangoxft-1.0.so.0
> Reading symbols from /usr/lib/libpangox-1.0.so.0...done.
> Loaded symbols for /usr/lib/libpangox-1.0.so.0
> Reading symbols from /usr/lib/libpango-1.0.so.0...done.
> Loaded symbols for /usr/lib/libpango-1.0.so.0
> Reading symbols from /usr/lib/libgobject-2.0.so.0...done.
> Loaded symbols for /usr/lib/libgobject-2.0.so.0
> Reading symbols from /usr/lib/libgmodule-2.0.so.0...done.
>
> Loaded symbols for /lib/ld-linux.so.2
> Reading symbols from /usr/lib/libexpat.so.0...done.
> Loaded symbols for /usr/lib/libexpat.so.0
> Reading symbols from /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2...done.
> Loaded symbols for /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
> Reading symbols from /lib/libnss_files.so.2...done.
> Loaded symbols for /lib/libnss_files.so.2
> Reading symbols from /lib/libnss_dns.so.2...done.
> Loaded symbols for /lib/libnss_dns.so.2
> Reading symbols from /lib/libresolv.so.2...done.
> Loaded symbols for /lib/libresolv.so.2
> Reading symbols from /usr/lib/gtk-2.0/2.2.0/engines/libbluecurve.so...done.
> Loaded symbols for /usr/lib/gtk-2.0/2.2.0/engines/libbluecurve.so
> Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
> Loaded symbols for /usr/lib/gconv/ISO8859-1.so
> Reading symbols from /usr/X11R6/lib/libXcursor.so.1...done.
> Loaded symbols for /usr/X11R6/lib/libXcursor.so.1
> Reading symbols from /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-xpm.so...done.
> Loaded symbols for /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-xpm.so
> Reading symbols from /usr/lib/pango/1.2.0/modules/pango-basic-xft.so...done.
> Loaded symbols for /usr/lib/pango/1.2.0/modules/pango-basic-xft.so
> Reading symbols from /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so...done.
> Loaded symbols for /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so
> Reading symbols from /usr/lib/libpng12.so.0...done.
> Loaded symbols for /usr/lib/libpng12.so.0
> #0 0x4020a7fb in mapi_decrypt_pdu (tvb=0x83d2d40, offset=32, pinfo=0x8c98980,
> tree=0x8404940,
> drep=0x0) at ../packet-dcerpc-mapi.c:188
> 188 add_new_data_source(pinfo, mmd->tvb, "Decrypted MAPI");
> (gdb) bt
> #0 0x4020a7fb in mapi_decrypt_pdu (tvb=0x83d2d40, offset=32, pinfo=0x8c98980,
> tree=0x8404940,
> drep=0x0) at ../packet-dcerpc-mapi.c:188
> #1 0x4020ac55 in mapi_ec_do_rpc_request (tvb=0x83d2d40, offset=1075881548,
> pinfo=0x8c98980,
> tree=0x8404940, drep=0xbfffc624 "\020") at ../packet-dcerpc-mapi.c:299
> #2 0x40233b0e in dcerpc_try_handoff (pinfo=0x8c98980, tree=0x8405180,
> dcerpc_tree=0x406e4fe0,
> tvb=0x83d2d40, decrypted_tvb=0x83d2d40, drep=0xbfffc624 "\020",
> info=0x40852668,
> auth_info=0xbfffc590) at ../packet-dcerpc.c:2010
>
> #3 0x40234fa2 in dissect_dcerpc_cn_stub (tvb=0x83d2ca4, offset=138227008,
> pinfo=0x8c98980,
> dcerpc_tree=0x8404c28, tree=0x8405180, hdr=0xbfffc620, di=0x40852668,
> auth_info=0xbfffc590,
> alloc_hint=48, frame=79609) at ../packet-dcerpc.c:2648
> #4 0x4023522b in dissect_dcerpc_cn_rqst (tvb=0x83d2ca4, offset=24, pinfo=0x8c98980,
> dcerpc_tree=0x8404c28, tree=0x8405180, hdr=0xbfffc620, transport_type=0)
> at ../packet-dcerpc.c:2950
> #5 0x4023630c in dissect_dcerpc_cn (tvb=0x83d2ca4, offset=16, pinfo=0x8c98980,
> tree=0x8405180,
> can_desegment=1, pkt_len=0xbfffc67c, transport_type=0) at
> ../packet-dcerpc.c:3480
> #6 0x4023657f in dissect_dcerpc_cn_bs_body (tvb=0x83d2ca4, pinfo=0x8c98980,
> tree=0x8405180,
> transport_type=0) at ../packet-dcerpc.c:3575
> #7 0x402365a2 in dissect_dcerpc_cn_bs (tvb=0x83d2ca4, pinfo=0x8c98980, tree=0x8405180)
> at ../packet-dcerpc.c:3614
> #8 0x4017a965 in dissector_try_heuristic (sub_dissectors=0x82a2b40, tvb=0x83d2ca4,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:1448
> #9 0x403fb218 in decode_tcp_ports (tvb=0x83d2c70, offset=32, pinfo=0x8c98980,
> tree=0x8405180,
> src_port=3040, dst_port=4515) at ../packet-tcp.c:2394
> #10 0x403fb3c1 in process_tcp_payload (tvb=0x83d2c70, offset=32, pinfo=0x8c98980,
> tree=0x8405180, tcp_tree=0x8404ec8, src_port=3040,
> dst_port=4515, seq=273121, nxtseq=273217,
> is_tcp_segment=1) at ../packet-tcp.c:2428
> #11 0x403fb526 in dissect_tcp_payload (tvb=0x83d2c70, pinfo=0x8c98980, offset=32,
> seq=273121,
> nxtseq=273217, sport=3040, dport=1075881548,
> tree=0xbfffc29c, tcp_tree=0x8404ec8)
> at ../packet-tcp.c:2508
> #12 0x403fbf8d in dissect_tcp (tvb=0x83d2c70, pinfo=0x8c98980, tree=0x8405180)
> at ../packet-tcp.c:2915
> #13 0x401796db in call_dissector_through_handle (handle=0x82c2b28, tvb=0x83d2c70,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:363
> #14 0x40179a11 in call_dissector_work (handle=0x82c2b28, tvb=0x83d2c70,
> pinfo=0x8c98980,
> tree=0x8405180) at packet.c:513
> #15 0x40179dde in dissector_try_port (sub_dissectors=0x8241748, port=6, tvb=0x83d2c70,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:776
> #16 0x402d2eb5 in dissect_ip (tvb=0x83d2c3c, pinfo=0x8c98980, tree=0x8405180)
> at ../packet-ip.c:1098
> #17 0x401796db in call_dissector_through_handle (handle=0x8241868, tvb=0x83d2c3c,
> ---Type <return> to continue, or q <return> to quit---
> pinfo=0x8c98980, tree=0x8405180) at packet.c:363
>
> #18 0x40179a11 in call_dissector_work (handle=0x8241868, tvb=0x83d2c3c,
> pinfo=0x8c98980,
> tree=0x8405180) at packet.c:513
> #19 0x40179dde in dissector_try_port (sub_dissectors=0x8226cf8, port=2048,
> tvb=0x83d2c3c,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:776
> #20 0x402526da in ethertype (etype=2048, tvb=0x83d2c08, offset_after_etype=14,
> pinfo=0x8c98980,
> tree=0x8405180, fh_tree=0x8405120, etype_id=3490, trailer_id=3492,
> fcs_len=-1)
> at ../packet-ethertype.c:177
> #21 0x40251cc4 in dissect_eth_common (tvb=0x83d2c08, pinfo=0x8c98980, tree=0x8405180,
> fcs_len=-1)
> at ../packet-eth.c:292
> #22 0x4025209a in dissect_eth_maybefcs (tvb=0x83d2c08, pinfo=0x4020a64c,
> tree=0x8405180)
> at ../packet-eth.c:387
> #23 0x401796db in call_dissector_through_handle (handle=0x82a5b88, tvb=0x83d2c08,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:363
> #24 0x40179a11 in call_dissector_work (handle=0x82a5b88, tvb=0x83d2c08,
> pinfo=0x8c98980,
> tree=0x8405180) at packet.c:513
> #25 0x40179dde in dissector_try_port (sub_dissectors=0x8225318, port=1, tvb=0x83d2c08,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:776
> #26 0x4026adf3 in dissect_frame (tvb=0x83d2c08, pinfo=0x8c98980, tree=0x8405180)
> at ../packet-frame.c:184
> #27 0x401796db in call_dissector_through_handle (handle=0x8225380, tvb=0x83d2c08,
> pinfo=0x8c98980, tree=0x8405180) at packet.c:363
> #28 0x40179a11 in call_dissector_work (handle=0x8225380, tvb=0x83d2c08,
> pinfo=0x8c98980,
> tree=0x8405180) at packet.c:513
> #29 0x4017ae18 in call_dissector (handle=0x8225380, tvb=0x83d2c08, pinfo=0x8c98980,
> tree=0x8405180) at packet.c:1614
> #30 0x4017967a in dissect_packet (edt=0x8c98978, pseudo_header=0x0, pd=0x80f84d8 "",
> fd=0xad339d8, cinfo=0x8c98980) at
> packet.c:311
> #31 0x401776f7 in epan_dissect_run (edt=0x8c98978, pseudo_header=0x80f8448,
> data=0x80f84d8 "",
> fd=0xad339d8, cinfo=0x0) at epan.c:153
> #32 0x08063c06 in select_packet (cf=0x80f83c0, row=135234632) at file.c:2685
> #33 0x0807325c in packet_list_select_cb (w=0x8342490, row=79608, col=-1, evt=0x0)
> at packet_list.c:263
> #34 0x40a54942 in _gtk_marshal_VOID__INT_INT_BOXED () from /usr/lib/libgtk-x11-2.0.so.0
> #35 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
> #36 0x40d0a983 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
> #37 0x40d099a8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
> #38 0x40a96bcf in gtk_signal_emit () from /usr/lib/libgtk-x11-2.0.so.0
> #39 0x409ded0d in gtk_clist_select_row () from /usr/lib/libgtk-x11-2.0.so.0
> #40 0x08073ed9 in packet_list_set_selected_row (row=0) at packet_list.c:692
>
> ---Type <return> to continue, or q <return> to quit---
> #41 0x08063a53 in goto_frame (cf=0x0, fnumber=1075881548) at file.c:2566
> #42 0x0807a134 in redraw_hex_dump_all () at proto_draw.c:238
> #43 0x08097199 in user_font_apply () at font_utils.c:550
> #44 0x080980e8 in gui_prefs_apply (w=0x9a35430) at gui_prefs.c:473
> #45 0x08075d18 in prefs_main_apply_all (dlg=0x9223aa0) at prefs_dlg.c:1009
> #46 0x08075f53 in prefs_main_ok_cb (ok_bt=0xcd062c8, parent_w=0x9223aa0) at
> prefs_dlg.c:1067
> #47 0x40d0ad77 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
> #48 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
> #49 0x40d0a983 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
> #50 0x40d099a8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
> #51 0x40d09be4 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
> #52 0x409c7acb in gtk_button_clicked () from /usr/lib/libgtk-x11-2.0.so.0
> #53 0x409c8abb in _gtk_button_paint () from /usr/lib/libgtk-x11-2.0.so.0
> #54 0x40d0ad77 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
> #55 0x40cf8247 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
> #56 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
> #57 0x40d0a20f in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
> #58 0x40d099a8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
>
=== message truncated ===> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
- References:
- Prev by Date: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
- Next by Date: Re: [Ethereal-dev] how to parse a ethereal capture file
- Previous by thread: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
- Next by thread: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
- Index(es):
