Wireshark · Ethereal-users: Re: [Ethereal-users] c0000005 (access violation) in proto_reg_handoff

Ethereal-users: Re: [Ethereal-users] c0000005 (access violation) in proto_reg_handoff_netlib

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>

Date: Tue, 7 Jan 2003 13:42:36 +0100

Paul Offord wrote:

>Hi,
>
>I use Ethereal 0.9.7 with WinPcap 2.3 on Windows 2000 (Build 2195).  I
>downloaded binary versions of both Ethereal and WinPcap.
>
>I have no problems capturing short traces.  However, if a capture a
>reasonable size trace, the following happens:
>
>*  I hit Stop in the Capture window
>*  A small message box appears showing the Loading status (the small bar
>starts to move to show progress)
>*  I get an error stating that Ethereal application has terminated.
>
>The Dr Watson log shows an Access Violation in proto_reg_handoff_netlib.
>I've included the Stack Back Trace below (the parameters passed in the final
>call to proto_reg_handoff_netlib don't look right).

I guess that there is some memory overwrite in some protocol dissector. 
The back trace you sent doesn't look reasonable.
I guess that at least part of the back trace is corrupt due to that the memory has been overwritten.
It may not be that the problem is in the TDS/Netlib dissector (packet-tds.c), but there has
been some crash problem with that dissector.

>
>*  Is this a known problem?
>
>*  Is there a fix?

The TDS/Netlib dissector has been changed after Ethereal 0.9.7. There were some crash
problem with that dissector. 

You can maybe start to disable TDS and Netlib protocol in Ethereal 0.9.7 (Edit/Protocol .../Decoding/..) 
and see if you still get problems. If you don't get the crash problem then you will know that it is probably
the TDS/Netlib dissector that caused the crash.
(If you still get problems with TDS/Netlib dissector disabled you can disable some more protocols).

Then you can try to install Ethereal 0.9.8 and see if you still get problems. If so it would be good to get a capture of
the packets that causes Ethereal to crash. You could e.g. disable all or almost all protocol dissectors in order to
do the capturing without getting a crash (hopefully) and save the capture to a file, and then enable protocols again
and see if you get any crash.
Be sure to not include any confidential data in the capture.

>
>*  What is the correct procedure for reporting Ethereal bugs?
>

I think you did the right things sending a mail with as much information as possible to the list.
You've included info about Ethereal version, WinPcap version, OS and backtrace and other
details and that is a very good start.

Prev by Date: [Ethereal-users] c0000005 (access violation) in proto_reg_handoff_netlib
Next by Date: RE: [Ethereal-users] c0000005 (access violation) in proto_reg_han doff_netlib
Previous by thread: [Ethereal-users] c0000005 (access violation) in proto_reg_handoff_netlib
Next by thread: RE: [Ethereal-users] c0000005 (access violation) in proto_reg_han doff_netlib
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$