How to workaround the "Limitations on Raw Sockets" under Windows 7?
10,459
After Windows XP Service Pack 1, the ability to send raw sockets has been disabled, however you can still read them.
You can modify the source code example provided by Microsoft in the WDK to enable raw sends again. For more information, check the link.
PCAUSA - How To Access To NIC Drivers From A Win32 Application
Alternatively, you may use WinPcap to inject packets into the network.
Author by
hsluoyz
Updated on June 04, 2022Comments
-
hsluoyz about 2 years
I am developing a TCP protocol fuzzing software under Windows 7. I wanna to send self constructed TCP packet using Raw Sockets. But it seems that Microsoft forbid this for some security reasons. (http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx)
I know WinPcap can also send custom packets. But I don't want to build a packet from the Ethernet level. The parameters for Ethernet and IPv4 are so complex and drive me crazy. I only cares about the TCP above parts. Are there any solutions to workaround this? All I can think out is to change my Win7 to Windows 2008 R2, but it's a big project to do. I hope there are better ways?
-
Ed Heal over 10 yearsWhat is the motivation for doing this? -
hsluoyz over 10 years@EdHeal you know protocol fuzzing? I work for a network device test organization, which needs to test the robustness of the protocol stack for routers, switch and so on. I almost finished all protocol stack (ethernet, IP, UDP HTTP and so on) except TCP. So you know, it's for good purpose. And I don't know why Microsoft restricts this.
-
Ed Heal over 10 yearsAn IP packet is 1024 bytes. 1K. The TCP part is a small fraction of that. I assume you do not need to go down to the network layer. So why not do the hard stuff and create software to drive the ethernet card producing the right data. Use a network analyser to check it out.
-
hsluoyz over 10 years@EdHeal I didn't catch your meaning very much, the fuzzing is deterministic by my boss. Only analysis by a network analyser seems not enough?
-
Ed Heal over 10 years@hsloyz - You want to generate TCP packets that are both valid and invalid. TCP packets are IP packets with a bit bolted on. So you need to get the ethernet card to deliver IP packets with invalid TCP packets. IP bit being valid at this point. To be sure or generating the right data you need to sniff the cable. A network analyser is best but a s/w anayser might suffice
-
user1703401 over 10 yearsMicrosoft got a lot of flak for supporting raw sockets on the desktop version of Windows. It was widely abused. So they disabled it again. You already know what you need to do, talk to your boss to get the resources you need. Aim high, nobody wants to be bothered with small requests, ask for an MSDN subscription.
-
hsluoyz over 10 years@EdHeal Here is the problem. Microsoft forbid the IP packets delivery with my invalid TCP headers. Is there another way to directly send TCP headers besides raw sockets?
-
hsluoyz over 10 years@HansPassant You mean changing the OS? I already got the Win2008 R2 iso. It's not a thing of money. Just because I have installed so many softwares and componments (VS6, VS2005, VS2008, VS2010, VS2012 and so on) in my current Win7. It's much pain for me to migrate these environments. I wish there could be a better way, like a switch or a patch?
-
Matthieu about 7 yearsIf you were willing to change OS, Linux has full raw socket support without needing any libraries... -
Hao Nguyen almost 7 yearsI wonder why you don't use WinPCap for raw TCP socket programming?
-
-
hsluoyz about 10 yearsI'am very interested in the WDK-enable-raw-sends thing. But I didn't find any relative material in the link provided, all I saw is abou t "How To Access To NIC Drivers From A Win32 Application" using protocol driver. It doesn't mean "raw socket send", because the MAC and IP headers are needed for protocol drivers, just the same with WinPcap (in fact WinPcap is based on protocol drivers), is this what you mean?
-
Jeremiah about 10 years
-
Jeremiah about 10 yearsI think this first link should be something to explore more. Download the DDK for your target system and build the ndis network driver example. Afterwards you need to modify the "send.c" file or something close to that. Outside of modifying the driver, you will need to sign it. If you don't pay Microsoft for a valid signature, you will have to manually bypass the UAC when installing. This shouldn't be a problem since you own the machine the driver is being installed to.
-
hsluoyz about 10 yearssorry. maybe I didn't make it clear, I wanna send the packets on the basis of IP level, which means, I don't construct the ethernet and IP headers, the OS stack will be responsible for them. But a ndisprot driver is something sending packets from the very low level, which means I have to construct the packets from the ethernet header. But in fact, ethernet and IP header are something I do not really care about, I hope this would be clear..
-
Jeremiah about 10 yearsIf you want to enable raw sends without pcap, writing a custom driver (or using someone else's) is the only method I am aware of. If you are writing a fuzzer, I wouldn't forget about the lower layers either (as some interesting exploits have been found there). In any case, you'll have to decide if it is worth your time to get a custom driver. As you mentioned, Windows will not support the sending of any tcp data, so if you want that without pcap, you will have to write the code to handle the lower layers. msdn.microsoft.com/en-us/library/windows/desktop/…
-
cxxl over 5 years@Jeremiah: only the ability to write TCP has been disabled in XPSP1 (read as well, BTW). Other than that, most other uses of raw sockets, read and write still work (as of Win10 RS4)
-
Mohammad Nikravan almost 4 yearsWhat about sockets on Windows Servers? Does it have same limitation. any comment would be so helpful.
