Matt B - 2002-10-25

Logged In: YES
user_id=636284

I aslo get this in Windows XP SP1.

It happenes when knocker 0.6.6 scans port 389.

According to the windows error message and what is recorded
in the logs:

Error signature:
AppName: knocker.exe AppVer:0.0.0.0 ModName: msvcrt.dll
ModVer: 7.0.2600.1106 Offset: 00033830

Exception Information:
Code: 0xc0000005 Flags: 0x0 Record: 0x0 Address:
0x0000000077c43830

Thread 1
Thread ID: 0x00000380
Context:
EDI: 0x7FFDF000 ESI: 0x0 EAX: 0x00370000
EBX: 0x0250dd70 ECX: 0x00001000 EDX: 0x0
EIP: 0x7ffe0304 EBP: 0x0250ddc4 SegCs: 0x0000001b
EFlags: 0x00000202 ESP: 0x0250dd28 SegSs: 0x00000023

When I debug it with MS Visual C++ 6.0:

StackTrace:
MSVCRT! 77c43830()
KNOCKER! 00404383()
KNOCKER! 00404aa5()
KNOCKER! 004011c1()
KNOCKER! 004011eb()
KERNEL32! 77e814c7()

I get different registers reported by Visual C++:

EAX = 00000000 EBX = 7FFDF000 ECX = 00000000
EDX = 0040B230 ESI = 00000002 EDI = 00000000
EIP = 77C43830 ESP = 0250FEF4 EBP = 0250FF20
EFL = 00000246
MM0 = 77F781B077F517B2 MM1 = 0065002E00720065
MM2-7 = 0000000000000000

CS = 001B DS = 0023 ES = 0023 SS = 0023 FS = 0038
GS = 0000 OV=0 UP=0 EI=1 PL=0 ZR=1 AC=0 PE=1 CY=0
ST0 = -2.22976658576964501e+4289
ST1-7 = +0.00000000000000000e+0000

CTRL = 027F STAT = 0000 TAGS = FFFF EIP = 00000000
CS = 0000 DS = 0000 EDO = 00000000
MM00 = +9.94214E+033 MM01 = +1.00401E+034
MM10 = +1.04694E-038 MM11 = +9.27545E-039
MM20 = +0.00000E+000 MM21 = +0.00000E+000
MM30 = +0.00000E+000 MM31 = +0.00000E+000
MM40 = +0.00000E+000 MM41 = +0.00000E+000
MM50 = +0.00000E+000 MM51 = +0.00000E+000
MM60 = +0.00000E+000 MM61 = +0.00000E+000
MM70 = +0.00000E+000 MM71 = +0.00000E+000

If I skip the bad line at KNOCKER! 00404383() and start
running with the next line I program runs to completion with
this output:

-=[ 389/tcp, ►W" ]=- * OPEN *
-=[ 389/tcp, ►W" ]=- * OPEN *

This happens if I scan only port 389, or a range of ports
including 389.
This does not happen in linux with version 0.7.1.