I have looked at similar discussions (std::map causing memory leaks?) about this issue but according to the debug build of my app this is triggering a memory leak:
void CMeetingScheduleAssistantApp::SetLocale(LanguageMSA eLang)
{
// See: https://www.microsoft.com/resources/msdn/goglobal/default.mspx#ISO2
map<LanguageMSA, CString> mapLocales;
mapLocales.emplace(LanguageMSA::Afrikaans, _T("af"));
mapLocales.emplace(LanguageMSA::Albanian, _T("sqi"));
mapLocales.emplace(LanguageMSA::Arabic, _T("ara"));
mapLocales.emplace(LanguageMSA::Aukan, _T("drk"));
mapLocales.emplace(LanguageMSA::Bulgarian, _T("bgr"));
mapLocales.emplace(LanguageMSA::ChineseSimplified, _T("chs"));
mapLocales.emplace(LanguageMSA::Croatian, _T("hrv"));
mapLocales.emplace(LanguageMSA::Czech, _T("csy"));
mapLocales.emplace(LanguageMSA::Danish, _T("dan"));
mapLocales.emplace(LanguageMSA::Dutch, _T("nld"));
mapLocales.emplace(LanguageMSA::English, _T("eng"));
mapLocales.emplace(LanguageMSA::Estonian, _T("et"));
mapLocales.emplace(LanguageMSA::Finnish, _T("fin"));
mapLocales.emplace(LanguageMSA::French, _T("fra"));
mapLocales.emplace(LanguageMSA::German, _T("deu"));
mapLocales.emplace(LanguageMSA::Greek, _T("ell"));
mapLocales.emplace(LanguageMSA::Gujarati, _T("guj"));
mapLocales.emplace(LanguageMSA::Hindi, _T("hin"));
mapLocales.emplace(LanguageMSA::Hungarian, _T("hu-HU"));
mapLocales.emplace(LanguageMSA::Indonesian, _T("ind"));
mapLocales.emplace(LanguageMSA::Italian, _T("ita"));
mapLocales.emplace(LanguageMSA::Japanese, _T("jpn"));
mapLocales.emplace(LanguageMSA::Lingala, _T("ln-CG"));
mapLocales.emplace(LanguageMSA::Maltese, _T("mt-MT"));
mapLocales.emplace(LanguageMSA::Polish, _T("plk"));
mapLocales.emplace(LanguageMSA::PortugueseBrazil, _T("ptb"));
mapLocales.emplace(LanguageMSA::PortuguesePortugal, _T("pt-PT"));
mapLocales.emplace(LanguageMSA::Punjabi, _T("pa"));
mapLocales.emplace(LanguageMSA::Romanian, _T("rom"));
mapLocales.emplace(LanguageMSA::Russian, _T("rus"));
mapLocales.emplace(LanguageMSA::Saramaccan, _T("fra")); // Special case (uses French)
mapLocales.emplace(LanguageMSA::Setswana, _T("tn-ZA"));
mapLocales.emplace(LanguageMSA::Slovenian, _T("slv"));
mapLocales.emplace(LanguageMSA::Spanish, _T("esp"));
mapLocales.emplace(LanguageMSA::Swahili, _T("swk"));
mapLocales.emplace(LanguageMSA::Swedish, _T("sve"));
mapLocales.emplace(LanguageMSA::Tagalog, _T("fil-PH"));
mapLocales.emplace(LanguageMSA::Tamil, _T("tai"));
mapLocales.emplace(LanguageMSA::Tsonga, _T("tso"));
mapLocales.emplace(LanguageMSA::Turkish, _T("trk"));
mapLocales.emplace(LanguageMSA::Ukrainian, _T("ukr"));
mapLocales.emplace(LanguageMSA::Vietnamese, _T("vit"));
mapLocales.emplace(LanguageMSA::Zulu, _T("zu-ZA"));
CString strLocale = _T("eng"); // Default (also used by some "partial" translations
if (mapLocales.find(eLang) != mapLocales.end())
strLocale = mapLocales[eLang];
_tsetlocale(LC_ALL, strLocale);
}
Please advise if there is anything I need to do to stop this memory leak being listed when the debug version closes. Or is it a red herring in this case?
LanguageMSA is an enum class:
enum class LanguageMSA
{
English = 0,
German,
Spanish,
Italian,
Polish,
French,
PortugueseBrazil,
Dutch,
Swedish,
Slovenian,
Czech,
Finnish,
Danish,
Ukrainian,
Russian,
Tagalog,
HaitianCreole,
Afrikaans,
Albanian,
ChineseSimplified,
Croatian,
Turkish,
Twi,
Swahili, // AJT v11.3.4
Estonian, // AJT v12.0.5
Romanian, // AJT v12.0.8
Greek, // AJT v13.0.0
Bulgarian, // AJT v13.0.2
Malagasy, // AJT v14.0.4
Arabic, // AJT v16.0.0
Indonesian, // AJT v16.0.2
Hindi, // AJT v16.0.7
Tamil, // AJT v16.1.0
Vietnamese, // AJT v16.1.1
Zulu, // AJT v16.1.6
Gun, // AJT v17.0.9
Lingala, // AJT v17.0.9
PortuguesePortugal, // AJT v17.1.0
Punjabi, // AJT v17.1.3
Maltese, // AJT v17.2.3
Hungarian, // AJT v17.2.6
Saramaccan, // AJT v18.0.0
Amharic, // AJT v18.0.6
Japanese, // AJT v18.0.6
Setswana, // AJT v18.0.8
Sranantongo,// AJT v18.1.4
Aukan, // AJT v18.1.6
Armenian, // AJT v18.2.1
Gujarati, // AJT v19.0.9
Sesotho, // AJT v20.0.3
Cebuano, // AJT v20.1.2
Tsonga, // AJT v20.1.5
PidginWestAfrica, // AJT v20.3.0
// Maintain a count of language enums
Count
} ;
Memory leak dump:
Detected memory leaks!
Dumping objects ->
{104257} normal block at 0x0000028AC8015830, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{104255} normal block at 0x0000028AC8015210, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{104253} normal block at 0x0000028AC706A920, 168 bytes long.
Data: < (R ÈŠ > 05 00 00 00 00 00 00 00 28 52 01 C8 8A 02 00 00
{104244} normal block at 0x0000028AE311F820, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{104242} normal block at 0x0000028AE311EEC0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{104241} normal block at 0x0000028AC706A0B0, 168 bytes long.
Data: < Øî ㊠> 04 00 00 00 00 00 00 00 D8 EE 11 E3 8A 02 00 00
{104232} normal block at 0x0000028AC80152F0, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{104230} normal block at 0x0000028AC6CF9690, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{104229} normal block at 0x0000028AC7069C00, 168 bytes long.
Data: < ¨–ÏÆŠ > 03 00 00 00 00 00 00 00 A8 96 CF C6 8A 02 00 00
{104220} normal block at 0x0000028AC8015DE0, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{104218} normal block at 0x0000028AC6CF8F10, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{104217} normal block at 0x0000028AC706B280, 168 bytes long.
Data: < ( ÏÆŠ > 02 00 00 00 00 00 00 00 28 8F CF C6 8A 02 00 00
{104208} normal block at 0x0000028AC80151A0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{104206} normal block at 0x0000028AC80164E0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{104204} normal block at 0x0000028AC706B910, 168 bytes long.
Data: < ød ÈŠ > 01 00 00 00 00 00 00 00 F8 64 01 C8 8A 02 00 00
{104195} normal block at 0x0000028AC8016A20, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{104193} normal block at 0x0000028AC8014560, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{104191} normal block at 0x0000028AC706A830, 168 bytes long.
Data: < xE ÈŠ > 00 00 00 00 00 00 00 00 78 45 01 C8 8A 02 00 00
{103563} normal block at 0x0000028AC80157C0, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{103561} normal block at 0x0000028AC8013B50, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{103559} normal block at 0x0000028AC706B820, 168 bytes long.
Data: < h; ÈŠ > 05 00 00 00 00 00 00 00 68 3B 01 C8 8A 02 00 00
{103550} normal block at 0x0000028AC7090340, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{103548} normal block at 0x0000028AC7090DC0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{103547} normal block at 0x0000028AC706B730, 168 bytes long.
Data: < Ø ÇŠ > 04 00 00 00 00 00 00 00 D8 0D 09 C7 8A 02 00 00
{103538} normal block at 0x0000028AC8016BE0, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{103536} normal block at 0x0000028AC6CF8E90, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{103535} normal block at 0x0000028AC706A290, 168 bytes long.
Data: < ¨ŽÏÆŠ > 03 00 00 00 00 00 00 00 A8 8E CF C6 8A 02 00 00
{103526} normal block at 0x0000028AC80169B0, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{103524} normal block at 0x0000028AC6CF8D10, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{103523} normal block at 0x0000028AC706A380, 168 bytes long.
Data: < ( ÏÆŠ > 02 00 00 00 00 00 00 00 28 8D CF C6 8A 02 00 00
{103514} normal block at 0x0000028AC8015F30, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{103512} normal block at 0x0000028AC8013FB0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{103510} normal block at 0x0000028AC706A650, 168 bytes long.
Data: < È? ÈŠ > 01 00 00 00 00 00 00 00 C8 3F 01 C8 8A 02 00 00
{103501} normal block at 0x0000028AC8013CA0, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{103499} normal block at 0x0000028AC8013760, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{103497} normal block at 0x0000028AC706BA00, 168 bytes long.
Data: < x7 ÈŠ > 00 00 00 00 00 00 00 00 78 37 01 C8 8A 02 00 00
{101036} normal block at 0x0000028AC8013990, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{101034} normal block at 0x0000028AC8014640, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{101032} normal block at 0x0000028AC706B190, 168 bytes long.
Data: < XF ÈŠ > 05 00 00 00 00 00 00 00 58 46 01 C8 8A 02 00 00
{101023} normal block at 0x0000028AE311F700, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{101021} normal block at 0x0000028AE311E5C0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{101020} normal block at 0x0000028AC706A740, 168 bytes long.
Data: < Øå ㊠> 04 00 00 00 00 00 00 00 D8 E5 11 E3 8A 02 00 00
{101011} normal block at 0x0000028AC8013680, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{101009} normal block at 0x0000028AC6CDEA80, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{101008} normal block at 0x0000028AC706A560, 168 bytes long.
Data: < êÍÆŠ > 03 00 00 00 00 00 00 00 98 EA CD C6 8A 02 00 00
{100999} normal block at 0x0000028AC8015050, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{100997} normal block at 0x0000028AC6CDF900, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{100996} normal block at 0x0000028AC706ADD0, 168 bytes long.
Data: < ùÍÆŠ > 02 00 00 00 00 00 00 00 18 F9 CD C6 8A 02 00 00
{100987} normal block at 0x0000028AC80135A0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{100985} normal block at 0x0000028AC8014FE0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{100983} normal block at 0x0000028AC706B0A0, 168 bytes long.
Data: < øO ÈŠ > 01 00 00 00 00 00 00 00 F8 4F 01 C8 8A 02 00 00
{100974} normal block at 0x0000028AC80145D0, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{100972} normal block at 0x0000028AC8014480, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{100970} normal block at 0x0000028AC706B460, 168 bytes long.
Data: < D ÈŠ > 00 00 00 00 00 00 00 00 98 44 01 C8 8A 02 00 00
{12591} normal block at 0x0000028AC64B5970, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{12589} normal block at 0x0000028AC64B5740, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{12587} normal block at 0x0000028AC7F8D9D0, 168 bytes long.
Data: < XWKÆŠ > 05 00 00 00 00 00 00 00 58 57 4B C6 8A 02 00 00
{12578} normal block at 0x0000028AC7F06DB0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{12576} normal block at 0x0000028AC7F07830, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{12575} normal block at 0x0000028AC7F8D8E0, 168 bytes long.
Data: < HxðÇŠ > 04 00 00 00 00 00 00 00 48 78 F0 C7 8A 02 00 00
{12566} normal block at 0x0000028AC64B5890, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{12564} normal block at 0x0000028AC6496AE0, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{12563} normal block at 0x0000028AC7F8D7F0, 168 bytes long.
Data: < øjIÆŠ > 03 00 00 00 00 00 00 00 F8 6A 49 C6 8A 02 00 00
{12554} normal block at 0x0000028AC64B5820, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{12552} normal block at 0x0000028AC64965E0, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{12551} normal block at 0x0000028AC7F8E240, 168 bytes long.
Data: < øeIÆŠ > 02 00 00 00 00 00 00 00 F8 65 49 C6 8A 02 00 00
{12542} normal block at 0x0000028AC64B4E10, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{12540} normal block at 0x0000028AC64B53C0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{12538} normal block at 0x0000028AC7F8D610, 168 bytes long.
Data: < ØSKÆŠ > 01 00 00 00 00 00 00 00 D8 53 4B C6 8A 02 00 00
{12529} normal block at 0x0000028AC64B4D30, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{12527} normal block at 0x0000028AC64B4C50, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{12525} normal block at 0x0000028AC7EE7740, 168 bytes long.
Data: < hLKÆŠ > 00 00 00 00 00 00 00 00 68 4C 4B C6 8A 02 00 00
Object dump complete.
I have this code:
from scapy.all import *
packet = rdpcap("hand.pcap")[0]
Now when I use print(packet) I get normal bytes
b"\x00\x00\x18\x00+\x00\x00\x00\x19\x81\xea\x02\x00\x00\x00\x00\x10\x00l\t\x00\x00\xdb\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x06\xd6\xaa\xb0x\xe9\x06\xd6\xaa\xb0x\xe9\x80V\x8cAn\xa0\x01\x00\x00\x00d\x00\x11\x15\x00\nHuawei281s\x01\x08\x82\x84\x8b\x96$0Hl\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07\x06HR \x01\r\x14 \x01\x00#\x02\x13\x00*\x01\x022\x04\x0c\x12\x18`0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x0c\x00-\x1a\xad\x01\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x04\x00\x08\x00\x00\x00\x00#\xdd\x05\x00\x162\x80\x00\xdd\x08\x00P\xf2\x11\x02\x00\x00\x00\xdd\x1e\x00\x90L\x04\x08\xbf\x0c\xb2y\x81\x0f\xfa\xff\x00\x00\xfa\xff\x00\x00\xc0\x05\x00\x01\x00\x00\x00\xc3\x02\x00\x02\xdd\t\x00\x10\x18\x02\x01\x00\x1c\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1d\x00\x90L\\\x02\x01\n\x00\x08\x07\x01\x0f\x00\x00\x00\x00\x00\x01\n\x01\x01\x01\x01\x0f\x00\x00\x00\x00\x00d\x08\x06~"
When I use hexdump(packet) I get this
0000 00 00 18 00 2B 00 00 00 19 81 EA 02 00 00 00 00 ....+...........
0010 10 00 6C 09 00 00 DB 00 80 00 00 00 FF FF FF FF ..l.............
0020 FF FF 06 D6 AA B0 78 E9 06 D6 AA B0 78 E9 80 56 ......x.....x..V
0030 8C 41 6E A0 01 00 00 00 64 00 11 15 00 0A 48 75 .An.....d.....Hu
0040 61 77 65 69 32 38 31 73 01 08 82 84 8B 96 24 30 awei281s......$0
0050 48 6C 03 01 01 05 04 00 02 00 00 07 06 48 52 20 Hl...........HR
0060 01 0D 14 20 01 00 23 02 13 00 2A 01 02 32 04 0C ... ..#...*..2..
0070 12 18 60 30 14 01 00 00 0F AC 04 01 00 00 0F AC ..`0............
0080 04 01 00 00 0F AC 02 0C 00 2D 1A AD 01 1B FF FF .........-......
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 3D 16 01 00 17 00 00 00 00 00 00 .....=..........
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 7F 08 04 ................
00c0 00 08 00 00 00 00 40 DD 05 00 16 32 80 00 DD 08 ......#....2....
00d0 00 50 F2 11 02 00 00 00 DD 1E 00 90 4C 04 08 BF .P..........L...
00e0 0C B2 79 81 0F FA FF 00 00 FA FF 00 00 C0 05 00 ..y.............
00f0 01 00 00 00 C3 02 00 02 DD 09 00 10 18 02 01 00 ................
0100 1C 00 00 DD 18 00 50 F2 02 01 01 00 00 03 A4 00 ......P.........
0110 00 27 A4 00 00 42 43 5E 00 62 32 2F 00 DD 1D 00 .'...BC^.b2/....
0120 90 4C 5C 02 01 0A 00 08 07 01 0F 00 00 00 00 00 .L\.............
0130 01 0A 01 01 01 01 0F 00 00 00 00 00 64 08 06 7E ............d..~
And in that is my SSID with name Huawei281s in scambled in
When I use print(packet.show)
I get this
<bound method Packet.show of <RadioTap version=0 pad=0 len=24 present=TSFT+Flags+Channel+dBm_AntSignal mac_timestamp=48922905 Flags=FCS ChannelFrequency=2412 ChannelFlags= dBm_AntSignal=-37dBm notdecoded='\x00' |<Dot11FCS subtype=8 type=Management proto=0 FCfield= ID=0 addr1=ff:ff:ff:ff:ff:ff addr2=06:d6:aa:b0:78:e9 addr3=06:d6:aa:b0:78:e9 SC=22144 fcs=0x7e060864 |<Dot11Beacon timestamp=6986547596 beacon_interval=100 cap=res8+short-slot+res12+ESS+privacy |<Dot11Elt ID=SSID len=10 info='Huawei281s' |<Dot11EltRates ID=1 len=8 rates=[0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c] |<Dot11Elt ID=DSset len=1 info='\x01' |<Dot11Elt ID=TIM len=4 info='\x00\x02\x00\x00' |<Dot11EltCountry ID=7 len=6 country_string='HR ' descriptors=[<Dot11EltCountryConstraintTriplet first_channel_number=1 num_channels=13 mtp=20 |>] pad=32 |<Dot11EltRates ID=1 len=0 |<Dot11Elt ID=35 len=2 info='\x13\x00' |<Dot11Elt ID=ERPinfo len=1 info='\x02' |<Dot11Elt ID=ESRates len=4 info='\x0c\x12\x18`' |<Dot11EltRSN ID=48 len=20 version=1 group_cipher_suite=<RSNCipherSuite oui=0xfac cipher=CCMP |> nb_pairwise_cipher_suites=1 pairwise_cipher_suites=[<RSNCipherSuite oui=0xfac cipher=CCMP |>] nb_akm_suites=1 akm_suites=[<AKMSuite oui=0xfac suite=PSK |>] mfp_capable=0 mfp_required=0 gtksa_replay_counter=0 ptksa_replay_counter=3 no_pairwise=0 pre_auth=0 reserved=0 |<Dot11Elt ID=HTCapabilities len=26 info='\xad\x01\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |<Dot11Elt ID=HTinfo len=22 info='\x01\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |<Dot11Elt ID=ExtendendCapatibilities len=8 info='\x04\x00\x08\x00\x00\x00\x00#' |<Dot11EltVendorSpecific ID=221 len=5 oui=0x1632 info='\x80\x00' |<Dot11EltVendorSpecific ID=221 len=8 oui=0x50f2 info='\x11\x02\x00\x00\x00' |<Dot11EltVendorSpecific ID=221 len=30 oui=0x904c info='\x04\x08\xbf\x0c\xb2y\x81\x0f\xfa\xff\x00\x00\xfa\xff\x00\x00\xc0\x05\x00\x01\x00\x00\x00\xc3\x02\x00\x02' |<Dot11EltVendorSpecific ID=221 len=9 oui=0x1018 info='\x02\x01\x00\x1c\x00\x00' |<Dot11EltVendorSpecific ID=221 len=24 oui=0x50f2 info="\x02\x01\x01\x00\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00" |<Dot11EltVendorSpecific ID=221 len=29 oui=0x904c info='\\\x02\x01\n\x00\x08\x07\x01\x0f\x00\x00\x00\x00\x00\x01\n\x01\x01\x01\x01\x0f\x00\x00\x00\x00\x00' |>>>>>>>>>>>>>>>>>>>>>>>
And there is my SSID under info
and for print(type(packet.show)) I get
<class 'method'>
And when I use packet.show() I get bunch of data with this
###[ 802.11 Information Element ]###
ID = SSID
len = 10
info = 'Huawei281s'
So im wondering how can I extract my SSID from packet
In this specific case you could use
packet[Dot11Beacon].network_stats()
But have a look at the doc for a more in depth tutorial. it seems you haven't really looked into Scapy's syntax :)
I'm analyzing this tiny ELF file:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 78 00 40 00 00 00 00 00 |..>.....x.#.....|
00000020 40 00 00 00 00 00 00 00 98 00 00 00 00 00 00 00 |#...............|
00000030 00 00 00 00 40 00 38 00 01 00 40 00 03 00 02 00 |....#.8...#.....|
00000040 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..#.......#.....|
00000060 7e 00 00 00 00 00 00 00 7e 00 00 00 00 00 00 00 |~.......~.......|
00000070 00 00 20 00 00 00 00 00 31 c0 ff c0 cd 80 00 2e |.. .....1.......|
00000080 73 68 73 74 72 74 61 62 00 2e 74 65 78 74 00 00 |shstrtab..text..|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000d0 00 00 00 00 00 00 00 00 0b 00 00 00 01 00 00 00 |................|
000000e0 06 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 |........x.#.....|
000000f0 78 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 |x...............|
00000100 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 |................|
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000130 7e 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 |~...............|
00000140 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 |........|
00000158
I found documentation on the ELF header and the program header and decoded both of those, but I'm having problems decoding what's after this (starting with 31 c0 ff c0 cd 80 00 2e). Judging by the "shstrtab" text, I am looking at the section table, but what does 31 c0 ff c0 cd 80 00 2e mean? Where is this part documented?
OK, judging by the information in the first 16 bytes of the header:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
E L F | | '--- Pudding :) ---'
| '--- Little-endian (ELFDATA2LSB)
'------ 64-bit (ELFCLASS64)
we're dealing with a 64-bit ELF with little-endian encoding of multi-byte numbers. So the ELF header is the first 4 rows in the hex editor. We're interested in these fields in the last two rows of it:
Prog Hdr Tab offset Sect Hdr Tab offset
.----------^----------. .----------^----------.
00000020 40 00 00 00 00 00 00 00 98 00 00 00 00 00 00 00 |#...............|
00000030 00 00 00 00 40 00 38 00 01 00 40 00 03 00 02 00 |....#.8...#.....|
'-.-' '-.-' '-.-' '-.-' '-.-'
PHT entry size ---' | | | '-- Sect names in #2
PHT num entries ----------' | '-- SHT num entries
'-------- SHT entry size
So we know that the Program Headers Table starts at offset 0x40 in the file (right after this header) and contains 1 entry of size 0x38 (56 bytes). So it ends at offset 0x40 + 1*0x38 = 0x78 (this is the first byte after this table, and this is also where your "mysterious data" begins, so keep this in mind).
The Section Headers Table starts at offset 0x98 in the file and contains 3 entries of size 0x40 (64 bytes), that is, each entry in SHT takes 4 consecutive rows in a hex editor, and the entire table is 3*4 = 12 such rows, so the offset 0x158 is the first byte after this table. But this is just the end of the file, so there's nothing more after the SHT.
The SHT entry at index 2 (the third=last one) should be a string table that contains the names for the sections.
So let's look at those sections now, shall we?
Section #2
Let's start with section #2, since it is supposed to contain the string table with the names for all the sections, so it will be very useful in further analysis. Here's its header (the last one in the table):
Name index Type=SHT_STRTAB (bingo!)
Flags .----^----. .----^----.
00000118 .----------^----------. 01 00 00 00 03 00 00 00 |........|
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000130 7e 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 |~...............|
'----------.----------' '----------.----------'
Starting offset Size
00000140 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 |........|
00000158
So this is indeed a string table (0x03 = SHT_STRTAB). It starts from offset 0x7E in the file and takes 0x11 (17) consecutive bytes. The first byte after the string table is therefore 0x8F. This byte is not a part of any section (garbage).
The string table
So let's see what's in the section containing the string table, so that we could name our sections:
0000007E 00 2e |..|
00000080 73 68 73 74 72 74 61 62 00 2e 74 65 78 74 00 |shstrtab..text.|
0000008F
Here's the string table, with addresses relative to its beginning:
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
00: 00 2E 73 68 73 74 72 74 61 62 00 2e 74 65 78 74
10: 00
or the same in ASCII, with the NULL characters marked as ∎:
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
00: ∎ . s h s t r t a b ∎ . t e x t
10: ∎
So we have just 3 full string in it, with the following relative offsets:
00: "" (Just the empty string)
01: ".shstrtab" (Name for this section)
0B: ".text" (Name for the section that contains the executable code)
(Keep in mind, though, that sections can also address substrings inside those strings, if they share the common ending.)
We can now verify that this section (#2) is indeed named .shstrtab: its name index was 0x01 after all, wasn't it? ;)
Section #1
Now let's take apart section #1's header:
Name index Type=SHT_PROGBITS
Flags .----^----. .----^----.
000000d8 .----------^----------. 0b 00 00 00 01 00 00 00 |........|
000000e0 06 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 |........x.#.....|
000000f0 78 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 |x...............|
'----------.----------' '----------.----------'
Starting offset Size
00000100 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 |........|
00000118
So this section is named .text (note the name index 0x0B) and it is of type SHT_PROGBITS, so it contains some program-defined data; the executable code in this case. It starts from the offset 0x78 in the file and takes the next 6 bytes, so the first byte after this section is at offset 0x7E (where the string table begins). Here's its contents:
00000070 31 c0 ff c0 cd 80 |1.....|
0000007E
But wait! Remember where your "mysterious data" starts? Yes! It's the 0x78 offset! :) So this "mysterious data" is actually your executable payload :) After decoding it as Intel x86-64 opcodes we get this tiny little program:
31 C0 xor %eax,%eax ; Clear the EAX register to 0 (the short way).
FF C0 inc %eax ; Increase the EAX, so now it contains 1.
CD 80 int $0x80 ; Interrupt 0x80 is the system call on Linux.
which is basically equivalent to calling exit(0) in C ;) because the syscall interrupt expects the operation number in EAX, which in this case is sys_exit (operation number 1).
So yeah, mystery solved :) But let's continue anyway, to learn something more, and this way we'll find out where this piece of code will be loaded in memory.
Section #0
And finally section #0. It has some part missing, but I assume it was all 0s, since the first section is always a NULL section after all. Here's its (butchered) header:
00000098 00 00 00 00 00 00 00 00 | ........|
*
000000d0 00 00 00 00 00 00 00 00
But it's of no use to us. Nothing interesting here.
Program Headers Table
The last thing what's left to decode is the Program Headers Table, which – according to the information from the ELF header – starts from the offset 0x40 and takes 56 bytes, the first byte after it being at offset 0x78. Here's the dump:
Type=PHT_EXEC Flags=RX Starting offset in file
.----^----. .----^----. .----------^----------.
00000040 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..#.......#.....|
'----------.----------' '----------.----------'
Virtual address Physical address
Size in file Size in memory
.----------^----------. .----------^----------.
00000060 7e 00 00 00 00 00 00 00 7e 00 00 00 00 00 00 00 |~.......~.......|
00000070 00 00 20 00 00 00 00 00
00000078 '----------.----------'
Alignment
So it says that we load the first 126 (0x7E) bytes of the file into a memory segment of the same size, and the memory segment is supposed to start from the virtual address 0x400000. Our code starts from the offset 0x78 in the file and the first byte after it has the offset 0x7E, so it basically loads the entire beginning of the file, with the ELF header and the program header table into memory, as well as our executable payload at the end of it, and stops loading afterwards, ignoring the rest of the file.
So if the beginning of the file is loaded at address 0x400000, and our program starts 120 (0x78) bytes from its beginning, it will be located at the address 0x400078 in memory :>
Now let's see what entry point is specified in the ELF header for our program:
Executable x86-64 Version=1 Program's entry point
.-^-. .-^-. .----^----. .----------^----------.
00000010 02 00 3e 00 01 00 00 00 78 00 40 00 00 00 00 00 |..>.....x.#.....|
Bingo! :> It's 0x400078, so it points at the start of our little piece of code in the memory image.
And that's all, folks! ;)
I have a hex string which I want to convert into a Wireshark pcap. Wireshark accepts a hex dump in the following format:
0000 00 00 00 00 00 aa 00 00 00 00 00 01 88 47 00 3e
0010 80 0a 00 00 d1 0a 10 00 89 02 20 01 05 46 00 00
0020 00 01 00 02 04 03 6d 64 31 02 03 6d 61 57 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00
I have the following stream:
0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
I have been experimenting with od -Ax -tc1 -v command in linux but can not seem to get the correct output. Does anyone know how this can be done?
First put the hex stream into a text file "a.txt",
0000000000AA0000000000018847003E800A0000D10A100089022001054600000001000204036D643102036D615700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
then convert the text file into a binary file:
xxd -r -p a.txt a.bin
using od and text2pcap to convert the binary file to a pcap file.
od -Ax -tx1 -v a.bin | text2pcap - a.pcap
You can use the following script. This is just a workaround. od and hexdump will interpret 0 as the character '0', and use the byte 48, so you may not get proper output. The script reads two chars for 16 times, and offset is incremented accordingly. Pretty simple to understand I guess:)
#!/bin/bash
off=0
while [ 1 ]
do
printf "%04x " $off
for ((i=0;i<16;i++))
do
read -n 2 a
[ $? -ne 0 ] && echo && exit
echo -n "$a "
done
echo
off=`expr $off + 16`
done <test
where test is the file that holds the stream. I got the following output for your input.
0000 00 00 00 00 00 AA 00 00 00 00 00 01 88 47 00 3E
0010 80 0A 00 00 D1 0A 10 00 89 02 20 01 05 46 00 00
0020 00 01 00 02 04 03 6D 64 31 02 03 6D 61 57 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00