Nmap 3.99

CHANGELOG

@@ -1,4 +1,33 @@
 # Nmap Changelog ($Id$); -*-text-*-
+3.99
+
+o Created a Windows executable installer using the open source NSIS
+  (Nullsoft Scriptable Install System).  It handles Pcap installation,
+  registry performance changes, and adding Nmap to your cmd.exe
+  executable path.  The installer source files are in mswin32/nsis/ .
+  Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for
+  creating the initial version.
+
+o Added runtime interaction support to Windows, thanks to a 2-line
+  (wow) patch from Gisle Vanem (giva(a)bgnett.no)
+
+o Fixed a backward compatibility bug in which Nmap didn't recognize
+  the --min_rtt_timeout option (it only recognized the newly
+  hyphenated --min-rtt-timeout).  Thanks to Joshua D. Abraham
+  (jabra(a)ccs.neu.edu) for the bug report.
+
+o Fixed compilation to again work with gcc-derivatives such as
+  MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
+  patches
+
+o Integrated all remaining 2005 service submissions.  The DB now has
+  surpassed 3,000 signatures for the first time.  There now are 3,153
+  signatures for 381 service protocols.  Those protocols span the
+  gamut from abc, acap, afp, and afs to zebedee, zebra, and
+  zenimaging.  It even covers obscure protocols such as http, ftp,
+  smtp, and ssh :).  Thanks to Version Detection Czar Doug Hoyte for
+  his excellent work on this.
+
 3.98BETA1
 
 o Added run time interaction as documented at
@@ -38,7 +67,7 @@ o The 26 Nmap commands that previously included an underscore
   (--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
   renamed to use a hyphen in the preferred format
   (i.e. --max-rtt-timeout).  Underscores are still supported for
-  backwared compatability.
+  backward compatibility.
 
 o More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
   were applied to remove all deprecated GTK API calls.  This also
@@ -61,7 +90,7 @@ o Added some exception handling code to mswin32/winfix.cc to prevent
 
 o Stripped the firewall API out of the libdnet included with Nmap
   because Nmap doesn't use it anyway.  This saves space and reduces the
-  likelyhood of compilation errors and warnings.
+  likelihood of compilation errors and warnings.
 
 o Modified the previously useless --noninteractive option so that it
   deactivates runtime interaction.
@@ -70,7 +99,7 @@ o Modified the previously useless --noninteractive option so that it
 
 o Added --max_retries option for capping the maximum number of
   retransmissions the port scan engine will do. The value may be as low
-  as 0 (no retransmits).  A low value can increase spead, though at the
+  as 0 (no retransmits).  A low value can increase speed, though at the
   risk of losing accuracy.  The -T4 option now allows up to 6 retries,
   and -T5 allows 2.  Thanks to Martin Macok
   (martin.macok(a)underground.cz) for writing the initial patch, which I
@@ -172,7 +201,7 @@ o Fixed a problem that prevented the command "nmap -sT -PT <targets>"
   doesn't change default behavior in this case, but Nmap should (and now
   does) allow it.
 
-o Applied another VS 2005 compatability patch from KX (kxmail(a)gmail.com).
+o Applied another VS 2005 compatibility patch from KX (kxmail(a)gmail.com).
 
 o Define INET_ADDRSTRLEN in tcpip.h if the system doesn't define it
   for us.  This apparently aids compilation on Solaris 2.6 and 7.
@@ -249,7 +278,7 @@ o Added the --webxml option, which does the same thing as
   --stylesheet http://www.insecure.org/nmap/data/nmap.xsl , without
   requiring you to remember the exact URL or type that whole thing.
 
-o Fixed a crash occured when the --exclude option was used with
+o Fixed a crash occurred when the --exclude option was used with
   netmasks on certain platforms.  Thanks to Adam
   (nmapuser(a)globalmegahost.com) for reporting the problem and to
   Greg Darke (starstuff(a)optusnet.com.au) for sending a patch (I
@@ -329,7 +358,7 @@ o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since
   April.
 
 o Updated the included libpcre (used for version detection) from
-  version 4.3 to 6.3.  A libpcre securty issue was fixed in 6.3, but
+  version 4.3 to 6.3.  A libpcre security issue was fixed in 6.3, but
   that issue never affected Nmap.
 
 o Updated the included libpcap from 0.8.3 to 0.9.3.  I also changed
@@ -340,7 +369,7 @@ o Updated the included libpcap from 0.8.3 to 0.9.3.  I also changed
 Nmap 3.90
 
 o Added the ability for Nmap to send and properly route raw ethernet
-  packets cointaining IP datagrams rather than always sending the
+  packets containing IP datagrams rather than always sending the
   packets via raw sockets. This is particularly useful for Windows,
   since Microsoft has disabled raw socket support in XP for no good
   reason.  Nmap tries to choose the best method at runtime based on
@@ -392,7 +421,7 @@ o Applied a massive OS fingerprint update from Zhao Lei
   broadband routers, printers, WAPs and pretty much any other device
   you can coax an ethernet cable (or wireless card) into!
 
-o Added 'leet ASCII art to the confugrator!  ARTIST NOTE: If you think
+o Added 'leet ASCII art to the configurator!  ARTIST NOTE: If you think
   the ASCII art sucks, feel free to send me alternatives.  Note that
   only people compiling the UNIX source code get this. (ASCII artist
   unknown).
@@ -415,7 +444,7 @@ o Nmap on Windows now compiles/links with the new WinPcap 3.1
   While older versions may still work, they aren't supported with Nmap.
 
 o The official Nmap RPM files are now compiled statically for better
-  compatability with other systems.  X86_64 (AMD Athlon64/Opteron)
+  compatibility with other systems.  X86_64 (AMD Athlon64/Opteron)
   binaries are now available in addition to the standard i386.  NmapFE
   RPMs are no longer distributed by Insecure.Org.
 
@@ -497,7 +526,7 @@ o Updated random scan (ip_is_reserved()) to reflect the latest IANA
 o Included new Russian man page translation by
   locco_bozi(a)Safe-mail.net
 
-o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
+o Applied patch from Steve Martin (smartin(a)stillsecure.com) which
   standardizes many OS names and corrects typos in nmap-os-fingerprints.
 
 o Fixed a crash found during certain UDP version scans.  The crash was
@@ -545,9 +574,9 @@ o Added configure option --with-libpcap=included to tell Nmap to use
   --with-libpcap=included .
 
 o Changed the --no-stylesheet option to --no_stylesheet to be
-  consistant with all of the other Nmap options.  Though I'm starting to
+  consistent with all of the other Nmap options.  Though I'm starting to
   like hyphens a bit better than underscores and may change all of the
-  options to use hyphens instad at some point.
+  options to use hyphens instead at some point.
 
 o Added "Exclude" directive to nmap-service-probes grammar which
   causes version detection to skip listed ports.  This is helpful for
@@ -568,7 +597,7 @@ o Removed WinIP library (and all Windows raw sockets code) since MS
   --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
   and --win_trace options have been removed.
 
-o Chagned the interesting ports array from a 65K-member array of
+o Changed the interesting ports array from a 65K-member array of
   pointers into an STL list.  This noticeable reduces memory usage in
   some cases, and should also give a slight runtime performance
   boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).
@@ -606,7 +635,7 @@ o The OS fingerprint is now provided in XML output if debugging is
   enabled (-d) or verbosity is at least 2 (-v -v).  This patch was
   sent by Okan Demirmen (okan(a)demirmen.com)
 
-o Fixed the way tcp connect scan (-sT) respons to ICMP network
+o Fixed the way tcp connect scan (-sT) response to ICMP network
   unreachable responses (patch by Richard Moore
   (rich(a)westpoint.ltd.uk).
 
@@ -618,7 +647,7 @@ o Updated GNU shtool (a helper program used during 'make install' to
   weakness discovered by Eric Raymond.
 
 o Removed addport element from XML DTD, since it is no longer used
-  (sugested by Lionel Cons (lionel.cons(a)cern.ch)
+  (suggested by Lionel Cons (lionel.cons(a)cern.ch)
 
 o Added new --privileged command-line option and NMAP_PRIVILEGED
   environmental variable.  Either of these tell Nmap to assume that
@@ -714,7 +743,7 @@ o Fixed (I hope) an error which would cause the Windows version of
   (Unknown error)".  Problem reported by "Tony Golding"
   (biz(a)tonygolding.com).
 
-o Added new "closed|filtered" state.  This is used for Idlescan, since
+o Added new "closed|filtered" state.  This is used for Idle scan, since
   that scan method can't distinguish between those two states.  Nmap
   previously just used "closed", but this is more accurate.
 
@@ -977,7 +1006,7 @@ o Nmap now estimates completion times for almost all port scan types
 
 o Added --exclude option, which lets you specify a comma-separated
   list of targets (hosts, ranges, netblocks) that should be excluded
-  from the scan.  This is useful to keep from scannig yourself, your
+  from the scan.  This is useful to keep from scanning yourself, your
   ISP, particularly sensitive hosts, etc.  The new --excludefile reads
   the list (newline-delimited) from a given file.  All the work was
   done by Mark-David McLaughlin (mdmcl(a)cisco.com> and William McVey
@@ -1017,11 +1046,11 @@ o Enabled MAC address reporting when using the Windows version
 
 o Workaround crippled raw sockets on Microsoft Windows XP SP2 scans.
   I applied a patch by Andy Lutomirski (luto(a)stanford.edu) which
-  causes Nmap to default to winpcap sends instead.  The winpcap send
+  causes Nmap to default to WinPcap sends instead.  The WinPcap send
   functionality was already there for versions of Windows such as NT and
   Win98 that never supported Raw Sockets in the first place.
 
-o Changed how Nmap sends Arp requests on Windows to use the iphlpapi
+o Changed how Nmap sends ARP requests on Windows to use the iphlpapi
   SendARP() function rather than creating it raw and reading the
   response from the Windows ARP cache.  This works around a
   (reasonable) feature of Windows Firewall which ignored such
@@ -1053,7 +1082,7 @@ o Updated nmapfe.desktop file to provide better NmapFE desktop support
 o Further nmapfe.desktop changes to better fit the freedesktop
   standard.  The patch came from Murphy (m3rf(a)swimmingnoodle.com).
 
-o Fixed capitalization (with a perl script) of many over-capitalized
+o Fixed capitalization (with a Perl script) of many over-capitalized
   vendor names in nmap-mac-prefixes.
 
 o Ensured that MAC address vendor names are always escaped in XML
@@ -1084,7 +1113,7 @@ o Fixed various crashes and assertion failures related to the new
   (bill.petersen(a)alcatel.com).
 
 o Fixed some minor memory leaks relating to ping and list scanning as
-  well as the Nmap output table.  These were found with valgrind (
+  well as the Nmap output table.  These were found with Valgrind (
   http://valgrind.kde.org/ ).
 
 o Provide limited --packet_trace support for TCP connect() (-sT)
@@ -1093,14 +1122,14 @@ o Provide limited --packet_trace support for TCP connect() (-sT)
 o Fixed compilation on certain Solaris machines thanks to a patch by
   Tom Duffy (tduffy(a)sun.com)
 
-o Fixed some warnings that crop up when compiling nbase C files with a
+o Fixed some warnings that crop up when compiling Nbase C files with a
   C++ compiler.  Thanks to Gisle Vanem (giva(a)bgnett.no) for sending
   the patch.
 
 o Tweaked the License blurb on source files and in the man page.  It
   clarifies some issues and includes a new GPL exception that
   explicitly allows linking with the OpenSSL library.  Some people
-  believe that the GPL and OpenSSL licenses are incompatable without
+  believe that the GPL and OpenSSL licenses are incompatible without
   this special exception.
 
 o Fixed some serious runtime portability issues on *BSD systems.

Makefile.in

@@ -1,4 +1,4 @@
-export NMAP_VERSION = 3.98BETA1
+export NMAP_VERSION = 3.99
 NMAP_NAME= Nmap
 NMAP_URL= http://www.insecure.org/nmap/
 NMAP_PLATFORM=@host@

docs/nmap.1

@@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "NMAP" "1" "01/22/2006" "" "Nmap Reference Guide"
+.TH "NMAP" "1" "01/23/2006" "" "Nmap Reference Guide"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -106,8 +106,8 @@ HOST DISCOVERY:
   \-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
   \-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
   \-n/\-R: Never do DNS resolution/Always resolve [default: sometimes]
-  \-\-dns_servers <serv1[,serv2],...>: Specify custom DNS servers
-  \-\-system_dns: Use OS's DNS resolver
+  \-\-dns\-servers <serv1[,serv2],...>: Specify custom DNS servers
+  \-\-system\-dns: Use OS's DNS resolver
 SCAN TECHNIQUES:
   \-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
   \-sN/sF/sX: TCP Null, FIN, and Xmas scans
@@ -122,8 +122,9 @@ PORT SPECIFICATION AND SCAN ORDER:
   \-r: Scan ports consecutively \- don't randomize
 SERVICE/VERSION DETECTION:
   \-sV: Probe open ports to determine service/version info
-  \-\-version\-light: Limit to most likely probes for faster identification
-  \-\-version\-all: Try every single probe for version detection
+  \-\-version\-intensity <level>: Set from 0 (light) to 9 (try all probes)
+  \-\-version\-light: Limit to most likely probes (intensity 2)
+  \-\-version\-all: Try every single probe (intensity 9)
   \-\-version\-trace: Show detailed version scan activity (for debugging)
 OS DETECTION:
   \-O: Enable OS detection
@@ -133,11 +134,11 @@ TIMING AND PERFORMANCE:
   \-T[0\-5]: Set timing template (higher is faster)
   \-\-min\-hostgroup/max\-hostgroup <size>: Parallel host scan group sizes
   \-\-min\-parallelism/max\-parallelism <msec>: Probe parallelization
-  \-\-min_rtt_timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>: Specifies
+  \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>: Specifies
       probe round trip time.
   \-\-max\-retries <tries>: Caps number of port scan probe retransmissions.
   \-\-host\-timeout <msec>: Give up on target after this long
-  \-\-scan\-delay/\-\-max_scan\-delay <msec>: Adjust delay between probes
+  \-\-scan\-delay/\-\-max\-scan\-delay <msec>: Adjust delay between probes
 FIREWALL/IDS EVASION AND SPOOFING:
   \-f; \-\-mtu <val>: fragment packets (optionally w/given MTU)
   \-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
@@ -160,7 +161,7 @@ OUTPUT:
   \-\-resume <filename>: Resume an aborted scan
   \-\-stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
   \-\-webxml: Reference stylesheet from Insecure.Org for more portable XML
-  \-\-no_stylesheet: Prevent associating of XSL stylesheet w/XML output
+  \-\-no\-stylesheet: Prevent associating of XSL stylesheet w/XML output
 MISC:
   \-6: Enable IPv6 scanning
   \-A: Enables OS detection and Version detection
@@ -1239,13 +1240,6 @@ to activate this mode and then type
 h
 for help. This option is rarely used because proper shells are usually more familiar and feature\-complete. This option includes a bang (!) operator for executing shell commands, which is one of many reasons not to install Nmap setuid root.
 .TP
-\fB\-\-noninteractive\fR (For running Nmap from a program)
-This option may be specified when Nmap is run by a program rather than an actual user watching the screen directly. The only difference at this time is that Runtime Interaction (described in
-the section called \(lqRUNTIME INTERACTION\(rq) is disabled. Despite the confusingly similar name, this option is
-\fInot\fR
-simply the opposite of
-\fB\-\-interactive\fR.
-.TP
 \fB\-V\fR; \fB\-\-version\fR (Print version number)
 Prints the Nmap version number and exits.
 .TP
@@ -1265,9 +1259,7 @@ During the execution of nmap, all key presses are captured. This allows you to i
 \fIlowercase letters increase\fR
 the amount of printing, and
 \fIuppercase letters decrease\fR
-the printing. This functionality can be disabled by specifying the
-\fB\-\-noninteractive\fR
-option.
+the printing.
 .TP
 \fBv\fR / \fBV\fR
 Increase / Decrease the Verbosity

mswin32/nsis/AddToPath.nsh

@@ -0,0 +1,255 @@
+!ifndef _AddToPath_nsh
+!define _AddToPath_nsh
+ 
+!verbose 3
+!include "WinMessages.NSH"
+!verbose 4
+ 
+!ifndef WriteEnvStr_RegKey
+  !ifdef ALL_USERS
+    !define WriteEnvStr_RegKey \
+       'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
+  !else
+    !define WriteEnvStr_RegKey 'HKCU "Environment"'
+  !endif
+!endif
+
+; AddToPath - Adds the given dir to the search path.
+;        Input - head of the stack
+;        Note - Win9x systems requires reboot
+ 
+Function AddToPath
+  Exch $0
+  Push $1
+  Push $2
+  Push $3
+ 
+  # don't add if the path doesn't exist
+  IfFileExists "$0\*.*" "" AddToPath_done
+ 
+  ReadEnvStr $1 PATH
+  Push "$1;"
+  Push "$0;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+  Push "$1;"
+  Push "$0\;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+  GetFullPathName /SHORT $3 $0
+  Push "$1;"
+  Push "$3;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+  Push "$1;"
+  Push "$3\;"
+  Call StrStr
+  Pop $2
+  StrCmp $2 "" "" AddToPath_done
+ 
+  Call IsNT
+  Pop $1
+  StrCmp $1 1 AddToPath_NT
+    ; Not on NT
+    StrCpy $1 $WINDIR 2
+    FileOpen $1 "$1\autoexec.bat" a
+    FileSeek $1 -1 END
+    FileReadByte $1 $2
+    IntCmp $2 26 0 +2 +2 # DOS EOF
+      FileSeek $1 -1 END # write over EOF
+    FileWrite $1 "$\r$\nSET PATH=%PATH%;$3$\r$\n"
+    FileClose $1
+    SetRebootFlag true
+    Goto AddToPath_done
+ 
+  AddToPath_NT:
+    ReadRegStr $1 ${WriteEnvStr_RegKey} "PATH"
+    StrCpy $2 $1 1 -1 # copy last char
+    StrCmp $2 ";" 0 +2 # if last char == ;
+      StrCpy $1 $1 -1 # remove last char
+    StrCmp $1 "" AddToPath_NTdoIt
+      StrCpy $0 "$1;$0"
+    AddToPath_NTdoIt:
+      WriteRegExpandStr ${WriteEnvStr_RegKey} "PATH" $0
+      SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000
+ 
+  AddToPath_done:
+    Pop $3
+    Pop $2
+    Pop $1
+    Pop $0
+FunctionEnd
+ 
+; RemoveFromPath - Remove a given dir from the path
+;     Input: head of the stack
+ 
+Function un.RemoveFromPath
+  Exch $0
+  Push $1
+  Push $2
+  Push $3
+  Push $4
+  Push $5
+  Push $6
+ 
+  IntFmt $6 "%c" 26 # DOS EOF
+ 
+  Call un.IsNT
+  Pop $1
+  StrCmp $1 1 unRemoveFromPath_NT
+    ; Not on NT
+    StrCpy $1 $WINDIR 2
+    FileOpen $1 "$1\autoexec.bat" r
+    GetTempFileName $4
+    FileOpen $2 $4 w
+    GetFullPathName /SHORT $0 $0
+    StrCpy $0 "SET PATH=%PATH%;$0"
+    Goto unRemoveFromPath_dosLoop
+ 
+    unRemoveFromPath_dosLoop:
+      FileRead $1 $3
+      StrCpy $5 $3 1 -1 # read last char
+      StrCmp $5 $6 0 +2 # if DOS EOF
+        StrCpy $3 $3 -1 # remove DOS EOF so we can compare
+      StrCmp $3 "$0$\r$\n" unRemoveFromPath_dosLoopRemoveLine
+      StrCmp $3 "$0$\n" unRemoveFromPath_dosLoopRemoveLine
+      StrCmp $3 "$0" unRemoveFromPath_dosLoopRemoveLine
+      StrCmp $3 "" unRemoveFromPath_dosLoopEnd
+      FileWrite $2 $3
+      Goto unRemoveFromPath_dosLoop
+      unRemoveFromPath_dosLoopRemoveLine:
+        SetRebootFlag true
+        Goto unRemoveFromPath_dosLoop
+ 
+    unRemoveFromPath_dosLoopEnd:
+      FileClose $2
+      FileClose $1
+      StrCpy $1 $WINDIR 2
+      Delete "$1\autoexec.bat"
+      CopyFiles /SILENT $4 "$1\autoexec.bat"
+      Delete $4
+      Goto unRemoveFromPath_done
+ 
+  unRemoveFromPath_NT:
+    ReadRegStr $1 ${WriteEnvStr_RegKey} "PATH"
+    StrCpy $5 $1 1 -1 # copy last char
+    StrCmp $5 ";" +2 # if last char != ;
+      StrCpy $1 "$1;" # append ;
+    Push $1
+    Push "$0;"
+    Call un.StrStr ; Find `$0;` in $1
+    Pop $2 ; pos of our dir
+    StrCmp $2 "" unRemoveFromPath_done
+      ; else, it is in path
+      # $0 - path to add
+      # $1 - path var
+      StrLen $3 "$0;"
+      StrLen $4 $2
+      StrCpy $5 $1 -$4 # $5 is now the part before the path to remove
+      StrCpy $6 $2 "" $3 # $6 is now the part after the path to remove
+      StrCpy $3 $5$6
+ 
+      StrCpy $5 $3 1 -1 # copy last char
+      StrCmp $5 ";" 0 +2 # if last char == ;
+        StrCpy $3 $3 -1 # remove last char
+ 
+      WriteRegExpandStr ${WriteEnvStr_RegKey} "PATH" $3
+      SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000
+ 
+  unRemoveFromPath_done:
+    Pop $6
+    Pop $5
+    Pop $4
+    Pop $3
+    Pop $2
+    Pop $1
+    Pop $0
+FunctionEnd
+ 
+!ifndef IsNT_KiCHiK
+!define IsNT_KiCHiK
+ 
+###########################################
+#            Utility Functions            #
+###########################################
+ 
+; IsNT
+; no input
+; output, top of the stack = 1 if NT or 0 if not
+;
+; Usage:
+;   Call IsNT
+;   Pop $R0
+;  ($R0 at this point is 1 or 0)
+ 
+!macro IsNT un
+Function ${un}IsNT
+  Push $0
+  ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion
+  StrCmp $0 "" 0 IsNT_yes
+  ; we are not NT.
+  Pop $0
+  Push 0
+  Return
+ 
+  IsNT_yes:
+    ; NT!!!
+    Pop $0
+    Push 1
+FunctionEnd
+!macroend
+!insertmacro IsNT ""
+!insertmacro IsNT "un."
+ 
+!endif ; IsNT_KiCHiK
+ 
+; StrStr
+; input, top of stack = string to search for
+;        top of stack-1 = string to search in
+; output, top of stack (replaces with the portion of the string remaining)
+; modifies no other variables.
+;
+; Usage:
+;   Push "this is a long ass string"
+;   Push "ass"
+;   Call StrStr
+;   Pop $R0
+;  ($R0 at this point is "ass string")
+ 
+!macro StrStr un
+Function ${un}StrStr
+Exch $R1 ; st=haystack,old$R1, $R1=needle
+  Exch    ; st=old$R1,haystack
+  Exch $R2 ; st=old$R1,old$R2, $R2=haystack
+  Push $R3
+  Push $R4
+  Push $R5
+  StrLen $R3 $R1
+  StrCpy $R4 0
+  ; $R1=needle
+  ; $R2=haystack
+  ; $R3=len(needle)
+  ; $R4=cnt
+  ; $R5=tmp
+  loop:
+    StrCpy $R5 $R2 $R3 $R4
+    StrCmp $R5 $R1 done
+    StrCmp $R5 "" done
+    IntOp $R4 $R4 + 1
+    Goto loop
+done:
+  StrCpy $R1 $R2 "" $R4
+  Pop $R5
+  Pop $R4
+  Pop $R3
+  Pop $R2
+  Exch $R1
+FunctionEnd
+!macroend
+!insertmacro StrStr ""
+!insertmacro StrStr "un."
+ 
+!endif ; _AddToPath_nsh

mswin32/nsis/Nmap.nsi

@@ -0,0 +1,145 @@
+;Nmap Installer
+;Started by Bo Jiang @ 08/26/2005 06:07PM
+
+;--------------------------------
+;Include Modern UI
+
+  !include "MUI.nsh"
+  !include "AddToPath.nsh"
+
+;--------------------------------
+;General
+
+  ;Name and file
+  Name "Nmap"
+  OutFile "NmapInstaller.exe"
+
+  ;Default installation folder
+  InstallDir "$PROGRAMFILES\Nmap"
+  
+  ;Get installation folder from registry if available
+  InstallDirRegKey HKCU "Software\Nmap" ""
+
+;--------------------------------
+;Interface Settings
+
+  !define MUI_ABORTWARNING
+
+;--------------------------------
+;Pages
+
+;  !insertmacro MUI_PAGE_LICENSE "${NSISDIR}\Docs\Modern UI\License.txt"
+  !insertmacro MUI_PAGE_LICENSE "COPYING"
+  !insertmacro MUI_PAGE_COMPONENTS
+  !insertmacro MUI_PAGE_DIRECTORY
+  !insertmacro MUI_PAGE_INSTFILES
+  
+  !insertmacro MUI_UNPAGE_CONFIRM
+  !insertmacro MUI_UNPAGE_INSTFILES
+  
+;--------------------------------
+;Languages
+ 
+  !insertmacro MUI_LANGUAGE "English"
+
+;--------------------------------
+;Installer Sections
+
+Section "Nmap Core Files" SecCore
+
+  SetOutPath "$INSTDIR"
+  RMDir /r $PROGRAMFILES\Nmap
+  
+  SetOverwrite on
+  File CHANGELOG
+  File COPYING
+  File nmap-mac-prefixes
+  File nmap-os-fingerprints
+  File nmap-protocols
+  File nmap-rpc
+  File nmap-service-probes
+  File nmap-services
+  File nmap.exe
+  File nmap.xsl
+  File nmap_performance.reg
+  File README-WIN32
+  
+  ;Store installation folder
+  WriteRegStr HKCU "Software\Nmap" "" $INSTDIR
+  
+  ;Create uninstaller
+  WriteUninstaller "$INSTDIR\Uninstall.exe"
+
+SectionEnd
+
+Section "Register Nmap Path" SecRegisterPath
+  PUSH $INSTDIR
+  Call AddToPath
+SectionEnd
+
+
+Section "WinPcap 3.1" SecWinPcap
+  File winpcap_3_1.exe
+  Exec "$INSTDIR\WinPcap_3_1.exe"
+  Delete "$INSTDIR\Winpcap_3_1.exe"
+SectionEnd
+
+
+;--------------------------------
+;Descriptions
+
+  ;Component strings
+  LangString DESC_SecCore ${LANG_ENGLISH} "Installs Nmap executables and script files"
+  LangString DESC_SecRegisterPath ${LANG_ENGLISH} "Registers Nmap path to System path"
+  LangString DESC_SecWinPcap ${LANG_ENGLISH} "Installs WinPcap 3.1"
+
+  ;Assign language strings to sections
+  !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
+    !insertmacro MUI_DESCRIPTION_TEXT ${SecCore} $(DESC_SecCore)
+    !insertmacro MUI_DESCRIPTION_TEXT ${SecRegisterPath} $(DESC_SecRegisterPath)
+    !insertmacro MUI_DESCRIPTION_TEXT ${SecWinPcap} $(DESC_SecWinPcap)
+  !insertmacro MUI_FUNCTION_DESCRIPTION_END
+;--------------------------------
+;Uninstaller Section
+
+Section "Uninstall"
+
+  SetDetailsPrint textonly
+  DetailPrint "Uninstalling Files..."
+  SetDetailsPrint listonly
+
+  IfFileExists $INSTDIR\nmap.exe nmap_installed
+    MessageBox MB_YESNO "It does not appear that Nmap is installed in the directory '$INSTDIR'.$\r$\nContinue anyway (not recommended)?" IDYES nmap_installed
+    Abort "Uninstall aborted by user"
+  
+  nmap_installed:
+  Delete "$INSTDIR\CHANGELOG"
+  Delete "$INSTDIR\COPYING"
+  Delete "$INSTDIR\nmap-mac-prefixes"
+  Delete "$INSTDIR\nmap-os-fingerprints"
+  Delete "$INSTDIR\nmap-protocols"
+  Delete "$INSTDIR\nmap-rpc"
+  Delete "$INSTDIR\nmap-service-probes"
+  Delete "$INSTDIR\nmap-services"
+  Delete "$INSTDIR\nmap.exe"
+  Delete "$INSTDIR\nmap.xsl"
+  Delete "$INSTDIR\nmap_performance.reg"
+  Delete "$INSTDIR\README-WIN32"
+
+  Delete "$INSTDIR\Uninstall.exe"
+
+  RMDir /r $PROGRAMFILES\Nmap
+
+  SetDetailsPrint textonly
+  DetailPrint "Deleting Registry Keys..."
+  SetDetailsPrint listonly
+  DeleteRegKey /ifempty HKCU "Software\Nmap"
+
+  SetDetailsPrint textonly
+  DetailPrint "Unregistering Nmap Path..."
+  Push $INSTDIR
+  Call un.RemoveFromPath
+
+  SetDetailsPrint both
+SectionEnd
+

mswin32/winfix.cc

@@ -167,7 +167,9 @@ void win_init()
 
 
 	//   Try to initialize winpcap
+#ifdef _MSC_VER
 	__try
+#endif
 	{
 		ULONG len = sizeof(pcaplist);
 
@@ -175,17 +177,22 @@ void win_init()
 		if(o.debugging > 2) printf("***WinIP***  trying to initialize winpcap 3.1\n");
 		PacketGetAdapterNames(pcaplist, &len);
 
+#ifdef _MSC_VER
 		if(FAILED(__HrLoadAllImportsForDll("wpcap.dll")))
 		{
 			error("WARNING: your winpcap is too old to use.  Nmap may not function.\n");
 			pcap_avail = 0;
 		}
+#endif
 		if(o.debugging)
 			printf("Winpcap present, dynamic linked to: %s\n", pcap_lib_version());
-	} __except (1) {
+	}
+#ifdef _MSC_VER
+	__except (1) {
 			error("WARNING: Could not import all necessary WinPcap functions.  You may need to upgrade to version 3.1 or higher from http://www.winpcap.org.  Resorting to connect() mode -- Nmap may not function completely");
 		pcap_avail=0;
 		}
+#endif
 
 	o.isr00t = pcap_avail;
 	atexit(win_cleanup);

nmap.cc

@@ -256,6 +256,8 @@ int nmap_main(int argc, char *argv[]) {
       {"timing", required_argument, 0, 'T'},
       {"timing", no_argument, 0, 0},
       {"max_rtt_timeout", required_argument, 0, 0},
+      {"max-rtt-timeout", required_argument, 0, 0},
+      {"min_rtt_timeout", required_argument, 0, 0},
       {"min-rtt-timeout", required_argument, 0, 0},
       {"initial_rtt_timeout", required_argument, 0, 0},
       {"initial-rtt-timeout", required_argument, 0, 0},

nmap_winconfig.h

@@ -104,7 +104,7 @@
 #ifndef NMAP_WINCONFIG_H
 #define NMAP_WINCONFIG_H
 
-#define NMAP_VERSION "3.98BETA1"
+#define NMAP_VERSION "3.99"
 #define NMAP_NAME "Nmap"
 #define NMAP_URL "http://www.insecure.org/nmap"
 #define NMAP_PLATFORM "i686-pc-windows-windows"

scripts/Makefile

@@ -85,6 +85,7 @@ distro:
            pcap-include/pcap-bpf.h pcap-include/sched.h \
            pcap-include/Ntddpack.h pcap-include/tme.h \
            pcap-include/tcp_session.h pcap-include/pcap-int.h \
+           nsis/AddToPath.nsh nsis/Nmap.nsi \
            resource.h RPC/Rpc_cut.h winclude.h winfix.cc winfix.h \
            /usr/tmp/nmap-$(NMAP_VERSION)/mswin32
 	$(SHTOOL) mkdir /usr/tmp/nmap-$(NMAP_VERSION)/$(LIBPCAPDIR)

tty.cc

@@ -116,10 +116,12 @@
 #include <stdlib.h>
 
 #ifdef WIN32
+#include <conio.h>
+
 // We currently just have stub functions for Win32 that don't actually
 // do anything.  Any volunteers to add real support?
 void tty_init() { return; }
-bool keyWasPressed() { return false; }
+bool keyWasPressed() { return _kbhit(); }
 void tty_done() { return; }
 
 #else