[PATCH] WinPcap Installer x64 Support

["Rob Nicholls" <robert () everythingeverything co uk>]

The official WinPcap setup file contains 3 npf.sys files if you open up
their exe using 7-zip:

 - npf.sys (NT5/6 x86) Kernel Driver (the one we already provide)
 - npf.sys (NT5/6 AMD64) Kernel Driver (the one we need to provide for x64
systems)
 - npf.sys (NT4) Kernel Driver (no one's mentioned the lack of NT4 support
so far, I'm not sure it's worth adding this to our installer?)

We need to check if we're on x64 and (at least temporarily) disable
Wow64FsRedirection. Without disabling the redirection we can't get the x64
version of npf.sys into the system32\drivers folder as it currently gets
redirected into the SysWOW64 folder. This has to be done using some Windows
API calls.

My patch installs the x64 (NT5/6 AMD64) version of npf.sys in a similar way
to how we install the Vista/2008 specific version of Packet.dll - I placed
the 39.5KB x64 version of npf.sys in a new folder at "mswin32\winpcap\x64",
which will need to be added to SVN along with this patch.
 
The code that registers the npf service (on XP and above) should continue to
work as sc.exe appears to be present on all x64 systems and npf.sys is still
in system32\drivers (this is presumably partly why 64-bit drivers end up in
the system32 folder).

So, overall, not too painful. It appears to work on Windows XP x64 (which
should be close enough to Windows Server 2003 x64 as it's the same codebase)
and Windows Server 2008 x64. It also still appears to work fine on my x86
clean install of XP Pro SP2.


Rob

Attachment: winpcap_x64_support.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org