Re: npcap and logs

[食肉大灰兔V5 <hsluoyz () gmail com>]

Hi Mike,

> From your install log:

File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: error creating "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: error, user retry
File: error creating "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: error, user retry
File: error creating "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: error, user cancel
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: error creating "C:\Windows\system32\Npcap\WlanHelper.exe"
File: error, user cancel

This means that some files can't be copied to the System32\Npcap folder.
You can explore into that folder to see if NpcapHelper.exe and
WlanHelper.exe exists. If not, you need to figure out why. Like some kind
of anti-virus or security softwares. Maybe it's related with your issue.


Cheers,
Yang

On Fri, Aug 12, 2016 at 2:41 AM, Mike . <dmciscobgp () hotmail com> wrote:

> Yang
>
>
> same damn issues! and i am enclosing the log so you can look at it
> yourself because it leaves me baffled, this whole process. and i STILL
> notice that "identifying network" on my systray icon i told you about
> before. for whatever damn reason, a loopback WINDEVICE is NEVER created in
> ANY of these scenarios i have gone through. and i told you about the static
> vs dynamic setup i have. maybe it just doesn't work with non-DHCP
> configurations. frankly i've had it and can live without npcap
>
>
> Mike
>
>
> log:
>
>
>
> Call: 62
> IfFileExists: file "C:\npcap_install_options.txt" does not exist, jumping
> 76
> Call: 77
> Jump: 94
> Jump: 111
> Call: 115
> Jump: 205
> Call: 115
> Call: 115
> Call: 115
> Call: 115
> Call: 115
> Call: 115
> IfFileExists: file "C:\Program Files\Npcap\NPFInstall.exe" does not exist,
> jumping 400
> Call: 1064
> File: overwriteflag=0, allowskipfilesflag=2, name="C:\Windows\TEMP\nsx9AC3.
> tmp\modern-header.bmp"
> File: wrote 70976 to "C:\Windows\TEMP\nsx9AC3.tmp\modern-header.bmp"
> WriteINIStr: wrote [Field 1] State=1 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 410
> WriteINIStr: wrote [Field 2] State=1 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 419
> WriteINIStr: wrote [Field 3] State=0 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 429
> Jump: 432
> WriteINIStr: wrote [Field 4] State=0 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 441
> WriteINIStr: wrote [Field 5] State=0 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 450
> WriteINIStr: wrote [Field 6] State=0 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 459
> WriteINIStr: wrote [Field 7] State=0 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Jump: 472
> IfFileExists: file "C:\Windows\system32\wpcap.dll" exists, jumping 476
> WriteINIStr: wrote [Field 8] Text=Npcap detected you have installed
> WinPcap, in order to Install Npcap \r\nin WinPcap API-compatible Mode,
> WinPcap will be uninstalled first. in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> WriteINIStr: wrote [Field 7] State=0 in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> WriteINIStr: wrote [Field 7] Text=Install Npcap in WinPcap API-compatible
> Mode (WinPcap will be uninstalled) in C:\Windows\TEMP\nsx9AC3.tmp\
> options.ini
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=2, name="C:\Windows\TEMP\nsx9AC3.
> tmp\InstallOptions.dll"
> File: wrote 14848 to "C:\Windows\TEMP\nsx9AC3.tmp\InstallOptions.dll"
> Jump: 520
> Jump: 525
> Jump: 530
> Jump: 535
> Jump: 541
> New install of "Npcap 0.08 (beta)" to "C:\Program Files\Npcap"
> Section: "WinPcap"
> Call: 901
> Jump: 914
> detailprint: Stopping the npcap driver
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsx9AC3.
> tmp\nsExec.dll"
> File: wrote 6656 to "C:\Windows\TEMP\nsx9AC3.tmp\nsExec.dll"
> detailprint: Start setting system restore point: Before installation of
> Npcap 0.08
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=2, name="C:\Windows\TEMP\nsx9AC3.
> tmp\SysRestore.dll"
> File: wrote 5632 to "C:\Windows\TEMP\nsx9AC3.tmp\SysRestore.dll"
> detailprint: Error occured when starting setting system restore point,
> return value=|1058|
> Jump: 952
> Call: 621
> Jump: 632
> Jump: 634
> detailprint: Windows CurrentVersion: 6.1 (win7)
> Call: 0
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=2, name="C:\Windows\TEMP\nsx9AC3.
> tmp\System.dll"
> File: skipped: "C:\Windows\TEMP\nsx9AC3.tmp\System.dll" (overwriteflag=1)
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsx9AC3.
> tmp\System.dll"
> File: skipped: "C:\Windows\TEMP\nsx9AC3.tmp\System.dll" (overwriteflag=1)
> Call: 638
> CreateDirectory: "C:\Program Files\Npcap" (1)
> File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
> File: wrote 1164 to "C:\Program Files\Npcap\LICENSE"
> File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
> File: wrote 211776 to "C:\Program Files\Npcap\NPFInstall.exe"
> Call: 707
> CreateDirectory: "C:\Program Files\Npcap" (1)
> Jump: 734
> File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
> File: wrote 57128 to "C:\Program Files\Npcap\npcap.sys"
> File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
> File: wrote 5164 to "C:\Program Files\Npcap\npcap.inf"
> File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
> File: wrote 2402 to "C:\Program Files\Npcap\npcap_wfp.inf"
> File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wifi.inf"
> File: wrote 5176 to "C:\Program Files\Npcap\npcap_wifi.inf"
> File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
> File: wrote 10624 to "C:\Program Files\Npcap\npcap.cat"
> Jump: 753
> created uninstaller: 27001, "C:\Program Files\Npcap\uninstall.exe"
> detailprint: Installing NDIS6.x x86 driver for Vista, Win7, Win8 and Win10
> Call: 673
> Jump: 685
> CreateDirectory: "C:\Windows\system32\Npcap" (1)
> File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
> File: wrote 329536 to "C:\Windows\system32\Npcap\wpcap.dll"
> File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
> File: wrote 159040 to "C:\Windows\system32\Npcap\Packet.dll"
> File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
> File: error creating "C:\Windows\system32\Npcap\NpcapHelper.exe"
> File: error, user retry
> File: error creating "C:\Windows\system32\Npcap\NpcapHelper.exe"
> File: error, user retry
> File: error creating "C:\Windows\system32\Npcap\NpcapHelper.exe"
> File: error, user cancel
> File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
> File: error creating "C:\Windows\system32\Npcap\WlanHelper.exe"
> File: error, user cancel
> Call: 828
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap"
> "AdminOnly"="0x00000000"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="
> 0x00000000"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program
> Files\Npcap"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program
> Files\Npcap\uninstall.exe""
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program
> Files\Npcap\uninstall.exe" /S"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program
> Files\Npcap\uninstall.exe"
> Jump: 1031
> Exec: command=""C:\Program Files\Npcap\NPFInstall.exe" -n -il"
> Exec: success (""C:\Program Files\Npcap\NPFInstall.exe" -n -il")
> detailprint: Writting service options to registry
> Call: 871
> Jump: 880
> Call: 839
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "Start"="0x00000001"
> WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "LoopbackAdapter"="\Device\{AD34F1F9-C6BD-4972-BFF7-D6DF7530E953}"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "LoopbackSupport"="0x00000001"
> Jump: 847
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "DltNull"="0x00000000"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "AdminOnly"="0x00000000"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "Dot11Support"="0x00000000"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "VlanSupport"="0x00000000"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "WinPcapCompatible"="0x00000000"
> Call: 602
> Call: 799
> CreateDirectory: "C:\Windows\TEMP" (1)
> File: overwriteflag=0, allowskipfilesflag=2, name="Insecure.cer"
> File: wrote 1329 to "C:\Windows\TEMP\Insecure.cer"
> Exec: command="certutil -addstore "TrustedPublisher"
> "C:\Windows\TEMP\Insecure.cer""
> Exec: success ("certutil -addstore "TrustedPublisher"
> "C:\Windows\TEMP\Insecure.cer"")
> Exec: command=""C:\Program Files\Npcap\NPFInstall.exe" -n -c"
> Exec: success (""C:\Program Files\Npcap\NPFInstall.exe" -n -c")
> detailprint: The cache in driver store was cleared
> Exec: command=""C:\Program Files\Npcap\NPFInstall.exe" -n -iw"
> Exec: success (""C:\Program Files\Npcap\NPFInstall.exe" -n -iw")
> Exec: command=""C:\Program Files\Npcap\NPFInstall.exe" -n -i"
> Exec: success (""C:\Program Files\Npcap\NPFInstall.exe" -n -i")
> detailprint: The npcap service for Vista, Win7, Win8 and Win10 was
> successfully created
> Jump: 816
> Jump: 1039
> Call: 920
> Jump: 928
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap"
> "Start"="0x00000001"
> Call: 882
> Jump: 895
> detailprint: Starting the npcap driver
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsx9AC3.
> tmp\nsExec.dll"
> File: skipped: "C:\Windows\TEMP\nsx9AC3.tmp\nsExec.dll" (overwriteflag=1)
> Jump: 1044
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap 0.08"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="0.08"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="http://www.npcap.org";
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="http://www.npcap.org";
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="1"
> WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "InstalledBy"="Nmap"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001"
> WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001"
> DeleteRegKey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
> CurrentVersion\Uninstall\npcap-nmap"
> Jump: 38
> Call: 1064
> File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsx9AC3.
> tmp\InstallOptions.dll"
> File: skipped: "C:\Windows\TEMP\nsx9AC3.tmp\InstallOptions.dll"
> (overwriteflag=1)
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\final.ini")
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\InstallOptions.dll")
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\modern-header.bmp")
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\nsExec.dll")
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\options.ini")
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\SysRestore.dll")
> Delete: DeleteFile("C:\Windows\TEMP\nsx9AC3.tmp\System.dll")
> RMDir: RemoveDirectory("C:\Windows\TEMP\nsx9AC3.tmp\")
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/