Re: Npcap 0.01 call for test (2nd)

[Pascal Quantin <pascal.quantin () gmail com>]

Hi Yang,

2015-07-20 13:07 GMT+02:00 Yang Luo <hsluoyb () gmail com>:

> Hi Pascal,
>
>
> > I just gave a quick test to 0.1-r2 version on my Windows 10 virtual
> > machine.
> > - I uninstalled WinPcap and installed Npcap in Winpcap mode without
> > reboot. I got the same warning as Tyson regarding the upgrade of npf.sys
> > file, presumably because yours as version 0.1.0.710 against Winpcap that
> > uses version 4.1.0.2980. Maybe you should advice to reboot the PC after
> > uninstalling Winpcap.
>
> This is WinPcap's bug as it doesn't delete installed npf.sys file in
> system drivers directory. And Npcap's version 0.1.0.710 is smaller than
> WinPcap's 4.1.0.2980 as you said, so you can just choose overwrite the
> existed files, and I will advise this in next Npcap call for test.
>
>
> > - The loopback interface is still named 'Ethernet 2'. I run on Windows
> > 10.0.10240 with French local in case this matters.
>
> The version of Win10 I used before is 10102, so I just installed a Win10
> 10240 x64 Pro English (en_windows_10_pro_10240_x64_dvd.iso) on my virtual
> machine. I tried Npcap and the loopback interface was successfully renamed
> to "Npcap Loopback Adapter" (I mean the topmost name beside ncpa.cpl's
> icons). In fact, Npcap first uses "ver" command to decide whether it is run
> on a Win10 machine, if yes, Npcap will rename the adapter in the way only
> for Win10. When Npcap gets the "Microsoft Windows [Version 10.0.10240]"
> output string from "ver" command, it parses out the string after "Version "
> and before ".", so Npcap will get a "10", then Npcap thinks it is run on a
> Win10. GetVersionEx API doesn't work on Win10, so Npcap has to use this
> "not standard" way. But it should be reliable enough, as "ver" is a
> built-in command.

I gave another try to a second Win10 x64 French virtual machine and it was
not renamed either. The 'ver' command typed in a console does work like in
your picture.

For your information GetVersionEx API can work on Windows 10 (that's what
we use in Wireshark). But you need to embed a manifest in your application
indicating that Windows 10 is supported by adding its GUID (see
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=image/wireshark.exe.manifest.in;h=9a3f32c912aae5ec8f05266f4ac28f14446025a1;hb=refs/heads/master
that we use for Wireshark).


> [image: Inline image 1]
>
>
> > - After reboot, Wireshark could not see any interface. I doubled checked
> > the driver state and saw that it was stopped. Manually starting it with 'sc
> > npf start' command allowed Wireshark to see interfaces. After reboot the
> > service does not start automatically.
>
> I have already confirmed the bug that Npcap fails to start the driver when
> installation finishes. But it's weird for WIreshark to see no interfaces.
> Because as far as I know, Wireshark will try to start the npf service when
> it starts.

Yes that's what happens with WinPcap. The driver starts automatically when
calling p_pcap_findalldevs() from wpcap.dll but it does not seem to work
with Npcap.

Cheers,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe