Wireshark mailing list archives

Re: Npcap 0.01 call for test (2nd)

From: Yang Luo <hsluoyb () gmail com>
Date: Wed, 22 Jul 2015 12:45:21 +0800

Hi all,

I think I have completely solved the "System error 2" thing, this error is
because current Npcap uses WFP technique for handling loopback traffic and
WFP will cause the "System error 2" if it is started by OS from boot, so I
removed the "Automatically start the Npcap driver at boot time" support. As
now Wireshark or Nmap always try to start the service themselves. This
should be no big issue.

Use this latest installer:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.02.exe


Cheers,
Yang


On Mon, Jul 20, 2015 at 11:14 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:



2015-07-20 17:03 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com>:

2015-07-20 16:22 GMT+02:00 Yang Luo <hsluoyb () gmail com>:

Hi Pascal,

On Mon, Jul 20, 2015 at 8:36 PM, Pascal Quantin <
pascal.quantin () gmail com> wrote:

Hi Yang,

I gave another try to a second Win10 x64 French virtual machine and it
was not renamed either. The 'ver' command typed in a console does work like
in your picture.


This is so weird. I guess the only difference between our systems is the
language, and I don't think a UI language could lead to this diverging. It
has no other possibility but to be a bug for Windows beta. Maybe we should
set aside this issue and wait for Win10 RTM.


AFAIK 10240 is the candidate for RTM. Wait and see :)


For your information GetVersionEx API can work on Windows 10 (that's
what we use in Wireshark). But you need to embed a manifest in your
application indicating that Windows 10 is supported by adding its GUID (see
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=image/wireshark.exe.manifest.in;h=9a3f32c912aae5ec8f05266f4ac28f14446025a1;hb=refs/heads/master
that we use for Wireshark).

I saw this in MSDN too, but I don't know if this manifest way is the
ultimate solution even for Win10 RTM? If GetVersionEx API works on Win10
RTM without this special manifest, then I preferred not to add it.


This is mandatory (as it was mandatory for Windows 8.1 with its own GUID)
and I expect this to work in RTM (it has been working like this very long
time, even when Windows 10 was identifying itself as 6.4 and not 10). See
this Microsoft blog post for details:
http://blogs.msdn.com/b/chuckw/archive/2013/09/10/manifest-madness.aspx


Yes that's what happens with WinPcap. The driver starts automatically
when calling p_pcap_findalldevs() from wpcap.dll but it does not seem to
work with Npcap.


I tried to first stop the service using "net stop npf", then start
latest stable version Wireshark 64 bit (Version 1.12.6 (v1.12.6-0-gee1fce6
from master-1.12)) . I can see the interface list in fact. So I don't know
what's wrong here. I have modified the installer a little to start the
service when installation finishes. And make sure you checked
"Automatically start the Npcap driver at boot time" option in the last page
of installer.
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01-r2.exe


I was already checking this option box.


With this new installer (unfortunately still named r2 which is confusing
;) ), the service was running after installation and I can manually stop
and restart it. But after reboot it does not start and typing 'sc start
npf' now gives an error stating that the specified file cannot be found.


Regarding the automatic start of npf.sys service when calling
p_pcap_findalldevs() I realize that I was not launching Wireshark with
admin rights. With elevated privileges, it launches NPF if previously
manually stopped. Sorry for the confusion.

Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Npcap 0.01 call for test (2nd), (continued)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 18)
  - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 19)
    - Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
    - Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 21)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 25)

(Thread continues...)