Wireshark's WinPcap Detection

[Rob Nicholls <robert () robnicholls co uk>]

I noticed that Wireshark's installer doesn't detect that WinPcap has
already been installed if I use the Nmap version of the WinPcap installer.
I grabbed Wireshark's source code and spotted that they're checking the
following keys:

ReadRegStr $WINPCAP_NAME HKEY_LOCAL_MACHINE
"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst"
"DisplayName"
ReadRegStr $WINPCAP_VERSION HKEY_LOCAL_MACHINE
"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst"
"DisplayVersion"

They seem to be checking the "WinPcapInst registry" key for the version of
WinPcap. This is fine if people use the official installer, which creates
these keys, but not so good for a custom installer like ours (additionally,
we don't currently create the DisplayVersion value) that's using a
different key ("winpcap-nmap"). So the question is do we modify our
installer to create the same registry keys (and potentially step on their
toes)? Or do we assume that people installing tools like Wireshark will
either skip it because they know they already have WinPcap installed/let
the official installer prompt them for a force install over the top?

If we do decide to create the same keys as the official WinPcap installer,
it complicates our silent installer (but I can probably add another
registry value that still lets us identify our own installs).

Rob

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/