Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: npcap uninstalled and all is well!

From: w.henze () avm de
Date: Mon, 25 Mar 2019 13:21:01 +0100
Hi Mike!

This is expected behaviour. Windows has 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001, 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002 and 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet.
CurrentControlSet is a link to either ControlSet001 or ControlSet002.
Programs create and delete registry entries through Windows API under 
CurrentControlSet.
It is under Windows' control when to create or copy or delete which of the 
ControlSet00x.
Further information: 
https://stackoverflow.com/questions/291519/how-does-currentcontrolset-differ-from-controlset001-and-controlset002

Mit freundlichen Grüßen/Best regards
Werner Henze

AVM Audiovisuelles Marketing und Computersysteme GmbH, Alt-Moabit 95, 
10559 Berlin
HRB 23075 AG Charlottenburg, Geschäftsführer (CEO): Johannes Nill



Von:    "Mike ." <dmciscobgp () hotmail com>
An:     "nmap-group" <dev () nmap org>
Datum:  21.03.2019 17:13
Betreff:        npcap uninstalled and all is well!
Gesendet von:   "dev" <dev-bounces () nmap org>



so another update with the nmap/library saga. we have success! i can use 
nmap at the libray for now (but i notice the filters are REALLY good here 
on the router). but it works and that is all i care about. but i did 
finally scrap npcap. that seemed to be the culprit. the minute i got rid 
of that we had no problems. i MIGHT install the lastest version, i have 
yet to have any luck with npcap EVER. but i must ask this to all you 
coders, esp windows. why when you make uninstall logs and creators do you 
ALWAYS leave behind services in the registry!? i dont care about shell 
bags and MUIs. i am talking about this as it relates to npcap > 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npcap]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,70,00,63,00,61,00,70,00,2e,00,73,00,79,00,73,00,00,00

(and no, rebooting doesnt delete this)


yes i know all it takes it a right click to the registry or even an sc 
delete, but why do your uninstalls not touch these? the other issue is 
they ALWAYS leave behind legacy drivers that are almost IMPOSSIBLE to 
uninstall even from the registry? why does one need elevated permissions 
to remove a ROOT/LEGACY_DEVICE? and why are they even needed? anyway, i 
will let you know if i have any more nmap issues

thanks
M|ke
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: