Re: Npcap 0.03 call for test

[Yang Luo <hsluoyb () gmail com>]

Hi Pascal,

This issue is because some parts of Npcap have been migrated to MSVC2010,
however Win10 RTM lacks VC2010 redist package. I have changed to static
link the libs, and tested on my Win10 RTM. Latest installer that has this
bug fixed is:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.03-r5.exe
<https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.03-r5.exe>

Cheers,
Yang

On Thu, Aug 6, 2015 at 5:07 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:

> 2015-08-05 9:39 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
>
> > Hello Jim,
> >
> > On Tue, Aug 4, 2015 at 12:23 PM, Jim Young <jyoung () gsu edu> wrote:
> >
> > > Hello Yang,
> > >
> > > While testing Npcap 0.03-r3 I stumbled into one reproducible issue but I
> > > also triggered a crash (which I am currently unable to reproduce).
> > >
> > > The reproducible issue involves capturing on the Npcap loopback
> > > interface and
> > > then starting a cmd shell and pinging the loopback address as follows:
> > >
> > > ping -t -l 65500 127.0.0.1
> > >
> > > The first several ping requests and responses are seen and captured but
> > > after
> > > several seconds I started seeing "[Malformed Packets]" of length 14.  A
> > > pair of
> > > Malformed packets were seen each second.  When I stopped the ping, the
> > > Malformed
> > > Packets stopped.  I stopped and restarted Wireshark but the same thing
> > > happened.
> >
> > Thanks for test. I have confirmed and fixed this "Malformed Packets"
> > issue, this is because the packet read function *NPF_TapExForEachOpen*
> > didn't copy the 2nd MDL data if the data has crossed the buffer boundary.
> > Latest installer that has this bug fixed is:
> > https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.03-r4.exe
> > <https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.03-r4.exe>
> >
> >
> > > I then wanted to reboot the system to see if I could still replicate
> > > this Malformed
> > > Packet issue.
> > >
> > > After the system rebooted I double-clicked on the Wireshark icon but it
> > > did not
> > > immediately start.  I thought that I had not double-clicked on it
> > > properly so I
> > > double-clicked on the Wireshark icon a second time and then the system
> > > crashed
> > > with the following Bug Check Message:
> > >
> > > DRIVER_IRQL_NOT_LESS_OR_EQUAL
> >
> > This is still the *NdisFOidRequest* BSoD issue we talked about on this
> > list before, IMO this BSoD has nothing to do with the "Malformed Packets"
> > issue. The last way to fix it is to just disable the GetDeviceMTU call and
> > directly returns 1514 for MTU, so this issue should be got rid of, however
> > this is never a good way to fix a problem.
> Hi Yang,
>
> I tried to install this npcap-nmap-0.03-r4 release on 2 different Windows
> 10 x64 French virtual machines which are up to date (with KB3081424
> applied) and each time I get an error during a fresh installation of Npcap
> with the following popup:
> "Failed to create the npcap service for Win7 or Win8. Please try
> installing Npcap again, or use the official Npcap installer from
> www.nmap.org".
> I have no issue installing npcap-nmap-0.03 on the same machine. Did you
> change anything in the installer?
>
> Cheers,
> Pascal.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe