Re: Plan to make NPcap available for Wireshark

[Joerg Mayer <jmayer () loplof de>]

On Sat, Jul 04, 2015 at 10:26:13AM +0800, Yang Luo wrote:
> Given that current Wireshark can't make use of NPcap because of the DLL
> search path problem mentioned in
> https://www.wireshark.org/lists/wireshark-dev/201506/msg00030.html, I'd
> like to make a patch for Wireshark. As it is a security consideration that
> Wireshark don't want to search the DLLs in the Windows way. My plan is to
> explicitly add the NPcap path to Wireshark's DLL search logic. NPcap uses
> the "C:\Windows\System32\NPcap" and "C:\Windows\SysWow64\NPcap" to store
> its DLLs (WinPcap uses "C:\Windows\System32" and "C:\Windows\SysWow64"
> directly). As it is a sub directory of System32 folder. Its access control
> policy is the same with System32, and there should be no security problem I
> think. The second question is if WinPcap and NPcap are both available in a
> system, which will be loaded first? I'd like to hear your opinions:)

If I remember correctly (and I may easily be mistaken here), Winpcap doesn't
provide a mechanism to determine the library version at runtime. We need to
make sure we know which version of wpcap we are using (wireshark/tshark -v).

Thanks
    Joerg

-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe