Wireshark mailing list archives
Re: hope to support NPcap by improving WinPcap's DLL searching logic
From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Wed, 10 Jun 2015 16:43:30 +0200
On Wed, Jun 10, 2015 at 4:34 PM, Pascal Quantin <pascal.quantin () gmail com> wrote:
2015-06-05 19:24 GMT+02:00 Yang Luo <hsluoyb () gmail com>:Hi list, I'm developing NPcap, an alternative to original WinPcap but with more features like NDIS 6 support and others. NPcap is supposed to support Nmap, Wireshark and so on just like WinPcap did and follow the same DLL interface with WinPcap. NPcap can coexist with WinPcap, so we decide to install NPcap's DLLs (also wpcap.dll and packet.dll) to another directory than system32 (which is used by WinPcap) and let PATH environment variable point to it. However, after I did some research I found that Wireshark seems to search wpcap.dll only in 1) its installation folder; 2) system32. As it is, NPcap's DLLs can't be found by Wireshark. I wonder if Wireshark could just use LoadLibrary() to load wpcap.dll without specifying its path? So that Windows DLL loader could automatically target NPcap's wpcap.dll by searching PATH when WinPcap is unavailable. And then the end user will have another choice besides WinPcap when using Wireshark. Thanks! NPcap is currently hosted at github as belows for your information: https://github.com/nmap/npcapHi Yang, thanks for resurrecting WinPcap development and for the efforts you have already put during your previous GSoC for porting the code from NDIS5 to NDIS6. The switch from LoadLibrary() to ws_load_library() helper was done on purpose by Gerald in 2010: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=607b228df6f1f754bf9bda6cfa21563913b1e7ff I was not much involved in Wireshark development by that time (only contributing to a few dissectors) so I do not know what was the intent of this change, or the issue it was solving. Gerald, do you remember why you purposely restricted the dll search path to Wireshark installation and system directory? Hi Pascal,
To fast ! (i have start to write my e-mail...) It is for security stuff, for avoid "DLL Hijacking" ( https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133 ) Regards,
Best regards, Pascal. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- hope to support NPcap by improving WinPcap's DLL searching logic Yang Luo (Jun 05)
- Re: hope to support NPcap by improving WinPcap's DLL searching logic Pascal Quantin (Jun 10)
- Re: hope to support NPcap by improving WinPcap's DLL searching logic Alexis La Goutte (Jun 10)
- Re: hope to support NPcap by improving WinPcap's DLL searching logic Gerald Combs (Jun 10)
- Re: hope to support NPcap by improving WinPcap's DLL searching logic Alexis La Goutte (Jun 10)
- Re: hope to support NPcap by improving WinPcap's DLL searching logic Pascal Quantin (Jun 10)