Nmap Development mailing list archives

Re: Unofficial WinPcap Installer Issue

From: "Gianluca Varenni" <gianluca.varenni () gmail com>
Date: Mon, 19 May 2008 12:59:56 -0700

The WinPcap installer uses the functions of the SCM to install the WinPcap 
driver. This is one of the ways to install a non PnP-enumerated driver.

If you try to install the driver by manually writing the registry keys in 
HKLM\System\CurrentControlSet\Services\<your service name>, the 
modifications are not effective until you reboot your machine. And worse, 
this approach might break in future versions of Windows. Those keys should 
not be touched manually.

Have a nice day
GV

----- Original Message ----- 
From: "jah" <jah () zadkiel plus com>
To: "Rob Nicholls" <robert () everythingeverything co uk>
Cc: "nmap-dev" <nmap-dev () insecure org>
Sent: Monday, May 19, 2008 12:46 PM
Subject: Re: Unofficial WinPcap Installer Issue

Hi,

This might help a bit.
I've had a look at the CACE installer for winpcap (using 7zip) and it
includes WinPcapInstall.dll  which exports a public method(?) called
manage_npf_driver(char *,char)
It seems that this function calls OpenSCManagerA and CreateServiceA to
create a service using the Service Control Manager.
Running sc query npf gives:

SERVICE_NAME: npf
       TYPE               : 1  KERNEL_DRIVER
       STATE              : 4  RUNNING
                               (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
       WIN32_EXIT_CODE    : 0  (0x0)
       SERVICE_EXIT_CODE  : 0  (0x0)
       CHECKPOINT         : 0x0
       WAIT_HINT          : 0x0
       PID                : 0
       FLAGS              :

So it looks like nmap's winpcap installer will have to do something like

sc create npf binpath= %windir%\system32\drivers\npf.sys type= kernel

start= may also be required, I'm not sure what the value would need to be.

then sc start npf should start the service.

Could be a step in the right direction.

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: nmap issue, (continued)
- - - Re: nmap issue Fyodor (May 16)
    - Message not available
    - Re: nmap issue Mike pattrick (May 16)
    - Re: nmap issue Brandon Enright (May 16)
    - Re: nmap issue Gianluca Varenni (May 16)
    - RE: nmap issue Rob Nicholls (May 17)
    - Re: nmap issue bensonk (May 17)
    - RE: nmap issue Rob Nicholls (May 17)
    - Re: nmap issue bensonk (May 17)
    - Unofficial WinPcap Installer Issue Rob Nicholls (May 19)
    - Re: Unofficial WinPcap Installer Issue jah (May 19)
    - Re: Unofficial WinPcap Installer Issue Gianluca Varenni (May 19)
    - RE: Unofficial WinPcap Installer Issue Rob Nicholls (May 19)
    - Silent Installation? Rob Nicholls (May 20)
    - Message not available
    - [PATCH] Windows Installer Improvements Rob Nicholls (May 21)
    - Message not available
    - Re: [PATCH] Windows Installer Improvements Rob Nicholls (May 21)
    - Message not available
    - Re: [PATCH] Windows Installer Improvements Rob Nicholls (May 21)
    - [PATCH] Windows Installer Improvements (Final) Rob Nicholls (May 22)
    - Re: [PATCH] Windows Installer Improvements (Final) Fyodor (May 28)
    - [PATCH] Various Installer Changes Rob Nicholls (May 28)
    - Re: [PATCH] Various Installer Changes David Fifield (May 28)
    - Re: [PATCH] Various Installer Changes Fyodor (Jun 10)

(Thread continues...)