Nmap Development mailing list archives
Re: NPCAP Blue screen
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Fri, 4 Mar 2016 01:31:31 +0800
Hi Luff, Your attachment is exactly what I used. But I found out the issue based on [1, 2]. *Based on my research, I would like to answer you that the maximum number of network filter drivers in Windows 7 is 14. However, it is hard coded to allow 14 filter drivers. By default, the number is 8. To view the number or modify the number, please access the following registry key:* *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\MaxNumFilters* *Usually, the network filter drivers are listed in the Network Connection’s Properties. Also, it can be located by some third party programs, such as antivirus program.* I can install now. [1] http://answers.microsoft.com/en-us/windows/forum/all/why-does-my-virtual-pc-install-reverts-back-during/7e324092-090c-40e5-a5d2-0badad2c248b?auth=1 [2] http://www.experts-exchange.com/questions/27999067/WSUS-Update-failed-Windows-Virtual-PC.html Cheers, Yang On Thu, Mar 3, 2016 at 7:00 PM, Luff, Vince <vince.luff () anite com> wrote:
Hi Yang, Our IT department told me that they install KB958559-x86-Virtual PC.msu They gave me a copy (I’m not sure where they get this from). I’ve attached this file. I think email filters will block sending .msu files so I have zipped it as encrypted. The password is *yang* Regards, Vince *From:* Luff, Vince *Sent:* 02 March 2016 17:51 *To:* 'hsluoyz () gmail com' *Cc:* dev () nmap org; Piekarski, Pawel *Subject:* RE: NPCAP Blue screen Hi Yang, Sorry, I’m not sure. Maybe it’s because you are trying to install it on a virtual machine. In our PCs it’s running directly on Win7. I’ve asked our IT department if they use Windows6.1-KB958559-x86-RefreshPkg.msu. I’ll let you know when I get an answer. Regards, Vince *From:* 食肉大灰兔V5 [mailto:hsluoyz () gmail com <hsluoyz () gmail com>] *Sent:* 01 March 2016 05:39 *To:* Luff, Vince *Cc:* dev () nmap org; Piekarski, Pawel *Subject:* Re: NPCAP Blue screen Hi Luff, I have a Win7 x86 VMware VM on my Win10. I think I needed to use the Windows6.1-KB958559-x86-RefreshPkg.msu to install Virtual PC on this Win7 VM. But I failed the installation: *Failure configuring Windows updates* *Reverting changes.* *Do not turn off your computer.* Do you have any idea why? Cheers, Yang On Mon, Feb 29, 2016 at 8:59 PM, Luff, Vince <vince.luff () anite com> wrote: Hi, In the Virtual PC settings, I assign one of the adaptors to be the “Microsoft Loopback Adaptor”. This adaptor is then used to create a TCP connection between the Win7 machine and the NetBSD OS running on the virtual machine. Please let me know if I have not answered your question fully. Regards, Vince *From:* 食肉大灰兔V5 [mailto:hsluoyz () gmail com] *Sent:* 29 February 2016 12:53 *To:* Luff, Vince *Cc:* dev () nmap org; Piekarski, Pawel *Subject:* Re: NPCAP Blue screen Hi Luff, I think your code simply create a loopback adapter using "devcon.exe install Inf\\Netloop.inf *msloop" command. But what do you mean by "Microsoft Loopback Adapter which is used for a virtual machine" in your first post? How to connect this loopback adapter with your Virtual PC VM? The second issue is fixed in the latest Npcap 0.05 R16: https://github.com/nmap/npcap/releases Cheers, Yang On Mon, Feb 29, 2016 at 7:56 PM, Luff, Vince <vince.luff () anite com> wrote: Hi Yang, Thank you for the bug fix. When will this be in a release? I am using Windows Virtual PC, 32 bit from Microsoft: https://www.microsoft.com/en-gb/download/details.aspx?id=3702 We install the Microsoft Loopback Adaptor as follows: public bool InstallNewMsLoopBackAdpt() { bool retVal = true; if (!File.Exists(Constants.File_DevconFile)) // File_DevconFile points to Devcon.exe ( https://msdn.microsoft.com/en-us/library/windows/hardware/ff544707(v=vs.85).aspx ) { DebugLog.WriteLine("ERROR : Installation files not copied properly", true); return false; } /// string IniFilePath = Environment.GetFolderPath(Environment. SpecialFolder.Windows); IniFilePath = Path.Combine(IniFilePath, "Inf\\Netloop.inf"); string parameter = "install " + IniFilePath + " *MSLOOP"; string resp = ConsoleCmd.run(Constants.File_DevconFile, parameter, 2); if (!resp.Contains("Drivers updated successfully")) { DebugLog.WriteLine("ERROR : Failed to create loop back NIC ", true); return false; } return retVal; } Regards, Vince *From:* 食肉大灰兔V5 [mailto:hsluoyz () gmail com] *Sent:* 28 February 2016 15:31 *To:* Luff, Vince *Cc:* dev () nmap org; Piekarski, Pawel *Subject:* Re: NPCAP Blue screen Hi Luff, Using reverse engineering technique, I'm able to analyze those dump files now. The 1st dump file is a KERNEL_MODE_EXCEPTION_NOT_HANDLED_M BSoD. It's caused by the NdisFOidRequest call in NPF_GetDeviceMTU function of Openclos.c. This is a known issue. I posted a question in stackoverflow: http://stackoverflow.com/questions/31869373/get-system-service-exception-bluescreen-when-starting-wireshark-on-win10-vmware. But still no answers. I want to know which virtual machine software you are using. VMware Workstation or VirtualBox, and its version? What are the exact steps you used to bind a Microsoft Loopback Adapter to your virtual machine? I know that virtualization softwares usually create some adapters for networking. But I didn't know that they can use Microsoft Loopback Adapter? The 2nd and 3rd dump files points to the same issue, which is caused by a illegal memory read bug in the driver. I have fixed this bug in: https://github.com/nmap/npcap/commit/eafa222e8367024c96c6c17fb7f6db9a25658863 . Cheers, Yang On Sun, Feb 28, 2016 at 6:34 PM, 食肉大灰兔V5 <hsluoyz () gmail com> wrote: Hi Luff, First thanks for the report! Unfortunately Npcap has updated to VS2015 Update1, WDK 10 10586 and SDK 10 10586 since version 0.05 R11. Versions prior to 0.05 R11 needs to be built with the legacy WDK 10 10240 and SDK 10 10240, which I both already uninstalled (and I don't have those installers kept). Currently Microsoft only has the link to the latest WDK and SDK (which is 10586). So it's impossible for me to recompile that version's binaries for now. So without those built debug symbols I can't analyze the cause of the BSoD. So I wonder would you mind to reproduce the BSoD in a recent Npcap version? The latest 0.05 R14 is best. But a version not prior than 0.05 R11 is also OK. Thanks! Cheers, Yang On Tue, Feb 23, 2016 at 5:57 PM, Luff, Vince <vince.luff () anite com> wrote: Hello, I am using Npcap on Windows7 32bit SP1, and have seen a blue screen 3 times over the past month. I’ve attached the .dmp files: *Date of crash* *NPCAP version * *DMP file* *Suspected file* 29 Jan 0.05 r3 012916-15038-01.dmp npf.sys 4 Feb 0.05 r3 020416-15428-01.dmp npf.sys 10 Feb 0.05 r10 curr021016-18252-01.dmp npcap.sys When these crashes happened I was tracing two adaptors simultaneously using tshark. One of them was a Microsoft Loopback Adapter which is used for a virtual machine. Since I got the third crash I disabled tracing on the Microsoft Loopback Adapter and have not had a blue screen since. Please let me know if I should provide more information. By the way, I work for telecoms company Anite Telecoms in the UK. Regards, Vince Luff. Please refer to www.anite.com for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast <http://www.mimecast.co.uk>. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ Scanned for viruses by Mimecast <http://www.mimecast.co.uk/>. Please refer to www.anite.com for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast <http://www.mimecast.co.uk>. Scanned for viruses by Mimecast <http://www.mimecast.co.uk/>. Please refer to www.anite.com for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast <http://www.mimecast.co.uk>. Scanned for viruses by Mimecast <http://www.mimecast.co.uk/>. Please refer to www.anite.com for individual Anite company details. The contents of this e-mail and any attachments are for the intended recipient only. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege. Contracts cannot be concluded with us nor legal service effected by email. Anite Ltd. Registered in England No.1798114 Registered Office: Ancells Business Park Fleet Hampshire GU51 2UZ United Kingdom VAT Registration No. GB 787 418187 Scanned for viruses by Mimecast <http://www.mimecast.co.uk>.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NPCAP Blue screen Luff, Vince (Feb 25)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)
- RE: NPCAP Blue screen Luff, Vince (Feb 29)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 29)
- RE: NPCAP Blue screen Luff, Vince (Feb 29)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 29)
- Message not available
- Re: NPCAP Blue screen 食肉大灰兔V5 (Mar 03)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)
- Re: NPCAP Blue screen 食肉大灰兔V5 (Feb 28)