Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Npcap 0.03 call for test

From: Yang Luo <hsluoyb () gmail com>
Date: Tue, 28 Jul 2015 13:48:53 +0800
Hi Tyson,

Thanks for these detailed tests. I really didn't test Npcap's compatibility
with other NDIS LWF softwares.I noticed that you used 6.3.9600.17736
(winblue_r9.150322-1500), it seems to be the latest Win 8.1 with Update 3,
so I have also updated my VM to latest version. Also I have installed
Microsoft Network Monitor 3.4 x64 on it. Before I installed NM 3.4, I have
Npcap 0.03 installed, and I got the BAD_POOL_CALLER BSoD. But after I
rebooted, it's difficult to reproduce it, even I reinstalled NM 3.4 many
times.

NM 3.4 used a LWF driver called nm3.sys, Npcap driver is also based on LWF.
But theoretically NDIS supports multiple LWFs and there should not be
problem between NM 3.4 and Npcap. Perhaps they are just some bugs on Npcap.
Whatever, the most difficult part is how to reproduce the BSoD, if I can
stably reproduce it, I can definitely fix it. It seems that you have
installed Npcap, NM 3.4, Win10Pcap, Nurago/Gacela software together. I will
try Win10Pcap later. Do you have a stable BSoD reproduce method for it?

BTW, "NPFInstall -r" isn't used in Npcap, and I don't think you can use it
to restart the driver.

If it is OK to share me with Nurago/Gacela software, I'd like to try it.

Cheers,
Yang


On Mon, Jul 27, 2015 at 11:53 PM, Tyson Key <tyson.key () gmail com> wrote:


Hi Yang,

Finally, after removing the Nurago Web Meter, and its Gacela LSP stack
(which is supposedly user-mode-only) (and upgrading VMware Player to 6.0.7,
from 6.0.4), running CCleaner again, and quickly starting Wireshark,
quitting it, and then restarting it, I am able to capture packets (14k, so
far) using NPCap (including from loopback).

I think I'll need to keep things running for a couple of hours, to see if
I have any other crashes - but since Gacela seems to be installed by a lot
of third-party software, it may be worth investigating this incompatibility.

If it helps, I can provide you with a copy of the Nurago/Gacela software,
for investigation. (Builds of this are personalised with a per-user ID,
prior to downloading from a UK/Germany-based Internet activity research
site, and it seems that the download server is currently offline).

Tyson.

2015-07-27 15:42 GMT+01:00 Tyson Key <tyson.key () gmail com>:


After rebooting from uninstalling MS NetMon, I restarted Wireshark, and
got the usual "NPF service not running; no interfaces available" note. This
persists, even if I try "NPFInstall -r", and Wireshark still claims that no
interfaces are available.

Eventually, after uninstalling NPCap, removing all of the loopback
interfaces, and running CCleaner to remove any residual registry data, and
then rebooting yet again, I could start Wireshark, and list the installed
interfaces - but unsurprisingly, a few moments later, I received another
BSoD.

If it helps, my Wireshark version is:

Version 1.99.8-492-g3f0f49d (v1.99.8rc0-492-g3f0f49d from master)

Copyright 1998-2015 Gerald Combs <gerald () wireshark org> and contributors.
License GPLv2+: GNU GPL version 2 or later <
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango
1.36.8, with
WinPcap (unknown), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with
c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with
MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 22 2015), with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with locale English_United
Kingdom.1252, with Npcap version 0.01 (packet.dll version 0.03), based on
WinPcap version 4.1.3 (packet.dll version 4.1.0.3001), based on libpcap
version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without
AirPcap.
AMD A6-5200 APU with Radeon(TM) HD Graphics     (with SSE4.2), with
5577MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 31101

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.

Other than NetMon (which I've removed), the only other things that I
think could be causing a conflict are either the VMware host-only
networking filters; the networking components included with whatever
Bluetooth stack Lenovo shipped; the massive pile of hacks installed by the
Gacela component of "Nurago Web Meter", or my Atheros WLAN drivers (which
caused Acrylic Wi-Fi's NDIS filters to crash, when I briefly had that
installed, a while ago).

In the meantime, I'm going to upgrade my VMware Player installation to
the latest version, and see if it includes newer networking components.

Tyson.

2015-07-27 14:46 GMT+01:00 Tyson Key <tyson.key () gmail com>:


Annoying, because Microsoft Network Monitor 3.4 is the only tool that
can capture 802.11 traffic in monitor mode even semi-reliably (although it
seems that the buffer gets full, and then it stops capturing, after about
30 minutes), with my Atheros WLAN adapter, under Windows - but it seems
that if I disable the NetMon 3.4 driver on the NPCap Loopback Interface, I
can then start Wireshark, and then capture for about a minute, before I
receive another BSoD:

==================================================
Dump File         : 072715-30015-01.dmp
Crash Time        : 27/07/2015 02:14:04 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`d9c696f2
Parameter 4       : ffffe000`fad2a488
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-30015-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 02:15:06 pm
==================================================

Usually, the NetMon, and WinPCap (and VMware passthrough) drivers can
safely co-exist on a machine, without issues - but having had bad
experiences with an "AppEx Networks Accelerator" (QoS) filter driver
causing blue-screens, in the past, I'm starting to suspect that only a few
filter drivers can safely hook the same points of the networking stack,
before they trample over each other...

As an experiment, I'm going to see what happens if I remove both the
NetMon driver, and the "Npcap Packet Driver (NPCAP)", and replace them with
"Win10Pcap Packet Capture Driver", despite using Windows 8.1, instead of
Windows 10:

I get prompted with "The file 'Win10Pcap.sys' on Win10Pcap Packet
Capture Driver Installation Disk is needed. Type the path where the file is
located, and then click OK", and the default search path is set to
"C:\Program Files (x86)\Win10Pcap\x64\drivers\win78". Unsurprisingly,
neither "C:\Program Files\Win10Pcap\x64\", nor "C:\Program Files
(x86)\Win10Pcap\x64\" exist - so I'll have to scrap that idea, and try just
reinstalling the regular NPCap driver, as a "service", using the .inf file
in "C:\Program Files\Npcap"..

Now, I get "The NPF driver isn't running.  You may have trouble
capturing or listing interfaces", when restarting Wireshark, but at least
it doesn't BSoD. I'll try rebooting, and see what happens...

2015-07-27 14:08 GMT+01:00 Tyson Key <tyson.key () gmail com>:


Hi Yang,

I just tried this version on my machine (after uninstalling WinPCap,
rebooting, installing NPCap, and then rebooting again), and it seems that
during starting Wireshark, I still receive the BAD_POOL_CALLER BSoD:

==================================================
Dump File         : 072715-38828-01.dmp
Crash Time        : 27/07/2015 01:55:12 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`00000000
Parameter 4       : ffffe000`53e2a9c8
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-38828-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 01:56:27 pm
==================================================

If it helps, here's the list of loaded drivers, and DLLs, at the time
of crashing:

dump_diskdump.sys fffff800`bd725000 fffff800`bd731000 0x0000c000
0x5215f8a2 22/08/2013 12:40:18 pm
dump_amd_sata.sys fffff800`bd731000 fffff800`bd74e000 0x0001d000
0x50b875ba 30/11/2012 10:00:42 am
dump_dumpfve.sys fffff800`bd74e000 fffff800`bd764000 0x00016000
0x530894b8 22/02/2014 01:14:48 pm
X5XSEx_Pr148.Sys fffff800`bec00000 fffff800`bec12000 0x00012000
0x501a77cf 02/08/2012 01:51:27 pm
ATMFD.DLL fffff960`00a65000 fffff960`00ac4000 0x0005f000 0x00000000 Adobe
Type Manager Windows NT OpenType/Type 1 Font Driver 5.1 Build 243 Adobe
Systems Incorporated C:\WINDOWS\system32\ATMFD.DLL
amd_sata.sys fffff800`bab68000 fffff800`bab85000 0x0001d000 0x50b875ba 30/11/2012
10:00:42 am AHCI 1.3 Device Driver AHCI 1.3 Device Driver 1.3.001.0068 Advanced
Micro Devices C:\WINDOWS\system32\drivers\amd_sata.sys
amd_xata.sys fffff800`babe3000 fffff800`babed000 0x0000a000 0x50b875be 30/11/2012
10:00:46 am Stor Filter Driver Stor Filter Driver 1.3.001.0068 Advanced
Micro Devices C:\WINDOWS\system32\drivers\amd_xata.sys
usbfilter.sys fffff800`bcbe6000 fffff800`bcbf7000 0x00011000 0x503d6ff0 29/08/2012
02:27:12 am AMD USB Filter Driver AMD USB Filter Driver 2.0.10.273
built by: WinDDK Advanced Micro Devices
C:\WINDOWS\system32\drivers\usbfilter.sys
AtihdW86.sys fffff800`bd2be000 fffff800`bd2d9000 0x0001b000 0x511d6100 14/02/2013
11:11:12 pm AMD HD Audio Driver AMD High Definition Audio Function
Driver 8.0.0.8811 Advanced Micro Devices
C:\WINDOWS\system32\drivers\AtihdW86.sys
atikmpag.sys fffff800`bbcec000 fffff800`bbd8b000 0x0009f000 0x52a58b19 09/12/2013
10:19:21 am AMD driver AMD multi-vendor Miniport Driver 8.14.01.6354 Advanced
Micro Devices, Inc. C:\WINDOWS\system32\drivers\atikmpag.sys
atikmdag.sys fffff800`bbe8b000 fffff800`bcb79000 0x00cee000 0x52a598df 09/12/2013
11:18:07 am ATI Radeon Family ATI Radeon Kernel Mode Driver
8.01.01.1360 Advanced Micro Devices, Inc.
C:\WINDOWS\system32\drivers\atikmdag.sys
AmdAS4.sys fffff800`bd1cf000 fffff800`bd1d8000 0x00009000 0x511370a9 07/02/2013
10:15:21 am Amd AS4 Device Driver AMD AS4 Driver 1.1.0.0017 Advanced
Micro Devices, INC. C:\WINDOWS\system32\drivers\AmdAS4.sys
CHDRT64.sys fffff800`bd4f7000 fffff800`bd6a0000 0x001a9000 0x512c4346 26/02/2013
06:08:22 am Conexant HDAudio Driver 64-bit High Definition Audio
Function Driver 8.64.49.0 built by: WinDDK Conexant Systems Inc.
C:\WINDOWS\system32\drivers\CHDRT64.sys
cbfs3.sys fffff800`bbc11000 fffff800`bbc64000 0x00053000 0x4cf3f857 29/11/2010
08:00:39 pm Callback File System (TM) Callback File System Driver 3,
1, 83, 205 EldoS Corporation C:\WINDOWS\system32\drivers\cbfs3.sys
GEARAspiWDM.sys fffff800`bcff8000 fffff800`bcffec00 0x00006c00
0x4fa2e2e1 03/05/2012 08:56:17 pm CD DVD Filter CD DVD Filter
2.02.03.00 GEAR Software Inc.
C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
npf.sys fffff800`bbbc1000 fffff800`bbbd2000 0x00011000 0x55b5ffcd 27/07/2015
10:54:21 am Npcap npf.sys (NT6 AMD64) Kernel Filter Driver 0.03 Insecure.Com
LLC. C:\WINDOWS\system32\drivers\npf.sys
AcpiVpc.sys fffff800`bd1a6000 fffff800`bd1bc000 0x00016000 0x4fb1aefd 15/05/2012
02:18:53 am Lenovo ACPI Virtual Power Controller Driver 6.1.2601.3 Lenovo
Corporation C:\WINDOWS\system32\drivers\AcpiVpc.sys
LhdX64.sys fffff800`bb25d000 fffff800`bb26b000 0x0000e000 0x4b4b3e92 11/01/2010
04:06:58 pm Disk Driver HD Disk Driver 1.10.0.1 Lenovo.
C:\WINDOWS\system32\drivers\LhdX64.sys
secdrv.SYS fffff800`bed93000 fffff800`bed9e000 0x0000b000 0x4508052e 13/09/2006
02:18:38 pm Macrovision SECURITY Driver Macrovision SECURITY Driver
4.03.086 Macrovision Corporation, Macrovision Europe Limited, and
Macrovision Japan and Asia K.K. C:\WINDOWS\system32\drivers\secdrv.SYS
ntoskrnl.exe ntoskrnl.exe+2a4ff2 fffff801`bc47b000 fffff801`bcc0f000
0x00794000 0x550f41a6 22/03/2015 11:26:46 pm Microsoft® Windows®
Operating System NT Kernel & System 6.3.9600.17736
(winblue_r9.150322-1500) Microsoft Corporation
C:\WINDOWS\system32\ntoskrnl.exe
hal.dll fffff801`bc40b000 fffff801`bc47b000 0x00070000 0x538bade8 01/06/2014
11:49:12 pm Microsoft® Windows® Operating System Hardware Abstraction
Layer DLL 6.3.9600.17196 (winblue_gdr.140601-1505) Microsoft
Corporation C:\WINDOWS\system32\hal.dll
kd.dll fffff801`bb54b000 fffff801`bb554000 0x00009000 0x5215f8bb 22/08/2013
12:40:43 pm Microsoft® Windows® Operating System Local Kernel Debugger 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\kd.dll
mcupdate_AuthenticAMD.dll fffff800`ba489000 fffff800`ba4a4000
0x0001b000 0x5216068e 22/08/2013 01:39:42 pm Microsoft® Windows®
Operating System AMD Microcode Update Library 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\mcupdate_AuthenticAMD.dll
werkernel.sys fffff800`ba4a4000 fffff800`ba4b2000 0x0000e000 0x5215f8a8 22/08/2013
12:40:24 pm Microsoft® Windows® Operating System Windows Error
Reporting Kernel Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\werkernel.sys
CLFS.SYS fffff800`ba4b2000 fffff800`ba514000 0x00062000 0x54f656f9 04/03/2015
01:51:05 am Microsoft® Windows® Operating System Common Log File
System Driver 6.3.9600.17719 (winblue_r9.150303-1500) Microsoft
Corporation C:\WINDOWS\system32\drivers\CLFS.SYS
tm.sys fffff800`ba514000 fffff800`ba536000 0x00022000 0x5215f875 22/08/2013
12:39:33 pm Microsoft® Windows® Operating System Kernel Transaction
Manager Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\tm.sys
PSHED.dll fffff800`ba536000 fffff800`ba54b000 0x00015000 0x52346b3f 14/09/2013
02:57:19 pm Microsoft® Windows® Operating System Platform Specific
Hardware Error Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\PSHED.dll
BOOTVID.dll fffff800`ba54b000 fffff800`ba555000 0x0000a000 0x5215f8aa 22/08/2013
12:40:26 pm Microsoft® Windows® Operating System VGA Boot Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\BOOTVID.dll
CI.dll fffff800`ba555000 fffff800`ba5dd000 0x00088000 0x548276b0 06/12/2014
04:23:28 am Microsoft® Windows® Operating System Code Integrity Module
(Test) 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\CI.dll
msrpc.sys fffff800`ba400000 fffff800`ba45d000 0x0005d000 0x5215f86a 22/08/2013
12:39:22 pm Microsoft® Windows® Operating System Kernel Remote
Procedure Call Provider 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\msrpc.sys
Wdf01000.sys fffff800`ba649000 fffff800`ba718000 0x000cf000 0x5215f850 22/08/2013
12:38:56 pm Microsoft® Windows® Operating System Kernel Mode Driver
Framework Runtime 1.13.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\Wdf01000.sys
WDFLDR.SYS fffff800`ba718000 fffff800`ba729000 0x00011000 0x5215f857 22/08/2013
12:39:03 pm Microsoft® Windows® Operating System Kernel Mode Driver
Framework Loader 1.13.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\WDFLDR.SYS
acpiex.sys fffff800`ba729000 fffff800`ba741000 0x00018000 0x5215f80b 22/08/2013
12:37:47 pm Microsoft® Windows® Operating System ACPIEx Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\acpiex.sys
WppRecorder.sys fffff800`ba741000 fffff800`ba74c000 0x0000b000
0x5215f87c 22/08/2013 12:39:40 pm Microsoft® Windows® Operating System WPP
Trace Recorder 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\WppRecorder.sys
ACPI.sys fffff800`ba74c000 fffff800`ba7d4000 0x00088000 0x54335e2e 07/10/2014
04:29:50 am Microsoft® Windows® Operating System ACPI Driver for NT 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\ACPI.sys
WMILIB.SYS fffff800`ba7d4000 fffff800`ba7de000 0x0000a000 0x5215f8a7 22/08/2013
12:40:23 pm Microsoft® Windows® Operating System WMILIB WMI support
library Dll 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\WMILIB.SYS
cng.sys fffff800`ba85b000 fffff800`ba8e6000 0x0008b000 0x55187b0d 29/03/2015
11:22:05 pm Microsoft® Windows® Operating System Kernel Cryptography,
Next Generation 6.3.9600.17785 (winblue_r10.150329-1500) Microsoft
Corporation C:\WINDOWS\system32\drivers\cng.sys
msisadrv.sys fffff800`ba8f4000 ffffd800`ba8fe000 0xffffe0000000a000
0x5215f857 22/08/2013 12:39:03 pm Microsoft® Windows® Operating System ISA
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\msisadrv.sys
pci.sys fffff800`ba8fe000 fffff800`ba946000 0x00048000 0x53d0f1d4 24/07/2014
12:45:24 pm Microsoft® Windows® Operating System NT Plug and Play PCI
Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\pci.sys
vdrvroot.sys fffff800`ba946000 fffff800`ba953000 0x0000d000 0x5215f849 22/08/2013
12:38:49 pm Microsoft® Windows® Operating System Virtual Drive Root
Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\vdrvroot.sys
pdc.sys fffff800`ba953000 fffff800`ba96f000 0x0001c000 0x5434c9f7 08/10/2014
06:21:59 am Microsoft® Windows® Operating System Power Dependency
Coordinator Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\pdc.sys
partmgr.sys fffff800`ba96f000 fffff800`ba987000 0x00018000 0x5434e912 08/10/2014
08:34:42 am Microsoft® Windows® Operating System Partition Management
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\partmgr.sys
spaceport.sys fffff800`ba987000 fffff800`ba9f0000 0x00069000 0x54505527 29/10/2014
03:47:03 am Microsoft® Windows® Operating System Storage Spaces Driver 6.3.9600.17415
(winblue_r4.141028-1500) Microsoft Corporation
C:\WINDOWS\system32\drivers\spaceport.sys
volmgr.sys fffff800`ba800000 fffff800`ba815000 0x00015000 0x5215f889 22/08/2013
12:39:53 pm Microsoft® Windows® Operating System Volume Manager Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\volmgr.sys
volmgrx.sys fffff800`baabf000 fffff800`bab1e000 0x0005f000 0x5215f8a7 22/08/2013
12:40:23 pm Microsoft® Windows® Operating System Volume Manager
Extension Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\volmgrx.sys
mountmgr.sys fffff800`bab4d000 fffff800`bab68000 0x0001b000 0x54333f58 07/10/2014
02:18:16 am Microsoft® Windows® Operating System Mount Point Manager 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\mountmgr.sys
storport.sys fffff800`bab85000 fffff800`babe3000 0x0005e000 0x5423822b 25/09/2014
03:47:07 am Microsoft® Windows® Operating System Microsoft Storage
Port Driver 6.3.9600.17383 (winblue_r4.140924-1541) Microsoft
Corporation C:\WINDOWS\system32\drivers\storport.sys
EhStorClass.sys fffff800`baa00000 fffff800`baa1a000 0x0001a000
0x5215f827 22/08/2013 12:38:15 pm Microsoft® Windows® Operating System Enhanced
Storage Class driver for IEEE 1667 devices 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\EhStorClass.sys
fltmgr.sys fffff800`baa1a000 fffff800`baa76000 0x0005c000 0x53fbf00c 26/08/2014
03:25:16 am Microsoft® Windows® Operating System Microsoft Filesystem
Filter Manager 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\fltmgr.sys
fileinfo.sys fffff800`baa76000 fffff800`baa8c000 0x00016000 0x53089456 22/02/2014
01:13:10 pm Microsoft® Windows® Operating System FileInfo Filter Driver 6.3.9600.17031
(winblue_gdr.140221-1952) Microsoft Corporation
C:\WINDOWS\system32\drivers\fileinfo.sys
Wof.sys fffff800`baa8c000 fffff800`baab7000 0x0002b000 0x53216bf1 13/03/2014
09:27:29 am Microsoft® Windows® Operating System Windows Overlay Filter 6.3.9600.17050
(winblue_gdr.140312-1703) Microsoft Corporation
C:\WINDOWS\system32\drivers\Wof.sys
WdFilter.sys fffff800`ba815000 ffffd800`ba858000 0xffffe00000043000
0x54cb5b0a 30/01/2015 11:20:58 am Microsoft Malware Protection Microsoft
antimalware file system filter driver 4.7.0205.0 Microsoft Corporation
C:\WINDOWS\system32\drivers\WdFilter.sys
Ntfs.sys fffff800`bac65000 fffff800`bae5f000 0x001fa000 0x54387b6b 11/10/2014
01:35:55 am Microsoft® Windows® Operating System NT File System Driver 6.3.9600.17031
(winblue_gdr.140221-1952) Microsoft Corporation
C:\WINDOWS\system32\drivers\Ntfs.sys
ksecdd.sys fffff800`bae5f000 fffff800`bae7b000 0x0001c000 0x54505548 29/10/2014
03:47:36 am Microsoft® Windows® Operating System Kernel Security
Support Provider Interface 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft
Corporation C:\WINDOWS\system32\drivers\ksecdd.sys
pcw.sys fffff800`bae7b000 fffff800`bae8b000 0x00010000 0x5215cfea 22/08/2013
09:46:34 am Microsoft® Windows® Operating System Performance Counters
for Windows Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\pcw.sys
Fs_Rec.sys fffff800`bae8b000 fffff800`bae96000 0x0000b000 0x5215cfe9 22/08/2013
09:46:33 am Microsoft® Windows® Operating System File System
Recognizer Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\Fs_Rec.sys
ndis.sys fffff800`bae96000 fffff800`bafad000 0x00117000 0x54d01043 03/02/2015
01:03:15 am Microsoft® Windows® Operating System Network Driver
Interface Specification (NDIS) 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\ndis.sys
NETIO.SYS fffff800`bb046000 fffff800`bb0be000 0x00078000 0x540ebbe6 09/09/2014
09:35:50 am Microsoft® Windows® Operating System Network I/O Subsystem 6.3.9600.17337
(winblue_r3.140908-1537) Microsoft Corporation
C:\WINDOWS\system32\drivers\NETIO.SYS
ksecpkg.sys fffff800`bb0be000 fffff800`bb0ef000 0x00031000 0x558e14bf 27/06/2015
04:13:03 am Microsoft® Windows® Operating System Kernel Security
Support Provider Interface Packages 6.3.9600.17918
(winblue_ltsb.150626-1534) Microsoft Corporation
C:\WINDOWS\system32\drivers\ksecpkg.sys
tcpip.sys fffff800`bb286000 fffff800`bb4f2000 0x0026c000 0x54505542 29/10/2014
03:47:30 am Microsoft® Windows® Operating System TCP/IP Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\tcpip.sys
fwpkclnt.sys fffff800`bb4f2000 fffff800`bb55e000 0x0006c000 0x545054f3 29/10/2014
03:46:11 am Microsoft® Windows® Operating System FWP/IPsec Kernel-Mode
API 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\fwpkclnt.sys
wfplwfs.sys fffff800`bb55e000 fffff800`bb583000 0x00025000 0x545054e1 29/10/2014
03:45:53 am Microsoft® Windows® Operating System WFP NDIS 6.30
Lightweight Filter Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\wfplwfs.sys
fvevol.sys fffff800`bb0ef000 fffff800`bb184000 0x00095000 0x534325db 07/04/2014
11:25:31 pm Microsoft® Windows® Operating System BitLocker Drive
Encryption Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft
Corporation C:\WINDOWS\system32\drivers\fvevol.sys
volsnap.sys fffff800`bb583000 fffff800`bb5d2000 0x0004f000 0x53a21598 18/06/2014
11:41:28 pm Microsoft® Windows® Operating System Volume Shadow Copy
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\volsnap.sys
rdyboost.sys fffff800`bb200000 fffff800`bb246000 0x00046000 0x53089474 22/02/2014
01:13:40 pm Microsoft® Windows® Operating System ReadyBoost Driver 6.3.9600.17031
(winblue_gdr.140221-1952) Microsoft Corporation
C:\WINDOWS\system32\drivers\rdyboost.sys
mup.sys fffff800`bb246000 fffff800`bb25d000 0x00017000 0x5215f8ac 22/08/2013
12:40:28 pm Microsoft® Windows® Operating System Multiple UNC Provider
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\mup.sys
intelpep.sys fffff800`bb26b000 fffff800`bb27a000 0x0000f000 0x5434e8d8 08/10/2014
08:33:44 am Microsoft® Windows® Operating System Intel Power Engine
Plugin 6.3.9600.17396 (winblue_r4.141007-2030) Microsoft Corporation
C:\WINDOWS\system32\drivers\intelpep.sys
disk.sys fffff800`bb5d2000 fffff800`bb5ee000 0x0001c000 0x5215f883 22/08/2013
12:39:47 pm Microsoft® Windows® Operating System PnP Disk Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\disk.sys
CLASSPNP.SYS fffff800`bb184000 fffffa46`bb1da000 0x0000024600056000
0x5434c9ff 08/10/2014 06:22:07 am Microsoft® Windows® Operating System SCSI
Class System Dll 6.3.9600.17396 (winblue_r4.141007-2030) Microsoft
Corporation C:\WINDOWS\system32\drivers\CLASSPNP.SYS
crashdmp.sys fffff800`bb1da000 ffffc800`bb1ef000 0xffffd00000015000
0x5215f893 22/08/2013 12:40:03 pm Microsoft® Windows® Operating System Crash
Dump Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\crashdmp.sys
cdrom.sys fffff800`bafad000 fffff800`bafdb000 0x0002e000 0x5215cfeb 22/08/2013
09:46:35 am Microsoft® Windows® Operating System SCSI CD-ROM Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\cdrom.sys
Null.SYS fffff800`bb27a000 fffff800`bb283000 0x00009000 0x5215f8a8 22/08/2013
12:40:24 pm Microsoft® Windows® Operating System NULL Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\Null.SYS
Beep.SYS fffff800`bb033000 fffff800`bb03b000 0x00008000 0x5215f8a8 22/08/2013
12:40:24 pm Microsoft® Windows® Operating System BEEP Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\Beep.SYS
BasicRender.sys fffff800`bb1ef000 fffff800`bb1fd000 0x0000e000
0x5308948a 22/02/2014 01:14:02 pm Microsoft® Windows® Operating System Microsoft
Basic Render Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft
Corporation C:\WINDOWS\system32\drivers\BasicRender.sys
dxgkrnl.sys fffff800`bb80e000 fffff800`bb98e000 0x00180000 0x54505515 29/10/2014
03:46:45 am Microsoft® Windows® Operating System DirectX Graphics
Kernel 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation
C:\WINDOWS\system32\drivers\dxgkrnl.sys
watchdog.sys fffff800`bb98e000 fffff800`bb9a0000 0x00012000 0x530894af 22/02/2014
01:14:39 pm Microsoft® Windows® Operating System Watchdog Driver 6.3.9600.17031
(winblue_gdr.140221-1952) Microsoft Corporation
C:\WINDOWS\system32\drivers\watchdog.sys
dxgmms1.sys fffff800`bac00000 fffff800`bac63000 0x00063000 0x54505506 29/10/2014
03:46:30 am Microsoft® Windows® Operating System DirectX Graphics MMS 6.3.9600.17415
(winblue_r4.141028-1500) Microsoft Corporation
C:\WINDOWS\system32\drivers\dxgmms1.sys
BasicDisplay.sys fffff800`bb9a0000 fffff800`bb9b2000 0x00012000
0x5215f873 22/08/2013 12:39:31 pm Microsoft® Windows® Operating System Microsoft
Basic Display Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\BasicDisplay.sys
Npfs.SYS fffff800`bb9b2000 fffff800`bb9c6000 0x00014000 0x5215f8a9 22/08/2013
12:40:25 pm Microsoft® Windows® Operating System NPFS Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\Npfs.SYS
Msfs.SYS fffff800`bb9c6000 fffff800`bb9d2000 0x0000c000 0x5215f8a8 22/08/2013
12:40:24 pm Microsoft® Windows® Operating System Mailslot driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\Msfs.SYS
tdx.sys fffff800`bb9d2000 fffff800`bb9f2000 0x00020000 0x5215f7c2 22/08/2013
12:36:34 pm Microsoft® Windows® Operating System TDI Translation Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\tdx.sys
TDI.SYS fffff800`bb9f2000 fffff800`bba00000 0x0000e000 0x5215f855 22/08/2013
12:39:01 pm Microsoft® Windows® Operating System TDI Wrapper 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\TDI.SYS
ws2ifsl.sys fffff800`bb800000 fffff800`bb80b000 0x0000b000 0x5215f893 22/08/2013
12:40:03 pm Microsoft® Windows® Operating System Winsock2 IFS Layer 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\ws2ifsl.sys
netbt.sys fffff800`bba92000 fffff800`bbade000 0x0004c000 0x5215f7dd 22/08/2013
12:37:01 pm Microsoft® Windows® Operating System MBT Transport driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\netbt.sys
afd.sys fffff800`bbade000 fffff800`bbb70000 0x00092000 0x5387f4e5 30/05/2014
04:03:01 am Microsoft® Windows® Operating System Ancillary Function
Driver for WinSock 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\afd.sys
pacer.sys fffff800`bbb70000 fffff800`bbb9a000 0x0002a000 0x545054ca 29/10/2014
03:45:30 am Microsoft® Windows® Operating System QoS Packet Scheduler 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\pacer.sys
vwififlt.sys fffff800`bbb9a000 fffff800`bbbb2000 0x00018000 0x53609ba2 30/04/2014
07:43:46 am Microsoft® Windows® Operating System Virtual WiFi Filter
Driver 6.3.9600.17111 (winblue_gdr.140429-1523) Microsoft Corporation
C:\WINDOWS\system32\drivers\vwififlt.sys
nm3.sys fffff800`bbbb2000 fffff800`bbbc1000 0x0000f000 0x4c102c5f 10/06/2010
01:05:51 am Microsoft Network Monitor 3 Driver Netmon -- NDIS 6.0
Monitoring Filter Driver 3.4.2350.0 Microsoft Corporation
C:\WINDOWS\system32\drivers\nm3.sys
netbios.sys fffff800`bbbd2000 fffff800`bbbe3000 0x00011000 0x5450553b 29/10/2014
03:47:23 am Microsoft® Windows® Operating System NetBIOS interface
driver 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation
C:\WINDOWS\system32\drivers\netbios.sys
rdbss.sys fffff800`bba00000 fffff800`bba70000 0x00070000 0x52affb72 17/12/2013
08:21:22 am Microsoft® Windows® Operating System Redirected Drive
Buffering SubSystem Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\rdbss.sys
wanarp.sys fffff800`bba70000 fffff800`bba89000 0x00019000 0x545054c2 29/10/2014
03:45:22 am Microsoft® Windows® Operating System MS Remote Access and
Routing ARP Driver 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft
Corporation C:\WINDOWS\system32\drivers\wanarp.sys
nsiproxy.sys fffff800`bbbe3000 fffff800`bbbf1000 0x0000e000 0x545054eb 29/10/2014
03:46:03 am Microsoft® Windows® Operating System NSI Proxy 6.3.9600.17415
(winblue_r4.141028-1500) Microsoft Corporation
C:\WINDOWS\system32\drivers\nsiproxy.sys
npsvctrig.sys fffff800`bbbf1000 fffff800`bbbfd000 0x0000c000 0x5215f82e 22/08/2013
12:38:22 pm Microsoft® Windows® Operating System Named pipe service
triggers 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\npsvctrig.sys
mssmbios.sys fffff800`bafdb000 fffff800`bafe7000 0x0000c000 0x5215f87d 22/08/2013
12:39:41 pm Microsoft® Windows® Operating System System Management
BIOS Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\mssmbios.sys
dfsc.sys fffff800`ba600000 fffff800`ba626000 0x00026000 0x53183e6a 06/03/2014
10:22:50 am Microsoft® Windows® Operating System DFS Namespace Client
Driver 6.3.9600.17041 (winblue_gdr.140305-1710) Microsoft Corporation
C:\WINDOWS\system32\drivers\dfsc.sys
ahcache.sys fffff800`bbc64000 fffff800`bbc7d000 0x00019000 0x550b7e3a 20/03/2015
02:56:10 am Microsoft® Windows® Operating System Application
Compatibility Cache 6.3.9600.17734 (winblue_r9.150319-1700) Microsoft
Corporation C:\WINDOWS\system32\drivers\ahcache.sys
loop.sys fffff800`bbc87000 fffff800`bbc91000 0x0000a000 0x5215f841 22/08/2013
12:38:41 pm Microsoft® Windows® Operating System Loopback Network
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\loop.sys
CompositeBus.sys fffff800`bbca3000 fffff800`bbcb2000 0x0000f000
0x5215f848 22/08/2013 12:38:48 pm Microsoft® Windows® Operating System Multi-Transport
Composite Bus Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\CompositeBus.sys
kdnic.sys fffff800`bbcb2000 fffff800`bbcbd000 0x0000b000 0x5215f832 22/08/2013
12:38:26 pm Microsoft Kernel Debugger Network Adapter (NDIS 6.20
Miniport) Microsoft Kernel Debugger Network Miniport 6.01.00.0000
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\kdnic.sys
umbus.sys fffff800`bbcbd000 fffff800`bbcce000 0x00011000 0x5215f853 22/08/2013
12:38:59 pm Microsoft® Windows® Operating System User-Mode Bus
Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\umbus.sys
amdppm.sys fffff800`bbcce000 00001780`bbcec000 0x00001f800001e000
0x5215cfea 22/08/2013 09:46:34 am Microsoft® Windows® Operating System Processor
Device Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\amdppm.sys
HDAudBus.sys fffff800`bcb79000 fffff800`bcb92000 0x00019000 0x53d0f1e3 24/07/2014
12:45:39 pm Microsoft® Windows® Operating System High Definition Audio
Bus Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\HDAudBus.sys
vwifibus.sys fffff800`bcc00000 fffff800`bcc0d000 0x0000d000 0x5215f854 22/08/2013
12:39:00 pm Microsoft® Windows® Operating System Virtual WiFi Bus
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\vwifibus.sys
USBXHCI.SYS fffff800`bcc0d000 fffff800`bcc62000 0x00055000 0x5527309b 10/04/2015
03:08:27 am Microsoft® Windows® Operating System USB XHCI Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\USBXHCI.SYS
ucx01000.sys fffff800`bcbb4000 fffff800`bcbe6000 0x00032000 0x54337387 07/10/2014
06:00:55 am Microsoft® Windows® Operating System USB Controller
Extension 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft
Corporation C:\WINDOWS\system32\drivers\ucx01000.sys
usbohci.sys fffff800`bcc62000 fffff800`bcc6f000 0x0000d000 0x5215f86f 22/08/2013
12:39:27 pm Microsoft® Windows® Operating System OHCI USB Miniport
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\usbohci.sys
USBPORT.SYS fffff800`bbe0e000 fffff800`bbe7d000 0x0006f000 0x53897701 31/05/2014
07:30:25 am Microsoft® Windows® Operating System USB 1.1 & 2.0 Port
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\USBPORT.SYS
usbehci.sys fffff800`bbd8b000 fffff800`bbda3000 0x00018000 0x538976e2 31/05/2014
07:29:54 am Microsoft® Windows® Operating System EHCI eUSB Miniport
Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\usbehci.sys
i8042prt.sys fffff800`bbda3000 fffff800`bbdc2000 0x0001f000 0x5458783e 04/11/2014
07:54:54 am Microsoft® Windows® Operating System i8042 Port Driver 6.3.9600.16384
(winblue_rtm.130821-1623) Microsoft Corporation
C:\WINDOWS\system32\drivers\i8042prt.sys
USBD.SYS fffff800`bd16d000 fffff800`bd179000 0x0000c000 0x53897735 31/05/2014
07:31:17 am Microsoft® Windows® Operating System Universal Serial Bus
Driver 6.3.9600.17195 (winblue_gdr.140530-1506) Microsoft Corporation
C:\WINDOWS\system32\drivers\USBD.SYS
kbdclass.sys fffff800`bd179000 fffff800`bd18b000 0x00012000 0x5458783e 04/11/2014
07:54:54 am Microsoft® Windows® Operating System Keyboard Class Driver 6.3.9600.16384
(winblue_rtm.130821-1623)
...

[クリップしたメッセージ]





--
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844





--
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844





--
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: