Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Unofficial WinPcap Installer Issue
From: "Gianluca Varenni" <gianluca.varenni () gmail com>
Date: Mon, 19 May 2008 12:59:56 -0700

The WinPcap installer uses the functions of the SCM to install the WinPcap 
driver. This is one of the ways to install a non PnP-enumerated driver.

If you try to install the driver by manually writing the registry keys in 
HKLM\System\CurrentControlSet\Services\<your service name>, the 
modifications are not effective until you reboot your machine. And worse, 
this approach might break in future versions of Windows. Those keys should 
not be touched manually.

Have a nice day
GV

----- Original Message ----- 
From: "jah" <jah () zadkiel plus com>
To: "Rob Nicholls" <robert () everythingeverything co uk>
Cc: "nmap-dev" <nmap-dev () insecure org>
Sent: Monday, May 19, 2008 12:46 PM
Subject: Re: Unofficial WinPcap Installer Issue


Hi,

This might help a bit.
I've had a look at the CACE installer for winpcap (using 7zip) and it
includes WinPcapInstall.dll  which exports a public method(?) called
manage_npf_driver(char *,char)
It seems that this function calls OpenSCManagerA and CreateServiceA to
create a service using the Service Control Manager.
Running sc query npf gives:

SERVICE_NAME: npf
       TYPE               : 1  KERNEL_DRIVER
       STATE              : 4  RUNNING
                               (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
       WIN32_EXIT_CODE    : 0  (0x0)
       SERVICE_EXIT_CODE  : 0  (0x0)
       CHECKPOINT         : 0x0
       WAIT_HINT          : 0x0
       PID                : 0
       FLAGS              :

So it looks like nmap's winpcap installer will have to do something like

sc create npf binpath= %windir%\system32\drivers\npf.sys type= kernel

start= may also be required, I'm not sure what the value would need to be.

then sc start npf should start the service.

Could be a step in the right direction.

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault