mailing list archives
Wireshark's WinPcap Detection
From: Rob Nicholls <robert () robnicholls co uk>
Date: Wed, 04 Nov 2009 16:15:31 +0000
I noticed that Wireshark's installer doesn't detect that WinPcap has
already been installed if I use the Nmap version of the WinPcap installer.
I grabbed Wireshark's source code and spotted that they're checking the
ReadRegStr $WINPCAP_NAME HKEY_LOCAL_MACHINE
ReadRegStr $WINPCAP_VERSION HKEY_LOCAL_MACHINE
They seem to be checking the "WinPcapInst registry" key for the version of
WinPcap. This is fine if people use the official installer, which creates
these keys, but not so good for a custom installer like ours (additionally,
we don't currently create the DisplayVersion value) that's using a
different key ("winpcap-nmap"). So the question is do we modify our
installer to create the same registry keys (and potentially step on their
toes)? Or do we assume that people installing tools like Wireshark will
either skip it because they know they already have WinPcap installed/let
the official installer prompt them for a force install over the top?
If we do decide to create the same keys as the official WinPcap installer,
it complicates our silent installer (but I can probably add another
registry value that still lets us identify our own installs).
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Wireshark's WinPcap Detection Rob Nicholls (Nov 04)