Skip to content

Commit

Permalink
Rename the driver from "NPcap" to "Npcap".
Browse files Browse the repository at this point in the history
  • Loading branch information
hsluoyz committed Dec 29, 2015
1 parent 46818bf commit f397f85
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 23 deletions.
11 changes: 8 additions & 3 deletions Common/WpcapNames.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,12 @@
// - please do not use prefix names longer than 70 chars.
// - the following characters are surely accepted in the prefixes: "[A-Z][a-z][0-9]_-',"
//
#define NPF_DRIVER_NAME "NPCAP" ///< (HHH) Packet.dll
#define NPF_DRIVER_NAME_WIDECHAR L"NPCAP" ///< (HHH) Packet.dll
#define NPF_DRIVER_NAME "NPCAP" ///< (HHH) Packet.dll
#define NPF_DRIVER_NAME_WIDECHAR L"NPCAP" ///< (HHH) Packet.dll
#define NPF_DRIVER_NAME_SMALL "npcap" ///< (HHH) Packet.dll
#define NPF_DRIVER_NAME_SMALL_WIDECHAR L"npcap" ///< (HHH) Packet.dll
#define NPF_SOFT_REGISTRY_NAME "NPCAP" ///< (HHH) Packet.dll
#define NPF_SOFT_REGISTRY_NAME_WIDECHAR L"NPCAP" ///< (HHH) Packet.dll

//
// Derived strings
Expand All @@ -51,7 +55,8 @@
#define NPF_EVENTS_NAMES_WIDECHAR NPF_DRIVER_NAME_WIDECHAR ///< (BBB) used by the NPF driver, that does not accept the TEXT(a) macro correctly.
#define FAKE_NDISWAN_ADAPTER_NAME "\\Device\\" NPF_DRIVER_NAME "_GenericDialupAdapter" ///< (CCC) Name of a fake ndiswan adapter that is always available on 2000/XP/2003, used to capture NCP/LCP packets
#define FAKE_NDISWAN_ADAPTER_DESCRIPTION "Adapter for generic dialup and VPN capture" ///< (DDD) Description of a fake ndiswan adapter that is always available on 2000/XP/2003, used to capture NCP/LCP packets
#define NPF_SERVICE_DESC "WinPcap Packet Driver (" NPF_DRIVER_NAME ")" ///< (FFF) packet.dll
#define NPF_SERVICE_DESC "Npcap Packet Driver (" NPF_DRIVER_NAME ")" ///< (FFF) packet.dll
#define NPF_SERVICE_DESC_WIDECHAR L"Npcap Packet Driver (" NPF_DRIVER_NAME_WIDECHAR L")" ///< (FFF) packet.dll
#define NPF_DRIVER_COMPLETE_DEVICE_PREFIX "\\Device\\" NPF_DRIVER_NAME "_" ///< (III) packet.dll
#define NPF_DRIVER_COMPLETE_PATH "system32\\drivers\\" NPF_DRIVER_NAME ".sys" ///< (LLL) packet.dll

Expand Down
12 changes: 6 additions & 6 deletions packetWin7/npf/npf/Loopback.c
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,8 @@ _In_ const int iFlag
UINT conditionIndex;

filter.layerKey = *layerKey;
filter.displayData.name = L"Network NPcap Filter (Outbound)";
filter.displayData.description = L"NPcap inbound/outbound network traffic";
filter.displayData.name = L"Network Npcap Filter (Outbound)";
filter.displayData.description = L"Npcap inbound/outbound network traffic";

filter.action.calloutKey = *calloutKey;
filter.filterCondition = filterConditions;
Expand Down Expand Up @@ -507,8 +507,8 @@ FWPM_LAYER_OUTBOUND_IPPACKET_V4_DISCARD
}
calloutRegistered = TRUE;

displayData.name = L"NPcap Network Callout";
displayData.description = L"NPcap inbound/outbound network traffic";
displayData.name = L"Npcap Network Callout";
displayData.description = L"Npcap inbound/outbound network traffic";

mCallout.calloutKey = *calloutKey;
mCallout.displayData = displayData;
Expand Down Expand Up @@ -613,8 +613,8 @@ Callouts and filters will be removed during DriverUnload.
RtlZeroMemory(&NPFSubLayer, sizeof(FWPM_SUBLAYER));

NPFSubLayer.subLayerKey = NPF_SUBLAYER;
NPFSubLayer.displayData.name = L"NPcap Loopback Sub-Layer";
NPFSubLayer.displayData.description = L"Sub-Layer for use by NPcap Loopback callouts";
NPFSubLayer.displayData.name = L"Npcap Loopback Sub-Layer";
NPFSubLayer.displayData.description = L"Sub-Layer for use by Npcap Loopback callouts";
NPFSubLayer.flags = 0;
NPFSubLayer.weight = 0; // must be less than the weight of
// FWPM_SUBLAYER_UNIVERSAL to be
Expand Down
20 changes: 11 additions & 9 deletions packetWin7/npf/npf/Packet.c
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
#pragma NDIS_INIT_FUNCTION(DriverEntry)
#endif // ALLOC_PRAGMA

#define FILTER_UNIQUE_NAME L"{7daf2ac8-e9f6-4765-a842-f1f5d2501340}"

#if DBG
// Declare the global debug flag for this driver.
Expand All @@ -78,12 +79,13 @@ NDIS_STRING tcpLinkageKeyName = NDIS_STRING_CONST("\\Registry\\Machine\\System"
NDIS_STRING AdapterListKey = NDIS_STRING_CONST("\\Registry\\Machine\\System"
L"\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}");
NDIS_STRING bindValueName = NDIS_STRING_CONST("Bind");

#ifdef _X86_
NDIS_STRING g_NPcapSoftwareKey = NDIS_STRING_CONST("\\Registry\\Machine\\Software"
L"\\NPCAP");
NDIS_STRING g_NpcapSoftwareKey = NDIS_STRING_CONST("\\Registry\\Machine\\Software"
L"\\" NPF_SOFT_REGISTRY_NAME_WIDECHAR);
#else
NDIS_STRING g_NPcapSoftwareKey = NDIS_STRING_CONST("\\Registry\\Machine\\Software\\Wow6432Node"
L"\\NPCAP");
NDIS_STRING g_NpcapSoftwareKey = NDIS_STRING_CONST("\\Registry\\Machine\\Software\\Wow6432Node"
L"\\" NPF_SOFT_REGISTRY_NAME_WIDECHAR);
#endif
NDIS_STRING g_LoopbackAdapterName;

Expand Down Expand Up @@ -118,9 +120,9 @@ DriverEntry(
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars;
NTSTATUS Status = STATUS_SUCCESS;

NDIS_STRING FriendlyName = RTL_CONSTANT_STRING(L"WinPcap NDIS LightWeight Filter"); //display name
NDIS_STRING UniqueName = RTL_CONSTANT_STRING(L"{7daf2ac8-e9f6-4765-a842-f1f5d2501340}"); //unique name, quid name
NDIS_STRING ServiceName = RTL_CONSTANT_STRING(L"npcap"); //this to match the service name in the INF
NDIS_STRING FriendlyName = RTL_CONSTANT_STRING(NPF_SERVICE_DESC_WIDECHAR); //display name
NDIS_STRING UniqueName = RTL_CONSTANT_STRING(FILTER_UNIQUE_NAME); //unique name, quid name
NDIS_STRING ServiceName = RTL_CONSTANT_STRING(NPF_DRIVER_NAME_SMALL_WIDECHAR); //this to match the service name in the INF
WCHAR* bindT;
PKEY_VALUE_PARTIAL_INFORMATION tcpBindingsP;
UNICODE_STRING macName;
Expand Down Expand Up @@ -528,11 +530,11 @@ VOID

TRACE_ENTER();

InitializeObjectAttributes(&objAttrs, &g_NPcapSoftwareKey, OBJ_CASE_INSENSITIVE, NULL, NULL);
InitializeObjectAttributes(&objAttrs, &g_NpcapSoftwareKey, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenKey(&keyHandle, KEY_READ, &objAttrs);
if (!NT_SUCCESS(status))
{
IF_LOUD(DbgPrint("\n\nStatus of %x opening %ws\n", status, g_NPcapSoftwareKey.Buffer);)
IF_LOUD(DbgPrint("\n\nStatus of %x opening %ws\n", status, g_NpcapSoftwareKey.Buffer);)
}
else //OK
{
Expand Down
4 changes: 2 additions & 2 deletions packetWin7/npf/npf/Packet.h
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ extern NDIS_HANDLE FilterDriverObject;
#define NPF_ENABLE_LOOPBACK 2 ///< Tells the driver to capture the packets sent by itself.

// Admin only mode definition
//#define NPF_ADMIN_ONLY_MODE ///< Tells the driver to restrict its access only to Administrators. This is used to support "Admin-only Mode" for NPcap.
//#define NPF_ADMIN_ONLY_MODE ///< Tells the driver to restrict its access only to Administrators. This is used to support "Admin-only Mode" for Npcap.

/*!
\brief Header of a libpcap dump file.
Expand Down Expand Up @@ -776,7 +776,7 @@ getTcpBindings(


/*!
\brief read NPcap software's registry, get the loopback adapter's device name and then put the name into global variable: g_LoopbackAdapterName. This name will be check in NPF_CreateDevice() function.
\brief read Npcap software's registry, get the loopback adapter's device name and then put the name into global variable: g_LoopbackAdapterName. This name will be check in NPF_CreateDevice() function.
If NPF_GetLoopbackAdapterName() fails, g_LoopbackAdapterName will be NULL.
*/
Expand Down
6 changes: 3 additions & 3 deletions packetWin7/npf/npf/npcap.inf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
;-------------------------------------------------------------------------
; NPCAP.INF -- NPcap NDIS 6.x LightWeight Filter Driver
; NPCAP.INF -- Npcap NDIS 6.x LightWeight Filter Driver
;
; Copyright (c) 2015, Insecure.Com LLC. All rights reserved.
;------------------------------------------------------------------------
Expand Down Expand Up @@ -130,5 +130,5 @@ HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to defaul

[Strings]
Insecure = "Nmap Project"
NPF_Desc = "WinPcap Lightweight Filter Driver (NPCAP)"
NPF_HelpText = "A NDIS 6 kernel filter driver to support packet capturing under Windows 7, 8 & 10"
NPF_Desc = "Npcap Packet Driver (NPCAP)"
NPF_HelpText = "A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"

0 comments on commit f397f85

Please sign in to comment.