Switch service registry options to Parameters subkey

Nonstandard registry values in the service's registry key get wiped out
by Windows updates like the Creators Update. They should be kept in the
Parameters subkey instead; and now they are.

See nmap/nmap#906

docs/npcap-guide.xml

@@ -195,7 +195,7 @@ StrCpy $inst_ver "$R2.$R3.$R4.$R5"
 
     <para>
       You can check the installation options of an already installed Npcap by reading the registry
-      key: <filename>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap</filename>.
+      key: <filename>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters</filename>.
       The entries like <filename>AdminOnly</filename>,
       <filename>Loopback</filename>, <filename>DltNull</filename>,<filename>Dot11Support</filename>,
       <filename>VlanSupport</filename>, <filename>WinPcapCompatible</filename>, etc. show the installation options.
@@ -375,7 +375,7 @@ printf("%s", pcap_version);
 
   <itemizedlist>
   <listitem><para>Detect Npcap Loopback Adapter's presence, by reading registry value Loopback
-  at key <filename>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap</filename>.
+  at key <filename>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters</filename>.
   If <filename>LoopbackSupport</filename> is 0x00000001, then the adapter's device name is in the <filename>LoopbackAdapter</filename> REG_SZ value.
   Then perform the following steps.</para></listitem>
 

installer/DiagReport.ps1

@@ -46,11 +46,6 @@ function get_os_bit()
     return (Get-WmiObject Win32_OperatingSystem).OSArchitecture
 }
 
-function get_winpcap_mode()
-{
-    return (Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\npcap).GetValue("WinPcapCompatible")
-}
-
 function get_install_path()
 {
     if ($os_bit -eq "32-bit")
@@ -64,7 +59,6 @@ function get_install_path()
 }
 
 $os_bit = get_os_bit
-$winpcap_mode = get_winpcap_mode
 $install_path = get_install_path
 
 
@@ -195,16 +189,22 @@ else
 
 write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap:")
 (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
+write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters:")
+(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
 write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi:")
 (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
-
-if ($winpcap_mode -eq 1)
-{
-    write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf:")
-    (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
-    write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:")
-    (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
-}
+write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi\Parameters:")
+(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
+
+# WinPcap registry items
+write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf:")
+(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
+write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters:")
+(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
+write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:")
+(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
+write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi\Parameters:")
+(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' })
 
 #########################################################
 write_report ("`n")
@@ -214,10 +214,7 @@ write_report ("*************************************************")
 
 Get-Service npcap
 
-if ($winpcap_mode)
-{
-    Get-Service npf
-}
+Get-Service npf
 
 #########################################################
 write_report ("`n")
@@ -232,4 +229,4 @@ write_report ("Please refer to: $install_path\install.log")
 # ) >> $report_file_name
 ) 2>&1 >> $report_file_name
 
-notepad $report_file_name
+notepad $report_file_name

packetWin7/NPFInstall/NPFInstall/LoopbackRecord.cpp

@@ -344,7 +344,7 @@ BOOL AddFlagToRegistry_Service(tstring strDeviceName)
 {
 	TRACE_ENTER();
 	TRACE_EXIT();
-	return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME, NPCAP_REG_LOOPBACK_VALUE_NAME, tstring(_T("\\Device\\") + strDeviceName).c_str(), KEY_WRITE);
+	return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME _T("\\Parameters"), NPCAP_REG_LOOPBACK_VALUE_NAME, tstring(_T("\\Device\\") + strDeviceName).c_str(), KEY_WRITE);
 }
 
 BOOL RecordLoopbackDevice(int iNpcapAdapterID)

packetWin7/NPFInstall/NPFInstall/WlanRecord.cpp

@@ -293,7 +293,7 @@ BOOL AddFlagToRegistry_Dot11Adapters(LPCTSTR strDeviceName)
 {
 	TRACE_ENTER();
 	TRACE_EXIT();
-	return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME, NPCAP_REG_DOT11_VALUE_NAME, strDeviceName, KEY_WRITE);
+	return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME _T("\\Parameters"), NPCAP_REG_DOT11_VALUE_NAME, strDeviceName, KEY_WRITE);
 }
 
 BOOL writeWlanAdapterGuidsToRegistry()

packetWin7/npf/npf/Packet.c

@@ -242,6 +242,7 @@ DriverEntry(
 {
 	NDIS_FILTER_DRIVER_CHARACTERISTICS FChars; // The specification for the filter.
 	NDIS_FILTER_DRIVER_CHARACTERISTICS FChars_WiFi; // The specification for the WiFi filter.
+	UNICODE_STRING parametersPath;
 	NTSTATUS Status = STATUS_SUCCESS;
 
 	// Use NonPaged Pool instead of No-Execute (NX) Nonpaged Pool for Win8 and later, this is for security purpose.
@@ -264,38 +265,53 @@ DriverEntry(
 	PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
 	TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "OS Version: %d.%d\n", OsMajorVersion, OsMinorVersion);
 
-	// Get the AdminOnly option, if AdminOnly=1, devices will be created with the safe SDDL, to make sure only Administrators can use Npcap driver.
-	// If the registry key doesn't exist, we view it as AdminOnly=0, so no protect to the driver access.
-	g_AdminOnlyMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_AdminOnlyRegValueName);
-	// Get the DltNull option, if DltNull=1, loopback traffic will be DLT_NULL/DLT_LOOP style, including captured and sent packets.
-	// If the registry key doesn't exist, we view it as DltNull=0, so loopback traffic are Ethernet packets.
-	g_DltNullMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_DltNullRegValueName);
-	// Get the Dot11Support option, if Dot11Support=1, Npcap driver will enable the raw 802.11 functions.
-	// If the registry key doesn't exist, we view it as Dot11Support=1, so has raw 802.11 support.
-	g_Dot11SupportMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_Dot11SupportRegValueName);
-	// Get the VlanSupport option, if VlanSupport=1, Npcap driver will try to recognize 802.1Q VLAN tag when capturing and sending data.
-	// If the registry key doesn't exist, we view it as VlanSupport=0, so no VLAN support.
-	g_VlanSupportMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_VlanSupportRegValueName);
-	// Get the TimestampMode option. The meanings of its values is described in time_calls.h.
-	// If the registry key doesn't exist, we view it as TimestampMode=0, so the default "QueryPerformanceCounter" timestamp gathering method.
-	g_TimestampMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_TimestampRegValueName);
+	RtlInitUnicodeString(&parametersPath, NULL);
+	parametersPath.MaximumLength=RegistryPath->Length+wcslen(L"\\Parameters")*sizeof(WCHAR)+sizeof(UNICODE_NULL);
+	parametersPath.Buffer=ExAllocatePool(PagedPool, parametersPath.MaximumLength);
+	if (!parametersPath.Buffer) {
+		return STATUS_INSUFFICIENT_RESOURCES;
+	}
+	RtlZeroMemory(parametersPath.Buffer, parametersPath.MaximumLength);
+	RtlCopyUnicodeString(&parametersPath, RegistryPath);
+	RtlAppendUnicodeToString(&parametersPath, L"\\Parameters");
+
+	Status = RtlCheckRegistryKey(RTL_REGISTRY_ABSOLUTE,
+			parametersPath.Buffer);
+	if (NT_SUCCESS(Status)) {
+		// Get the AdminOnly option, if AdminOnly=1, devices will be created with the safe SDDL, to make sure only Administrators can use Npcap driver.
+		// If the registry key doesn't exist, we view it as AdminOnly=0, so no protect to the driver access.
+		g_AdminOnlyMode = NPF_GetRegistryOption_Integer(&parametersPath, &g_AdminOnlyRegValueName);
+		// Get the DltNull option, if DltNull=1, loopback traffic will be DLT_NULL/DLT_LOOP style, including captured and sent packets.
+		// If the registry key doesn't exist, we view it as DltNull=0, so loopback traffic are Ethernet packets.
+		g_DltNullMode = NPF_GetRegistryOption_Integer(&parametersPath, &g_DltNullRegValueName);
+		// Get the Dot11Support option, if Dot11Support=1, Npcap driver will enable the raw 802.11 functions.
+		// If the registry key doesn't exist, we view it as Dot11Support=1, so has raw 802.11 support.
+		g_Dot11SupportMode = NPF_GetRegistryOption_Integer(&parametersPath, &g_Dot11SupportRegValueName);
+		// Get the VlanSupport option, if VlanSupport=1, Npcap driver will try to recognize 802.1Q VLAN tag when capturing and sending data.
+		// If the registry key doesn't exist, we view it as VlanSupport=0, so no VLAN support.
+		g_VlanSupportMode = NPF_GetRegistryOption_Integer(&parametersPath, &g_VlanSupportRegValueName);
+		// Get the TimestampMode option. The meanings of its values is described in time_calls.h.
+		// If the registry key doesn't exist, we view it as TimestampMode=0, so the default "QueryPerformanceCounter" timestamp gathering method.
+		g_TimestampMode = NPF_GetRegistryOption_Integer(&parametersPath, &g_TimestampRegValueName);
 
 #ifdef HAVE_WFP_LOOPBACK_SUPPORT
-	NPF_GetRegistryOption_String(RegistryPath, &g_LoopbackRegValueName, &g_LoopbackAdapterName);
-	if (g_LoopbackAdapterName.Buffer != NULL && g_LoopbackAdapterName.Length != ADAPTER_NAME_SIZE * 2)
-	{
-		TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "g_LoopbackAdapterName is invalid, g_LoopbackAdapterName.Length = %d, ADAPTER_NAME_SIZE * 2 = %d\n",
-			g_LoopbackAdapterName.Length, ADAPTER_NAME_SIZE * 2);
-		ExFreePool(g_LoopbackAdapterName.Buffer);
-		g_LoopbackAdapterName.Buffer = NULL;
-		g_LoopbackAdapterName.Length = 0;
-		g_LoopbackAdapterName.MaximumLength = 0;
-	}
+		NPF_GetRegistryOption_String(&parametersPath, &g_LoopbackRegValueName, &g_LoopbackAdapterName);
+		if (g_LoopbackAdapterName.Buffer != NULL && g_LoopbackAdapterName.Length != ADAPTER_NAME_SIZE * 2)
+		{
+			TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "g_LoopbackAdapterName is invalid, g_LoopbackAdapterName.Length = %d, ADAPTER_NAME_SIZE * 2 = %d\n",
+					g_LoopbackAdapterName.Length, ADAPTER_NAME_SIZE * 2);
+			ExFreePool(g_LoopbackAdapterName.Buffer);
+			g_LoopbackAdapterName.Buffer = NULL;
+			g_LoopbackAdapterName.Length = 0;
+			g_LoopbackAdapterName.MaximumLength = 0;
+		}
 #endif
 #ifdef HAVE_RX_SUPPORT
-	NPF_GetRegistryOption_String(RegistryPath, &g_SendToRxRegValueName, &g_SendToRxAdapterName);
-	NPF_GetRegistryOption_String(RegistryPath, &g_BlockRxRegValueName, &g_BlockRxAdapterName);
+		NPF_GetRegistryOption_String(&parametersPath, &g_SendToRxRegValueName, &g_SendToRxAdapterName);
+		NPF_GetRegistryOption_String(&parametersPath, &g_BlockRxRegValueName, &g_BlockRxAdapterName);
 #endif
+	}
+	if (parametersPath.Buffer) ExFreePool(parametersPath.Buffer);
 
 	// RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap" for standard driver
 	// RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap_wifi" for WiFi driver

version.h

@@ -87,11 +87,11 @@
 #define /*
  !define /**/ WINPCAP_MINOR				0
 #define /*
- !define /**/ WINPCAP_REV				92
+ !define /**/ WINPCAP_REV				93
 #define /*
- !define /**/ WINPCAP_BUILD				612
+ !define /**/ WINPCAP_BUILD				727
 #define /*
- !define /**/ WINPCAP_VER_STRING		"0.92"
+ !define /**/ WINPCAP_VER_STRING		"0.93"
 
 #define WINPCAP_WPCAP_STRING_VERSION WINPCAP_VER_STRING