diff --git a/docs/npcap-guide.xml b/docs/npcap-guide.xml index e068ba4f..463b617c 100644 --- a/docs/npcap-guide.xml +++ b/docs/npcap-guide.xml @@ -195,7 +195,7 @@ StrCpy $inst_ver "$R2.$R3.$R4.$R5" You can check the installation options of an already installed Npcap by reading the registry - key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap. + key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters. The entries like AdminOnly, Loopback, DltNull,Dot11Support, VlanSupport, WinPcapCompatible, etc. show the installation options. @@ -375,7 +375,7 @@ printf("%s", pcap_version); Detect Npcap Loopback Adapter's presence, by reading registry value Loopback - at key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap. + at key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters. If LoopbackSupport is 0x00000001, then the adapter's device name is in the LoopbackAdapter REG_SZ value. Then perform the following steps. diff --git a/installer/DiagReport.ps1 b/installer/DiagReport.ps1 index 04d2c0b0..78d0d750 100644 --- a/installer/DiagReport.ps1 +++ b/installer/DiagReport.ps1 @@ -46,11 +46,6 @@ function get_os_bit() return (Get-WmiObject Win32_OperatingSystem).OSArchitecture } -function get_winpcap_mode() -{ - return (Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\npcap).GetValue("WinPcapCompatible") -} - function get_install_path() { if ($os_bit -eq "32-bit") @@ -64,7 +59,6 @@ function get_install_path() } $os_bit = get_os_bit -$winpcap_mode = get_winpcap_mode $install_path = get_install_path @@ -195,16 +189,22 @@ else write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap:") (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) +write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters:") +(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi:") (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) - -if ($winpcap_mode -eq 1) -{ - write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf:") - (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) - write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:") - (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) -} +write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi\Parameters:") +(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) + +# WinPcap registry items +write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf:") +(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) +write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters:") +(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) +write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:") +(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) +write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi\Parameters:") +(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi\Parameters | out-string -stream | ? { $_ -NOTMATCH '^ps.+' }) ######################################################### write_report ("`n") @@ -214,10 +214,7 @@ write_report ("*************************************************") Get-Service npcap -if ($winpcap_mode) -{ - Get-Service npf -} +Get-Service npf ######################################################### write_report ("`n") @@ -232,4 +229,4 @@ write_report ("Please refer to: $install_path\install.log") # ) >> $report_file_name ) 2>&1 >> $report_file_name -notepad $report_file_name \ No newline at end of file +notepad $report_file_name diff --git a/packetWin7/NPFInstall/NPFInstall/LoopbackRecord.cpp b/packetWin7/NPFInstall/NPFInstall/LoopbackRecord.cpp index b3b10366..84f8a883 100644 --- a/packetWin7/NPFInstall/NPFInstall/LoopbackRecord.cpp +++ b/packetWin7/NPFInstall/NPFInstall/LoopbackRecord.cpp @@ -344,7 +344,7 @@ BOOL AddFlagToRegistry_Service(tstring strDeviceName) { TRACE_ENTER(); TRACE_EXIT(); - return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME, NPCAP_REG_LOOPBACK_VALUE_NAME, tstring(_T("\\Device\\") + strDeviceName).c_str(), KEY_WRITE); + return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME _T("\\Parameters"), NPCAP_REG_LOOPBACK_VALUE_NAME, tstring(_T("\\Device\\") + strDeviceName).c_str(), KEY_WRITE); } BOOL RecordLoopbackDevice(int iNpcapAdapterID) diff --git a/packetWin7/NPFInstall/NPFInstall/WlanRecord.cpp b/packetWin7/NPFInstall/NPFInstall/WlanRecord.cpp index ad54742b..fbec840d 100644 --- a/packetWin7/NPFInstall/NPFInstall/WlanRecord.cpp +++ b/packetWin7/NPFInstall/NPFInstall/WlanRecord.cpp @@ -293,7 +293,7 @@ BOOL AddFlagToRegistry_Dot11Adapters(LPCTSTR strDeviceName) { TRACE_ENTER(); TRACE_EXIT(); - return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME, NPCAP_REG_DOT11_VALUE_NAME, strDeviceName, KEY_WRITE); + return WriteStrToRegistry(NPCAP_SERVICE_REG_KEY_NAME _T("\\Parameters"), NPCAP_REG_DOT11_VALUE_NAME, strDeviceName, KEY_WRITE); } BOOL writeWlanAdapterGuidsToRegistry() diff --git a/packetWin7/npf/npf/Packet.c b/packetWin7/npf/npf/Packet.c index e4ce5f37..ed30e5e0 100644 --- a/packetWin7/npf/npf/Packet.c +++ b/packetWin7/npf/npf/Packet.c @@ -242,6 +242,7 @@ DriverEntry( { NDIS_FILTER_DRIVER_CHARACTERISTICS FChars; // The specification for the filter. NDIS_FILTER_DRIVER_CHARACTERISTICS FChars_WiFi; // The specification for the WiFi filter. + UNICODE_STRING parametersPath; NTSTATUS Status = STATUS_SUCCESS; // Use NonPaged Pool instead of No-Execute (NX) Nonpaged Pool for Win8 and later, this is for security purpose. @@ -264,38 +265,53 @@ DriverEntry( PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL); TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "OS Version: %d.%d\n", OsMajorVersion, OsMinorVersion); - // Get the AdminOnly option, if AdminOnly=1, devices will be created with the safe SDDL, to make sure only Administrators can use Npcap driver. - // If the registry key doesn't exist, we view it as AdminOnly=0, so no protect to the driver access. - g_AdminOnlyMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_AdminOnlyRegValueName); - // Get the DltNull option, if DltNull=1, loopback traffic will be DLT_NULL/DLT_LOOP style, including captured and sent packets. - // If the registry key doesn't exist, we view it as DltNull=0, so loopback traffic are Ethernet packets. - g_DltNullMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_DltNullRegValueName); - // Get the Dot11Support option, if Dot11Support=1, Npcap driver will enable the raw 802.11 functions. - // If the registry key doesn't exist, we view it as Dot11Support=1, so has raw 802.11 support. - g_Dot11SupportMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_Dot11SupportRegValueName); - // Get the VlanSupport option, if VlanSupport=1, Npcap driver will try to recognize 802.1Q VLAN tag when capturing and sending data. - // If the registry key doesn't exist, we view it as VlanSupport=0, so no VLAN support. - g_VlanSupportMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_VlanSupportRegValueName); - // Get the TimestampMode option. The meanings of its values is described in time_calls.h. - // If the registry key doesn't exist, we view it as TimestampMode=0, so the default "QueryPerformanceCounter" timestamp gathering method. - g_TimestampMode = NPF_GetRegistryOption_Integer(RegistryPath, &g_TimestampRegValueName); + RtlInitUnicodeString(¶metersPath, NULL); + parametersPath.MaximumLength=RegistryPath->Length+wcslen(L"\\Parameters")*sizeof(WCHAR)+sizeof(UNICODE_NULL); + parametersPath.Buffer=ExAllocatePool(PagedPool, parametersPath.MaximumLength); + if (!parametersPath.Buffer) { + return STATUS_INSUFFICIENT_RESOURCES; + } + RtlZeroMemory(parametersPath.Buffer, parametersPath.MaximumLength); + RtlCopyUnicodeString(¶metersPath, RegistryPath); + RtlAppendUnicodeToString(¶metersPath, L"\\Parameters"); + + Status = RtlCheckRegistryKey(RTL_REGISTRY_ABSOLUTE, + parametersPath.Buffer); + if (NT_SUCCESS(Status)) { + // Get the AdminOnly option, if AdminOnly=1, devices will be created with the safe SDDL, to make sure only Administrators can use Npcap driver. + // If the registry key doesn't exist, we view it as AdminOnly=0, so no protect to the driver access. + g_AdminOnlyMode = NPF_GetRegistryOption_Integer(¶metersPath, &g_AdminOnlyRegValueName); + // Get the DltNull option, if DltNull=1, loopback traffic will be DLT_NULL/DLT_LOOP style, including captured and sent packets. + // If the registry key doesn't exist, we view it as DltNull=0, so loopback traffic are Ethernet packets. + g_DltNullMode = NPF_GetRegistryOption_Integer(¶metersPath, &g_DltNullRegValueName); + // Get the Dot11Support option, if Dot11Support=1, Npcap driver will enable the raw 802.11 functions. + // If the registry key doesn't exist, we view it as Dot11Support=1, so has raw 802.11 support. + g_Dot11SupportMode = NPF_GetRegistryOption_Integer(¶metersPath, &g_Dot11SupportRegValueName); + // Get the VlanSupport option, if VlanSupport=1, Npcap driver will try to recognize 802.1Q VLAN tag when capturing and sending data. + // If the registry key doesn't exist, we view it as VlanSupport=0, so no VLAN support. + g_VlanSupportMode = NPF_GetRegistryOption_Integer(¶metersPath, &g_VlanSupportRegValueName); + // Get the TimestampMode option. The meanings of its values is described in time_calls.h. + // If the registry key doesn't exist, we view it as TimestampMode=0, so the default "QueryPerformanceCounter" timestamp gathering method. + g_TimestampMode = NPF_GetRegistryOption_Integer(¶metersPath, &g_TimestampRegValueName); #ifdef HAVE_WFP_LOOPBACK_SUPPORT - NPF_GetRegistryOption_String(RegistryPath, &g_LoopbackRegValueName, &g_LoopbackAdapterName); - if (g_LoopbackAdapterName.Buffer != NULL && g_LoopbackAdapterName.Length != ADAPTER_NAME_SIZE * 2) - { - TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "g_LoopbackAdapterName is invalid, g_LoopbackAdapterName.Length = %d, ADAPTER_NAME_SIZE * 2 = %d\n", - g_LoopbackAdapterName.Length, ADAPTER_NAME_SIZE * 2); - ExFreePool(g_LoopbackAdapterName.Buffer); - g_LoopbackAdapterName.Buffer = NULL; - g_LoopbackAdapterName.Length = 0; - g_LoopbackAdapterName.MaximumLength = 0; - } + NPF_GetRegistryOption_String(¶metersPath, &g_LoopbackRegValueName, &g_LoopbackAdapterName); + if (g_LoopbackAdapterName.Buffer != NULL && g_LoopbackAdapterName.Length != ADAPTER_NAME_SIZE * 2) + { + TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "g_LoopbackAdapterName is invalid, g_LoopbackAdapterName.Length = %d, ADAPTER_NAME_SIZE * 2 = %d\n", + g_LoopbackAdapterName.Length, ADAPTER_NAME_SIZE * 2); + ExFreePool(g_LoopbackAdapterName.Buffer); + g_LoopbackAdapterName.Buffer = NULL; + g_LoopbackAdapterName.Length = 0; + g_LoopbackAdapterName.MaximumLength = 0; + } #endif #ifdef HAVE_RX_SUPPORT - NPF_GetRegistryOption_String(RegistryPath, &g_SendToRxRegValueName, &g_SendToRxAdapterName); - NPF_GetRegistryOption_String(RegistryPath, &g_BlockRxRegValueName, &g_BlockRxAdapterName); + NPF_GetRegistryOption_String(¶metersPath, &g_SendToRxRegValueName, &g_SendToRxAdapterName); + NPF_GetRegistryOption_String(¶metersPath, &g_BlockRxRegValueName, &g_BlockRxAdapterName); #endif + } + if (parametersPath.Buffer) ExFreePool(parametersPath.Buffer); // RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap" for standard driver // RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap_wifi" for WiFi driver diff --git a/version.h b/version.h index 1edd2087..a6609e58 100644 --- a/version.h +++ b/version.h @@ -87,11 +87,11 @@ #define /* !define /**/ WINPCAP_MINOR 0 #define /* - !define /**/ WINPCAP_REV 92 + !define /**/ WINPCAP_REV 93 #define /* - !define /**/ WINPCAP_BUILD 612 + !define /**/ WINPCAP_BUILD 727 #define /* - !define /**/ WINPCAP_VER_STRING "0.92" + !define /**/ WINPCAP_VER_STRING "0.93" #define WINPCAP_WPCAP_STRING_VERSION WINPCAP_VER_STRING