Wireshark-dev: Re: [Wireshark-dev] Plan to make NPcap available for Wireshark

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Sat, 4 Jul 2015 18:28:43 +0100
Out of interest why does NPcap not place its DLL's in System32\SysWow64 as that is on the standard DLL search path?



On 4 July 2015 at 17:28, Yang Luo <hsluoyb@xxxxxxxxx> wrote:
Hi Pascal, I hold the same opinion with you, because a user installing NPcap implies that he wants to use it, I think I will make it this way:)

Cheers,
Yang

On Sat, Jul 4, 2015 at 6:07 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:


Le 4 juil. 2015 4:26 AM, "Yang Luo" <hsluoyb@xxxxxxxxx> a écrit :
>
> Hi list,
>
> Given that current Wireshark can't make use of NPcap because of the DLL search path problem mentioned in https://www.wireshark.org/lists/wireshark-dev/201506/msg00030.html, I'd like to make a patch for Wireshark. As it is a security consideration that Wireshark don't want to search the DLLs in the Windows way. My plan is to explicitly add the NPcap path to Wireshark's DLL search logic. NPcap uses the "C:\Windows\System32\NPcap" and "C:\Windows\SysWow64\NPcap" to store its DLLs (WinPcap uses "C:\Windows\System32" and "C:\Windows\SysWow64" directly). As it is a sub directory of System32 folder. Its access control policy is the same with System32, and there should be no security problem I think. The second question is if WinPcap and NPcap are both available in a system, which will be loaded first? I'd like to hear your opinions:)
>
> Cheers,
> Yang
>

Hi Yang,

As WinPcap is older and could be installed for other programs, on my side I would consider NPcap has having higher precedence and be loaded first.

Best regards,
Pascal.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Graham Bloice
Software Developer
Trihedral UK Limited