Wireshark-dev: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Mon, 20 Jul 2015 17:14:52 +0200


2015-07-20 17:03 GMT+02:00 Pascal Quantin <pascal.quantin@xxxxxxxxx>:

 
2015-07-20 16:22 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
Hi Pascal,

On Mon, Jul 20, 2015 at 8:36 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Yang,

I gave another try to a second Win10 x64 French virtual machine and it was not renamed either. The 'ver' command typed in a console does work like in your picture.

This is so weird. I guess the only difference between our systems is the language, and I don't think a UI language could lead to this diverging. It has no other possibility but to be a bug for Windows beta. Maybe we should set aside this issue and wait for Win10 RTM.

AFAIK 10240 is the candidate for RTM. Wait and see :)
 
 

For your information GetVersionEx API can work on Windows 10 (that's what we use in Wireshark). But you need to embed a manifest in your application indicating that Windows 10 is supported by adding its GUID (see https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=image/wireshark.exe.manifest.in;h=9a3f32c912aae5ec8f05266f4ac28f14446025a1;hb=refs/heads/master that we use for Wireshark).


I saw this in MSDN too, but I don't know if this manifest way is the ultimate solution even for Win10 RTM? If GetVersionEx API works on Win10 RTM without this special manifest, then I preferred not to add it.

This is mandatory (as it was mandatory for Windows 8.1 with its own GUID) and I expect this to work in RTM (it has been working like this very long time, even when Windows 10 was identifying itself as 6.4 and not 10). See this Microsoft blog post for details: http://blogs.msdn.com/b/chuckw/archive/2013/09/10/manifest-madness.aspx
 
 

Yes that's what happens with WinPcap. The driver starts automatically when calling p_pcap_findalldevs() from wpcap.dll but it does not seem to work with Npcap.

I tried to first stop the service using "net stop npf", then start latest stable version Wireshark 64 bit (Version 1.12.6 (v1.12.6-0-gee1fce6 from master-1.12)) . I can see the interface list in fact. So I don't know what's wrong here. I have modified the installer a little to start the service when installation finishes. And make sure you checked "Automatically start the Npcap driver at boot time" option in the last page of installer.

I was already checking this option box.


With this new installer (unfortunately still named r2 which is confusing ;) ), the service was running after installation and I can manually stop and restart it. But after reboot it does not start and typing 'sc start npf' now gives an error stating that the specified file cannot be found. 

Regarding the automatic start of npf.sys service when calling p_pcap_findalldevs() I realize that I was not launching Wireshark with admin rights. With elevated privileges, it launches NPF if previously manually stopped. Sorry for the confusion.

Pascal.