|

Wireshark's WinPcap Detection

View: New views

7 Messages — Rating Filter: Alert me

	Wireshark's WinPcap Detection by Rob Nicholls-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I noticed that Wireshark's installer doesn't detect that WinPcap has already been installed if I use the Nmap version of the WinPcap installer. I grabbed Wireshark's source code and spotted that they're checking the following keys: ReadRegStr $WINPCAP_NAME HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayName" ReadRegStr $WINPCAP_VERSION HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayVersion" They seem to be checking the "WinPcapInst registry" key for the version of WinPcap. This is fine if people use the official installer, which creates these keys, but not so good for a custom installer like ours (additionally, we don't currently create the DisplayVersion value) that's using a different key ("winpcap-nmap"). So the question is do we modify our installer to create the same registry keys (and potentially step on their toes)? Or do we assume that people installing tools like Wireshark will either skip it because they know they already have WinPcap installed/let the official installer prompt them for a force install over the top? If we do decide to create the same keys as the official WinPcap installer, it complicates our silent installer (but I can probably add another registry value that still lets us identify our own installs). Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
	Re: Wireshark's WinPcap Detection by Fyodor :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, Nov 04, 2009 at 04:15:31PM +0000, Rob Nicholls wrote: > I noticed that Wireshark's installer doesn't detect that WinPcap has > already been installed if I use the Nmap version of the WinPcap installer. > I grabbed Wireshark's source code and spotted that they're checking the > following keys: Good catch and research! > If we do decide to create the same keys as the official WinPcap installer, > it complicates our silent installer (but I can probably add another > registry value that still lets us identify our own installs). I like this idea of creating the same keys for compatibility with the official installer, but also creating an extra key that we (or they) can use when there is a desire to distinguish between the two. Can you make this change? Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
	Re: Wireshark's WinPcap Detection by Rob Nicholls-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > I like this idea of creating the same keys for compatibility with the > official installer, but also creating an extra key that we (or they) > can use when there is a desire to distinguish between the two. Can > you make this change? Sure, I expect I'll have something sorted by the end of the weekend. Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
	[PATCH] RE: Wireshark's WinPcap Detection by Rob Nicholls-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Attached is a patch that should do the trick. Wireshark seems to be a lot happier that a version of WinPcap is actually installed. At various points I've tried upgrading from the official WinPcap 4.0.2, our WinPcap 4.0.2 and even after an official WinPcap 4.0.2 over the top of our WinPcap 4.0.2 and I think it all works okay (including a few test silent installations), but any further testing would be greatly appreciated. Fyodor, is there any chance you could compile another version and stick it in your /tmp folder like last time? Rob -----Original Message----- From: Fyodor [mailto:fyodor@...] Sent: 07 November 2009 00:46 To: Rob Nicholls Subject: Re: Wireshark's WinPcap Detection On Fri, Nov 06, 2009 at 09:08:54AM +0000, Rob Nicholls wrote: > > I like this idea of creating the same keys for compatibility with the > > official installer, but also creating an extra key that we (or they) > > can use when there is a desire to distinguish between the two. Can > > you make this change? > > Sure, I expect I'll have something sorted by the end of the weekend. Great! That should be just in time for the release next week. -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ winpcap_installer_compatability_improvements.diff (10K) Download Attachment
	Re: [PATCH] RE: Wireshark's WinPcap Detection by Fyodor :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, Nov 08, 2009 at 07:15:13PM -0000, Rob Nicholls wrote: > Attached is a patch that should do the trick. Wireshark seems to be a lot > happier that a version of WinPcap is actually installed. Thanks Rob! I just applied it. > Fyodor, is there any chance you could compile another version and stick it > in your /tmp folder like last time? I'm setting up a new Windows build system (may take a few days) but then I'll build a test version of this. That will better reflect the way it will be built for the next release. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
	Re: [PATCH] RE: Wireshark's WinPcap Detection by Fyodor :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, Nov 08, 2009 at 07:15:13PM -0000, Rob Nicholls wrote: > > At various points I've tried upgrading from the official WinPcap 4.0.2, our > WinPcap 4.0.2 and even after an official WinPcap 4.0.2 over the top of our > WinPcap 4.0.2 and I think it all works okay (including a few test silent > installations), but any further testing would be greatly appreciated. > > Fyodor, is there any chance you could compile another version and stick it > in your /tmp folder like last time? Thanks Rob! I built a version of this on my new Windows 7 x64 build system. It worked there, and also on an XP SP2 system I tested. Further testing is certainly welcome, so I've posted it here for people to try: http://insecure.org/tmp/c/winpcap-nmap-4.11-111609.exe Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
	Re: [PATCH] RE: Wireshark's WinPcap Detection by David Fifield :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Nov 16, 2009 at 10:19:15PM -0800, 'Fyodor' wrote: > On Sun, Nov 08, 2009 at 07:15:13PM -0000, Rob Nicholls wrote: > > > > At various points I've tried upgrading from the official WinPcap 4.0.2, our > > WinPcap 4.0.2 and even after an official WinPcap 4.0.2 over the top of our > > WinPcap 4.0.2 and I think it all works okay (including a few test silent > > installations), but any further testing would be greatly appreciated. > > > > Fyodor, is there any chance you could compile another version and stick it > > in your /tmp folder like last time? > > Thanks Rob! I built a version of this on my new Windows 7 x64 build > system. It worked there, and also on an XP SP2 system I tested. > Further testing is certainly welcome, so I've posted it here for > people to try: > > http://insecure.org/tmp/c/winpcap-nmap-4.11-111609.exe It works for me too on XP SP3. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/