Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Npcap OEM 0.9987: Silent installer silently fails, leaves Npcap half-installed #1910

Closed
akontsevoy opened this issue Feb 7, 2020 · 8 comments
Closed

Npcap OEM 0.9987: Silent installer silently fails, leaves Npcap half-installed #1910

akontsevoy opened this issue Feb 7, 2020 · 8 comments

Comments

@akontsevoy
Copy link

akontsevoy commented Feb 7, 2020
edited

When installing Npcap on (for example) Windows Server 2008 (non-R2, fully updated), the npcap.sys driver is treated as unsigned (probably due to the lack of SHA256 signature verification support or the inability to install a certificate on those systems). The user gets a prompt (even if /S option is given), and if agreed, the install is successful.

However, our software installs Npcap OEM while running under LocalSystem account, there is no user-reachable session where the prompt could be displayed. Driver installation fails with ERROR_DRIVER_STORE_ADD_FAILED, NPFInstall.exe returns -1. No issues here that haven't already been discussed.

However, when that happens, the overall installer exe (npcap-0.9987-oem.exe) still returns 0, so our application considers the installation successful. Worse, it leaves Npcap half-installed; no clean-up is performed, so if our application later tries to detect Npcap installation through the presence of wpcap.dll, it thinks Npcap is installed; but when it starts using Npcap, of course no adapters (or since 0.998x, only loopback adapter) is present to capture from.

The correct behavior (IMO) should be:

  1. Npcap OEM installer should return a non-0 exit code if the installation fails for any reason (no disk space, system not supported, NPFInstall.exe returned an error or crashed, etc) -- preferrably with a different error code for each reason. Our process calling the installer can then execute appropriate fallback and error reporting actions.
  2. The installer should not leave a half-installed application; if the installation fails for any reason, it should clean up and leave only installation logs before exiting.

While at it, I would also suggest increasing the stack reservation size of NPFInstall.exe and other helper exes to at least 8 MB (your builds probably uses the default 1). We've received evidence of this process crashing with a stack overflow exception (c0000409) on some systems while installing Npcap 0.993. We've been unable to reproduce this locally; however, we have experienced this before with other programs when certain antiviruses are installed that inject code into applications (CylancePROTECT in particular). Increasing the stack reservation helped eliminate the crashes in that case.

Install command used: npcap-0.9987-oem.exe /loopback_support=no /admin_only=yes /dot11_support=no /winpcap_mode=no /S

Contents of NPFInstall.log:

[00000B98] 2020-02-07 13:38:02 --> wmain
[00000B98] 2020-02-07 13:38:02     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000B98] 2020-02-07 13:38:02     _tmain: executing, argv[1] = -n.
[00000B98] 2020-02-07 13:38:02     _tmain: executing, argv[2] = -c.
[00000B98] 2020-02-07 13:38:02 --> ClearDriverStore
[00000B98] 2020-02-07 13:38:02 --> executeCommand
[00000B98] 2020-02-07 13:38:02     executeCommand: executing, strCmd = pnputil.exe -e.
[00000B98] 2020-02-07 13:38:02     executeCommand: result = .
[00000B98] 2020-02-07 13:38:02 <-- executeCommand
[00000B98] 2020-02-07 13:38:02 --> getInfNamesFromPnpUtilOutput
[00000B98] 2020-02-07 13:38:02 <-- getInfNamesFromPnpUtilOutput
[00000B98] 2020-02-07 13:38:02 <-- ClearDriverStore
[00000B98] 2020-02-07 13:38:02     _tmain: succeed, nStatus = 0.
[00000B98] 2020-02-07 13:38:02 <-- wmain
[00000B18] 2020-02-07 13:38:02 --> wmain
[00000B18] 2020-02-07 13:38:02     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000B18] 2020-02-07 13:38:02     _tmain: executing, argv[1] = -n.
[00000B18] 2020-02-07 13:38:02     _tmain: executing, argv[2] = -iw.
[00000B18] 2020-02-07 13:38:02 --> InstallWFPCallout
[00000B18] 2020-02-07 13:38:02 --> GetWFPCalloutInfFilePath
[00000B18] 2020-02-07 13:38:02     lpFilename = C:\Program Files\Npcap\NPCAP_wfp.inf
[00000B18] 2020-02-07 13:38:02 <-- GetWFPCalloutInfFilePath
[00000B18] 2020-02-07 13:38:02 --> isFileExist
[00000B18] 2020-02-07 13:38:02     FindFirstFile: succeed, szFileFullPath = C:\Program Files\Npcap\NPCAP_wfp.inf.
[00000B18] 2020-02-07 13:38:02 <-- isFileExist
[00000B18] 2020-02-07 13:38:02     LaunchINFSectionEx: executing, szCmd = C:\Program Files\Npcap\NPCAP_wfp.inf,DefaultInstall,,36,N.
[00000B18] 2020-02-07 13:38:02 <-- InstallWFPCallout
[00000B18] 2020-02-07 13:38:02     _tmain: succeed, nStatus = 0.
[00000B18] 2020-02-07 13:38:02 <-- wmain
[00000704] 2020-02-07 13:38:02 --> wmain
[00000704] 2020-02-07 13:38:02     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000704] 2020-02-07 13:38:02     _tmain: executing, argv[1] = -n.
[00000704] 2020-02-07 13:38:02     _tmain: executing, argv[2] = -i.
[00000704] 2020-02-07 13:38:02 --> PacketInstallDriver60
[00000704] 2020-02-07 13:38:02 --> InstallDriver
[00000704] 2020-02-07 13:38:02 --> GetServiceInfFilePath
[00000704] 2020-02-07 13:38:02     lpFilename = C:\Program Files\Npcap\NPCAP.inf
[00000704] 2020-02-07 13:38:02 <-- GetServiceInfFilePath
[00000704] 2020-02-07 13:38:02 --> InstallSpecifiedComponent
[00000704] 2020-02-07 13:38:02 --> HrGetINetCfg
[00000704] 2020-02-07 13:38:02 <-- HrGetINetCfg
[00000704] 2020-02-07 13:38:02 --> HrInstallNetComponent
[00000704] 2020-02-07 13:38:03     SetupCopyOEMInfW: error, errCode = 0xe0000247.
[00000704] 2020-02-07 13:38:03 <-- HrInstallNetComponent
[00000704] 2020-02-07 13:38:03     Error 0xe0000247: Couldn't install the network component.
[00000704] 2020-02-07 13:38:03 --> HrReleaseINetCfg
[00000704] 2020-02-07 13:38:03 <-- HrReleaseINetCfg
[00000704] 2020-02-07 13:38:03 <-- InstallSpecifiedComponent
[00000704] 2020-02-07 13:38:03     Error 0xe0000247: InstallSpecifiedComponent

[00000704] 2020-02-07 13:38:03 <-- InstallDriver
[00000704] 2020-02-07 13:38:03 <-- PacketInstallDriver60
[00000704] 2020-02-07 13:38:03     _tmain: error, nStatus = -1.
[00000704] 2020-02-07 13:38:03 <-- wmain

Contents of install.log:

CreateDirectory: "C:\Program Files\Npcap" created
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 10087 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1042 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 9142 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 224856 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 833
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 56920 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10609 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8657 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2404 to "C:\Program Files\Npcap\npcap_wfp.inf"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 261584 to "C:\Program Files\Npcap\Uninstall.exe"
detailprint: Installing NDIS6.x x86 driver for Win7, Win8 and Win10
Call: 799
Jump: 811
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377944 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 152152 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 89176 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55384 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 899
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000001"
Jump: 904
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000000"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Jump: 1141
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 651
Call: 855
CreateDirectory: "C:\Windows\TEMP\nsoFCFA.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1566 to "C:\Windows\TEMP\nsoFCFA.tmp\Insecure-EV.cer"
Call: 1208
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll"
File: wrote 15520 to "C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll"
Delete: "C:\Windows\TEMP\nsoFCFA.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Windows\TEMP\nsoFCFA.tmp\Insecure-EV.cer")
Call: 1208
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll" (overwriteflag=1)
detailprint: The cache in driver store was cleared
Call: 1208
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll" (overwriteflag=1)
Call: 1208
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10
detailprint: Writing service options to registry
Call: 933
Call: 910
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "LoopbackSupport"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "DltNull"="0x00000001"
WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Edition"="Npcap OEM"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "AdminOnly"="0x00000001"
Jump: 919
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Dot11Support"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "VlanSupport"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "WinPcapCompatible"="0x00000000"
Call: 1003
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004"
Call: 971
detailprint: Starting the npcap driver
Call: 1208
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1208
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1208
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll" (overwriteflag=1)
Jump: 1178
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap OEM"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="0.9987"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="9987"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="CheckStatus.bat"
File: wrote 862 to "C:\Program Files\Npcap\CheckStatus.bat"
Call: 1208
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll"
File: skipped: "C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll" (overwriteflag=1)
Delete: DeleteFile("C:\Windows\TEMP\nsoFCFA.tmp\final.ini")
Delete: DeleteFile("C:\Windows\TEMP\nsoFCFA.tmp\nsExec.dll")
Delete: DeleteFile("C:\Windows\TEMP\nsoFCFA.tmp\options.ini")
Delete: DeleteFile("C:\Windows\TEMP\nsoFCFA.tmp\SimpleSC.dll")
Delete: DeleteFile("C:\Windows\TEMP\nsoFCFA.tmp\System.dll")
RMDir: RemoveDirectory("C:\Windows\TEMP\nsoFCFA.tmp\")

Output of systeminfo:


Host Name:                 <redacted>
OS Name:                   Microsoftr Windows Serverr 2008 Standard 
OS Version:                6.0.6003 Service Pack 2 Build 6003
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Server
OS Build Type:             Multiprocessor Free
Registered Owner:          Windows User
Registered Organization:   
Product ID:                <redacted>
Original Install Date:     12/12/2008, 8:24:57 PM
System Boot Time:          2/7/2020, 1:24:58 PM
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               X86-based PC
Processor(s):              2 Processor(s) Installed.
                           [01]: x64 Family 6 Model 44 Stepping 2 GenuineIntel ~2793 Mhz
                           [02]: x64 Family 6 Model 44 Stepping 2 GenuineIntel ~2793 Mhz
BIOS Version:              Phoenix Technologies LTD 6.00, 12/12/2018
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (GMT-06:00) Central Time (US & Canada)
Total Physical Memory:     2,047 MB
Available Physical Memory: 1,473 MB
Page File: Max Size:       3,044 MB
Page File: Available:      2,487 MB
Page File: In Use:         557 MB
Page File Location(s):     D:\pagefile.sys
Domain:                    <redacted>
Logon Server:              <redacted>
Hotfix(s):                 609 Hotfix(s) Installed.
                           [01]: {87796B93-94D0-A0C7-EFC4-FF34426626BC} - Update/Uninstall/Repair this SDK
                           [02]: {62D3B51B-F56D-40F0-8C32-EAB204ADF752}
                           [03]: {25CD1DBE-0D2D-3E78-9FDC-794CC40B94AA} - Caution. Removing this product might prevent some applications from running.
                           [04]: {085145DC-7628-4156-8006-9DC18F5AA573}
                           [05]: {1DE62EBA-6684-2483-3409-CEBADBF8A31E} - Update/Uninstall/Repair this SDK
                           [06]: KB971513
                           [07]: KB971512
                           [08]: 944036
                           [09]: 982861
                           [10]: KB960362
                           [11]: KB2761494
                           [12]: KB2079403
                           [13]: KB2117917
                           [14]: KB2207566
                           [15]: KB2296011
                           [16]: KB2305420
                           [17]: KB2345886
                           [18]: KB2347290
                           [19]: KB2387149
                           [20]: KB2388210
                           [21]: KB2393802
                           [22]: KB2412687
                           [23]: KB2416469
                           [24]: KB2416470
                           [25]: KB2416474
                           [26]: KB2419640
                           [27]: KB2423089
                           [28]: KB2442962
                           [29]: KB2443685
                           [30]: KB2447568
                           [31]: KB2449741
                           [32]: KB2449742
                           [33]: KB2467659
                           [34]: KB2476490
                           [35]: KB2478660
                           [36]: KB2481109
                           [37]: KB2482017
                           [38]: KB2483185
                           [39]: KB2492386
                           [40]: KB2497640
                           [41]: KB2497640
                           [42]: KB2503658
                           [43]: KB2503665
                           [44]: KB2505189
                           [45]: KB2506212
                           [46]: KB2506223
                           [47]: KB2507618
                           [48]: KB2507938
                           [49]: KB2508272
                           [50]: KB2508429
                           [51]: KB2509553
                           [52]: KB2510531
                           [53]: KB2510581
                           [54]: KB2511455
                           [55]: KB2518866
                           [56]: KB2522422
                           [57]: KB2524375
                           [58]: KB2530548
                           [59]: KB2535512
                           [60]: KB2536275
                           [61]: KB2536276
                           [62]: KB2544893
                           [63]: KB2545698
                           [64]: KB2563227
                           [65]: KB2564958
                           [66]: KB2570947
                           [67]: KB2584146
                           [68]: KB2585542
                           [69]: KB2598479
                           [70]: KB2604094
                           [71]: KB2620704
                           [72]: KB2621440
                           [73]: KB2631813
                           [74]: KB2643719
                           [75]: KB2653956
                           [76]: KB2654428
                           [77]: KB2655992
                           [78]: KB2676562
                           [79]: KB2685939
                           [80]: KB2690533
                           [81]: KB2691442
                           [82]: KB2698365
                           [83]: KB2705219
                           [84]: KB2712808
                           [85]: KB2718704
                           [86]: KB2719985
                           [87]: KB2726535
                           [88]: KB2727528
                           [89]: KB2729453
                           [90]: KB2742601
                           [91]: KB2748349
                           [92]: KB2756919
                           [93]: KB2757638
                           [94]: KB2758857
                           [95]: KB2762895
                           [96]: KB2763674
                           [97]: KB2770660
                           [98]: KB2780091
                           [99]: KB2785220
                           [100]: KB2789646
                           [101]: KB2798162
                           [102]: KB2807986
                           [103]: KB2808679
                           [104]: KB2813345
                           [105]: KB2813430
                           [106]: KB2820917
                           [107]: KB2832412
                           [108]: KB2834886
                           [109]: KB2836945
                           [110]: KB2839894
                           [111]: KB2840149
                           [112]: KB2844287
                           [113]: KB2847311
                           [114]: KB2849470
                           [115]: KB2855844
                           [116]: KB2859537
                           [117]: KB2861190
                           [118]: KB2861855
                           [119]: KB2862152
                           [120]: KB2862330
                           [121]: KB2862335
                           [122]: KB2862966
                           [123]: KB2862973
                           [124]: KB2863253
                           [125]: KB2864058
                           [126]: KB2864063
                           [127]: KB2864202
                           [128]: KB2868038
                           [129]: KB2868116
                           [130]: KB2868623
                           [131]: KB2868626
                           [132]: KB2876284
                           [133]: KB2876331
                           [134]: KB2884256
                           [135]: KB2887069
                           [136]: KB2891804
                           [137]: KB2892075
                           [138]: KB2893294
                           [139]: KB2893984
                           [140]: KB2894847
                           [141]: KB2898858
                           [142]: KB2900986
                           [143]: KB2901113
                           [144]: KB2901674
                           [145]: KB2904266
                           [146]: KB2909921
                           [147]: KB2911502
                           [148]: KB2916036
                           [149]: KB2922229
                           [150]: KB2925418
                           [151]: KB2926765
                           [152]: KB2929733
                           [153]: KB2930275
                           [154]: KB2931354
                           [155]: KB2936068
                           [156]: KB2937608
                           [157]: KB2939576
                           [158]: KB2943344
                           [159]: KB2953522
                           [160]: KB2957189
                           [161]: KB2957503
                           [162]: KB2957509
                           [163]: KB2957689
                           [164]: KB2961072
                           [165]: KB2962872
                           [166]: KB2964358
                           [167]: KB2968292
                           [168]: KB2972098
                           [169]: KB2973201
                           [170]: KB2974268
                           [171]: KB2974269
                           [172]: KB2978116
                           [173]: KB2991963
                           [174]: KB2993651
                           [175]: KB2998579
                           [176]: KB2999226
                           [177]: KB3003743
                           [178]: KB3004361
                           [179]: KB3005607
                           [180]: KB3006137
                           [181]: KB3010788
                           [182]: KB3011780
                           [183]: KB3020393
                           [184]: KB3021674
                           [185]: KB3022777
                           [186]: KB3023213
                           [187]: KB3033889
                           [188]: KB3033890
                           [189]: KB3035126
                           [190]: KB3035132
                           [191]: KB3037573
                           [192]: KB3045685
                           [193]: KB3046017
                           [194]: KB3054206
                           [195]: KB3055642
                           [196]: KB3057154
                           [197]: KB3059317
                           [198]: KB3060716
                           [199]: KB3067505
                           [200]: KB3067903
                           [201]: KB3068457
                           [202]: KB3071756
                           [203]: KB3072303
                           [204]: KB3072630
                           [205]: KB3073921
                           [206]: KB3074541
                           [207]: KB3075220
                           [208]: KB3076895
                           [209]: KB3076949
                           [210]: KB3078601
                           [211]: KB3080446
                           [212]: KB3081320
                           [213]: KB3084135
                           [214]: KB3086255
                           [215]: KB3087039
                           [216]: KB3092601
                           [217]: KB3092627
                           [218]: KB3097966
                           [219]: KB3097988
                           [220]: KB3101722
                           [221]: KB3108371
                           [222]: KB3108381
                           [223]: KB3108664
                           [224]: KB3109094
                           [225]: KB3109103
                           [226]: KB3109560
                           [227]: KB3110329
                           [228]: KB3115858
                           [229]: K
Network Card(s):           1 NIC(s) Installed.
                           [01]: Intel(R) PRO/1000 MT Network Connection
                                 Connection Name: Local Area Connection 2
                                 DHCP Enabled:    Yes
                                 DHCP Server:     <redacted>
                                 IP address(es)
                                 [01]: <redacted>
                                 [02]: <redacted>
@dmiller-nmap
Copy link

Thanks for pointing this out. Our goal with Npcap was to support Windows versions that were still in extended support by Microsoft, but we were forced to miss that goal by our certificate expiring 2 months before Server 2008 (based on Vista) ended extended support. Since the signature issue was the only problem and it was able to be bypassed by a user accepting the warning, we went ahead with the release without making changes to NDIS version or NTDDI version that would have explicitly removed support for those versions. Going forward, we will be making these changes, so the next release of Npcap will not be capable of running on Windows versions prior to Windows 7 (Windows 2008 R2).

You have raised a valid point about the installer not gracefully handling a failure at this point. We are already looking at changes to better handle fixing broken installations, and we will look into how errors are handled so that this does not happen in the future.

@akontsevoy
Copy link
Author

I don't think it's necessary to explicitly desupport Vista/WS2008, unless you mean to upgrade Npcap to a higher NDIS version and take advantage of new functionality. But either way, if the silent failure in the installer is fixed, this should work for us -- as long as the installer properly reports failure and cleans up after itself, our software will fall back onto installing and using WinPcap.

@dmiller-nmap
Copy link

We do intend on supporting higher NDIS versions, since users have complained that Npcap interferes with advanced functions like RSC (#1417). We also hope that using a higher version of WFP functions will help address some issues we've seen related to loopback capture (#1789).

The commit above fixes an actual bug in the installer code that goes all the way back to Npcap 0.78: in silent mode, a failure to install the filter driver would not be communicated to the main installer function, so it continued with the install as though it had succeeded. Future releases will always fail gracefully without corrupting the system if this step fails.

@akontsevoy
Copy link
Author

@dmiller-nmap Understood. But which commit are you referring to? I see no commits referenced here, nor any relevant new commits in npcap or nmap repo networks...

@fyodor
Copy link
Member

fyodor commented Mar 4, 2020

Hi @akontsevoy . The commit is actually to our Npcap build system repo rather than our normal Npcap repo since the changes are to the NSI file. But they will be in the next release. And if you do need access to the NSI for some reason, just let me know your email address. Cheers!

@akontsevoy
Copy link
Author

Yeah, I thought it was to a private repo, and that's probably why it didn't show up here, even if this issue was mentioned in a PR there. For the moment we can wait until the next release, if it's reasonably soon; in the mean time we're trying to get our customer to verify a solution to a different issue supposedly fixed in 0.9987.

@akontsevoy
Copy link
Author

@fyodor @dmiller-nmap In the mean time, could you please increase the stack reservation size in the build of NPFInstall.exe from the default 1 MB to something like 8 MB, to avoid stack overflow crashes under intrusive anti-malware? (I mentioned it in the original post as another observed cause of silent installation failures, but was not sure if you noticed.)

@dmiller-nmap
Copy link

The installer change was made for Npcap 0.9988, fixing this issue. If you have further problems, please open a new issue. Note that I moved the discussion of stack reservation size to its own issue, #1951.

@akontsevoy akontsevoy mentioned this issue Apr 18, 2020
Closed
@dmiller-nmap dmiller-nmap mentioned this issue May 20, 2020
Open
@akontsevoy akontsevoy mentioned this issue May 21, 2020
Closed
@dmiller-nmap dmiller-nmap mentioned this issue Aug 5, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akontsevoy @fyodor @dmiller-nmap