Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Jim, On Thu, Aug 6, 2015 at 4:43 PM, Jim Young wrote: > Hello Yang, > > > I've been doing some testing with Npcap 0.03-r4. > > > Current observations: > > > I can confirm the ping -t -l 65500 127.0.0.1 command is now working as > expected. > > Also I have been unable to trigger any BSODs. > >

Re: [Wireshark-dev] Npcap 0.03 call for test

; > > > STACK_COMMAND: kb > > > FOLLOWUP_IP: > > npf+3186 > > f801`688d7186 4032ff xor dil,dil > > > SYMBOL_STACK_INDEX: 4 > > > SYMBOL_NAME: npf+3186 > > > FOLLOWUP_NAME: MachineOwner > > > MODULE_NAME: npf >

Re: [Wireshark-dev] Npcap 0.03 call for test

243d-2266-f935-8db54b10ab51} Followup: MachineOwner - Best regards, Jim Y. From: wireshark-dev-boun...@wireshark.org on behalf of Yang Luo Sent: Monday, August 10, 2015 06:40 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] N

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Jim, Pascal, This IRQL_NOT_LESS_OR_EQUAL (a) BSoD seems to be caused by NdisAcquireSpinLock call in function NPF_StartUsingOpenInstance has referred to freed Open struct memory, I have tried to fix it in latest installer, you may try it at: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nma

Re: [Wireshark-dev] Npcap 0.03 call for test

Hello Yang, After installing 0.03-r5 on my Windows 8.1 system I too am see a BSOD when starting Wireshark, tshark or dumpcap. Like Pascal's Bugcheck Analysis my crashes are also reporting bug check string: IRQL_NOT_LESS_OR_EQUAL (a) 2: kd> .symfix C:\Symbols 2: kd> .reload Loading Kernel S

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-06 15:21 GMT+02:00 Yang Luo : > Hi Pascal, > > This issue is because some parts of Npcap have been migrated to MSVC2010, > however Win10 RTM lacks VC2010 redist package. I have changed to static > link the libs, and tested on my Win10 RTM. Latest installer that has this > bug fixed is: > h

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Pascal, This issue is because some parts of Npcap have been migrated to MSVC2010, however Win10 RTM lacks VC2010 redist package. I have changed to static link the libs, and tested on my Win10 RTM. Latest installer that has this bug fixed is: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nm

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-05 9:39 GMT+02:00 Yang Luo : > Hello Jim, > > On Tue, Aug 4, 2015 at 12:23 PM, Jim Young wrote: > >> Hello Yang, >> >> While testing Npcap 0.03-r3 I stumbled into one reproducible issue but I >> also triggered a crash (which I am currently unable to reproduce). >> >> The reproducible issu

Re: [Wireshark-dev] Npcap 0.03 call for test

Hello Yang, I've been doing some testing with Npcap 0.03-r4. Current observations: I can confirm the ping -t -l 65500 127.0.0.1 command is now working as expected. Also I have been unable to trigger any BSODs. On my primary Windows 8.1 system I can easily reproduce the installation stall

Re: [Wireshark-dev] Npcap 0.03 call for test

Hello Jim, On Tue, Aug 4, 2015 at 12:23 PM, Jim Young wrote: > Hello Yang, > > While testing Npcap 0.03-r3 I stumbled into one reproducible issue but I > also triggered a crash (which I am currently unable to reproduce). > > The reproducible issue involves capturing on the Npcap loopback interfa

Re: [Wireshark-dev] Npcap 0.03 call for test

Hello Yang, While testing Npcap 0.03-r3 I stumbled into one reproducible issue but I also triggered a crash (which I am currently unable to reproduce). The reproducible issue involves capturing on the Npcap loopback interface and then starting a cmd shell and pinging the loopback address as follo

Re: [Wireshark-dev] Npcap 0.03 call for test

* Monday, August 3, 2015 12:48 > *To:* Developer support list for Wireshark > *Subject:* Re: [Wireshark-dev] Npcap 0.03 call for test > > Hello Yang, > > Since my last comments I've been (quietly) testing the various > updated Npcap releases. I've really had nothing new to

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Pascal, On Tue, Aug 4, 2015 at 5:19 AM, Pascal Quantin wrote: > > > Hi Yang, > > the page > https://msdn.microsoft.com/en-us/library/windows/hardware/ff549954%28v=vs.85%29.aspx > suggests that: > "Before the driver calls *NdisFOidRequest*, the driver must allocate an > *NDIS_OID_REQUEST* >

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Pascal, I followed your steps, but unfortunately didn't reproduce the BSoD. Here's my steps on my Win8.1 x64 VMware VM ( with Intel VT enabled, so it should behave the same as a physical machine): 1) Installed VirtualBox 5.0.0 r101573, just opened the UI once, didn't create any VMs. 2) Reinsta

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-03 17:57 GMT+02:00 Yang Luo : > Hi Pascal, > > Thanks for testing. The output of your dump is pasted below. It seems that > NdisFOidRequest call fails in Npcap's NPF_GetDeviceMTU routine. It is in > the same position with the previous SYSTEM_SERVICE_EXCEPTION BSoD. So I > think they may be

Re: [Wireshark-dev] Npcap 0.03 call for test

From: wireshark-dev-boun...@wireshark.org on behalf of Pascal Quantin Sent: Monday, August 3, 2015 12:48 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Npcap 0.03 call for test Hello Yang, Since my last comments I've been (qu

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-08-03 17:57 GMT+02:00 Yang Luo : > Hi Pascal, > > Thanks for testing. The output of your dump is pasted below. It seems that > NdisFOidRequest call fails in Npcap's NPF_GetDeviceMTU routine. It is in > the same position with the previous SYSTEM_SERVICE_EXCEPTION BSoD. So I > think they may be

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Pascal, Thanks for testing. The output of your dump is pasted below. It seems that NdisFOidRequest call fails in Npcap's NPF_GetDeviceMTU routine. It is in the same position with the previous SYSTEM_SERVICE_EXCEPTION BSoD. So I think they may belong to the same bug. However, I didn't find what'

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang 2015-08-03 9:33 GMT+02:00 Yang Luo : > > Hi list, > > I think have fixed the BAD_POOL_CALLER BSoD in Npcap 0.03 r3 version, it turns out to be a memory double-free bug in WFP classifyFn function used for loopback packet capturing. The lastest installer is: https://svn.nmap.org/nmap-exp/yan

Re: [Wireshark-dev] Npcap 0.03 call for test

Hmm, this is interesting... When I removed the old WinPCap, and installed the new NPCap, and then started Wireshark under WinDBG, immediately after, it didn't crash - but at the same time, it didn't detect any interfaces, either. However, when I rebooted, and tried to start Wireshark under WinDBG

Re: [Wireshark-dev] Npcap 0.03 call for test

Also found this, in a dumpcap MiniDump: Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\MiniDumps\072715-31968-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available *

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang, Not sure if these are any use, since I'm still downloading various symbols, but I've just started looking at some MiniDumps, and spotted these: Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\W

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang, Thanks for looking at this. I've just enabled full memory dumps, after reading https://support.microsoft.com/en-us/kb/969028 - but I'll need to do the Right Ctrl + Scroll Lock X2 trick at a time when I can afford to lose state data. I've got the Windows SDK installed (but not the WinDBG?

Re: [Wireshark-dev] Npcap 0.03 call for test

Personally I never install the Windows symbols as all my debug systems have Internet access, I just set WinDBG to download them as required: 1. Create a directory for the symbol cache, e.g. C:\Symbols 2. In WinDBG, ".symfix C:\Symbols" 3. In WinDBG ".reload" or you can set an environment

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Tyson, I think I have reproduced the BAD_POOL_CALLER error, the step is: 1) reboot the system, 2) start Wireshark UI, 3) Open VMware Workstation. As you installed VMware Player, maybe it's the same reason. I will look into this later. And I found that a full dump file (memory.dmp) has more usef

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Pascal, I analyzed your dumps, and it seems to be the NdisFOidRequest error. A full memory dump helps me to locate the exact error position (NPF_GetDeviceMTU function). I think I have fixed it, but as this crash can't be reproduced, I didn't test my fix. You can try it: https://svn.nmap.org/nm

Re: [Wireshark-dev] Npcap 0.03 call for test

2015-07-27 9:19 GMT+02:00 Yang Luo : > Hi list, > > Thanks for your tests for the first two versions of Npcap, I have fixed > several problems as following: > 1) Npcap causes BSoD if you uninstall Npcap when Npcap is still in use for > capturing packets. > 2) Npcap can't start the driver automatic

Re: [Wireshark-dev] Npcap 0.03 call for test

Aah, I had a look at "Programs, and Features", and it says that the AppEx thing is "AMD Quick Stream" 3.4.4.0, published by AppEx Networks, of Beijing (http://www.appexnetworks.com.cn/). I found a marketing document regarding it at http://support.amd.com/en-us/kb-articles/Pages/AMDQuickStreamTechno

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang, Thanks for looking at these dumps. Yup, I think I enabled the verifier, a few months ago, whilst trying to debug some other issue (probably related to the AppEx thing), and I forgot that I kept it enabled. As for the dumpcap arguments, I just let Wireshark invoke it, through the GUI - s

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Tyson, I have analyzed the five dumps you provided: 1) 072715-32078-01.dmp This dump is caused by nt!VerifierBugCheckIfAppropriate+0x3c code from process svchost.exe, and it seems to be that you switched on Verifier function for your system. I think there's no relationship with Npcap. 2) 0727

Re: [Wireshark-dev] Npcap 0.03 call for test

I just uploaded my MiniDumps to https://dl.dropboxusercontent.com/u/670345/MiniDump.rar, if it makes debugging this easier. Tyson. 2015-07-28 8:08 GMT+01:00 Tyson Key : > Hi Yang, > > Thanks for looking into this. > > I can't remember when/how I installed Win10PCap (guessing that I briefly > had

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang, Thanks for looking into this. I can't remember when/how I installed Win10PCap (guessing that I briefly had a look, but couldn't get it to do anything on my machine, and just removed it), but I'm using VMware Player 6.0.7 build-2844087 (haven't got Workstation/Server installed); and I tri

Re: [Wireshark-dev] Npcap 0.03 call for test

On Mon, Jul 27, 2015 at 10:42 PM, Tyson Key wrote: > After rebooting from uninstalling MS NetMon, I restarted Wireshark, and > got the usual "NPF service not running; no interfaces available" note. This > persists, even if I try "NPFInstall -r", and Wireshark still claims that no > interfaces are

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Tyson, Thanks for these detailed tests. I really didn't test Npcap's compatibility with other NDIS LWF softwares.I noticed that you used 6.3.9600.17736 (winblue_r9.150322-1500), it seems to be the latest Win 8.1 with Update 3, so I have also updated my VM to latest version. Also I have installe

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi Yang, Finally, after removing the Nurago Web Meter, and its Gacela LSP stack (which is supposedly user-mode-only) (and upgrading VMware Player to 6.0.7, from 6.0.4), running CCleaner again, and quickly starting Wireshark, quitting it, and then restarting it, I am able to capture packets (14k, s

Re: [Wireshark-dev] Npcap 0.03 call for test

After rebooting from uninstalling MS NetMon, I restarted Wireshark, and got the usual "NPF service not running; no interfaces available" note. This persists, even if I try "NPFInstall -r", and Wireshark still claims that no interfaces are available. Eventually, after uninstalling NPCap, removing a

Re: [Wireshark-dev] Npcap 0.03 call for test

Annoying, because Microsoft Network Monitor 3.4 is the only tool that can capture 802.11 traffic in monitor mode even semi-reliably (although it seems that the buffer gets full, and then it stops capturing, after about 30 minutes), with my Atheros WLAN adapter, under Windows - but it seems that if

Re: [Wireshark-dev] Npcap 0.03 call for test

Hi all, as version string shows when you substitute Npcap with new versions, it easily caused confusion when a user installs it. So I have updated the version to 0.03 in all exe, dll and sys files. On Mon, Jul 27, 2015 at 3:19 PM, Yang Luo wrote: > Hi list, > > Thanks for your tests for the fi

[Wireshark-dev] Npcap 0.03 call for test

Hi list, Thanks for your tests for the first two versions of Npcap, I have fixed several problems as following: 1) Npcap causes BSoD if you uninstall Npcap when Npcap is still in use for capturing packets. 2) Npcap can't start the driver automatically when system reboots in 0.02, now I have added