This is where it is on my machine (Win2k SP2 also):
14.33212713 SERVICES.EXE:216 SetValue
HKLM\System\CurrentControlSet\Services\NPF\Start 0x2
If that doesn't work, you can try this:
0. Get Regmon from
http://www.sysinternals.com/ntw2k/source/regmon.shtml
1. Run Ethereal, or WinDump, or anything you can run to load the
driver.
2. Go to Control Panel -> System (or press Windows+Break :D)
3. Select the Hardware tab; go to Device Mangler.
4. From the menu, choose View/Devices by type, then View/Show hidden
devices.
5. A new category "Non-Plug and Play Drivers" will show up in the
middle of the list. Expand it.
6. There should be an item listed as "Netgroup Packet Filter".
Double-click it to bring up its
Properties window.
7. Select the "Driver" tab. There is a Startup Type, which is
currently set to "Demand".
8. Start Regmon. Note that there will be a lot of noise, so you may
want to press Ctrl+L and set
the Include filter to "*services.exe*".
9. Change the Startup Type to "Automatic" and hit OK to close the
dialog.
10. Regmon will now have a very large list of registry accesses it's
captured. One of those is the
new Startup Type for NPF.
-----Original Message-----
From: Kevin Gilbert [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 10, 2002 6:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [WinPcap-users] Registry entries
W2K 5.00.2195 Service Pack 2
-----Original Message-----
From: Stephen Oberholtzer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 11 September 2002 00:18
To: '[EMAIL PROTECTED]'
Subject: RE: [WinPcap-users] Registry entries
What OS are you running?
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[email protected]/
To unsubscribe use
mailto: [EMAIL PROTECTED]?body=unsubscribe
==================================================================
