Thank you for your reply. My problem is that there are NO entries in the registry after installing WinPcap!
But you hint on regmon was useful. I ran regmon while I installed WinPcap - the following entry is significant: 6497 18.27431922 WinPcap_3_0_a.e:612 DeleteKey HKLM\SYSTEM\CurrentControlSet\Services\NPF SUCCESS Key: 0xE2081540 This is obviously the reason for the lack of entries in the registries. But why are they being deleted? -----Original Message----- From: Stephen Oberholtzer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 11 September 2002 23:22 To: '[EMAIL PROTECTED]' Subject: RE: [WinPcap-users] Registry entries This is where it is on my machine (Win2k SP2 also): 14.33212713 SERVICES.EXE:216 SetValue HKLM\System\CurrentControlSet\Services\NPF\Start 0x2 If that doesn't work, you can try this: 0. Get Regmon from http://www.sysinternals.com/ntw2k/source/regmon.shtml 1. Run Ethereal, or WinDump, or anything you can run to load the driver. 2. Go to Control Panel -> System (or press Windows+Break :D) 3. Select the Hardware tab; go to Device Mangler. 4. From the menu, choose View/Devices by type, then View/Show hidden devices. 5. A new category "Non-Plug and Play Drivers" will show up in the middle of the list. Expand it. 6. There should be an item listed as "Netgroup Packet Filter". Double-click it to bring up its Properties window. 7. Select the "Driver" tab. There is a Startup Type, which is currently set to "Demand". 8. Start Regmon. Note that there will be a lot of noise, so you may want to press Ctrl+L and set the Include filter to "*services.exe*". 9. Change the Startup Type to "Automatic" and hit OK to close the dialog. 10. Regmon will now have a very large list of registry accesses it's captured. One of those is the new Startup Type for NPF. -----Original Message----- From: Kevin Gilbert [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 6:18 PM To: [EMAIL PROTECTED] Subject: RE: [WinPcap-users] Registry entries W2K 5.00.2195 Service Pack 2 -----Original Message----- From: Stephen Oberholtzer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 11 September 2002 00:18 To: '[EMAIL PROTECTED]' Subject: RE: [WinPcap-users] Registry entries What OS are you running? ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe ================================================================== ================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe =================================================================
