Hi Pascal, I have analyzed your log and it shows that WSK_CLIENT_DISPATCH::WskSocket function fails with STATUS_ACCESS_DENIED. The result turns out to be a bug: If you launch Wireshark with no Admin right, the WSK code fails to init, so Npcap loopback adapter can't be opened. I think you launched Wireshark with no Admin right in both machines. So I have moved WSK init code to Driver start routine and get this issue fixed, please try the latest installer at: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r3.exe
Cheers, Yang On Tue, Aug 18, 2015 at 5:23 PM, Pascal Quantin <pascal.quan...@gmail.com> wrote: > Hi Yang, > > 2015-08-18 3:27 GMT+02:00 Yang Luo <hslu...@gmail.com>: > >> Hi Pascal, >> >> Sorry that 0.04 r2 lacks some message, I added some extra trace in latest >> version, please try this and give me the log, >> >> https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r2-debug-2.exe >> <https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r2-debug-2.exe> >> >> Also it's weird that our VirtualBox guests have different behaviors. Our >> hardware for the VM should be mostly the same. The Win10 image I installed >> is en_windows_10_multiple_editions_x64_dvd_6846432.iso, and I chose Pro >> edition to install. What edition did you install? Also it would be good if >> you can provide the .vbox file of your VM. >> > > My Windows 10 x64 VM was initially installed from a Technical Preview > (probably version 10052 but I'm not completely sure) and then upgraded to > the RTM version (and up-to-date with all updates). It's a Pro edition. You > will find attached the DebugView log and the .vbox file. > My Windows 10 x64 host was upgraded from Windows 8.1 and is the Family > edition. You will also find attached the corresponding log. > > Pascal. > > >> Cheers, >> Yang >> >> >> On Tue, Aug 18, 2015 at 1:30 AM, Pascal Quantin <pascal.quan...@gmail.com >> > wrote: >> >>> >>> 2015-08-17 18:52 GMT+02:00 Pascal Quantin <pascal.quan...@gmail.com>: >>> >>>> >>>> >>>> 2015-08-17 2:55 GMT+02:00 Yang Luo <hslu...@gmail.com>: >>>> >>>>> Hi Pascal, >>>>> >>>>> Thanks for test. It's my typo mistake for the BSoD word, what I meant >>>>> is the loopback interface didn't show problem, in fact they share the same >>>>> cause. Because I didn't handle the error correctly in 0.03 r5 and r6, so >>>>> it >>>>> turns to a BSoD. >>>>> >>>>> >>>>> On Sun, Aug 16, 2015 at 11:55 PM, Pascal Quantin < >>>>> pascal.quan...@gmail.com> wrote: >>>>> >>>>>> >>>>>> Le 16 août 2015 3:39 PM, "Pascal Quantin" <pascal.quan...@gmail.com> >>>>>> a écrit : >>>>>> > >>>>>> > Hi Yang, >>>>>> > >>>>>> > 2015-08-16 14:18 GMT+02:00 Yang Luo <hslu...@gmail.com>: >>>>>> >> >>>>>> >> Hi Pascal, >>>>>> >> >>>>>> >> I think this BSoD is caused by the Winsock Kernel init code in >>>>>> Npcap driver (NPF_WSKStartup call or NPF_WSKInitSockets call failed). I >>>>>> can't reproduce it on my Win8.1 VM, Win10 VM and Win10 physical host. I >>>>>> used VMware Workstation 11.1.2 for my VMs. I don't know which type your >>>>>> VM >>>>>> is? There shouldn't be pretty much hardware difference between VMs. What >>>>>> special software has you installed on your VM? The boldest idea is that >>>>>> you >>>>>> provide a VM image that occurs this problem if you like. >>>>>> > >>>>>> > >>>>>> > I'm running a Windows 10 x64 VM running on Virtualbox 5.0 (with >>>>>> extension pack) with just Wireshark 1.99.9 development version and Nmap >>>>>> installed. No other specific software installed. In the VM system >>>>>> settings, >>>>>> I have checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options >>>>>> with 2 >>>>>> processors. The network adapter is using the default setting (NAT). >>>>>> > The VM is 41Gb so I will not be able to upload it unfortunately. >>>>>> But maybe you could reproduce it with Virtualbox instead of VMware? >>>>>> >>>>> I have the latest VirtualBox 5.0.2 r102096 installed on my Win10 x64 >>>>> host, installed Win10 x64 VM on it, with Wireshark 1.99.8 and Npcap 0.04. >>>>> I >>>>> also checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2 >>>>> processors. Network is default NAT. But the result turns out that I could >>>>> see and capture on the Npcap loopback adapter, everything is fine. I think >>>>> maybe you'd like to upgrade your VirtualBox to latest 5.0.2 to see what >>>>> happens. If this isn't fixed, perhaps a brand new VM is needed. >>>>> >>>> >>>> Still no luck :(. You will find attached the DebugView log taken with >>>> 0.04r2. >>>> >>> >>> Hi Yang, >>> >>> my Windows 10 x64 host does not reliably succeed to open the loopback >>> interface either (I just tried it once before and it was working fine, but >>> on next reboot it was not). You will find attached the log of version >>> 0.04r2. >>> >>> Pascal. >>> >>> >>> >>> ___________________________________________________________________________ >>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>> Archives: https://www.wireshark.org/lists/wireshark-dev >>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >>> mailto:wireshark-dev-requ...@wireshark.org >>> ?subject=unsubscribe >>> >> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
