Wireshark-dev: Re: [Wireshark-dev] Npcap 0.04 call for test
From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Tue, 18 Aug 2015 23:04:01 +0800
Hi Pascal,

 I have analyzed your log and it shows that WSK_CLIENT_DISPATCH::WskSocket function fails with STATUS_ACCESS_DENIED. The result turns out to be a bug: If you launch Wireshark with no Admin right, the WSK code fails to init, so Npcap loopback adapter can't be opened. I think you launched Wireshark with no Admin right in both machines. So I have moved WSK init code to Driver start routine and get this issue fixed, please try the latest installer at:


Cheers,
Yang


On Tue, Aug 18, 2015 at 5:23 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Yang,

2015-08-18 3:27 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
Hi Pascal,

Sorry that 0.04 r2 lacks some message, I added some extra trace in latest version, please try this and give me the log,

Also it's weird that our VirtualBox guests have different behaviors. Our hardware for the VM should be mostly the same. The Win10 image I installed is en_windows_10_multiple_editions_x64_dvd_6846432.iso, and I chose Pro edition to install. What edition did you install? Also it would be good if you can provide the .vbox file of your VM.

My Windows 10 x64 VM was initially installed from a Technical Preview (probably version 10052 but I'm not completely sure) and then upgraded to the RTM version (and up-to-date with all updates). It's a Pro edition. You will find attached the DebugView log and the .vbox file.
My Windows 10 x64 host was upgraded from Windows 8.1 and is the Family edition. You will also find attached the corresponding log.

Pascal.


Cheers,
Yang


On Tue, Aug 18, 2015 at 1:30 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:

2015-08-17 18:52 GMT+02:00 Pascal Quantin <pascal.quantin@xxxxxxxxx>:


2015-08-17 2:55 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
Hi Pascal,

Thanks for test. It's my typo mistake for the BSoD word, what I meant is the loopback interface didn't show problem, in fact they share the same cause. Because I didn't handle the error correctly in 0.03 r5 and r6, so it turns to a BSoD.


On Sun, Aug 16, 2015 at 11:55 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:


Le 16 août 2015 3:39 PM, "Pascal Quantin" <pascal.quantin@xxxxxxxxx> a écrit :
>
> Hi Yang,
>
> 2015-08-16 14:18 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
>>
>> Hi Pascal,
>>
>> I think this BSoD is caused by the Winsock Kernel init code in Npcap driver (NPF_WSKStartup call or NPF_WSKInitSockets call failed). I can't reproduce it on my Win8.1 VM, Win10 VM and Win10 physical host. I used VMware Workstation 11.1.2 for my VMs. I don't know which type your VM is? There shouldn't be pretty much hardware difference between VMs. What special software has you installed on your VM? The boldest idea is that you provide a VM image that occurs this problem if you like.
>
>
> I'm running a Windows 10 x64 VM running on Virtualbox 5.0 (with extension pack) with just Wireshark 1.99.9 development version and Nmap installed. No other specific software installed. In the VM system settings, I have checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2 processors. The network adapter is using the default setting (NAT).
> The VM is 41Gb so I will not be able to upload it unfortunately. But maybe you could reproduce it with Virtualbox instead of VMware?

I have the latest VirtualBox 5.0.2 r102096 installed on my Win10 x64 host, installed Win10 x64 VM on it, with Wireshark 1.99.8 and Npcap 0.04. I also checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2 processors. Network is default NAT. But the result turns out that I could see and capture on the Npcap loopback adapter, everything is fine. I think maybe you'd like to upgrade your VirtualBox to latest 5.0.2 to see what happens. If this isn't fixed, perhaps a brand new VM is needed.

Still no luck :(.  You will find attached the DebugView log taken with 0.04r2.

Hi Yang,

my Windows 10 x64 host does not reliably succeed to open the loopback interface either (I just tried it once before and it was working fine, but on next reboot it was not). You will find attached the log of version 0.04r2.

Pascal.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe