Sorry for the further spam, but this is an interesting (and annoying!)
development...
After rebooting from the last BSOD, I tried running Wireshark, and received
the usual error about the NPF server not running. However, after quitting
it, I decided to try disabling the "Microsoft Network Monitor 3 Driver"
(which seems to coexist with regular WinPCap, without problems), and ran
"sc start npf":
C:\WINDOWS\system32>sc start npf
SERVICE_NAME: npf
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\WINDOWS\system32>
After waiting a little while, I started wireshark-gtk.exe, and discovered
that the interface list was populated. However, after about 45 seconds, I
received yet another BSOD:
==================================================
Dump File : 071915-30828-01.dmp
Crash Time : 19/07/2015 07:18:16 pm
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 00000000`00000099
Parameter 2 : ffffe001`e8f04148
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : tm.sys
Caused By Address : tm.sys+e29ef9
File Description : Kernel Transaction Manager Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.3.9600.16384 (winblue_rtm.130821-1623)
Processor : x64
Crash Address : ntoskrnl.exe+150ca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\071915-30828-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 281,520
Dump File Time : 19/07/2015 07:20:06 pm
==================================================
Would be interesting to know why the BSOD occurs in the Kernel Transaction
Manager, this time...
Tyson.
2015-07-19 19:13 GMT+01:00 Tyson Key <[email protected]>:
> ...and after rebooting, and reinstalling the various components using
> NPFInstall, and launching Wireshark, no interfaces are detected. However,
> after trying "sc start npf", and waiting a while, I'm greeted with another
> BSOD, of the same kind as last time:
>
> ==================================================
> Dump File : 071915-35687-01.dmp
> Crash Time : 19/07/2015 07:03:01 pm
> Bug Check String : BAD_POOL_CALLER
> Bug Check Code : 0x000000c2
> Parameter 1 : 00000000`00000007
> Parameter 2 : 00000000`00001200
> Parameter 3 : 00000000`00000003
> Parameter 4 : ffffe000`99fa1008
> Caused By Driver : tcpip.sys
> Caused By Address : tcpip.sys+1c2180
> File Description : TCP/IP Driver
> Product Name : Microsoft® Windows® Operating System
> Company : Microsoft Corporation
> File Version : 6.3.9600.16384 (winblue_rtm.130821-1623)
> Processor : x64
> Crash Address : ntoskrnl.exe+150ca0
> Stack Address 1 :
> Stack Address 2 :
> Stack Address 3 :
> Computer Name :
> Full Path : C:\WINDOWS\Minidump\071915-35687-01.dmp
> Processors Count : 4
> Major Version : 15
> Minor Version : 9600
> Dump File Size : 281,520
> Dump File Time : 19/07/2015 07:04:09 pm
> ==================================================
>
> Tyson.
>
> 2015-07-19 17:05 GMT+01:00 Pascal Quantin <[email protected]>:
>
>> Hi Yang,
>>
>> 2015-07-19 15:55 GMT+02:00 Yang Luo <[email protected]>:
>>
>>> Hi Jim,
>>>
>>> Thanks for testing!
>>>
>>> On Sun, Jul 19, 2015 at 12:25 AM, Jim Young <[email protected]> wrote:
>>>
>>>> Hello Yang,
>>>>
>>>> Two comments on all for 2nd test.
>>>>
>>>> 1 - Should the name of the newer package reflect that this is a
>>>> different Npcap package from the 1st one? The 2nd package is named
>>>> identical to the 1st one of npcap-nmap-0.01.exe. The newly downloaded one
>>>> was saved by the browser as npcap-nmap-0.01(1).exe to avoid clobbering the
>>>> 1st one still in the Download folder.
>>>>
>>>>
>>> From now on, I will use installer name such as npcap-nmap-0.01-r2.exe,
>>> which means revision 2 under version 0.01. I don't want to change version
>>> numbers, as current Npcap has many bugs and can't be released as a stable
>>> version yet.
>>>
>>>
>>>> 2 - After uninstalling WinPcap, but not rebooting, I started
>>>> installing the newest Npcap package but the new install is hung at the
>>>> step:
>>>>
>>>> Execute: "C:\Program Files\Npcpa\NPFInstall.exe" -il
>>>>
>>>>
>>> I have improved this part logic, plz test the latest installer:
>>> https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01-r2.exe
>>>
>>> This operation takes some time indeed, but should be less than 20s.
>>>
>>
>> I just gave a quick test to 0.1-r2 version on my Windows 10 virtual
>> machine.
>> - I uninstalled WinPcap and installed Npcap in Winpcap mode without
>> reboot. I got the same warning as Tyson regarding the upgrade of npf.sys
>> file, presumably because yours as version 0.1.0.710 against Winpcap that
>> uses version 4.1.0.2980. Maybe you should advice to reboot the PC after
>> uninstalling Winpcap.
>> - The loopback interface is still named 'Ethernet 2'. I run on Windows
>> 10.0.10240 with French local in case this matters.
>> - After reboot, Wireshark could not see any interface. I doubled checked
>> the driver state and saw that it was stopped. Manually starting it with 'sc
>> npf start' command allowed Wireshark to see interfaces. After reboot the
>> service does not start automatically.
>>
>> I will try to test the WWAN capture beginning of next week.
>>
>> Pascal.
>>
>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <[email protected]>
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:[email protected]
>> ?subject=unsubscribe
>>
>
>
>
> --
> Fight Internet Censorship!
> http://www.eff.org
> http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
> 00447934365844
>
--
Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
