Npcap Bug Report: Green-screened BSoD on Windows Insider #194

gjz010 · 2020-06-21T08:18:09Z

I was waking up my Surface Book 2 with Windows Insider 19041.330 when the BSoD happens with IRQL_NOT LESS_OR_EQUAL

DiagReport:

*************************************************
DiagReport for Npcap ( http://npcap.org )
*************************************************
Script Architecture:		64-bit
Script Path:			C:\Program Files\Npcap\DiagReport.ps1
Current Time:			06/21/2020 16:08:05
Npcap install path:		C:\Program Files\Npcap
Npcap Version:			0.9994
PowerShell Version:		5.1.19041.1


*************************************************
OS Info:
*************************************************


Caption                 : Microsoft Windows 10 专业版
BuildNumber             : 19041
Locale                  : 0804
MUILanguages            : {zh-CN, en-US}
OSArchitecture          : 64 位
ServicePackMajorVersion : 0
ServicePackMinorVersion : 0
SystemDirectory         : C:\WINDOWS\system32
Version                 : 10.0.19041





*************************************************
CPU Info:
*************************************************


Name                      : Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
Manufacturer              : GenuineIntel
DeviceID                  : CPU0
NumberOfCores             : 4
NumberOfEnabledCore       : 4
NumberOfLogicalProcessors : 8
Addresswidth              : 64





*************************************************
Memory Info:
*************************************************
Size:				16305 MB (17097428992 Bytes)


*************************************************
Network Adapter(s) Info:
*************************************************


Caption             : [00000000] VPN Client Adapter - VPN
GUID                : {FDB0209A-D7DB-42BB-8399-8BAA445AB71F}
Index               : 0
InterfaceIndex      : 26
Manufacturer        : SoftEther Corporation
MACAddress          : 5E:EF:4F:E9:C8:37
Speed               : 100000000
NetConnectionID     : VPN - VPN Client
NetConnectionStatus : 7
PNPDeviceID         : ROOT\NET\0000
ServiceName         : Neo_VPN
AdapterType         : 以太网 802.3

Caption             : [00000002] Marvell AVASTAR Wireless-AC Network Controller
GUID                : {101013EB-6540-442D-B9B3-580C2B682D74}
Index               : 2
InterfaceIndex      : 5
Manufacturer        : Marvell Semiconductors, Inc.
MACAddress          : 28:16:A8:4B:B0:7C
Speed               : 9223372036854775807
NetConnectionID     : WLAN
NetConnectionStatus : 7
PNPDeviceID         : PCI\VEN_11AB&DEV_2B38&SUBSYS_045E0007&REV_00\4&32FA7CC7&0&00E0
ServiceName         : mrvlpcie8897
AdapterType         : 以太网 802.3

Caption             : [00000004] Hyper-V Virtual Ethernet Adapter
GUID                : {9AFFA7F3-DFD9-47AC-9345-9FB5F5DDFF28}
Index               : 4
InterfaceIndex      : 16
Manufacturer        : Microsoft
MACAddress          : 00:15:5D:2C:C4:64
Speed               : 10000000000
NetConnectionID     : vEthernet (WLAN)
NetConnectionStatus : 2
PNPDeviceID         : ROOT\VMS_MP\0000
ServiceName         : VMSNPXYMP
AdapterType         : 以太网 802.3

Caption             : [00000005] Xbox Wireless Adapter for Windows
GUID                : {9AAE05B7-B68C-46BD-AA7D-5A61D8CDF305}
Index               : 5
InterfaceIndex      : 18
Manufacturer        : Microsoft Corporation
MACAddress          : 62:45:B5:15:9F:BB
Speed               : 
NetConnectionID     : 本地连接
NetConnectionStatus : 2
PNPDeviceID         : USB\VID_045E&PID_091E\000000000
ServiceName         : mt7612US_bc
AdapterType         : 以太网 802.3

Caption             : [00000007] Bluetooth Device (Personal Area Network)
GUID                : {05682DCB-8A87-4BB1-8822-0A2483C6F47E}
Index               : 7
InterfaceIndex      : 2
Manufacturer        : Microsoft
MACAddress          : 28:16:A8:4B:B0:7D
Speed               : 3000000
NetConnectionID     : 蓝牙网络连接
NetConnectionStatus : 7
PNPDeviceID         : BTH\MS_BTHPAN\6&E3528ED&0&2
ServiceName         : BthPan
AdapterType         : 以太网 802.3

Caption             : [00000017] Hyper-V Virtual Ethernet Adapter
GUID                : {B440E8DE-6672-42F1-A649-97C629EC3094}
Index               : 17
InterfaceIndex      : 35
Manufacturer        : Microsoft
MACAddress          : 00:15:5D:A0:A1:48
Speed               : 10000000000
NetConnectionID     : vEthernet (Default Switch)
NetConnectionStatus : 2
PNPDeviceID         : ROOT\VMS_MP\0001
ServiceName         : VMSNPXYMP
AdapterType         : 以太网 802.3

Caption             : [00000019] Hyper-V Virtual Ethernet Adapter
GUID                : {7A2B1A38-2CF2-4721-B63E-FB4AB49A1C31}
Index               : 19
InterfaceIndex      : 67
Manufacturer        : Microsoft
MACAddress          : 00:15:5D:61:F8:B8
Speed               : 10000000000
NetConnectionID     : vEthernet (WSL)
NetConnectionStatus : 2
PNPDeviceID         : ROOT\VMS_MP\0002
ServiceName         : VMSNPXYMP
AdapterType         : 以太网 802.3

Caption             : [00000020] Realtek USB FE Family Controller
GUID                : {08D45BAA-CF03-49C7-9A94-C5E473279268}
Index               : 20
InterfaceIndex      : 4
Manufacturer        : Realtek
MACAddress          : 00:E0:4A:36:AE:86
Speed               : 100000000
NetConnectionID     : 以太网 2
NetConnectionStatus : 2
PNPDeviceID         : USB\VID_0BDA&PID_8152\00E04A36AE86
ServiceName         : rtux64w10
AdapterType         : 以太网 802.3

Caption             : [00000021] Hyper-V Virtual Ethernet Adapter
GUID                : {6081ADEA-FEA8-43DE-B7E4-8BAB350AB27B}
Index               : 21
InterfaceIndex      : 72
Manufacturer        : Microsoft
MACAddress          : 00:15:5D:E9:9C:3E
Speed               : 10000000000
NetConnectionID     : vEthernet (以太网 2)
NetConnectionStatus : 2
PNPDeviceID         : ROOT\VMS_MP\0003
ServiceName         : VMSNPXYMP
AdapterType         : 以太网 802.3





*************************************************
NDIS Light-Weight Filter (LWF) Info:
*************************************************
HKLM:\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\*:


InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_bridge
Description      : @%SystemRoot%\system32\bridgeres.dll,-2
InfPath          : netbrdg.inf
InfSection       : Install
LocDescription   : @%SystemRoot%\system32\bridgeres.dll,-2

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_wfplwf_lower
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6006
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_Lower_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6006

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 40
ComponentId      : ms_netbios
Description      : @%windir%\system32\drivers\netbios.sys,-501
InfPath          : netnb.inf
InfSection       : NetBIOS.ndi
LocDescription   : @%windir%\system32\drivers\netbios.sys,-501

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262200
ComponentId      : ms_ndiscap
Description      : @%windir%\System32\drivers\ndiscap.sys,-5000
InfPath          : ndiscap.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\ndiscap.sys,-5000

InstallTimeStamp : {221, 7, 12, 0...}
ComponentId      : ms_server
Description      : @%systemroot%\system32\srvsvc.dll,-109
InfPath          : Netserv.inf
InfSection       : Install.ndi
LocDescription   : @%systemroot%\system32\srvsvc.dll,-109

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : vms_vsf
Description      : @%windir%\System32\drivers\vmswitch.sys,-60005
InfPath          : wvms_vsft.inf
InfSection       : VMSVSF.ndi
LocDescription   : @%windir%\System32\drivers\vmswitch.sys,-60005

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_vwifi
Description      : @%windir%\System32\drivers\vwififlt.sys,-105
InfPath          : netvwififlt.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\vwififlt.sys,-105

InstallTimeStamp : {228, 7, 6, 0...}
Characteristics  : 262144
ComponentId      : INSECURE_NPCAP
Description      : @oem13.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)
InfPath          : oem13.inf
InfSection       : FilterStandard
LocDescription   : @oem13.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)

InstallTimeStamp : {228, 7, 6, 0...}
Characteristics  : 262144
ComponentId      : INSECURE_NPCAP_WIFI
Description      : @oem13.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
InfPath          : oem13.inf
InfSection       : FilterWiFi
LocDescription   : @oem13.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_pacer
Description      : @%windir%\System32\drivers\pacer.sys,-101
InfPath          : netpacer.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\pacer.sys,-101

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_wfplwf_upper
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6005
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_Upper_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6005

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_nativewifip
Description      : @%windir%\System32\drivers\nwifi.sys,-101
InfPath          : netnwifi.inf
InfSection       : MS_NWIFI.Install
LocDescription   : @%windir%\System32\drivers\nwifi.sys,-101

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_wfplwf_vswitch
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6004
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_vSwitch_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6004

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_vfpext
Description      : Microsoft Azure VFP Switch Extension
InfPath          : vfpext.inf
InfSection       : Install
LocDescription   : Microsoft Azure VFP Switch Extension

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_l2bridge
Description      : @%SystemRoot%\System32\drivers\l2bridge.sys,-5000
InfPath          : l2bridge.inf
InfSection       : Install
LocDescription   : @%SystemRoot%\System32\drivers\l2bridge.sys,-5000





*************************************************
File Info:
*************************************************


    目录: C:\Program Files\Npcap


Mode                 LastWriteTime         Length Name                                                                 
----                 -------------         ------ ----                                                                 
-a----         2020/6/10      3:14            862 CheckStatus.bat                                                      
-a----         2020/6/21     16:08              0 DiagReport-20200621-160805.txt                                       
-a----         2020/6/10      3:14           1073 DiagReport.bat                                                       
-a----         2020/6/10      3:14           7642 DiagReport.ps1                                                       
-a----         2020/6/10      3:14           2444 FixInstall.bat                                                       
-a----         2020/6/18     17:37          27993 install.log                                                          
-a----         2020/6/10      3:14          10302 LICENSE                                                              
-a----         2020/6/13      8:16          10934 npcap.cat                                                            
-a----         2020/6/13      8:16           8657 npcap.inf                                                            
-a----         2020/6/13      8:16          80672 npcap.sys                                                            
-a----         2020/6/13      5:51           2402 npcap_wfp.inf                                                        
-a----         2020/6/13      6:02         251736 NPFInstall.exe                                                       
-a----         2020/6/18     17:37          53413 NPFInstall.log                                                       
-a----         2020/6/13      8:16         267856 Uninstall.exe                                                        


    目录: C:\WINDOWS\System32


Mode                 LastWriteTime         Length Name                                                                 
----                 -------------         ------ ----                                                                 
-a----         2020/6/13      6:02         102232 NpcapHelper.exe                                                      
-a----         2020/6/13      6:02         179544 Packet.dll                                                           
-a----         2020/6/13      6:02          65368 WlanHelper.exe                                                       
-a----         2020/6/13      6:02         434520 wpcap.dll                                                            


    目录: C:\WINDOWS\System32\Npcap


Mode                 LastWriteTime         Length Name                                                                 
----                 -------------         ------ ----                                                                 
-a----         2020/6/13      6:02         102232 NpcapHelper.exe                                                      
-a----         2020/6/13      6:02         179544 Packet.dll                                                           
-a----         2020/6/13      6:02          65368 WlanHelper.exe                                                       
-a----         2020/6/13      6:02         434520 wpcap.dll                                                            


*************************************************
WinPcap Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\WinPcap:
Not present.


*************************************************
Registry Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\Npcap:


AdminOnly         : 0
WinPcapCompatible : 1
(default)         : C:\Program Files\Npcap



HKLM:\SYSTEM\CurrentControlSet\Services\npcap:


Type               : 1
Start              : 1
ErrorControl       : 1
Tag                : 24
ImagePath          : \SystemRoot\system32\DRIVERS\npcap.sys
DisplayName        : @oem13.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
Group              : NDIS
Description        : @oem13.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
NdisMajorVersion   : 6
NdisMinorVersion   : 20
DriverMajorVersion : 0
DriverMinorVersion : 49



HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters:


NdisImPlatformBindingOptions : 0
DefaultFilterSettings        : 1
LoopbackSupport              : 1
DltNull                      : 1
Edition                      : Npcap
AdminOnly                    : 0
Dot11Support                 : 1
VlanSupport                  : 0
WinPcapCompatible            : 1



HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi:


Type               : 1
Start              : 4
ErrorControl       : 1
Tag                : 25
ImagePath          : \SystemRoot\system32\DRIVERS\npcap.sys
DisplayName        : @oem13.inf,%NPF_Desc_WiFi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
Group              : NDIS
Description        : @oem13.inf,%NPF_Desc_WiFi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
NdisMajorVersion   : 6
NdisMinorVersion   : 20
DriverMajorVersion : 0
DriverMinorVersion : 49



HKLM:\SYSTEM\CurrentControlSet\Services\npf:
Not present.
HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters:
Not present.
HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:
Not present.


*************************************************
Service Info:
*************************************************

Status      : Running
Name        : npcap
DisplayName : Npcap Packet Driver (NPCAP)

Get-Service : 找不到任何服务名称为“npf”的服务。
所在位置 C:\Program Files\Npcap\DiagReport.ps1:211 字符: 1
+ Get-Service npf
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (npf:String) [Get-Service], ServiceCommandException
    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
 


*************************************************
Install Info:
*************************************************
Please refer to: C:\Program Files\Npcap\install.log

install.log:

Call: 452
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Jump: 546
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Jump: 593
Jump: 622
detailprint: Current date: 2020-06-18 13:05:08
Call: 1001
Jump: 1033
Jump: 1036
detailprint: Windows CurrentVersion: 10.0.18362 (Win10)
Call: 62
Call: 1193
IfFileExists: file "C:\WINDOWS\system32\Packet.dll" does not exist, jumping 196
Call: 197
Jump: 214
Jump: 231
Call: 235
Jump: 325
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 117
Call: 1462
File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\modern-header.bmp"
File: wrote 70976 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\modern-header.bmp"
WriteINIStr: wrote [Field 1] State=0 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 715
WriteINIStr: wrote [Field 2] State=0 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 728
WriteINIStr: wrote [Field 3] State=0 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 741
WriteINIStr: wrote [Field 4] State=1 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 758
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll"
File: wrote 23712 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll"
Jump: 776
Jump: 781
New install of "Npcap 0.9994" to "C:\Program Files\Npcap"
Section: "WinPcap"
Call: 1244
detailprint: Stopping the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: wrote 71840 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
CreateDirectory: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\NPFInstall.exe"
Call: 808
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
Call: 1036
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 10302 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 267856 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1365
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1085
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 80672 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10934 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8657 to "C:\Program Files\Npcap\npcap.inf"
Jump: 1095
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2402 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1047
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Call: 1074
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1156
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1167
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 806
Call: 1105
detailprint: Clearing Npcap entries from driver store
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
Jump: 1150
detailprint: The npcap service was successfully created
Jump: 1156
detailprint: Writing service options to registry
Call: 1190
Call: 1167
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "LoopbackSupport"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "DltNull"="0x00000001"
WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Edition"="Npcap"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Dot11Support"="0x00000001"
Jump: 1180
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "VlanSupport"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "WinPcapCompatible"="0x00000001"
Jump: 1190
Call: 1253
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004"
Call: 1221
detailprint: Starting the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll" (overwriteflag=1)
Jump: 1420
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="0.9994"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="9994"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="CheckStatus.bat"
File: wrote 862 to "C:\Program Files\Npcap\CheckStatus.bat"
detailprint: Creating npcapwatchdog scheduled task
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
Jump: 38
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll" (overwriteflag=1)
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\final.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\modern-header.bmp")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\")
Call: 452
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Jump: 546
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Jump: 593
Jump: 622
detailprint: Current date: 2020-06-18 17:37:03
Call: 1001
Jump: 1033
Jump: 1036
detailprint: Windows CurrentVersion: 10.0.19041 (Win10)
Call: 62
Call: 1193
Jump: 1209
Jump: 1221
IfFileExists: file "C:\WINDOWS\system32\Packet.dll" exists, jumping 0
Call: 80
Jump: 103
Jump: 113
Call: 117
Jump: 184
Call: 117
Jump: 173
Call: 197
Jump: 214
Jump: 231
Call: 235
Jump: 325
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 117
Jump: 173
Call: 117
Jump: 173
MessageBox: 292,"Npcap 0.9994 is already installed. Reinstall (possibly with different options)?"
Call: 1462
File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\modern-header.bmp"
File: wrote 70976 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\modern-header.bmp"
WriteINIStr: wrote [Field 1] State=0 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 715
WriteINIStr: wrote [Field 2] State=0 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 728
WriteINIStr: wrote [Field 3] State=1 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 741
WriteINIStr: wrote [Field 4] State=1 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 758
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll"
File: wrote 23712 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll"
Jump: 776
Jump: 781
New install of "Npcap 0.9994" to "C:\Program Files\Npcap"
Section: "WinPcap"
Call: 1244
detailprint: Stopping the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: wrote 71840 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
CreateDirectory: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\NPFInstall.exe"
IfFileExists: file "C:\Program Files\Npcap\uninstall.exe" exists, jumping 0
Jump: 1308
Call: 841
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
Delete: "C:\Program Files\Npcap\uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Call: 808
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
Call: 1036
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 10302 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 267856 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1365
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1085
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 80672 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10934 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8657 to "C:\Program Files\Npcap\npcap.inf"
Jump: 1095
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2402 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1047
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Call: 1074
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1156
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1167
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 806
Call: 1105
detailprint: Clearing Npcap entries from driver store
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
Jump: 1150
detailprint: The npcap service was successfully created
Jump: 1156
detailprint: Writing service options to registry
Call: 1190
Call: 1167
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "LoopbackSupport"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "DltNull"="0x00000001"
WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Edition"="Npcap"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Dot11Support"="0x00000001"
Jump: 1180
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "VlanSupport"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "WinPcapCompatible"="0x00000001"
Jump: 1190
Call: 1253
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004"
Call: 1221
detailprint: Starting the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll" (overwriteflag=1)
Jump: 1420
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="0.9994"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="9994"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="CheckStatus.bat"
File: wrote 862 to "C:\Program Files\Npcap\CheckStatus.bat"
detailprint: Creating npcapwatchdog scheduled task
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
Jump: 38
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll"
File: skipped: "C:\Users\gjz010\

AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll" (overwriteflag=1)
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\final.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\modern-header.bmp")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\")

Minidump file:

062120-20031-01.zip

The text was updated successfully, but these errors were encountered:

dmiller-nmap · 2020-06-22T21:07:18Z

Thanks for this report! This crash happens when there are packets waiting in the kernel buffer to be retrieved with pcap_next_ex() or pcap_dispatch()/pcap_loop() and the NDIS filter module is detached (e.g. the adapter is removed or the system is suspended). The filter module's resources are released, which includes the local copy of packet data that capture handles (Open instances) reference in their buffer queues. A subsequent packet read event will try to access those structures and cause the bugcheck you experienced.

I will work on a fix for this issue. Probably we will either have to copy the data over to a different place or we will have to allocate it from a pool at the driver level instead of at the filter module level.

dmiller-nmap closed this as completed in eb885f3 Jun 24, 2020

dmiller-nmap mentioned this issue Jul 13, 2020

Guaranteed BSOD if disable interface whilst dumping in Windows 10 #202

Closed

dmiller-nmap mentioned this issue Aug 5, 2020

Npcap 0.993 OEM: Silent installer stuck in install/uninstall loop #219

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Npcap Bug Report: Green-screened BSoD on Windows Insider #194

Npcap Bug Report: Green-screened BSoD on Windows Insider #194

gjz010 commented Jun 21, 2020

dmiller-nmap commented Jun 22, 2020

Npcap Bug Report: Green-screened BSoD on Windows Insider #194

Npcap Bug Report: Green-screened BSoD on Windows Insider #194

Comments

gjz010 commented Jun 21, 2020

dmiller-nmap commented Jun 22, 2020