Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory leak when sending packets on Windows10 (since npcap v1.76) #688

Closed
omgtehlion opened this issue Aug 10, 2023 · 8 comments
Closed

memory leak when sending packets on Windows10 (since npcap v1.76) #688

omgtehlion opened this issue Aug 10, 2023 · 8 comments

Comments

@omgtehlion
Copy link

omgtehlion commented Aug 10, 2023
edited

Describe the bug
Npcap leaks kernel memory when sending packets via pcap_sendqueue_transmit or PacketSendPackets.
Affected: v1.76 on windows 10.
v1.75 does not leak memory

To Reproduce
Steps to reproduce the behavior:

  1. install npcap v1.76
  2. compile and run Examples/sendcap/sendcap.c
  3. open TaskManager and see memory leaking
  4. memory not accounted to any user-mode process, nor to System
  5. leaked memory not reclaimed on either process restart, nor on driver stop/start/uninstall, only on full reboot

Expected behavior
Kernel memory should not leak when sending packets. npcap v1.75 works fine

Screenshots
image

Diagnostic information 

         Operating System: Windows 10 Enterprise LTSC 64-bit (10.0, Build 19044) (19041.vb_release.191206-1406)

*************************************************
DiagReport for Npcap ( https://npcap.com )
*************************************************
Script Architecture:		64-bit
Script Path:			C:\Program Files\Npcap\DiagReport.ps1
Current Time:			08/10/2023 04:10:45
Npcap install path:		C:\Program Files\Npcap
Npcap Version:			1.76
PowerShell Version:		5.1.19041.3031


*************************************************
OS Info:
*************************************************


Caption                 : Microsoft Windows 10 Enterprise LTSC
BuildNumber             : 19044
Locale                  : 0419
MUILanguages            : {en-US}
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
ServicePackMinorVersion : 0
SystemDirectory         : C:\Windows\system32
Version                 : 10.0.19044





*************************************************
CPU Info:
*************************************************


Name                      : 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz
Manufacturer              : GenuineIntel
DeviceID                  : CPU0
NumberOfCores             : 4
NumberOfEnabledCore       : 4
NumberOfLogicalProcessors : 4
Addresswidth              : 64





*************************************************
Memory Info:
*************************************************
Size:				32487 MB (34065145856 Bytes)


*************************************************
Network Adapter(s) Info:
*************************************************


Caption             : [00000001] Intel(R) Wi-Fi 6 AX201 160MHz
GUID                : {AE2D673E-9EF1-4B1D-B276-2ED4AE72394B}
Index               : 1
InterfaceIndex      : 22
Manufacturer        : Intel Corporation
MACAddress          : 10:3D:1C:EA:67:AD
Speed               : 554850000
NetConnectionID     : Wi-Fi
NetConnectionStatus : 2
PNPDeviceID         : PCI\VEN_8086&DEV_A0F0&SUBSYS_00708086&REV_20\3&11583659&0&A3
ServiceName         : Netwtw10
AdapterType         : Ethernet 802.3

Caption             : [00000002] WireGuard Tunnel
GUID                : {6B77769F-3847-E57D-409A-3E6CEC8DC1AB}
Index               : 2
InterfaceIndex      : 52
Manufacturer        : WireGuard LLC
MACAddress          : 
Speed               : 100000000000
NetConnectionID     : <censored>
NetConnectionStatus : 2
PNPDeviceID         : SWD\WIREGUARD\{6B77769F-3847-E57D-409A-3E6CEC8DC1AB}
ServiceName         : WireGuard
AdapterType         : 

Caption             : [00000012] WireGuard Tunnel
GUID                : {A92A1B10-8C8A-CC60-2B60-2C18E53913B1}
Index               : 12
InterfaceIndex      : 56
Manufacturer        : WireGuard LLC
MACAddress          : 
Speed               : 100000000000
NetConnectionID     : <censored>
NetConnectionStatus : 2
PNPDeviceID         : SWD\WIREGUARD\{A92A1B10-8C8A-CC60-2B60-2C18E53913B1}
ServiceName         : WireGuard
AdapterType         : 

Caption             : [00000015] TAP-Windows Adapter V9
GUID                : {53D23F9F-AA98-4B3D-9AE1-250AA36B157D}
Index               : 15
InterfaceIndex      : 14
Manufacturer        : TAP-Windows Provider V9
MACAddress          : 00:FF:53:D2:3F:9F
Speed               : 1000000000
NetConnectionID     : OpenVPN TAP-Windows6
NetConnectionStatus : 7
PNPDeviceID         : ROOT\NET\0001
ServiceName         : tap0901
AdapterType         : Ethernet 802.3

Caption             : [00000018] ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter
GUID                : {3110282B-2252-430D-8BF0-BB19AB8945D0}
Index               : 18
InterfaceIndex      : 13
Manufacturer        : ASIX
MACAddress          : F0:1E:34:11:AB:30
Speed               : 1000000000
NetConnectionID     : Ethernet 6
NetConnectionStatus : 2
PNPDeviceID         : USB\VID_0B95&PID_1790\000000000000?A
ServiceName         : AX88179
AdapterType         : Ethernet 802.3

Caption             : [00000020] VirtualBox Host-Only Ethernet Adapter
GUID                : {0E92C1C8-52B0-45BC-AFC6-2F316E1944AC}
Index               : 20
InterfaceIndex      : 6
Manufacturer        : Oracle Corporation
MACAddress          : 0A:00:27:00:00:06
Speed               : 1000000000
NetConnectionID     : VirtualBox Host-Only Network
NetConnectionStatus : 2
PNPDeviceID         : ROOT\NET\0002
ServiceName         : VBoxNetAdp
AdapterType         : Ethernet 802.3





*************************************************
NDIS Light-Weight Filter (LWF) Info:
*************************************************
HKLM:\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\*:


InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_bridge
Description      : @%SystemRoot%\system32\bridgeres.dll,-2
InfPath          : netbrdg.inf
InfSection       : Install
LocDescription   : @%SystemRoot%\system32\bridgeres.dll,-2

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_wfplwf_lower
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6006
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_Lower_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6006

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 40
ComponentId      : ms_netbios
Description      : @%windir%\system32\drivers\netbios.sys,-501
InfPath          : netnb.inf
InfSection       : NetBIOS.ndi
LocDescription   : @%windir%\system32\drivers\netbios.sys,-501

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262200
ComponentId      : ms_ndiscap
Description      : @%windir%\System32\drivers\ndiscap.sys,-5000
InfPath          : ndiscap.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\ndiscap.sys,-5000

InstallTimeStamp : {221, 7, 12, 0...}
ComponentId      : ms_server
Description      : @%systemroot%\system32\srvsvc.dll,-109
InfPath          : Netserv.inf
InfSection       : Install.ndi
LocDescription   : @%systemroot%\system32\srvsvc.dll,-109

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_vwifi
Description      : @%windir%\System32\drivers\vwififlt.sys,-105
InfPath          : netvwififlt.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\vwififlt.sys,-105

InstallTimeStamp : {230, 7, 5, 0...}
Characteristics  : 262144
ComponentId      : oracle_VBoxNetLwf
Description      : @oem102.inf,%vboxnetlwf_desc%;VirtualBox NDIS6 Bridged Networking Driver
InfPath          : oem102.inf
InfSection       : VBoxNetLwf.ndi
LocDescription   : @oem102.inf,%vboxnetlwf_desc%;VirtualBox NDIS6 Bridged Networking Driver

InstallTimeStamp : {231, 7, 8, 0...}
Characteristics  : 262144
ComponentId      : INSECURE_NPCAP
Description      : @oem107.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)
InfPath          : oem107.inf
InfSection       : FilterStandard
LocDescription   : @oem107.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_pacer
Description      : @%windir%\System32\drivers\pacer.sys,-101
InfPath          : netpacer.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\pacer.sys,-101

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_wfplwf_upper
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6005
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_Upper_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6005

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_nativewifip
Description      : @%windir%\System32\drivers\nwifi.sys,-101
InfPath          : netnwifi.inf
InfSection       : MS_NWIFI.Install
LocDescription   : @%windir%\System32\drivers\nwifi.sys,-101

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_wfplwf_vswitch
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6004
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_vSwitch_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6004




Name                           DisplayName                                        ComponentID          Enabled     
----                           -----------                                        -----------          -------     
Wi-Fi                          Npcap Packet Driver (NPCAP)                        INSECURE_NPCAP       True        
<censored>                  Npcap Packet Driver (NPCAP)                        INSECURE_NPCAP       True        
<censored>                    Npcap Packet Driver (NPCAP)                        INSECURE_NPCAP       True        
OpenVPN TAP-Windows6           Npcap Packet Driver (NPCAP)                        INSECURE_NPCAP       True        
Ethernet 6                     Npcap Packet Driver (NPCAP)                        INSECURE_NPCAP       True        
VirtualBox Host-Only Network   Npcap Packet Driver (NPCAP)                        INSECURE_NPCAP       True        


*************************************************
File Info:
*************************************************

LastWriteTime : 11/22/2022 10:25:50 PM
Length        : 815
Name          : CheckStatus.bat


LastWriteTime : 8/10/2023 4:10:45 AM
Length        : 0
Name          : DiagReport-20230810-041045.txt


LastWriteTime : 11/22/2022 10:25:50 PM
Length        : 1073
Name          : DiagReport.bat


LastWriteTime : 11/22/2022 10:25:50 PM
Length        : 18078
Name          : DiagReport.ps1


LastWriteTime : 11/22/2022 10:25:50 PM
Length        : 2513
Name          : FixInstall.bat


LastWriteTime : 8/10/2023 4:06:43 AM
Length        : 58514
Name          : install.log


LastWriteTime : 7/18/2023 8:08:52 PM
Length        : 11784
Name          : LICENSE


LastWriteTime : 7/19/2023 7:42:12 PM
Length        : 12676
Name          : npcap.cat


LastWriteTime : 7/19/2023 7:42:12 PM
Length        : 9002
Name          : npcap.inf


LastWriteTime : 7/19/2023 7:42:12 PM
Length        : 77736
Name          : npcap.sys


LastWriteTime : 7/19/2023 7:42:12 PM
Length        : 2435
Name          : npcap_wfp.inf


LastWriteTime : 7/19/2023 7:03:24 PM
Length        : 308096
Name          : NPFInstall.exe


LastWriteTime : 8/10/2023 4:05:10 AM
Length        : 322026
Name          : NPFInstall.log


LastWriteTime : 7/19/2023 7:44:04 PM
Length        : 1081032
Name          : Uninstall.exe


Path          : C:\Program Files\Npcap\npcap.cat
Status        : Valid
StatusMessage : Signature verified.
Thumbprint    : FAC666005546D6BE881A31C1267717879401A950


Path          : C:\Program Files\Npcap\npcap.inf
Status        : Valid
StatusMessage : Signature verified.
Thumbprint    : FAC666005546D6BE881A31C1267717879401A950


Path          : C:\Program Files\Npcap\npcap.sys
Status        : Valid
StatusMessage : Signature verified.
Thumbprint    : FAC666005546D6BE881A31C1267717879401A950


Path          : C:\Program Files\Npcap\NPFInstall.exe
Status        : Valid
StatusMessage : Signature verified.
Thumbprint    : 7EB563C57DEB8DA3166A35F265BAB1A1C0A088D2


Path          : C:\Program Files\Npcap\Uninstall.exe
Status        : Valid
StatusMessage : Signature verified.
Thumbprint    : 7EB563C57DEB8DA3166A35F265BAB1A1C0A088D2


LastWriteTime : 7/19/2023 7:03:30 PM
Length        : 156544
Name          : NpcapHelper.exe


LastWriteTime : 7/19/2023 7:03:22 PM
Length        : 220032
Name          : Packet.dll


LastWriteTime : 7/19/2023 7:03:32 PM
Length        : 266624
Name          : WlanHelper.exe


LastWriteTime : 7/19/2023 7:03:26 PM
Length        : 491392
Name          : wpcap.dll


LastWriteTime : 7/19/2023 7:03:30 PM
Length        : 156544
Name          : NpcapHelper.exe


LastWriteTime : 7/19/2023 7:03:22 PM
Length        : 220032
Name          : Packet.dll


LastWriteTime : 7/19/2023 7:03:32 PM
Length        : 266624
Name          : WlanHelper.exe


LastWriteTime : 7/19/2023 7:03:26 PM
Length        : 491392
Name          : wpcap.dll


LastWriteTime : 7/19/2023 7:03:14 PM
Length        : 129920
Name          : NpcapHelper.exe


LastWriteTime : 7/19/2023 7:03:06 PM
Length        : 174464
Name          : Packet.dll


LastWriteTime : 7/19/2023 7:03:16 PM
Length        : 216448
Name          : WlanHelper.exe


LastWriteTime : 7/19/2023 7:03:12 PM
Length        : 420224
Name          : wpcap.dll


LastWriteTime : 7/19/2023 7:03:14 PM
Length        : 129920
Name          : NpcapHelper.exe


LastWriteTime : 7/19/2023 7:03:06 PM
Length        : 174464
Name          : Packet.dll


LastWriteTime : 7/19/2023 7:03:16 PM
Length        : 216448
Name          : WlanHelper.exe


LastWriteTime : 7/19/2023 7:03:12 PM
Length        : 420224
Name          : wpcap.dll



*************************************************
WinPcap Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\WinPcap:
Not present.


*************************************************
Registry Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\Npcap:


AdminOnly         : 0
WinPcapCompatible : 1
(default)         : C:\Program Files\Npcap



HKLM:\SYSTEM\CurrentControlSet\Services\npcap:


Type               : 1
Start              : 1
ErrorControl       : 1
Tag                : 38
ImagePath          : \SystemRoot\system32\DRIVERS\npcap.sys
DisplayName        : @oem107.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
Group              : NDIS
Description        : @oem107.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
NdisMajorVersion   : 6
NdisMinorVersion   : 50
DriverMajorVersion : 1
DriverMinorVersion : 76



HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters:


LoopbackSupport              : 1
DltNull                      : 1
Edition                      : Npcap
AdminOnly                    : 0
Dot11Support                 : 0
NdisImPlatformBindingOptions : 2
DefaultFilterSettings        : 1
VlanSupport                  : 0
WinPcapCompatible            : 1



HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi:


Start        : 4



HKLM:\SYSTEM\CurrentControlSet\Services\npf:
Not present.
HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters:
Not present.
HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:
Not present.


*************************************************
Service Info:
*************************************************

Status      : Running
Name        : npcap
DisplayName : Npcap Packet Driver (NPCAP)

Get-Service : Cannot find any service with service name 'npf'.
At C:\Program Files\Npcap\DiagReport.ps1:214 char:1
+ Get-Service npf
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (npf:String) [Get-Service], ServiceCommandException
    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
 


*************************************************
Install Info:
*************************************************
Please refer to: C:\Program Files\Npcap\install.log

@SkyEmie
Copy link

SkyEmie commented Aug 25, 2023

Hi,

I've also noticed the same thing with version 1.76 (on Win11)
Non paged pool memory increases significantly, especially visible when a large number of packets are transiting.
By reverting to 1.75, the problem disappears.

nppool.mp4

@dmiller-nmap
Copy link
Contributor

One potential case handled in 93a968d, but I need to go through Write.c to check the send path, too.

@thiemel
Copy link

thiemel commented Sep 15, 2023
edited

Hi,

I've also noticed the same thing with version 1.76 (on Win11) Non paged pool memory increases significantly, especially visible when a large number of packets are transiting. By reverting to 1.75, the problem disappears.
nppool.mp4

Same problem here. Windows 11. Installed NMAP 7.94 and latest NPCAP 1.76. After nmap scan (-Pn) of cca 400 of IP addresses the Windows started to have free memory problem and froze completely. I found this thread - I uninstalled NPCAP 1.76 and installed the one bundled in nmap installer (NPCAP 1.75) and everything works without any problem, now.

@dmiller-nmap
Copy link
Contributor

I cannot replicate this issue, so I need some further details to narrow the search. The fix I previously mentioned would only cause leaks of allocations in the NpPD memory tag, and only when system resources are already low, so it doesn't match the video posted by @SkyEmie, which also shows many outstanding allocations of the NpCD and NpNB tags.

The information I need:

  1. DiagReport output.
  2. Information about the capture file used with sendcap.exe: file size, number of packets, etc.
  3. Poolmon output/screenshot after sendcap has finished, without any processes using Npcap (e.g. Wireshark).
  4. @SkyEmie please clarify how Npcap is being used during your video: sendcap, Wireshark, etc.? Does the memory usage drop again after the program is closed or if you run net stop npcap?

@Cabaalist
Copy link

Hi,
Seems issue persist on 1.77, We use npcap in API Mode. The leak is less than with 1.76 (1/4 rate). (When I remove npcap, no RAM Over usage)

@Accurio
Copy link

Accurio commented Oct 18, 2023

Npcap Nonpaged Pool Memory Leak

See also: Npcap Driver Nonpaged Pool Memory Leak · Issue #38 · SeaLoong/drcom4scut · GitHub

Description

After drcom4scut established the EAP session, the frames stored by the Npcap driver will not not be released until reboot, and the nonpaged pool used by the Npcap driver increases with the increase of the amount of data transferred over the network.

This problem occurs only if the version of Npcap is 1.76 or 1.77, other version of the library such as WinPcap 4.1.3, Npcap 1.71, Npcap 1.75 do not.

Reproduction

  1. Install Npcap 1.76 or 1.77.

  2. Download and unzip drcom4scut 0.3.0.

  3. New a text document and rename to config.yml, put the following code into config.yml.

mac:  # the MAC address of the interface used to reproduce
ip:  # the IP address of the interface used to reproduce
username: username
password: password
log:
  enable_file: false

  1. Start to monitor the memory, poolmon.exe -u -p -g pooltag.txt.

  2. Run drcom4scut.exe, and the output on the console should like the following. drcom4scut.exe is waiting for an EAP Request frame. Keep the program running.

[2023-10-18 12:00:00][INFO][main] Start to run...
[2023-10-18 12:00:00][INFO][main] Ethernet Device: # your device id
[2023-10-18 12:00:00][INFO][main] MAC address: # your MAC address
[2023-10-18 12:00:00][INFO][main] IP Address/Prefix: # your IP address
…
[2023-10-18 12:00:00][INFO][EAP-Process] Create EAP Process.
[2023-10-18 12:00:00][INFO][EAP-Process] Start EAP Process.
[2023-10-18 12:00:00][INFO][EAP-Process] Send Logoff packet.
[2023-10-18 12:00:02][INFO][EAP-Process] Send Start packet.
  1. Make some network transfers, such as file downloads and speed tests. Also, keep an eye out for poolmon.
    The expected behavior is the the nonpaged pool used by Npcap will greatly increase.

PoolMon

  1. Install Npcap 1.75, and repeat step 5 and 6.
    The expected behavior is the the nonpaged pool used by Npcap will remain flat.

Diagnostic

DiagReport 
*************************************************
DiagReport for Npcap ( https://npcap.com )
*************************************************
Script Architecture:	64-bit
Script Path:		C:\Program Files\Npcap\DiagReport.ps1
Current Time:		10/18/2023 13:30:00
Npcap install path:	C:\Program Files\Npcap
Npcap Version:		1.77
PowerShell Version:	5.1.19041.3570

*************************************************
OS Info:
*************************************************
Caption                 : Microsoft Windows 10 企业版
BuildNumber             : 19045
Locale                  : 0804
MUILanguages            : {zh-CN, en-US}
OSArchitecture          : 64 位
ServicePackMajorVersion : 0
ServicePackMinorVersion : 0
SystemDirectory         : C:\Windows\System32
Version                 : 10.0.19045

*************************************************
CPU Info:
*************************************************
Name                      : Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Manufacturer              : GenuineIntel
DeviceID                  : CPU0
NumberOfCores             : 4
NumberOfEnabledCore       : 4
NumberOfLogicalProcessors : 8
Addresswidth              : 64

*************************************************
Memory Info:
*************************************************
Size:	16284 MB (17074765824 Bytes)

*************************************************
Network Adapter(s) Info:
*************************************************
Caption             : [00000001] Realtek USB GbE Family Controller
GUID                : {640FEA1D-6809-4305-A71D-67A27D6A7B8D}
Index               : 1
InterfaceIndex      : 11
Manufacturer        : Realtek
MACAddress          : 30:7B:AC:54:2B:DE
Speed               : 9223372036854775807
NetConnectionID     : DA200
NetConnectionStatus : 0
PNPDeviceID         : USB\VID_0BDA&PID_8153\0003D0000000
ServiceName         : rtump64x64
AdapterType         : 以太网 802.3

Caption             : [00000002] Bluetooth Device (Personal Area Network)
GUID                : {3CBAFCE6-69D0-4E53-82FB-F713ABE4AB67}
Index               : 2
InterfaceIndex      : 9
Manufacturer        : Microsoft
MACAddress          : 
Speed               : 
NetConnectionID     : 蓝牙网络连接
NetConnectionStatus : 4
PNPDeviceID         : BTH\MS_BTHPAN\6&D112DBF&0&2
ServiceName         : BthPan
AdapterType         : 

Caption             : [00000003] Intel(R) Wi-Fi 6 AX200 160MHz
GUID                : {A90C6DBB-577D-4583-BE85-26D76CA52B3D}
Index               : 3
InterfaceIndex      : 18
Manufacturer        : Intel Corporation
MACAddress          : xx:xx:xx:xx:xx:xx
Speed               : 175000000
NetConnectionID     : AX200
NetConnectionStatus : 2
PNPDeviceID         : PCI\VEN_8086&DEV_2723&SUBSYS_00848086&REV_1A\4&1385BB4B&0&00E0
ServiceName         : Netwtw10
AdapterType         : 以太网 802.3

Caption             : [00000005] Hyper-V Virtual Ethernet Adapter
GUID                : {616E0EF8-CADC-46E7-836C-9AAF990CA659}
Index               : 5
InterfaceIndex      : 25
Manufacturer        : Microsoft
MACAddress          : 00:15:5D:6E:50:B1
Speed               : 10000000000
NetConnectionID     : vEthernet (Default Switch)
NetConnectionStatus : 2
PNPDeviceID         : ROOT\VMS_MP\0000
ServiceName         : VMSNPXYMP
AdapterType         : 以太网 802.3

*************************************************
NDIS Light-Weight Filter (LWF) Info:
*************************************************
HKLM:\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\*:

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_bridge
Description      : @%SystemRoot%\system32\bridgeres.dll,-2
InfPath          : netbrdg.inf
InfSection       : Install
LocDescription   : @%SystemRoot%\system32\bridgeres.dll,-2

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_wfplwf_lower
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6006
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_Lower_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6006

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 40
ComponentId      : ms_netbios
Description      : @%windir%\system32\drivers\netbios.sys,-501
InfPath          : netnb.inf
InfSection       : NetBIOS.ndi
LocDescription   : @%windir%\system32\drivers\netbios.sys,-501

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262200
ComponentId      : ms_ndiscap
Description      : @%windir%\System32\drivers\ndiscap.sys,-5000
InfPath          : ndiscap.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\ndiscap.sys,-5000

InstallTimeStamp : {230, 7, 12, 0...}
Characteristics  : 16512
ComponentId      : vmware_bridge
Description      : @oem53.inf,%vmware_desc%;VMware Bridge Protocol
InfPath          : oem53.inf
InfSection       : VMnetBridge.Install
LocDescription   : @oem53.inf,%vmware_desc%;VMware Bridge Protocol

InstallTimeStamp : {221, 7, 12, 0...}
ComponentId      : ms_server
Description      : @%systemroot%\system32\srvsvc.dll,-109
InfPath          : Netserv.inf
InfSection       : Install.ndi
LocDescription   : @%systemroot%\system32\srvsvc.dll,-109

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : vms_vsf
Description      : @%windir%\System32\drivers\vmswitch.sys,-60005
InfPath          : wvms_vsft.inf
InfSection       : VMSVSF.ndi
LocDescription   : @%windir%\System32\drivers\vmswitch.sys,-60005

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_vwifi
Description      : @%windir%\System32\drivers\vwififlt.sys,-105
InfPath          : netvwififlt.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\vwififlt.sys,-105

InstallTimeStamp : {230, 7, 6, 0...}
Characteristics  : 262144
ComponentId      : ms_netmon
Description      : @netnm3.inf,%nm3_desc%;Microsoft Network Monitor 3 Driver
InfPath          : netnm3.inf
InfSection       : Install
LocDescription   : @netnm3.inf,%nm3_desc%;Microsoft Network Monitor 3 Driver

InstallTimeStamp : {231, 7, 10, 0...}
Characteristics  : 262144
ComponentId      : INSECURE_NPCAP
Description      : @oem89.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)
InfPath          : oem89.inf
InfSection       : FilterStandard
LocDescription   : @oem89.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_pacer
Description      : @%windir%\System32\drivers\pacer.sys,-101
InfPath          : netpacer.inf
InfSection       : Install
LocDescription   : @%windir%\System32\drivers\pacer.sys,-101

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_wfplwf_upper
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6005
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_Upper_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6005

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_nativewifip
Description      : @%windir%\System32\drivers\nwifi.sys,-101
InfPath          : netnwifi.inf
InfSection       : MS_NWIFI.Install
LocDescription   : @%windir%\System32\drivers\nwifi.sys,-101

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_wfplwf_vswitch
Description      : @%windir%\System32\drivers\wfplwfs.sys,-6004
InfPath          : wfplwfs.inf
InfSection       : WfpLwf_vSwitch_Install
LocDescription   : @%windir%\System32\drivers\wfplwfs.sys,-6004

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262184
ComponentId      : ms_vfpext
Description      : Microsoft Azure VFP Switch Extension
InfPath          : vfpext.inf
InfSection       : Install
LocDescription   : Microsoft Azure VFP Switch Extension

InstallTimeStamp : {221, 7, 12, 0...}
Characteristics  : 262144
ComponentId      : ms_l2bridge
Description      : @%SystemRoot%\System32\drivers\l2bridge.sys,-5000
InfPath          : l2bridge.inf
InfSection       : Install
LocDescription   : @%SystemRoot%\System32\drivers\l2bridge.sys,-5000

Name                          DisplayName                    ComponentID       Enabled
----                          -----------                    -----------       -------
AX200                         Npcap Packet Driver (NPCAP)    INSECURE_NPCAP    True
DA200                         Npcap Packet Driver (NPCAP)    INSECURE_NPCAP    True
vEthernet (Default Switch)    Npcap Packet Driver (NPCAP)    INSECURE_NPCAP    True
蓝牙网络连接                  Npcap Packet Driver (NPCAP)    INSECURE_NPCAP    True

*************************************************
File Info:
*************************************************

LastWriteTime : 2022/11/23 3:25:50
Length        : 815
Name          : CheckStatus.bat

LastWriteTime : 2022/11/23 3:25:50
Length        : 1073
Name          : DiagReport.bat

LastWriteTime : 2022/11/23 3:25:50
Length        : 18078
Name          : DiagReport.ps1

LastWriteTime : 2022/11/23 3:25:50
Length        : 2513
Name          : FixInstall.bat

LastWriteTime : 2023/10/18 12:04:45
Length        : 3462
Name          : install.log

LastWriteTime : 2023/07/19 1:08:52
Length        : 11784
Name          : LICENSE

LastWriteTime : 2023/09/27 23:05:50
Length        : 12824
Name          : npcap.cat

LastWriteTime : 2023/09/27 23:05:50
Length        : 9004
Name          : npcap.inf

LastWriteTime : 2023/09/27 23:05:50
Length        : 77776
Name          : npcap.sys

LastWriteTime : 2023/09/27 23:05:50
Length        : 2436
Name          : npcap_wfp.inf

LastWriteTime : 2023/09/27 4:15:16
Length        : 308096
Name          : NPFInstall.exe

LastWriteTime : 2023/10/18 11:48:22
Length        : 753474
Name          : NPFInstall.log

LastWriteTime : 2023/09/30 6:43:06
Length        : 1081032
Name          : Uninstall.exe

Path          : C:\Program Files\Npcap\npcap.cat
Status        : Valid
StatusMessage : 签名已通过验证。
Thumbprint    : FAC666005546D6BE881A31C1267717879401A950

Path          : C:\Program Files\Npcap\npcap.inf
Status        : Valid
StatusMessage : 签名已通过验证。
Thumbprint    : FAC666005546D6BE881A31C1267717879401A950

Path          : C:\Program Files\Npcap\npcap.sys
Status        : Valid
StatusMessage : 签名已通过验证。
Thumbprint    : FAC666005546D6BE881A31C1267717879401A950

Path          : C:\Program Files\Npcap\NPFInstall.exe
Status        : Valid
StatusMessage : 签名已通过验证。
Thumbprint    : 7EB563C57DEB8DA3166A35F265BAB1A1C0A088D2

Path          : C:\Program Files\Npcap\Uninstall.exe
Status        : Valid
StatusMessage : 签名已通过验证。
Thumbprint    : 7EB563C57DEB8DA3166A35F265BAB1A1C0A088D2

LastWriteTime : 2023/09/27 4:15:20
Length        : 156544
Name          : NpcapHelper.exe

LastWriteTime : 2023/09/27 4:15:12
Length        : 220032
Name          : Packet.dll

LastWriteTime : 2023/09/27 4:15:22
Length        : 266624
Name          : WlanHelper.exe

LastWriteTime : 2023/09/27 4:15:18
Length        : 491392
Name          : wpcap.dll

LastWriteTime : 2023/09/27 4:15:20
Length        : 156544
Name          : NpcapHelper.exe

LastWriteTime : 2023/09/27 4:15:12
Length        : 220032
Name          : Packet.dll

LastWriteTime : 2023/09/27 4:15:22
Length        : 266624
Name          : WlanHelper.exe

LastWriteTime : 2023/09/27 4:15:18
Length        : 491392
Name          : wpcap.dll

*************************************************
WinPcap Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\WinPcap:
Not present.

*************************************************
Registry Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\Npcap:
AdminOnly         : 0
WinPcapCompatible : 1
(default)         : C:\Program Files\Npcap

HKLM:\SYSTEM\CurrentControlSet\Services\npcap:
Type               : 1
Start              : 1
ErrorControl       : 1
Tag                : 53
ImagePath          : \SystemRoot\system32\DRIVERS\npcap.sys
DisplayName        : @oem89.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
Group              : NDIS
Description        : @oem89.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
NdisMajorVersion   : 6
NdisMinorVersion   : 50
DriverMajorVersion : 1
DriverMinorVersion : 77

HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters:
LoopbackSupport              : 1
DltNull                      : 1
Edition                      : Npcap
AdminOnly                    : 0
Dot11Support                 : 0
NdisImPlatformBindingOptions : 2
DefaultFilterSettings        : 1
VlanSupport                  : 0
WinPcapCompatible            : 1

HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi:
Start : 4

HKLM:\SYSTEM\CurrentControlSet\Services\npf:
Not present.

HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters:
Not present.

HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:
Not present.

*************************************************
Service Info:
*************************************************

Status      : StopPending
Name        : npcap
DisplayName : Npcap Packet Driver (NPCAP)

Get-Service : 找不到任何服务名称为“npf”的服务。
所在位置 C:\Program Files\Npcap\DiagReport.ps1:214 字符: 1
+ Get-Service npf
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (npf:String) [Get-Service], ServiceCommandException
    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand

*************************************************
Install Info:
*************************************************
Please refer to: C:\Program Files\Npcap\install.log

@dmiller-nmap dmiller-nmap mentioned this issue Oct 18, 2023
Closed
@dmiller-nmap
Copy link
Contributor

I have opened #701 for the memory leak in Npcap 1.77, which is distinct from this issue. We have a fix and expect to release soon, pending complete testing.

@Accurio
Copy link

Accurio commented Oct 21, 2023

Npcap Nonpaged Pool Memory Leak

See also: Npcap Driver Nonpaged Pool Memory Leak · Issue #38 · SeaLoong/drcom4scut · GitHub

Description

After drcom4scut established the EAP session, the frames stored by the Npcap driver will not not be released until reboot, and the nonpaged pool used by the Npcap driver increases with the increase of the amount of data transferred over the network.

This problem occurs only if the version of Npcap is 1.76 or 1.77, other version of the library such as WinPcap 4.1.3, Npcap 1.71, Npcap 1.75 do not.

No memory leak occurs in Npcap 1.78.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@omgtehlion @dmiller-nmap @thiemel @SkyEmie @Cabaalist @Accurio