Topic: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64  (Read 4392 times)

0 Members and 1 Guest are viewing this topic.

Tony4219

  • Chef
  • ***
  • Date Registered: Mar 2015
  • Posts: 134
Win10Pcap is a direct replacement for the older WinPcap 4.x industry-standard packet capture library, which no longer works in Windows 10 which requires NDIS v 6.x driver model. :ohmy: Version 10.2.5002 Oct 2015. Developed by Daiyuu Nobori.  Tested in Win10PESE x64 on X/Y usbstick.

This plugin is just an installer, but it installs FAST (much faster than running NetMon 3.4 post-boot) when you need it, and does not take up space in your boot.WIM. Stored on Y: until you install to X:
 
Normally, you install Win10Pcap first, accepting defaults to X:, then install or run WireShark (or other apps like some of NirSoft's network apps that require NetMon 3.x). In Winbuilder, it works to run the MSI installer post-boot (no reboot required), then run your previously-installed apps that require WinPcap.

Place this plugin in Apps, Network. Use with Wireshark, xArp, etc. Your NIC may or may not support promiscuous mode.

Tested with NIR-NetworkTrafficView, NIR-SmartSniff, NIR-DNSQuerySniffer, NIR-WhoIsConnectedSniffer, NIR-HTTPnetworkSniffer run using WinPcap radio button in promiscuous mode. And xArp 2.2.2.

Plugin attached. Open source license allows this.

Tony4219

==========================  edited 1/14/16 =======================
This is likely not going to work in a "base build". At a minimum, you might need to use:
1) BUILD, CopyFiles=Full
2) enabled ALL .NET frameworks and ALL VC++ runtimes plugins(as I don't know exactly WHICH framework it needs)
3) enabled MSI plugin
3) installed to X: from Y: on usbstick (got "must install to local hard drive error"  1 time out of 3 when installing from host's C: to X:)

Winpcap doesn't do anything by itself; it is a prerequisite for other network apps that require "Winpcap" to grab packets.
« Last Edit: January 14, 2016, 05:21:37 AM by Tony4219 »

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #1 on: January 13, 2016, 08:53:19 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
Hi Tony4219,

your plugin have 2 ancient syntax that will not work in some future.

We already avoid such things on plugins widely, and numbers decrease in time, and one day will be totally depricated.
Use PC Packed to create plugins.  :wink:

*
There can be a silent switch to install Win10Pcap automatically.  :wink:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #2 on: January 13, 2016, 09:07:26 AM »

Tony4219

  • Chef
  • ***
  • Date Registered: Mar 2015
  • Posts: 134
I will look into PCPacked to see how it does it. When I looked at a KYHI PCPacked plugin, found it hard to follow what is going on. But in meantime it does work on current  Builderx64  if anyone needs it.  Hey, only version 1    :smile:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #3 on: January 13, 2016, 09:22:22 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
Sure  :thumbsup:
It is good you published old syntax plugin so I can inform you., wherever you get such syntax.

"Plugin Creator" developed to ease creating working plugins, out of box, with most demanded features, no need to have difficulty to follow or create a plugin line by line. (God Bless bad old days) Even No need to read codes of a PC Packed plugin, plugin works fine.

You can create hundreds of working plugins with PC Packed in a short time, with available shortcut and RunFrom features.
 Even some options available on PC Packed that adds a little more features.

When you need more things after creating a plugin, than what is hard to follow to you now, will gain you great time to improve plugin,
 syntax developed to be ready for such development, flexibility:wink:

Shortly:
"PC Packed" serves to
 both simple user to create hundreds of app plugins (no need to read codes ;) ),
 and also to advanced users who need to improve plugins with other things.
 and side by side helps to avoid wrong syntax usage by a beginner.
   Flexibility  :cool:

:turtle:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #4 on: January 13, 2016, 12:11:05 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
Hi Tony4219,

Win10Pcap-v10.2-5002.msi fails here with a Basic build

Basic build: Default= \Build\ + \Shell\ + PostConfig + CreateISO

*
to test Win10Pcap
+ MSI Installer plugin

ila_rendered

:turtle:
« Last Edit: January 13, 2016, 12:12:03 PM by Lancelot »

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #5 on: January 13, 2016, 12:41:26 PM »

Tony4219

  • Chef
  • ***
  • Date Registered: Mar 2015
  • Posts: 134
Sorry it doesn[t work for you. It basically is a script with one executable. I don't remember if it is specific for x64 or not; I think you use x86 generally.  There is nothing in the script to choose Architecture. Everything I do is x64 here.

That does work on my full working (incl NAS) build.  It is possible something is contributed by another plugin.
I will send part of successful logfile

old  PENetwork v44
full monty .NET  2/3/3.5/4.6
all VC++ runtimes incl 2015
old network v38
FileCopy=Full
ALL personal plugins. If it works, I tend to keep it in even if I hardly use it. You never know.
drivers for SDHC cardreaders and other NICs used by HP laptops
extra plugins to record START, END times for a personal plugin (About..WPEX).
extra tweak plugins for Notepad, MMC, Postconfig
etc

I am not trying for smallness of build or ISO, only smallness of boot.wim so I try to put everything on 2nd partition of X/Y usb3stick.


Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #6 on: January 13, 2016, 12:51:34 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
I feel your troubles starts with wrong assumptions  :lol:
 I nearly always use x64 for tests.

Yes I am aware how you customize your builds from your previous posts,
 And yet another wrong assumption, I am not after smallness of build,
   I just say Win10Pcap msi installer do not work with a Basic Build (and Basic build is not based on smallness)
    Plugins working with a Basic Build assures it will work for everybody, that is the reason all plugins you use from servers always work nicely, so you can continue to an upper level of development. (which you do)


Anyway, I give my feedback, take it or not, life goes. :turtle:
« Last Edit: January 13, 2016, 12:52:36 PM by Lancelot »

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #7 on: January 13, 2016, 02:10:33 PM »

Tony4219

  • Chef
  • ***
  • Date Registered: Mar 2015
  • Posts: 134
I checked the website for Win10Pcap and the .MSI installer is  both 32/64.  I install to the default X: which is set to the max RAM in the build to 512MB. Nothing added to registry.

Attached is list of all my installed plugins. Many are not the latest versions as you can see.  Definitely not a basic build; everything but the kitchen sink !!  A few, like the 2 UnknownDevices plugins, don't work and will be deleted from Win10PESE soon. 

I will  try PC Packed on it; could there be some item you don't have running in the VM that I do, from the above.  My preliminary test was to see if the .MSI installer ran by itself in running WPEX. It did.

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #8 on: January 13, 2016, 10:03:14 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
could there be some item you don't have running in the VM that I do, from the above.

all info given on previous post.

Have fun, life goes. :turtle:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #9 on: January 14, 2016, 09:23:36 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
I appreciate that you test to make sure plugins work for every possible build.  :thumbsup:

However, I meant "I need to stop this (Win10Pcap) plugin development" meaning that, basically, it just runs an MSI installer and any plugin that requires ANY .NET framework or ANY VC++ runtime will fail the 'must run on base boot test' ! 

I don't even know which one (framework or runtime or other DLL) might be required at this point to run its MSI installer. So, I put explanation in the original post to clarify that there could be problems "might not work for you". If I find out, I'll surely post it.

I had similar prob with other apps in Builder. Finally, just selected ALL .NET and ALL VC++ which solves MANY of these issues ...  :smile:


You can also copy ALL \System32\ and ALL \SysWOW64\ files, which will solve MANY more of these issues dependency troubles.  :great:


Thanks for heads up to Win10Pcap ,
 I did not know WinPCap development stopped before Win10,
   and I did not know there is Win10PCap,
    now I know.

 life goes   :thumbsup:

:turtle:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #10 on: February 04, 2016, 05:27:27 AM »

Tony4219

  • Chef
  • ***
  • Date Registered: Mar 2015
  • Posts: 134
For those reading this far, Lancelot wrote a plugin for Winpcap/Win10Pcap posted here http://yomi.cwcodes.net/Yomi/AppY/Network/WinPcap.Script.

Thanks, Lancelot :clap:    This is beyond my skills (why I used the Installer instead of As-Installed )   :smile:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #11 on: February 04, 2016, 06:00:19 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
\Downloads\AppYGS\Network\WinPcap + Win10Pcap....

It is only adding setup...exe of WinPcap,

plugin is open to improvements following feedbacks, like unattanded switch for Win10Pcap or WinPcap

etc. etc...

:turtle:

Re: Windows 10 version of winpcap - Win10Pcap plugin for Win10PESE x64
« Reply #12 on: September 03, 2017, 12:47:36 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7386
Related to subject, new plugins on server and updated
Downloads\AppYGS\Network\'WinPcap + Win10Pcap'
--> updated to work out of box with Win10PESE Basic build

New plugins:
Downloads\AppYGS\Network\'Wireshark'
Downloads\AppYGS\Network\'Wireshark NT5x win32 - File'
Downloads\AppYGS\Network\'Wireshark NT5x win64 - File'
Downloads\AppYGS\Network\'Wireshark win32 - File'
Downloads\AppYGS\Network\'Wireshark win64 - File'

Also an interesting driver to be used with Wireshark
Downloads\AppYGS\System Tools\'USBCab'
ps: not tested in real life,
If required open USBCab console to reconnect usb devices.


:turtle:

 

Powered by EzPortal