desowin
commented
10 years ago Which version of Windows and USBPcap did you use?
Closed ColinPitrat closed 7 years ago
desowin
commented
10 years ago Which version of Windows and USBPcap did you use?
thudhead
commented
10 years ago I attempted to install USBpcap 1.0.6 on a 32 bit windows 7 machine. I uninstalled USB Pcap 1.0.2, then ran the 1.0.6 installer which 'failed' during install. After reboot, no USB devices were recognized. Recovered machine with a system restore.
ColinPitrat
commented
10 years ago I used USBpcap 1.0.0.6 on Windows 7 Enterprise SP 1, 64 bits
desowin
commented
10 years ago To manually recover from this issue it is possible to remove USBPcap from following registry entry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class{36FC9E60-C465-11CF-8056-444553540000}\UpperFilters
The problem happens when USBPcap service cannot start (most likely because USBPcap.sys is not present in System32\drivers directory).
Alternative recovery solution would be to copy the USBPcap.sys from USBPcap's installation directory into System32\drivers and reboot.
TwoXTwentyOne
commented
7 years ago I've installed v1.10 and after a reboot most of my system usb ports stopped working.
I had to pull it out via SCCM from nearly 30 desktops... very disappointing but nice finding, I wrecked two computers until I found this thread!
Models are Dell 990, Dell 9010, Dell 9020 G1 and G2 with Intel 6-7-8 USB3 chipsets.
RrnR
commented
7 years ago I have just had this issue. I updated Wireshark on a Toshiba laptop and added USBPCap. After the reboot - no USB devices, no mouse, no trackpad. I had no idea what the cause was. I didn't twig on the USBPCap connection - I just assumed the restart had randomly trashed my registry. I eventually got back on air by booting to a command prompt and copying the files at C:\Windows\System32\config\RegBack to C:\Windows\System32\config\ and then restarting normally. The RegBack folder holds a copy of the registry at the last successful boot. I took this approach because the device manager said it couldn't load the drivers because the registry was corrupted, so I reasoned that replacing it with the last known good copy would fix it. In fact I guess it fixed it because the backup of the registry was pre-USBPCap and didn't have any registry stuff for it.
The next day I repeated the excercise on my desktop Dell 8700. AArrgghhh! Same outcome, except I also had no keyboard. I could however TeamViewer across to the machine.
So, just a heads-up really. The problem is still there, and it must be causing people some considerable grief.
TwoXTwentyOne
commented
7 years ago I had usbpcap installed across 100 workstation... grief it caused indeed, the fix was just to simply uninstall that POS software and reboot.
On 3 November 2016 at 00:13, RrnR notifications@github.com wrote:
I have just had this issue. I updated Wireshark on a Toshiba laptop and added USBPCap. After the reboot - no USB devices, no mouse, no trackpad. I had no idea what the cause was. I didn't twig on the USBPCap connection - I just assumed the restart had randomly trashed my registry. I eventually got back on air by booting to a command prompt and copying the files at C:\Windows\System32\config\RegBack to C:\Windows\System32\config\ and then restarting normally. The RegBack folder holds a copy of the registry at the last successful boot. I took this approach because the device manager said it couldn't load the drivers because the registry was corrupted, so I reasoned that replacing it with the last known good copy would fix it. In fact I guess it fixed it because the backup of the registry was pre-USBPCap and didn't have any registry stuff for it.
The next day I repeated the excercise on my desktop Dell 8700. AArrgghhh! Same outcome, except I also had no keyboard. I could however TeamViewer across to the machine.
So, just a heads-up really. The problem is still there, and it must be causing people some considerable grief.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/desowin/usbpcap/issues/3#issuecomment-258061289, or mute the thread https://github.com/notifications/unsubscribe-auth/AUAC_ysttr7DKLR_JJe7lm5nMxHKm2nmks5q6V9ngaJpZM4BCpXR .
-Éric Sylvain Périard
“What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others.” -Pericles
"Ce que vous laissez en arrière n'est pas ce qui est gravé dans des monuments de pierre, mais ce que vous transcendez dans les vies d’autrui." -Péricle
RrnR
commented
7 years ago @desowin - Is there any possibility of documenting an installation procedure that isn't going to leave my machine with non-functional USB after the next restart? I'm not keen to try it again ;-). Presumably when installation is completed something still isn't right, but it doesn't become an issue until the next reboot, so would installing it, then making sure there is a copy of USBPCap.sys in C:\Windows\System\Drivers and then restarting be sufficient (I'm not asking for cast-iron guarantees ... - just trying understand why it fails).
aaicken
commented
7 years ago I've had the same problem when installing Wireshark but only when updating from an older version of USBPcap. I previously had a working version of Wireshark + USBPcap installed.
I installed the latest version of Wireshark and noticed that there was also a newer version of usbpcap available. There is no option in the Wireshark installer to remove the old usbpcap and then install a new version so I had to uninstall USBPcap manually.
The process I went through was:
When my PC rebooted, my USB no longer worked so I no longer had a working USB keyboard or mouse. I was eventually able to recover the system from a system restore point.
I believe the correct process should be:
It would be good if this could be enforced within the installer as it's awkward to try to recover the machine
MiaoHatola
commented
7 years ago IF THE ABOVE SOLUTIONS DIDN'T WORK FOR YOU, TRY THIS I've encountered this problem too. I want to share what worked for me. TL;DR: Apparently, in my case what worked was, instead of a reboot - a complete shutdown and then boot (When installing or uninstalling, both work).
No matter what I tried (uninstalling, reinstalling, registry edits, system restore...), nothing worked. Finally I tried reinstalling USBPcap without Wireshark and then I used shutdown instead of restart - Suddenly it worked! Then, I tried uninstalling and, again, used shutdown instead of restart and it worked again!
Hope this helps someone.
mihaijulien
commented
7 years ago Hello, I encountered the same issue, on a Windows 10 machine. I connected a PS2 keyboard and uninstalled USBPCap and removed the registry entry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class{36FC9E60-C465-11CF-8056-444553540000}\UpperFilters as @desowin suggested. Right after that, my usb mouse and keyboard started working again.
BDub74
commented
7 years ago I had the same issues with installing WireShark 2.2.4 with the USBPcap driver. Everything was fine until I rebooted my PC - No USB function what-so-ever! I tried removing the entry listed above in the registry, uninstalled Wireshark, reinstalling USB drivers and chipset drivers, Windows restored back a few days - nothing seemed to work EXCEPT for hitting F8 while booting Windows 7 and selecting "Disable Driver Signature Enforcement" - then all of my USB woes went away. As of now, I still have to hit F8 and select DDSE to boot with normal functionality. :(
desowin
commented
7 years ago @BDub74: Do you have KB3033929 installed?
I will give it another try to write driver installer from scratch instead of relying on the DefaultInstall/DefaultUninstall as the DefaultInstall/DefaultUninstall does not give enough flexibility when it comes to performing sanity checks.
Based on all these failure reports I think installer should prevent installation (and note that installation can proceed after reboot) if there is USBPcap in PendingFileRenameOperations (https://technet.microsoft.com/en-us/library/cc960241.aspx). After installing it should check (in that order) USBPcap.sys, Service, UpperFilters entry.
dhalbert
commented
7 years ago I suffered from this same problem after trying to update Wireshark and install USBPcap from it. I had existing separately-installed versions of Wireshark and USBPcap.
My system Restore Points did not work properly. I tried rebooting normally with a mouse with a USB-to-PS2 adapter, but it did not seem to work at first. Then I found the key point: use only the mouse; do not touch the USB keyboard. The mouse will work fine until you press a key on the keyboard, and then the mouse will stop working. I was able to uninstall both Wireshark and USBPcap from Settings with the mouse. Then I had to shutdown and restart twice before USB devices worked again.
desowin
commented
7 years ago I experienced this issue when testing 1.2.0.1 release candidate. The solution that worked was to navigate to C:\Program Files\USBPcap, right click on USBPcap.inf and select Install. Then after a reboot USB devices and USBPcap worked fine. I will check if I can reproduce this.
desowin
commented
7 years ago Unfortunately none of the System Restore points could let me reproduce the problem. I tried uninstalling and installing it a few times but the problem did not reappear.
BDub74
commented
7 years ago @desowin -Thanks for continually looking into this issue. I'm willing to try version 1.2.0.1 to see if it fixes my USB problems after reboot. Please let me know when you have something available for me and others to test out? Thank you.
desowin
commented
7 years ago I think I have found the way to reproduce this issue: 1.Have USBPcap installed on the system 2.Uninstall USBPcap using Add/Remove Programs 3.Install USBPcap again (without rebooting) - there will be error box about failed installation and USB drivers won't work after reboot
However, if step 2 is replaced by uninstall by double clicking on Uninstall.exe, then everything works fine.
If you notice the error box and don't want USB to stop working after reboot, simply start Uninstall.exe and remove USBPcap before rebooting.
Could you please check if you can reproduce this behaviour on your systems?
dhalbert
commented
7 years ago @desowin I think what happened is this:
I think that is equivalent to what you reproduced. I'm kind of unwilling to try this again casually because recovery was quite painful.
BDub74
commented
7 years ago However, if step 2 is replaced by uninstall by double clicking on Uninstall.exe, then everything works fine.
If you notice the error box and don't want USB to stop working after reboot, simply start Uninstall.exe and remove USBPcap before rebooting.
I'll try one more time with installing (1.0.7.0) and performing the manual uninstall (Uninstall.exe)... I'll report back.
BDub74
commented
7 years ago It still does not work for me.... Installing 1.0.7.0, rebooted, No USB funct. Rebooted, hit F8 & selected DDSE to boot up - had usb functioning fine. Manually ran the Uninstall.exe from program files directory and rebooted.
desowin
commented
7 years ago @BDub74: The issue you are observing seems to be with your Windows for some reason not accepting the signature for USBPcapDriver. This is suprising as it is signed and timestamped using VeriSign certificate and timestamp server.
This is not directly related to the Add/Remove Programs uninstall vs uninstall.exe. Thanks to https://sourceforge.net/projects/regshot/ I managed to identify the difference between the two. It is related to how service is uninstalled:
Hopefully this can be detected in installer and instruct user to reboot before installing.
I think I will release 1.2.0.1 later today. It will be signed using new certificate so maybe @BDub74 issue will be resolved as well.
BDub74
commented
7 years ago @desowin Ok, downloaded and installed. I will reboot shortly to test. I will report back soon.... Thanks for the rush!
BDub74
commented
7 years ago @desowin So no luck for me. :( Not sure what to do at this point other than hitting F8 every time I need to boot up. I installed it, rebooted lost usb funct, powered off, did F8 and selected DDSE and booted fine. Logged in, right clicked on the .Inf file and selected Install. I then ran the Uninstall.exe and rebooted. Booted up normally and didn't have USB funct. - had to power off and do the F8 thing to have USB funct. Bummer. Thanks for your help...
ira-hart
commented
7 years ago I am having the exact issue described here with My Windows 10 64bit machine:
I installed the latest version of Wireshark and USBPcapDriver. Re-booted. Lost keyboard and mouse.
Powered down and rebooted. Hit F8. Selected "Disable Driver Signature Enforcement".
Windows boots but is still crippled.
What is the best solution at this point? Why is this continuing to occur? Should I try this below or is there a better solution now?:
"desowin commented on May 10 I experienced this issue when testing 1.2.0.1 release candidate. The solution that worked was to navigate to C:\Program Files\USBPcap, right click on USBPcap.inf and select Install. Then after a reboot USB devices and USBPcap worked fine. I will check if I can reproduce this."
desowin
commented
7 years ago @ira-hart: Which USBPcap version do you have installed? Does it happen with 1.2.0.1? Do you have Secure Boot enabled?
ira-hart
commented
7 years ago @desowin It is the latest version on your website installed Thurs. 6/8 Not sure on secure boot. Right click install usbpcap.inf suggestion failed. Remove usbpcap failed. Waited 20 mins power plug cycled.
ira-hart
commented
7 years ago Yes I have usbpcap 1.2.0.1 Wireshark 2.2.7 64bit
ira-hart
commented
7 years ago Yes we have secure boot enabled.
desowin
commented
7 years ago @ira-hart: Can you try with Secure Boot disabled?
ira-hart
commented
7 years ago I tried Secure boot disabled. F12, UEFI Boot Mode, SecureBoot=off It did boot after this. Tried install of USBpcap.inf again. Just got the spinning wheel forever. Did a hard power cycle. Very slow booting. Machine would originally boot in ~45 sec. Now it's ~4 minutes. Still no internet connection and audio driver is also off.
From: Tomasz Moń <notifications@github.com>To: desowin/usbpcap usbpcap@noreply.github.com Cc: ira-hart ira.hart@yahoo.com; Mention mention@noreply.github.com Sent: Monday, June 12, 2017 10:10 AM Subject: Re: [desowin/usbpcap] Windows 7 - USB bus not recognized after restart after USBPcap installation (#3)
@ira-hart: Can you try with Secure Boot disabled?— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
ira-hart
commented
7 years ago @desowin I had multiple IT people at my company come look at this. I ended up in a situation with the current state of the machine, where we cant elevate admin rights at all. Since this is true, we cant remove programs now or regedit. Everything is dog slow.
We are wiping the machine tomorrow and reinstalling Windows 10 and all my FPGA design software which will take at least a day..
I'm not sure if this is an issue with Secure Boot or with Driver Signature Enforcement. I would suggest that you post a warning on your web page for people installing USBCap on Windows 10 until a good solution is found..
desowin
commented
7 years ago @ira-hart I have created #39 as I believe it is not directly related to this bug. What do you mean that "it did boot after this" when Secure Boot was disabled? Did USB devices work?
ira-hart
commented
7 years ago @desowin Yes, with secure boot disabled, the keyboard and mouse worked.
However, the machine was in a crippled state. It was extremely slow. Boot up times for windows was ~4 minutes where it used be 45 secs. We were unable to elevate admin rights so no changes could be made to the computer. The network was not working. This may be due to experiments to fix the underlying USB issues. Not sure... as debugging these types of issues can spawn secondary problems that are not attributable to the root cause.
JimNickerson
commented
7 years ago Windows 10 pc Updated Wireshark, chose usbpcap option. Rebooted to bluescreen loop with driver failed ioverification. Stuck in boot loop to bluescreen. chose start in safe mode and uninstalled usbpcap. back in operation. reovery restorepoint was on usb drive !!!
desowin
commented
7 years ago @JimNickerson Could you please send me the minidump file from C:\Windows\Minidump? Without it I cannot analyze what went wrong.
JimNickerson
commented
7 years ago The dump is attached " BugCheck C9, {23e, fffff80364b82dc4, ffffa6044774ea60, 0}
Unable to load image USBPcap.sys, Win32 error 0n2 WARNING: Unable to verify timestamp for USBPcap.sys ERROR: Module load completed but symbols could not be loaded for USBPcap.sys Probably caused by : USBPcap.sys ( USBPcap+2dc4 ) " jim ------ Original Message ------ From: "Tomasz Moń" notifications@github.com To: "desowin/usbpcap" usbpcap@noreply.github.com Cc: "JimNickerson" Jim.Nickerson@gmail.com; "Mention" mention@noreply.github.com Sent: 6/29/2017 10:10:16 PM Subject: Re: [desowin/usbpcap] Windows 7 - USB bus not recognized after restart after USBPcap installation (#3)
@JimNickerson https://github.com/jimnickerson Could you please send me the minidump file from C:\Windows\Minidump? Without it I cannot analyze what went wrong.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/desowin/usbpcap/issues/3#issuecomment-312176495, or mute the thread https://github.com/notifications/unsubscribe-auth/AKtuOU0V6mIKYt-WrbEqM0NQtZzQ88Xfks5sJIM4gaJpZM4BCpXR.
JimNickerson
commented
7 years ago jim BugCheck C9, {23e, fffff80364b82dc4, ffffa6044774ea60, 0}
Unable to load image USBPcap.sys, Win32 error 0n2
WARNING: Unable to verify timestamp for USBPcap.sys ERROR: Module load completed but symbols could not be loaded for USBPcap.sys Probably caused by : USBPcap.sys ( USBPcap+2dc4 )
desowin
commented
7 years ago @JimNickerson Does this BSoD happen also when all USB devices are unplugged? Why do you have driver verifier enabled?
JimNickerson
commented
7 years ago The BSoD happens during boot, there is no time to plug/unplug anything. If I disable all USB in the BIOS my PC will not run, the only keyboard is USB. I was building a driver and driver verifier was inadvertently left enabled as I installed usbPcap to use it during my driver debugging. Maybe it was fortunate driver verifier was running so it caught this. Are you suggesting usbPcap will no longer BSoD without driver verifier ? ( I am reluctant to try usbPcap again )
desowin
commented
7 years ago Atleast on my laptop it works with normal Windows settings. When I enabled driver verifier it did BSoD just like in your case.
JimNickerson
commented
7 years ago Is it possible to detect if verifier is enabled programmatically? How much trouble is it to resolve the issue verifier is complaining about ? I will give it another try with verifier disabled if it works on your Windows 10 laptop
desowin
commented
7 years ago I need to do some more research about the issue before I can fix it. I hope I can get it fixed on some weekend. Hopefully I can reproduce the issue on my laptop (and get it back to working condition rather quickly) so it's not only guessing.
I created issue #40 about this particular problem. Please direct all follow-up to that particular BSoD (revealed with Driver Verifier) to that issue.
Nathan13888
commented
6 years ago So, I have experienced the exact same problem. And have spent countless hours trying to fix this issue. But now I've found a fix that works for me. I hope this method helps. ;)
Simply, if you have a UEFI bios, turn Windows UEFI (in Boot>Secure Boot) to Other OS. Then it worked! Imwas very surprised when I found out.
mhmeadows63
commented
6 years ago I have just reinstalled Windows 10 x64 on my laptop along with Wireshark 2.4.0 containing USBpcap 1.2.0.1 and have encountered the Driver Not Signed issue that breaks all USB connectivity. I tried v1.2.0.2 without success, but the suggestion from @Nathan13888 above to disable Secure Boot cleared the problem.
While testing v1.2.0.2, I also encountered the Malicious File warning reported by @JimNickerson on 1-aug-2017 in issue #40, but this was resolved by unblocking the downloaded .EXE binary (right-click Properties - Unblock)
I am not up on whether disabling Secure Boot is a good idea so shall live without USBpcap for now,
Nathan13888
commented
6 years ago I'm glad my method worked! OwO
OblongCheese
commented
6 years ago This bug should not be closed. It has cost me several hours troubleshooting this issue on Win10 with USBpcap 1.1.0.0-g794bf26-5.
Uninstalling USBpcap itself doesn't fix the issue, as noted above.
MelbourneDeveloper
commented
6 years ago The WireShark installer mentions this bug. I'd really like to use this tool, but there's no way I can risk this happening. I hope that someone will look in to this bug at some point because it seems like a real shame to avoid using this tool just because of this issue.
JeighBI
commented
6 years ago Looking at Downloading Wireshark today and noticed the USBPcap version is now at 1.2.0.3 Any word on this update or if it addresses the issue? There's not a chance I'm going through this mess with all the issues reported.
I installed USBPcap on my laptop and it worked fine, without restarting. I managed to create dumps with it.
However, after the restart, my mouse was not working. Looking in devices, windows report a problem on USB host controller. Running troubleshoot of windows try to reinstall driver of the USB HC but fails to do it. After deinstalling USBPcap, the troubleshoot manage to reinstall drivers and everything works (no restart needed).
The USB bus of my laptop is Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller.