search

nmap / npcap

Nmap Project's Windows packet capture and transmission library
https://npcap.com
Other
2.99k stars 516 forks source link

Npcap 0.995 crashes IRQL_NOT_LESS_OR_EQUAL in NPF_DetachAdapter #347

Closed dmiller-nmap closed 3 years ago

dmiller-nmap commented 5 years ago

This is a separate issue from some of the widely reported crashes when attempting to install or upgrade Npcap 0.995. Future installers will address that issue by offering to disable Npcap until reboot, upon which the installation/upgrade can be reattempted, avoiding a crash.

This issue, solved in nmap/npcap@88b8c89, is due to the driver unloading before all filter modules have finished detaching, and was introduced in Npcap 0.994.

dmiller-nmap commented 5 years ago

This issue is resolved in Npcap 0.996, released today. https://npcap.org/#download

Because Npcap 0.995 consistently crashes some systems, the Npcap 0.996 installer will offer to disable the npcap driver service on the next boot so that the installation can be reattempted. You can also manually disable it by following these steps:

  1. In an Administrator command shell, run: sc.exe config npcap start=disabled
  2. If Npcap was installed in WinPcap API-compatible mode, also run: sc.exe config npf start=disabled
  3. Reboot. There may be one more BSoD crash at this point, but it will be the last one.
  4. Run the Npcap installer to upgrade Npcap, or uninstall it via "Add or Remove Programs" control panel. Since the service is disabled, it can safely be removed.