Upgrading from WinPcap to Npcap 0.99-r9 has multiple failures

[daulis]

See related Wireshark bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15476 Wireshark relies on the Npcap installer to uninstall WinPcap so it seems like this issue is causing the Wireshark bug above.

OS: Windows 10, 1803. 64-bit

1. Clean machine that did not have any previous versions of Wireshark, WinPcap, or Npcap.

2. Install WinPcap 4.1.3 (https://www.winpcap.org/install/bin/WinPcap_4_1_3.exe)

3. Rebooted, even though it did not prompt. Just to be safe.

4. Install npcap-0.99-r9.exe (https://nmap.org/npcap/dist/npcap-0.99-r9.exe). Use default options.

5. ERROR: "Error opening file for writing...". Retry doesn't work. Abort causes both Wireshark and Npcap installers to hang. Click Ignore.

6. "Failed to uninstall WinPcap; files in use by: .". Retry doesn't work. Ignore doesn't work. Abort. (See Screenshot2.png)

7. Then it says uninstalling WinPcap.

8. The rest of the installation works as expected.

[daulis]

Looks like the problem was introduced in 0.99-r8. I upgrading from WinPcap to Npcap 0.99-r7, and everything worked as expected.

[daulis]

Test these configurations, and the problem affects them all:

1. Windows 10 Home, v1803
2. Windows 10 Pro, v1803
3. Windows 10 Enterprise, v1703

[daulis]

If you uncheck "Install Npcap in WinPcap API-compatible Mode", then you don't see the issue. But, having that checked is the default, so most users will experience this problem when upgrading.

[daulis]

More notes:

1. Going from WinPcap to 0.99-r7, then 0.99-r7 to 0.99-r9 doesn't trigger the issue. Going directly from WinPcap to 0.99-r9 does trigger the issue.
2. Attached install log files. install.log NPFInstall.log

[daulis]

The first error is that it can't write a file inside C:\Program Files\Npcap. It looks like Npcap doesn't create the folder first, before it tries to create the file, when installing from WinPcap to Npcap. It seems to work fine if you install Npcap without WinPcap previously installed.

When upgrading from WinPcap to Npcap:

• If I manually create the C:\Program Files\Npcap folder before installing Npcap, it works.
• If C:\Program Files\Npcap does not exist before installing Npcap, it fails.

This is an issue for Wireshark, because Wireshark 2.x uses WinPcap by default, the upcoming Wireshark 3.0 will install Npcap by default. So, most Windows 10 users would encounter this issue when upgrading (unless Wireshark packages an Npcap installer with the fix)

Note: I have not tested on Windows 7

[dmiller-nmap]

Thanks for the detailed error report. I think I know why this is happening: we added some code to the installer to kill processes using WinPcap before running the WinPcap uninstaller, but as you noted, it needs to write and run the NPFInstall2.exe executable to do so. I think that at the point where the code was inserted, the Npcap install has not started, so the installation directory potentially doesn't exist. I'll change this to either extract NPFInstall2.exe to a random temp directory first or ensure that the installation directory is created first.

[pquantin]

Hi Dan,

Any chance to release a 0.99-r10 soon? We are about to release Wireshark 3.0 release candidate and I would like to package this version if possible.