npcap: NPFInstall freeze on installing loopback adapter

[ettavolt]

setupapi.dev.log after reboot and one more NPFInstall.exe -il ("Адаптер замыкания на себя" ≈ "Loopback Adapter"):

[Boot Session: 2016/10/09 12:16:48.497]

>>>  [Device Install (Hardware initiated) - ROOT\NET\0001]
>>>  Section start 2016/10/09 12:17:01.340
     dvi: {Build Driver List} 12:17:01.402
     dvi:      Searching for hardware ID(s):
     dvi:           *msloop
     dvi:      Created Driver Node:
     dvi:           HardwareID   - *MSLOOP
     dvi:           InfName      - C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_336f686a84333886\netloop.inf
     dvi:           DevDesc      - Адаптер замыкания на себя Microsoft KM-TEST
     dvi:           Section      - kmloop.ndi.NT
     dvi:           Rank         - 0x00ff0000
     dvi:           Signer Score - INBOX
     dvi:           DrvDate      - 06/21/2006
     dvi:           Version      - 6.3.9600.16384
     dvi: {Build Driver List - exit(0x00000000)} 12:17:01.402
     dvi: {DIF_SELECTBESTCOMPATDRV} 12:17:01.402
     dvi:      Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.
     dvi:      Class installer == NetCfgx.dll,NetClassInstaller
     dvi:      Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.
     dvi:      CoInstaller 1 == wlaninst.dll,WlanDeviceClassCoInstaller
     dvi:      Using exported function 'WwanDeviceClassCoInstaller' in module 'C:\Windows\system32\wwaninst.dll'.
     dvi:      CoInstaller 2 == wwaninst.dll,WwanDeviceClassCoInstaller
     dvi:      CoInstaller 1: Enter 12:17:01.402
     dvi:      CoInstaller 1: Exit
     dvi:      CoInstaller 2: Enter 12:17:01.402
     dvi:      CoInstaller 2: Exit
     dvi:      Class installer: Enter 12:17:01.402
     dvi:      Class installer: Exit
     dvi:      Default installer: Enter 12:17:01.402
     dvi:           {Select Best Driver}
     dvi:                Class GUID of device remains: {4d36e972-e325-11ce-bfc1-08002be10318}.
     dvi:                Selected:
     dvi:                     Description - [Адаптер замыкания на себя Microsoft KM-TEST]
     dvi:                     InfFile     - [c:\windows\system32\driverstore\filerepository\netloop.inf_amd64_336f686a84333886\netloop.inf]
     dvi:                     Section     - [kmloop.ndi]
     dvi:           {Select Best Driver - exit(0x00000000)}
     dvi:      Default installer: Exit
     dvi: {DIF_SELECTBESTCOMPATDRV - exit(0x00000000)} 12:17:01.418
     ndv: {Core Device Install} 12:17:01.418
     dvi:      {DIF_ALLOW_INSTALL} 12:17:01.418
     dvi:           CoInstaller 1: Enter 12:17:01.418
     dvi:           CoInstaller 1: Exit
     dvi:           CoInstaller 2: Enter 12:17:01.418
     dvi:           CoInstaller 2: Exit
     dvi:           Class installer: Enter 12:17:01.418
     dvi:           Class installer: Exit
     dvi:           Default installer: Enter 12:17:01.418
     dvi:           Default installer: Exit
     dvi:      {DIF_ALLOW_INSTALL - exit(0xe000020e)} 12:17:01.418
     dvi:      {DIF_INSTALLDEVICEFILES} 12:17:01.418
     dvi:           CoInstaller 1: Enter 12:17:01.418
     dvi:           CoInstaller 1: Exit
     dvi:           CoInstaller 2: Enter 12:17:01.418
     dvi:           CoInstaller 2: Exit
     dvi:           Class installer: Enter 12:17:01.418
     dvi:           Class installer: Exit
     dvi:           Default installer: Enter 12:17:01.418
     dvi:           Default installer: Exit
     dvi:      {DIF_INSTALLDEVICEFILES - exit(0x00000000)} 12:17:01.418
     flq:      Copying 'C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_336f686a84333886\loop.sys' to 'C:\Windows\system32\DRIVERS\loop.sys'.
<ins>

>>>  [Device Install (UpdateDriverForPlugAndPlayDevices) - *msloop]
>>>  Section start 2016/10/09 12:25:01.479
      cmd: NPFInstall.exe  -il
<ins>

NPFInstall.log:

[000007B4] 2016-10-09 12:25:01 --> wmain
[000007B4] 2016-10-09 12:25:01     _tmain: executing, argv[0] = NPFInstall.exe.
[000007B4] 2016-10-09 12:25:01     _tmain: executing, argv[1] = -il.
[000007B4] 2016-10-09 12:25:01 --> InstallLoopbackAdapter
[000007B4] 2016-10-09 12:25:01 --> IsWindowsWin10
[000007B4] 2016-10-09 12:25:01     GetVersionEx: osvi.dwMajorVersion = 6, expected value = 10.
[000007B4] 2016-10-09 12:25:01 <-- IsWindowsWin10
[000007B4] 2016-10-09 12:25:01 --> InstallLoopbackDeviceInternal
[000007B4] 2016-10-09 12:25:01 --> GetLoopbackINFFilePath
[000007B4] 2016-10-09 12:25:01     SHGetSpecialFolderPath: succeed, strLoopbackInfPath = C:\Windows\inf\netloop.inf.
[000007B4] 2016-10-09 12:25:01 <-- GetLoopbackINFFilePath

DiagReport-20161009-123904.txt

[hsluoyz]

Hi @ettavolt , I think you are stuck in the cmdInstall() call of NPFInstall.exe. This function actually installs Microsoft KM-TEST Loopback Adapter. I don't know why it halts.

But I think you can try to install Npcap Loopback Adapter manually. So the problem will be better revealed.

Here're the steps:

• Install the Microsoft KM-TEST Loopback Adapter by running devcon.exe install C:\Windows\inf\netloop.inf *msloop, or following this guide in a GUI way (in that guide, Microsoft Loopback Adapter has been renamed to Microsoft KM-TEST Loopback Adapter).
• Rename the above adapter to Npcap Loopback Adapter in Network Connections (ncpa.cpl) like renaming a file.
• Install Wireshark, and open a CMD in its installation folder. Because we need to use its dumpcap.exe tool. Run dumpcap -D, you will see something like:

C:\Program Files\Wireshark>dumpcap -D
1. \Device\NPF_{7C4E0476-D3F1-4F4C-9FE4-FA514710032A} (VMware Network Adapter VMnet1)
2. \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9} (Wi-Fi)
3. \Device\NPF_{2F6EC492-5488-42D4-BAF4-049CD820EB66} (VMware Network Adapter VMnet8)
4. \Device\NPF_{2A2FCEC4-C241-4B8B-8532-C901A74DC867} (Npcap Loopback Adapter)
5. \Device\NPF_{AC093F81-04F0-4B51-9137-18E7B8376782} (Ethernet 2)

• Copy out Npcap Loopback Adapter's GUID name: \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9}. Remove the NPF_ in the above string, so it should be: \Device\{385F30D0-9166-45D3-BBC6-F1D9C5300AF9}. Copy it to two places (REG_SZ, create it if not exsits) in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\LoopbackAdapter
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Npcap\LoopbackAdapter

(the 2nd registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Npcap\LoopbackAdapter if you are using a 32-bit OS)

• Restart the driver, by running two commands in CMD:

net stop npcap
net start npcap

(if you are using the WinPcap-compatible mode, please run the following two commands instead)

net stop npf
net start npf

• Now you have successfully installed Npcap Loopback Adapter manually.

[ettavolt]

My system doesn't seem to have devcon.exe, so I just went into Device Manager and 'updated' driver for ROOT\NET\0000 (have also 0001 and 0002). As you can see, driver installation freezes on the same step:

>>>  [Device Install (DiShowUpdateDevice) - ROOT\NET\0000]
>>>  Section start 2016/10/09 16:50:08.049
      cmd: "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
     dvi: {DIF_UPDATEDRIVER_UI} 16:50:08.051
     dvi:      Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.
     dvi:      Class installer == NetCfgx.dll,NetClassInstaller
     dvi:      Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.
     dvi:      CoInstaller 1 == wlaninst.dll,WlanDeviceClassCoInstaller
     dvi:      Using exported function 'WwanDeviceClassCoInstaller' in module 'C:\Windows\system32\wwaninst.dll'.
     dvi:      CoInstaller 2 == wwaninst.dll,WwanDeviceClassCoInstaller
     dvi:      CoInstaller 1: Enter 16:50:08.056
     dvi:      CoInstaller 1: Exit
     dvi:      CoInstaller 2: Enter 16:50:08.057
     dvi:      CoInstaller 2: Exit
     dvi:      Class installer: Enter 16:50:08.057
     dvi:      Class installer: Exit
     dvi:      Default installer: Enter 16:50:08.060
     dvi:      Default installer: Exit
     dvi: {DIF_UPDATEDRIVER_UI - exit(0xe000020e)} 16:50:08.060
     ndv: {Update Driver Software Wizard for ROOT\NET\0000}
     dvi:      {DIF_SELECTDEVICE} 16:50:12.241
     dvi:           CoInstaller 1: Enter 16:50:12.242
     dvi:           CoInstaller 1: Exit
     dvi:           CoInstaller 2: Enter 16:50:12.242
     dvi:           CoInstaller 2: Exit
     dvi:           Class installer: Enter 16:50:12.242
     dvi:           Class installer: Exit
     dvi:      {DIF_SELECTDEVICE - exit(0xe000020e)} 16:50:12.243
     ndv:      Driver package 'C:\Windows\INF\netloop.inf' exists under 'C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_336f686a84333886\netloop.inf'.
     dvi:      Searching for hardware ID(s):
     dvi:           *msloop
     dvi:      Class GUID of device remains: {4d36e972-e325-11ce-bfc1-08002be10318}.
     dvi:      {Plug and Play Service: Device Install for ROOT\NET\0000}
     ndv:           Driver INF Path: C:\Windows\INF\netloop.inf
     ndv:           Driver Node Name: netloop.inf:db04a16c8f2dc9fb:kmloop.ndi:6.3.9600.16384:*msloop
     ndv:           Driver Store Path: C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_336f686a84333886\netloop.inf
     dvi:           Searching for hardware ID(s):
     dvi:                *msloop
     dvi:           Class GUID of device changed to: {4d36e972-e325-11ce-bfc1-08002be10318}.
     ndv:           {Core Device Install} 16:50:15.262
     dvi:                {DIF_ALLOW_INSTALL} 16:50:15.270
     dvi:                     Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.
     dvi:                     Class installer == NetCfgx.dll,NetClassInstaller
     dvi:                     Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.
     dvi:                     CoInstaller 1 == wlaninst.dll,WlanDeviceClassCoInstaller
     dvi:                     Using exported function 'WwanDeviceClassCoInstaller' in module 'C:\Windows\system32\wwaninst.dll'.
     dvi:                     CoInstaller 2 == wwaninst.dll,WwanDeviceClassCoInstaller
     dvi:                     CoInstaller 1: Enter 16:50:15.274
     dvi:                     CoInstaller 1: Exit
     dvi:                     CoInstaller 2: Enter 16:50:15.274
     dvi:                     CoInstaller 2: Exit
     dvi:                     Class installer: Enter 16:50:15.274
     dvi:                     Class installer: Exit
     dvi:                     Default installer: Enter 16:50:15.275
     dvi:                     Default installer: Exit
     dvi:                {DIF_ALLOW_INSTALL - exit(0xe000020e)} 16:50:15.276
     dvi:                {DIF_INSTALLDEVICEFILES} 16:50:15.278
     dvi:                     CoInstaller 1: Enter 16:50:15.278
     dvi:                     CoInstaller 1: Exit
     dvi:                     CoInstaller 2: Enter 16:50:15.279
     dvi:                     CoInstaller 2: Exit
     dvi:                     Class installer: Enter 16:50:15.279
     dvi:                     Class installer: Exit
     dvi:                     Default installer: Enter 16:50:15.279
     dvi:                     Default installer: Exit
     dvi:                {DIF_INSTALLDEVICEFILES - exit(0x00000000)} 16:50:15.280
     flq:                Copying 'C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_336f686a84333886\loop.sys' to 'C:\Windows\system32\DRIVERS\loop.sys'.
<ins>

P.S. If I manually copy that loop.sys, on next install attempt it freezes on 'Pruned loop.sys copy'.

[hsluoyz]

My system doesn't seem to have devcon.exe,

I have uploaded the devcon.exe tool, see the attachment.

so I just went into Device Manager and 'updated' driver for ROOT\NET\0000 (have also 0001 and 0002). As you can see, driver installation freezes on the same step:

I don't know if you can update that driver. It's meaningless. So it seems that your computer has the issue about Microsoft Loopback Adapter installation. It's seemingly not Npcap's problem. You can first try my way to see what happens.

devcon.zip

[ettavolt]

Same problem in setupapi.dev.log.

[hsluoyz]

Is it stuck in the devcon.exe install C:\Windows\inf\netloop.inf *msloop command? If yes, there are two things you can do.

1. Uninstall Hyper-V and ESET NOD32 Anti-virus. Because they probably affect the install of Microsoft Loopback Adapter.
2. Workaround: If you can't create a Microsoft Loopback Adapter on your own, you can borrow an existing adapter to be the Npcap Loopback Adapter. Follow the guide here: http://seclists.org/nmap-dev/2016/q4/9

[ettavolt]

I've tried to install same npcap inside VM with Win 8.1 edition (not even a trace of ESET personal firewall there) - exactly same problem, it stop on 'Copying … loop.sys'. I've uninstalled Hyper-V driver on host, tried to reinstall npcap - no change.

[hsluoyz]

You don't need to try Npcap for now. You are stuck in creating Microsoft Loopback Adapter, which is provided by Microsoft. This issue has nothing to do with Npcap. It's your system's issue. You can do two ways:

1. Ask on Microsoft forum (MSDN) why you can't install Microsoft Loopback Adapter.
2. Workaround: If you can't create a Microsoft Loopback Adapter on your own, you can borrow an existing adapter to be the Npcap Loopback Adapter. Follow the guide here: http://seclists.org/nmap-dev/2016/q4/9

[ettavolt]

Yes, really. Because installing driver for ROOT\NET\000X via Device Manager fails too. Thanks for support.