New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Npcap installer fails with 80070430, ERROR_SERVICE_MARKED_FOR_DELETE #1350

Open
dmiller-nmap opened this Issue Oct 9, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@dmiller-nmap

dmiller-nmap commented Oct 9, 2018

In some cases, Npcap installer may not be able to replace the npf service because it has been marked for deletion. We need a clean way to handle this. Some options:

  1. Fail, but tell the user to reboot and retry.
  2. Continue without creating the npf service, and schedule a job to create it at next boot?

Really need to identify when/why this happens.

@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Oct 11, 2018

I was able to get the same error by following this procedure:

  1. Install WinPcap and Wireshark.
  2. Start a packet capture with Wireshark.
  3. Attempt to install Npcap. Details window shows that npf driver could not be stopped, but WinPcap uninstaller launches anyway. WinPcap uninstaller complains that it can't do something, but continues anyway.
  4. Choose "Reboot later" in the WinPcap uninstaller. Npcap installer continues, but fails to write wpcap.dll as it is in use.
  5. Close Wireshark.
  6. Choose "retry" in the Npcap installer. Wpcap.dll is overwritten successfully, but installer fails with 80070430.

Our installer already detects whether Npcap is in use. I will look into seeing if it can also detect if WinPcap is in use before uninstalling it.

dmiller-nmap commented Oct 11, 2018

I was able to get the same error by following this procedure:

  1. Install WinPcap and Wireshark.
  2. Start a packet capture with Wireshark.
  3. Attempt to install Npcap. Details window shows that npf driver could not be stopped, but WinPcap uninstaller launches anyway. WinPcap uninstaller complains that it can't do something, but continues anyway.
  4. Choose "Reboot later" in the WinPcap uninstaller. Npcap installer continues, but fails to write wpcap.dll as it is in use.
  5. Close Wireshark.
  6. Choose "retry" in the Npcap installer. Wpcap.dll is overwritten successfully, but installer fails with 80070430.

Our installer already detects whether Npcap is in use. I will look into seeing if it can also detect if WinPcap is in use before uninstalling it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment