Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Npcap OEM 1.50: driver fails to start on Windows 7/Server 2008 R2 #536

Closed
akontsevoy opened this issue Aug 27, 2021 · 7 comments
Closed

Npcap OEM 1.50: driver fails to start on Windows 7/Server 2008 R2 #536

akontsevoy opened this issue Aug 27, 2021 · 7 comments

Comments

@akontsevoy
Copy link

@akontsevoy akontsevoy commented Aug 27, 2021

Version 1.50 of Npcap introduced the same regression on Windows Server 2008 R2 (fully patched before ESU) as 0.9990 did (see #107). When installing manually, a warning pops up to install the driver, and when installing silently, it fails (this time the installer returns proper exit code though, and no longer leaves Npcap half-installed). This is despite kb3033929, kb4474419-v3, and kb4490628 patches installed.

Worse, the driver, even when it installed manually, fails to start on WS2008R2 afterwards:

c:\>sc start npcap
[SC] StartService FAILED 87:

The parameter is incorrect.

It looks like you've changed the signer again (now to DigiCert); perhaps you need to install their root and intermediate certificates into appropriate certificate stores before installing the driver? And since by now you are shipping different drivers for W7, W8 and W10, could we not simply leave the W7/2008R2 driver signing process alone? No more changes would be made to those systems except critical patches, so whatever signing mechanism that worked before should in theory continue to work (as long as the involved certificates don't expire or get revoked).

image

Contents of setupapi.dev.log (silent install failure followed by manual install warning override):

>>>  [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]
>>>  Section start 2021/08/27 10:41:39.053
      cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i
     sto: {Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 10:41:39.100
     sto:      Importing driver package into Driver Store:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Program Files\Npcap\NPCAP.inf
     sto:           Architecture   = amd64
     sto:           Locale Name    = neutral
     sto:           Flags          = 0x00000008
     sto:      Copying driver package files to 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'.
     inf:      Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
     inf:      Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
     flq:      {FILE_QUEUE_COPY}
     flq:           CopyStyle      - 0x00000000
     flq:           SourceRootPath - 'C:\Program Files\Npcap'
     flq:           SourceFilename - 'npcap.cat'
     flq:           TargetDirectory- 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'
     flq:      {FILE_QUEUE_COPY exit(0x00000000)}
     flq:      {FILE_QUEUE_COPY}
     flq:           CopyStyle      - 0x00000000
     flq:           SourceRootPath - 'C:\Program Files\Npcap'
     flq:           SourceFilename - 'NPCAP.inf'
     flq:           TargetDirectory- 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'
     flq:      {FILE_QUEUE_COPY exit(0x00000000)}
     flq:      {FILE_QUEUE_COPY}
     flq:           CopyStyle      - 0x00000000
     flq:           SourceRootPath - 'C:\Program Files\Npcap'
     flq:           SourceFilename - 'npcap.sys'
     flq:           TargetDirectory- 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'
     flq:      {FILE_QUEUE_COPY exit(0x00000000)}
     flq:      {_commit_file_queue}
     flq:           CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
     flq:           {_commit_copy_subqueue}
     flq:                subqueue count=3
     flq:                source media:
     flq:                     SourcePath   - [C:\Program Files\Npcap]
     flq:                     SourceFile   - [npcap.cat]
     flq:                     Flags        - 0x00000000
     flq:                {_commit_copyfile}
     flq:                     CopyFile: 'C:\Program Files\Npcap\npcap.cat'
     flq:                           to: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\SETA43A.tmp'
     flq:                     MoveFile: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\SETA43A.tmp'
     flq:                           to: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\npcap.cat'
     flq:                {_commit_copyfile exit OK}
     flq:                {_commit_copyfile}
     flq:                     CopyFile: 'C:\Program Files\Npcap\NPCAP.inf'
     flq:                           to: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\SETA43B.tmp'
     flq:                     MoveFile: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\SETA43B.tmp'
     flq:                           to: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\NPCAP.inf'
     flq:                {_commit_copyfile exit OK}
     flq:                {_commit_copyfile}
     flq:                     CopyFile: 'C:\Program Files\Npcap\npcap.sys'
     flq:                           to: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\SETA44B.tmp'
     flq:                     MoveFile: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\SETA44B.tmp'
     flq:                           to: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\npcap.sys'
     flq:                {_commit_copyfile exit OK}
     flq:           {_commit_copy_subqueue exit OK}
     flq:      {_commit_file_queue exit OK}
     pol:      {Driver package policy check} 10:41:39.224
     pol:      {Driver package policy check - exit(0x00000000)} 10:41:39.224
     sto:      {Stage Driver Package: C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\NPCAP.inf} 10:41:39.224
     inf:           Opened INF: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\NPCAP.inf' ([strings])
     inf:           Opened INF: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\NPCAP.inf' ([strings])
     sto:           Copying driver package files:
     sto:                Source Path      = C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}
     sto:                Destination Path = C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}
     flq:           {FILE_QUEUE_COPY}
     flq:                CopyStyle      - 0x00000010
     flq:                SourceRootPath - 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'
     flq:                SourceFilename - 'npcap.cat'
     flq:                TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}'
     flq:           {FILE_QUEUE_COPY exit(0x00000000)}
     flq:           {FILE_QUEUE_COPY}
     flq:                CopyStyle      - 0x00000010
     flq:                SourceRootPath - 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'
     flq:                SourceFilename - 'NPCAP.inf'
     flq:                TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}'
     flq:           {FILE_QUEUE_COPY exit(0x00000000)}
     flq:           {FILE_QUEUE_COPY}
     flq:                CopyStyle      - 0x00000010
     flq:                SourceRootPath - 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}'
     flq:                SourceFilename - 'npcap.sys'
     flq:                TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}'
     flq:           {FILE_QUEUE_COPY exit(0x00000000)}
     flq:           {_commit_file_queue}
     flq:                CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
     flq:                {_commit_copy_subqueue}
     flq:                     subqueue count=3
     flq:                     source media:
     flq:                          SourcePath   - [C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}]
     flq:                          SourceFile   - [npcap.cat]
     flq:                          Flags        - 0x00000000
     flq:                     {_commit_copyfile}
     flq:                          CopyFile: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\npcap.cat'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\SETA469.tmp'
     flq:                          MoveFile: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\SETA469.tmp'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\npcap.cat'
     flq:                     {_commit_copyfile exit OK}
     flq:                     {_commit_copyfile}
     flq:                          CopyFile: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\NPCAP.inf'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\SETA46A.tmp'
     flq:                          MoveFile: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\SETA46A.tmp'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\NPCAP.inf'
     flq:                     {_commit_copyfile exit OK}
     flq:                     {_commit_copyfile}
     flq:                          CopyFile: 'C:\Windows\TEMP\{4b6f4511-9cba-7f5b-7876-0029d3e95536}\npcap.sys'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\SETA46B.tmp'
     flq:                          MoveFile: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\SETA46B.tmp'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\npcap.sys'
     flq:                     {_commit_copyfile exit OK}
     flq:                {_commit_copy_subqueue exit OK}
     flq:           {_commit_file_queue exit OK}
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 10:41:39.318
     inf:                Opened INF: 'C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\NPCAP.inf' ([strings])
     sig:                {_VERIFY_FILE_SIGNATURE} 10:41:39.318
     sig:                     Key      = NPCAP.inf
     sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\NPCAP.inf
     sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\npcap.cat
!    sig:                     Verifying file against specific (valid) catalog failed! (0x800b0109)
!    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
     sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 10:41:39.412
     sig:                {_VERIFY_FILE_SIGNATURE} 10:41:39.412
     sig:                     Key      = NPCAP.inf
     sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\NPCAP.inf
     sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{35f4e085-c226-103d-3dbc-290e64e6b725}\npcap.cat
     sig:                     Success: File is signed in Authenticode(tm) catalog.
     sig:                     Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
     sig:                {_VERIFY_FILE_SIGNATURE exit(0xe0000242)} 10:41:39.443
     sto:                Validating driver package files against catalog 'npcap.cat'.
!!!  sto:                Driver package signer is unknown. Assuming untrusted signer. Error = 0x800F0242
!!!  ndv:                Driver package failed signature validation. Error = 0xE0000242
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0xe0000242)} 10:41:39.443
!!!  sto:           Driver package failed signature verification. Error = 0xE0000242
!!!  sto:           Failed to import driver package into Driver Store. Error = 0xE0000242
     sto:      {Stage Driver Package: exit(0xe0000242)} 10:41:39.443
!!!  sto:      Failed to stage driver package to Driver Store. Error = 0xE0000242, Time = 219 ms
     sto: {Import Driver Package: exit(0xe0000242)} 10:41:39.443
     inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
!    inf: Add to Driver Store unsuccessful
!    inf: Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
!!!  inf: returning failure to SetupCopyOEMInf
<<<  Section end 2021/08/27 10:41:40.067
<<<  [Exit status: FAILURE(0xe0000242)]


>>>  [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]
>>>  Section start 2021/08/27 11:03:16.676
      cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i
     sto: {Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 11:03:16.692
     sto:      Importing driver package into Driver Store:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Program Files\Npcap\NPCAP.inf
     sto:           Architecture   = amd64
     sto:           Locale Name    = neutral
     sto:           Flags          = 0x00000000
     sto:      Copying driver package files to 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'.
     inf:      Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
     inf:      Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
     flq:      {FILE_QUEUE_COPY}
     flq:           CopyStyle      - 0x00000000
     flq:           SourceRootPath - 'C:\Program Files\Npcap'
     flq:           SourceFilename - 'npcap.cat'
     flq:           TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'
     flq:      {FILE_QUEUE_COPY exit(0x00000000)}
     flq:      {FILE_QUEUE_COPY}
     flq:           CopyStyle      - 0x00000000
     flq:           SourceRootPath - 'C:\Program Files\Npcap'
     flq:           SourceFilename - 'NPCAP.inf'
     flq:           TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'
     flq:      {FILE_QUEUE_COPY exit(0x00000000)}
     flq:      {FILE_QUEUE_COPY}
     flq:           CopyStyle      - 0x00000000
     flq:           SourceRootPath - 'C:\Program Files\Npcap'
     flq:           SourceFilename - 'npcap.sys'
     flq:           TargetDirectory- 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'
     flq:      {FILE_QUEUE_COPY exit(0x00000000)}
     flq:      {_commit_file_queue}
     flq:           CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
     flq:           {_commit_copy_subqueue}
     flq:                subqueue count=3
     flq:                source media:
     flq:                     SourcePath   - [C:\Program Files\Npcap]
     flq:                     SourceFile   - [npcap.cat]
     flq:                     Flags        - 0x00000000
     flq:                {_commit_copyfile}
     flq:                     CopyFile: 'C:\Program Files\Npcap\npcap.cat'
     flq:                           to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\SET709D.tmp'
     flq:                     MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\SET709D.tmp'
     flq:                           to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\npcap.cat'
     flq:                {_commit_copyfile exit OK}
     flq:                {_commit_copyfile}
     flq:                     CopyFile: 'C:\Program Files\Npcap\NPCAP.inf'
     flq:                           to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\SET709E.tmp'
     flq:                     MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\SET709E.tmp'
     flq:                           to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\NPCAP.inf'
     flq:                {_commit_copyfile exit OK}
     flq:                {_commit_copyfile}
     flq:                     CopyFile: 'C:\Program Files\Npcap\npcap.sys'
     flq:                           to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\SET709F.tmp'
     flq:                     MoveFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\SET709F.tmp'
     flq:                           to: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\npcap.sys'
     flq:                {_commit_copyfile exit OK}
     flq:           {_commit_copy_subqueue exit OK}
     flq:      {_commit_file_queue exit OK}
     pol:      {Driver package policy check} 11:03:16.723
     pol:      {Driver package policy check - exit(0x00000000)} 11:03:16.723
     sto:      {Stage Driver Package: C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\NPCAP.inf} 11:03:16.723
     inf:           Opened INF: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\NPCAP.inf' ([strings])
     inf:           Opened INF: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\NPCAP.inf' ([strings])
     sto:           Copying driver package files:
     sto:                Source Path      = C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}
     sto:                Destination Path = C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}
     flq:           {FILE_QUEUE_COPY}
     flq:                CopyStyle      - 0x00000010
     flq:                SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'
     flq:                SourceFilename - 'npcap.cat'
     flq:                TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}'
     flq:           {FILE_QUEUE_COPY exit(0x00000000)}
     flq:           {FILE_QUEUE_COPY}
     flq:                CopyStyle      - 0x00000010
     flq:                SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'
     flq:                SourceFilename - 'NPCAP.inf'
     flq:                TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}'
     flq:           {FILE_QUEUE_COPY exit(0x00000000)}
     flq:           {FILE_QUEUE_COPY}
     flq:                CopyStyle      - 0x00000010
     flq:                SourceRootPath - 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}'
     flq:                SourceFilename - 'npcap.sys'
     flq:                TargetDirectory- 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}'
     flq:           {FILE_QUEUE_COPY exit(0x00000000)}
     flq:           {_commit_file_queue}
     flq:                CommitQ DelNodes=0 RenNodes=0 CopyNodes=3
     flq:                {_commit_copy_subqueue}
     flq:                     subqueue count=3
     flq:                     source media:
     flq:                          SourcePath   - [C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}]
     flq:                          SourceFile   - [npcap.cat]
     flq:                          Flags        - 0x00000000
     flq:                     {_commit_copyfile}
     flq:                          CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\npcap.cat'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\SET70BC.tmp'
     flq:                          MoveFile: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\SET70BC.tmp'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\npcap.cat'
     flq:                     {_commit_copyfile exit OK}
     flq:                     {_commit_copyfile}
     flq:                          CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\NPCAP.inf'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\SET70BD.tmp'
     flq:                          MoveFile: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\SET70BD.tmp'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\NPCAP.inf'
     flq:                     {_commit_copyfile exit OK}
     flq:                     {_commit_copyfile}
     flq:                          CopyFile: 'C:\Users\ADMINI~1\AppData\Local\Temp\2\{5d2a26a3-d5f6-5370-6f5b-521622d4a95f}\npcap.sys'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\SET70CE.tmp'
     flq:                          MoveFile: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\SET70CE.tmp'
     flq:                                to: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\npcap.sys'
     flq:                     {_commit_copyfile exit OK}
     flq:                {_commit_copy_subqueue exit OK}
     flq:           {_commit_file_queue exit OK}
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE} 11:03:16.754
     inf:                Opened INF: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\NPCAP.inf' ([strings])
     sig:                {_VERIFY_FILE_SIGNATURE} 11:03:16.754
     sig:                     Key      = NPCAP.inf
     sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\NPCAP.inf
     sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\npcap.cat
!    sig:                     Verifying file against specific (valid) catalog failed! (0x800b0109)
!    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
     sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 11:03:16.770
     sig:                {_VERIFY_FILE_SIGNATURE} 11:03:16.770
     sig:                     Key      = NPCAP.inf
     sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\NPCAP.inf
     sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\npcap.cat
     sig:                     Success: File is signed in Authenticode(tm) catalog.
     sig:                     Error 0xe0000242: The publisher of an Authenticode(tm) signed catalog has not yet been established as trusted.
     sig:                {_VERIFY_FILE_SIGNATURE exit(0xe0000242)} 11:03:16.801
     sto:                Validating driver package files against catalog 'npcap.cat'.
!    sto:                Driver package signer is unknown but user trusts the signer.
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_VALIDATE exit(0x00000000)} 11:04:16.050
     sto:           Verified driver package signature:
     sto:                Digital Signer Score = 0xFF000000
     sto:                Digital Signer Name  = <unknown>
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_BEGIN} 11:04:16.050
     inf:                Opened INF: 'C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}\NPCAP.inf' ([strings])
     sto:                Create system restore point:
     sto:                     Description = Device Driver Package Install: Nmap Project Network Service
     sto:                     Time        = 0ms
     sto:                     Status      = 0x0000007E (FAILURE)
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_BEGIN: exit(0x00000000)} 11:04:16.050
     sto:           Importing driver package files:
     sto:                Source Path      = C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}
     sto:                Destination Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_93536e242c20956d
     sto:           {Copy Directory: C:\Windows\System32\DriverStore\Temp\{3168a72a-aa59-71f8-707a-df67e66fd32f}} 11:04:16.050
     sto:                Target Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_93536e242c20956d
     sto:           {Copy Directory: exit(0x00000000)} 11:04:16.050
     sto:           {Index Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_93536e242c20956d\NPCAP.inf} 11:04:16.050
     idb:                Registered driver store entry 'npcap.inf_amd64_neutral_93536e242c20956d'.
     idb:                Published 'npcap.inf_amd64_neutral_93536e242c20956d\npcap.inf' to 'C:\Windows\INF\oem8.inf'
     idb:                Published driver store entry 'npcap.inf_amd64_neutral_93536e242c20956d'.
     sto:                Published driver package INF 'oem8.inf' was changed.
     sto:                Active published driver package is 'npcap.inf_amd64_neutral_93536e242c20956d'.
     sto:           {Index Driver Package: exit(0x00000000)} 11:04:16.690
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_END} 11:04:16.690
     ndv:                No system restore point was set earlier.
     sto:           {DRIVERSTORE_IMPORT_NOTIFY_END: exit(0x00000000)} 11:04:16.690
     sto:      {Stage Driver Package: exit(0x00000000)} 11:04:16.690
     ndv:      Doing device matching lookup!
     sto:      Driver package was staged to Driver Store. Time = 60014 ms
     sto:      Imported driver package into Driver Store:
     sto:           Filename = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_93536e242c20956d\NPCAP.inf
     sto:           Time     = 60030 ms
     sto: {Import Driver Package: exit(0x00000000)} 11:04:16.721
     inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
     inf: Driver Store location: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_93536e242c20956d\NPCAP.inf
     inf: Published Inf Path: C:\Windows\INF\oem8.inf
     inf: Opened INF: 'C:\Program Files\Npcap\NPCAP.inf' ([strings])
     inf: Installing catalog npcap.cat as: oem8.CAT
     inf: OEM source media location: C:\Program Files\Npcap\
<<<  Section end 2021/08/27 11:04:16.846
<<<  [Exit status: SUCCESS]

Contents of NPFInstall.log (again, failed silent install followed by successful manual install):

[00000A00] 2021-08-27 10:41:33 --> wmain
[00000A00] 2021-08-27 10:41:33     _tmain: executing, argv[0] = C:\Windows\TEMP\nsv8E0D.tmp\NPFInstall.exe.
[00000A00] 2021-08-27 10:41:33     _tmain: executing, argv[1] = -n.
[00000A00] 2021-08-27 10:41:33     _tmain: executing, argv[2] = -check_dll.
[00000A00] 2021-08-27 10:41:33 --> getInUseProcesses
[00000A00] 2021-08-27 10:41:33 --> enumProcesses
[00000A00] 2021-08-27 10:41:33 --> getNpcapPIDs
[00000A00] 2021-08-27 10:41:33 <-- getNpcapPIDs
[00000A00] 2021-08-27 10:41:33     enumDLLs::OpenProcess: error, errCode = 0x00000005, strProcessName = System, dwProcessID = 4.
[00000A00] 2021-08-27 10:41:33 <-- enumProcesses
[00000A00] 2021-08-27 10:41:33 <-- getInUseProcesses
[00000A00] 2021-08-27 10:41:33     _tmain: succeed, nStatus = 0.
[00000A00] 2021-08-27 10:41:33 <-- wmain
[00000ABC] 2021-08-27 10:41:38 --> wmain
[00000ABC] 2021-08-27 10:41:38     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000ABC] 2021-08-27 10:41:38     _tmain: executing, argv[1] = -n.
[00000ABC] 2021-08-27 10:41:38     _tmain: executing, argv[2] = -c.
[00000ABC] 2021-08-27 10:41:38 --> ClearDriverStore
[00000ABC] 2021-08-27 10:41:38 --> executeCommand
[00000ABC] 2021-08-27 10:41:38     executeCommand: executing, strCmd = pnputil.exe -e.
[00000ABC] 2021-08-27 10:41:38     executeCommand: result = Microsoft PnP Utility



Published name :            oem0.inf

Driver package provider :   Microsoft

Class :                     Printers

Driver date and version :   06/21/2006 6.1.7600.16385

Signer name :               Microsoft Windows



Published name :            oem1.inf

Driver package provider :   Microsoft

Class :                     Printers

Driver date and version :   06/21/2006 6.1.7601.17514

Signer name :               Microsoft Windows



Published name :            oem2.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     Storage controllers

Driver date and version :   06/15/2012 6.0.2.56921

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem3.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   07/19/2011 5.9.960.49119

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem4.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   03/15/2012 6.0.2.54160

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem5.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     Network adapters

Driver date and version :   07/19/2011 5.9.960.49119

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem6.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   01/20/2012 6.0.2.52988

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem7.inf

Driver package provider :   Nmap Project

Class :                     Network Service

Driver date and version :   08/24/2020 22.8.45.719

Signer name :               



.
[00000ABC] 2021-08-27 10:41:38 <-- executeCommand
[00000ABC] 2021-08-27 10:41:38 --> getInfNamesFromPnpUtilOutput
[00000ABC] 2021-08-27 10:41:38     find: executing, strInfFileName = oem7.inf.
[00000ABC] 2021-08-27 10:41:38 <-- getInfNamesFromPnpUtilOutput
[00000ABC] 2021-08-27 10:41:38 --> executeCommand
[00000ABC] 2021-08-27 10:41:38     executeCommand: executing, strCmd = pnputil.exe -d oem7.inf.
[00000ABC] 2021-08-27 10:41:38     executeCommand: result = Microsoft PnP Utility



Deleting the driver package failed :One or more devices are presently installed using the specified INF.

.
[00000ABC] 2021-08-27 10:41:38 <-- executeCommand
[00000ABC] 2021-08-27 10:41:38 <-- ClearDriverStore
[00000ABC] 2021-08-27 10:41:38     _tmain: succeed, nStatus = 0.
[00000ABC] 2021-08-27 10:41:38 <-- wmain
[00000B04] 2021-08-27 10:41:38 --> wmain
[00000B04] 2021-08-27 10:41:38     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000B04] 2021-08-27 10:41:38     _tmain: executing, argv[1] = -n.
[00000B04] 2021-08-27 10:41:38     _tmain: executing, argv[2] = -iw.
[00000B04] 2021-08-27 10:41:38 --> InstallWFPCallout
[00000B04] 2021-08-27 10:41:38 --> GetWFPCalloutInfFilePath
[00000B04] 2021-08-27 10:41:38     lpFilename = C:\Program Files\Npcap\NPCAP_wfp.inf
[00000B04] 2021-08-27 10:41:38 <-- GetWFPCalloutInfFilePath
[00000B04] 2021-08-27 10:41:38 --> isFileExist
[00000B04] 2021-08-27 10:41:38     FindFirstFile: succeed, szFileFullPath = C:\Program Files\Npcap\NPCAP_wfp.inf.
[00000B04] 2021-08-27 10:41:38 <-- isFileExist
[00000B04] 2021-08-27 10:41:38     LaunchINFSectionEx: executing, szCmd = C:\Program Files\Npcap\NPCAP_wfp.inf,DefaultInstall,,36,N.
[00000B04] 2021-08-27 10:41:38 <-- InstallWFPCallout
[00000B04] 2021-08-27 10:41:38     _tmain: succeed, nStatus = 0.
[00000B04] 2021-08-27 10:41:38 <-- wmain
[00000B20] 2021-08-27 10:41:39 --> wmain
[00000B20] 2021-08-27 10:41:39     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000B20] 2021-08-27 10:41:39     _tmain: executing, argv[1] = -n.
[00000B20] 2021-08-27 10:41:39     _tmain: executing, argv[2] = -i.
[00000B20] 2021-08-27 10:41:39 --> InstallDriver
[00000B20] 2021-08-27 10:41:39 --> GetServiceInfFilePath
[00000B20] 2021-08-27 10:41:39     lpFilename = C:\Program Files\Npcap\NPCAP.inf
[00000B20] 2021-08-27 10:41:39 <-- GetServiceInfFilePath
[00000B20] 2021-08-27 10:41:39 --> InstallSpecifiedComponent
[00000B20] 2021-08-27 10:41:39 --> HrGetINetCfg
[00000B20] 2021-08-27 10:41:39 <-- HrGetINetCfg
[00000B20] 2021-08-27 10:41:39 --> HrInstallNetComponent
[00000B20] 2021-08-27 10:41:40     SetupCopyOEMInfW: error, errCode = 0xe0000242.
[00000B20] 2021-08-27 10:41:40 <-- HrInstallNetComponent
[00000B20] 2021-08-27 10:41:40     Error 0xe0000242: Couldn't install the network component.
[00000B20] 2021-08-27 10:41:40 --> HrReleaseINetCfg
[00000B20] 2021-08-27 10:41:40 <-- HrReleaseINetCfg
[00000B20] 2021-08-27 10:41:40 <-- InstallSpecifiedComponent
[00000B20] 2021-08-27 10:41:40     Error 0xe0000242: InstallSpecifiedComponent

[00000B20] 2021-08-27 10:41:40 <-- InstallDriver
[00000B20] 2021-08-27 10:41:40     _tmain: error, nStatus = -536870334.
[00000B20] 2021-08-27 10:41:40 <-- wmain
[00000B90] 2021-08-27 10:41:40 --> wmain
[00000B90] 2021-08-27 10:41:40     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000B90] 2021-08-27 10:41:40     _tmain: executing, argv[1] = -n.
[00000B90] 2021-08-27 10:41:40     _tmain: executing, argv[2] = -check_dll.
[00000B90] 2021-08-27 10:41:40 --> getInUseProcesses
[00000B90] 2021-08-27 10:41:40 --> enumProcesses
[00000B90] 2021-08-27 10:41:40 --> getNpcapPIDs
[00000B90] 2021-08-27 10:41:40 <-- getNpcapPIDs
[00000B90] 2021-08-27 10:41:40     enumDLLs::OpenProcess: error, errCode = 0x00000005, strProcessName = System, dwProcessID = 4.
[00000B90] 2021-08-27 10:41:40 <-- enumProcesses
[00000B90] 2021-08-27 10:41:40 <-- getInUseProcesses
[00000B90] 2021-08-27 10:41:40     _tmain: succeed, nStatus = 0.
[00000B90] 2021-08-27 10:41:40 <-- wmain
[00000BB0] 2021-08-27 10:41:40 --> wmain
[00000BB0] 2021-08-27 10:41:40     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000BB0] 2021-08-27 10:41:40     _tmain: executing, argv[1] = -n.
[00000BB0] 2021-08-27 10:41:40     _tmain: executing, argv[2] = -d.
[00000BB0] 2021-08-27 10:41:40 --> PacketIsServiceStopPending
[00000BB0] 2021-08-27 10:41:40     OpenService failed (0x00000424)
[00000BB0] 2021-08-27 10:41:40 <-- PacketIsServiceStopPending
[00000BB0] 2021-08-27 10:41:40     _tmain: error, nStatus = -1.
[00000BB0] 2021-08-27 10:41:40 <-- wmain
[00000BCC] 2021-08-27 10:41:40 --> wmain
[00000BCC] 2021-08-27 10:41:40     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000BCC] 2021-08-27 10:41:40     _tmain: executing, argv[1] = -n.
[00000BCC] 2021-08-27 10:41:40     _tmain: executing, argv[2] = -u.
[00000BCC] 2021-08-27 10:41:40 --> UninstallDriver
[00000BCC] 2021-08-27 10:41:40 --> HrGetINetCfg
[00000BCC] 2021-08-27 10:41:40 <-- HrGetINetCfg
[00000BCC] 2021-08-27 10:41:40     bWiFiService = 0.
[00000BCC] 2021-08-27 10:41:40     HrUninstallNetComponent: executing, szComponentId = INSECURE_NPCAP.
[00000BCC] 2021-08-27 10:41:40 --> HrUninstallNetComponent
[00000BCC] 2021-08-27 10:41:40     Error 0x1: Couldn't get an interface pointer to INSECURE_NPCAP.

Possible cause:

Incorrect function.


[00000BCC] 2021-08-27 10:41:40 <-- HrUninstallNetComponent
[00000BCC] 2021-08-27 10:41:40     Error 0x1: Couldn't uninstall the network component.

Possible cause:

Incorrect function.


[00000BCC] 2021-08-27 10:41:40 --> HrReleaseINetCfg
[00000BCC] 2021-08-27 10:41:40 <-- HrReleaseINetCfg
[00000BCC] 2021-08-27 10:41:40 <-- UninstallDriver
[00000BCC] 2021-08-27 10:41:40     _tmain: error, nStatus = -1.
[00000BCC] 2021-08-27 10:41:40 <-- wmain
[00000BE4] 2021-08-27 10:41:40 --> wmain
[00000BE4] 2021-08-27 10:41:40     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000BE4] 2021-08-27 10:41:40     _tmain: executing, argv[1] = -n.
[00000BE4] 2021-08-27 10:41:40     _tmain: executing, argv[2] = -uw.
[00000BE4] 2021-08-27 10:41:40 --> UninstallWFPCallout
[00000BE4] 2021-08-27 10:41:40 --> GetWFPCalloutInfFilePath
[00000BE4] 2021-08-27 10:41:40     lpFilename = C:\Program Files\Npcap\NPCAP_wfp.inf
[00000BE4] 2021-08-27 10:41:40 <-- GetWFPCalloutInfFilePath
[00000BE4] 2021-08-27 10:41:40 --> isFileExist
[00000BE4] 2021-08-27 10:41:40     FindFirstFile: succeed, szFileFullPath = C:\Program Files\Npcap\NPCAP_wfp.inf.
[00000BE4] 2021-08-27 10:41:40 <-- isFileExist
[00000BE4] 2021-08-27 10:41:40     LaunchINFSectionEx: executing, szCmd = C:\Program Files\Npcap\NPCAP_wfp.inf,DefaultUninstall,,36,N.
[00000BE4] 2021-08-27 10:41:41 <-- UninstallWFPCallout
[00000BE4] 2021-08-27 10:41:41     _tmain: succeed, nStatus = 0.
[00000BE4] 2021-08-27 10:41:41 <-- wmain
[00000810] 2021-08-27 10:41:41 --> wmain
[00000810] 2021-08-27 10:41:41     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000810] 2021-08-27 10:41:41     _tmain: executing, argv[1] = -n.
[00000810] 2021-08-27 10:41:41     _tmain: executing, argv[2] = -c.
[00000810] 2021-08-27 10:41:41 --> ClearDriverStore
[00000810] 2021-08-27 10:41:41 --> executeCommand
[00000810] 2021-08-27 10:41:41     executeCommand: executing, strCmd = pnputil.exe -e.
[00000810] 2021-08-27 10:41:41     executeCommand: result = Microsoft PnP Utility



Published name :            oem0.inf

Driver package provider :   Microsoft

Class :                     Printers

Driver date and version :   06/21/2006 6.1.7600.16385

Signer name :               Microsoft Windows



Published name :            oem1.inf

Driver package provider :   Microsoft

Class :                     Printers

Driver date and version :   06/21/2006 6.1.7601.17514

Signer name :               Microsoft Windows



Published name :            oem2.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     Storage controllers

Driver date and version :   06/15/2012 6.0.2.56921

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem3.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   07/19/2011 5.9.960.49119

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem4.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   03/15/2012 6.0.2.54160

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem5.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     Network adapters

Driver date and version :   07/19/2011 5.9.960.49119

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem6.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   01/20/2012 6.0.2.52988

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem7.inf

Driver package provider :   Nmap Project

Class :                     Network Service

Driver date and version :   08/24/2020 22.8.45.719

Signer name :               



.
[00000810] 2021-08-27 10:41:41 <-- executeCommand
[00000810] 2021-08-27 10:41:41 --> getInfNamesFromPnpUtilOutput
[00000810] 2021-08-27 10:41:41     find: executing, strInfFileName = oem7.inf.
[00000810] 2021-08-27 10:41:41 <-- getInfNamesFromPnpUtilOutput
[00000810] 2021-08-27 10:41:41 --> executeCommand
[00000810] 2021-08-27 10:41:41     executeCommand: executing, strCmd = pnputil.exe -d oem7.inf.
[00000810] 2021-08-27 10:41:41     executeCommand: result = Microsoft PnP Utility



Deleting the driver package failed :One or more devices are presently installed using the specified INF.

.
[00000810] 2021-08-27 10:41:41 <-- executeCommand
[00000810] 2021-08-27 10:41:41 <-- ClearDriverStore
[00000810] 2021-08-27 10:41:41     _tmain: succeed, nStatus = 0.
[00000810] 2021-08-27 10:41:41 <-- wmain
[000004FC] 2021-08-27 11:03:15 --> wmain
[000004FC] 2021-08-27 11:03:15     _tmain: executing, argv[0] = C:\Users\ADMINI~1\AppData\Local\Temp\2\nso5726.tmp\NPFInstall.exe.
[000004FC] 2021-08-27 11:03:15     _tmain: executing, argv[1] = -n.
[000004FC] 2021-08-27 11:03:15     _tmain: executing, argv[2] = -check_dll.
[000004FC] 2021-08-27 11:03:15 --> getInUseProcesses
[000004FC] 2021-08-27 11:03:15 --> enumProcesses
[000004FC] 2021-08-27 11:03:15 --> getNpcapPIDs
[000004FC] 2021-08-27 11:03:15 <-- getNpcapPIDs
[000004FC] 2021-08-27 11:03:15     enumDLLs::OpenProcess: error, errCode = 0x00000005, strProcessName = System, dwProcessID = 4.
[000004FC] 2021-08-27 11:03:15 <-- enumProcesses
[000004FC] 2021-08-27 11:03:15 <-- getInUseProcesses
[000004FC] 2021-08-27 11:03:15     _tmain: succeed, nStatus = 0.
[000004FC] 2021-08-27 11:03:15 <-- wmain
[000006A8] 2021-08-27 11:03:16 --> wmain
[000006A8] 2021-08-27 11:03:16     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[000006A8] 2021-08-27 11:03:16     _tmain: executing, argv[1] = -n.
[000006A8] 2021-08-27 11:03:16     _tmain: executing, argv[2] = -c.
[000006A8] 2021-08-27 11:03:16 --> ClearDriverStore
[000006A8] 2021-08-27 11:03:16 --> executeCommand
[000006A8] 2021-08-27 11:03:16     executeCommand: executing, strCmd = pnputil.exe -e.
[000006A8] 2021-08-27 11:03:16     executeCommand: result = Microsoft PnP Utility



Published name :            oem0.inf

Driver package provider :   Microsoft

Class :                     Printers

Driver date and version :   06/21/2006 6.1.7600.16385

Signer name :               Microsoft Windows



Published name :            oem1.inf

Driver package provider :   Microsoft

Class :                     Printers

Driver date and version :   06/21/2006 6.1.7601.17514

Signer name :               Microsoft Windows



Published name :            oem2.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     Storage controllers

Driver date and version :   06/15/2012 6.0.2.56921

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem3.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   07/19/2011 5.9.960.49119

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem4.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   03/15/2012 6.0.2.54160

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem5.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     Network adapters

Driver date and version :   07/19/2011 5.9.960.49119

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem6.inf

Driver package provider :   Citrix Systems, Inc.

Class :                     System devices

Driver date and version :   01/20/2012 6.0.2.52988

Signer name :               Microsoft Windows Hardware Compatibility Publisher



Published name :            oem7.inf

Driver package provider :   Nmap Project

Class :                     Network Service

Driver date and version :   08/24/2020 22.8.45.719

Signer name :               



.
[000006A8] 2021-08-27 11:03:16 <-- executeCommand
[000006A8] 2021-08-27 11:03:16 --> getInfNamesFromPnpUtilOutput
[000006A8] 2021-08-27 11:03:16     find: executing, strInfFileName = oem7.inf.
[000006A8] 2021-08-27 11:03:16 <-- getInfNamesFromPnpUtilOutput
[000006A8] 2021-08-27 11:03:16 --> executeCommand
[000006A8] 2021-08-27 11:03:16     executeCommand: executing, strCmd = pnputil.exe -d oem7.inf.
[000006A8] 2021-08-27 11:03:16     executeCommand: result = Microsoft PnP Utility



Deleting the driver package failed :One or more devices are presently installed using the specified INF.

.
[000006A8] 2021-08-27 11:03:16 <-- executeCommand
[000006A8] 2021-08-27 11:03:16 <-- ClearDriverStore
[000006A8] 2021-08-27 11:03:16     _tmain: succeed, nStatus = 0.
[000006A8] 2021-08-27 11:03:16 <-- wmain
[00000AB4] 2021-08-27 11:03:16 --> wmain
[00000AB4] 2021-08-27 11:03:16     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00000AB4] 2021-08-27 11:03:16     _tmain: executing, argv[1] = -n.
[00000AB4] 2021-08-27 11:03:16     _tmain: executing, argv[2] = -iw.
[00000AB4] 2021-08-27 11:03:16 --> InstallWFPCallout
[00000AB4] 2021-08-27 11:03:16 --> GetWFPCalloutInfFilePath
[00000AB4] 2021-08-27 11:03:16     lpFilename = C:\Program Files\Npcap\NPCAP_wfp.inf
[00000AB4] 2021-08-27 11:03:16 <-- GetWFPCalloutInfFilePath
[00000AB4] 2021-08-27 11:03:16 --> isFileExist
[00000AB4] 2021-08-27 11:03:16     FindFirstFile: succeed, szFileFullPath = C:\Program Files\Npcap\NPCAP_wfp.inf.
[00000AB4] 2021-08-27 11:03:16 <-- isFileExist
[00000AB4] 2021-08-27 11:03:16     LaunchINFSectionEx: executing, szCmd = C:\Program Files\Npcap\NPCAP_wfp.inf,DefaultInstall,,36,N.
[00000AB4] 2021-08-27 11:03:16 <-- InstallWFPCallout
[00000AB4] 2021-08-27 11:03:16     _tmain: succeed, nStatus = 0.
[00000AB4] 2021-08-27 11:03:16 <-- wmain
[000008A8] 2021-08-27 11:03:16 --> wmain
[000008A8] 2021-08-27 11:03:16     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[000008A8] 2021-08-27 11:03:16     _tmain: executing, argv[1] = -n.
[000008A8] 2021-08-27 11:03:16     _tmain: executing, argv[2] = -i.
[000008A8] 2021-08-27 11:03:16 --> InstallDriver
[000008A8] 2021-08-27 11:03:16 --> GetServiceInfFilePath
[000008A8] 2021-08-27 11:03:16     lpFilename = C:\Program Files\Npcap\NPCAP.inf
[000008A8] 2021-08-27 11:03:16 <-- GetServiceInfFilePath
[000008A8] 2021-08-27 11:03:16 --> InstallSpecifiedComponent
[000008A8] 2021-08-27 11:03:16 --> HrGetINetCfg
[000008A8] 2021-08-27 11:03:16 <-- HrGetINetCfg
[000008A8] 2021-08-27 11:03:16 --> HrInstallNetComponent
[000008A8] 2021-08-27 11:04:16     bWiFiService = 0.
[000008A8] 2021-08-27 11:04:16     HrInstallComponent: executing, szComponentId = INSECURE_NPCAP.
[000008A8] 2021-08-27 11:04:16 --> HrInstallComponent
[000008A8] 2021-08-27 11:04:17 <-- HrInstallComponent
[000008A8] 2021-08-27 11:04:17 <-- HrInstallNetComponent
[000008A8] 2021-08-27 11:04:17 --> HrReleaseINetCfg
[000008A8] 2021-08-27 11:04:17 <-- HrReleaseINetCfg
[000008A8] 2021-08-27 11:04:17 <-- InstallSpecifiedComponent
[000008A8] 2021-08-27 11:04:17 <-- InstallDriver
[000008A8] 2021-08-27 11:04:17     _tmain: succeed, nStatus = 0.
[000008A8] 2021-08-27 11:04:17 <-- wmain
@akontsevoy akontsevoy changed the title Npcap OEM 1.50: Driver install warning/prompt on WS2008R2; silent install fails (redux) Npcap OEM 1.50: Driver install warning/prompt on WS2008R2; silent install fails (redux); driver fails to start Aug 27, 2021
@dmiller-nmap
Copy link
Contributor

@dmiller-nmap dmiller-nmap commented Aug 30, 2021

Thanks for reporting this. As mentioned in #233 (comment), we are working to ensure the certificates in the trust chain are added to the proper trust stores on the target computer, which reportedly resolves the issue. We expect to have a release that resolves this issue within the next week or so.

@akontsevoy
Copy link
Author

@akontsevoy akontsevoy commented Sep 2, 2021

@dmiller-nmap But the certificate issue seems to be only half of the problem; even if the driver warning is accepted and the driver is installed, it then fails to start on WS2008R2 with The parameter is incorrect.. I've seen such a problem before when trying to install drivers written for later NT versions onto earlier NT versions; it suggests you are probably using some API that's not supported in NT 6.1. (Which doesn't make sense to me, given that you ship separate/older drivers for NT 6.1 anyways -- but I get what I get.)

@guyharris
Copy link

@guyharris guyharris commented Sep 2, 2021

it suggests you are probably using some API that's not supported in NT 6.1.

Is there any way, e.g. from NPFInstall.log, to determine which call that is?

@akontsevoy
Copy link
Author

@akontsevoy akontsevoy commented Sep 3, 2021

Not really (NPFInstall.log included above); sc.exe start npcap only outputs the error code, and so does event log:

The Npcap Packet Driver (NPCAP) service failed to start due to the following error: 
The parameter is incorrect.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> 
  <EventID Qualifiers="49152">7000</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8080000000000000</Keywords> 
  <TimeCreated SystemTime="2021-09-03T00:41:30.199104800Z" /> 
  <EventRecordID>82008</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="480" ThreadID="1628" /> 
  <Channel>System</Channel> 
  <Computer>[redacted]</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="param1">Npcap Packet Driver (NPCAP)</Data> 
  <Data Name="param2">%%87</Data> 
  </EventData>
  </Event>

So I can only assume that's what gets returned by the DriverEntry function (NTSTATUS equivalent).

Npcap has been installed with the following command line: npcap-1.50-oem.exe /loopback_support=no /admin_only=yes /dot11_support=no /winpcap_mode=no

Service registry entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000018
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,70,63,\
  61,70,2e,73,79,73,00
"DisplayName"="Npcap Packet Driver (NPCAP)"
"Group"="NDIS"
"Description"="Npcap Packet Driver (NPCAP)"
"NdisMajorVersion"=dword:00000006
"NdisMinorVersion"=dword:00000014

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,34,41,45,36,42,35,35,43,2d,36,44,44,\
  36,2d,34,32,37,44,2d,41,35,42,42,2d,31,33,35,33,35,44,34,42,45,39,32,36,7d,\
  00,5c,44,65,76,69,63,65,5c,7b,36,36,39,37,33,45,35,30,2d,43,46,34,34,2d,34,\
  36,41,37,2d,41,44,38,36,2d,30,46,33,36,39,44,33,30,41,43,41,32,7d,00,5c,44,\
  65,76,69,63,65,5c,7b,46,39,33,45,42,37,38,36,2d,38,39,36,38,2d,34,33,43,35,\
  2d,42,43,35,38,2d,35,34,44,38,37,33,38,35,30,36,30,45,7d,00,5c,44,65,76,69,\
  63,65,5c,7b,36,41,31,36,45,44,45,42,2d,32,34,44,46,2d,34,31,36,41,2d,42,34,\
  32,37,2d,43,45,44,38,38,45,46,43,41,30,30,36,7d,00,5c,44,65,76,69,63,65,5c,\
  7b,44,44,32,46,34,38,30,30,2d,30,44,45,42,2d,34,41,39,38,2d,41,33,30,32,2d,\
  30,37,37,37,43,42,39,35,35,44,43,31,7d,00,5c,44,65,76,69,63,65,5c,7b,46,42,\
  34,37,34,45,36,43,2d,46,39,33,46,2d,34,38,34,38,2d,39,34,35,45,2d,38,36,37,\
  38,30,44,32,41,39,38,39,37,7d,00,5c,44,65,76,69,63,65,5c,7b,30,36,42,34,33,\
  43,31,31,2d,38,36,30,45,2d,34,37,31,32,2d,41,36,39,46,2d,41,37,32,31,42,37,\
  43,33,39,36,36,34,7d,00,5c,44,65,76,69,63,65,5c,4e,64,69,73,57,61,6e,49,70,\
  00,5c,44,65,76,69,63,65,5c,4e,64,69,73,57,61,6e,42,68,00,5c,44,65,76,69,63,\
  65,5c,4e,64,69,73,57,61,6e,49,70,76,36,00,00
"Route"=hex(7):22,7b,34,41,45,36,42,35,35,43,2d,36,44,44,36,2d,34,32,37,44,2d,\
  41,35,42,42,2d,31,33,35,33,35,44,34,42,45,39,32,36,7d,22,00,22,7b,36,36,39,\
  37,33,45,35,30,2d,43,46,34,34,2d,34,36,41,37,2d,41,44,38,36,2d,30,46,33,36,\
  39,44,33,30,41,43,41,32,7d,22,00,22,7b,46,39,33,45,42,37,38,36,2d,38,39,36,\
  38,2d,34,33,43,35,2d,42,43,35,38,2d,35,34,44,38,37,33,38,35,30,36,30,45,7d,\
  22,00,22,7b,36,41,31,36,45,44,45,42,2d,32,34,44,46,2d,34,31,36,41,2d,42,34,\
  32,37,2d,43,45,44,38,38,45,46,43,41,30,30,36,7d,22,00,22,7b,44,44,32,46,34,\
  38,30,30,2d,30,44,45,42,2d,34,41,39,38,2d,41,33,30,32,2d,30,37,37,37,43,42,\
  39,35,35,44,43,31,7d,22,00,22,7b,46,42,34,37,34,45,36,43,2d,46,39,33,46,2d,\
  34,38,34,38,2d,39,34,35,45,2d,38,36,37,38,30,44,32,41,39,38,39,37,7d,22,00,\
  22,7b,30,36,42,34,33,43,31,31,2d,38,36,30,45,2d,34,37,31,32,2d,41,36,39,46,\
  2d,41,37,32,31,42,37,43,33,39,36,36,34,7d,22,00,22,4e,64,69,73,57,61,6e,49,\
  70,22,00,22,4e,64,69,73,57,61,6e,42,68,22,00,22,4e,64,69,73,57,61,6e,49,70,\
  76,36,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,6e,70,63,61,70,5f,7b,34,41,45,36,42,35,\
  35,43,2d,36,44,44,36,2d,34,32,37,44,2d,41,35,42,42,2d,31,33,35,33,35,44,34,\
  42,45,39,32,36,7d,00,5c,44,65,76,69,63,65,5c,6e,70,63,61,70,5f,7b,36,36,39,\
  37,33,45,35,30,2d,43,46,34,34,2d,34,36,41,37,2d,41,44,38,36,2d,30,46,33,36,\
  39,44,33,30,41,43,41,32,7d,00,5c,44,65,76,69,63,65,5c,6e,70,63,61,70,5f,7b,\
  46,39,33,45,42,37,38,36,2d,38,39,36,38,2d,34,33,43,35,2d,42,43,35,38,2d,35,\
  34,44,38,37,33,38,35,30,36,30,45,7d,00,5c,44,65,76,69,63,65,5c,6e,70,63,61,\
  70,5f,7b,36,41,31,36,45,44,45,42,2d,32,34,44,46,2d,34,31,36,41,2d,42,34,32,\
  37,2d,43,45,44,38,38,45,46,43,41,30,30,36,7d,00,5c,44,65,76,69,63,65,5c,6e,\
  70,63,61,70,5f,7b,44,44,32,46,34,38,30,30,2d,30,44,45,42,2d,34,41,39,38,2d,\
  41,33,30,32,2d,30,37,37,37,43,42,39,35,35,44,43,31,7d,00,5c,44,65,76,69,63,\
  65,5c,6e,70,63,61,70,5f,7b,46,42,34,37,34,45,36,43,2d,46,39,33,46,2d,34,38,\
  34,38,2d,39,34,35,45,2d,38,36,37,38,30,44,32,41,39,38,39,37,7d,00,5c,44,65,\
  76,69,63,65,5c,6e,70,63,61,70,5f,7b,30,36,42,34,33,43,31,31,2d,38,36,30,45,\
  2d,34,37,31,32,2d,41,36,39,46,2d,41,37,32,31,42,37,43,33,39,36,36,34,7d,00,\
  5c,44,65,76,69,63,65,5c,6e,70,63,61,70,5f,4e,64,69,73,57,61,6e,49,70,00,5c,\
  44,65,76,69,63,65,5c,6e,70,63,61,70,5f,4e,64,69,73,57,61,6e,42,68,00,5c,44,\
  65,76,69,63,65,5c,6e,70,63,61,70,5f,4e,64,69,73,57,61,6e,49,70,76,36,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters]
"NdisImPlatformBindingOptions"=dword:00000000
"LoopbackSupport"=dword:00000001
"DltNull"=dword:00000001
"Edition"="Npcap OEM"
"AdminOnly"=dword:00000001
"Dot11Support"=dword:00000000
"VlanSupport"=dword:00000000
"WinPcapCompatible"=dword:00000000
"DefaultFilterSettings"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{06B43C11-860E-4712-A69F-A721B7C39664}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{06B43C11-860E-4712-A69F-A721B7C39664}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{4AE6B55C-6DD6-427D-A5BB-13535D4BE926}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{4AE6B55C-6DD6-427D-A5BB-13535D4BE926}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{5356FE17-48EE-4A7A-BECE-645E20060A52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{5356FE17-48EE-4A7A-BECE-645E20060A52}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{66513FCE-F1B9-480C-B278-3DD588D5D452}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{66513FCE-F1B9-480C-B278-3DD588D5D452}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{66973E50-CF44-46A7-AD86-0F369D30ACA2}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{66973E50-CF44-46A7-AD86-0F369D30ACA2}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{6A16EDEB-24DF-416A-B427-CED88EFCA006}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{6A16EDEB-24DF-416A-B427-CED88EFCA006}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{DD2F4800-0DEB-4A98-A302-0777CB955DC1}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{DD2F4800-0DEB-4A98-A302-0777CB955DC1}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{F4373218-ED19-4F3D-8DB4-982009ED86B7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{F4373218-ED19-4F3D-8DB4-982009ED86B7}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{F93EB786-8968-43C5-BC58-54D87385060E}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{F93EB786-8968-43C5-BC58-54D87385060E}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{FB474E6C-F93F-4848-945E-86780D2A9897}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\Adapters\{FB474E6C-F93F-4848-945E-86780D2A9897}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{06B43C11-860E-4712-A69F-A721B7C39664}]
"InterfaceGuid"=hex:3c,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{4AE6B55C-6DD6-427D-A5BB-13535D4BE926}]
"InterfaceGuid"=hex:34,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{5356FE17-48EE-4A7A-BECE-645E20060A52}]
"InterfaceGuid"=hex:39,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{66513FCE-F1B9-480C-B278-3DD588D5D452}]
"InterfaceGuid"=hex:38,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{66973E50-CF44-46A7-AD86-0F369D30ACA2}]
"InterfaceGuid"=hex:3a,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{6A16EDEB-24DF-416A-B427-CED88EFCA006}]
"InterfaceGuid"=hex:36,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{DD2F4800-0DEB-4A98-A302-0777CB955DC1}]
"InterfaceGuid"=hex:33,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{F4373218-ED19-4F3D-8DB4-982009ED86B7}]
"InterfaceGuid"=hex:37,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{F93EB786-8968-43C5-BC58-54D87385060E}]
"InterfaceGuid"=hex:35,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Parameters\NdisAdapters\{FB474E6C-F93F-4848-945E-86780D2A9897}]
"InterfaceGuid"=hex:3b,fa,13,f8,22,07,ec,11,86,74,02,84,6b,94,3d,39

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npcap\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
"INITSTARTFAILED"=dword:00000001

@akontsevoy
Copy link
Author

@akontsevoy akontsevoy commented Sep 10, 2021

Update: both issues still persist as of 1.55; that is, driver installation still throws a warning (and fails in silent mode), or if forced, the installed driver fails to start (same error 87).
Using the /prior_driver option (install driver from version 1.31) does not remediate the first problem, that is driver installation still throws a warning (and fails in silent mode). It does, however, remediate the second problem: if the driver is forced to install, it works.

Therefore, the second problem (driver failing to start on NT 6.1) was introduced in 1.31<version<=1.50 (probably in 1.40). If I had to guess, it's those registry access changes in Packet.c.

The first problem (driver install warning) was probably introduced when you changed your code signing CA (again). As I mentioned in #107, it's not about certificates not being installed in the trusted root store (tried that -- didn't fix the problem, not for NT 6.1), nor is it about SHA256 signatures being used (I do have SHA256 patches installed). It's something else that's different about your old CA and new CA; we need to figure out what exactly. Whatever it is, it readily reproduces on (for example) Racemi WS2008R2 images in AWS EC2 (even after installing SHA256 patches and the rest of Windows updates). Perhaps we are installing root CAs into the wrong store? (Is there a separate trusted CA store for driver code signing as opposed to user code signing?) Can you maybe get in touch with your new CA or with Microsoft and have them shed some light on why one CA works and the other doesn't, despite all the steps taken?

@dmiller-nmap
Copy link
Contributor

@dmiller-nmap dmiller-nmap commented Sep 13, 2021

The problem is most likely that the MS kernel-mode code signing cross-certificate for our CA expired 30 minutes before we signed the drivers for Npcap 1.31. Microsoft's official policy is that only drivers signed through the WHQL certification process can be installed on Windows now, though for some reason none of our own tests showed this to be a problem. This is the issue that the /prior_driver option was intended to work around, though apparently it did not because we were 30 minutes late on that driver. I would guess that Npcap 1.31 installer also exhibits the same issue.

The issue of the driver not starting is again not something that showed up in our testing, but I believe it is due to changing our NX pool opt-in mechanism. Windows 6.1 does not support no-execute (NX) nonpaged memory allocations, but later versions do. When we shipped a single binary Windows 7 through 8.1, we used the POOL_NX_OPTIN method to use NX pool on systems that support it by doing a runtime check. When we separated the Windows 7 driver into its own binary, we changed opt-in mechanisms, but code analysis was misidentifying some things, so after several iterations of changes we ended up with a build that attempts to make allocations from the NX pool even on Windows 7 (6.1). This is most likely the cause of the driver failing to start. This should have been caught in our testing, but we have not observed it, and I do not have a good explanation.

The signature issue falls under #237, so we can discuss it there. We will continue using this issue to track the driver start failure problem.

@dmiller-nmap dmiller-nmap changed the title Npcap OEM 1.50: Driver install warning/prompt on WS2008R2; silent install fails (redux); driver fails to start Npcap OEM 1.50: driver fails to start on Windows 7/Server 2008 R2 Dec 6, 2021
@dmiller-nmap
Copy link
Contributor

@dmiller-nmap dmiller-nmap commented Dec 7, 2021

This issue is fixed in Npcap 1.60. For discussion of the driver install warning/prompt, see #237.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants