Nmap Development: Wireshark's WinPcap Detection (original) (raw)

nmap-dev logo

Nmap Developmentmailing list archives

From: Rob Nicholls <robert () robnicholls co uk>
Date: Wed, 04 Nov 2009 16:15:31 +0000

I noticed that Wireshark's installer doesn't detect that WinPcap has already been installed if I use the Nmap version of the WinPcap installer. I grabbed Wireshark's source code and spotted that they're checking the following keys:

ReadRegStr $WINPCAP_NAME HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayName" ReadRegStr $WINPCAP_VERSION HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayVersion"

They seem to be checking the "WinPcapInst registry" key for the version of WinPcap. This is fine if people use the official installer, which creates these keys, but not so good for a custom installer like ours (additionally, we don't currently create the DisplayVersion value) that's using a different key ("winpcap-nmap"). So the question is do we modify our installer to create the same registry keys (and potentially step on their toes)? Or do we assume that people installing tools like Wireshark will either skip it because they know they already have WinPcap installed/let the official installer prompt them for a force install over the top?

If we do decide to create the same keys as the official WinPcap installer, it complicates our silent installer (but I can probably add another registry value that still lets us identify our own installs).

Rob

Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/

Current thread: