Winpcap Download Last Version

0 views
Skip to first unread message

Otelo Lazcano

unread,
Jan 21, 2024, 12:46:34 PM1/21/24
to gahandwinscler

The question is as above - I want to remove the old version of WinPcap. But other questions that could help me are, how does a program check for previous versions? Is there something else I should be searching for in the registry? Is there a way to find out which program is using winpcap? Is there a way to see if any programs have a dependency on winpcap? Any leads would be greatly appreciated.

Moreover, due to the lack of the NetMon COM component on the 64bit version of Windows, dialup adapters are not supported.

  • wpcap.dll has been updated to libpcap 0.9.4 from
  • Added a patch file containing the patches for remote capture against the vanilla libpcap sources.
  • Better error handling in the installer.
  • Applied some patches to the bpf_filter and verifier (from Guy Harris):
    • BPF programs with no instructions
    • BPF_STX and BPF_LDXBPF_MEM instructions that have out-of-range offsets (which could be made to fetch or store into arbitrary memory locations);
    • BPF_DIV instructions with a constant 0 divisor (that's a check also done at run time).
    • In addition, it makes the k field in BPF instructions unsigned, as it is in other BPF interpreters
  • Enabled PREFast (static code analysis tool from the Microsoft DDK) on the x86 build of the driver.
  • Bug fixing:
    • Added a patch in PacketGetAdapterNames() to set the last error to ERROR_INSUFFICIENT_BUFFER if the buffer passed to the function is too small. Modified pcap_findalldevs() so that it correctly handles this situation.
    • Fixed a bug in PacketGetAdapterNames(): the requested buffer size to correctly return all the adapter names was wrongly computed (overestimated of 3-4 bytes)
    • Fixed a problem while listing the adapters under Win9x: if the key HKLM\System\CurrentControlSet\Services\Class\Net\ did not contain an NDIS key, the code was going into an infinite loop.
    • Minor fixes the documentation.
    • Fixed the prototype for the JITted BPF filter function under x86; thanks to this patch, we no longer need to manually fix the stack pointer after the JITted function returns.
Version 3.1, 5 aug 05
  • New installation script based on theNSIS installer. The new installer should be able to detect any previous version of WinPcap, remove it on request and install the new version, decreasing the number of situations in which a reboot is necessary. Moreover, by connecting to the WinPcap website, the installer is able to tell the user if more recent versions of WinPcap are available.
  • wpcap.dll has been updated to libpcap 0.9.3 from
  • General cleanup of the documentation (now aligned to libpcap 0.9.3).
  • Modified the documentation, so that packet.dll is no longer available in the standard developer's pack.
  • Added to the developer's pack a set of libpcap-compatible samples, suitable to be compiled against vanilla libpcap
  • Exported the following new functions from wpcap.dll: pcap_list_datalinks() and pcap_dump_ftell().
  • Removed pcap_file() from the exports because of incompatibilities with the Microsoft C runtime (CRT).
  • General cleanup of the existing samples.
  • Renamed the NdisWanAdapter to GenericDialupAdapter, to make the use of this adapter more clear for the users.
  • Removed some useless files in the source tree and in the documentation.
  • Bug fixing:
    • Fixed several bugs in the kernel BPF filter function when the packet is stored into two not contiguous buffers. This bug shows up as missing packets in the capture while the machine is using personal firewalls and certain antivirus softwares.
    • Fixed a problem related to the NetMon COM component initialization. This bug caused random access violation errors while listing the adapters.
    • Removed a duplicated initialization of an event in the driver.
    • Added a check in packet.dll that prevents listing and opening of FireWire adapters, since they have a broken interface with NDIS and can cause blue screens.
    • Fixed a memory leak in PacketGetAdaptersIPH().
    • Fixed a check that could cause PacketSendPackets() to crash packet.dll.
    • Minor fixes.
Version 3.1 beta4, 4 nov 04
  • wpcap.dll has been updated to libpcap 0.8.3 from
  • Added a note in the documentation that states that the kernel dump feature is disabled due to incompatibilities with the new kernel buffer.
  • Minor fixes to the documentation.
  • Removed some useless files.
  • Bug fixing:
    • Fixed a bug related to COM initialization in WanPacket.dll, by which WanAdapters were not working correctly if the calling thread was using COM with a different threading model.
    • Fixed a problem in AddAdapterIPH(), by which no adapter was actually added with this function because of a UNICODE/ASCII mismatch. Basically, AddAdapterIPH() received an ASCII adapter name, and tried to open it with PacketOpenAdapterNPF(), which accepts UNICODE strings, only.
    • Fixed a bug in the remote capture code due to concurrency issues when spawning a new thread.
    • Fixed a problem related to the generation of grammar files with flex in the CygWin makefile.
    • Fixed a couple of memory leaks in PacketGetAdapterNames(). PacketGetAdapterNames() seems to be still leaky, but the source of the leak seems to be a leaky API in the Microsoft IpHelperAPI, at least on WinXP SP1.
    • Added some code that frees the global list of adapters when packet.dll is unloaded (i.e. when DllMain() is called with DLL_PROCESS_DETACH).
    • Fixed a bug that caused the adapters not to be listed on terminal services. The bug was caused by the lack of the "\\global" prefix in front of the adapter names.
    • Fixed a bug related to adapter opening in the pcap_filter example. Fixed the usage string that was wrong.
    • Fixed a bug in the JIT code of the driver that could potentially cause a BSOD if two threads try to set a filter (that will be jitted) at the same time.
    • Fixed a bug by which the driver fails to return any packet with a read after an IOCTL_SETBUFFER has changed the buffer size. The bug is due to some missing counter resets.
    • Fixed some debugging messages in the NT driver that were not macroed with IF_LOUD.
Version 3.1 beta3, 15 may 04
  • Bug fixing:
    • Fixed a bug related to device listing if TCP/IP is not installed: on 2000/XP if TCP is not installed, it reported "you must install TCP/IP", and this was plain wrong.
    • Added PacketSetSnapLen() under Win9x. Without this function, wpcap.dll fails to load on Win9x.
    • PacketGetAdapterNames() has been rewritten under Win9x, in order to comply to the correct behavior specified in the documentation.
Version 3.1 beta2, 3 may 04
  • Added some code to show a fake NdisWan adapter, useful to capture LCP/NCP packets. This adapter is always listed on 2000/XP/2003 (if you have enough privileges), even if you don't have any PPP/VPN/... connection established.
  • Added a check in the installer, so that the installation fails if you don't have administrator privileges.
  • Added a check so that NdisWan adapters (PPP, VPN, ...) are listed only if you can capture from them.
  • Added a new sample program, which gets the MAC address of an interface using packet.dll
  • Modified the access to the global list of adapters in packet.dll under NT4/2000/XP/2003. Now packet.dll should be thread-safe.
  • Bug fixing:
    • fixed some resource leaks in the remote capture daemon (rpcapd).
    • fixed a couple of resource leaks in packet.dll.
    • fixed some meaningless last error messages set by PacketOpenAdapter() (e.g. "The operation completed successfully").
    • fixed a shortcoming in pcap_findalldevs(), by which the adapters where not listed if they couldn't fit into a 8kB buffer.
    • fixed a memory leak in pcap_lookupdev().
    • fixed some bugs related to adapters listing:
      • some adapters were not listed, especially if some registry keys are messed up.
      • in some situations the listing failed with the message "Attempt to release a mutex not owned by caller"
      • if PacketGetAdapterNames() failed, it returned the wrong number of needed bytes for the input buffer.
    • fixed a buffer overrun in npf.sys that caused crashes (BSODs) when there are too many adapters in the registry.
    • fixed a bug in npf.sys that caused blue screens (BSODs) when you try to send "jumbo" packets, i.e. packets bigger than the maximum frame size for the selected link type.
    • minor bug fixes.
Version 3.1 beta, 3 feb 04
  • Support for capture on NdisWan, with the following features:
    • Based on the NetMon API, does NOT use NPF.sys
    • Works with PPP (dial-up) and VPN links
    • Works on Windows 2000 and XP, only
    • Packet transmission is not supported
    • Packet filtering is done at user level
  • wpcap.dll has been updated to libpcap 0.8.1 from
  • Support for DAG cards, based on the Windows version of the 2.5 Endace Dag driver.
  • The method used by the driver to timestamp packets can now be changed without recompiling the driver, modifying a registry key:
    HKLM\System\CurrentControlSet\Services\NPF\TimestampMode
    Possible values are
    • 0 (default) -> Timestamps generated through KeQueryPerformanceCounter, less reliable on SMP/HyperThreading machines, precision = some microseconds
    • 2 -> Timestamps generated through KeQuerySystemTime, more reliable on SMP/HyperThreading machines, precision = scheduling quantum (10/15 ms)
    • 3 -> Timestamps generated through the i386 instruction RDTSC, less reliable on SMP/HyperThreading/SpeedStep machines, precision = some microseconds
  • The driver is now started by the SCM with GENERIC_READ privileges rather than ALL_ACCESS. This allows not-administrator users to start and run WinPcap.
  • Changes to the wpcap.dll API:
    • pcap_findalldevs() and pcap_findalldevs_ex() return IPv6 addresses
    • pcap_findalldevs_ex() is now able to list local adapters, remote adapters, and the list of capture files present in a given folder.
  • Changes/additions to the Packet.dll API:
    • The code to gather interface information has been mostly rewritten, in order to be more modular and source independent. IP Helper API is now used in addition to registry scanning.
    • PacketGetNetInfoEx() now returns IPv6 addresses besides IPv4 ones.
    • modified the format of the npf_if_addr structure, that PacketGetNetInfoEx() uses to return the network address of an interface. In order to provide enough space for an IPv6 address, npf_if_addr is now made of three struct sockaddr_storage rather than three structsockaddr. Since the former is 128 bytes while the latter is 16 bytes, old applications will not be compatible with the new PacketGetNetInfoEx().
    • PacketGetAdapterNames() now returns the names of the adapter in ASCII rather than in Unicode. Since the main purpose of PacketGetAdapterNames() is feeding data to pcap_findalldevs() and since pcap_findalldevs() needs ASCII names, the new PacketGetAdapterNames() avoids a conversion in wpcap.dll and uniforms the data format with the one of Windows 9x (this potentially simplifies the code of the applications). As a consequence of this modification, old applications won't work properly with the new PacketGetAdapteNames() on NT/2k/XP/2k3.
    • PacketOpenAdapter() now takes an ascii adapter rather than a UNICODE one. This is a consequence of the fact that PacketGetAdapterNames() returns ASCII strings: they can be immediately passed to PacketOpenAdapter(). (note: internal conversion is provided so that a UNICODE adapter name will be correctly opened, however the prototype changes and this could generate warning when compiling old applications).
    • For the same reason, PacketGetNetInfoEx() takes an ASCII adapter string rather than a UNICODE one. Internal conversion is provided for backward compatibility in this case, too.
    • PacketGetVersion() now retrieves the version number from the dll binary.
    • Added a PacketGetDriverVersion() function that returns the version number of NPF.sys.
    • The structure NetTypehas been modified to support link layers faster than 4 gigabits: the size of the LinkSpeed field is now 64 bits instead of 32 bits. This impacts on the PacketGetNetType() function too. As a consequence of this modification, old applications won't work properly with the new PacketGetNetType().
  • Packet sampling
    • added the capability to perform packet sampling instead of just packet capture. This feature can be turned on through the new pcap_setsampling() function.
    • This feature is available on local captures, offline captures, and remote captures.
    • Please note that this feature is highly experimental.
  • Remote capture
    • Improved support on FreeBSD and Linux.
    • Fixed a bug in UDP data trasfer
    • Support for packet sampling (only if the remote daemon runs on a Win32 machine; it does not work on Linux and FreeBSD).
  • Updated the documentation
    • Many examples have been rewritten in order to use the new pcap_open() and pcap_findalldevs_ex() functions.
Version 3.01 alpha , 13 jun 03
  • Modified interface for function pcap_findalldevs_ex in order to support local files listing
  • pcap_findalldevs_ex supports local device, remote device, and local file listing
  • Updated makefiles in order to compile on UNIX
  • Support for remote capture (and remote daemon) in Linux and BSD (in addiction to Win32)
  • Simplified architecture for the remote capture; now pthreads are needed only by the rpcapd daemon; standard libpcap does no longer need phtreads
  • Added initial support for remote packet sampling (local packet sampling is still to be done)
  • pcap_fileno returns a valid description also in case of a remote capture, so that the 'select()' function can be used to check if packets are waiting to be read
  • Improved docs
  • Started modifying the Developer's Pack examples in order to use the new system calls (pcap_open, pcap_findalldevs_ex, etc), although this process has not been completed
  • Bug fixing:
    • Fixed a bug that prevented the remote capture (active mode) working in Windows XP
    • Fixed a bug that caused the driver not to list any adapter under NT4/2k/XP/2k3.
Version 3.0 , 10 apr 03
  • pcap_read_ex API
    • We have changed the name of this API to pcap_next_ex. The signature of this API is the same as the old one (pcap_read_ex).
  • Bug fixing:
    • fixed a bug that caused a kernel memory leak when pcap_setbuff is called repeatedly on the same adapter
    • fixed a bug that caused pcap_setbuff to fail if the buffer is too small
    • fixed a bug in the win9x driver that could cause an infinite loop
    • added some sanity checks to prevent system instability during packet generation
    • several minor fixes (thanks to Dave Korn)
Version 3.0 beta, 10 feb 03
  • New features of the NPF device driver:
    • support for SMP machines
    • kernel buffering rewritten from scratch to support SMP machines
    • remote capture.
  • Bug fixing:
    • fixed a bug related to Terminal Services
  • NdisWan support:
    • due to the large number of messages reporting problems (blue screens) with VPNs, PPTP and such connections, we have disabled the support for NdisWan adapters. As a consequence, it is not possible to capture from PPP (neither NdisWanIp, nor NdisWanBh, nor NdisWanBfIn/Out...). At the moment we have no plans to fix the problem with VPNs, PPTP, PPP unless we get a generous sponsorship.
NOTE:: due to some problems with the new kernel buffer, the "kernel-dump" feature (dump to disk directly from kernel mode) has been disabled at the moment.

winpcap download last version


Download ---> https://t.co/J0WhHTHVgR



df19127ead
Reply all
Reply to author
Forward
0 new messages