IPB

Welcome Guest ( Log In | Register )

Recommended
BootDisk.com

Active Users

2 Pages V   1 2 >  
Reply to this topicStart new topic
Can anybody describe how to install WinPcap?
AlBundy
post Aug 18 2008, 07:29 PM
Post #1


Member
**

Group: Members
Posts: 16
Thank(s): 0
Joined: 3-August 08
Member No.: 17,084


Germany


Hi @all,

I want to use Wireshark and Cain&Abel on my VistaPE-DVD.
Therefore I have created a script to install WinPcap but unfortunately it does not work correctly. :-(

1. I have to copy the drivers to Windows\System32
2. install and start the driver (maybe both view startmenu-entry)

To 1.: I copy the files to %BaseSRC%\Windows\System32 - but I can not find it on DVD. :-/
To 2.: Because of 1. I can't test it. :-)

Maybe someone can help me.

Thanks

Al

Here is the script:
CODE
[main]
Title=WinPcap 4.0.2
Description=
Selected=True
Level=5
Version=1
Author=Hawk
Date=2008-08-02
Contact=

[variables]
%ProgramFolder%=WinPcap
%ProgramEXE%=
%ProgramTitle%=
%StartMenuAppGroup%=
%DownloadURL%=http://www.winpcap.org/install/bin/WinPcap_4_0_2.exe
%Filename%=WinPcap_4_0_2.exe
%ArchiveSubDir%=

[Process]
Echo,Processing %ProgramTitle%...
# download
Run,%ScriptFile%,Download,%DownloadURL%,%Filename%
# extract
Run,%ScriptFile%,Extract,%Filename%
DirDelete,%ScriptDir%\%ProgramFolder%\$R0
DirDelete,%ScriptDir%\%ProgramFolder%\$PLUGINSDIR
DirDelete,%ScriptDir%\%ProgramFolder%\$TEMP
DirCopy,%ScriptDir%\%ProgramFolder%\$SYSDIR\*,%ScriptDir%\%ProgramFolder%
DirDelete,%ScriptDir%\%ProgramFolder%\$SYSDIR
# registry-settings
Run,%ScriptFile%,RegistrySettings
# copy
#CopyProgram,"%ScriptDir%\%ProgramFolder%"
DirCopy,%ScriptDir%\%ProgramFolder%\*,%BootSRC%\Windows\System32
# cleanup
DirDelete,"%ScriptDir%\%ProgramFolder%"

[Download]
If,ExistFile,"%ScriptDir%\#2",If,%pCheckBox1%,Equal,True,FileDelete,"%ScriptDir%\#2"
WebGetIfNotExist,"#1","%ScriptDir%\#2"

[Extract]
If,#2,Equal,"",Set,%OutputFolder%,"%ProgramFolder%"
If,#2,NotEqual,"",Set,%OutputFolder%,"#2"
ShellExecute,Hide,"%Tools%\7z.exe","x -y -o#$q%ScriptDir%\%OutputFolder%#$q #$q%ScriptDir%\#1#$q"
If,%ArchiveSubDir%,NotEqual,"",If,ExistDir,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%",DirMove,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%\*","%ScriptDir%\%OutputFolder%"
If,%ArchiveSubDir%,NotEqual,"",If,ExistDir,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%",DirDelete,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%"

[RegistrySettings]
#Software.AddReg = HKLM\Software
#SetupReg.AddReg = HKLM\System
#Default.AddReg  = HKUsers\.Default or HKCU
#RegAddBoot,"HKLM",0x1,"Section","Key(Text)","String"
RegAddBoot,"HKLM",0x1,"System\ControlSet001\Services\NPF","DisplayName","NetGroup Packet Filter Driver"
RegAddBoot,"HKLM",0x4,"System\ControlSet001\Services\NPF","ErrorControl",0x1
RegAddBoot,"HKLM",0x2,"System\ControlSet001\Services\NPF","ImagePath","System32\drivers\npf.sys"
RegAddBoot,"HKLM",0x4,"System\ControlSet001\Services\NPF","Start",0x3
RegAddBoot,"HKLM",0x4,"System\ControlSet001\Services\NPF","Type",0x1
RegAddBoot,"HKLM",0x3,"System\ControlSet001\Services\NPF\Security","Security",01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,
00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00
,
04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18
,
00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01
,
02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00
,
00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00
,
00,00,00,05,12,00,00,00

[Interface]
pCheckBox1="force download",1,3,0,0,200,18,False
Go to the top of the page
 
+Quote Post
AlBundy
post Aug 19 2008, 07:29 AM
Post #2


Member
**

Group: Members
Posts: 16
Thank(s): 0
Joined: 3-August 08
Member No.: 17,084


Germany


The first problem is solved - I only have to copy the files to %TargetDir%\Windows\System32 and not to %BootSRC%\Windows\System32 :-)

But now I need to start the service which dows not work, becaus I can't see it in ServicesPE.

Al
Go to the top of the page
 
+Quote Post
AlBundy
post Aug 24 2008, 04:28 PM
Post #3


Member
**

Group: Members
Posts: 16
Thank(s): 0
Joined: 3-August 08
Member No.: 17,084


Germany


I really hope, that someone can help me.
Files will be copied and registry-entries were made.

But I can't start the Service. :-(

My current Script:
CODE
[main]
Title=WinPcap 4.0.2
Description=
Selected=True
Level=5
Version=1
Author=Hawk
Date=2008-08-02
Contact=

[variables]
%ProgramFolder%=WinPcap
%ProgramEXE%=npf_mgm.exe
%ProgramTitle%=WinPcap
%StartMenuAppGroup%=
%DownloadURL%=http://www.winpcap.org/install/bin/WinPcap_4_0_2.exe
%Filename%=WinPcap_4_0_2.exe
%ArchiveSubDir%=

[Process]
Echo,Processing %ProgramTitle%...
# download
Run,%ScriptFile%,Download,%DownloadURL%,%Filename%
# extract
Run,%ScriptFile%,Extract,%Filename%
DirDelete,%ScriptDir%\%ProgramFolder%\$R0
DirDelete,%ScriptDir%\%ProgramFolder%\$PLUGINSDIR
DirDelete,%ScriptDir%\%ProgramFolder%\$TEMP
DirCopy,%ScriptDir%\%ProgramFolder%\$SYSDIR\*,%ScriptDir%\%ProgramFolder%
DirDelete,%ScriptDir%\%ProgramFolder%\$SYSDIR
# registry-settings
Run,%ScriptFile%,RegistrySettings
# copy
#CopyProgram,"%ScriptDir%\%ProgramFolder%"
DirCopy,%ScriptDir%\%ProgramFolder%\*,%TargetDir%\Windows\System32
AddAutoRun,"NetGroup Packet Filter Driver","x:\windows\system32\net.exe","start #$qNPF#$q",3
# cleanup
DirDelete,"%ScriptDir%\%ProgramFolder%"

[Download]
If,ExistFile,"%ScriptDir%\#2",If,%pCheckBox1%,Equal,True,FileDelete,"%ScriptDir%\#2"
WebGetIfNotExist,"#1","%ScriptDir%\#2"

[Extract]
If,#2,Equal,"",Set,%OutputFolder%,"%ProgramFolder%"
If,#2,NotEqual,"",Set,%OutputFolder%,"#2"
ShellExecute,Hide,"%Tools%\7z.exe","x -y -o#$q%ScriptDir%\%OutputFolder%#$q #$q%ScriptDir%\#1#$q"
If,%ArchiveSubDir%,NotEqual,"",If,ExistDir,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%",DirMove,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%\*","%ScriptDir%\%OutputFolder%"
If,%ArchiveSubDir%,NotEqual,"",If,ExistDir,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%",DirDelete,"%ScriptDir%\%OutputFolder%\%ArchiveSubDir%"

[RegistrySettings]
#Software.AddReg = HKLM\Software
#SetupReg.AddReg = HKLM\System
#Default.AddReg  = HKUsers\.Default or HKCU
#RegAddBoot,"HKLM",0x1,"Section","Key(Text)","String"
RegHiveLoad,Tmp_setupreg_hiv,%RegSystem%
RegWrite,"HKLM",0x1,"Tmp_setupreg_hiv\ControlSet001\Services\NPF","DisplayName","NetGroup Packet Filter Driver"
RegWrite,"HKLM",0x4,"Tmp_setupreg_hiv\ControlSet001\Services\NPF","ErrorControl",0x1
RegWrite,"HKLM",0x2,"Tmp_setupreg_hiv\ControlSet001\Services\NPF","ImagePath","System32\drivers\npf.sys"
RegWrite,"HKLM",0x4,"Tmp_setupreg_hiv\ControlSet001\Services\NPF","Start",0x2
RegWrite,"HKLM",0x4,"Tmp_setupreg_hiv\ControlSet001\Services\NPF","Type",0x1
#RegWrite,"HKLM",0x3,"Tmp_setupreg_hiv\ControlSet001\Services\NPF\Security","Security",01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,
00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,
04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,
00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,
02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,
00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,
00,00,00,05,12,00,00,00
RegHiveUnLoad,Tmp_setupreg_hiv

[Interface]
pCheckBox1="force download",1,3,0,0,200,18,False
Go to the top of the page
 
+Quote Post
Nuno Brito
post Aug 24 2008, 05:50 PM
Post #4


Advanced Member
***

Group: .script developer
Posts: 6,137
Thank(s): 127
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


Hi AlBundy, welcome to boot land.

I see that you are using the old way to write vistaPE scripts.

My advice is to use the newer app script format to ensure others understand your scripting and that everything is done correctly.

You find plenty of app scripts on the respective forum section here: http://www.boot-land.net/forums/index.php?showforum=65 that you can use as example to learn from.

After converting your script to the current app script we can better debug and understand why the service doesn't work.

Using the new app script format ensures that your work can be used in other projects like LiveXP and also ensure that future vistaPE versions understand and run your script perfectly.

(IMG:../forums/style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
AlBundy
post Aug 24 2008, 07:18 PM
Post #5


Member
**

Group: Members
Posts: 16
Thank(s): 0
Joined: 3-August 08
Member No.: 17,084


Germany


Thanks for your answer but why do I use the old format?

The only difference is the way to load the hive and where I get my files from.

1. I always try to use the api of vistape - but unfortunately it is not complete.
2. I don't want to put the files into my script because it is easier to update the download-URL than the nested file.

The only thing I want to do ist to copy some files (already done) and register them as a service to start them via "net start npf".
Go to the top of the page
 
+Quote Post
Nuno Brito
post Aug 24 2008, 07:40 PM
Post #6


Advanced Member
***

Group: .script developer
Posts: 6,137
Thank(s): 127
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


QUOTE
Thanks for your answer but why do I use the old format?


I think you're probably using an older version of VistaPE and this old format is slowly being removed even thought there are still many references to it that take a bit longer to fade away but will nevertheless be confusing for new people writing scripts.

QUOTE
1. I always try to use the api of vistape - but unfortunately it is not complete.


You're using the old API that has been discontinued a year ago, please use the updated one to avoid further confusions.

Code portability on the new API is the reason why it is so important in the first place.

The code that worked on VistaPE was too static and nowhere prepared for changes, the same happened for other wb projects some time ago so we all decided to work together for a common way to write scripts to ensure that the future scripts could be used and shared by everyone.

This allowed to build a bigger library of available scripts and ensure that things got much simpler for everyone else understand.

Also, I can't really express how difficult it was to write a script for a project some years ago to later have to rewrite it again just because something else changes (project evolves, want to try another projects , etc, etc) or find enough people using the same project to provide some help.

So think about this as a measure to ensure that more people can actually read your code and see what is going wrong, and also as good initiative to ensure that your script can be re-used in the future vistaPE versions for example.

-----------------------

Why can't you start the service?

Start your boot disk, double-check from regedit if the registry keys are correctly setup then try launching the service from command line using the "net start" command. This is a good way to see if it starts well or not and see the debug message.

In case of fail then it wouldn't be related to your script but rather something else still missing or incorrectly done.

-----

Also, there is a plugin available for bartPE made by sherpya: http://www.bootcd.us/BartPE_Plugin_Details...ap-Library.html

You can likely use this plugin on your VistaPE project since the latest winbuilder versions (>075) are natively supporting bartPE plugins.

How does this bartPE support works?

Plugins are directly converted to app script language using the new API and this way we ensure that these plugins work, just another example of their importance.

There is also a bartPE plugin converter inside winbuilder that you can use to get the correct app script from this plugin with the missing registry entries that you don't have on your script.

Good luck.

(IMG:../forums/style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
AlBundy
post Aug 24 2008, 08:20 PM
Post #7


Member
**

Group: Members
Posts: 16
Thank(s): 0
Joined: 3-August 08
Member No.: 17,084


Germany


The "debug"-message from "net start" is "Das System kann die Datei nicht ÷ffnen" - which means "the system can not open the file" :-)
This error comes on my and sherpyas plugin.

I'm using the latest VistaPE which comes with WinBuilder 075 beta 3

Where can I get more informations about the new api - I've only found this link http://www.vistape.net/vistape-api.html

Al
Go to the top of the page
 
+Quote Post
Nuno Brito
post Aug 24 2008, 08:48 PM
Post #8


Advanced Member
***

Group: .script developer
Posts: 6,137
Thank(s): 127
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


QUOTE
The "debug"-message from "net start" is "Das System kann die Datei nicht ÷ffnen" - which means "the system can not open the file" :-)


Please post the converted app script from sherpya's plugin here and also verify that all files are placed on the correct location.

Also, have you checked with regedit if your entries matched the correct values? (IMG:../forums/style_emoticons/default/huh.gif)

QUOTE
Where can I get more informations about the new api - I've only found this link


The link you mention is following the current API but introduces some command that you should avoid like RegAddBoot, use the reg_add as it is outputted from the bartPE plugin to see what I mean.

The resulting code from the plugin converter is a good example or you use all the other scripts available on the app script section as example for every possible usage.

The liveXP project is also notorious for following very strictly the API guidelines, look on the app scripts from it's server to avoid having to download just to see how they were coded: http://livexp.boot-land.net/LiveXP/Apps/

Also, inside api.script (a file inside your project) there is a quick list of available functions that are supported.

Last but not least, the tutorials sections contain some tutorials that should explain how things work from the start:
http://www.boot-land.net/forums/?showforum=31
http://www.boot-land.net/forums/?showtopic=4415
http://www.boot-land.net/forums/?showtopic=4424

The search tool on this forum should also help, do ask whenever in doubt and I'll try to help.

(IMG:../forums/style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
Nuno Brito
post Aug 24 2008, 10:05 PM
Post #9


Advanced Member
***

Group: .script developer
Posts: 6,137
Thank(s): 127
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


I've wrote a small tutorial explaining the proper way to write reg keys here: http://www.boot-land.net/forums/index.php?showtopic=5518

(IMG:../forums/style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
AlBundy
post Aug 24 2008, 10:45 PM
Post #10


Member
**

Group: Members
Posts: 16
Thank(s): 0
Joined: 3-August 08
Member No.: 17,084


Germany


Thanks for the links.

If I try to convert WinPcap or use the original BartPE-plugin I get this error "You must define %drFile% to use this plugin!".
If I use the files from sherpya in my plugin I get the error I mentioned above.
--> It seems that the files from sherpya and my new ones are correct - even the registry-entries.
But there seems another error with VistaP╔ (Btw. I'm using WAIK as source).

Is the eventlog available in VistaPE?
Maybe there are more informations about the error.

Al
Go to the top of the page
 
+Quote Post
« Next Oldest · VistaPE · Next Newest »
 

2 Pages V   1 2 >
Fast ReplyReply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 12th October 2008 - 08:49 AM

W3C XHTML • © 2008 Boot Land • All rights reserved • W3C CSS