winpcap 수동 설치

winpcap 수동 설치 방법 : http://www.itninja.com/question/winpcap-silent-install-issues

This looks old but since I have an answer I thought I would post it just in case it help someone else that comes across WinPcap.

Basically all WinPcap does is copy DLL's to their proper locations, then creates and starts a service that runs the npf.sys driver.

Here is what you need to do for a silent installation:

1. Extract the files from the WinPcap installer - using 7zip - using the autorename feature

2. There will be several duplicates that have a _1 or _2 etc on the end of their name

3. You will have to copy the proper versions of each file to their respecitive locations

4. Each file is for a different version of windows - jsut check the properties - details tab to see which version it is.

5. For 32bit Windows (I was using Windows 7) copy the following to C:\Windows\System32

Packet.dll

wpcap.dll

pthreadVC.dll

Then copy the driver to C:\Windows\System32\Drivers

npf.sys

Next create a service for the driver using the following command:

sc create npf binPath= system32\drivers\npf.sys type= kernel start= auto error= normal tag= no DisplayName= "NetGroup Packet Filter Driver"

For 64bit windows it is almost the same except the 32bit versions of the DLL's go into C:\Windows\sysWOW64 

and the 64bit versions go into C:\Windows\System32

File names are the same so on 64bit you end up with a 64bit version in C:\Windows\System32

Packet.dll

wpcap.dll

32bit versions end up in C:\windows\System32

Packet.dll

pthreadVC.dll

wpcap.dll

Driver npf.sys ends up in the same place either way.

hope this helps someone

해볼려고 정리하다가..

1. WinPcap_4_1_2.exe 를 7zip 으로 압축 풀고 (중복 이름 발생시 자동으로 이름 바꾸기)

2. WinPcap_4_1_2\$SYSDIR 폴더의 

Packet.dll

pthreadVC.dll

wpcap.dll

를 32bit OS면 C:\windows\System32\Drivers 에 카피

를 64bit OS면 C:\Windows\SysWOW64 에 카피

3. WinPcap_4_1_2\$SYSDIR\drivers 폴더의

npf.sys

를 32bit OS면 C:\Windows\System32\Drivers 에 카피

를 64bit OS면 C:\Windows\SysWOW64\drivers 에 카피

4. 서비스 생성

32bit OS면 sc create npf binPath= C:\Windows\system32\drivers\npf.sys type= kernel start= auto error= normal tag= no DisplayName= "NetGroup Packet Filter Driver"

64bit OS면 sc create npf binPath= C:\Windows\SysWOW64\drivers\npf.sys type= kernel start= auto error= normal tag= no DisplayName= "NetGroup Packet Filter Driver"

** 삭제시 sc delete npf

WinPcap_4_1_2.exe 압축 풀면 dll 들이 _1, _2 식으로 붙는데 윈도우 버전이나 32bit, 64 bit 로 나눠지는 것 같은데

직접 깔아서 바이너리 비교하기전엔 뭐가 어떤 OS 용인지 몰라서 포기함.

삽질... winpcap 에선 공식적으로 silent install을 지원하지 않겠다고 (향후에도..) 2009년도 쯤에 쓴 글이 있었음.

(dll 버전 겹칠 경우 문제, 배포 문제, 사용자 몰래 깔리는 경우 문제 등등 떄문)

WinpCap 설치하면 커널 서비스가 등록되고 시작하는데 일반 서비스탭에선 안보임

콘솔에서 sc query type= kernel 로 조회하면

SERVICE_NAME: NPF

DISPLAY_NAME: NetGroup Packet Filter Driver

        종류               : 1  KERNEL_DRIVER

        상태               : 4  RUNNING

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        검사점             : 0x0

        WAIT_HINT          : 0x0

나옴