<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1"><font face="Courier New">Fish,<br>
<br>
Great advice. I was able to transfer an npf.sys from another
system of the same type.<br>
As I said before, I have a more or less identical system Win7 64
which has it installed and working fine!<br>
<br>
But now I'm getting (which I guess I was getting before):<br>
<br>
Error opening file for writing:<br>
<br>
C:\Windows\system32\Packet.dll<br>
<br>
Click Abort to stop the installation,<br>
Retry to try again, or<br>
Ignore to skip this file.<br>
<br>
Now, I guess I'd have to ask: Why would an install try to open
an existing .dll for writing .. well, unless it's just trying to
put it in the directory?<br>
<br>
So, I did the same thing with this one and copied it from my
other Win7 64 system.<br>
<br>
Then I reinstalled Wireshark / WinPCAP. Since I know that
Packet.dll is there, I skipped the issue when it popped up.<br>
This worked to a point but the npf driver isn't running.<br>
So then I ran <br>
net start npf <br>
and got<br>
The service cannot be strted, either because it is disabled or
because it has no enabled devices associated with it.</font></font><br>
<br>
On 1/8/2012 8:38 PM, "Fish" (David B. Trout) wrote:
<blockquote cite="mid:001701ccce88$80ecd2e0$82c678a0$@org"
type="cite">
<pre wrap="">Fred Marshall wrote:
[...]
</pre>
<blockquote type="cite">
<pre wrap="">If I run
net start npf
I get Syhstem error 2 has occurred
The system cannot find the file specified. !!!!!!
</pre>
</blockquote>
<pre wrap="">
Well THAT'S not good.
</pre>
<blockquote type="cite">
<pre wrap="">So, it appears there is a difference between
sc qc npf
and
net start npf
</pre>
</blockquote>
<pre wrap="">
"sc qc npf" simply queries the Service Control Manager's database and
displays the entry for that service name. It does not otherwise do anything.
It is a query function. It is not an action function. It does not stop or
start a service. It simply DISPLAYS it.
The "net start" command actually starts the service, and does so according
to the information as registered in the Service Control Manager's database
(which is really just a few keys and values in the
HKLM\System\CurrentControlSet\Services branch of the registry).
</pre>
<blockquote type="cite">
<pre wrap="">I've also looked at the ... well I can't find the full steps
but it's like in the not plugnplay, hidden, etc.
and it's not showing there.......
Everything has been run as Administrator, etc.
</pre>
</blockquote>
<pre wrap="">
Perhaps you're thinking of the "msinfo32" command?
Start -> Run: msinfo32.
Expand the "Software Environment" branch, and select the first entry called
"System Drivers".
In the list of drivers, locate the one for Name = "NPF", Description =
"NetGroup Packet Filter Driver".
The "Type" should be "Kernel Driver", the Start Mode should be "Auto"
(possibly; depends on user preference). The "Started" will be "Yes" if the
driver has been started, but on your troublesome system it's more than
likely "No".
Now, go back to your Administrator Command Prompt (where you originally
entered your "sc qc npf" command from) and notice the path that's displayed:
C:\Windows\system32>sc qc npf
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: npf
TYPE : 1 KERNEL_DRIVER
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\drivers\npf.sys
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetGroup Packet Filter Driver
DEPENDENCIES :
SERVICE_START_NAME :
This means the driver called "npf.sys" SHOULD be in your
%SystemRoot%\system32\drivers directory. Change to that directory and do a
'dir' (or 'dir /b | find /i "npf"). You SHOULD see two drivers listed:
npf.sys
npfs.sys
The second one listed (npfs.sys) is NOT the one we're interested in.
It is the FIRST one that we are interested in: the "npf.sys" driver.
If it is not listed in your dir display (if it does not exist in your
system32\drivers directory), then THAT is your problem. (and from the sounds
of everything you've told us so far that *IS* indeed your problem).
Now, the question then becomes, *WHY* isn't it there?! :)
The installation of WinPCap *should* have placed it there.
If, after installing WinPCap , it is still not there, then either:
a) something is broken with the WinPCap installer (unlikely)
or:
b) something on your system is preventing the WinPCap installer from being
able to write to that directory (much more likely)
Check you driver and/or directory permissions to make sure they're correct.
Maybe you changed them a long time ago and forgot you did so.
Or perhaps you changed some system policy (Group Policy) related to
installing device drivers a long time ago and forgot you did so.
It could be anything.
You need to dig through your memory and try to remember what it was you did
(or what some other piece of software that you installed may have done).
AS A QUICK TEST, you might consider *manually* copying the npf.sys driver to
there from a known working system. (Just make sure it's for the same
architecture: x64). The try starting the npf service again: "net start npf".
It SHOULD work.
Then all we would need to do is determine WHY the WinPCap installation is
unable to accomplish the same thing. THAT'S the mystery it seems.
I also STRONGLY suggest (and this is good advice not just for you but for
EVERYONE who manages a computer system, which includes your personal
computer) that you begin keeping a LOG of everything you do from now on.
I've been doing it for years now and it has saved my butt on more than one
occasion!
Just create a "_Windows Changes.txt" file somewhere (e.g. in your Documents
folder) and keep a shortcut to it on your desktop. Then whenever you change
ANYTHING on your system, be it a simple tweaking of a system service, the
installation of a program (or even Microsoft Updates) or the changing a
registry entry, etc... just type a new entry.
It doesn't have to be much.
Just a few lines.
Date, time, and what you did, etc.
Sort of like a "diary" of daily events in the life of your system. :)
But just get in the habit of doing it!
Don't think you can get away with NOT doing it, because it's easy to forget
days or weeks later when you're having trouble that several days/weeks ago
you changed something on your system and it's only NOW coming back to bite
you.
Trust me. You'll thank me for it later. :)
Good luck.
Let us know how it goes!
</pre>
</blockquote>
</body>
</html>