Compiling WinPcap for Windows 7 x64
2009-08-08 6:17 PM PDT
Well, since WinPcap team doesn't yet have an official Windows 7 version of WinPcap driver and the current installer refuses to install it (should work in Vista compatibility mode, but I had some problems with it), I went ahead and compiled and installed it manually myself.
Since compiling drivers on Windows requires the correct version of Windows Driver Kit, compiling it for Windows 7 was impossible because the version of WDK that supports Win7 was not publicly available. Yesterday I got e-mail from Microsoft telling that I now have download access to the kit, so I downloaded and got to work.
So this is my story. I'm writing this in a tutorial-style so that it would be easy for others to also try it and act as a reminder for me how I did it.
List of software needed:
I assume that you have the Microsoft products installed and ready for use. Download the WinPcap source code and AirPcap dev pack. Both come as ZIP files. Create a new folder where you will be working in. Extract the "winpcap" folder from the WinPcap zip to the working folder (make it as a subfolder), and the "Airpcap_Devpack" folder from the AirPcap zip.
So at this point you should have two folders in the working folder you created.
Compiling the NPF driver
The lowest level component of WinPcap is the virtual device driver. As the name says, you need to use Windows Driver Kit to compile it, so start x64 Free Build Environment from the Windows Driver Kit start-menu group.
The build command prompt opens, navigate to your working folder with usual commands. Go inside winpcap\packetNtx with cd command and type in CompileDriver command. It may list some warnings or defects, but the compilation should finish up successfully. The compiled driver npf.sys can now be found from winpcap\packetNtx\driver\bin\amd64
Compiling Packet.dll
The next component required by WinPcap is the middle level dynamic link library Packet.dll. This is compiled in Visual Studio. Open the project Packet.sln from winpcap\packetNtx\Dll\Project and allow Visual Studio to convert it (assuming you are using VS 200
Select the configuration Release, x64. If you now try to build the solution, it will fail with missing npptools.lib. This is because the file is no longer included in Windows SDK. However, it is part of Windows Driver Kit, so go edit the properties of Release | x64. Under Linker edit the Additional Library Directories and add lib\wnet\amd64 from inside WDK (for example C:\WinDDK\7600.16385.0\lib\wnet\amd64). After that the x64 build should finish without errors.
Since some programs requiring WinPcap might be 32-bit versions, you also want to compile that too, so change to Release | Win32 and do the same change to Linker directories, except this time use the i386 folder instead of amd64.
Compiling wpcap.dll
The last file to compile is the actual high level interface of WinPcap, the file that most applications use for WinPcap, wpcap.dll.
This is also compiled as a Visual Studio project, winpcap\wpcap\PRJ\wpcap.sln (allow VS to convert it)
If you just try to build the Release of either Win32 or x64, it will fail with 12 errors. To fix it, open winpcap\wpcap\libpcap\pcap-stdinc.h for editing. There comment out line 64, so that
Code:
becomes
Code:
After doing that change you should be able to build both Win32 and x64 Release configurations.
Installing WinPcap manually
Now that you have the files you need to make them usable by the system.
First copy the npf.sys file into C:\Windows\System32\drivers (or wherever your Windows is installed to), the file can be found from winpcap\packetNtx\driver\bin\amd64 inside the working folder.
Then locate the Packet.dll files from winpcap\packetNtx\Dll\Project\Release. If you compiled both 32 and 64 bit versions, you have two folders there, x86 and x64. Copy the Packet.dll from x86 to C:\Windows\SYSWOW64 and the Packet.dll from x64 to C:\Windows\System32 (yes, the 64-bit file goes to system folder with 32 in the name and the 32-bit file to folder with 64 in the name... ask Microsoft)
The last files are wpcap.dll that you find from winpcap\wpcap\PRJ\Release. Copy the wpcap.dll files to the System folders in the same fashion as Packet.dll files above.
Now all the files are in place. All that is left is letting Windows know the existence of the NPF kernel mode driver to enable WinPcap to work. To do this, open Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
There create a new key named "NPF" and insert these values in it (type in parenthesis):
(REG_SZ) DisplayName = NPF (WinPcap manual install)
(REG_DWORD) ErrorControl = 1
(REG_EXPAND_SZ) ImagePath = \SystemRoot\system32\DRIVERS\npf.sys
(REG_DWORD) Start = 2
(REG_DWORD) Type = 1
There's a little problem, though. 64-bit version of Windows 7 does not allow unsigned kernel mode drivers, but the NPF driver of WinPcap is like that, and since you compiled it yourself, it does not have official signature.
This can be bypassed, though. When you start up Windows 7, press F8 to go into boot menu. You can disable the signature checking of drivers from there, allowing Windows to load and use your self-compiled WinPcap driver (you might need to do this on every boot, though)
After that applications requiring WinPcap should work normally, provided they do not have any other incompatibilities with Windows 7. At least you know that your version of WinPcap is specifically compiled for Windows 7 so there wouldn't be any issues
views: 4497
Since compiling drivers on Windows requires the correct version of Windows Driver Kit, compiling it for Windows 7 was impossible because the version of WDK that supports Win7 was not publicly available. Yesterday I got e-mail from Microsoft telling that I now have download access to the kit, so I downloaded and got to work.
So this is my story. I'm writing this in a tutorial-style so that it would be easy for others to also try it and act as a reminder for me how I did it.
List of software needed:
- Microsoft Windows 7 x64
- Microsoft Visual Studio 2008
- Windows Driver Kit 7
- WinPcap 4.1 beta5 source code
- AirPcap Developer's Pack V 4.1
I assume that you have the Microsoft products installed and ready for use. Download the WinPcap source code and AirPcap dev pack. Both come as ZIP files. Create a new folder where you will be working in. Extract the "winpcap" folder from the WinPcap zip to the working folder (make it as a subfolder), and the "Airpcap_Devpack" folder from the AirPcap zip.
So at this point you should have two folders in the working folder you created.
Compiling the NPF driver
The lowest level component of WinPcap is the virtual device driver. As the name says, you need to use Windows Driver Kit to compile it, so start x64 Free Build Environment from the Windows Driver Kit start-menu group.
The build command prompt opens, navigate to your working folder with usual commands. Go inside winpcap\packetNtx with cd command and type in CompileDriver command. It may list some warnings or defects, but the compilation should finish up successfully. The compiled driver npf.sys can now be found from winpcap\packetNtx\driver\bin\amd64
Compiling Packet.dll
The next component required by WinPcap is the middle level dynamic link library Packet.dll. This is compiled in Visual Studio. Open the project Packet.sln from winpcap\packetNtx\Dll\Project and allow Visual Studio to convert it (assuming you are using VS 200
Select the configuration Release, x64. If you now try to build the solution, it will fail with missing npptools.lib. This is because the file is no longer included in Windows SDK. However, it is part of Windows Driver Kit, so go edit the properties of Release | x64. Under Linker edit the Additional Library Directories and add lib\wnet\amd64 from inside WDK (for example C:\WinDDK\7600.16385.0\lib\wnet\amd64). After that the x64 build should finish without errors.
Since some programs requiring WinPcap might be 32-bit versions, you also want to compile that too, so change to Release | Win32 and do the same change to Linker directories, except this time use the i386 folder instead of amd64.
Compiling wpcap.dll
The last file to compile is the actual high level interface of WinPcap, the file that most applications use for WinPcap, wpcap.dll.
This is also compiled as a Visual Studio project, winpcap\wpcap\PRJ\wpcap.sln (allow VS to convert it)
If you just try to build the Release of either Win32 or x64, it will fail with 12 errors. To fix it, open winpcap\wpcap\libpcap\pcap-stdinc.h for editing. There comment out line 64, so that
Code:
#define vsnprintf _vsnprintf
becomes
Code:
/* #define vsnprintf _vsnprintf */
After doing that change you should be able to build both Win32 and x64 Release configurations.
Installing WinPcap manually
Now that you have the files you need to make them usable by the system.
First copy the npf.sys file into C:\Windows\System32\drivers (or wherever your Windows is installed to), the file can be found from winpcap\packetNtx\driver\bin\amd64 inside the working folder.
Then locate the Packet.dll files from winpcap\packetNtx\Dll\Project\Release. If you compiled both 32 and 64 bit versions, you have two folders there, x86 and x64. Copy the Packet.dll from x86 to C:\Windows\SYSWOW64 and the Packet.dll from x64 to C:\Windows\System32 (yes, the 64-bit file goes to system folder with 32 in the name and the 32-bit file to folder with 64 in the name... ask Microsoft)
The last files are wpcap.dll that you find from winpcap\wpcap\PRJ\Release. Copy the wpcap.dll files to the System folders in the same fashion as Packet.dll files above.
Now all the files are in place. All that is left is letting Windows know the existence of the NPF kernel mode driver to enable WinPcap to work. To do this, open Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
There create a new key named "NPF" and insert these values in it (type in parenthesis):
(REG_SZ) DisplayName = NPF (WinPcap manual install)
(REG_DWORD) ErrorControl = 1
(REG_EXPAND_SZ) ImagePath = \SystemRoot\system32\DRIVERS\npf.sys
(REG_DWORD) Start = 2
(REG_DWORD) Type = 1
There's a little problem, though. 64-bit version of Windows 7 does not allow unsigned kernel mode drivers, but the NPF driver of WinPcap is like that, and since you compiled it yourself, it does not have official signature.
This can be bypassed, though. When you start up Windows 7, press F8 to go into boot menu. You can disable the signature checking of drivers from there, allowing Windows to load and use your self-compiled WinPcap driver (you might need to do this on every boot, though)
After that applications requiring WinPcap should work normally, provided they do not have any other incompatibilities with Windows 7. At least you know that your version of WinPcap is specifically compiled for Windows 7 so there wouldn't be any issues
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
The trick is that Windows allows "Test mode" where self-signed kernel drivers are allowed to be loaded without the need for a trusted Certificate Authority. So we turn Windows into test mode and make up a self-signed certificate for the npf.sys file.
First start the x64 Free Build Environment as Administrator (must be full administrator with elevated privilegies if using UAC).
To put Windows into Test mode where test-signed kernel modules are accepted, write in this command:
Code:
You can review the current boot parameters by writing "bcdedit" without parameters, it should say Testsigning: Yes for the current Operating System.
Now use "cd" and other required commands to navigate to the build folder where npf.sys is (do not do this inside System32\drivers, rather do it in the build folder). First use "makecert" to generate a self-signed certificate file:
Code:
The command will create a self-signed (-r) exportable (-pe) certificate and store it in PrivateCertStore storage (-ss PrivateCertStore). The certificate will be saved in file npf.cer and is named as MeAndMyself (-n CN=MeAndMyself). Note that self-signed certificate has the "issued to" field the same as the certificate name. So this is your personal certificate, issued to yourself by yourself
Next you want to apply this certificate to the driver file npf.sys. Use "signtool" for it:
Code:
ertStore /n MeAndMyself /t http://timestamp.verisign.com/scripts/timestamp.dll n
pf.sys
The "sign" parameter tells the action that we want to sign a file, /v turns on verbose output so you see what it does. The certificate named MeAndMyself (/n MeAndMyself) is selected from storage PrivateCertStore (/s PrivateCertStore). The certificate can be timestamped using the online tool from VeriSign (/t http://timestamp.verisign.com/scripts/timestamp.dll) and it will be applied to the file npf.sys.
Now copy this test-signed npf.sys file to System32\drivers and reboot your computer. Since you enabled Test mode using bcdedit, it should now load the driver without any input from the boot menu.