The Windows 2000 family of operating systems moved from mainstream support to the extended support phase on June 30, 2005. Microsoft says that this marks the progression of Windows 2000 through the Windows lifecycle policy. Under mainstream support, Microsoft freely provides design changes if any, service packs and non-security related updates in addition to security updates, whereas in extended support, service packs are not provided and non-security updates require contacting the support personnel by e-mail or phone. Under the extended support phase, Microsoft continued to provide critical security updates every month for all components of Windows 2000 (including Internet Explorer 5.0 SP4) and paid per-incident support for technical issues. Because of Windows 2000's age, updated versions of components such as Windows Media Player 11 and Internet Explorer 7 have not been released for it. In the case of Internet Explorer, Microsoft said in 2005 that, "some of the security work in IE 7 relies on operating system functionality in XP SP2 that is non-trivial to port back to Windows 2000."[125]
win2k version to service packet 4 windows 7 free 14
Moreover, due to the lack of the NetMon COM component on the 64bit version of Windows, dialup adapters are not supported. wpcap.dll has been updated to libpcap 0.9.4 from
Added a patch file containing the patches for remote capture against the vanilla libpcap sources.
Better error handling in the installer.
Applied some patches to the bpf_filter and verifier (from Guy Harris):BPF programs with no instructions
BPF_STX and BPF_LDXBPF_MEM instructions that have out-of-range offsets (which could be made to fetch or store into arbitrary memory locations);
BPF_DIV instructions with a constant 0 divisor (that's a check also done at run time).
In addition, it makes the k field in BPF instructions unsigned, as it is in other BPF interpreters
Enabled PREFast (static code analysis tool from the Microsoft DDK) on the x86 build of the driver.
Bug fixing:Added a patch in PacketGetAdapterNames() to set the last error to ERROR_INSUFFICIENT_BUFFER if the buffer passed to the function is too small. Modified pcap_findalldevs() so that it correctly handles this situation.
Fixed a bug in PacketGetAdapterNames(): the requested buffer size to correctly return all the adapter names was wrongly computed (overestimated of 3-4 bytes)
Fixed a problem while listing the adapters under Win9x: if the key HKLM\System\CurrentControlSet\Services\Class\Net\ did not contain an NDIS key, the code was going into an infinite loop.
Minor fixes the documentation.
Fixed the prototype for the JITted BPF filter function under x86; thanks to this patch, we no longer need to manually fix the stack pointer after the JITted function returns.
Version 3.1, 5 aug 05 New installation script based on theNSIS installer. The new installer should be able to detect any previous version of WinPcap, remove it on request and install the new version, decreasing the number of situations in which a reboot is necessary. Moreover, by connecting to the WinPcap website, the installer is able to tell the user if more recent versions of WinPcap are available.
wpcap.dll has been updated to libpcap 0.9.3 from
General cleanup of the documentation (now aligned to libpcap 0.9.3).
Modified the documentation, so that packet.dll is no longer available in the standard developer's pack.
Added to the developer's pack a set of libpcap-compatible samples, suitable to be compiled against vanilla libpcap
Exported the following new functions from wpcap.dll: pcap_list_datalinks() and pcap_dump_ftell().
Removed pcap_file() from the exports because of incompatibilities with the Microsoft C runtime (CRT).
General cleanup of the existing samples.
Renamed the NdisWanAdapter to GenericDialupAdapter, to make the use of this adapter more clear for the users.
Removed some useless files in the source tree and in the documentation.
Bug fixing:Fixed several bugs in the kernel BPF filter function when the packet is stored into two not contiguous buffers. This bug shows up as missing packets in the capture while the machine is using personal firewalls and certain antivirus softwares.
Fixed a problem related to the NetMon COM component initialization. This bug caused random access violation errors while listing the adapters.
Removed a duplicated initialization of an event in the driver.
Added a check in packet.dll that prevents listing and opening of FireWire adapters, since they have a broken interface with NDIS and can cause blue screens.
Fixed a memory leak in PacketGetAdaptersIPH().
Fixed a check that could cause PacketSendPackets() to crash packet.dll.
Minor fixes.
Version 3.1 beta4, 4 nov 04 wpcap.dll has been updated to libpcap 0.8.3 from
Added a note in the documentation that states that the kernel dump feature is disabled due to incompatibilities with the new kernel buffer.
Minor fixes to the documentation.
Removed some useless files.
Bug fixing:Fixed a bug related to COM initialization in WanPacket.dll, by which WanAdapters were not working correctly if the calling thread was using COM with a different threading model.
Fixed a problem in AddAdapterIPH(), by which no adapter was actually added with this function because of a UNICODE/ASCII mismatch. Basically, AddAdapterIPH() received an ASCII adapter name, and tried to open it with PacketOpenAdapterNPF(), which accepts UNICODE strings, only.
Fixed a bug in the remote capture code due to concurrency issues when spawning a new thread.
Fixed a problem related to the generation of grammar files with flex in the CygWin makefile.
Fixed a couple of memory leaks in PacketGetAdapterNames(). PacketGetAdapterNames() seems to be still leaky, but the source of the leak seems to be a leaky API in the Microsoft IpHelperAPI, at least on WinXP SP1.
Added some code that frees the global list of adapters when packet.dll is unloaded (i.e. when DllMain() is called with DLL_PROCESS_DETACH).
Fixed a bug that caused the adapters not to be listed on terminal services. The bug was caused by the lack of the "\\global" prefix in front of the adapter names.
Fixed a bug related to adapter opening in the pcap_filter example. Fixed the usage string that was wrong.
Fixed a bug in the JIT code of the driver that could potentially cause a BSOD if two threads try to set a filter (that will be jitted) at the same time.
Fixed a bug by which the driver fails to return any packet with a read after an IOCTL_SETBUFFER has changed the buffer size. The bug is due to some missing counter resets.
Fixed some debugging messages in the NT driver that were not macroed with IF_LOUD.
Version 3.1 beta3, 15 may 04Bug fixing:Fixed a bug related to device listing if TCP/IP is not installed: on 2000/XP if TCP is not installed, it reported "you must install TCP/IP", and this was plain wrong.
Added PacketSetSnapLen() under Win9x. Without this function, wpcap.dll fails to load on Win9x.
PacketGetAdapterNames() has been rewritten under Win9x, in order to comply to the correct behavior specified in the documentation.
Version 3.1 beta2, 3 may 04Added some code to show a fake NdisWan adapter, useful to capture LCP/NCP packets. This adapter is always listed on 2000/XP/2003 (if you have enough privileges), even if you don't have any PPP/VPN/... connection established.
Added a check in the installer, so that the installation fails if you don't have administrator privileges.
Added a check so that NdisWan adapters (PPP, VPN, ...) are listed only if you can capture from them.
Added a new sample program, which gets the MAC address of an interface using packet.dll
Modified the access to the global list of adapters in packet.dll under NT4/2000/XP/2003. Now packet.dll should be thread-safe.
Bug fixing:fixed some resource leaks in the remote capture daemon (rpcapd).
fixed a couple of resource leaks in packet.dll.
fixed some meaningless last error messages set by PacketOpenAdapter() (e.g. "The operation completed successfully").
fixed a shortcoming in pcap_findalldevs(), by which the adapters where not listed if they couldn't fit into a 8kB buffer.
fixed a memory leak in pcap_lookupdev().
fixed some bugs related to adapters listing:some adapters were not listed, especially if some registry keys are messed up.
in some situations the listing failed with the message "Attempt to release a mutex not owned by caller"
if PacketGetAdapterNames() failed, it returned the wrong number of needed bytes for the input buffer.
fixed a buffer overrun in npf.sys that caused crashes (BSODs) when there are too many adapters in the registry.
fixed a bug in npf.sys that caused blue screens (BSODs) when you try to send "jumbo" packets, i.e. packets bigger than the maximum frame size for the selected link type.
minor bug fixes.
Version 3.1 beta, 3 feb 04Support for capture on NdisWan, with the following features:Based on the NetMon API, does NOT use NPF.sys
Works with PPP (dial-up) and VPN links
Works on Windows 2000 and XP, only
Packet transmission is not supported
Packet filtering is done at user level
wpcap.dll has been updated to libpcap 0.8.1 from
Support for DAG cards, based on the Windows version of the 2.5 Endace Dag driver.
The method used by the driver to timestamp packets can now be changed without recompiling the driver, modifying a registry key: HKLM\System\CurrentControlSet\Services\NPF\TimestampModePossible values are0 (default) -> Timestamps generated through KeQueryPerformanceCounter, less reliable on SMP/HyperThreading machines, precision = some microseconds
2 -> Timestamps generated through KeQuerySystemTime, more reliable on SMP/HyperThreading machines, precision = scheduling quantum (10/15 ms)
3 -> Timestamps generated through the i386 instruction RDTSC, less reliable on SMP/HyperThreading/SpeedStep machines, precision = some microseconds
The driver is now started by the SCM with GENERIC_READ privileges rather than ALL_ACCESS. This allows not-administrator users to start and run WinPcap.
Changes to the wpcap.dll API:pcap_findalldevs() and pcap_findalldevs_ex() return IPv6 addresses
pcap_findalldevs_ex() is now able to list local adapters, remote adapters, and the list of capture files present in a given folder.
Changes/additions to the Packet.dll API:The code to gather interface information has been mostly rewritten, in order to be more modular and source independent. IP Helper API is now used in addition to registry scanning.
PacketGetNetInfoEx() now returns IPv6 addresses besides IPv4 ones.
modified the format of the npf_if_addr structure, that PacketGetNetInfoEx() uses to return the network address of an interface. In order to provide enough space for an IPv6 address, npf_if_addr is now made of three struct sockaddr_storage rather than three structsockaddr. Since the former is 128 bytes while the latter is 16 bytes, old applications will not be compatible with the new PacketGetNetInfoEx().
PacketGetAdapterNames() now returns the names of the adapter in ASCII rather than in Unicode. Since the main purpose of PacketGetAdapterNames() is feeding data to pcap_findalldevs() and since pcap_findalldevs() needs ASCII names, the new PacketGetAdapterNames() avoids a conversion in wpcap.dll and uniforms the data format with the one of Windows 9x (this potentially simplifies the code of the applications). As a consequence of this modification, old applications won't work properly with the new PacketGetAdapteNames() on NT/2k/XP/2k3.
PacketOpenAdapter() now takes an ascii adapter rather than a UNICODE one. This is a consequence of the fact that PacketGetAdapterNames() returns ASCII strings: they can be immediately passed to PacketOpenAdapter(). (note: internal conversion is provided so that a UNICODE adapter name will be correctly opened, however the prototype changes and this could generate warning when compiling old applications).
For the same reason, PacketGetNetInfoEx() takes an ASCII adapter string rather than a UNICODE one. Internal conversion is provided for backward compatibility in this case, too.
PacketGetVersion() now retrieves the version number from the dll binary.
Added a PacketGetDriverVersion() function that returns the version number of NPF.sys.
The structure NetTypehas been modified to support link layers faster than 4 gigabits: the size of the LinkSpeed field is now 64 bits instead of 32 bits. This impacts on the PacketGetNetType() function too. As a consequence of this modification, old applications won't work properly with the new PacketGetNetType().
Packet samplingadded the capability to perform packet sampling instead of just packet capture. This feature can be turned on through the new pcap_setsampling() function.
This feature is available on local captures, offline captures, and remote captures.
Please note that this feature is highly experimental.
Remote captureImproved support on FreeBSD and Linux.
Fixed a bug in UDP data trasfer
Support for packet sampling (only if the remote daemon runs on a Win32 machine; it does not work on Linux and FreeBSD).
Updated the documentationMany examples have been rewritten in order to use the new pcap_open() and pcap_findalldevs_ex() functions.
Version 3.01 alpha , 13 jun 03Modified interface for function pcap_findalldevs_ex in order to support local files listing
pcap_findalldevs_ex supports local device, remote device, and local file listing
Updated makefiles in order to compile on UNIX
Support for remote capture (and remote daemon) in Linux and BSD (in addiction to Win32)
Simplified architecture for the remote capture; now pthreads are needed only by the rpcapd daemon; standard libpcap does no longer need phtreads
Added initial support for remote packet sampling (local packet sampling is still to be done)
pcap_fileno returns a valid description also in case of a remote capture, so that the 'select()' function can be used to check if packets are waiting to be read
Improved docs
Started modifying the Developer's Pack examples in order to use the new system calls (pcap_open, pcap_findalldevs_ex, etc), although this process has not been completed
Bug fixing: Fixed a bug that prevented the remote capture (active mode) working in Windows XP
Fixed a bug that caused the driver not to list any adapter under NT4/2k/XP/2k3.
Version 3.0 , 10 apr 03 pcap_read_ex APIWe have changed the name of this API to pcap_next_ex. The signature of this API is the same as the old one (pcap_read_ex).
Bug fixing: fixed a bug that caused a kernel memory leak when pcap_setbuff is called repeatedly on the same adapter
fixed a bug that caused pcap_setbuff to fail if the buffer is too small
fixed a bug in the win9x driver that could cause an infinite loop
added some sanity checks to prevent system instability during packet generation
several minor fixes (thanks to Dave Korn)
Version 3.0 beta, 10 feb 03 New features of the NPF device driver: support for SMP machines
kernel buffering rewritten from scratch to support SMP machines
remote capture.
Bug fixing: fixed a bug related to Terminal Services
NdisWan support:due to the large number of messages reporting problems (blue screens) with VPNs, PPTP and such connections, we have disabled the support for NdisWan adapters. As a consequence, it is not possible to capture from PPP (neither NdisWanIp, nor NdisWanBh, nor NdisWanBfIn/Out...). At the moment we have no plans to fix the problem with VPNs, PPTP, PPP unless we get a generous sponsorship.
NOTE:: due to some problems with the new kernel buffer, the "kernel-dump" feature (dump to disk directly from kernel mode) has been disabled at the moment. 2ff7e9595c
Comments