0

I am working on NPcap, an open-source Windows packet capturing software originated from famous WinPcap and enhanced with more functionalities.

WinPcap's core files are wpcap.dll, packet.dll (in System32 and SysWOW64) and the driver named npf.sys. slightly different with WinPcap, our NPcap will provide npcap.dll, wpcap.dll, packet.dll and the driver npcap.sys. npcap.dll is our NPcap's "wpcap.dll", npcap.sys is our NPcap's "npf.sys". wpcap.dll is a wrapper we added to keep compatible with original WinPcap.

  1. As we want NPcap to coexist with WinPcap, so we decide to install npcap.dll, wpcap.dll, packet.dll into the software installation path "C:\Program Files\NPcap" instead of System32 and SysWOW64 path.

  2. We don't want to change the file names of wpcap.dll and so on, because we want WinPcap's user software can use NPcap's DLLs automatically when WinPcap is not available in the system. As Windows finds DLLs by name.

  3. NPcap wants to support both 32 bit and 64 bit user software (like Wireshark and Nmap) at the same time in a 64 bit Windows. So 32 bit Nmap can use its 32 bit wpcap.dll and 64 bit Wireshark can use its 64 bit wpcap.dll.

Here I encountered a problem: Our user software include nmap and Wireshark, they can be 32 bit or 64 bit. 32 bit software will only use the 32 bit DLLs and the same for 64 bit. If we put the wpcap.dll of NPcap into our installation path like "C:\Program Files\NPcap" and add this string to PATH environment variable, We can't add the 32 bit wpcap.dll and 64 bit wpcap.dll both in "C:\Program Files\NPcap", because they share the same name. We want to keep the "wpcap.dll" name as we need to keep compatible with original WinPcap. So we can't copy the "wpcap.dll" to System32 and SysWOW64 because WinPcap's wpcap.dll is already there. There is also problem that we put 32 bit DLLs and 64 bit DLLs in separated directories. If we put the DLLs into "C:\Program Files\NPcap\x86" and "C:\Program Files\NPcap\x64" separately. We still need to put these two paths into system PATH environment variable for other softwares to invoke. And there will be an order for these two DLL paths. The latter path will be overrided by the former one, as the Windows loader searches DLLs by their file names.

Is there a way not to copy the DLLs into the System32 and SysWOW64 path and resolve the 32 bit and 64 bit DLLs resolving problem at the same time?

Matt Davis
  • 45,297
  • 16
  • 93
  • 124
hsluoyz
  • 2,739
  • 5
  • 35
  • 59
  • Create subdirs 32\ and 64\ (or x86\ and x64\) and have each version of the software look in their respective directory ? – Serge Wautier Jun 03 '15 at 06:58
  • There is also problem that we put 32 bit DLLs and 64 bit DLLs in separated directories. If we put the DLLs into "C:\Program Files\NPcap\x86" and "C:\Program Files\NPcap\x64" separately. We still need to put these two paths into system PATH environment variable for other softwares to invoke. And there will be an order for these two DLL paths. The latter path will be overrided by the former one, as the Windows loader searches DLLs by their file names. – hsluoyz Jun 03 '15 at 07:32
  • How does WinPcap resolve this problem? (The proper solution is for the "other software" to know how to invoke the right version of your DLL, and preferably to ship with it. But in your situation that doesn't work.) – Harry Johnston Jun 03 '15 at 23:36
  • WinPcap puts its DLLs into system32 and syswow64. NPcap's DLL's names are identical to WinPcap's, so we can't use those paths to contain our DLLs. – hsluoyz Jun 05 '15 at 16:22
  • Maybe you can set the PATH like DIR/%PROCESSOR_ARCHITECTURE%/. ? According to this link it returns the architecture of the current process. So it should resolve to the correct directory. http://ss64.com/nt/syntax-variables.html – fassl Jun 05 '15 at 17:04
  • The point after last slash was an accident – fassl Jun 05 '15 at 17:05
  • Nice! I figured out a way very similar with yours. I just installed the DLLs into %SYSDIR$\NPcap. So %SYSDIR% can be parsed into system32 or syswow64 based on the process architecture. You can post an answer so I can end this thread. – hsluoyz Jun 08 '15 at 10:54

0 Answers0