Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

I’m happy to see that the NMap folks took my Vista fix - see their changelog and my previous post on the subject.  However, in running the latest NMap - 4.20 - on my Vista RC1 machine, the dependency error on npptools.dll is still there.

Drilling into this problem a bit:  the dependency is from WanPacket.dll, a component of WinPcap version 3.1, which is included by default with the NMap Windows installer.

link.exe /dump /imports WanPacket.dll
Microsoft (R) COFF/PE Dumper Version 8.00.50727.42
...

Section contains the following imports:

NPPTools.dll
...
4 CreateNPPInterface
12 GetNPPBlobTable
2E SetBoolInBlob
3 CreateBlob
5 DestroyBlob

From MSDN, those routines are part of the Netmon SDK.  But from Microsoft’s recent Netmon v3 release information, their capture, parser, and interface have been re-written.  And, significantly, Netmon 2.x is not compatible with Vista.  However, as I wrote previously, dropping the old npptools.dll from my XPSP2 machine onto Vista seems to allow NMap to run just fine. 

But there’s a better solution which indicates that this problem will soon be solved.  WinPcap version 4.0 Beta 3 is now available and no longer has the NPP dependency.  In fact, WinPacket.dll is no longer part of the distro.  So here’s what I did:

  1. Install NMap 4.20 (including WinPcap 3.1) on Vista
  2. Go to Control Panel -> Programs and Features (used to be Add/Remove Programs), select WinPcap, then Uninstall.
  3. Install WinPcap 4.0 Beta 3.

Everything seems to work at that point, and no need for npptools.dll.  Hopefully the NMap folks will pickup the new WinPcap distro soon and this will all be a distant memory …

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment