none
Is it possible to have two filter drivers in one binary on Windows? RRS feed

  • Question

  • I have a filter (light-weight filter, LWF) driver that captures the packets from all the adapters. The FilterClass is compression, the same with official ndislwf example. This setting will bind the filter above Native Wifi Filter.

    However, this FilterClass can only capture Ethernet packets on wireless adapters. So I want it to be able to capture the raw 802.11 packets on wireless adapters. So I need to specify FilterClass as ms_medium_converter_128 in the INF. This setting will bind the filter below Native Wifi Filter.

    So I need to have two drivers now. One is compression and another is ms_medium_converter_128. But I don't want to maintain two drivers's code and let my users install two drivers. Is there a way to mix two LWFs into one binary (and only needs one install)? Or is there a way to let one LWF be able to bind above and below Native Wifi Filter at the same time? Thanks!


    Here's my whole INF with compression FilterClass:

    ;-------------------------------------------------------------------------
    ; NPF.INF -- Npcap NDIS 6.x LightWeight Filter Driver
    ;
    ; Copyright (c) 2015, Insecure.Com LLC.  All rights reserved.
    ;------------------------------------------------------------------------
    [version]
    Signature       = "$Windows NT$"
    Class           = NetService
    ClassGUID       = {4D36E974-E325-11CE-BFC1-08002BE10318}
    CatalogFile     = %NPF_DriverName%.cat
    Provider        = %Insecure%
    DriverVer=05/20/2016,15.54.30.752
    
    
    [Manufacturer]
    %Insecure%=Insecure,NTx86,NTia64,NTamd64
    
    [Insecure.NTx86]
    %NPF_Desc%=Install, INSECURE_NPF
    
    [Insecure.NTia64]
    %NPF_Desc%=Install, INSECURE_NPF
    
    [Insecure.NTamd64]
    %NPF_Desc%=Install, INSECURE_NPF
    
    ;-------------------------------------------------------------------------
    ; Installation Section
    ;-------------------------------------------------------------------------
    [Install]
    AddReg=Inst_Ndi
    Characteristics=0x40000
    NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501340}"
    Copyfiles = npf.copyfiles.sys
    
    [SourceDisksNames]
    1=%NPF_Desc%,"",,
    
    [SourceDisksFiles]
    npf.sys=1
    
    [DestinationDirs]
    DefaultDestDir=12
    npf.copyfiles.sys=12
    
    [npf.copyfiles.sys]
    %NPF_DriverName%.sys,,,2
    
    
    ;-------------------------------------------------------------------------
    ; Ndi installation support
    ;-------------------------------------------------------------------------
    [Inst_Ndi]
    HKR, Ndi,Service,,%NPF_DriverName%
    HKR, Ndi,CoServices,0x00010000,%NPF_DriverName%
    HKR, Ndi,HelpText,,%NPF_HelpText%
    HKR, Ndi,FilterClass,, compression
    
    
    ; For a Monitoring filter, use this:
    ;     HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
    ; For a Modifying filter, use this:
    ;     HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
    HKR, Ndi,FilterType,0x00010001,2
    
    
    HKR, Ndi\Interfaces,UpperRange, , noupper
    HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
    
    
    ; TODO: Ensure that the list of media types below is correct.  Typically,
    ; filters include "ethernet".  Filters may also include "ppip" to include
    ; native WWAN stacks, but you must be prepared to handle the packet framing.
    ; Possible values are listed on MSDN, but common values include:
    ;     ethernet, wan, ppip, wlan
    HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
    
    
    ; For a Mandatory filter, use this:
    ;     HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
    ; For an Optional filter, use this:
    ;     HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
    HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
    
    
    ; By default, Mandatory filters unbind all protocols when they are
    ; installed/uninstalled, while Optional filters merely pause the stack.  If you
    ; would like to override this behavior, you can include these options.  These
    ; options only take effect with 6.30 filters on Windows "8" or later.
    ; To prevent a full unbind, and merely pause/restart protocols:
    ;     HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
    ;     HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
    ; To force a full unbind/bind (which includes pause/restart, of course):
    ;     HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
    ;     HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
    ;
    
    ;-------------------------------------------------------------------------
    ; Service installation support
    ;-------------------------------------------------------------------------
    [Install.Services]
    AddService=%NPF_DriverName%,,NPF_Service_Inst
    
    [NPF_Service_Inst]
    DisplayName     = %NPF_Desc%
    ServiceType     = 1 ;SERVICE_KERNEL_DRIVER
    StartType       = 3 ;SERVICE_DEMAND_START
    ErrorControl    = 1 ;SERVICE_ERROR_NORMAL
    ServiceBinary   = %12%\%NPF_DriverName%.sys
    LoadOrderGroup  = NDIS
    Description     = %NPF_Desc%
    AddReg          = Common.Params.reg, NdisImPlatformBindingOptions.reg
    
    [Install.Remove.Services]
    DelService=%NPF_DriverName%,0x200 ; SPSVCINST_STOPSERVICE
    
    [Common.Params.reg]
    
    [NdisImPlatformBindingOptions.reg]
    ; By default, when an LBFO team or Bridge is created, all filters will be
    ; unbound from the underlying members and bound to the TNic(s). This keyword
    ; allows a component to opt out of the default behavior
    ; To prevent binding this filter to the TNic(s):
    ;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
    ; To prevent unbinding this filter from underlying members:
    ;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
    ; To prevent both binding to TNic and unbinding from members:
    ;   HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or unbind from Members
    HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior
    
    [Strings]
    NPF_DriverName = "npf"
    Insecure = "Nmap Project"
    NPF_Desc = "Npcap Packet Driver (NPCAP)"
    NPF_HelpText = "A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
    

    Wednesday, May 25, 2016 11:03 AM

Answers

  • Yes, just use a different service name for each

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, May 31, 2016 10:53 PM
    Moderator

All replies

  • Yes, just use a different service name for each

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, May 31, 2016 10:53 PM
    Moderator
  • Thanks for the answer. But I still don't quite understand how to do it.

    So can you be more specific? Like do I need two INF files and use NetCfg API to install these two INF files separately?

    Also there are some names in NDIS_FILTER_DRIVER_CHARACTERISTICS, like UniqueName, ServiceName, etc. I think I also need to accommodate these values to match their service's counterpart?

    If this is the way, it still works as two filters, isn't it? I mean two filters are residing in the NDIS stack. The only common part is that they share the same binary file. If this is the case, what's the difference if I compiled two binaries and install them separately? Will two services on one binary install faster than two services on two binaries? The only advantage I can think of is that I only need to code-sign one driver file.

    Thanks!

    Sunday, June 5, 2016 3:34 PM
  • Yes, you will need two INF files and install them separately. They can each point to the same binary, but inside each INF file you will need a unique service name, and then you'll need a mechanism in the binary to determine which service is being installed and then do the right thing for that service. Since you will be required to have two INF files and the extra logic for determining how to act (based upon which INF is installed) in the binary, it doesn't really provide any net benefit to cram everything into a single binary, which is why it is rarely done. I would recommend that you not do this, and just have two binaries and two INF files.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Sunday, June 5, 2016 3:46 PM
    Moderator
  • Hi, I just did what you said. But I encountered an issue: Both driver "npcap" and "npcap_wifi" install using NetCfg API succeed. The binary name is "npcap.sys".

    The second driver won't start:

    C:\Program Files\Npcap>net start npcap
    The requested service has already been started.

    More help is available by typing NET HELPMSG 2182.


    C:\Program Files\Npcap>net start npcap_wifi
    System error 2 has occurred.

    The system cannot find the file specified.

    If I install "npcap_wifi" first, "npcap" second, then "npcap" service fails to start. DbgView shows that the second driver's DriverEntry is never called. And the NetCfg API install doesn't show any error either. So I don't know what's wrong here? Thanks!


    • Edited by Yang Luo Thursday, August 25, 2016 3:08 PM
    Thursday, August 25, 2016 3:07 PM
  • You'll have to look in the C:\Windows\INF\SetupAPI.Dev.log file to see what is wrong

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Thursday, August 25, 2016 7:09 PM
    Moderator
  • The content of C:\Windows\INF\SetupAPI.Dev.log:

    >>>  [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP.inf]
    >>>  Section start 2016/08/25 08:04:43.560
          cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i
         inf: Copy style: 0x00000000
         sto: {Setup Import Driver Package: C:\Program Files\Npcap\NPCAP.inf} 08:04:43.576
         inf:      Provider: Nmap Project
         inf:      Class GUID: {4D36E974-E325-11CE-BFC1-08002BE10318}
         inf:      Driver Version: 08/25/2016,22.36.52.439
         inf:      Catalog File: npcap.cat
         sto:      {Copy Driver Package: C:\Program Files\Npcap\NPCAP.inf} 08:04:43.607
         sto:           Driver Package = C:\Program Files\Npcap\NPCAP.inf
         sto:           Flags          = 0x00000007
         sto:           Destination    = C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}
         sto:           Copying driver package files to 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}'.
         flq:           Copying 'C:\Program Files\Npcap\npcap.cat' to 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\npcap.cat'.
         flq:           Copying 'C:\Program Files\Npcap\NPCAP.inf' to 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\NPCAP.inf'.
         flq:           Copying 'C:\Program Files\Npcap\npcap.sys' to 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\npcap.sys'.
         sto:      {Copy Driver Package: exit(0x00000000)} 08:04:43.669
         pol:      {Driver package policy check} 08:04:43.669
         pol:      {Driver package policy check - exit(0x00000000)} 08:04:43.669
         sto:      {Stage Driver Package: C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\NPCAP.inf} 08:04:43.669
         inf:           {Query Configurability: C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\NPCAP.inf} 08:04:43.685
         inf:                Driver package 'NPCAP.inf' is configurable.
         inf:           {Query Configurability: exit(0x00000000)} 08:04:43.685
         flq:           Copying 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\npcap.cat' to 'C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\npcap.cat'.
         flq:           Copying 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\NPCAP.inf' to 'C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\NPCAP.inf'.
         flq:           Copying 'C:\Users\ADMINI~1\AppData\Local\Temp\{b4409d93-164c-a343-963c-14eebaf6f3fe}\npcap.sys' to 'C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\npcap.sys'.
         sto:           {DRIVERSTORE IMPORT VALIDATE} 08:04:43.716
         sig:                {_VERIFY_FILE_SIGNATURE} 08:04:43.732
         sig:                     Key      = NPCAP.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\NPCAP.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\npcap.cat
    !    sig:                     Verifying file against specific (valid) catalog failed! (0x800b0109)
    !    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 08:04:43.747
         sig:                {_VERIFY_FILE_SIGNATURE} 08:04:43.747
         sig:                     Key      = NPCAP.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\NPCAP.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}\npcap.cat
         sig:                     Success: File is signed in Authenticode(tm) catalog.
         sig:                     Error 0xe0000241: The INF was signed with an Authenticode(tm) catalog from a trusted publisher.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 08:04:43.779
         sto:           {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 08:04:43.794
         sig:           Signer Score = 0x0F000000
         sig:           Signer Name  = Insecure.Com LLC
         sto:           {DRIVERSTORE IMPORT BEGIN} 08:04:43.794
         sto:           {DRIVERSTORE IMPORT BEGIN: exit(0x00000000)} 08:04:43.794
         cpy:           {Copy Directory: C:\Windows\System32\DriverStore\Temp\{c7c58e3e-e5cb-a042-b4cf-36b1ffb0ee5d}} 08:04:43.794
         cpy:                Target Path = C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_7e2b4b929dedc706
         cpy:           {Copy Directory: exit(0x00000000)} 08:04:43.794
         idb:           {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_7e2b4b929dedc706\NPCAP.inf} 08:04:43.794
         idb:                Created driver package object 'npcap.inf_amd64_7e2b4b929dedc706' in DRIVERS database node.
         idb:                Created driver INF file object 'oem11.inf' in DRIVERS database node.
         idb:                Registered driver package 'npcap.inf_amd64_7e2b4b929dedc706' with 'oem11.inf'.
         idb:           {Register Driver Package: exit(0x00000000)} 08:04:43.794
         idb:           {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_7e2b4b929dedc706\NPCAP.inf} 08:04:43.794
         idb:                Activating driver package 'npcap.inf_amd64_7e2b4b929dedc706'.
         cpy:                Published 'npcap.inf_amd64_7e2b4b929dedc706\npcap.inf' to 'oem11.inf'.
         idb:                Indexed 2 device IDs for 'npcap.inf_amd64_7e2b4b929dedc706'.
         sto:                Flushed driver database node 'DRIVERS'. Time = 0 ms
         sto:                Flushed driver database node 'SYSTEM'. Time = 0 ms
         idb:           {Publish Driver Package: exit(0x00000000)} 08:04:43.810
         sto:           {DRIVERSTORE IMPORT END} 08:04:43.810
         dvi:                Flushed all driver package files to disk. Time = 16 ms
         sig:                Installed catalog 'npcap.cat' as 'oem11.cat'.
         sto:           {DRIVERSTORE IMPORT END: exit(0x00000000)} 08:04:43.841
         sto:      {Stage Driver Package: exit(0x00000000)} 08:04:43.841
         sto: {Setup Import Driver Package - exit (0x00000000)} 08:04:43.857
         inf: Driver Store Path: C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_7e2b4b929dedc706\NPCAP.inf
         inf: Published Inf Path: C:\Windows\INF\oem11.inf
    <<<  Section end 2016/08/25 08:04:43.872
    <<<  [Exit status: SUCCESS]
    
    
    >>>  [SetupCopyOEMInf - C:\Program Files\Npcap\NPCAP_wifi.inf]
    >>>  Section start 2016/08/25 08:04:44.779
          cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -i2
         inf: Copy style: 0x00000000
         sto: {Setup Import Driver Package: C:\Program Files\Npcap\NPCAP_wifi.inf} 08:04:44.795
         inf:      Provider: Nmap Project
         inf:      Class GUID: {4D36E974-E325-11CE-BFC1-08002BE10318}
         inf:      Driver Version: 08/25/2016,22.36.52.648
         inf:      Catalog File: npcap.cat
         sto:      {Copy Driver Package: C:\Program Files\Npcap\NPCAP_wifi.inf} 08:04:44.825
         sto:           Driver Package = C:\Program Files\Npcap\NPCAP_wifi.inf
         sto:           Flags          = 0x00000007
         sto:           Destination    = C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}
         sto:           Copying driver package files to 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}'.
         flq:           Copying 'C:\Program Files\Npcap\npcap.cat' to 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\npcap.cat'.
         flq:           Copying 'C:\Program Files\Npcap\NPCAP_wifi.inf' to 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\NPCAP_wifi.inf'.
         flq:           Copying 'C:\Program Files\Npcap\npcap.sys' to 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\npcap.sys'.
         sto:      {Copy Driver Package: exit(0x00000000)} 08:04:44.888
         pol:      {Driver package policy check} 08:04:44.904
         pol:      {Driver package policy check - exit(0x00000000)} 08:04:44.904
         sto:      {Stage Driver Package: C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\NPCAP_wifi.inf} 08:04:44.904
         inf:           {Query Configurability: C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\NPCAP_wifi.inf} 08:04:44.904
         inf:                Driver package 'NPCAP_wifi.inf' is configurable.
         inf:           {Query Configurability: exit(0x00000000)} 08:04:44.904
         flq:           Copying 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\npcap.cat' to 'C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\npcap.cat'.
         flq:           Copying 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\NPCAP_wifi.inf' to 'C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\NPCAP_wifi.inf'.
         flq:           Copying 'C:\Users\ADMINI~1\AppData\Local\Temp\{1fb7fa34-e03b-6447-a513-f413f4177d47}\npcap.sys' to 'C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\npcap.sys'.
         sto:           {DRIVERSTORE IMPORT VALIDATE} 08:04:44.951
         sig:                {_VERIFY_FILE_SIGNATURE} 08:04:44.966
         sig:                     Key      = NPCAP_wifi.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\NPCAP_wifi.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\npcap.cat
    !    sig:                     Verifying file against specific (valid) catalog failed! (0x800b0109)
    !    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 08:04:44.997
         sig:                {_VERIFY_FILE_SIGNATURE} 08:04:44.997
         sig:                     Key      = NPCAP_wifi.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\NPCAP_wifi.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}\npcap.cat
         sig:                     Success: File is signed in Authenticode(tm) catalog.
         sig:                     Error 0xe0000241: The INF was signed with an Authenticode(tm) catalog from a trusted publisher.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 08:04:45.029
         sto:           {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 08:04:45.029
         sig:           Signer Score = 0x0F000000
         sig:           Signer Name  = Insecure.Com LLC
         sto:           {DRIVERSTORE IMPORT BEGIN} 08:04:45.029
         sto:           {DRIVERSTORE IMPORT BEGIN: exit(0x00000000)} 08:04:45.044
         cpy:           {Copy Directory: C:\Windows\System32\DriverStore\Temp\{8e1aeaa0-2e2c-d245-ba7b-a9bdc8127052}} 08:04:45.044
         cpy:                Target Path = C:\Windows\System32\DriverStore\FileRepository\npcap_wifi.inf_amd64_adedf7bd4b514913
         cpy:           {Copy Directory: exit(0x00000000)} 08:04:45.044
         idb:           {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap_wifi.inf_amd64_adedf7bd4b514913\NPCAP_wifi.inf} 08:04:45.060
         idb:                Created driver package object 'npcap_wifi.inf_amd64_adedf7bd4b514913' in DRIVERS database node.
         idb:                Created driver INF file object 'oem12.inf' in DRIVERS database node.
         idb:                Registered driver package 'npcap_wifi.inf_amd64_adedf7bd4b514913' with 'oem12.inf'.
         idb:           {Register Driver Package: exit(0x00000000)} 08:04:45.075
         idb:           {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\npcap_wifi.inf_amd64_adedf7bd4b514913\NPCAP_wifi.inf} 08:04:45.075
         idb:                Activating driver package 'npcap_wifi.inf_amd64_adedf7bd4b514913'.
         cpy:                Published 'npcap_wifi.inf_amd64_adedf7bd4b514913\npcap_wifi.inf' to 'oem12.inf'.
         idb:                Indexed 2 device IDs for 'npcap_wifi.inf_amd64_adedf7bd4b514913'.
         sto:                Flushed driver database node 'DRIVERS'. Time = 0 ms
         sto:                Flushed driver database node 'SYSTEM'. Time = 16 ms
         idb:           {Publish Driver Package: exit(0x00000000)} 08:04:45.107
         sto:           {DRIVERSTORE IMPORT END} 08:04:45.107
         dvi:                Flushed all driver package files to disk. Time = 15 ms
         sig:                Installed catalog 'npcap.cat' as 'oem12.cat'.
         sto:           {DRIVERSTORE IMPORT END: exit(0x00000000)} 08:04:45.169
         sto:      {Stage Driver Package: exit(0x00000000)} 08:04:45.185
         sto: {Setup Import Driver Package - exit (0x00000000)} 08:04:45.216
         inf: Driver Store Path: C:\Windows\System32\DriverStore\FileRepository\npcap_wifi.inf_amd64_adedf7bd4b514913\NPCAP_wifi.inf
         inf: Published Inf Path: C:\Windows\INF\oem12.inf
    <<<  Section end 2016/08/25 08:04:45.247
    <<<  [Exit status: SUCCESS]
    

    Friday, August 26, 2016 5:04 AM
  • You will have to sign the each driver package separately, and have a .CAT file for each

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, August 26, 2016 7:39 PM
    Moderator