45 replies to this topic

[hectorma]

ok it load ok now. the problem was thaht winpcap driver not loaded in init.

[homes32]

i don´t know, i have probing in this moment with
Hive_Load,HKU
reg_add,0x1,"%reg%\Microsoft\Windows\CurrentVersion\RunOnceEx\zRun","NetGroup Packet Filter Driver","%CDDrive%\Programs\WinPcap\npf_mgm.exe -s"
Hive_Unload,HKU
The program wireshark and winpcap driver run in from cd, no memory.

by your screenshot you are indeed having a problem with the WinPcap driver loading.
if you are using VistaPE the driver is loaded by VistaPE Loader. not the registry.

JonF, do you know if VistaPE Loader does any logging?

[hectorma]

i don´t know if winpcap load in peloader whith combobox script. If i add this line run if not wireshark crash .....

[JonF]

JonF, do you know if VistaPE Loader does any logging?

I don't think it does. And if it does I don't know how to activate it.

Certainly WIn7PE is the wave of the future, and it seems that VistaPE is moribund.

[homes32]

Certainly WIn7PE is the wave of the future, and it seems that VistaPE is moribund.

very true

[Lancelot]

Certainly WIn7PE is the wave of the future, and it seems that VistaPE is moribund.

True but needs a Hero to publish (instead of saving at homepc) all updates/fixes around boot-land (so far i read) at least in a package .
Who will save VistaPE princess
pic 1 http://th04.devianta...nintendo_fc.jpg
pic 2 http://izismile.com/...ve_princess.jpg

@homes32
With your next version of your script can you change

AddAutoRun,"NetGroup Packet Filter Driver","%CDDrive%\Programs\WinPcap\npf_mgm.exe","-s",3

to

//history04 AddAutoRun,"NetGroup Packet Filter Driver","%CDDrive%\Programs\WinPcap\npf_mgm.exe","-s",3

It seems this line have no effect on LiveXP, please test. Also if needed I agree with JonF runoncex fix

[hectorma]

i added maltego ce and cain " abel in the script. This run ok. Maltego with java pluggin.

[homes32]

Also if needed I agree with JonF runoncex fix

will this run before or after Network is started?

[hectorma]

is diferent if run after or before thath network is started?

[homes32]

is diferent if run after or before thath network is started?

yes. the WinPcap driver will not load unless network support is started (running).

[Lancelot]

Hi Homes32, your last 2 posts made everything clear in my mind.

Seems to me ControlSet001\Services\NPF you add is enough for wireshare on LiveXP !
AddAutoRun,
is not used in any livexp scripts and I believe it does nothing now. I guess it was once used with autoruns.Script in the past to add a autorun.cmd to be executed at startup !! (not sure).

Anyway,
Here is the "modified script"+"log file"+"picture from vmware"
http://lancelot.winb...0625_194440.rar

I open LiveXP, start Penetwork manually (auto disabled) , than i double click wireshark at desktop. Everything seem to work nicely.



edit: typo fix

[homes32]

new version.
let me know if if there are any issues!

*edit*

Please confirm if you can successfully build in win7pe. everything seems to be working fine but I would like a couple of other confirmations before making support "official"

[homes32]

v5 minor update to set download to new wireshark version.

Please confirm if you can successfully build in win7pe. everything seems to be working fine but I would like a couple of other confirmations before making support "official"

[homes32]

updated. see 1st post.

[homes32]

updated to v7. see 1st post.

[homes32]

updated for new wireshark release

[homes32]

Updated Wireshark to 1.2.5

[homes32]

updated for wireshark 1.2.6

[homes32]

updated to v11. see 1st post

[Fairbod]

Thxs Homes32,
It was a good script to look at to see a working example . Plus I want Wireshark
The Link has change . I edited the script in Notepad from :
%WiresharkURL%=http://media-2.cacetech.com/wireshark/win32/wireshark-win32-1.2.7.exe
in [variables] to:
%WiresharkURL%=http://wiresharkdownloads.riverbed.com/wireshark/win32/wireshark-win32-1.6.1.exe

It downloaded and installed fine . Sorry I haven't got to the fixing scripts stage or creating and uploading bit yet , but needed to fix that. If someone could fix the hosted one that might help others thxs .

[homes32]

Thxs Homes32,
It was a good script to look at to see a working example . Plus I want Wireshark
The Link has change . I edited the script in Notepad from :
%WiresharkURL%=http://media-2.cacetech.com/wireshark/win32/wireshark-win32-1.2.7.exe
in [variables] to:
%WiresharkURL%=http://wiresharkdownloads.riverbed.com/wireshark/win32/wireshark-win32-1.6.1.exe

It downloaded and installed fine . Sorry I haven't got to the fixing scripts stage or creating and uploading bit yet , but needed to fix that. If someone could fix the hosted one that might help others thxs .

Hi Fairbod,

glad you were able to easily update the link. that was the reason for making the variable available at the top of the script. I should have an updated script posted by the end of the week with the newer version links and updated winpcap.

regards,
Homes32