[Winpcap-users] winpcap and McAfee
Gianluca Varenni
gianluca.varenni at cacetech.com
Tue Jun 24 18:55:45 GMT 2008
----- Original Message -----
From: <tamagawa at skygroup.jp>
To: <winpcap-users at winpcap.org>
Sent: Monday, June 23, 2008 7:03 PM
Subject: Re: [Winpcap-users] winpcap and McAfee
> Hello,
>
> I'm just curious:
>
> What would happen if we call Winpcap API before notifying the SCM?
> Or, why we need to notify before calling any Winpcap API?
It all boils down to how the SCM works internally.
First of all, when you call a WinPcap API, for example to list the adapters,
WinPcap makes sure that both the WinPcap driver and the Microsoft NetMon
driver (NM) are loaded into memory. Non-pnp drivers (like winpcap and
netmon) are managed as normal services by the OS and started on demand,
usually. The SCM uses a lock to protect the service database, and that lock
is held when you run your own service before notifying the SCM. When the SCM
database lock is held, no other services can start (and basically times
out). If in your service calls a WinPcap API, WinPcap will try to load the
winpcap driver and the netmon one (if needed), the SCM will try to acquire
the SCM database lock again and wait for a certain timeout (I think it's one
minute). The lock request will eventually timeout, and the WinPcap and the
NM drivers might not be loaded into memory.
Hope this explains a bit how the SCM works.
Have a nice day
GV
>
> Cound be a stupid question but glad to hear any hints.
>
> Thanks in advance,
> --
> tamagawa
>
> Gianluca Varenni ????????:
>>
>> If you use WinPcap from within a service, I suggest you to have a look at
>> these slides
>>
>> http://www.cacetech.com/SHARKFEST.08/BoF_Varenni_%20WinPcap%20Do's%20and%20Don'ts.zip
>> in particular slide #9.
>>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list