WinPCap 4.0.2 Silent
From what I've read, silent installation capability was removed from the nullsoft installer provided here since it would be easy to turn this into malware: http://www.winpcap.org/install/default.htm
A Wise Capture will not work because the installer is changing several HKLM/System/CurrentControlSet/Class keys based on hardware enumeration. I could potentially capture everything but the key changes and script them, but I have no idea where it is getting it's information, as there are several device ID's being writen. I have captured activity with regmon but it's massive.
This is specific to etheral apparently, because I do not have access to those files.
http://www.appdeploy.com/packages/detail.asp?id=534
And this would'nt be silent:
http://itninja.com/question/antivirus-packaging76
Any help would be appreciated.
A Wise Capture will not work because the installer is changing several HKLM/System/CurrentControlSet/Class keys based on hardware enumeration. I could potentially capture everything but the key changes and script them, but I have no idea where it is getting it's information, as there are several device ID's being writen. I have captured activity with regmon but it's massive.
This is specific to etheral apparently, because I do not have access to those files.
http://www.appdeploy.com/packages/detail.asp?id=534
And this would'nt be silent:
http://itninja.com/question/antivirus-packaging76
Any help would be appreciated.
0 Comments
[ + ] Show comments
Answers (3)
Please log in to answer
Posted by:
aogilmor
16 years ago
Is there a file manifest? A log with the registry entries?
Since it looks to be share/free ware you may be out of luck on support, but usually the authors are fairly open about the documentation. That's the avenue I'd pursue if I had to package this.
Since it looks to be share/free ware you may be out of luck on support, but usually the authors are fairly open about the documentation. That's the avenue I'd pursue if I had to package this.
Posted by:
Jahya
16 years ago
I can record the registry changes using regmon, but those changes involve keys that are hardware dependant device ID's for all network cards and COM ports. There are about 800 actions from queries to changes, and creations.
Turns out we contacted Cisco and OPNET, and they are going to start working on a silent version of the agent. Since one is provided with a commercial lisence, I assume this is nothing more than OPNET or Cisco buying it and adding it to the installer. I have tried to figure out the logic of the installer, record it and play it back, but I don't have the resources to test how it is affected by dual or more nics and thier configurations, diff COM configs, and the likes.
OPNet was not open about the documentation of the installer, all they provided me with were options to purchace the commercial version.
Turns out we contacted Cisco and OPNET, and they are going to start working on a silent version of the agent. Since one is provided with a commercial lisence, I assume this is nothing more than OPNET or Cisco buying it and adding it to the installer. I have tried to figure out the logic of the installer, record it and play it back, but I don't have the resources to test how it is affected by dual or more nics and thier configurations, diff COM configs, and the likes.
OPNet was not open about the documentation of the installer, all they provided me with were options to purchace the commercial version.
Posted by:
aogilmor
16 years ago
Hardware is tricky to (re)package because it's usually lower level stuff than application files. It's good you're getting some vendor support on that.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.