winget install --id DaiyuuNobori.Win10PcapAbout Win10Pcap
Win10Pcap is a new WinPcap-based Ethernet packet capture library. Unlike original WinPcap, Win10Pcap is compatible with NDIS 6.x driver model to work stably with Windows 10. Win10Pcap also supports capturing IEEE802.1Q VLAN tags. Win10Pcap has the binary-compatibility with the original WinPcap DLLs. You can run Wireshark or other WinPcap-compatible applications with Win10Pcap by simply installing Win10Pcap DLLs, instead of original WinPcap. Win10Pcap is written as a personal project by Daiyuu Nobori, a Ph.D student...
What's new in 10.2.5002
Added the security check code on the read/write/ioctl procedures on the Win10Pcap kernel-mode driver. In the previous version of Win10Pcap, the kernel-mode driver did not check the virtual addresses which are passed from the user-mode. A local user was able to exploit this to read or write data bytes in the kernel-space memory. This had a risk to allow a local user to gain the escalated privilege on the local system. This security check code is to prevent such as illegal access from a local user. For details, please see https://github.com/SoftEtherVPN/Win10Pcap/commits/master. The problem was reported by Meysam Firozi on October 7, 2015. I greatly appreciate Meysam Firozi's contribution to report this problem.
Version history
| Version | Updated | Notes |
|---|---|---|
| 10.2.5002 | Unknown | Added the security check code on the read/write/ioctl procedures on the Win10Pcap kernel-mode driver. In the previous version of Win10Pcap, the kernel-mode driver did not check the virtual addresses which are passed from... |