npcap
npcap copied to clipboard
nmap
Support x64 programs on arm64
Windows 11 on arm64 can run x64 programs, however npcap currently only installs x86 and arm64 libraries, so x64 programs can't load wpcap.dll. Another problem is that there's no separate System32 directory for x64 (unlike for x86).
I was able to get x64 Wireshark to capture packets on my Arm64 Windows 11 by copying wpcap.dll and packet.dll from an x64 system to Wireshark's installation directory.
Hi @jernejs . That's a great idea. We have a number of Windows ARM64 development devices, but I'm not sure whether any have been upgraded to Windows 11 yet. I'm glad to hear that you were able to get this working by copying the x64 DLL's from another system. That might help others in the meantime. In the case of Wireshark, downloading the 32-bit x86 Windows installer they provide may be a cleaner approach unless you have a strong need for x64. Hopefully Wireshark will start offering native Windows ARM64 binaries as well. But we should still probably install x64 DLL's on Windows ARM now that the platform supports it. I'm not sure what to do about the System32 situation, but presumably there is a solution most other portable software uses for this?
"the 32-bit x86 Windows installer"still exists - for a while.
https://gitlab.com/wireshark/wireshark/-/issues/17779 32-bit Windows end of support planning
On Mon, Mar 7, 2022 at 6:11 PM Gordon Fyodor Lyon @.***> wrote:
Hi @jernejs https://github.com/jernejs . That's a great idea. We have a number of Windows ARM64 development devices, but I'm not sure whether any have been upgraded to Windows 11 yet. I'm glad to hear that you were able to get this working by copying the x64 DLL's from another system. That might help others in the meantime. In the case of Wireshark, downloading the 32-bit x86 Windows installer they provide may be a cleaner approach unless you have a strong need for x64. Hopefully Wireshark will start offering native Windows ARM64 binaries as well. But we should still probably install x64 DLL's on Windows ARM now that the platform supports it. I'm not sure what to do about the System32 situation, but presumably there is a solution most other portable software uses for this?
— Reply to this email directly, view it on GitHub https://github.com/nmap/npcap/issues/585#issuecomment-1061270813, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECV2JEAJ66ZQVFC7ZMVJODU62LMPANCNFSM5QEUQCMA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
At the time we added ARM64 support, Windows did not generally support x64 emulation. That apparently changed in November: https://blogs.windows.com/windows-insider/2020/12/10/introducing-x64-emulation-in-preview-for-windows-10-on-arm-pcs-to-the-windows-insider-program/
Another problem is that there's no separate System32 directory for x64 (unlike for x86).
Props to NeXT for getting this somewhat more right, with a solution that avoids having multiple directories for executables and libraries for different instruction sets by packing code for multiple architectures into one file. You still need binary-to-binary translators if you're not just running 32-bit binaries on a 64-bit version of the same platform but at least you don't have to create multiple directories for either the "supported by translation" or "supported by the CPU running both 32-bit and 64-bit code" cases.
It looks as if for ARM64/x86-64, Windows might have something a little bit like that. Somebody else has looked at these "Compiled Hybrid Portable Executable" files in more detail.
Microsoft do seem to allow building executables as ARM64EC binaries; perhaps in the future they'll support building CHPE libraries, for the benefit of organizations that produce libraries as products.
(I was not surprised to read, in the Microsoft blog post, that "The ARM64EC ABI differs slightly from the existing ARM64 ABI in ways that make it binary compatible with x64 code." - I figured that x86-64 code translated to ARM64 code does procedure calls differently from native ARM64 code (for example, while x86-64 ABIs pass some arguments in registers, x86-64 has fewer registers to use than does ARM64, so they may be more likely to pass arguments on the stack, and the translator might not try to infer that a stack push is passing an argument and translate it into a load-into-register), meaning it'd be more work to have a translated x86-64 binary, using the ARM64EC ABI, call a routine in a native ARM64 DLL, using the ARM64 ABI. An x86-64 DLL, however, would pass through the same translator to run on ARM64, so it'd use the ARM64EC ABI, just as the executable does.
for example, while x86-64 ABIs pass some arguments in registers, x86-64 has fewer registers to use than does ARM64, so they may be more likely to pass arguments on the stack, and the translator might not try to infer that a stack push is passing an argument and translate it into a load-into-register
No, the only calling sequence differences are for variadic functions.
I installed win11 with my Surface ProX device, and when starting wireshark x64 (3.6.5) it prompts "Unable to load Npcap or Winpcap (wpcap.dll)". I have installed Npcap 1.60 and from the system32 directory there is already wpcap.dll, why it still prompt this error? Does it mean npcap needs to build one ARM64EC wpcap.dll to support wireshark x64?
@jernejs Do you copy wpcap.dll from the intel or AMD x64 device to the Surface ProX system32 directory or C:\Program Files\Wireshark ? Then Surface ProX could run Wireshark 64bit?
There's no difference between Intel and AMD x64 – any x64 install of npcap will do.
There's no difference between Intel and AMD x64 – any x64 install of npcap will do.
Thanks a lot. It works for me
Update: This is particularly important for Npcap given that Wireshark is planing to terminate 32-bit Windows support starting with their upcoming 4.0 release. We now have one of our ARM development systems (a Surface Pro) upgraded to Windows 11 to better test this. It will be a high priority after our imminent Npcap 1.70 release.
I just wanted to add a note that this has been a bit more difficult than we'd hope. Initial ARM64EC testing did not go well. Visual Studio 2019 may be partly to blame; will be trying with VS2022 next, but probably after our upcoming 1.71 Npcap release and the Nmap 25th Anniversary Release. @dmiller-nmap reports:
Basic problem: ARM64EC = wrapper around mixed ARM64/x64 object code forming a single EXE. What we need is ARM64X (same as System32/user32.dll on Win11 on ARM uses), which is a DLL wrapper that contains both ARM64 and x64 entry points to the same ARM64 functions. Not sure how to get this to work, but guessing VS2022 will have a better interface.
@pvouzis - I'm afraid not. As noted in my July 14 comment here, we ran into implementation issues and had to remove it from the 1.71 release goals. But it is still among our top Npcap priorities.
I just wanted to add a note that this has been a bit more difficult than we'd hope. Initial ARM64EC testing did not go well. Visual Studio 2019 may be partly to blame; will be trying with VS2022 next, but probably after our upcoming 1.71 Npcap release and the Nmap 25th Anniversary Release. @dmiller-nmap reports:
Basic problem: ARM64EC = wrapper around mixed ARM64/x64 object code forming a single EXE. What we need is ARM64X (same as System32/user32.dll on Win11 on ARM uses), which is a DLL wrapper that contains both ARM64 and x64 entry points to the same ARM64 functions. Not sure how to get this to work, but guessing VS2022 will have a better interface.
VS2022 17.3 supports ARM64X https://docs.microsoft.com/en-us/windows/arm/arm64x-pe https://docs.microsoft.com/en-us/windows/arm/arm64x-build
Hi all, for the specific use case of running Wireshark on Windows on Arm64 you can now download experimental Arm64 installers from https://www.wireshark.org/download/automated/win64/. We should be able to start shipping Windows Arm64 packages in the 4.2.x release branch.
@badboycxcc - you might want to report that on Wireshark's tracker because any pcre2-8.dll issues with the Wireshark experimental ARM64 builds aren't related to Npcap.