This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

USBPcap/KB3033929

0

Hi, I installed the last version of WireShark (2.0.3) with USBPcap embeded. During the installation it requires the KB3033929 package. After that I Installed the KB3033929 and tried to install again USBPcapSetup-1.1.0.0-g794bf26-3.exe. But it gives the same message, KB3033929 required!!! KB3033929 is really installed, I tested it. Is there a way to install it manually? ( I can extract the files with 7zip...) Thanks!!!

asked 03 May '16, 03:01

Jean-Marc's gravatar image

Jean-Marc
6112
accept rate: 0%


3 Answers:

0

USBPcap is an external project that Wireshark uses, we just bundle their installer. Maybe contact them direct: http://desowin.org/usbpcap/

answered 03 May '16, 03:26

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

The SHA-2 KB detection was added by Wireshark project as the driver is signed with a SHA-2 certificate.

USBPcap installer is using the following method to detect KB3033929 installation:

%COMSPEC% /C wmic qfe get Hotfixid | findstr KB3033929

As suggested here. If you execute the command manually and the KB is installed, in theory you should get the following output:

KB3033929

You could try to install it manually by unzipping the NSIS script, but it requires selecting the right .sys file... You might have more chance downloading USBPcap installer from here (that's the one embedded in Wireshark 2.0.3 installer), right click on the file, select properties -> compatibility -> run as Windows Vista (this will skip ghr KB3033929 check that is run on Windows 7 only).

But really ensure that KB3033929 is installed. Otherwise it will probably make your USB root inoperative (you can use the system restore point created during installation to recover).

answered 03 May '16, 05:07

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

As suggested in another Question here, be sure to to enable the Remote Desktop service before you take the adventure of installing the USBPcap's USB driver. Unless you have a notebook or a very old PC with PS/2 keyboard and mouse connector, getting access to the PC without any USB peripheral working is close to impossible, i.e. you wouldn't even be able to choose the recovery point.

(03 May '16, 05:54) sindy

The detect method gives the good answer:

C:>%COMSPEC% /C wmic qfe get Hotfixid | findstr KB3033929

KB3033929

C:>

But the KB is not detected:

alt text

If I try the Vista compatibility mode, the install fails...

alt text

Some files are installed, but not the system files!

alt text

And it does not work in WireShark!!!

I am on Windows 7 64 bits French.

(04 May '16, 01:38) Jean-Marc

So far The only time I saw an installation failing was when a previous USBPcap version was uninstalled, and not reboot happened before the next installation attempt. That said I reviewed the installer options, and saw that we provide different drivers for Vista and Win7 (I did not realize this when I thought about the compatibility mode workaround. This could be also the root cause of the installation failure.

For the KB detection, the only remaining issue I could think to is to confirm that the installed is run with administrator privileges. Could you please uninstall any previously failed USBPcap installation, reboot and try to install it again with administrator rights (without the Vista compatibility mode)? If it still fails I'm out of ideas why... :(

(04 May '16, 04:37) Pascal Quantin

OK there is actually another solution: use an earlier version of USBPcap installer that was not doing the KB installation check (the USBPcap code itself is the same):

(04 May '16, 05:54) Pascal Quantin

0

This error is actually a problem with Windows Management Instrumentation. Their command-line interface for the API misses, causing QFE not to report rightly. You can test for this problem--and search for solutions--by using this command in a Command Prompt:

wmic /TRACE:ON qfe get Hotfixid

The resulting log usually ends with Error 0x8007007e, "The specified module could not be found." Oddly enough, if you run wbemtest and connect to root\cimv2 before executing the trace...you can enumerate instances of Win32_QuickFixEngineering and get a full list of Hotfixes popping out in the query results box.

So QFE runs fine, but the problem is with WMIC actually returning the output to the API for USBPcapSetup to see. I've tried rebuilding WMI from scratch, reinstalling, rebooting...you name it. The error persists. I think something is missing from texttable.xml. If anyone has a working WMIC, could you please post texttable.xml somewhere for me? I'd like to perma-kill this bug dead.

answered 23 Dec '16, 01:34

boinkitsbroken's gravatar image

boinkitsbroken
62
accept rate: 0%

edited 23 Dec '16, 01:35