npcap

Updated wpcap.dll from VS2005 to VS2013.
Updated Packet.dll, NPFInstall.exe and NPcapHelper.exe from VS2010 to VS2013.

If you failed to run this version, make sure you installed Visual C++ Redistributable Packages for Visual Studio 2013

Additionally, I rolled back the driver signing improvement in 0.05 r8. Because it will show a Program Compatibility Assistant window said a well signed driver is needed. However, it's not true because npcap driver runs well by testing net start npf. To avoid this false message, I rolled back to the original signing commands.

Now Npcap driver will be signed in both SHA1 and SHA256 digest algorithms and with timestamp. This improvement will help the driver installation on Vista and Win7. This is an issue reported by Graham Bloice (see graham's answer in https://ask.wireshark.org/questions/46689/failed-to-create-npcap-service).

For Vista x64 and Win7 x64 users:
If you still get the pop-up window that said Windows requires a digitally signed driver (or get error 577 when executing net start npf), please try these steps:

1. Install Windows SHA-256 certificate security updates successfully.
   KB2763674 for Vista with SP2: https://support.microsoft.com/en-us/kb/2763674
   KB3033929 for Win7 with SP1: https://technet.microsoft.com/en-us/library/security/3033929.aspx
   This step should requires reboot.
   More information please refer to: http://www.davidegrayson.com/signing/

2. Install latest Npcap 0.05-r8.

3. If step 2) still fails running the driver, then reinstall an alternate version of Npcap you NEVER installed on the machine before (like 0.05-r7, if you unfortunately tried 0.05-r7 before step1), then try 0.05-r6.) to "flush" the driver cache. You should use the same option of Install Npcap in WinPcap API-compatible Mode as you did in step 2). This installation of 0.05-r7 should work.

4. Reinstall back the latest Npcap 0.05-r8. This second-time installation should succeed.

If the above steps don't work for you, you can still run Npcap by disabling Driver Signature Enforcement:
https://support.hidemyass.com/hc/en-us/articles/202723596-How-to-disable-Driver-Signing-check-on-Windows

Let me know if these steps work.

Now send-to-Rx adapters can be multiple. The string specified in registry's SendToRx value should be semicolon-separated.

An example for one send-to-Rx adapter:
\Device\{754FC84C-EFBC-4443-B479-2EFAE01DC7BF}

An example for two send-to-Rx adapters:
\Device\{754FC84C-EFBC-4443-B479-2EFAE01DC7BF};\Device\{F5A00000-E19A-4D17-B6D9-A23FE1852573}

Now Npcap can have a send-to-Rx adapter. The send-to-Rx adapter will inject all its packets to "Receive Path" (Rx) instead of normal "Send Path" (Tx). So that instead of sending traffic to the network, the adapter will pretend to receive the injected traffic from the network in this way.

Currently only one send-to-Rx adapter is supported by specifying SendToRx value in Npcap driver service's registry key (need to restart the driver to take effect).

Npcap driver service's registry key is usually in: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npf. In this key. You need to manually create a REG_SZ value named SendToRx, the value is the name of the adapter you want to be send-to-Rx adapter. The name is usually like format of \Device\{F5A00000-E19A-4D17-B6D9-A23FE1852573}. You can query this value using Nmap's nmap --iflist command, you will get a similar value like \Device\NPF_{F5A00000-E19A-4D17-B6D9-A23FE1852573}, but they are NOT THE SAME. You need to remove the NPF_ in this string and copy it to registry's SendToRx value. Then reboot the driver by net stop npf and net start npf.

Fixed the bug reported by Nuno Antonio Dias Ferreira that Npcap fails to retrieve the adapter list using NPF registry way.

Fixed the bug reported by Tenzin Rigden that Npcap installer fails to install correct files in /S silent mode.