Move npf_sys_is_running() from wsutil to caputils.

It has nothing to do with controlling privileges; it only tests whether
the NPF or Npcap service (driver) is running, so it belongs in caputils.

While we're at it, fix its signature (in C, a function with no arguments
must have "void" as the argument list, for backwards compatibility with
pre-function-prototype C), and close the handles it opens, so we don't
have open handles leaked.

Change-Id: Ia99e99d81617ed2e8cda2c44e53061b4502a2b58
Reviewed-on: https://code.wireshark.org/review/15714
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 38 insertions, 0 deletions

diff --git a/caputils/capture-wpcap.c b/caputils/capture-wpcap.c
index 5094375e75..deff5f9da5 100644
--- a/caputils/capture-wpcap.c
+++ b/caputils/capture-wpcap.c
@@ -24,6 +24,10 @@
 
 #include "config.h"
 
+#include <windows.h>
+#include <wchar.h>
+#include <tchar.h>
+
 #include <stdio.h>
 #include <glib.h>
 #include <gmodule.h>
@@ -1082,6 +1086,40 @@ get_runtime_caplibs_version(GString *str)
 		g_string_append(str, "without WinPcap");
 }
 
+/*
+ * If npf.sys is running, return TRUE.
+ */
+gboolean
+npf_sys_is_running(void)
+{
+	SC_HANDLE h_scm, h_serv;
+	SERVICE_STATUS ss;
+
+	h_scm = OpenSCManager(NULL, NULL, 0);
+	if (!h_scm)
+		return FALSE;
+
+	h_serv = OpenService(h_scm, _T("npf"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
+	if (!h_serv) {
+		h_serv = OpenService(h_scm, _T("npcap"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
+		if (!h_serv) {
+			CloseServiceHandle(h_scm);
+			return FALSE;
+		}
+	}
+
+	if (QueryServiceStatus(h_serv, &ss)) {
+		if (ss.dwCurrentState & SERVICE_RUNNING) {
+			CloseServiceHandle(h_serv);
+			CloseServiceHandle(h_scm);
+			return TRUE;
+		}
+	}
+	CloseServiceHandle(h_serv);
+	CloseServiceHandle(h_scm);
+	return FALSE;
+}
+
 #else /* HAVE_LIBPCAP */
 
 void