2 * Copyright (c) 1999, 2000
3 * Politecnico di Torino. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the Politecnico
13 * di Torino, and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25 #include <ddk/ntddndis.h>
33 /****** KERNEL Macro APIs ******************************************************/
35 #define GetInstanceModule(hInst) (HMODULE)(hInst)
36 #define GlobalPtrHandle(lp) ((HGLOBAL)GlobalHandle(lp))
37 #define GlobalLockPtr(lp) ((BOOL)GlobalLock(GlobalPtrHandle(lp)))
38 #define GlobalUnlockPtr(lp) GlobalUnlock(GlobalPtrHandle(lp))
39 #define GlobalAllocPtr(flags, cb) (GlobalLock(GlobalAlloc((flags), (cb))))
40 #define GlobalReAllocPtr(lp, cbNew, flags) (GlobalUnlockPtr(lp), GlobalLock(GlobalReAlloc(GlobalPtrHandle(lp) , (cbNew), (flags))))
41 #define GlobalFreePtr(lp) (GlobalUnlockPtr(lp), (BOOL)(ULONG_PTR)GlobalFree(GlobalPtrHandle(lp)))
44 #define GMEM_MOVEABLE 0
48 /// Title of error windows
49 TCHAR szWindowTitle
[] = TEXT("PACKET.DLL");
52 #define ODS(_x) OutputDebugString(TEXT(_x))
53 //#define ODSEx(_x, _y)
59 \brief Macro to print a debug string. The behavior differs depending on the debug level
63 f = fopen("winpcap_debug.txt", "a"); \
64 fprintf(f, "%s", _x); \
68 \brief Macro to print debug data with the printf convention. The behavior differs depending on
71 #define ODSEx(_x, _y) { \
73 f = fopen("winpcap_debug.txt", "a"); \
78 LONG
PacketDumpRegistryKey(PCHAR KeyName
, PCHAR FileName
);
86 SC_HANDLE scmHandle
= NULL
;
87 SC_HANDLE srvHandle
= NULL
;
88 LPCTSTR NPFServiceName
= TEXT("NPF");
89 LPCTSTR NPFServiceDesc
= TEXT("Netgroup Packet Filter");
90 LPCTSTR NPFDriverName
= TEXT("\\npf.sys");
91 LPCTSTR NPFRegistryLocation
= TEXT("SYSTEM\\ControlSet001\\Services\\NPF");
94 //---------------------------------------------------------------------------
97 \brief The main dll function.
100 BOOL APIENTRY
DllMain (HANDLE DllHandle
,DWORD Reason
,LPVOID lpReserved
)
106 case DLL_PROCESS_ATTACH
:
108 ODS("\n************Packet32: DllMain************\n");
110 #ifdef _DEBUG_TO_FILE
111 // dump a bunch of registry keys useful for debug to file
112 PacketDumpRegistryKey("HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}",
114 PacketDumpRegistryKey("HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip",
116 PacketDumpRegistryKey("HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\NPF",
118 PacketDumpRegistryKey("HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services",
123 case DLL_PROCESS_DETACH
:
134 \brief Converts an ASCII string to UNICODE. Uses the MultiByteToWideChar() system function.
135 \param string The string to convert.
136 \return The converted string.
139 WCHAR
* SChar2WChar(char* string
)
142 TmpStr
=(WCHAR
*) malloc ((strlen(string
)+2)*sizeof(WCHAR
));
144 MultiByteToWideChar(CP_ACP
, 0, string
, -1, TmpStr
, (strlen(string
)+2));
150 \brief Sets the maximum possible lookahead buffer for the driver's Packet_tap() function.
151 \param AdapterObject Handle to the service control manager.
152 \return If the function succeeds, the return value is nonzero.
154 The lookahead buffer is the portion of packet that Packet_tap() can access from the NIC driver's memory
155 without performing a copy. This function tries to increase the size of that buffer.
158 BOOLEAN
PacketSetMaxLookaheadsize (LPADAPTER AdapterObject
)
161 ULONG IoCtlBufferLength
=(sizeof(PACKET_OID_DATA
)+sizeof(ULONG
)-1);
162 PPACKET_OID_DATA OidData
;
164 OidData
=GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
,IoCtlBufferLength
);
165 if (OidData
== NULL
) {
166 ODS("PacketSetMaxLookaheadsize failed\n");
170 //set the size of the lookahead buffer to the maximum available by the the NIC driver
171 OidData
->Oid
=OID_GEN_MAXIMUM_LOOKAHEAD
;
172 OidData
->Length
=sizeof(ULONG
);
173 Status
=PacketRequest(AdapterObject
,FALSE
,OidData
);
174 OidData
->Oid
=OID_GEN_CURRENT_LOOKAHEAD
;
175 Status
=PacketRequest(AdapterObject
,TRUE
,OidData
);
176 GlobalFreePtr(OidData
);
181 \brief Retrieves the event associated in the driver with a capture instance and stores it in an
183 \param AdapterObject Handle to the service control manager.
184 \return If the function succeeds, the return value is nonzero.
186 This function is used by PacketOpenAdapter() to retrieve the read event from the driver by means of an ioctl
187 call and set it in the _ADAPTER structure pointed by AdapterObject.
190 BOOLEAN
PacketSetReadEvt(LPADAPTER AdapterObject
)
195 // this tells the terminal service to retrieve the event from the global namespace
196 wcsncpy(EventName
,L
"Global\\",sizeof(L
"Global\\"));
198 // retrieve the name of the shared event from the driver
199 if(DeviceIoControl(AdapterObject
->hFile
,pBIOCEVNAME
,NULL
,0,EventName
+7,13*sizeof(TCHAR
),&BytesReturned
,NULL
)==FALSE
) return FALSE
;
201 EventName
[20]=0; // terminate the string
203 // open the shared event
204 AdapterObject
->ReadEvent
=CreateEventW(NULL
,
209 // in NT4 "Global\" is not automatically ignored: try to use simply the event name
210 if(GetLastError()!=ERROR_ALREADY_EXISTS
){
211 if(AdapterObject
->ReadEvent
!= NULL
)
212 CloseHandle(AdapterObject
->ReadEvent
);
214 // open the shared event
215 AdapterObject
->ReadEvent
=CreateEventW(NULL
,
221 if(AdapterObject
->ReadEvent
==NULL
|| GetLastError()!=ERROR_ALREADY_EXISTS
){
222 ODS("PacketSetReadEvt: error retrieving the event from the kernel\n");
226 AdapterObject
->ReadTimeOut
=0;
233 \brief Installs the NPF device driver.
234 \param ascmHandle Handle to the service control manager.
235 \param ascmHandle A pointer to a handle that will receive the pointer to the driver's service.
236 \param driverPath The full path of the .sys file to load.
237 \return If the function succeeds, the return value is nonzero.
239 This function installs the driver's service in the system using the CreateService function.
242 BOOL
PacketInstallDriver(SC_HANDLE ascmHandle
, SC_HANDLE
* srvHandle
, TCHAR
* driverPath
)
247 ODS("installdriver\n");
249 if (GetFileAttributes(driverPath
) != 0xffffffff) {
250 *srvHandle
= CreateService(ascmHandle
,
254 SERVICE_KERNEL_DRIVER
,
255 SERVICE_DEMAND_START
,
256 SERVICE_ERROR_NORMAL
,
258 NULL
, NULL
, NULL
, NULL
, NULL
);
259 if (*srvHandle
== NULL
) {
260 if (GetLastError() == ERROR_SERVICE_EXISTS
) {
261 //npf.sys already existed
265 //Created service for npf.sys
269 if (result
== TRUE
) {
270 if (*srvHandle
!= NULL
) {
271 CloseServiceHandle(*srvHandle
);
275 if (result
== FALSE
){
276 err
= GetLastError();
278 ODSEx("PacketInstallDriver failed, Error=%d\n",err
);
286 \brief Convert a Unicode dotted-quad to a 32-bit IP address.
287 \param cp A string containing the address.
288 \return the converted 32-bit numeric address.
290 Doesn't check to make sure the address is valid.
294 ULONG
inet_addrU(const WCHAR
*cp
)
301 for (i
= 0; i
< 4; i
++) {
303 while ((c
= *cp
++) != '\0' && c
!= '.') {
304 if (c
< '0' || c
> '9')
306 part
= part
*10 + (c
- '0');
310 val
= val
| (part
<< i
*8);
313 return -1; // extra gunk at end of string
316 return -1; // string ends early
323 \brief Dumps a registry key to disk in text format. Uses regedit.
324 \param KeyName Name of the ket to dump. All its subkeys will be saved recursively.
325 \param FileName Name of the file that will contain the dump.
326 \return If the function succeeds, the return value is nonzero.
328 For debugging purposes, we use this function to obtain some registry keys from the user's machine.
331 #ifdef _DEBUG_TO_FILE
333 LONG
PacketDumpRegistryKey(PCHAR KeyName
, PCHAR FileName
)
337 strcpy(Command
, "regedit /e ");
338 strcat(Command
, FileName
);
339 strcat(Command
, " ");
340 strcat(Command
, KeyName
);
342 /// Let regedit do the dirt work for us
349 //---------------------------------------------------------------------------
351 //---------------------------------------------------------------------------
353 /** @ingroup packetapi
357 /** @defgroup packet32 Packet.dll exported functions and variables
361 /// Current packet.dll Version. It can be retrieved directly or through the PacketGetVersion() function.
362 char PacketLibraryVersion
[] = "2.3";
365 \brief Returns a string with the dll version.
366 \return A char pointer to the version of the library.
368 PCHAR
PacketGetVersion(){
369 return PacketLibraryVersion
;
373 \brief Returns information about the MAC type of an adapter.
374 \param AdapterObject The adapter on which information is needed.
375 \param type Pointer to a NetType structure that will be filled by the function.
376 \return If the function succeeds, the return value is nonzero, otherwise the return value is zero.
378 This function return the link layer technology and the speed (in bps) of an opened adapter.
379 The LinkType field of the type parameter can have one of the following values:
381 - NdisMedium802_3: Ethernet (802.3)
383 - NdisMedium802_5: Token Ring (802.5)
384 - NdisMediumFddi: FDDI
386 - NdisMediumArcnet878_2: ARCNET (878.2)
388 BOOLEAN
PacketGetNetType (LPADAPTER AdapterObject
,NetType
*type
)
391 ULONG IoCtlBufferLength
=(sizeof(PACKET_OID_DATA
)+sizeof(ULONG
)-1);
392 PPACKET_OID_DATA OidData
;
394 OidData
=GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
,IoCtlBufferLength
);
395 if (OidData
== NULL
) {
396 ODS("PacketGetNetType failed\n");
399 //get the link-layer type
400 OidData
->Oid
= OID_GEN_MEDIA_IN_USE
;
401 OidData
->Length
= sizeof (ULONG
);
402 Status
= PacketRequest(AdapterObject
,FALSE
,OidData
);
403 type
->LinkType
=*((UINT
*)OidData
->Data
);
405 //get the link-layer speed
406 OidData
->Oid
= OID_GEN_LINK_SPEED
;
407 OidData
->Length
= sizeof (ULONG
);
408 Status
= PacketRequest(AdapterObject
,FALSE
,OidData
);
409 type
->LinkSpeed
=*((UINT
*)OidData
->Data
)*100;
410 GlobalFreePtr (OidData
);
412 ODSEx("Media:%d ",type
->LinkType
);
413 ODSEx("Speed=%d\n",type
->LinkSpeed
);
419 \brief Stops and unloads the WinPcap device driver.
420 \return If the function succeeds, the return value is nonzero, otherwise it is zero.
422 This function can be used to unload the driver from memory when the application no more needs it.
423 Note that the driver is physically stopped and unloaded only when all the files on its devices
424 are closed, i.e. when all the applications that use WinPcap close all their adapters.
426 BOOL
PacketStopDriver()
429 SC_HANDLE schService
;
431 SERVICE_STATUS serviceStatus
;
433 scmHandle
= OpenSCManager(NULL
, NULL
, SC_MANAGER_ALL_ACCESS
);
435 if(scmHandle
!= NULL
){
437 schService
= OpenService (scmHandle
,
442 if (schService
!= NULL
)
445 ret
= ControlService (schService
,
446 SERVICE_CONTROL_STOP
,
453 CloseServiceHandle (schService
);
455 CloseServiceHandle(scmHandle
);
466 \brief Opens an adapter.
467 \param AdapterName A string containing the name of the device to open.
468 Use the PacketGetAdapterNames() function to retrieve the list of available devices.
469 \return If the function succeeds, the return value is the pointer to a properly initialized ADAPTER object,
470 otherwise the return value is NULL.
472 This function tries to load and start the packet driver at the first invocation. In this way,
473 the management of the driver is transparent to the application, that simply needs to open an adapter to start
476 \note the Windows 95 version of the NPF driver works with the ASCII string format, while the Windows NT
477 version works with UNICODE. Therefore, AdapterName \b should be an ASCII string in Windows 95, and a UNICODE
478 string in Windows NT. This difference is not a problem if the string pointed by AdapterName was obtained
479 through the PacketGetAdapterNames function, because it returns the names of the adapters in the proper format.
480 Problems can arise in Windows NT when the string is obtained from ANSI C functions like scanf, because they
481 use the ASCII format. Since this could be a relevant problem during the porting of command-line applications
482 from UNIX, we included in the Windows NT version of PacketOpenAdapter the ability to detect ASCII strings and
483 convert them to UNICODE before sending them to the device driver. Therefore PacketOpenAdapter in Windows NT
484 accepts both the ASCII and the UNICODE format. If a ASCII string is received, it is converted to UNICODE
485 by PACKET.DLL before being passed to the driver.
487 LPADAPTER
PacketOpenAdapter(LPTSTR AdapterName
)
494 SC_HANDLE svcHandle
= NULL
;
495 TCHAR driverPath
[512];
499 SERVICE_STATUS SStat
;
501 WCHAR SymbolicLink
[128];
503 ODSEx("PacketOpenAdapter: trying to open the adapter=%S\n",AdapterName
);
505 scmHandle
= OpenSCManager(NULL
, NULL
, SC_MANAGER_ALL_ACCESS
);
506 if(scmHandle
== NULL
){
507 error
= GetLastError();
508 ODSEx("OpenSCManager failed! Error=%d\n", error
);
511 GetCurrentDirectory(512, driverPath
);
512 wsprintf(driverPath
+ wcslen(driverPath
), NPFDriverName
);
514 // check if the NPF registry key is already present
515 // this means that the driver is already installed and that we don't need to call PacketInstallDriver
516 KeyRes
=RegOpenKeyEx(HKEY_LOCAL_MACHINE
,
522 if(KeyRes
!= ERROR_SUCCESS
){
523 Result
= PacketInstallDriver(scmHandle
,&svcHandle
,driverPath
);
526 RegCloseKey(PathKey
);
531 srvHandle
= OpenService(scmHandle
, NPFServiceName
, SERVICE_START
| SERVICE_QUERY_STATUS
);
532 if (srvHandle
!= NULL
){
534 QuerySStat
= QueryServiceStatus(srvHandle
, &SStat
);
535 ODSEx("The status of the driver is:%d\n",SStat
.dwCurrentState
);
537 if (!QuerySStat
|| SStat
.dwCurrentState
!= SERVICE_RUNNING
){
538 ODS("Calling startservice\n");
539 if (StartService(srvHandle
, 0, NULL
)==0){
540 error
= GetLastError();
541 if (error
!=ERROR_SERVICE_ALREADY_RUNNING
&& error
!=ERROR_ALREADY_EXISTS
){
543 if (scmHandle
!= NULL
) CloseServiceHandle(scmHandle
);
544 error
= GetLastError();
545 ODSEx("PacketOpenAdapter: StartService failed, Error=%d\n",error
);
551 error
= GetLastError();
552 ODSEx("OpenService failed! Error=%d", error
);
555 if (GetSystemDirectory(WinPath
, sizeof(WinPath
)/sizeof(TCHAR
)) == 0) {
558 wsprintf(driverPath
, TEXT("%s\\drivers%s"), WinPath
, NPFDriverName
);
560 if (KeyRes
!= ERROR_SUCCESS
) {
561 Result
= PacketInstallDriver(scmHandle
,&svcHandle
,driverPath
);
566 srvHandle
= OpenService(scmHandle
,NPFServiceName
,SERVICE_START
);
567 if (srvHandle
!= NULL
) {
568 QuerySStat
= QueryServiceStatus(srvHandle
, &SStat
);
569 ODSEx("The status of the driver is:%d\n",SStat
.dwCurrentState
);
570 if (!QuerySStat
|| SStat
.dwCurrentState
!= SERVICE_RUNNING
) {
571 ODS("Calling startservice\n");
572 if (StartService(srvHandle
, 0, NULL
) == 0) {
573 error
= GetLastError();
574 if (error
!= ERROR_SERVICE_ALREADY_RUNNING
&& error
!=ERROR_ALREADY_EXISTS
) {
576 if (scmHandle
!= NULL
) CloseServiceHandle(scmHandle
);
577 ODSEx("PacketOpenAdapter: StartService failed, Error=%d\n",error
);
583 error
= GetLastError();
584 ODSEx("OpenService failed! Error=%d", error
);
589 if (scmHandle
!= NULL
) CloseServiceHandle(scmHandle
);
591 AdapterNameA
= (char*)AdapterName
;
592 if (AdapterNameA
[1] != 0) { // ASCII
593 AdapterNameU
= SChar2WChar(AdapterNameA
);
594 AdapterName
= AdapterNameU
;
599 lpAdapter
= (LPADAPTER
)GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
,sizeof(ADAPTER
));
600 if (lpAdapter
== NULL
) {
601 ODS("PacketOpenAdapter: GlobalAlloc Failed\n");
602 error
= GetLastError();
603 if (AdapterNameU
!= NULL
) free(AdapterNameU
);
604 //set the error to the one on which we failed
606 ODS("PacketOpenAdapter: Failed to allocate the adapter structure\n");
609 lpAdapter
->NumWrites
= 1;
611 wsprintf(SymbolicLink
,TEXT("\\\\.\\%s%s"), DOSNAMEPREFIX
, &AdapterName
[8]);
613 // Copy only the bytes that fit in the adapter structure.
614 // Note that lpAdapter->SymbolicLink is present for backward compatibility but will
615 // never be used by the apps
616 memcpy(lpAdapter
->SymbolicLink
, (PCHAR
)SymbolicLink
, MAX_LINK_NAME_LENGTH
);
618 //try if it is possible to open the adapter immediately
619 lpAdapter
->hFile
= CreateFile(SymbolicLink
,GENERIC_WRITE
| GENERIC_READ
,0,NULL
,OPEN_EXISTING
,0,0);
621 if (lpAdapter
->hFile
!= INVALID_HANDLE_VALUE
) {
622 ODSEx("PacketOpenAdapter: CreateFile(%S) successfull\n", SymbolicLink
);
623 if (PacketSetReadEvt(lpAdapter
) == FALSE
) {
624 error
= GetLastError();
625 ODS("PacketOpenAdapter: Unable to open the read event\n");
626 if (AdapterNameU
!= NULL
)
628 GlobalFreePtr(lpAdapter
);
629 //set the error to the one on which we failed
631 ODSEx("PacketOpenAdapter: PacketSetReadEvt failed, Error=%d\n",error
);
635 PacketSetMaxLookaheadsize(lpAdapter
);
636 if (AdapterNameU
!= NULL
)
640 //this is probably the first request on the packet driver.
641 //We must create the dos device and set the access rights on it
643 Result
= DefineDosDevice(DDD_RAW_TARGET_PATH
,
648 ODSEx("PacketOpenAdapter: calling CreateFile(%S)\n", SymbolicLink
);
650 lpAdapter
->hFile
= CreateFile(
652 GENERIC_WRITE
| GENERIC_READ
,0,NULL
,OPEN_EXISTING
,0,0);
653 if (lpAdapter
->hFile
!= INVALID_HANDLE_VALUE
) {
654 if (PacketSetReadEvt(lpAdapter
) == FALSE
) {
655 error
= GetLastError();
656 ODS("PacketOpenAdapter: Unable to open the read event\n");
657 if (AdapterNameU
!= NULL
)
659 GlobalFreePtr(lpAdapter
);
660 //set the error to the one on which we failed
662 ODSEx("PacketOpenAdapter: PacketSetReadEvt failed, Error=1,%d\n",error
);
665 PacketSetMaxLookaheadsize(lpAdapter
);
666 if (AdapterNameU
!= NULL
)
670 ODS("PacketOpenAdapter: CreateFile failed\n");
673 ODSEx("PacketOpenAdapter: DefineDosDevice(%S) failed\n", &SymbolicLink
[4]);
676 error
= GetLastError();
677 if (AdapterNameU
!= NULL
)
679 GlobalFreePtr(lpAdapter
);
680 //set the error to the one on which we failed
682 ODSEx("PacketOpenAdapter: CreateFile failed, Error=2,%d\n",error
);
688 \brief Closes an adapter.
689 \param lpAdapter the pointer to the adapter to close.
691 PacketCloseAdapter closes the given adapter and frees the associated ADAPTER structure
693 VOID
PacketCloseAdapter(LPADAPTER lpAdapter
)
695 CloseHandle(lpAdapter
->hFile
);
696 SetEvent(lpAdapter
->ReadEvent
);
697 CloseHandle(lpAdapter
->ReadEvent
);
698 GlobalFreePtr(lpAdapter
);
702 \brief Allocates a _PACKET structure.
703 \return On succeess, the return value is the pointer to a _PACKET structure otherwise the
704 return value is NULL.
706 The structure returned will be passed to the PacketReceivePacket() function to receive the
707 packets from the driver.
709 \warning The Buffer field of the _PACKET structure is not set by this function.
710 The buffer \b must be allocated by the application, and associated to the PACKET structure
711 with a call to PacketInitPacket.
713 LPPACKET
PacketAllocatePacket(void)
717 lpPacket
= (LPPACKET
)GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
,sizeof(PACKET
));
718 if (lpPacket
== NULL
) {
719 ODS("PacketAllocatePacket: GlobalAlloc Failed\n");
726 \brief Frees a _PACKET structure.
727 \param lpPacket The structure to free.
729 \warning the user-allocated buffer associated with the _PACKET structure is not deallocated
730 by this function and \b must be explicitly deallocated by the programmer.
733 VOID
PacketFreePacket(LPPACKET lpPacket
)
735 GlobalFreePtr(lpPacket
);
739 \brief Initializes a _PACKET structure.
740 \param lpPacket The structure to initialize.
741 \param Buffer A pointer to a user-allocated buffer that will contain the captured data.
742 \param Length the length of the buffer. This is the maximum buffer size that will be
743 transferred from the driver to the application using a single read.
745 \note the size of the buffer associated with the PACKET structure is a parameter that can sensibly
746 influence the performance of the capture process, since this buffer will contain the packets received
747 from the the driver. The driver is able to return several packets using a single read call
748 (see the PacketReceivePacket() function for details), and the number of packets transferable to the
749 application in a call is limited only by the size of the buffer associated with the PACKET structure
750 passed to PacketReceivePacket(). Therefore setting a big buffer with PacketInitPacket can noticeably
751 decrease the number of system calls, reducing the impcat of the capture process on the processor.
754 VOID
PacketInitPacket(LPPACKET lpPacket
,PVOID Buffer
,UINT Length
)
756 lpPacket
->Buffer
= Buffer
;
757 lpPacket
->Length
= Length
;
758 lpPacket
->ulBytesReceived
= 0;
759 lpPacket
->bIoComplete
= FALSE
;
763 \brief Read data (packets or statistics) from the NPF driver.
764 \param AdapterObject Pointer to an _ADAPTER structure identifying the network adapter from which
765 the data is received.
766 \param lpPacket Pointer to a PACKET structure that will contain the data.
767 \param Sync This parameter is deprecated and will be ignored. It is present for compatibility with
769 \return If the function succeeds, the return value is nonzero.
771 The data received with this function can be a group of packets or a static on the network traffic,
772 depending on the working mode of the driver. The working mode can be set with the PacketSetMode()
773 function. Give a look at that function if you are interested in the format used to return statistics
774 values, here only the normal capture mode will be described.
776 The number of packets received with this function is variable. It depends on the number of packets
777 currently stored in the driver\92s buffer, on the size of these packets and on the size of the buffer
778 associated to the lpPacket parameter. The following figure shows the format used by the driver to pass
779 packets to the application.
781 \image html encoding.gif "method used to encode the packets"
783 Packets are stored in the buffer associated with the lpPacket _PACKET structure. The Length field of
784 that structure is updated with the amount of data copied in the buffer. Each packet has a header
785 consisting in a bpf_hdr structure that defines its length and contains its timestamp. A padding field
786 is used to word-align the data in the buffer (to speed up the access to the packets). The bh_datalen
787 and bh_hdrlen fields of the bpf_hdr structures should be used to extract the packets from the buffer.
789 Examples can be seen either in the TestApp sample application (see the \ref packetsamps page) provided
790 in the developer's pack, or in the pcap_read() function of wpcap.
792 BOOLEAN
PacketReceivePacket(LPADAPTER AdapterObject
,LPPACKET lpPacket
,BOOLEAN Sync
)
795 if ((int)AdapterObject
->ReadTimeOut
!= -1)
796 WaitForSingleObject(AdapterObject
->ReadEvent
, (AdapterObject
->ReadTimeOut
==0)?INFINITE
:AdapterObject
->ReadTimeOut
);
797 res
= ReadFile(AdapterObject
->hFile
, lpPacket
->Buffer
, lpPacket
->Length
, &lpPacket
->ulBytesReceived
,NULL
);
802 \brief Sends one (or more) copies of a packet to the network.
803 \param AdapterObject Pointer to an _ADAPTER structure identifying the network adapter that will
805 \param lpPacket Pointer to a PACKET structure with the packet to send.
806 \param Sync This parameter is deprecated and will be ignored. It is present for compatibility with
808 \return If the function succeeds, the return value is nonzero.
810 This function is used to send a raw packet to the network. 'Raw packet' means that the programmer
811 will have to include the protocol headers, since the packet is sent to the network 'as is'.
812 The CRC needs not to be calculated and put at the end of the packet, because it will be transparently
813 added by the network interface.
815 The behavior of this function is influenced by the PacketSetNumWrites() function. With PacketSetNumWrites(),
816 it is possible to change the number of times a single write must be repeated. The default is 1,
817 i.e. every call to PacketSendPacket() will correspond to one packet sent to the network. If this number is
818 greater than 1, for example 1000, every raw packet written by the application will be sent 1000 times on
819 the network. This feature mitigates the overhead of the context switches and therefore can be used to generate
820 high speed traffic. It is particularly useful for tools that test networks, routers, and servers and need
821 to obtain high network loads.
822 The optimized sending process is still limited to one packet at a time: for the moment it cannot be used
823 to send a buffer with multiple packets.
825 \note The ability to write multiple packets is currently present only in the Windows NTx version of the
826 packet driver. In Windows 95/98/ME it is emulated at user level in packet.dll. This means that an application
827 that uses the multiple write method will run in Windows 9x as well, but its performance will be very low
828 compared to the one of WindowsNTx.
830 BOOLEAN
PacketSendPacket(LPADAPTER AdapterObject
,LPPACKET lpPacket
,BOOLEAN Sync
)
832 DWORD BytesTransfered
;
833 return WriteFile(AdapterObject
->hFile
,lpPacket
->Buffer
,lpPacket
->Length
,&BytesTransfered
,NULL
);
838 \brief Sends a buffer of packets to the network.
839 \param AdapterObject Pointer to an _ADAPTER structure identifying the network adapter that will
841 \param PacketBuff Pointer to buffer with the packets to send.
842 \param Size Size of the buffer pointed by the PacketBuff argument.
843 \param Sync if TRUE, the packets are sent respecting the timestamps. If FALSE, the packets are sent as
845 \return The amount of bytes actually sent. If the return value is smaller than the Size parameter, an
846 error occurred during the send. The error can be caused by a driver/adapter problem or by an
847 inconsistent/bogus packet buffer.
849 This function is used to send a buffer of raw packets to the network. The buffer can contain an arbitrary
850 number of raw packets, each of which preceded by a dump_bpf_hdr structure. The dump_bpf_hdr is the same used
851 by WinPcap and libpcap to store the packets in a file, therefore sending a capture file is straightforward.
852 'Raw packets' means that the sending application will have to include the protocol headers, since every packet
853 is sent to the network 'as is'. The CRC of the packets needs not to be calculated, because it will be
854 transparently added by the network interface.
856 \note Using this function if more efficient than issuing a series of PacketSendPacket(), because the packets are
857 buffered in the kernel driver, so the number of context switches is reduced.
859 \note When Sync is set to TRUE, the packets are synchronized in the kerenl with a high precision timestamp.
860 This requires a remarkable amount of CPU, but allows to send the packets with a precision of some microseconds
861 (depending on the precision of the performance counter of the machine). Such a precision cannot be reached
862 sending the packets separately with PacketSendPacket().
864 INT
PacketSendPackets(LPADAPTER AdapterObject
, PVOID PacketBuff
, ULONG Size
, BOOLEAN Sync
)
867 DWORD BytesTransfered
, TotBytesTransfered
=0;
868 struct timeval BufStartTime
;
869 LARGE_INTEGER StartTicks
, CurTicks
, TargetTicks
, TimeFreq
;
872 ODS("PacketSendPackets");
874 // Obtain starting timestamp of the buffer
875 BufStartTime
.tv_sec
= ((struct timeval
*)(PacketBuff
))->tv_sec
;
876 BufStartTime
.tv_usec
= ((struct timeval
*)(PacketBuff
))->tv_usec
;
878 // Retrieve the reference time counters
879 QueryPerformanceCounter(&StartTicks
);
880 QueryPerformanceFrequency(&TimeFreq
);
882 CurTicks
.QuadPart
= StartTicks
.QuadPart
;
885 // Send the data to the driver
886 Res
= DeviceIoControl(AdapterObject
->hFile
,
887 (Sync
)?pBIOCSENDPACKETSSYNC
:pBIOCSENDPACKETSNOSYNC
,
888 (PCHAR
)PacketBuff
+ TotBytesTransfered
,
889 Size
- TotBytesTransfered
,
895 TotBytesTransfered
+= BytesTransfered
;
897 // calculate the time interval to wait before sending the next packet
898 TargetTicks
.QuadPart
= StartTicks
.QuadPart
+
900 ((((struct timeval
*)((PCHAR
)PacketBuff
+ TotBytesTransfered
))->tv_sec
- BufStartTime
.tv_sec
) * 1000000 +
901 (((struct timeval
*)((PCHAR
)PacketBuff
+ TotBytesTransfered
))->tv_usec
- BufStartTime
.tv_usec
)) *
902 (TimeFreq
.QuadPart
) / 1000000;
904 // Exit from the loop on termination or error
905 if(TotBytesTransfered
>= Size
|| Res
!= TRUE
)
908 // Wait until the time interval has elapsed
909 while( CurTicks
.QuadPart
<= TargetTicks
.QuadPart
)
910 QueryPerformanceCounter(&CurTicks
);
915 return TotBytesTransfered
;
919 \brief Defines the minimum amount of data that will be received in a read.
920 \param AdapterObject Pointer to an _ADAPTER structure
921 \param nbytes the minimum amount of data in the kernel buffer that will cause the driver to
922 release a read on this adapter.
923 \return If the function succeeds, the return value is nonzero.
925 In presence of a large value for nbytes, the kernel waits for the arrival of several packets before
926 copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage,
927 i.e. better performance, which is a good setting for applications like sniffers. Vice versa, a small value
928 means that the kernel will copy the packets as soon as the application is ready to receive them. This is
929 suggested for real time applications (like, for example, a bridge) that need the better responsiveness from
932 \b note: this function has effect only in Windows NTx. The driver for Windows 9x doesn't offer
933 this possibility, therefore PacketSetMinToCopy is implemented under these systems only for compatibility.
936 BOOLEAN
PacketSetMinToCopy(LPADAPTER AdapterObject
,int nbytes
)
939 return DeviceIoControl(AdapterObject
->hFile
,pBIOCSMINTOCOPY
,&nbytes
,4,NULL
,0,&BytesReturned
,NULL
);
943 \brief Sets the working mode of an adapter.
944 \param AdapterObject Pointer to an _ADAPTER structure.
945 \param mode The new working mode of the adapter.
946 \return If the function succeeds, the return value is nonzero.
948 The device driver of WinPcap has 4 working modes:
949 - Capture mode (mode = PACKET_MODE_CAPT): normal capture mode. The packets transiting on the wire are copied
950 to the application when PacketReceivePacket() is called. This is the default working mode of an adapter.
951 - Statistical mode (mode = PACKET_MODE_STAT): programmable statistical mode. PacketReceivePacket() returns, at
952 precise intervals, statics values on the network traffic. The interval between the statistic samples is
953 by default 1 second but it can be set to any other value (with a 1 ms precision) with the
954 PacketSetReadTimeout() function. The data returned by PacketReceivePacket() when the adapter is in statistical
955 mode is shown in the following figure:<p>
956 \image html stats.gif "data structure returned by statistical mode"
957 Two 64-bit counters are provided: the number of packets and the amount of bytes that satisfy a filter
958 previously set with PacketSetBPF(). If no filter has been set, all the packets are counted. The counters are
959 encapsulated in a bpf_hdr structure, so that they will be parsed correctly by wpcap. Statistical mode has a
960 very low impact on system performance compared to capture mode.
961 - Dump mode (mode = PACKET_MODE_DUMP): the packets are dumped to disk by the driver, in libpcap format. This
962 method is much faster than saving the packets after having captured them. No data is returned
963 by PacketReceivePacket(). If the application sets a filter with PacketSetBPF(), only the packets that satisfy
964 this filter are dumped to disk.
965 - Statitical Dump mode (mode = PACKET_MODE_STAT_DUMP): the packets are dumped to disk by the driver, in libpcap
966 format, like in dump mode. PacketReceivePacket() returns, at precise intervals, statics values on the
967 network traffic and on the amount of data saved to file, in a way similar to statistical mode.
968 The data returned by PacketReceivePacket() when the adapter is in statistical dump mode is shown in
969 the following figure:<p>
970 \image html dump.gif "data structure returned by statistical dump mode"
971 Three 64-bit counters are provided: the number of packets accepted, the amount of bytes accepted and the
972 effective amount of data (including headers) dumped to file. If no filter has been set, all the packets are
973 dumped to disk. The counters are encapsulated in a bpf_hdr structure, so that they will be parsed correctly
975 Look at the NetMeter example in the
976 WinPcap developer's pack to see how to use statistics mode.
978 BOOLEAN
PacketSetMode(LPADAPTER AdapterObject
,int mode
)
981 return DeviceIoControl(AdapterObject
->hFile
,pBIOCSMODE
,&mode
,4,NULL
,0,&BytesReturned
,NULL
);
985 \brief Sets the name of the file that will receive the packet when the adapter is in dump mode.
986 \param AdapterObject Pointer to an _ADAPTER structure.
987 \param name the file name, in ASCII or UNICODE.
988 \param len the length of the buffer containing the name, in bytes.
989 \return If the function succeeds, the return value is nonzero.
991 This function defines the file name that the driver will open to store the packets on disk when
992 it works in dump mode. The adapter must be in dump mode, i.e. PacketSetMode() should have been
993 called previously with mode = PACKET_MODE_DUMP. otherwise this function will fail.
994 If PacketSetDumpName was already invoked on the adapter pointed by AdapterObject, the driver
995 closes the old file and opens the new one.
998 BOOLEAN
PacketSetDumpName(LPADAPTER AdapterObject
, void *name
, int len
)
1000 DWORD BytesReturned
;
1003 WCHAR NameWithPath
[1024];
1007 if(((PUCHAR
)name
)[1]!=0 && len
>1){ //ASCII
1008 FileName
=SChar2WChar(name
);
1015 TStrLen
=GetFullPathName(FileName
,1024,NameWithPath
,&NamePos
);
1017 len
=TStrLen
*2+2; //add the terminating null character
1019 // Try to catch malformed strings
1021 if(((PUCHAR
)name
)[1]!=0 && len
>1) free(FileName
);
1025 res
= DeviceIoControl(AdapterObject
->hFile
,pBIOCSETDUMPFILENAME
,NameWithPath
,len
,NULL
,0,&BytesReturned
,NULL
);
1031 \brief Set the dump mode limits.
1032 \param AdapterObject Pointer to an _ADAPTER structure.
1033 \param maxfilesize The maximum dimension of the dump file, in bytes. 0 means no limit.
1034 \param maxnpacks The maximum number of packets contained in the dump file. 0 means no limit.
1035 \return If the function succeeds, the return value is nonzero.
1037 This function sets the limits after which the NPF driver stops to save the packets to file when an adapter
1038 is in dump mode. This allows to limit the dump file to a precise number of bytes or packets, avoiding that
1039 very long dumps fill the disk space. If both maxfilesize and maxnpacks are set, the dump is stopped when
1040 the first of the two is reached.
1042 \note When a limit is reached, the dump is stopped, but the file remains opened. In order to flush
1043 correctly the data and access the file consistently, you need to close the adapter with PacketCloseAdapter().
1045 BOOLEAN
PacketSetDumpLimits(LPADAPTER AdapterObject
, UINT maxfilesize
, UINT maxnpacks
)
1047 DWORD BytesReturned
;
1050 valbuff
[0] = maxfilesize
;
1051 valbuff
[1] = maxnpacks
;
1053 return DeviceIoControl(AdapterObject
->hFile
,
1064 \brief Returns the status of the kernel dump process, i.e. tells if one of the limits defined with PacketSetDumpLimits() was reached.
1065 \param AdapterObject Pointer to an _ADAPTER structure.
1066 \param sync if TRUE, the function blocks until the dump is finished, otherwise it returns immediately.
1067 \return TRUE if the dump is ended, FALSE otherwise.
1069 PacketIsDumpEnded() informs the user about the limits that were set with a previous call to
1070 PacketSetDumpLimits().
1072 \warning If no calls to PacketSetDumpLimits() were performed or if the dump process has no limits
1073 (i.e. if the arguments of the last call to PacketSetDumpLimits() were both 0), setting sync to TRUE will
1074 block the application on this call forever.
1076 BOOLEAN
PacketIsDumpEnded(LPADAPTER AdapterObject
, BOOLEAN sync
)
1078 DWORD BytesReturned
;
1083 WaitForSingleObject(AdapterObject
->ReadEvent
, INFINITE
);
1085 res
= DeviceIoControl(AdapterObject
->hFile
,
1094 if(res
== FALSE
) return TRUE
; // If the IOCTL returns an error we consider the dump finished
1096 return (BOOLEAN
)IsDumpEnded
;
1100 \brief Returns the notification event associated with the read calls on an adapter.
1101 \param AdapterObject Pointer to an _ADAPTER structure.
1102 \return The handle of the event that the driver signals when some data is available in the kernel buffer.
1104 The event returned by this function is signaled by the driver if:
1105 - The adapter pointed by AdapterObject is in capture mode and an amount of data greater or equal
1106 than the one set with the PacketSetMinToCopy() function is received from the network.
1107 - the adapter pointed by AdapterObject is in capture mode, no data has been received from the network
1108 but the the timeout set with the PacketSetReadTimeout() function has elapsed.
1109 - the adapter pointed by AdapterObject is in statics mode and the the timeout set with the
1110 PacketSetReadTimeout() function has elapsed. This means that a new statistic sample is available.
1112 In every case, a call to PacketReceivePacket() will return immediately.
1113 The event can be passed to standard Win32 functions (like WaitForSingleObject or WaitForMultipleObjects)
1114 to wait until the driver's buffer contains some data. It is particularly useful in GUI applications that
1115 need to wait concurrently on several events.
1118 HANDLE
PacketGetReadEvent(LPADAPTER AdapterObject
)
1120 return AdapterObject
->ReadEvent
;
1124 \brief Sets the number of times a single packet written with PacketSendPacket() will be repeated on the network.
1125 \param AdapterObject Pointer to an _ADAPTER structure.
1126 \param nwrites Number of copies of a packet that will be physically sent by the interface.
1127 \return If the function succeeds, the return value is nonzero.
1129 See PacketSendPacket() for details.
1131 BOOLEAN
PacketSetNumWrites(LPADAPTER AdapterObject
,int nwrites
)
1133 DWORD BytesReturned
;
1134 return DeviceIoControl(AdapterObject
->hFile
,pBIOCSWRITEREP
,&nwrites
,4,NULL
,0,&BytesReturned
,NULL
);
1138 \brief Sets the timeout after which a read on an adapter returns.
1139 \param AdapterObject Pointer to an _ADAPTER structure.
1140 \param timeout indicates the timeout, in milliseconds, after which a call to PacketReceivePacket() on
1141 the adapter pointed by AdapterObject will be released, also if no packets have been captured by the driver.
1142 Setting timeout to 0 means no timeout, i.e. PacketReceivePacket() never returns if no packet arrives.
1143 A timeout of -1 causes PacketReceivePacket() to always return immediately.
1144 \return If the function succeeds, the return value is nonzero.
1146 \note This function works also if the adapter is working in statistics mode, and can be used to set the
1147 time interval between two statistic reports.
1149 BOOLEAN
PacketSetReadTimeout(LPADAPTER AdapterObject
,int timeout
)
1151 DWORD BytesReturned
;
1152 int DriverTimeOut
=-1;
1154 AdapterObject
->ReadTimeOut
=timeout
;
1156 return DeviceIoControl(AdapterObject
->hFile
,pBIOCSRTIMEOUT
,&DriverTimeOut
,4,NULL
,0,&BytesReturned
,NULL
);
1160 \brief Sets the size of the kernel-level buffer associated with a capture.
1161 \param AdapterObject Pointer to an _ADAPTER structure.
1162 \param dim New size of the buffer, in \b kilobytes.
1163 \return The function returns TRUE if successfully completed, FALSE if there is not enough memory to
1164 allocate the new buffer.
1166 When a new dimension is set, the data in the old buffer is discarded and the packets stored in it are
1169 Note: the dimension of the kernel buffer affects heavily the performances of the capture process.
1170 An adequate buffer in the driver is able to keep the packets while the application is busy, compensating
1171 the delays of the application and avoiding the loss of packets during bursts or high network activity.
1172 The buffer size is set to 0 when an instance of the driver is opened: the programmer should remember to
1173 set it to a proper value. As an example, wpcap sets the buffer size to 1MB at the beginning of a capture.
1175 BOOLEAN
PacketSetBuff(LPADAPTER AdapterObject
,int dim
)
1177 DWORD BytesReturned
;
1178 return DeviceIoControl(AdapterObject
->hFile
,pBIOCSETBUFFERSIZE
,&dim
,4,NULL
,0,&BytesReturned
,NULL
);
1182 \brief Sets a kernel-level packet filter.
1183 \param AdapterObject Pointer to an _ADAPTER structure.
1184 \param fp Pointer to a filtering program that will be associated with this capture or monitoring
1185 instance and that will be executed on every incoming packet.
1186 \return This function returns TRUE if the filter is set successfully, FALSE if an error occurs
1187 or if the filter program is not accepted after a safeness check by the driver. The driver performs
1188 the check in order to avoid system crashes due to buggy or malicious filters, and it rejects non
1191 This function associates a new BPF filter to the adapter AdapterObject. The filter, pointed by fp, is a
1192 set of bpf_insn instructions.
1194 A filter can be automatically created by using the pcap_compile() function of wpcap. This function
1195 converts a human readable text expression with the syntax of WinDump (see the manual of WinDump at
1196 http://netgroup.polito.it/windump for details) into a BPF program. If your program doesn't link wpcap, but
1197 you need to know the code of a particular filter, you can launch WinDump with the -d or -dd or -ddd
1198 flags to obtain the pseudocode.
1201 BOOLEAN
PacketSetBpf(LPADAPTER AdapterObject
,struct bpf_program
*fp
)
1203 DWORD BytesReturned
;
1204 return DeviceIoControl(AdapterObject
->hFile
,pBIOCSETF
,(char*)fp
->bf_insns
,fp
->bf_len
*sizeof(struct bpf_insn
),NULL
,0,&BytesReturned
,NULL
);
1208 \brief Returns a couple of statistic values about the current capture session.
1209 \param AdapterObject Pointer to an _ADAPTER structure.
1210 \param s Pointer to a user provided bpf_stat structure that will be filled by the function.
1211 \return If the function succeeds, the return value is nonzero.
1213 With this function, the programmer can know the value of two internal variables of the driver:
1215 - the number of packets that have been received by the adapter AdapterObject, starting at the
1216 time in which it was opened with PacketOpenAdapter.
1217 - the number of packets that have been dropped by the driver. A packet is dropped when the kernel
1218 buffer associated with the adapter is full.
1220 BOOLEAN
PacketGetStats(LPADAPTER AdapterObject
,struct bpf_stat
*s
)
1223 DWORD BytesReturned
;
1224 struct bpf_stat tmpstat
; // We use a support structure to avoid kernel-level inconsistencies with old or malicious applications
1226 Res
= DeviceIoControl(AdapterObject
->hFile
,
1231 sizeof(struct bpf_stat
),
1235 // Copy only the first two values retrieved from the driver
1236 s
->bs_recv
= tmpstat
.bs_recv
;
1237 s
->bs_drop
= tmpstat
.bs_drop
;
1243 \brief Returns statistic values about the current capture session. Enhanced version of PacketGetStats().
1244 \param AdapterObject Pointer to an _ADAPTER structure.
1245 \param s Pointer to a user provided bpf_stat structure that will be filled by the function.
1246 \return If the function succeeds, the return value is nonzero.
1248 With this function, the programmer can retireve the sname values provided by PacketGetStats(), plus:
1250 - the number of drops by interface (not yet supported, always 0).
1251 - the number of packets that reached the application, i.e that were accepted by the kernel filter and
1252 that fitted in the kernel buffer.
1254 BOOLEAN
PacketGetStatsEx(LPADAPTER AdapterObject
,struct bpf_stat
*s
)
1257 DWORD BytesReturned
;
1258 struct bpf_stat tmpstat
; // We use a support structure to avoid kernel-level inconsistencies with old or malicious applications
1260 Res
= DeviceIoControl(AdapterObject
->hFile
,
1265 sizeof(struct bpf_stat
),
1269 s
->bs_recv
= tmpstat
.bs_recv
;
1270 s
->bs_drop
= tmpstat
.bs_drop
;
1271 s
->ps_ifdrop
= tmpstat
.ps_ifdrop
;
1272 s
->bs_capt
= tmpstat
.bs_capt
;
1278 \brief Performs a query/set operation on an internal variable of the network card driver.
1279 \param AdapterObject Pointer to an _ADAPTER structure.
1280 \param Set Determines if the operation is a set (Set=TRUE) or a query (Set=FALSE).
1281 \param OidData A pointer to a _PACKET_OID_DATA structure that contains or receives the data.
1282 \return If the function succeeds, the return value is nonzero.
1284 \note not all the network adapters implement all the query/set functions. There is a set of mandatory
1285 OID functions that is granted to be present on all the adapters, and a set of facultative functions, not
1286 provided by all the cards (see the Microsoft DDKs to see which functions are mandatory). If you use a
1287 facultative function, be careful to enclose it in an if statement to check the result.
1289 BOOLEAN
PacketRequest(LPADAPTER AdapterObject
,BOOLEAN Set
,PPACKET_OID_DATA OidData
)
1291 //DWORD BytesReturned;
1293 /*commented out since its broken & needs fixing*/
1294 /*Result=DeviceIoControl(AdapterObject->hFile,(DWORD) Set ? pBIOCSETOID : pBIOCQUERYOID,
1295 OidData,sizeof(PACKET_OID_DATA)-1+OidData->Length,OidData,
1296 sizeof(PACKET_OID_DATA)-1+OidData->Length,&BytesReturned,NULL);*/
1298 // output some debug info
1299 ODSEx("PacketRequest, OID=%d ", OidData
->Oid
);
1300 ODSEx("Length=%d ", OidData
->Length
);
1301 ODSEx("Set=%d ", Set
);
1302 ODSEx("Res=%d\n", Result
);
1308 \brief Sets a hardware filter on the incoming packets.
1309 \param AdapterObject Pointer to an _ADAPTER structure.
1310 \param Filter The identifier of the filter.
1311 \return If the function succeeds, the return value is nonzero.
1313 The filter defined with this filter is evaluated by the network card, at a level that is under the NPF
1314 device driver. Here is a list of the most useful hardware filters (A complete list can be found in ntddndis.h):
1316 - NDIS_PACKET_TYPE_PROMISCUOUS: sets promiscuous mode. Every incoming packet is accepted by the adapter.
1317 - NDIS_PACKET_TYPE_DIRECTED: only packets directed to the workstation's adapter are accepted.
1318 - NDIS_PACKET_TYPE_BROADCAST: only broadcast packets are accepted.
1319 - NDIS_PACKET_TYPE_MULTICAST: only multicast packets belonging to groups of which this adapter is a member are accepted.
1320 - NDIS_PACKET_TYPE_ALL_MULTICAST: every multicast packet is accepted.
1321 - NDIS_PACKET_TYPE_ALL_LOCAL: all local packets, i.e. NDIS_PACKET_TYPE_DIRECTED + NDIS_PACKET_TYPE_BROADCAST + NDIS_PACKET_TYPE_MULTICAST
1323 BOOLEAN
PacketSetHwFilter(LPADAPTER AdapterObject
,ULONG Filter
)
1326 ULONG IoCtlBufferLength
=(sizeof(PACKET_OID_DATA
)+sizeof(ULONG
)-1);
1327 PPACKET_OID_DATA OidData
;
1329 OidData
=GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
,IoCtlBufferLength
);
1330 if (OidData
== NULL
) {
1331 ODS("PacketSetHwFilter: GlobalAlloc Failed\n");
1334 OidData
->Oid
=OID_GEN_CURRENT_PACKET_FILTER
;
1335 OidData
->Length
=sizeof(ULONG
);
1336 *((PULONG
)OidData
->Data
)=Filter
;
1337 Status
=PacketRequest(AdapterObject
,TRUE
,OidData
);
1338 GlobalFreePtr(OidData
);
1343 \brief Retrieve the list of available network adapters and their description.
1344 \param pStr User allocated string that will be filled with the names of the adapters.
1345 \param BufferSize Length of the buffer pointed by pStr.
1346 \return If the function succeeds, the return value is nonzero.
1348 Usually, this is the first function that should be used to communicate with the driver.
1349 It returns the names of the adapters installed on the system <B>and supported by WinPcap</B>.
1350 After the names of the adapters, pStr contains a string that describes each of them.
1353 the result of this function is obtained querying the registry, therefore the format
1354 of the result in Windows NTx is different from the one in Windows 9x. Windows 9x uses the ASCII
1355 encoding method to store a string, while Windows NTx uses UNICODE. After a call to PacketGetAdapterNames
1356 in Windows 95x, pStr contains, in succession:
1357 - a variable number of ASCII strings, each with the names of an adapter, separated by a "\0"
1359 - a number of ASCII strings, each with the description of an adapter, separated by a "\0". The number
1360 of descriptions is the same of the one of names. The fisrt description corresponds to the first name, and
1364 In Windows NTx, pStr contains: the names of the adapters, in UNICODE format, separated by a single UNICODE "\0" (i.e. 2 ASCII "\0"), a double UNICODE "\0", followed by the descriptions of the adapters, in ASCII format, separated by a single ASCII "\0" . The string is terminated by a double ASCII "\0".
1365 - a variable number of UNICODE strings, each with the names of an adapter, separated by a UNICODE "\0"
1366 - a double UNICODE "\0"
1367 - a number of ASCII strings, each with the description of an adapter, separated by an ASCII "\0".
1368 - a double ASCII "\0".
1371 BOOLEAN
PacketGetAdapterNames(PTSTR pStr
, PULONG BufferSize
)
1373 HKEY LinkageKey
, AdapKey
;
1374 DWORD RegKeySize
= 0;
1382 PPACKET_OID_DATA OidData
;
1383 int i
= 0, k
, rewind
;
1385 TCHAR AdapName
[256];
1387 ODSEx("PacketGetAdapterNames: BufferSize=%d\n",*BufferSize
);
1389 OidData
= GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
, 512);
1390 if (OidData
== NULL
) {
1391 ODS("PacketGetAdapterNames: GlobalAlloc Failed\n");
1395 Status
= RegOpenKeyEx(HKEY_LOCAL_MACHINE
,
1396 TEXT("SYSTEM\\ControlSet001\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"),
1397 0, KEY_READ
, &AdapKey
);
1399 // Get the size to allocate for the original device names
1400 while ((Result
= RegEnumKey(AdapKey
, i
, AdapName
, sizeof(AdapName
)/2)) == ERROR_SUCCESS
) {
1401 Status
= RegOpenKeyEx(AdapKey
, AdapName
,0, KEY_READ
, &LinkageKey
);
1402 Status
= RegOpenKeyExW(LinkageKey
, L
"Linkage",0, KEY_READ
, &LinkageKey
);
1403 Status
= RegQueryValueExW(LinkageKey
, L
"Export", NULL
, NULL
, NULL
, &dim
);
1405 if (Status
!=ERROR_SUCCESS
) continue;
1409 // Allocate the memory for the original device names
1410 ODSEx("Need %d bytes for the names\n", RegKeySize
+2);
1411 BpStr
= GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
, RegKeySize
+2);
1412 if (BpStr
== NULL
|| RegKeySize
> *BufferSize
) {
1413 ODS("PacketGetAdapterNames: GlobalAlloc Failed\n");
1414 GlobalFreePtr(OidData
);
1420 ODS("PacketGetAdapterNames: Cycling through the adapters:\n");
1422 // Copy the names to the buffer
1423 while ((Result
= RegEnumKey(AdapKey
, i
, AdapName
, sizeof(AdapName
)/2)) == ERROR_SUCCESS
) {
1424 WCHAR UpperBindStr
[64];
1429 Status
= RegOpenKeyEx(AdapKey
,AdapName
,0,KEY_READ
,&LinkageKey
);
1430 Status
= RegOpenKeyExW(LinkageKey
,L
"Linkage",0,KEY_READ
,&LinkageKey
);
1432 dim
=sizeof(UpperBindStr
);
1433 Status
=RegQueryValueExW(LinkageKey
,L
"UpperBind",NULL
,NULL
,(PUCHAR
)UpperBindStr
,&dim
);
1435 ODSEx("UpperBind=%S ", UpperBindStr
);
1437 if( Status
!=ERROR_SUCCESS
|| _wcsicmp(UpperBindStr
,L
"NdisWan")==0 ){
1438 ODS("Name = SKIPPED\n");
1443 Status
=RegQueryValueExW(LinkageKey
,L
"Export",NULL
,NULL
,(LPBYTE
)BpStr
+k
,&dim
);
1444 if(Status
!=ERROR_SUCCESS
){
1445 ODS("Name = SKIPPED (error reading the key)\n");
1449 ODSEx("Name = %S\n", (LPBYTE
)BpStr
+k
);
1454 CloseHandle(AdapKey
);
1456 #ifdef _DEBUG_TO_FILE
1457 //dump BpStr for debug purposes
1458 ODS("Dumping BpStr:");
1461 f
= fopen("winpcap_debug.txt", "a");
1463 if(!(i
%32))fprintf(f
, "\n ");
1464 fprintf(f
, "%c " , *((LPBYTE
)BpStr
+i
));
1474 DescBuf
=GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
, 4096);
1475 if (DescBuf
== NULL
) {
1476 GlobalFreePtr (BpStr
);
1477 GlobalFreePtr(OidData
);
1482 for(i
=0,k
=0;BpStr
[i
]!=0 || BpStr
[i
+1]!=0;){
1484 if(k
+wcslen(BpStr
+i
)+30 > *BufferSize
){
1485 // Input buffer too small
1486 GlobalFreePtr(OidData
);
1487 GlobalFreePtr (BpStr
);
1488 GlobalFreePtr (DescBuf
);
1489 ODS("PacketGetAdapterNames: Input buffer too small!\n");
1493 // Create the device name
1495 memcpy(pStr
+k
,BpStr
+i
,16);
1496 memcpy(pStr
+k
+8,TEXT("NPF_"),8);
1499 while(BpStr
[i
-1]!=0){
1500 pStr
[k
++]=BpStr
[i
++];
1504 adapter
=PacketOpenAdapter(pStr
+rewind
);
1510 // Retrieve the description
1511 OidData
->Oid
= OID_GEN_VENDOR_DESCRIPTION
;
1512 OidData
->Length
= 256;
1513 ZeroMemory(OidData
->Data
,256);
1514 Status
= PacketRequest(adapter
,FALSE
,OidData
);
1515 if(Status
==0 || ((char*)OidData
->Data
)[0]==0){
1520 ODSEx("Adapter Description=%s\n\n",OidData
->Data
);
1522 // Copy the description
1523 TTpStr
=(char*)(OidData
->Data
);
1529 // Close the adapter
1530 PacketCloseAdapter(adapter
);
1538 if ((ULONG
)(DpStr
- DescBuf
+ k
) < *BufferSize
) {
1539 memcpy(pStr
+ k
, DescBuf
, DpStr
- DescBuf
);
1541 GlobalFreePtr(OidData
);
1542 GlobalFreePtr(BpStr
);
1543 GlobalFreePtr(DescBuf
);
1544 ODS("\nPacketGetAdapterNames: ended with failure\n");
1548 GlobalFreePtr(OidData
);
1549 GlobalFreePtr(BpStr
);
1550 GlobalFreePtr(DescBuf
);
1551 ODS("\nPacketGetAdapterNames: ended correctly\n");
1557 ODS("Adapters not found under SYSTEM\\ControlSet001\\Control\\Class. Using the TCP/IP bindings.\n");
1559 GlobalFreePtr(BpStr
);
1560 Status
= RegOpenKeyEx(HKEY_LOCAL_MACHINE
,
1561 TEXT("SYSTEM\\ControlSet001\\Services\\Tcpip\\Linkage"),
1562 0, KEY_READ
, &LinkageKey
);
1563 if (Status
== ERROR_SUCCESS
) {
1564 // Retrieve the length of the key
1565 Status
= RegQueryValueEx(LinkageKey
, TEXT("bind"), NULL
, &RegType
, NULL
, &RegKeySize
);
1566 // Allocate the buffer
1567 BpStr
= GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
, RegKeySize
+ 2);
1568 if (BpStr
== NULL
|| RegKeySize
> *BufferSize
) {
1569 GlobalFreePtr(OidData
);
1572 Status
= RegQueryValueEx(LinkageKey
, TEXT("bind"), NULL
, &RegType
, (LPBYTE
)BpStr
, &RegKeySize
);
1573 RegCloseKey(LinkageKey
);
1575 //ODS("SYSTEM\\ControlSet001\\Control\\Class - RegKey not found.\n");
1576 ODS("SYSTEM\\ControlSet001\\Services\\Tcpip\\Linkage - RegKey not found.\n");
1578 if (Status
== ERROR_SUCCESS
) {
1579 DescBuf
= GlobalAllocPtr(GMEM_MOVEABLE
| GMEM_ZEROINIT
, 4096);
1580 if (DescBuf
== NULL
) {
1581 GlobalFreePtr(BpStr
);
1582 GlobalFreePtr(OidData
);
1586 for (i
= 0, k
= 0; BpStr
[i
] != 0 || BpStr
[i
+1] != 0; ) {
1587 if (k
+ wcslen(BpStr
+ i
) + 30 > *BufferSize
) {
1588 // Input buffer too small
1589 GlobalFreePtr(OidData
);
1590 GlobalFreePtr(BpStr
);
1591 GlobalFreePtr(DescBuf
);
1595 ODS("\tCreating a device name - started.\n");
1597 // Create the device name
1599 memcpy(pStr
+ k
,BpStr
+ i
,16);
1600 memcpy(pStr
+ k
+ 8, TEXT("NPF_"), 8);
1603 while (BpStr
[i
- 1] != 0) {
1604 pStr
[k
++] = BpStr
[i
++];
1607 adapter
= PacketOpenAdapter(pStr
+rewind
);
1608 if (adapter
== NULL
) {
1612 // Retrieve the description
1613 OidData
->Oid
= OID_GEN_VENDOR_DESCRIPTION
;
1614 OidData
->Length
= 256;
1615 Status
= PacketRequest(adapter
, FALSE
, OidData
);
1616 if (Status
== 0 || ((char*)OidData
->Data
)[0] == 0) {
1618 ODS("\tCreating a device name - Retrieve the description.\n");
1622 // Copy the description
1623 TTpStr
= (char*)(OidData
->Data
);
1624 while (*TTpStr
!= 0){
1625 *DpStr
++ = *TTpStr
++;
1627 *DpStr
++ = *TTpStr
++;
1628 // Close the adapter
1629 PacketCloseAdapter(adapter
);
1631 ODS("\tCreating a device name - completed.\n");
1638 if ((ULONG
)(DpStr
- DescBuf
+ k
) < *BufferSize
) {
1639 memcpy(pStr
+ k
, DescBuf
, DpStr
-DescBuf
);
1641 GlobalFreePtr(OidData
);
1642 GlobalFreePtr(BpStr
);
1643 GlobalFreePtr(DescBuf
);
1647 GlobalFreePtr(OidData
);
1648 GlobalFreePtr(BpStr
);
1649 GlobalFreePtr(DescBuf
);
1650 ODS("PacketGetAdapterNames() returning TRUE\n");
1653 MessageBox(NULL
,TEXT("Can not find TCP/IP bindings.\nIn order to run the packet capture driver you must install TCP/IP."),szWindowTitle
,MB_OK
);
1654 ODS("Cannot find the TCP/IP bindings\n");
1661 \brief Returns comprehensive information the addresses of an adapter.
1662 \param AdapterName String that contain _ADAPTER structure.
1663 \param buffer A user allocated array of npf_if_addr that will be filled by the function.
1664 \param NEntries Size of the array (in npf_if_addr).
1665 \return If the function succeeds, the return value is nonzero.
1667 This function grabs from the registry information like the IP addresses, the netmasks
1668 and the broadcast addresses of an interface. The buffer passed by the user is filled with
1669 npf_if_addr structures, each of which contains the data for a single address. If the buffer
1670 is full, the reaming addresses are dropeed, therefore set its dimension to sizeof(npf_if_addr)
1671 if you want only the first address.
1674 BOOLEAN
PacketGetNetInfoEx(LPTSTR AdapterName
, npf_if_addr
* buffer
, PLONG NEntries
)
1677 WCHAR
*AdapterNameU
;
1685 WCHAR String
[1024+1];
1689 struct sockaddr_in
*TmpAddr
, *TmpBroad
;
1690 LONG naddrs
,nmasks
,StringPos
;
1691 DWORD ZeroBroadcast
;
1693 AdapterNameA
= (char*)AdapterName
;
1694 if(AdapterNameA
[1] != 0) { //ASCII
1695 AdapterNameU
= SChar2WChar(AdapterNameA
);
1696 AdapterName
= AdapterNameU
;
1698 AdapterNameU
= NULL
;
1700 ifname
= wcsrchr(AdapterName
, '\\');
1702 ifname
= AdapterName
;
1705 if (wcsncmp(ifname
, L
"NPF_", 4) == 0)
1708 if( RegOpenKeyEx(HKEY_LOCAL_MACHINE
,
1709 TEXT("SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces"),
1710 0, KEY_READ
, &UnderTcpKey
) == ERROR_SUCCESS
)
1712 status
= RegOpenKeyExW(UnderTcpKey
,ifname
,0,KEY_READ
,&TcpIpKey
);
1713 if (status
!= ERROR_SUCCESS
) {
1714 RegCloseKey(UnderTcpKey
);
1721 // Query the registry key with the interface's adresses
1722 status
= RegOpenKeyEx(HKEY_LOCAL_MACHINE
,
1723 TEXT("SYSTEM\\ControlSet001\\Services"),
1724 0,KEY_READ
,&SystemKey
);
1725 if (status
!= ERROR_SUCCESS
)
1727 status
= RegOpenKeyExW(SystemKey
,ifname
,0,KEY_READ
,&InterfaceKey
);
1728 if (status
!= ERROR_SUCCESS
) {
1729 RegCloseKey(SystemKey
);
1732 RegCloseKey(SystemKey
);
1733 status
= RegOpenKeyEx(InterfaceKey
,TEXT("Parameters"),0,KEY_READ
,&ParametersKey
);
1734 if (status
!= ERROR_SUCCESS
) {
1735 RegCloseKey(InterfaceKey
);
1738 RegCloseKey(InterfaceKey
);
1739 status
= RegOpenKeyEx(ParametersKey
,TEXT("TcpIp"),0,KEY_READ
,&TcpIpKey
);
1740 if (status
!= ERROR_SUCCESS
) {
1741 RegCloseKey(ParametersKey
);
1744 RegCloseKey(ParametersKey
);
1745 BufLen
= sizeof String
;
1749 /* Try to detect if the interface has a zero broadcast addr */
1750 status
=RegQueryValueEx(TcpIpKey
,TEXT("UseZeroBroadcast"),NULL
,&RegType
,(LPBYTE
)&ZeroBroadcast
,&BufLen
);
1751 if (status
!= ERROR_SUCCESS
)
1755 /* See if DHCP is used by this system */
1756 status
=RegQueryValueEx(TcpIpKey
,TEXT("EnableDHCP"),NULL
,&RegType
,(LPBYTE
)&DHCPEnabled
,&BufLen
);
1757 if (status
!= ERROR_SUCCESS
)
1761 /* Retrieve the adrresses */
1764 BufLen
= sizeof String
;
1765 // Open the key with the addresses
1766 status
= RegQueryValueEx(TcpIpKey
,TEXT("DhcpIPAddress"),NULL
,&RegType
,(LPBYTE
)String
,&BufLen
);
1767 if (status
!= ERROR_SUCCESS
) {
1768 RegCloseKey(TcpIpKey
);
1772 // scan the key to obtain the addresses
1774 for(naddrs
= 0;naddrs
<* NEntries
;naddrs
++){
1775 TmpAddr
= (struct sockaddr_in
*) &(buffer
[naddrs
].IPAddress
);
1777 if((TmpAddr
->sin_addr
.S_un
.S_addr
= inet_addrU(String
+ StringPos
))!= -1){
1778 TmpAddr
->sin_family
= AF_INET
;
1780 TmpBroad
= (struct sockaddr_in
*) &(buffer
[naddrs
].Broadcast
);
1781 TmpBroad
->sin_family
= AF_INET
;
1782 if(ZeroBroadcast
==0)
1783 TmpBroad
->sin_addr
.S_un
.S_addr
= 0xffffffff; // 255.255.255.255
1785 TmpBroad
->sin_addr
.S_un
.S_addr
= 0; // 0.0.0.0
1787 while(*(String
+ StringPos
) != 0)StringPos
++;
1790 if(*(String
+ StringPos
) == 0 || (StringPos
* sizeof (WCHAR
)) >= BufLen
)
1796 BufLen
= sizeof String
;
1797 // Open the key with the netmasks
1798 status
= RegQueryValueEx(TcpIpKey
,TEXT("DhcpSubnetMask"),NULL
,&RegType
,(LPBYTE
)String
,&BufLen
);
1799 if (status
!= ERROR_SUCCESS
) {
1800 RegCloseKey(TcpIpKey
);
1804 // scan the key to obtain the masks
1806 for(nmasks
= 0;nmasks
< *NEntries
;nmasks
++){
1807 TmpAddr
= (struct sockaddr_in
*) &(buffer
[nmasks
].SubnetMask
);
1809 if((TmpAddr
->sin_addr
.S_un
.S_addr
= inet_addrU(String
+ StringPos
))!= -1){
1810 TmpAddr
->sin_family
= AF_INET
;
1812 while(*(String
+ StringPos
) != 0)StringPos
++;
1815 if(*(String
+ StringPos
) == 0 || (StringPos
* sizeof (WCHAR
)) >= BufLen
)
1821 // The number of masks MUST be equal to the number of adresses
1822 if(nmasks
!= naddrs
){
1823 RegCloseKey(TcpIpKey
);
1830 BufLen
= sizeof String
;
1831 // Open the key with the addresses
1832 status
= RegQueryValueEx(TcpIpKey
,TEXT("IPAddress"),NULL
,&RegType
,(LPBYTE
)String
,&BufLen
);
1833 if (status
!= ERROR_SUCCESS
) {
1834 RegCloseKey(TcpIpKey
);
1838 // scan the key to obtain the addresses
1840 for(naddrs
= 0;naddrs
< *NEntries
;naddrs
++){
1841 TmpAddr
= (struct sockaddr_in
*) &(buffer
[naddrs
].IPAddress
);
1843 if((TmpAddr
->sin_addr
.S_un
.S_addr
= inet_addrU(String
+ StringPos
))!= -1){
1844 TmpAddr
->sin_family
= AF_INET
;
1846 TmpBroad
= (struct sockaddr_in
*) &(buffer
[naddrs
].Broadcast
);
1847 TmpBroad
->sin_family
= AF_INET
;
1848 if(ZeroBroadcast
==0)
1849 TmpBroad
->sin_addr
.S_un
.S_addr
= 0xffffffff; // 255.255.255.255
1851 TmpBroad
->sin_addr
.S_un
.S_addr
= 0; // 0.0.0.0
1853 while(*(String
+ StringPos
) != 0)StringPos
++;
1856 if(*(String
+ StringPos
) == 0 || (StringPos
* sizeof (WCHAR
)) >= BufLen
)
1862 BufLen
= sizeof String
;
1863 // Open the key with the netmasks
1864 status
= RegQueryValueEx(TcpIpKey
,TEXT("SubnetMask"),NULL
,&RegType
,(LPBYTE
)String
,&BufLen
);
1865 if (status
!= ERROR_SUCCESS
) {
1866 RegCloseKey(TcpIpKey
);
1870 // scan the key to obtain the masks
1872 for(nmasks
= 0;nmasks
<* NEntries
;nmasks
++){
1873 TmpAddr
= (struct sockaddr_in
*) &(buffer
[nmasks
].SubnetMask
);
1875 if((TmpAddr
->sin_addr
.S_un
.S_addr
= inet_addrU(String
+ StringPos
))!= -1){
1876 TmpAddr
->sin_family
= AF_INET
;
1878 while(*(String
+ StringPos
) != 0)StringPos
++;
1881 if(*(String
+ StringPos
) == 0 || (StringPos
* sizeof (WCHAR
)) >= BufLen
)
1887 // The number of masks MUST be equal to the number of adresses
1888 if(nmasks
!= naddrs
){
1889 RegCloseKey(TcpIpKey
);
1895 *NEntries
= naddrs
+ 1;
1897 RegCloseKey(TcpIpKey
);
1899 if (status
!= ERROR_SUCCESS
) {
1904 if (AdapterNameU
!= NULL
)
1909 if (AdapterNameU
!= NULL
)
1915 \brief Returns the IP address and the netmask of an adapter.
1916 \param AdapterName String that contain _ADAPTER structure.
1917 \param netp Pointer to a variable that will receive the IP address of the adapter.
1918 \param maskp Pointer to a variable that will receive the netmask of the adapter.
1919 \return If the function succeeds, the return value is nonzero.
1921 \note this function is obsolete and is maintained for backward compatibility. Use PacketGetNetInfoEx() instead.
1924 BOOLEAN
PacketGetNetInfo(LPTSTR AdapterName
, PULONG netp
, PULONG maskp
)
1927 WCHAR
*AdapterNameU
;
1934 WCHAR String
[1024+1];
1940 AdapterNameA
= (char*)AdapterName
;
1941 if(AdapterNameA
[1] != 0) { //ASCII
1942 AdapterNameU
= SChar2WChar(AdapterNameA
);
1943 AdapterName
= AdapterNameU
;
1945 AdapterNameU
= NULL
;
1947 ifname
= wcsrchr(AdapterName
, '\\');
1949 ifname
= AdapterName
;
1952 if (wcsncmp(ifname
, L
"NPF_", 4) == 0)
1954 status
= RegOpenKeyEx(HKEY_LOCAL_MACHINE
,
1955 TEXT("SYSTEM\\ControlSet001\\Services"),
1956 0,KEY_READ
,&SystemKey
);
1957 if (status
!= ERROR_SUCCESS
)
1959 status
= RegOpenKeyExW(SystemKey
,ifname
,0,KEY_READ
,&InterfaceKey
);
1960 if (status
!= ERROR_SUCCESS
) {
1961 RegCloseKey(SystemKey
);
1964 RegCloseKey(SystemKey
);
1965 status
= RegOpenKeyEx(InterfaceKey
,TEXT("Parameters"),0,KEY_READ
,&ParametersKey
);
1966 if (status
!= ERROR_SUCCESS
) {
1967 RegCloseKey(InterfaceKey
);
1970 RegCloseKey(InterfaceKey
);
1971 status
= RegOpenKeyEx(ParametersKey
,TEXT("TcpIp"),0,KEY_READ
,&TcpIpKey
);
1972 if (status
!= ERROR_SUCCESS
) {
1973 RegCloseKey(ParametersKey
);
1976 RegCloseKey(ParametersKey
);
1979 /* See if DHCP is used by this system */
1980 status
=RegQueryValueEx(TcpIpKey
,TEXT("EnableDHCP"),NULL
,&RegType
,(LPBYTE
)&DHCPEnabled
,&BufLen
);
1981 if (status
!= ERROR_SUCCESS
)
1985 /* Retrieve the netmask */
1988 BufLen
= sizeof String
;
1989 status
= RegQueryValueEx(TcpIpKey
,TEXT("DhcpIPAddress"),NULL
,&RegType
,(LPBYTE
)String
,&BufLen
);
1990 if (status
!= ERROR_SUCCESS
) {
1991 RegCloseKey(TcpIpKey
);
1995 TAddr
= inet_addrU(String
);
1996 // swap bytes for backward compatibility
1998 *((char*)netp
+i
) = *((char*)&TAddr
+3-i
);
2001 BufLen
= sizeof String
;
2002 status
=RegQueryValueEx(TcpIpKey
,TEXT("DHCPSubnetMask"),NULL
,&RegType
,
2003 (LPBYTE
)String
,&BufLen
);
2005 TAddr
= inet_addrU(String
);
2006 // swap bytes for backward compatibility
2008 *((char*)maskp
+i
) = *((char*)&TAddr
+3-i
);
2015 BufLen
= sizeof String
;
2016 status
= RegQueryValueEx(TcpIpKey
,TEXT("IPAddress"),NULL
,&RegType
,(LPBYTE
)String
,&BufLen
);
2017 if (status
!= ERROR_SUCCESS
) {
2018 RegCloseKey(TcpIpKey
);
2022 TAddr
= inet_addrU(String
);
2023 // swap bytes for backward compatibility
2025 *((char*)netp
+i
) = *((char*)&TAddr
+3-i
);
2028 BufLen
= sizeof String
;
2029 status
=RegQueryValueEx(TcpIpKey
,TEXT("SubnetMask"),NULL
,&RegType
,
2030 (LPBYTE
)String
,&BufLen
);
2032 TAddr
= inet_addrU(String
);
2033 // swap bytes for backward compatibility
2035 *((char*)maskp
+i
) = *((char*)&TAddr
+3-i
);
2041 if (status
!= ERROR_SUCCESS
) {
2042 RegCloseKey(TcpIpKey
);
2047 if (AdapterNameU
!= NULL
)
2052 if (AdapterNameU
!= NULL
)