模拟服务器

开发平台：

C/C++

netmon.h：源码内容

#pragma warning( disable: 4049 ) /* more than 64k source lines */
/* this ALWAYS GENERATED file contains the definitions for the interfaces */
/* File created by MIDL compiler version 6.00.0347 */
/* Compiler settings for netmon.idl:
Oicf, W1, Zp8, env=Win32 (32b run)
protocol : dce , ms_ext, c_ext, robust
error checks: allocation ref bounds_check enum stub_data
VC __declspec() decoration level:
__declspec(uuid()), __declspec(selectany), __declspec(novtable)
DECLSPEC_UUID(), MIDL_INTERFACE()
*/
//@@MIDL_FILE_HEADING( )
/* verify that the <rpcndr.h> version is high enough to compile this file*/
#ifndef __REQUIRED_RPCNDR_H_VERSION__
#define __REQUIRED_RPCNDR_H_VERSION__ 475
#endif
#include "rpc.h"
#include "rpcndr.h"
#ifndef __RPCNDR_H_VERSION__
#error this stub requires an updated version of <rpcndr.h>
#endif // __RPCNDR_H_VERSION__
#ifndef COM_NO_WINDOWS_H
#include "windows.h"
#include "ole2.h"
#endif /*COM_NO_WINDOWS_H*/
#ifndef __netmon_h__
#define __netmon_h__
#if defined(_MSC_VER) && (_MSC_VER >= 1020)
#pragma once
#endif
/* Forward Declarations */
#ifndef __IDelaydC_FWD_DEFINED__
#define __IDelaydC_FWD_DEFINED__
typedef interface IDelaydC IDelaydC;
#endif /* __IDelaydC_FWD_DEFINED__ */
#ifndef __IESP_FWD_DEFINED__
#define __IESP_FWD_DEFINED__
typedef interface IESP IESP;
#endif /* __IESP_FWD_DEFINED__ */
#ifndef __IRTC_FWD_DEFINED__
#define __IRTC_FWD_DEFINED__
typedef interface IRTC IRTC;
#endif /* __IRTC_FWD_DEFINED__ */
#ifndef __IStats_FWD_DEFINED__
#define __IStats_FWD_DEFINED__
typedef interface IStats IStats;
#endif /* __IStats_FWD_DEFINED__ */
/* header files for imported files */
#include "unknwn.h"
#ifdef __cplusplus
extern "C"{
#endif
void * __RPC_USER MIDL_user_allocate(size_t);
void __RPC_USER MIDL_user_free( void * );
/* interface __MIDL_itf_netmon_0000 */
/* [local] */
//=============================================================================
// Microsoft (R) Network Monitor (tm).
//
// MODULE: netmon.h
//
// This is the consolidated include file for all Network Monitor components.
//
// It contains the contents of these files from previous SDKs:
//
// NPPTypes.h
// NMEvent.h (previously Event.h)
// NMmcs.h (previously mcs.h)
// NMmonitor.h (previously monitor.h)
// Finder.h
// NMSupp.h
// BHTypes.h
// NMErr.h
// BHFilter.h
// Frame.h
// Parser.h
// IniLib.h
// NMExpert.h (previously Expert.h)
// Netmon.h (previously bh.h)
// NMBlob.h (previously blob.h)
// NMRegHelp.h (previously reghelp.h)
// NMIpStructs.h (previously IpStructs.h)
// NMIcmpStructs.h (previously IcmpStructs.h)
// NMIpxStructs.h (previously IpxStructs.h)
// NMTcpStructs.h (previously TcpStructs.h)
//
// IDelaydC.idl
// IESP.idl
// IRTC.idl
// IStats.idl
//
//=============================================================================
#include <winerror.h>
#pragma pack(1)
// For backward compatability with old SDK versions, all structures within this header
// file will be byte packed on x86 platforms. All other platforms will only have those
// structures that will be used to decode network data packed.
#ifdef _X86_
#pragma pack(1)
#else
#pragma pack()
#endif
// yes we know that many of our structures have:
// warning C4200: nonstandard extension used : zero-sized array in struct/union
// this is OK and intended
#pragma warning(disable:4200)
//=============================================================================
//=============================================================================
// (NPPTypes.h)
//=============================================================================
//=============================================================================
typedef BYTE *LPBYTE;
typedef const void *HBLOB;
//=============================================================================
// General constants.
//=============================================================================
#define MAC_TYPE_UNKNOWN ( 0 )
#define MAC_TYPE_ETHERNET ( 1 )
#define MAC_TYPE_TOKENRING ( 2 )
#define MAC_TYPE_FDDI ( 3 )
#define MAC_TYPE_ATM ( 4 )
#define MAC_TYPE_1394 ( 5 )
#define MACHINE_NAME_LENGTH ( 16 )
#define USER_NAME_LENGTH ( 32 )
#define ADAPTER_COMMENT_LENGTH ( 32 )
#define CONNECTION_FLAGS_WANT_CONVERSATION_STATS ( 0x1 )
//=============================================================================
// Transmit statistics structure.
//=============================================================================
typedef struct _TRANSMITSTATS
{
DWORD TotalFramesSent;
DWORD TotalBytesSent;
DWORD TotalTransmitErrors;
} TRANSMITSTATS;
typedef TRANSMITSTATS *LPTRANSMITSTATS;
#define TRANSMITSTATS_SIZE ( sizeof( TRANSMITSTATS ) )
//=============================================================================
// Statistics structure.
//=============================================================================
typedef struct _STATISTICS
{
__int64 TimeElapsed;
DWORD TotalFramesCaptured;
DWORD TotalBytesCaptured;
DWORD TotalFramesFiltered;
DWORD TotalBytesFiltered;
DWORD TotalMulticastsFiltered;
DWORD TotalBroadcastsFiltered;
DWORD TotalFramesSeen;
DWORD TotalBytesSeen;
DWORD TotalMulticastsReceived;
DWORD TotalBroadcastsReceived;
DWORD TotalFramesDropped;
DWORD TotalFramesDroppedFromBuffer;
DWORD MacFramesReceived;
DWORD MacCRCErrors;
__int64 MacBytesReceivedEx;
DWORD MacFramesDropped_NoBuffers;
DWORD MacMulticastsReceived;
DWORD MacBroadcastsReceived;
DWORD MacFramesDropped_HwError;
} STATISTICS;
typedef STATISTICS *LPSTATISTICS;
#define STATISTICS_SIZE ( sizeof( STATISTICS ) )
//=============================================================================
// Address structures
//=============================================================================
// These structures are used to decode network data and so need to be packed
#pragma pack(push, 1)
#define MAX_NAME_SIZE ( 32 )
#define IP_ADDRESS_SIZE ( 4 )
#define MAC_ADDRESS_SIZE ( 6 )
// Q: What is the maximum address size that we could have to copy?
// A: IPX == DWORD + 6 bytes == 10
#define MAX_ADDRESS_SIZE ( 10 )
#define ADDRESS_TYPE_ETHERNET ( 0 )
#define ADDRESS_TYPE_IP ( 1 )
#define ADDRESS_TYPE_IPX ( 2 )
#define ADDRESS_TYPE_TOKENRING ( 3 )
#define ADDRESS_TYPE_FDDI ( 4 )
#define ADDRESS_TYPE_XNS ( 5 )
#define ADDRESS_TYPE_ANY ( 6 )
#define ADDRESS_TYPE_ANY_GROUP ( 7 )
#define ADDRESS_TYPE_FIND_HIGHEST ( 8 )
#define ADDRESS_TYPE_VINES_IP ( 9 )
#define ADDRESS_TYPE_LOCAL_ONLY ( 10 )
#define ADDRESS_TYPE_ATM ( 11 )
#define ADDRESS_TYPE_1394 ( 12 )
#define ADDRESSTYPE_FLAGS_NORMALIZE ( 0x1 )
#define ADDRESSTYPE_FLAGS_BIT_REVERSE ( 0x2 )
// Vines IP Address Structure
typedef struct _VINES_IP_ADDRESS
{
DWORD NetID;
WORD SubnetID;
} VINES_IP_ADDRESS;
typedef VINES_IP_ADDRESS *LPVINES_IP_ADDRESS;
#define VINES_IP_ADDRESS_SIZE ( sizeof( VINES_IP_ADDRESS ) )
// IPX Address Structure
typedef struct _IPX_ADDR
{
BYTE Subnet[ 4 ];
BYTE Address[ 6 ];
} IPX_ADDR;
typedef IPX_ADDR *LPIPX_ADDR;
#define IPX_ADDR_SIZE ( sizeof( IPX_ADDR ) )
// XNS Address Structure
typedef IPX_ADDR XNS_ADDRESS;
typedef IPX_ADDR *LPXNS_ADDRESS;
// ETHERNET SOURCE ADDRESS
typedef struct _ETHERNET_SRC_ADDRESS
{
BYTE RoutingBit: 1;
BYTE LocalBit: 1;
BYTE Byte0: 6;
BYTE Reserved[5];
} ETHERNET_SRC_ADDRESS;
typedef ETHERNET_SRC_ADDRESS *LPETHERNET_SRC_ADDRESS;
// ETHERNET DESTINATION ADDRESS
typedef struct _ETHERNET_DST_ADDRESS
{
BYTE GroupBit: 1;
BYTE AdminBit: 1;
BYTE Byte0: 6;
BYTE Reserved[5];
} ETHERNET_DST_ADDRESS;
typedef ETHERNET_DST_ADDRESS *LPETHERNET_DST_ADDRESS;
// FDDI addresses
typedef ETHERNET_SRC_ADDRESS FDDI_SRC_ADDRESS;
typedef ETHERNET_DST_ADDRESS FDDI_DST_ADDRESS;
typedef FDDI_SRC_ADDRESS *LPFDDI_SRC_ADDRESS;
typedef FDDI_DST_ADDRESS *LPFDDI_DST_ADDRESS;
// TOKENRING Source Address
typedef struct _TOKENRING_SRC_ADDRESS
{
BYTE Byte0: 6;
BYTE LocalBit: 1;
BYTE RoutingBit: 1;
BYTE Byte1;
BYTE Byte2: 7;
BYTE Functional: 1;
BYTE Reserved[3];
} TOKENRING_SRC_ADDRESS;
typedef TOKENRING_SRC_ADDRESS *LPTOKENRING_SRC_ADDRESS;
// TOKENRING Destination Address
typedef struct _TOKENRING_DST_ADDRESS
{
BYTE Byte0: 6;
BYTE AdminBit: 1;
BYTE GroupBit: 1;
BYTE Reserved[5];
} TOKENRING_DST_ADDRESS;
typedef TOKENRING_DST_ADDRESS *LPTOKENRING_DST_ADDRESS;
// Address Structure
typedef struct _ADDRESS
{
DWORD Type;
union
{
// ADDRESS_TYPE_ETHERNET
// ADDRESS_TYPE_TOKENRING
// ADDRESS_TYPE_FDDI
BYTE MACAddress[MAC_ADDRESS_SIZE];
// IP
BYTE IPAddress[IP_ADDRESS_SIZE];
// raw IPX
BYTE IPXRawAddress[IPX_ADDR_SIZE];
// real IPX
IPX_ADDR IPXAddress;
// raw Vines IP
BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];
// real Vines IP
VINES_IP_ADDRESS VinesIPAddress;
// ethernet with bits defined
ETHERNET_SRC_ADDRESS EthernetSrcAddress;
// ethernet with bits defined
ETHERNET_DST_ADDRESS EthernetDstAddress;
// tokenring with bits defined
TOKENRING_SRC_ADDRESS TokenringSrcAddress;
// tokenring with bits defined
TOKENRING_DST_ADDRESS TokenringDstAddress;
// fddi with bits defined
FDDI_SRC_ADDRESS FddiSrcAddress;
// fddi with bits defined
FDDI_DST_ADDRESS FddiDstAddress;
};
WORD Flags;
} ADDRESS;
typedef ADDRESS *LPADDRESS;
#define ADDRESS_SIZE sizeof(ADDRESS)
#pragma pack(pop)
//=============================================================================
// Address Pair Structure
//=============================================================================
#define ADDRESS_FLAGS_MATCH_DST ( 0x1 )
#define ADDRESS_FLAGS_MATCH_SRC ( 0x2 )
#define ADDRESS_FLAGS_EXCLUDE ( 0x4 )
#define ADDRESS_FLAGS_DST_GROUP_ADDR ( 0x8 )
#define ADDRESS_FLAGS_MATCH_BOTH ( 0x3 )
typedef struct _ADDRESSPAIR
{
WORD AddressFlags;
WORD NalReserved;
ADDRESS DstAddress;
ADDRESS SrcAddress;
} ADDRESSPAIR;
typedef ADDRESSPAIR *LPADDRESSPAIR;
#define ADDRESSPAIR_SIZE sizeof(ADDRESSPAIR)
//=============================================================================
// Address table.
//=============================================================================
#define MAX_ADDRESS_PAIRS ( 8 )
typedef struct _ADDRESSTABLE
{
DWORD nAddressPairs;
DWORD nNonMacAddressPairs;
ADDRESSPAIR AddressPair[MAX_ADDRESS_PAIRS];
} ADDRESSTABLE;
typedef ADDRESSTABLE *LPADDRESSTABLE;
#define ADDRESSTABLE_SIZE sizeof(ADDRESSTABLE)
//=============================================================================
// Network information.
//=============================================================================
#define NETWORKINFO_FLAGS_PMODE_NOT_SUPPORTED ( 0x1 )
#define NETWORKINFO_FLAGS_REMOTE_NAL ( 0x4 )
#define NETWORKINFO_FLAGS_REMOTE_NAL_CONNECTED ( 0x8 )
#define NETWORKINFO_FLAGS_REMOTE_CARD ( 0x10 )
#define NETWORKINFO_FLAGS_RAS ( 0x20 )
typedef struct _NETWORKINFO
{
BYTE PermanentAddr[6]; //... Permanent MAC address
BYTE CurrentAddr[6]; //... Current MAC address
ADDRESS OtherAddress; //... Other address supported (IP, IPX, etc...)
DWORD LinkSpeed; //... Link speed in Mbits.
DWORD MacType; //... Media type.
DWORD MaxFrameSize; //... Max frame size allowed.
DWORD Flags; //... Informational flags.
DWORD TimestampScaleFactor; //... 1 = 1/1 ms, 10 = 1/10 ms, 100 = 1/100 ms, etc.
BYTE NodeName[32]; //... Name of remote workstation.
BOOL PModeSupported; //... Card claims to support P-Mode
BYTE Comment[ADAPTER_COMMENT_LENGTH]; // Adapter comment field.
} NETWORKINFO;
typedef NETWORKINFO *LPNETWORKINFO;
#define NETWORKINFO_SIZE sizeof(NETWORKINFO)
#define MINIMUM_FRAME_SIZE ( 32 )
//=============================================================================
// Pattern structure.
//=============================================================================
#define MAX_PATTERN_LENGTH ( 16 )
// When set this flag will cause those frames which do NOT have the specified pattern
// in the proper stop to be kept.
#define PATTERN_MATCH_FLAGS_NOT ( 0x1 )
#define PATTERN_MATCH_FLAGS_RESERVED_1 ( 0x2 )
// When set this flag indicates that the user is not interested in a pattern match within
// IP or IPX, but in the protocol that follows. The driver will ensure that the protocol
// given in OffsetBasis is there and then that the port in the fram matches the port given.
// It will then calculate the offset from the beginning of the protocol that follows IP or IPX.
// NOTE: This flag is ignored if it is used with any OffsetBasis other than
// OFFSET_BASIS_RELATIVE_TO_IPX or OFFSET_BASIS_RELATIVE_TO_IP
#define PATTERN_MATCH_FLAGS_PORT_SPECIFIED ( 0x8 )
// The offset given is relative to the beginning of the frame. The
// PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.
#define OFFSET_BASIS_RELATIVE_TO_FRAME ( 0 )
// The offset given is relative to the beginning of the Effective Protocol.
// The Effective Protocol is defined as the protocol that follows
// the last protocol that determines Etype/SAP. In normal terms this means
// that the Effective Protocol will be IP, IPX, XNS, or any of their ilk.
// The PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.
#define OFFSET_BASIS_RELATIVE_TO_EFFECTIVE_PROTOCOL ( 1 )
// The offset given is relative to the beginning of IPX. If IPX is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IPX.
#define OFFSET_BASIS_RELATIVE_TO_IPX ( 2 )
// The offset given is relative to the beginning of IP. If IP is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IP.
#define OFFSET_BASIS_RELATIVE_TO_IP ( 3 )
typedef /* [public][public][public][public][public][public][public][public][public] */ union __MIDL___MIDL_itf_netmon_0000_0001
{
BYTE IPPort;
WORD ByteSwappedIPXPort;
} GENERIC_PORT;
typedef struct _PATTERNMATCH
{
DWORD Flags;
BYTE OffsetBasis;
GENERIC_PORT Port;
WORD Offset;
WORD Length;
BYTE PatternToMatch[ 16 ];
} PATTERNMATCH;
typedef PATTERNMATCH *LPPATTERNMATCH;
#define PATTERNMATCH_SIZE ( sizeof( PATTERNMATCH ) )
//=============================================================================
// Expression structure.
//=============================================================================
#define MAX_PATTERNS ( 4 )
typedef struct _ANDEXP
{
DWORD nPatternMatches;
PATTERNMATCH PatternMatch[ 4 ];
} ANDEXP;
typedef ANDEXP *LPANDEXP;
#define ANDEXP_SIZE ( sizeof( ANDEXP ) )
typedef struct _EXPRESSION
{
DWORD nAndExps;
ANDEXP AndExp[ 4 ];
} EXPRESSION;
typedef EXPRESSION *LPEXPRESSION;
#define EXPRESSION_SIZE ( sizeof( EXPRESSION ) )
//=============================================================================
// Trigger.
//=============================================================================
#define TRIGGER_TYPE_PATTERN_MATCH ( 1 )
#define TRIGGER_TYPE_BUFFER_CONTENT ( 2 )
#define TRIGGER_TYPE_PATTERN_MATCH_THEN_BUFFER_CONTENT ( 3 )
#define TRIGGER_TYPE_BUFFER_CONTENT_THEN_PATTERN_MATCH ( 4 )
#define TRIGGER_FLAGS_FRAME_RELATIVE ( 0 )
#define TRIGGER_FLAGS_DATA_RELATIVE ( 0x1 )
#define TRIGGER_ACTION_NOTIFY ( 0 )
#define TRIGGER_ACTION_STOP ( 0x2 )
#define TRIGGER_ACTION_PAUSE ( 0x3 )
#define TRIGGER_BUFFER_FULL_25_PERCENT ( 0 )
#define TRIGGER_BUFFER_FULL_50_PERCENT ( 1 )
#define TRIGGER_BUFFER_FULL_75_PERCENT ( 2 )
#define TRIGGER_BUFFER_FULL_100_PERCENT ( 3 )
typedef struct _TRIGGER
{
BOOL TriggerActive;
BYTE TriggerType;
BYTE TriggerAction;
DWORD TriggerFlags;
PATTERNMATCH TriggerPatternMatch;
DWORD TriggerBufferSize;
DWORD TriggerReserved;
char TriggerCommandLine[ 260 ];
} TRIGGER;
typedef TRIGGER *LPTRIGGER;
#define TRIGGER_SIZE ( sizeof( TRIGGER ) )
//=============================================================================
// Capture filter.
//=============================================================================
// Capture filter flags. By default all frames are rejected and
// Network Monitor enables them based on the CAPTUREFILTER flags
// defined below.
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS ( 0x1 )
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES ( 0x2 )
#define CAPTUREFILTER_FLAGS_TRIGGER ( 0x4 )
#define CAPTUREFILTER_FLAGS_LOCAL_ONLY ( 0x8 )
// throw away our internal comment frames
#define CAPTUREFILTER_FLAGS_DISCARD_COMMENTS ( 0x10 )
// Keep SMT and Token Ring MAC frames
#define CAPTUREFILTER_FLAGS_KEEP_RAW ( 0x20 )
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL ( 0x3 )
#define BUFFER_FULL_25_PERCENT ( 0 )
#define BUFFER_FULL_50_PERCENT ( 1 )
#define BUFFER_FULL_75_PERCENT ( 2 )
#define BUFFER_FULL_100_PERCENT ( 3 )
typedef struct _CAPTUREFILTER
{
DWORD FilterFlags;
LPBYTE lpSapTable;
LPWORD lpEtypeTable;
WORD nSaps;
WORD nEtypes;
LPADDRESSTABLE AddressTable;
EXPRESSION FilterExpression;
TRIGGER Trigger;
DWORD nFrameBytesToCopy;
DWORD Reserved;
} CAPTUREFILTER;
typedef CAPTUREFILTER *LPCAPTUREFILTER;
#define CAPTUREFILTER_SIZE sizeof(CAPTUREFILTER)
//=============================================================================
// Frame type.
//=============================================================================
// TimeStamp is in 1/1,000,000th seconds.
typedef struct _FRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
/* [size_is] */ BYTE MacFrame[ 1 ];
} FRAME;
typedef FRAME *LPFRAME;
typedef FRAME UNALIGNED *ULPFRAME;
#define FRAME_SIZE ( sizeof( FRAME ) )
//=============================================================================
// Frame descriptor type.
//=============================================================================
#define LOW_PROTOCOL_IPX ( OFFSET_BASIS_RELATIVE_TO_IPX )
#define LOW_PROTOCOL_IP ( OFFSET_BASIS_RELATIVE_TO_IP )
#define LOW_PROTOCOL_UNKNOWN ( ( BYTE )-1 )
typedef struct _FRAME_DESCRIPTOR
{
/* [size_is] */ LPBYTE FramePointer;
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
WORD Etype;
BYTE Sap;
BYTE LowProtocol;
WORD LowProtocolOffset;
/* [switch_is] */ /* [switch_type] */ union
{
/* [default] */ WORD Reserved;
/* [case()] */ BYTE IPPort;
/* [case()] */ WORD ByteSwappedIPXPort;
} HighPort;
WORD HighProtocolOffset;
} FRAME_DESCRIPTOR;
typedef FRAME_DESCRIPTOR *LPFRAME_DESCRIPTOR;
#define FRAME_DESCRIPTOR_SIZE ( sizeof( FRAME_DESCRIPTOR ) )
//=============================================================================
// Frame descriptor table.
//=============================================================================
typedef struct _FRAMETABLE
{
DWORD FrameTableLength;
DWORD StartIndex;
DWORD EndIndex;
DWORD FrameCount;
/* [size_is] */ FRAME_DESCRIPTOR Frames[ 1 ];
} FRAMETABLE;
typedef FRAMETABLE *LPFRAMETABLE;
//=============================================================================
// Station statistics.
//=============================================================================
#define STATIONSTATS_FLAGS_INITIALIZED ( 0x1 )
#define STATIONSTATS_FLAGS_EVENTPOSTED ( 0x2 )
#define STATIONSTATS_POOL_SIZE ( 100 )
typedef struct _STATIONSTATS
{
DWORD NextStationStats;
DWORD SessionPartnerList;
DWORD Flags;
BYTE StationAddress[ 6 ];
WORD Pad;
DWORD TotalPacketsReceived;
DWORD TotalDirectedPacketsSent;
DWORD TotalBroadcastPacketsSent;
DWORD TotalMulticastPacketsSent;
DWORD TotalBytesReceived;
DWORD TotalBytesSent;
} STATIONSTATS;
typedef STATIONSTATS *LPSTATIONSTATS;
#define STATIONSTATS_SIZE ( sizeof( STATIONSTATS ) )
//=============================================================================
// Session statistics.
//=============================================================================
#define SESSION_FLAGS_INITIALIZED ( 0x1 )
#define SESSION_FLAGS_EVENTPOSTED ( 0x2 )
#define SESSION_POOL_SIZE ( 100 )
typedef struct _SESSIONSTATS
{
DWORD NextSession;
DWORD StationOwner;
DWORD StationPartner;
DWORD Flags;
DWORD TotalPacketsSent;
} SESSIONSTATS;
typedef SESSIONSTATS *LPSESSIONSTATS;
#define SESSIONSTATS_SIZE ( sizeof( SESSIONSTATS ) )
//=============================================================================
// Station Query
//=============================================================================
// These structures are used to decode network data and so need to be packed
#pragma pack(push, 1)
#define STATIONQUERY_FLAGS_LOADED ( 0x1 )
#define STATIONQUERY_FLAGS_RUNNING ( 0x2 )
#define STATIONQUERY_FLAGS_CAPTURING ( 0x4 )
#define STATIONQUERY_FLAGS_TRANSMITTING ( 0x8 )
#define STATIONQUERY_VERSION_MINOR ( 0x1 )
#define STATIONQUERY_VERSION_MAJOR ( 0x2 )
typedef struct _OLDSTATIONQUERY
{
DWORD Flags;
BYTE BCDVerMinor;
BYTE BCDVerMajor;
DWORD LicenseNumber;
BYTE MachineName[ 16 ];
BYTE UserName[ 32 ];
BYTE Reserved[ 32 ];
BYTE AdapterAddress[ 6 ];
} OLDSTATIONQUERY;
typedef OLDSTATIONQUERY *LPOLDSTATIONQUERY;
#define OLDSTATIONQUERY_SIZE ( sizeof( OLDSTATIONQUERY ) )
typedef struct _STATIONQUERY
{
DWORD Flags;
BYTE BCDVerMinor;
BYTE BCDVerMajor;
DWORD LicenseNumber;
BYTE MachineName[ 16 ];
BYTE UserName[ 32 ];
BYTE Reserved[ 32 ];
BYTE AdapterAddress[ 6 ];
WCHAR WMachineName[ 16 ];
WCHAR WUserName[ 32 ];
} STATIONQUERY;
typedef STATIONQUERY *LPSTATIONQUERY;
#define STATIONQUERY_SIZE ( sizeof( STATIONQUERY ) )
#pragma pack(pop)
//=============================================================================
// structure.
//=============================================================================
typedef struct _QUERYTABLE
{
DWORD nStationQueries;
/* [size_is] */ STATIONQUERY StationQuery[ 1 ];
} QUERYTABLE;
typedef QUERYTABLE *LPQUERYTABLE;
#define QUERYTABLE_SIZE ( sizeof( QUERYTABLE ) )
//=============================================================================
// The LINK structure is used to chain structures together into a list.
//=============================================================================
typedef struct _LINK *LPLINK;
typedef struct _LINK
{
LPLINK PrevLink;
LPLINK NextLink;
} LINK;
//=============================================================================
// Security Request packet
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
typedef struct _SECURITY_PERMISSION_CHECK
{
UINT Version;
DWORD RandomNumber;
BYTE MachineName[ 16 ];
BYTE UserName[ 32 ];
UINT MacType;
BYTE PermanentAdapterAddress[ 6 ];
BYTE CurrentAdapterAddress[ 6 ];
WCHAR WMachineName[ 16 ];
WCHAR WUserName[ 32 ];
} SECURITY_PERMISSION_CHECK;
typedef SECURITY_PERMISSION_CHECK *LPSECURITY_PERMISSION_CHECK;
typedef SECURITY_PERMISSION_CHECK UNALIGNED * ULPSECURITY_PERMISSION_CHECK;
#define SECURITY_PERMISSION_CHECK_SIZE ( sizeof( SECURITY_PERMISSION_CHECK ) )
#pragma pack(pop)
//=============================================================================
// Security Response packet
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
#define MAX_SECURITY_BREACH_REASON_SIZE ( 100 )
#define MAX_SIGNATURE_LENGTH ( 128 )
#define MAX_USER_NAME_LENGTH ( 256 )
typedef struct _SECURITY_PERMISSION_RESPONSE
{
UINT Version;
DWORD RandomNumber;
BYTE MachineName[ 16 ];
BYTE Address[ 6 ];
BYTE UserName[ 256 ];
BYTE Reason[ 100 ];
DWORD SignatureLength;
BYTE Signature[ 128 ];
} SECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE *LPSECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE UNALIGNED * ULPSECURITY_PERMISSION_RESPONSE;
#define SECURITY_PERMISSION_RESPONSE_SIZE ( sizeof( SECURITY_PERMISSION_RESPONSE ) )
#pragma pack(pop)
//=============================================================================
// Callback type
//=============================================================================
// generic events
#define UPDATE_EVENT_TERMINATE_THREAD ( 0 )
#define UPDATE_EVENT_NETWORK_STATUS ( 0x1 )
// rtc events
#define UPDATE_EVENT_RTC_INTERVAL_ELAPSED ( 0x2 )
#define UPDATE_EVENT_RTC_FRAME_TABLE_FULL ( 0x3 )
#define UPDATE_EVENT_RTC_BUFFER_FULL ( 0x4 )
// delayed events
#define UPDATE_EVENT_TRIGGER_BUFFER_CONTENT ( 0x5 )
#define UPDATE_EVENT_TRIGGER_PATTERN_MATCH ( 0x6 )
#define UPDATE_EVENT_TRIGGER_BUFFER_PATTERN ( 0x7 )
#define UPDATE_EVENT_TRIGGER_PATTERN_BUFFER ( 0x8 )
// transmit events
#define UPDATE_EVENT_TRANSMIT_STATUS ( 0x9 )
// Security events
#define UPDATE_EVENT_SECURITY_BREACH ( 0xa )
// Remote failure event
#define UPDATE_EVENT_REMOTE_FAILURE ( 0xb )
// actions
#define UPDATE_ACTION_TERMINATE_THREAD ( 0 )
#define UPDATE_ACTION_NOTIFY ( 0x1 )
#define UPDATE_ACTION_STOP_CAPTURE ( 0x2 )
#define UPDATE_ACTION_PAUSE_CAPTURE ( 0x3 )
#define UPDATE_ACTION_RTC_BUFFER_SWITCH ( 0x4 )
typedef struct _UPDATE_EVENT
{
USHORT Event;
DWORD Action;
DWORD Status;
DWORD Value;
__int64 TimeStamp;
DWORD_PTR lpUserContext;
DWORD_PTR lpReserved;
UINT FramesDropped;
/* [switch_is] */ /* [switch_type] */ union
{
/* [default] */ DWORD Reserved;
/* [case()] */ LPFRAMETABLE lpFrameTable;
/* [case()] */ DWORD_PTR lpPacketQueue;
/* [case()] */ SECURITY_PERMISSION_RESPONSE SecurityResponse;
} ;
LPSTATISTICS lpFinalStats;
} UPDATE_EVENT;
typedef UPDATE_EVENT *PUPDATE_EVENT;
// note for c++ users:
// the declaration for this callback should be in the public part of the header file:
// static WINAPI DWORD NetworkCallback( UPDATE_EVENT events);
// and the implementation should be, in the protected section of the cpp file:
// DWORD WINAPI ClassName::NetworkCallback( UPDATE_EVENT events) {};
//typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);
typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);
//=============================================================================
// NETWORKSTATUS data structure.
//=============================================================================
typedef struct _NETWORKSTATUS
{
DWORD State;
DWORD Flags;
} NETWORKSTATUS;
typedef NETWORKSTATUS *LPNETWORKSTATUS;
#define NETWORKSTATUS_SIZE ( sizeof( NETWORKSTATUS ) )
#define NETWORKSTATUS_STATE_VOID ( 0 )
#define NETWORKSTATUS_STATE_INIT ( 1 )
#define NETWORKSTATUS_STATE_CAPTURING ( 2 )
#define NETWORKSTATUS_STATE_PAUSED ( 3 )
#define NETWORKSTATUS_FLAGS_TRIGGER_PENDING ( 0x1 )
//=============================================================================
// BONEPACKET structure.
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
#define BONE_COMMAND_STATION_QUERY_REQUEST ( 0 )
#define BONE_COMMAND_STATION_QUERY_RESPONSE ( 1 )
#define BONE_COMMAND_ALERT ( 2 )
#define BONE_COMMAND_PERMISSION_CHECK ( 3 )
#define BONE_COMMAND_PERMISSION_RESPONSE ( 4 )
#define BONE_COMMAND_SECURITY_MONITOR_EVENT ( 5 )
typedef struct _BONEPACKET
{
DWORD Signature;
BYTE Command;
BYTE Flags;
DWORD Reserved;
WORD Length;
} BONEPACKET;
typedef BONEPACKET *LPBONEPACKET;
typedef BONEPACKET UNALIGNED* ULPBONEPACKET;
#define BONEPACKET_SIZE ( sizeof( BONEPACKET ) )
#pragma pack(pop)
//=============================================================================
// BONE alert packet.
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
#define ALERT_CODE_BEGIN_TRANSMIT ( 0 )
typedef struct _ALERT
{
DWORD AlertCode;
WCHAR WMachineName[ 16 ];
WCHAR WUserName[ 32 ];
union
{
BYTE Pad[ 32 ];
DWORD nFramesToSend;
} ;
} ALERT;
typedef ALERT *LPALERT;
#define ALERT_SIZE ( sizeof( ALERT ) )
#pragma pack(pop)
//=============================================================================
// BONEPACKET signature.
//=============================================================================
#define MAKE_WORD(l, h) (((WORD) (l)) | (((WORD) (h)) << 8))
#define MAKE_LONG(l, h) (((DWORD) (l)) | (((DWORD) (h)) << 16L))
#define MAKE_SIG(a, b, c, d) MAKE_LONG(MAKE_WORD(a, b), MAKE_WORD(c, d))
#define BONE_PACKET_SIGNATURE MAKE_SIG('R', 'T', 'S', 'S')
//=============================================================================
// STATISTICS parameter structure.
//=============================================================================
#define MAX_SESSIONS ( 100 )
#define MAX_STATIONS ( 100 )
typedef struct _STATISTICSPARAM
{
DWORD StatisticsSize;
STATISTICS Statistics;
DWORD StatisticsTableEntries;
STATIONSTATS StatisticsTable[ 100 ];
DWORD SessionTableEntries;
SESSIONSTATS SessionTable[ 100 ];
} STATISTICSPARAM;
typedef STATISTICSPARAM *LPSTATISTICSPARAM;
#define STATISTICSPARAM_SIZE ( sizeof( STATISTICSPARAM ) )
//=============================================================================
// Capture file header.
//=============================================================================
// This structure is used to decode file data and so needs to be packed
#pragma pack(push, 1)
#define CAPTUREFILE_VERSION_MAJOR ( 2 )
#define CAPTUREFILE_VERSION_MINOR ( 0 )
#define MakeVersion(Major, Minor) ((DWORD) MAKEWORD(Minor, Major))
#define GetCurrentVersion() MakeVersion(CAPTUREFILE_VERSION_MAJOR, CAPTUREFILE_VERSION_MINOR)
#define NETMON_1_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('R', 'T', 'S', 'S')
#define NETMON_2_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('G', 'M', 'B', 'U')
typedef struct _CAPTUREFILE_HEADER_VALUES
{
DWORD Signature;
BYTE BCDVerMinor;
BYTE BCDVerMajor;
WORD MacType;
SYSTEMTIME TimeStamp;
DWORD FrameTableOffset;
DWORD FrameTableLength;
DWORD UserDataOffset;
DWORD UserDataLength;
DWORD CommentDataOffset;
DWORD CommentDataLength;
DWORD StatisticsOffset;
DWORD StatisticsLength;
DWORD NetworkInfoOffset;
DWORD NetworkInfoLength;
DWORD ConversationStatsOffset;
DWORD ConversationStatsLength;
} CAPTUREFILE_HEADER_VALUES;
typedef CAPTUREFILE_HEADER_VALUES *LPCAPTUREFILE_HEADER_VALUES;
#define CAPTUREFILE_HEADER_VALUES_SIZE ( sizeof( CAPTUREFILE_HEADER_VALUES ) )
#pragma pack(pop)
//=============================================================================
// Capture file.
//=============================================================================
// This structure is used to decode file data and so needs to be packed
#pragma pack(push, 1)
typedef struct _CAPTUREFILE_HEADER
{
union
{
CAPTUREFILE_HEADER_VALUES ActualHeader;
BYTE Buffer[ 72 ];
} ;
BYTE Reserved[ 56 ];
} CAPTUREFILE_HEADER;
typedef CAPTUREFILE_HEADER *LPCAPTUREFILE_HEADER;
#define CAPTUREFILE_HEADER_SIZE ( sizeof( CAPTUREFILE_HEADER ) )
#pragma pack(pop)
//=============================================================================
// Stats Frame definitions.
//=============================================================================
// These structures are used to create network data and so need to be packed
#pragma pack(push, 1)
typedef struct _EFRAMEHDR
{
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
WORD Length;
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[ 3 ];
WORD EtherType;
} EFRAMEHDR;
typedef struct _TRFRAMEHDR
{
BYTE AC;
BYTE FC;
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[ 3 ];
WORD EtherType;
} TRFRAMEHDR;
#define DEFAULT_TR_AC ( 0 )
#define DEFAULT_TR_FC ( 0x40 )
#define DEFAULT_SAP ( 0xaa )
#define DEFAULT_CONTROL ( 0x3 )
#define DEFAULT_ETHERTYPE ( 0x8419 )
typedef struct _FDDIFRAMEHDR
{
BYTE FC;
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[ 3 ];
WORD EtherType;
} FDDIFRAMEHDR;
#define DEFAULT_FDDI_FC ( 0x10 )
typedef struct _FDDISTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
FDDIFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} FDDISTATFRAME;
typedef FDDISTATFRAME *LPFDDISTATFRAME;
typedef FDDISTATFRAME UNALIGNED *ULPFDDISTATFRAME;
#define FDDISTATFRAME_SIZE ( sizeof( FDDISTATFRAME ) )
typedef struct _ATMFRAMEHDR
{
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
WORD Vpi;
WORD Vci;
} ATMFRAMEHDR;
typedef struct _ATMSTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
ATMFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} ATMSTATFRAME;
typedef ATMSTATFRAME *LPATMSTATFRAME;
typedef ATMSTATFRAME UNALIGNED *ULPATMSTATFRAME;
#define ATMSTATFRAME_SIZE ( sizeof( ATMSTATFRAME ) )
typedef struct _TRSTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
TRFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} TRSTATFRAME;
typedef TRSTATFRAME *LPTRSTATFRAME;
typedef TRSTATFRAME UNALIGNED *ULPTRSTATFRAME;
#define TRSTATFRAME_SIZE ( sizeof( TRSTATFRAME ) )
typedef struct _ESTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
EFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} ESTATFRAME;
typedef ESTATFRAME *LPESTATFRAME;
typedef ESTATFRAME UNALIGNED *ULPESTATFRAME;
#define ESTATFRAME_SIZE ( sizeof( ESTATFRAME ) )
#define STATISTICS_VERSION_1_0 ( 0 )
#define STATISTICS_VERSION_2_0 ( 0x20 )
#define MAX_STATSFRAME_SIZE ( sizeof( TRSTATFRAME ) )
#define STATS_FRAME_TYPE ( 103 )
#pragma pack(pop)
//=============================================================================
//=============================================================================
// (NMEvent.h)
//=============================================================================
//=============================================================================
// NMCOLUMNTYPE
typedef /* [public][public][public][public][public][public] */
enum __MIDL___MIDL_itf_netmon_0000_0006
{ NMCOLUMNTYPE_UINT8 = 0,
NMCOLUMNTYPE_SINT8 = NMCOLUMNTYPE_UINT8 + 1,
NMCOLUMNTYPE_UINT16 = NMCOLUMNTYPE_SINT8 + 1,
NMCOLUMNTYPE_SINT16 = NMCOLUMNTYPE_UINT16 + 1,
NMCOLUMNTYPE_UINT32 = NMCOLUMNTYPE_SINT16 + 1,
NMCOLUMNTYPE_SINT32 = NMCOLUMNTYPE_UINT32 + 1,
NMCOLUMNTYPE_FLOAT64 = NMCOLUMNTYPE_SINT32 + 1,
NMCOLUMNTYPE_FRAME = NMCOLUMNTYPE_FLOAT64 + 1,
NMCOLUMNTYPE_YESNO = NMCOLUMNTYPE_FRAME + 1,
NMCOLUMNTYPE_ONOFF = NMCOLUMNTYPE_YESNO + 1,
NMCOLUMNTYPE_TRUEFALSE = NMCOLUMNTYPE_ONOFF + 1,
NMCOLUMNTYPE_MACADDR = NMCOLUMNTYPE_TRUEFALSE + 1,
NMCOLUMNTYPE_IPXADDR = NMCOLUMNTYPE_MACADDR + 1,
NMCOLUMNTYPE_IPADDR = NMCOLUMNTYPE_IPXADDR + 1,
NMCOLUMNTYPE_VARTIME = NMCOLUMNTYPE_IPADDR + 1,
NMCOLUMNTYPE_STRING = NMCOLUMNTYPE_VARTIME + 1
} NMCOLUMNTYPE;
// NMCOLUMNVARIANT
typedef struct _NMCOLUMNVARIANT
{
NMCOLUMNTYPE Type;
union
{
BYTE Uint8Val;
char Sint8Val;
WORD Uint16Val;
short Sint16Val;
DWORD Uint32Val;
long Sint32Val;
DOUBLE Float64Val;
DWORD FrameVal;
BOOL YesNoVal;
BOOL OnOffVal;
BOOL TrueFalseVal;
BYTE MACAddrVal[ 6 ];
IPX_ADDR IPXAddrVal;
DWORD IPAddrVal;
DOUBLE VarTimeVal;
LPCSTR pStringVal;
} Value;
} NMCOLUMNVARIANT;
// COLUMNINFO
typedef struct _NMCOLUMNINFO
{
LPSTR szColumnName;
NMCOLUMNVARIANT VariantData;
} NMCOLUMNINFO;
typedef NMCOLUMNINFO *PNMCOLUMNINFO;
// JTYPE
typedef LPSTR JTYPE;
// EVENTDATA
typedef struct _NMEVENTDATA
{
LPSTR pszReserved;
BYTE Version;
DWORD EventIdent;
DWORD Flags;
DWORD Severity;
BYTE NumColumns;
LPSTR szSourceName;
LPSTR szEventName;
LPSTR szDescription;
LPSTR szMachine;
JTYPE Justification;
LPSTR szUrl;
SYSTEMTIME SysTime;
/* [size_is] */ NMCOLUMNINFO Column[ 1 ];
} NMEVENTDATA;
typedef NMEVENTDATA *PNMEVENTDATA;
// EVENT FLAGS
#define NMEVENTFLAG_MONITOR ( 0 )
#define NMEVENTFLAG_EXPERT ( 0x1 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY ( 0x80000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE ( 0x40000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME ( 0x20000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION ( 0x10000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE ( 0x8000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_TIME ( 0x4000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_DATE ( 0x2000000 )
//#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS (NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY |
// NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE |
// NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME |
// NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION|
// NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE |
// NMEVENTFLAG_DO_NOT_DISPLAY_TIME |
// NMEVENTFLAG_DO_NOT_DISPLAY_DATE )
#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS ( 0xfe000000 )
enum _NMEVENT_SEVERITIES
{ NMEVENT_SEVERITY_INFORMATIONAL = 0,
NMEVENT_SEVERITY_WARNING = NMEVENT_SEVERITY_INFORMATIONAL + 1,
NMEVENT_SEVERITY_STRONG_WARNING = NMEVENT_SEVERITY_WARNING + 1,
NMEVENT_SEVERITY_ERROR = NMEVENT_SEVERITY_STRONG_WARNING + 1,
NMEVENT_SEVERITY_SEVERE_ERROR = NMEVENT_SEVERITY_ERROR + 1,
NMEVENT_SEVERITY_CRITICAL_ERROR = NMEVENT_SEVERITY_SEVERE_ERROR + 1
} ;
//=============================================================================
//=============================================================================
// (NMmcs.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Monitor status values returned from call to GetMonitorStatus
//=============================================================================
#define MONITOR_STATUS_ERROR ( -1 )
#define MONITOR_STATUS_ENABLED ( 4 )
#define MONITOR_STATUS_CONFIGURED ( 5 )
#define MONITOR_STATUS_RUNNING ( 6 )
#define MONITOR_STATUS_RUNNING_FAULTED ( 9 )
#define MONITOR_STATUS_DELETED ( 10 )
#define MCS_COMMAND_ENABLE ( 13 )
#define MCS_COMMAND_DISABLE ( 14 )
#define MCS_COMMAND_SET_CONFIG ( 15 )
#define MCS_COMMAND_GET_CONFIG ( 16 )
#define MCS_COMMAND_START ( 17 )
#define MCS_COMMAND_STOP ( 18 )
#define MCS_COMMAND_CONNECT ( 19 )
#define MCS_COMMAND_RENAME ( 20 )
#define MCS_COMMAND_REFRESH_STATUS ( 21 )
//=============================================================================
// Monitor Creation Flags
//=============================================================================
#define MCS_CREATE_ONE_PER_NETCARD ( 0x1 )
#define MCS_CREATE_CONFIGS_BY_DEFAULT ( 0x10 )
#define MCS_CREATE_PMODE_NOT_REQUIRED ( 0x100 )
typedef __int64 HNMMONITOR;
//=============================================================================
// NPP_INFO
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0008
{
DWORD ListIndex;
/* [string] */ char *ShortName;
/* [string] */ char *LongName;
} NPP_INFO;
typedef NPP_INFO *PNPP_INFO;
//=============================================================================
// MONITOR_INFO
//=============================================================================
typedef struct _MONITOR_INFO
{
HNMMONITOR MonitorInstance;
HNMMONITOR MonitorClass;
DWORD CreateFlags;
DWORD Status;
DWORD ListIndex;
/* [string] */ char *pDescription;
/* [string] */ char *pScript;
/* [string] */ char *pConfiguration;
/* [string] */ char *pName;
} MONITOR_INFO;
typedef MONITOR_INFO *PMONITOR_INFO;
//=============================================================================
// MONITOR_MESSAGE
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0009
{
HNMMONITOR Monitor;
DWORD ListIndex;
/* [string] */ char *pszMessage;
} MONITOR_MESSAGE;
typedef MONITOR_MESSAGE *PMONITOR_MESSAGE;
//=============================================================================
// COMMAND_FAILED_EVENT
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0010
{
HNMMONITOR Monitor;
DWORD Command;
DWORD FailureCode;
DWORD ListIndex;
DWORD Status;
} COMMAND_FAILED_EVENT;
typedef COMMAND_FAILED_EVENT *PCOMMAND_FAILED_EVENT;
//=============================================================================
// MONITOR_STATUS_EVENT
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0011
{
HNMMONITOR Monitor;
DWORD LastCommand;
DWORD ListIndex;
DWORD Status;
DWORD FramesProcessed;
} MONITOR_STATUS_EVENT;
typedef MONITOR_STATUS_EVENT *PMONITOR_STATUS_EVENT;
//=============================================================================
// MCS_CLIENT
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0012
{
/* [string] */ OLECHAR *pwszName;
FILETIME FileTime;
DWORD pXMCS;
BOOL bCurrent;
} MCS_CLIENT;
typedef MCS_CLIENT *PMCS_CLIENT;
//=============================================================================
//=============================================================================
// (Finder.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Structures use by NPPs, the Finder, and monitors
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0013
{
DWORD dwNumBlobs;
/* [size_is] */ HBLOB hBlobs[ 1 ];
} BLOB_TABLE;
typedef BLOB_TABLE *PBLOB_TABLE;
typedef /* [public][public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0014
{
DWORD size;
/* [size_is] */ BYTE *pBytes;
} MBLOB;
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0015
{
DWORD dwNumBlobs;
/* [size_is] */ MBLOB mBlobs[ 1 ];
} MBLOB_TABLE;
typedef MBLOB_TABLE *PMBLOB_TABLE;
//=============================================================================
// Functions called by monitors, tools, netmon
//=============================================================================
DWORD _cdecl GetNPPBlobTable(HBLOB hFilterBlob,
PBLOB_TABLE* ppBlobTable);
DWORD _cdecl GetNPPBlobFromUI(HWND hwnd,
HBLOB hFilterBlob,
HBLOB* phBlob);
DWORD _cdecl GetNPPBlobFromUIExU(HWND hwnd,
HBLOB hFilterBlob,
HBLOB* phBlob,
char* szHelpFileName);
DWORD _cdecl SelectNPPBlobFromTable( HWND hwnd,
PBLOB_TABLE pBlobTable,
HBLOB* hBlob);
DWORD _cdecl SelectNPPBlobFromTableExU( HWND hwnd,
PBLOB_TABLE pBlobTable,
HBLOB* hBlob,
char* szHelpFileName);
//=============================================================================
// Helper functions provided by the Finder
//=============================================================================
__inline DWORD BLOB_TABLE_SIZE(DWORD dwNumBlobs)
{
return (DWORD) (sizeof(BLOB_TABLE)+dwNumBlobs*sizeof(HBLOB));
}
__inline PBLOB_TABLE AllocBlobTable(DWORD dwNumBlobs)
{
DWORD size = BLOB_TABLE_SIZE(dwNumBlobs);
return (PBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
}
__inline DWORD MBLOB_TABLE_SIZE(DWORD dwNumBlobs)
{
return (DWORD) (sizeof(MBLOB_TABLE)+dwNumBlobs*sizeof(MBLOB));
}
__inline PMBLOB_TABLE AllocMBlobTable(DWORD dwNumBlobs)
{
DWORD size = MBLOB_TABLE_SIZE(dwNumBlobs);
return (PMBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
}
//=============================================================================
// Functions provided by NPPs, called by the Finder
//=============================================================================
// For NPP's that can return a Blob table without additional configuration.
DWORD _cdecl GetNPPBlobs(PBLOB_TABLE* ppBlobTable);
typedef DWORD (_cdecl FAR* BLOBSPROC) (PBLOB_TABLE* ppBlobTable);
// For NPP's that need additional information to return a Blob table.
DWORD _cdecl GetConfigBlob(HBLOB* phBlob);
typedef DWORD (_cdecl FAR* GETCFGBLOB) (HBLOB, HBLOB*);
typedef DWORD (_cdecl FAR* CFGPROC) (HWND hwnd,
HBLOB SpecialBlob,
PBLOB_TABLE* ppBlobTable);
//=============================================================================
// Handy functions
//=============================================================================
BOOL _cdecl FilterNPPBlob(HBLOB hBlob, HBLOB FilterBlob);
BOOL _cdecl RaiseNMEvent(HINSTANCE hInstance,
WORD EventType,
DWORD EventID,
WORD nStrings,
const char** aInsertStrs,
LPVOID lpvData,
DWORD dwDataSize);
//=============================================================================
//=============================================================================
// (NMmonitor.h)
//=============================================================================
//=============================================================================
#ifdef __cplusplus
struct MONITOR;
typedef MONITOR* PMONITOR;
typedef void (WINAPI* MCSALERTPROC) (PMONITOR pMonitor, TCHAR* alert);
//****************************************************************************
// Our exported Monitor functions, that must be supported by ALL monitors
//****************************************************************************
// Create the Monitor, function called "CreateMonitor". The
// argument is a potential configuration structure
typedef DWORD (WINAPI* CREATEMONITOR)(PMONITOR* ppMonitor,
HBLOB hInputNPPBlob,
char* pConfiguration,
MCSALERTPROC McsAlertProc);
// Destroy the Monitor, function called "DestroyMonitor"
typedef DWORD (WINAPI* DESTROYMONITOR)(PMONITOR);
// We need the monitor's NPP filter blob: "GetMonitorFilter"
typedef DWORD (WINAPI* GETMONITORFILTER) (HBLOB* pFilterBlob);
// Get the monitor configuration "GetMonitorConfig"
// The pMonitor argument can not be null
typedef DWORD (WINAPI* GETMONITORCONFIG) (PMONITOR pMonitor,
char** ppScript,
char** ppConfiguration);
// Set the monitor configuration "SetMonitorConfig"
// The pMonitor argument can not be null
typedef DWORD (WINAPI* SETMONITORCONFIG) (PMONITOR pMonitor,
char* pConfiguration);
// The monitor's connect function: "ConnectMonitor"
typedef DWORD (WINAPI* CONNECTMONITOR) (PMONITOR pMonitor);
// The monitor's start function: "StartMonitor"
typedef DWORD (WINAPI* STARTMONITOR) (PMONITOR pMonitor, char** ppResponse);
// The monitor's stop function: "StopMonitor"
typedef DWORD (WINAPI* STOPMONITOR) (PMONITOR pMonitor);
// Get the monitor status: "GetMonitorStatus"
typedef DWORD (WINAPI* GETMONITORSTATUS) (PMONITOR pMonitor, DWORD* pStatus);
//****************************************************************************
// Optional function that allows the monitor dll to do specific functions
// prior to the creation of any monitors. "OneTimeSetup"
typedef DWORD (WINAPI* ONETIMESETUP) (void);
//****************************************************************************
//****************************************************************************
// Optional function that provides a description of the monitor
//****************************************************************************
// For current display porpoises, we could use this: "DescribeSelf"
typedef DWORD (WINAPI* DESCRIBESELF) (const char** ppName,
const char** ppDescription);
#endif // __cplusplus
//=============================================================================
//=============================================================================
// (NMSupp.h)
//=============================================================================
//=============================================================================
#ifndef __cplusplus
#ifndef try
#define try __try
#endif // try
#ifndef except
#define except __except
#endif // except
#endif // __cplusplus
//=============================================================================
// Windows version constants.
//=============================================================================
#define WINDOWS_VERSION_UNKNOWN ( 0 )
#define WINDOWS_VERSION_WIN32S ( 1 )
#define WINDOWS_VERSION_WIN32C ( 2 )
#define WINDOWS_VERSION_WIN32 ( 3 )
//=============================================================================
// Frame masks.
//=============================================================================
#define FRAME_MASK_ETHERNET ( ( BYTE )~0x1 )
#define FRAME_MASK_TOKENRING ( ( BYTE )~0x80 )
#define FRAME_MASK_FDDI ( ( BYTE )~0x1 )
//=============================================================================
// ACCESSRIGHTS
//=============================================================================
typedef
enum _ACCESSRIGHTS
{ AccessRightsNoAccess = 0,
AccessRightsMonitoring = AccessRightsNoAccess + 1,
AccessRightsUserAccess = AccessRightsMonitoring + 1,
AccessRightsAllAccess = AccessRightsUserAccess + 1
} ACCESSRIGHTS;
typedef ACCESSRIGHTS *PACCESSRIGHTS;
typedef LPVOID HPASSWORD;
#define HANDLE_TYPE_PASSWORD MAKE_IDENTIFIER('P', 'W', 'D', '$')
//=============================================================================
// Object heap type.
//=============================================================================
typedef LPVOID HOBJECTHEAP;
//=============================================================================
// Object cleanup procedure.
//=============================================================================
typedef VOID (WINAPI *OBJECTPROC)(HOBJECTHEAP, LPVOID);
//=============================================================================
// Network Monitor timers.
//=============================================================================
typedef struct _TIMER *HTIMER;
typedef VOID (WINAPI *BHTIMERPROC)(LPVOID);
HTIMER WINAPI BhSetTimer(BHTIMERPROC TimerProc, LPVOID InstData, DWORD TimeOut);
VOID WINAPI BhKillTimer(HTIMER hTimer);
//=============================================================================
// Network Monitor global error API.
//=============================================================================
DWORD WINAPI BhGetLastError(VOID);
DWORD WINAPI BhSetLastError(DWORD Error);
//=============================================================================
// Object manager function prototypes.
//=============================================================================
HOBJECTHEAP WINAPI CreateObjectHeap(DWORD ObjectSize, OBJECTPROC ObjectProc);
HOBJECTHEAP WINAPI DestroyObjectHeap(HOBJECTHEAP hObjectHeap);
LPVOID WINAPI AllocObject(HOBJECTHEAP hObjectHeap);
LPVOID WINAPI FreeObject(HOBJECTHEAP hObjectHeap, LPVOID ObjectMemory);
DWORD WINAPI GrowObjectHeap(HOBJECTHEAP hObjectHeap, DWORD nObjects);
DWORD WINAPI GetObjectHeapSize(HOBJECTHEAP hObjectHeap);
VOID WINAPI PurgeObjectHeap(HOBJECTHEAP hObjectHeap);
//=============================================================================
// Memory functions.
//=============================================================================
LPVOID WINAPI AllocMemory(SIZE_T size);
LPVOID WINAPI ReallocMemory(LPVOID ptr, SIZE_T NewSize);
VOID WINAPI FreeMemory(LPVOID ptr);
VOID WINAPI TestMemory(LPVOID ptr);
SIZE_T WINAPI MemorySize(LPVOID ptr);
HANDLE WINAPI MemoryHandle(LPBYTE ptr);
//=============================================================================
// Password API's.
//=============================================================================
HPASSWORD WINAPI CreatePassword(LPSTR password);
VOID WINAPI DestroyPassword(HPASSWORD hPassword);
ACCESSRIGHTS WINAPI ValidatePassword(HPASSWORD hPassword);
//=============================================================================
// EXPRESSION API's
//=============================================================================
LPEXPRESSION WINAPI InitializeExpression(LPEXPRESSION Expression);
LPPATTERNMATCH WINAPI InitializePattern(LPPATTERNMATCH Pattern, LPVOID ptr, DWORD offset, DWORD length);
LPEXPRESSION WINAPI AndExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);
LPEXPRESSION WINAPI OrExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);
LPPATTERNMATCH WINAPI NegatePattern(LPPATTERNMATCH Pattern);
LPADDRESSTABLE WINAPI AdjustOperatorPrecedence(LPADDRESSTABLE AddressTable);
LPADDRESS WINAPI NormalizeAddress(LPADDRESS Address);
LPADDRESSTABLE WINAPI NormalizeAddressTable(LPADDRESSTABLE AddressTable);
//=============================================================================
// MISC. API's
//=============================================================================
DWORD WINAPI BhGetWindowsVersion(VOID);
BOOL WINAPI IsDaytona(VOID);
VOID _cdecl dprintf(LPSTR format, ...);
//=============================================================================
//=============================================================================
// (BHTypes.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Unaligned base type definitions.
//=============================================================================
typedef VOID UNALIGNED *ULPVOID;
typedef BYTE UNALIGNED *ULPBYTE;
typedef WORD UNALIGNED *ULPWORD;
typedef DWORD UNALIGNED *ULPDWORD;
typedef CHAR UNALIGNED *ULPSTR;
typedef SYSTEMTIME UNALIGNED *ULPSYSTEMTIME;
//=============================================================================
// Handle definitions.
//=============================================================================
typedef struct _PARSER *HPARSER;
typedef struct _CAPFRAMEDESC *HFRAME;
typedef struct _CAPTURE *HCAPTURE;
typedef struct _FILTER *HFILTER;
typedef struct _ADDRESSDB *HADDRESSDB;
typedef struct _PROTOCOL *HPROTOCOL;
typedef DWORD_PTR HPROPERTY;
typedef HPROTOCOL *LPHPROTOCOL;
//=============================================================================
// GetTableSize() -- The following macro is used to calculate the actual
// length of Network Monitor variable-length table structures.
//
// EXAMPLE:
//
// GetTableSize(PROTOCOLTABLESIZE,
// ProtocolTable->nProtocols,
// sizeof(HPROTOCOL))
//=============================================================================
#define GetTableSize(TableBaseSize, nElements, ElementSize) ((TableBaseSize) + ((nElements) * (ElementSize)))
//=============================================================================
// Object type identifiers.
//=============================================================================
typedef DWORD OBJECTTYPE;
#ifndef MAKE_IDENTIFIER
#define MAKE_IDENTIFIER(a, b, c, d) ((DWORD) MAKELONG(MAKEWORD(a, b), MAKEWORD(c, d)))
#endif // MAKE_IDENTIFIER
#define HANDLE_TYPE_INVALID MAKE_IDENTIFIER(-1, -1, -1, -1)
#define HANDLE_TYPE_CAPTURE MAKE_IDENTIFIER('C', 'A', 'P', '$')
#define HANDLE_TYPE_PARSER MAKE_IDENTIFIER('P', 'S', 'R', '$')
#define HANDLE_TYPE_ADDRESSDB MAKE_IDENTIFIER('A', 'D', 'R', '$')
#define HANDLE_TYPE_PROTOCOL MAKE_IDENTIFIER('P', 'R', 'T', '$')
#define HANDLE_TYPE_BUFFER MAKE_IDENTIFIER('B', 'U', 'F', '$')
//=============================================================================
// Network Monitor constant definitions.
//=============================================================================
#define INLINE __inline
#define BHAPI WINAPI
#define MAX_NAME_LENGTH ( 16 )
#define MAX_ADDR_LENGTH ( 6 )
//=============================================================================
// Ethernet type (ETYPE) constant definitions.
//=============================================================================
#define ETYPE_LOOP ( 0x9000 )
#define ETYPE_3COM_NETMAP1 ( 0x9001 )
#define ETYPE_3COM_NETMAP2 ( 0x9002 )
#define ETYPE_IBM_RT ( 0x80d5 )
#define ETYPE_NETWARE ( 0x8137 )
#define ETYPE_XNS1 ( 0x600 )
#define ETYPE_XNS2 ( 0x807 )
#define ETYPE_3COM_NBP0 ( 0x3c00 )
#define ETYPE_3COM_NBP1 ( 0x3c01 )
#define ETYPE_3COM_NBP2 ( 0x3c02 )
#define ETYPE_3COM_NBP3 ( 0x3c03 )
#define ETYPE_3COM_NBP4 ( 0x3c04 )
#define ETYPE_3COM_NBP5 ( 0x3c05 )
#define ETYPE_3COM_NBP6 ( 0x3c06 )
#define ETYPE_3COM_NBP7 ( 0x3c07 )
#define ETYPE_3COM_NBP8 ( 0x3c08 )
#define ETYPE_3COM_NBP9 ( 0x3c09 )
#define ETYPE_3COM_NBP10 ( 0x3c0a )
#define ETYPE_IP ( 0x800 )
#define ETYPE_ARP1 ( 0x806 )
#define ETYPE_ARP2 ( 0x807 )
#define ETYPE_RARP ( 0x8035 )
#define ETYPE_TRLR0 ( 0x1000 )
#define ETYPE_TRLR1 ( 0x1001 )
#define ETYPE_TRLR2 ( 0x1002 )
#define ETYPE_TRLR3 ( 0x1003 )
#define ETYPE_TRLR4 ( 0x1004 )
#define ETYPE_TRLR5 ( 0x1005 )
#define ETYPE_PUP ( 0x200 )
#define ETYPE_PUP_ARP ( 0x201 )
#define ETYPE_APPLETALK_ARP ( 0x80f3 )
#define ETYPE_APPLETALK_LAP ( 0x809b )
#define ETYPE_SNMP ( 0x814c )
//=============================================================================
// LLC (802.2) SAP constant definitions.
//=============================================================================
#define SAP_SNAP ( 0xaa )
#define SAP_BPDU ( 0x42 )
#define SAP_IBM_NM ( 0xf4 )
#define SAP_IBM_NETBIOS ( 0xf0 )
#define SAP_SNA1 ( 0x4 )
#define SAP_SNA2 ( 0x5 )
#define SAP_SNA3 ( 0x8 )
#define SAP_SNA4 ( 0xc )
#define SAP_NETWARE1 ( 0x10 )
#define SAP_NETWARE2 ( 0xe0 )
#define SAP_NETWARE3 ( 0xfe )
#define SAP_IP ( 0x6 )
#define SAP_X25 ( 0x7e )
#define SAP_RPL1 ( 0xf8 )
#define SAP_RPL2 ( 0xfc )
#define SAP_UB ( 0xfa )
#define SAP_XNS ( 0x80 )
//=============================================================================
// Property constants
//=============================================================================
// data types
#define PROP_TYPE_VOID ( 0 )
#define PROP_TYPE_SUMMARY ( 0x1 )
#define PROP_TYPE_BYTE ( 0x2 )
#define PROP_TYPE_WORD ( 0x3 )
#define PROP_TYPE_DWORD ( 0x4 )
#define PROP_TYPE_LARGEINT ( 0x5 )
#define PROP_TYPE_ADDR ( 0x6 )
#define PROP_TYPE_TIME ( 0x7 )
#define PROP_TYPE_STRING ( 0x8 )
#define PROP_TYPE_IP_ADDRESS ( 0x9 )
#define PROP_TYPE_IPX_ADDRESS ( 0xa )
#define PROP_TYPE_BYTESWAPPED_WORD ( 0xb )
#define PROP_TYPE_BYTESWAPPED_DWORD ( 0xc )
#define PROP_TYPE_TYPED_STRING ( 0xd )
#define PROP_TYPE_RAW_DATA ( 0xe )
#define PROP_TYPE_COMMENT ( 0xf )
#define PROP_TYPE_SRCFRIENDLYNAME ( 0x10 )
#define PROP_TYPE_DSTFRIENDLYNAME ( 0x11 )
#define PROP_TYPE_TOKENRING_ADDRESS ( 0x12 )
#define PROP_TYPE_FDDI_ADDRESS ( 0x13 )
#define PROP_TYPE_ETHERNET_ADDRESS ( 0x14 )
#define PROP_TYPE_OBJECT_IDENTIFIER ( 0x15 )
#define PROP_TYPE_VINES_IP_ADDRESS ( 0x16 )
#define PROP_TYPE_VAR_LEN_SMALL_INT ( 0x17 )
#define PROP_TYPE_ATM_ADDRESS ( 0x18 )
#define PROP_TYPE_1394_ADDRESS ( 0x19 )
// data qualifiers
#define PROP_QUAL_NONE ( 0 )
#define PROP_QUAL_RANGE ( 0x1 )
#define PROP_QUAL_SET ( 0x2 )
#define PROP_QUAL_BITFIELD ( 0x3 )
#define PROP_QUAL_LABELED_SET ( 0x4 )
#define PROP_QUAL_LABELED_BITFIELD ( 0x8 )
#define PROP_QUAL_CONST ( 0x9 )
#define PROP_QUAL_FLAGS ( 0xa )
#define PROP_QUAL_ARRAY ( 0xb )
//=============================================================================
// LARGEINT structure defined in winnt.h
//=============================================================================
typedef LARGE_INTEGER *LPLARGEINT;
typedef LARGE_INTEGER UNALIGNED *ULPLARGEINT;
//=============================================================================
// Range structure.
//=============================================================================
typedef struct _RANGE
{
DWORD MinValue;
DWORD MaxValue;
} RANGE;
typedef RANGE *LPRANGE;
//=============================================================================
// LABELED_BYTE structure
//=============================================================================
typedef struct _LABELED_BYTE
{
BYTE Value;
LPSTR Label;
} LABELED_BYTE;
typedef LABELED_BYTE *LPLABELED_BYTE;
//=============================================================================
// LABELED_WORD structure
//=============================================================================
typedef struct _LABELED_WORD
{
WORD Value;
LPSTR Label;
} LABELED_WORD;
typedef LABELED_WORD *LPLABELED_WORD;
//=============================================================================
// LABELED_DWORD structure
//=============================================================================
typedef struct _LABELED_DWORD
{
DWORD Value;
LPSTR Label;
} LABELED_DWORD;
typedef LABELED_DWORD *LPLABELED_DWORD;
//=============================================================================
// LABELED_LARGEINT structure
//=============================================================================
typedef struct _LABELED_LARGEINT
{
LARGE_INTEGER Value;
LPSTR Label;
} LABELED_LARGEINT;
typedef LABELED_LARGEINT *LPLABELED_LARGEINT;
//=============================================================================
// LABELED_SYSTEMTIME structure
//=============================================================================
typedef struct _LABELED_SYSTEMTIME
{
SYSTEMTIME Value;
LPSTR Label;
} LABELED_SYSTEMTIME;
typedef LABELED_SYSTEMTIME *LPLABELED_SYSTEMTIME;
//=============================================================================
// LABELED_BIT structure
//=============================================================================
// BitNumber starts at 0, up to 256 bits.
typedef struct _LABELED_BIT
{
BYTE BitNumber;
LPSTR LabelOff;
LPSTR LabelOn;
} LABELED_BIT;
typedef LABELED_BIT *LPLABELED_BIT;
//=============================================================================
// TYPED_STRING structure
//=============================================================================
#define TYPED_STRING_NORMAL ( 1 )
#define TYPED_STRING_UNICODE ( 2 )
#define TYPED_STRING_EXFLAG ( 1 )
// Typed Strings are always Ex, so to actually Ex we set fStringEx and put the Ex data in Byte
typedef struct _TYPED_STRING
{
BYTE StringType:7;
BYTE fStringEx:1;
LPSTR lpString;
BYTE Byte[0];
} TYPED_STRING;
typedef TYPED_STRING *LPTYPED_STRING;
//=============================================================================
// OBJECT_IDENTIFIER structure
//=============================================================================
typedef struct _OBJECT_IDENTIFIER
{
DWORD Length;
LPDWORD lpIdentifier;
} OBJECT_IDENTIFIER;
typedef OBJECT_IDENTIFIER *LPOBJECT_IDENTIFIER;
//=============================================================================
// Set structure.
//=============================================================================
typedef struct _SET
{
DWORD nEntries;
union
{
LPVOID lpVoidTable;
LPBYTE lpByteTable;
LPWORD lpWordTable;
LPDWORD lpDwordTable;
LPLARGEINT lpLargeIntTable;
LPSYSTEMTIME lpSystemTimeTable;
LPLABELED_BYTE lpLabeledByteTable;
LPLABELED_WORD lpLabeledWordTable;
LPLABELED_DWORD lpLabeledDwordTable;
LPLABELED_LARGEINT lpLabeledLargeIntTable;
LPLABELED_SYSTEMTIME lpLabeledSystemTimeTable;
LPLABELED_BIT lpLabeledBit;
} ;
} SET;
typedef SET *LPSET;
//=============================================================================
// String table.
//=============================================================================
typedef struct _STRINGTABLE
{
DWORD nStrings;
LPSTR String[0];
} STRINGTABLE;
typedef STRINGTABLE *LPSTRINGTABLE;
#define STRINGTABLE_SIZE sizeof(STRINGTABLE)
//=============================================================================
// RECOGNIZEDATA structure.
//
// This structure to keep track of the start of each recognized protocol.
//=============================================================================
typedef struct _RECOGNIZEDATA
{
WORD ProtocolID;
WORD nProtocolOffset;
LPVOID InstData;
} RECOGNIZEDATA;
typedef RECOGNIZEDATA *LPRECOGNIZEDATA;
//=============================================================================
// RECOGNIZEDATATABLE structure.
//
// This structure to keep track of the start of each RECOGNIZEDATA structure
//=============================================================================
typedef struct _RECOGNIZEDATATABLE
{
WORD nRecognizeDatas; //... number of RECOGNIZEDATA structures
RECOGNIZEDATA RecognizeData[0]; //... array of RECOGNIZEDATA structures follows
} RECOGNIZEDATATABLE;
typedef RECOGNIZEDATATABLE * LPRECOGNIZEDATATABLE;
//=============================================================================
// Property information structure.
//=============================================================================
typedef struct _PROPERTYINFO
{
HPROPERTY hProperty;
DWORD Version;
LPSTR Label;
LPSTR Comment;
BYTE DataType;
BYTE DataQualifier;
union
{
LPVOID lpExtendedInfo;
LPRANGE lpRange;
LPSET lpSet;
DWORD Bitmask;
DWORD Value;
} ;
WORD FormatStringSize;
LPVOID InstanceData;
} PROPERTYINFO;
typedef PROPERTYINFO *LPPROPERTYINFO;
#define PROPERTYINFO_SIZE ( sizeof( PROPERTYINFO ) )
//=============================================================================
// Property instance Extended structure.
//=============================================================================
typedef struct _PROPERTYINSTEX
{
WORD Length; //... length of raw data in frame
WORD LengthEx; //... number of bytes following
ULPVOID lpData; //... pointer to raw data in frame
union
{
BYTE Byte[]; //... table of bytes follows
WORD Word[]; //... table of words follows
DWORD Dword[]; //... table of Dwords follows
LARGE_INTEGER LargeInt[]; //... table of LARGEINT structures to follow
SYSTEMTIME SysTime[]; //... table of SYSTEMTIME structures follows
TYPED_STRING TypedString;//... a typed_string that may have extended data
};
} PROPERTYINSTEX;
typedef PROPERTYINSTEX *LPPROPERTYINSTEX;
typedef PROPERTYINSTEX UNALIGNED *ULPPROPERTYINSTEX;
#define PROPERTYINSTEX_SIZE sizeof(PROPERTYINSTEX)
//=============================================================================
// Property instance structure.
//=============================================================================
typedef struct _PROPERTYINST
{
LPPROPERTYINFO lpPropertyInfo; // pointer to property info
LPSTR szPropertyText; // pointer to string description
union
{
LPVOID lpData; // pointer to data
ULPBYTE lpByte; // bytes
ULPWORD lpWord; // words
ULPDWORD lpDword; // dwords
ULPLARGEINT lpLargeInt; // LargeInt
ULPSYSTEMTIME lpSysTime; // pointer to SYSTEMTIME structures
LPPROPERTYINSTEX lpPropertyInstEx; // pointer to propertyinstex (if DataLength = -1)
};
WORD DataLength; // length of data, or flag for propertyinstex struct
WORD Level : 4 ; // level information ............1111
WORD HelpID : 12 ; // context ID for helpfile 111111111111....
// ---------------
// total of 16 bits == 1 WORD == DWORD ALIGNED structure
// Interpretation Flags: Flags that define attach time information to the
// interpretation of the property. For example, in RPC, the client can be
// Intel format and the server can be non-Intel format... thus the property
// database cannot describe the property at database creation time.
DWORD IFlags;
} PROPERTYINST;
typedef PROPERTYINST *LPPROPERTYINST;
#define PROPERTYINST_SIZE sizeof(PROPERTYINST)
// Flags passed at AttachPropertyInstance and AttachPropertyInstanceEx time in the IFlags field:
// flag for error condition ...............1
#define IFLAG_ERROR ( 0x1 )
// is the WORD or DWORD byte non-Intel format at attach time?
#define IFLAG_SWAPPED ( 0x2 )
// is the STRING UNICODE at attach time?
#define IFLAG_UNICODE ( 0x4 )
//=============================================================================
// Property instance table structure.
//=============================================================================
typedef struct _PROPERTYINSTTABLE
{
WORD nPropertyInsts;
WORD nPropertyInstIndex;
} PROPERTYINSTTABLE;
typedef PROPERTYINSTTABLE *LPPROPERTYINSTTABLE;
#define PROPERTYINSTTABLE_SIZE ( sizeof( PROPERTYINSTTABLE ) )
//=============================================================================
// Property table structure.
//=============================================================================
typedef struct _PROPERTYTABLE
{
LPVOID lpFormatBuffer; //... Opaque. (PRIVATE)
DWORD FormatBufferLength; //... Opaque. (PRIVATE)
DWORD nTotalPropertyInsts; //... total number of propertyinstances in array
LPPROPERTYINST lpFirstPropertyInst; //... array of property instances
BYTE nPropertyInstTables; //... total PropertyIndexTables following
PROPERTYINSTTABLE PropertyInstTable[0]; //... array of propertyinstance index table structures
} PROPERTYTABLE;
typedef PROPERTYTABLE *LPPROPERTYTABLE;
#define PROPERTYTABLE_SIZE sizeof(PROPERTYTABLE)
//=============================================================================
// Protocol entry points.
//=============================================================================
typedef VOID (WINAPI *REGISTER)(HPROTOCOL);
typedef VOID (WINAPI *DEREGISTER)(HPROTOCOL);
typedef LPBYTE (WINAPI *RECOGNIZEFRAME)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, LPDWORD, LPHPROTOCOL, PDWORD_PTR);
typedef LPBYTE (WINAPI *ATTACHPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, DWORD_PTR);
typedef DWORD (WINAPI *FORMATPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, LPPROPERTYINST);
//=============================================================================
// Protocol entry point structure.
//=============================================================================
typedef struct _ENTRYPOINTS
{
REGISTER Register; //... Protocol Register() entry point.
DEREGISTER Deregister; //... Protocol Deregister() entry point.
RECOGNIZEFRAME RecognizeFrame; //... Protocol RecognizeFrame() entry point.
ATTACHPROPERTIES AttachProperties; //... Protocol AttachProperties() entry point.
FORMATPROPERTIES FormatProperties; //... Protocol FormatProperties() entry point.
} ENTRYPOINTS;
typedef ENTRYPOINTS *LPENTRYPOINTS;
#define ENTRYPOINTS_SIZE sizeof(ENTRYPOINTS)
//=============================================================================
// Property database structure.
//=============================================================================
typedef struct _PROPERTYDATABASE
{
DWORD nProperties; //... Number of properties in database.
LPPROPERTYINFO PropertyInfo[0]; //... Array of property info pointers.
} PROPERTYDATABASE;
#define PROPERTYDATABASE_SIZE sizeof(PROPERTYDATABASE)
typedef PROPERTYDATABASE *LPPROPERTYDATABASE;
//=============================================================================
// Protocol info structure (PUBLIC portion of HPROTOCOL).
//=============================================================================
typedef struct _PROTOCOLINFO
{
DWORD ProtocolID; //... Prootocol ID of owning protocol.
LPPROPERTYDATABASE PropertyDatabase; //... Property database.
BYTE ProtocolName[16]; //... Protocol name.
BYTE HelpFile[16]; //... Optional helpfile name.
BYTE Comment[128]; //... Comment describing protocol.
} PROTOCOLINFO;
typedef PROTOCOLINFO *LPPROTOCOLINFO;
#define PROTOCOLINFO_SIZE sizeof(PROTOCOLINFO)
//=============================================================================
// Protocol Table.
//=============================================================================
typedef struct _PROTOCOLTABLE
{
DWORD nProtocols;
HPROTOCOL hProtocol[ 1 ];
} PROTOCOLTABLE;
typedef PROTOCOLTABLE *LPPROTOCOLTABLE;
#define PROTOCOLTABLE_SIZE ( sizeof( PROTOCOLTABLE ) - sizeof( HPROTOCOL ) )
#define PROTOCOLTABLE_ACTUAL_SIZE(p) GetTableSize(PROTOCOLTABLE_SIZE, (p)->nProtocols, sizeof(HPROTOCOL))
//=============================================================================
// AddressInfo structure
//=============================================================================
#define SORT_BYADDRESS ( 0 )
#define SORT_BYNAME ( 1 )
#define PERMANENT_NAME ( 0x100 )
typedef struct _ADDRESSINFO
{
ADDRESS Address;
WCHAR Name[MAX_NAME_SIZE];
DWORD Flags;
LPVOID lpAddressInstData;
} ADDRESSINFO;
typedef struct _ADDRESSINFO *LPADDRESSINFO;
#define ADDRESSINFO_SIZE sizeof(ADDRESSINFO)
//=============================================================================
// AddressInfoTable
//=============================================================================
typedef struct _ADDRESSINFOTABLE
{
DWORD nAddressInfos;
LPADDRESSINFO lpAddressInfo[0];
} ADDRESSINFOTABLE;
typedef ADDRESSINFOTABLE *LPADDRESSINFOTABLE;
#define ADDRESSINFOTABLE_SIZE sizeof(ADDRESSINFOTABLE)
//=============================================================================
// callback procedures.
//=============================================================================
typedef DWORD (WINAPI *FILTERPROC)(HCAPTURE, HFRAME, LPVOID);
//=============================================================================
//=============================================================================
// (NMErr.h)
//=============================================================================
//=============================================================================
// The operation succeeded.
#define NMERR_SUCCESS ( 0 )
// An error occured creating a memory-mapped file.
#define NMERR_MEMORY_MAPPED_FILE_ERROR ( 1 )
// The handle to a filter is invalid.
#define NMERR_INVALID_HFILTER ( 2 )
// Capturing has already been started.
#define NMERR_CAPTURING ( 3 )
// Capturing has not been started.
#define NMERR_NOT_CAPTURING ( 4 )
// The are no frames available.
#define NMERR_NO_MORE_FRAMES ( 5 )
// The buffer is too small to complete the operation.
#define NMERR_BUFFER_TOO_SMALL ( 6 )
// No protocol was able to recognize the frame.
#define NMERR_FRAME_NOT_RECOGNIZED ( 7 )
// The file already exists.
#define NMERR_FILE_ALREADY_EXISTS ( 8 )
// A needed device driver was not found or is not loaded.
#define NMERR_DRIVER_NOT_FOUND ( 9 )
// This address aready exists in the database.
#define NMERR_ADDRESS_ALREADY_EXISTS ( 10 )
// The frame handle is invalid.
#define NMERR_INVALID_HFRAME ( 11 )
// The protocol handle is invalid.
#define NMERR_INVALID_HPROTOCOL ( 12 )
// The property handle is invalid.
#define NMERR_INVALID_HPROPERTY ( 13 )
// The the object has been locked.
#define NMERR_LOCKED ( 14 )
// A pop operation was attempted on an empty stack.
#define NMERR_STACK_EMPTY ( 15 )
// A push operation was attempted on an full stack.
#define NMERR_STACK_OVERFLOW ( 16 )
// There are too many protocols active.
#define NMERR_TOO_MANY_PROTOCOLS ( 17 )
// The file was not found.
#define NMERR_FILE_NOT_FOUND ( 18 )
// No memory was available. Shut down windows to free up resources.
#define NMERR_OUT_OF_MEMORY ( 19 )
// The capture is already in the paused state.
#define NMERR_CAPTURE_PAUSED ( 20 )
// There are no buffers available or present.
#define NMERR_NO_BUFFERS ( 21 )
// There are already buffers present.
#define NMERR_BUFFERS_ALREADY_EXIST ( 22 )
// The object is not locked.
#define NMERR_NOT_LOCKED ( 23 )
// A integer type was out of range.
#define NMERR_OUT_OF_RANGE ( 24 )
// An object was locked too many times.
#define NMERR_LOCK_NESTING_TOO_DEEP ( 25 )
// A parser failed to load.
#define NMERR_LOAD_PARSER_FAILED ( 26 )
// A parser failed to unload.
#define NMERR_UNLOAD_PARSER_FAILED ( 27 )
// The address database handle is invalid.
#define NMERR_INVALID_HADDRESSDB ( 28 )
// The MAC address was not found in the database.
#define NMERR_ADDRESS_NOT_FOUND ( 29 )
// The network software was not found in the system.
#define NMERR_NETWORK_NOT_PRESENT ( 30 )
// There is no property database for a protocol.
#define NMERR_NO_PROPERTY_DATABASE ( 31 )
// A property was not found in the database.
#define NMERR_PROPERTY_NOT_FOUND ( 32 )
// The property database handle is in valid.
#define NMERR_INVALID_HPROPERTYDB ( 33 )
// The protocol has not been enabled.
#define NMERR_PROTOCOL_NOT_ENABLED ( 34 )
// The protocol DLL could not be found.
#define NMERR_PROTOCOL_NOT_FOUND ( 35 )
// The parser DLL is not valid.
#define NMERR_INVALID_PARSER_DLL ( 36 )
// There are no properties attached.
#define NMERR_NO_ATTACHED_PROPERTIES ( 37 )
// There are no frames in the buffer.
#define NMERR_NO_FRAMES ( 38 )
// The capture file format is not valid.
#define NMERR_INVALID_FILE_FORMAT ( 39 )
// The OS could not create a temporary file.
#define NMERR_COULD_NOT_CREATE_TEMPFILE ( 40 )
// There is not enough MS-DOS memory available.
#define NMERR_OUT_OF_DOS_MEMORY ( 41 )
// There are no protocols enabled.
#define NMERR_NO_PROTOCOLS_ENABLED ( 42 )
// The MAC type is invalid or unsupported.
#define NMERR_UNKNOWN_MACTYPE ( 46 )
// There is no routing information present in the MAC frame.
#define NMERR_ROUTING_INFO_NOT_PRESENT ( 47 )
// The network handle is invalid.
#define NMERR_INVALID_HNETWORK ( 48 )
// The network is already open.
#define NMERR_NETWORK_ALREADY_OPENED ( 49 )
// The network is not open.
#define NMERR_NETWORK_NOT_OPENED ( 50 )
// The frame was not found in the buffer.
#define NMERR_FRAME_NOT_FOUND ( 51 )
// There are no handles available.
#define NMERR_NO_HANDLES ( 53 )
// The network ID is invalid.
#define NMERR_INVALID_NETWORK_ID ( 54 )
// The capture handle is invalid.
#define NMERR_INVALID_HCAPTURE ( 55 )
// The protocol has already been enabled.
#define NMERR_PROTOCOL_ALREADY_ENABLED ( 56 )
// The filter expression is invalid.
#define NMERR_FILTER_INVALID_EXPRESSION ( 57 )
// A transmit error occured.
#define NMERR_TRANSMIT_ERROR ( 58 )
// The buffer handle is invalid.
#define NMERR_INVALID_HBUFFER ( 59 )
// The specified data is unknown or invalid.
#define NMERR_INVALID_DATA ( 60 )
// The MS-DOS/NDIS 2.0 network driver is not loaded.
#define NMERR_MSDOS_DRIVER_NOT_LOADED ( 61 )
// The Windows VxD/NDIS 3.0 network driver is not loaded.
#define NMERR_WINDOWS_DRIVER_NOT_LOADED ( 62 )
// The MS-DOS/NDIS 2.0 driver had an init-time failure.
#define NMERR_MSDOS_DRIVER_INIT_FAILURE ( 63 )
// The Windows/NDIS 3.0 driver had an init-time failure.
#define NMERR_WINDOWS_DRIVER_INIT_FAILURE ( 64 )
// The network driver is busy and cannot handle requests.
#define NMERR_NETWORK_BUSY ( 65 )
// The capture is not paused.
#define NMERR_CAPTURE_NOT_PAUSED ( 66 )
// The frame/packet length is not valid.
#define NMERR_INVALID_PACKET_LENGTH ( 67 )
// An internal exception occured.
#define NMERR_INTERNAL_EXCEPTION ( 69 )
// The MAC driver does not support promiscious mode.
#define NMERR_PROMISCUOUS_MODE_NOT_SUPPORTED ( 70 )
// The MAC driver failed to open.
#define NMERR_MAC_DRIVER_OPEN_FAILURE ( 71 )
// The protocol went off the end of the frame.
#define NMERR_RUNAWAY_PROTOCOL ( 72 )
// An asynchronous operation is still pending.
#define NMERR_PENDING ( 73 )
// Access is denied.
#define NMERR_ACCESS_DENIED ( 74 )
// The password handle is invalid.
#define NMERR_INVALID_HPASSWORD ( 75 )
// A bad parameter was detected.
#define NMERR_INVALID_PARAMETER ( 76 )
// An error occured reading the file.
#define NMERR_FILE_READ_ERROR ( 77 )
// An error occured writing to the file.
#define NMERR_FILE_WRITE_ERROR ( 78 )
// The protocol has not been registered
#define NMERR_PROTOCOL_NOT_REGISTERED ( 79 )
// The frame does not contain an IP address.
#define NMERR_IP_ADDRESS_NOT_FOUND ( 80 )
// The transmit request was cancelled.
#define NMERR_TRANSMIT_CANCELLED ( 81 )
// The operation cannot be performed on a capture with 1 or more locked frames.
#define NMERR_LOCKED_FRAMES ( 82 )
// A cancel transmit request was submitted but there were no transmits pending.
#define NMERR_NO_TRANSMITS_PENDING ( 83 )
// Path not found.
#define NMERR_PATH_NOT_FOUND ( 84 )
// A windows error has occured.
#define NMERR_WINDOWS_ERROR ( 85 )
// The handle to the frame has no frame number.
#define NMERR_NO_FRAME_NUMBER ( 86 )
// The frame is not associated with any capture.
#define NMERR_FRAME_HAS_NO_CAPTURE ( 87 )
// The frame is already associated with a capture.
#define NMERR_FRAME_ALREADY_HAS_CAPTURE ( 88 )
// The NAL is not remotable.
#define NMERR_NAL_IS_NOT_REMOTE ( 89 )
// The API is not supported
#define NMERR_NOT_SUPPORTED ( 90 )
// Network Monitor should discard the current frame.
// This error code is only used during a filtered SaveCapture() API call.
#define NMERR_DISCARD_FRAME ( 91 )
// Network Monitor should cancel the current save.
// This error code is only used during a filtered SaveCapture() API call.
#define NMERR_CANCEL_SAVE_CAPTURE ( 92 )
// The connection to the remote machine has been lost
#define NMERR_LOST_CONNECTION ( 93 )
// The media/mac type is not valid.
#define NMERR_INVALID_MEDIA_TYPE ( 94 )
// The Remote Agent is currently in use
#define NMERR_AGENT_IN_USE ( 95 )
// The request has timed out
#define NMERR_TIMEOUT ( 96 )
// The remote agent has been disconnected
#define NMERR_DISCONNECTED ( 97 )
// A timer required for operation failed creation
#define NMERR_SETTIMER_FAILED ( 98 )
// A network error occured.
#define NMERR_NETWORK_ERROR ( 99 )
// Frame callback procedure is not valid
#define NMERR_INVALID_FRAMESPROC ( 100 )
// Capture type specified is unknown
#define NMERR_UNKNOWN_CAPTURETYPE ( 101 )
// The NPP is not connected to a network.
#define NMERR_NOT_CONNECTED ( 102 )
// The NPP is already connected to a network.
#define NMERR_ALREADY_CONNECTED ( 103 )
// The registry tag does not indicate a known configuration.
#define NMERR_INVALID_REGISTRY_CONFIGURATION ( 104 )
// The NPP is currently configured for delayed capturing.
#define NMERR_DELAYED ( 105 )
// The NPP is not currently configured for delayed capturing.
#define NMERR_NOT_DELAYED ( 106 )
// The NPP is currently configured for real time capturing.
#define NMERR_REALTIME ( 107 )
// The NPP is not currently configured for real time capturing.
#define NMERR_NOT_REALTIME ( 108 )
// The NPP is currently configured for stats only capturing.
#define NMERR_STATS_ONLY ( 109 )
// The NPP is not currently configured for stats only capturing.
#define NMERR_NOT_STATS_ONLY ( 110 )
// The NPP is currently configured for transmitting.
#define NMERR_TRANSMIT ( 111 )
// The NPP is not currently configured for transmitting.
#define NMERR_NOT_TRANSMIT ( 112 )
// The NPP is currently transmitting
#define NMERR_TRANSMITTING ( 113 )
// The specified capture file hard disk is not local
#define NMERR_DISK_NOT_LOCAL_FIXED ( 114 )
// Could not create the default capture directory on the given disk
#define NMERR_COULD_NOT_CREATE_DIRECTORY ( 115 )
// The default capture directory was not set in the registry:
// HKEY_LOCAL_MACHINESystemCurrentControlSetServicesnmParametersCapturePath
#define NMERR_NO_DEFAULT_CAPTURE_DIRECTORY ( 116 )
// The capture file is an uplevel version that this netmon does not understand
#define NMERR_UPLEVEL_CAPTURE_FILE ( 117 )
// An expert failed to load.
#define NMERR_LOAD_EXPERT_FAILED ( 118 )
// An expert failed to report its EXPERT_INFO structs.
#define NMERR_EXPERT_REPORT_FAILED ( 119 )
// Registry API call failed.
#define NMERR_REG_OPERATION_FAILED ( 120 )
// Registry API call failed.
#define NMERR_NO_DLLS_FOUND ( 121 )
// There are no conversation stats, they were not asked for.
#define NMERR_NO_CONVERSATION_STATS ( 122 )
// We have received a security response packet from a security monitor.
#define NMERR_SECURITY_BREACH_CAPTURE_DELETED ( 123 )
// The given frame failed the display filter.
#define NMERR_FRAME_FAILED_FILTER ( 124 )
// Netmon wants the Expert to stop running.
#define NMERR_EXPERT_TERMINATE ( 125 )
// Netmon needs the remote machine to be a server.
#define NMERR_REMOTE_NOT_A_SERVER ( 126 )
// Netmon needs the remote machine to be a server.
#define NMERR_REMOTE_VERSION_OUTOFSYNC ( 127 )
// The supplied group is an invalid handle
#define NMERR_INVALID_EXPERT_GROUP ( 128 )
// The supplied expert name cannot be found
#define NMERR_INVALID_EXPERT_NAME ( 129 )
// The supplied expert name cannot be found
#define NMERR_INVALID_EXPERT_HANDLE ( 130 )
// The supplied group name already exists
#define NMERR_GROUP_NAME_ALREADY_EXISTS ( 131 )
// The supplied group name is invalid
#define NMERR_INVALID_GROUP_NAME ( 132 )
// The supplied Expert is already in the group.
#define NMERR_EXPERT_ALREADY_IN_GROUP ( 133 )
// The Expert cannot be deleted from the group because it is not in the group
#define NMERR_EXPERT_NOT_IN_GROUP ( 134 )
// The COM object has not been initialized
#define NMERR_NOT_INITIALIZED ( 135 )
// Cannot perform function to Root group
#define NMERR_INVALID_GROUP_ROOT ( 136 )
// Potential data structure mismatch between NdisNpp and Driver.
#define NMERR_BAD_VERSION ( 137 )
// The NPP is currently configured for ESP capturing.
#define NMERR_ESP ( 138 )
// The NPP is not currently configured for ESP capturing.
#define NMERR_NOT_ESP ( 139 )
//=============================================================================
// Blob Errors
//=============================================================================
#define NMERR_BLOB_NOT_INITIALIZED ( 1000 )
#define NMERR_INVALID_BLOB ( 1001 )
#define NMERR_UPLEVEL_BLOB ( 1002 )
#define NMERR_BLOB_ENTRY_ALREADY_EXISTS ( 1003 )
#define NMERR_BLOB_ENTRY_DOES_NOT_EXIST ( 1004 )
#define NMERR_AMBIGUOUS_SPECIFIER ( 1005 )
#define NMERR_BLOB_OWNER_NOT_FOUND ( 1006 )
#define NMERR_BLOB_CATEGORY_NOT_FOUND ( 1007 )
#define NMERR_UNKNOWN_CATEGORY ( 1008 )
#define NMERR_UNKNOWN_TAG ( 1009 )
#define NMERR_BLOB_CONVERSION_ERROR ( 1010 )
#define NMERR_ILLEGAL_TRIGGER ( 1011 )
#define NMERR_BLOB_STRING_INVALID ( 1012 )
//=============================================================================
// FINDER errors
//=============================================================================
#define NMERR_UNABLE_TO_LOAD_LIBRARY ( 1013 )
#define NMERR_UNABLE_TO_GET_PROCADDR ( 1014 )
#define NMERR_CLASS_NOT_REGISTERED ( 1015 )
#define NMERR_INVALID_REMOTE_COMPUTERNAME ( 1016 )
#define NMERR_RPC_REMOTE_FAILURE ( 1017 )
#define NMERR_NO_NPPS ( 3016 )
#define NMERR_NO_MATCHING_NPPS ( 3017 )
#define NMERR_NO_NPP_SELECTED ( 3018 )
#define NMERR_NO_INPUT_BLOBS ( 3019 )
#define NMERR_NO_NPP_DLLS ( 3020 )
#define NMERR_NO_VALID_NPP_DLLS ( 3021 )
//=============================================================================
// Monitor errors
//=============================================================================
#define NMERR_INVALID_LIST_INDEX ( 2000 )
#define NMERR_INVALID_MONITOR ( 2001 )
#define NMERR_INVALID_MONITOR_DLL ( 2002 )
#define NMERR_UNABLE_TO_CREATE_MONITOR ( 2003 )
#define NMERR_INVALID_MONITOR_CONFIG ( 2005 )
#define NMERR_INVALID_INDEX ( 2006 )
#define NMERR_MONITOR_ENABLED ( 2007 )
#define NMERR_MONITOR_NOT_RUNNING ( 2008 )
#define NMERR_MONITOR_IS_BUSY ( 2009 )
#define NMERR_MCS_IS_BUSY ( 2010 )
#define NMERR_NO_MONITORS ( 2011 )
#define NMERR_ONE_MONITOR_PER_NETCARD ( 2012 )
#define NMERR_CONFIGURATION_REQUIRED ( 2013 )
#define NMERR_MONITOR_NOT_CONNECTED ( 2014 )
#define NMERR_MONITOR_NOT_CONFIGURED ( 2015 )
#define NMERR_MONITOR_CONFIG_FAILED ( 2016 )
#define NMERR_MONITOR_INIT_FAILED ( 2017 )
#define NMERR_MONITOR_FAULTED ( 2018 )
#define NMERR_SAVE_ALL_FAILED ( 2019 )
#define NMERR_SAVE_MONITOR_FAILED ( 2029 )
#define NMERR_MONITOR_CONNECT_FAILED ( 2021 )
#define NMERR_MONITOR_START_FAILED ( 2022 )
#define NMERR_MONITOR_STOP_FAILED ( 2023 )
//=============================================================================
// Error Macros
//=============================================================================
#ifndef INLINE
#define INLINE __inline
#endif // INLINE
typedef LONG HRESULT;
// normal Network Monitor errors will be put into the code portion of an hresult
// for return from OLE objects:
// these two macros will help to create and crack the scode
INLINE HRESULT NMERR_TO_HRESULT( DWORD nmerror )
{
HRESULT hResult;
if (nmerror == NMERR_SUCCESS)
hResult = NOERROR;
else
hResult = MAKE_HRESULT( SEVERITY_ERROR,FACILITY_ITF, (WORD)nmerror) ;
return hResult;
}
//We use to decide whether the first bit was set to 1 or 0, not regarding
//whether the result passed with a warning set in the low word. Now we
//disregard the first bit and pass back the warning.
INLINE DWORD HRESULT_TO_NMERR( HRESULT hResult )
{
return HRESULT_CODE(hResult);
}
//=============================================================================
//=============================================================================
// (BHFilter.h)
//=============================================================================
//=============================================================================
//============================================================================
// types
//============================================================================
typedef HFILTER *LPHFILTER;
typedef DWORD FILTERACTIONTYPE;
typedef DWORD VALUETYPE;
// check for protocols existing in the frame.
// ProtocolPart
// this is the raw data for a Protocol based expression
//
// WHAT FIELD DESCRIPTION EXAMPLE
// ---- ----- ----------- -------
// Count of Protocol(nPropertyDBs) Number of protocols to pass 5
// PropertyDB Table (PropertyDB) Table of HPROTOCOL SMB, LLC, MAC
//
// NOTE: the nPropertyDBs field may also be the following, which implies that
// all are selected but that none have actually been put into the structure
#define PROTOCOL_NUM_ANY ( -1 )
typedef PROTOCOLTABLE PROTOCOLTABLETYPE;
typedef PROTOCOLTABLETYPE *LPPROTOCOLTABLETYPE;
// filter bits stores who passed what filter per frame to speed up
// the filter process... This is actually an array.
typedef DWORD FILTERBITS;
typedef FILTERBITS *LPFILTERBITS;
typedef SYSTEMTIME *LPTIME;
typedef SYSTEMTIME UNALIGNED * ULPTIME;
// The Filter Object is the basic unit of the postfix stack.
// I need to restart the convert property to value if the comparison does not match.
// To do this, I need the original pointer to the property. Pull the hProperty out of
// the union so that the pointer to the property is saved.
typedef struct _FILTEROBJECT
{
FILTERACTIONTYPE Action; // Object action, see codes below
HPROPERTY hProperty; // property key
union
{
VALUETYPE Value; // value of the object.
HPROTOCOL hProtocol; // protocol key.
LPVOID lpArray; // if array, length is ItemCount below.
LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.
LPADDRESS lpAddress; // kernel type address, mac or ip
ULPLARGEINT lpLargeInt; // Double DWORD used by NT
ULPTIME lpTime; // pointer to SYSTEMTIME
LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER
};
union
{
WORD ByteCount; // Number of BYTES!
WORD ByteOffset; // offset for array compare
};
struct _FILTEROBJECT * pNext; // reserved
} FILTEROBJECT;
typedef FILTEROBJECT * LPFILTEROBJECT;
#define FILTERINFO_SIZE (sizeof(FILTEROBJECT) )
typedef struct _FILTERDESC
{
WORD NumEntries;
WORD Flags; // private
LPFILTEROBJECT lpStack;
LPFILTEROBJECT lpKeepLast;
LPVOID UIInstanceData; // UI specific information.
LPFILTERBITS lpFilterBits; // cache who passed
LPFILTERBITS lpCheckBits; // have we looked at it yet?
} FILTERDESC;
typedef FILTERDESC * LPFILTERDESC;
#define FILTERDESC_SIZE sizeof(FILTERDESC)
//============================================================================
// Macros.
//============================================================================
#define FilterGetUIInstanceData(hfilt) (((LPFILTERDESC)hfilt)->UIInstanceData)
#define FilterSetUIInstanceData(hfilt,inst) (((LPFILTERDESC)hfilt)->UIInstanceData = (LPVOID)inst)
//============================================================================
// defines
//============================================================================
#define FILTERFREEPOOLSTART ( 20 )
#define INVALIDELEMENT ( -1 )
#define INVALIDVALUE ( ( VALUETYPE )-9999 )
// use filter failed to check the return code on FilterFrame.
#define FILTER_FAIL_WITH_ERROR ( -1 )
#define FILTER_PASSED ( TRUE )
#define FILTER_FAILED ( FALSE )
#define FILTERACTION_INVALID ( 0 )
#define FILTERACTION_PROPERTY ( 1 )
#define FILTERACTION_VALUE ( 2 )
#define FILTERACTION_STRING ( 3 )
#define FILTERACTION_ARRAY ( 4 )
#define FILTERACTION_AND ( 5 )
#define FILTERACTION_OR ( 6 )
#define FILTERACTION_XOR ( 7 )
#define FILTERACTION_PROPERTYEXIST ( 8 )
#define FILTERACTION_CONTAINSNC ( 9 )
#define FILTERACTION_CONTAINS ( 10 )
#define FILTERACTION_NOT ( 11 )
#define FILTERACTION_EQUALNC ( 12 )
#define FILTERACTION_EQUAL ( 13 )
#define FILTERACTION_NOTEQUALNC ( 14 )
#define FILTERACTION_NOTEQUAL ( 15 )
#define FILTERACTION_GREATERNC ( 16 )
#define FILTERACTION_GREATER ( 17 )
#define FILTERACTION_LESSNC ( 18 )
#define FILTERACTION_LESS ( 19 )
#define FILTERACTION_GREATEREQUALNC ( 20 )
#define FILTERACTION_GREATEREQUAL ( 21 )
#define FILTERACTION_LESSEQUALNC ( 22 )
#define FILTERACTION_LESSEQUAL ( 23 )
#define FILTERACTION_PLUS ( 24 )
#define FILTERACTION_MINUS ( 25 )
#define FILTERACTION_ADDRESS ( 26 )
#define FILTERACTION_ADDRESSANY ( 27 )
#define FILTERACTION_FROM ( 28 )
#define FILTERACTION_TO ( 29 )
#define FILTERACTION_FROMTO ( 30 )
#define FILTERACTION_AREBITSON ( 31 )
#define FILTERACTION_AREBITSOFF ( 32 )
#define FILTERACTION_PROTOCOLSEXIST ( 33 )
#define FILTERACTION_PROTOCOLEXIST ( 34 )
#define FILTERACTION_ARRAYEQUAL ( 35 )
#define FILTERACTION_DEREFPROPERTY ( 36 )
#define FILTERACTION_LARGEINT ( 37 )
#define FILTERACTION_TIME ( 38 )
#define FILTERACTION_ADDR_ETHER ( 39 )
#define FILTERACTION_ADDR_TOKEN ( 40 )
#define FILTERACTION_ADDR_FDDI ( 41 )
#define FILTERACTION_ADDR_IPX ( 42 )
#define FILTERACTION_ADDR_IP ( 43 )
#define FILTERACTION_OID ( 44 )
#define FILTERACTION_OID_CONTAINS ( 45 )
#define FILTERACTION_OID_BEGINS_WITH ( 46 )
#define FILTERACTION_OID_ENDS_WITH ( 47 )
#define FILTERACTION_ADDR_VINES ( 48 )
#define FILTERACTION_EXPRESSION ( 97 )
#define FILTERACTION_BOOL ( 98 )
#define FILTERACTION_NOEVAL ( 99 )
#define FILTER_NO_MORE_FRAMES ( 0xffffffff )
#define FILTER_CANCELED ( 0xfffffffe )
#define FILTER_DIRECTION_NEXT ( TRUE )
#define FILTER_DIRECTION_PREV ( FALSE )
//============================================================================
// Helper functions.
//============================================================================
typedef BOOL (WINAPI *STATUSPROC)(DWORD, HCAPTURE, HFILTER, LPVOID);
//=============================================================================
// FILTER API's.
//=============================================================================
HFILTER WINAPI CreateFilter(VOID);
DWORD WINAPI DestroyFilter(HFILTER hFilter);
HFILTER WINAPI FilterDuplicate(HFILTER hFilter);
DWORD WINAPI DisableParserFilter(HFILTER hFilter, HPARSER hParser);
DWORD WINAPI EnableParserFilter(HFILTER hFilter, HPARSER hParser);
DWORD WINAPI FilterAddObject(HFILTER hFilter, LPFILTEROBJECT lpFilterObject );
VOID WINAPI FilterFlushBits(HFILTER hFilter);
DWORD WINAPI FilterFrame(HFRAME hFrame, HFILTER hFilter, HCAPTURE hCapture);
// returns -1 == check BH set last error
// 0 == FALSE
// 1 == TRUE
BOOL WINAPI FilterAttachesProperties(HFILTER hFilter);
DWORD WINAPI FilterFindFrame ( HFILTER hFilter,
HCAPTURE hCapture,
DWORD nFrame,
STATUSPROC StatusProc,
LPVOID UIInstance,
DWORD TimeDelta,
BOOL FilterDirection );
HFRAME FilterFindPropertyInstance ( HFRAME hFrame,
HFILTER hMasterFilter,
HCAPTURE hCapture,
HFILTER hInstanceFilter,
LPPROPERTYINST *lpPropRestartKey,
STATUSPROC StatusProc,
LPVOID UIInstance,
DWORD TimeDelta,
BOOL FilterForward );
VOID WINAPI SetCurrentFilter(HFILTER);
HFILTER WINAPI GetCurrentFilter(VOID);
//=============================================================================
//=============================================================================
// (Frame.h)
//=============================================================================
//=============================================================================
//=============================================================================
// 802.3 and ETHERNET MAC structure.
//=============================================================================
typedef struct _ETHERNET
{
BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
union
{
WORD Length; //... 802.3 length field.
WORD Type; //... Ethernet type field.
};
BYTE Info[0]; //... information field.
} ETHERNET;
typedef ETHERNET *LPETHERNET;
typedef ETHERNET UNALIGNED *ULPETHERNET;
#define ETHERNET_SIZE sizeof(ETHERNET)
#define ETHERNET_HEADER_LENGTH ( 14 )
#define ETHERNET_DATA_LENGTH ( 0x5dc )