5491 lines
236 KiB
Plaintext
5491 lines
236 KiB
Plaintext
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Microsoft (R) Network Monitor (tm). ")
|
|
cpp_quote("// Copyright (C) Microsoft Corporation. All rights reserved.")
|
|
cpp_quote("//")
|
|
cpp_quote("// MODULE: netmon.h")
|
|
cpp_quote("//")
|
|
cpp_quote("// This is the consolidated include file for all Network Monitor components.")
|
|
cpp_quote("//")
|
|
cpp_quote("// It contains the contents of these files from previous SDKs:")
|
|
cpp_quote("//")
|
|
cpp_quote("// NPPTypes.h")
|
|
cpp_quote("// NMEvent.h (previously Event.h)")
|
|
cpp_quote("// NMmcs.h (previously mcs.h)")
|
|
cpp_quote("// NMmonitor.h (previously monitor.h)")
|
|
cpp_quote("// Finder.h")
|
|
cpp_quote("// NMSupp.h")
|
|
cpp_quote("// BHTypes.h")
|
|
cpp_quote("// NMErr.h")
|
|
cpp_quote("// BHFilter.h")
|
|
cpp_quote("// Frame.h")
|
|
cpp_quote("// Parser.h")
|
|
cpp_quote("// IniLib.h")
|
|
cpp_quote("// NMExpert.h (previously Expert.h)")
|
|
cpp_quote("// Netmon.h (previously bh.h)")
|
|
cpp_quote("// NMBlob.h (previously blob.h)")
|
|
cpp_quote("// NMRegHelp.h (previously reghelp.h)")
|
|
cpp_quote("// NMIpStructs.h (previously IpStructs.h)")
|
|
cpp_quote("// NMIcmpStructs.h (previously IcmpStructs.h)")
|
|
cpp_quote("// NMIpxStructs.h (previously IpxStructs.h)")
|
|
cpp_quote("// NMTcpStructs.h (previously TcpStructs.h)")
|
|
cpp_quote("//")
|
|
cpp_quote("// IDelaydC.idl")
|
|
cpp_quote("// IESP.idl")
|
|
cpp_quote("// IRTC.idl")
|
|
cpp_quote("// IStats.idl")
|
|
cpp_quote("//")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
import "unknwn.idl";
|
|
cpp_quote("#include <winerror.h>")
|
|
//cpp_quote("#include <tchar.h>")
|
|
|
|
// this first part is so that the idl file gets the proper packing
|
|
#ifdef _X86_
|
|
#pragma pack(1)
|
|
#else
|
|
#pragma pack()
|
|
#endif
|
|
cpp_quote("// For backward compatability with old SDK versions, all structures within this header")
|
|
cpp_quote("// file will be byte packed on x86 platforms. All other platforms will only have those")
|
|
cpp_quote("// structures that will be used to decode network data packed.")
|
|
|
|
// this next part is so that the resultant header file will be correct regardless of
|
|
// which platform the idl file was compiled for
|
|
cpp_quote("#ifdef _X86_")
|
|
cpp_quote("#pragma pack(1)")
|
|
cpp_quote("#else")
|
|
cpp_quote("#pragma pack()")
|
|
cpp_quote("#endif")
|
|
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// yes we know that many of our structures have:")
|
|
cpp_quote("// warning C4200: nonstandard extension used : zero-sized array in struct/union")
|
|
cpp_quote("// this is OK and intended")
|
|
#pragma warning(disable:4200)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NPPTypes.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// normally MAX_PATH is not defined for our MIDL builds
|
|
#ifndef MAX_PATH
|
|
#define MAX_PATH 260
|
|
#endif
|
|
|
|
#ifndef LPBYTE
|
|
typedef BYTE *LPBYTE;
|
|
#endif //LPBYTE
|
|
|
|
typedef const void * HBLOB;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// General constants.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD MAC_TYPE_UNKNOWN = 0;
|
|
const DWORD MAC_TYPE_ETHERNET = 1;
|
|
const DWORD MAC_TYPE_TOKENRING = 2;
|
|
const DWORD MAC_TYPE_FDDI = 3;
|
|
const DWORD MAC_TYPE_ATM = 4;
|
|
const DWORD MAC_TYPE_1394 = 5;
|
|
|
|
const DWORD MACHINE_NAME_LENGTH = 16 ;
|
|
const DWORD USER_NAME_LENGTH = 32 ;
|
|
const DWORD ADAPTER_COMMENT_LENGTH = 32 ;
|
|
|
|
const DWORD CONNECTION_FLAGS_WANT_CONVERSATION_STATS =0x00000001;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Transmit statistics structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _TRANSMITSTATS
|
|
{
|
|
DWORD TotalFramesSent;
|
|
DWORD TotalBytesSent;
|
|
DWORD TotalTransmitErrors;
|
|
} TRANSMITSTATS;
|
|
typedef TRANSMITSTATS *LPTRANSMITSTATS;
|
|
const DWORD TRANSMITSTATS_SIZE =sizeof(TRANSMITSTATS);
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Statistics structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _STATISTICS
|
|
{
|
|
__int64 TimeElapsed; // in millionths of a second
|
|
|
|
//...Buffer statistics
|
|
DWORD TotalFramesCaptured;
|
|
DWORD TotalBytesCaptured;
|
|
|
|
//...Filtered statistics
|
|
DWORD TotalFramesFiltered;
|
|
DWORD TotalBytesFiltered;
|
|
DWORD TotalMulticastsFiltered;
|
|
DWORD TotalBroadcastsFiltered;
|
|
|
|
//...Overall statistics.
|
|
DWORD TotalFramesSeen;
|
|
DWORD TotalBytesSeen;
|
|
DWORD TotalMulticastsReceived;
|
|
DWORD TotalBroadcastsReceived;
|
|
DWORD TotalFramesDropped;
|
|
DWORD TotalFramesDroppedFromBuffer;
|
|
|
|
//... Statistics kept by MAC driver.
|
|
DWORD MacFramesReceived;
|
|
DWORD MacCRCErrors;
|
|
__int64 MacBytesReceivedEx;
|
|
DWORD MacFramesDropped_NoBuffers;
|
|
DWORD MacMulticastsReceived;
|
|
DWORD MacBroadcastsReceived;
|
|
DWORD MacFramesDropped_HwError;
|
|
} STATISTICS;
|
|
|
|
typedef STATISTICS *LPSTATISTICS;
|
|
|
|
const DWORD STATISTICS_SIZE =sizeof(STATISTICS);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Address structures")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// These structures are used to decode network data and so need to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
const DWORD MAX_NAME_SIZE =32;
|
|
const DWORD IP_ADDRESS_SIZE =4;
|
|
const DWORD MAC_ADDRESS_SIZE =6;
|
|
|
|
cpp_quote("// Q: What is the maximum address size that we could have to copy?")
|
|
cpp_quote("// A: IPX == DWORD + 6 bytes == 10")
|
|
const DWORD MAX_ADDRESS_SIZE =10;
|
|
|
|
const DWORD ADDRESS_TYPE_ETHERNET =0;
|
|
const DWORD ADDRESS_TYPE_IP =1;
|
|
const DWORD ADDRESS_TYPE_IPX =2;
|
|
const DWORD ADDRESS_TYPE_TOKENRING =3;
|
|
const DWORD ADDRESS_TYPE_FDDI =4;
|
|
|
|
const DWORD ADDRESS_TYPE_XNS =5;
|
|
const DWORD ADDRESS_TYPE_ANY =6;
|
|
const DWORD ADDRESS_TYPE_ANY_GROUP =7;
|
|
const DWORD ADDRESS_TYPE_FIND_HIGHEST =8;
|
|
const DWORD ADDRESS_TYPE_VINES_IP =9;
|
|
const DWORD ADDRESS_TYPE_LOCAL_ONLY =10;
|
|
const DWORD ADDRESS_TYPE_ATM =11;
|
|
const DWORD ADDRESS_TYPE_1394 =12;
|
|
|
|
|
|
const DWORD ADDRESSTYPE_FLAGS_NORMALIZE =0x0001 ;
|
|
const DWORD ADDRESSTYPE_FLAGS_BIT_REVERSE =0x0002 ;
|
|
|
|
cpp_quote("// Vines IP Address Structure")
|
|
typedef struct _VINES_IP_ADDRESS
|
|
{
|
|
DWORD NetID;
|
|
WORD SubnetID;
|
|
|
|
} VINES_IP_ADDRESS;
|
|
typedef VINES_IP_ADDRESS *LPVINES_IP_ADDRESS;
|
|
const DWORD VINES_IP_ADDRESS_SIZE =sizeof(VINES_IP_ADDRESS);
|
|
|
|
cpp_quote("// IPX Address Structure")
|
|
typedef struct _IPX_ADDR
|
|
{
|
|
BYTE Subnet[4];
|
|
BYTE Address[6];
|
|
|
|
} IPX_ADDR;
|
|
typedef IPX_ADDR *LPIPX_ADDR;
|
|
const DWORD IPX_ADDR_SIZE =sizeof(IPX_ADDR);
|
|
|
|
cpp_quote("// XNS Address Structure")
|
|
typedef IPX_ADDR XNS_ADDRESS;
|
|
typedef IPX_ADDR *LPXNS_ADDRESS;
|
|
|
|
// structure contains a bitfield, so must cpp_quote
|
|
cpp_quote("// ETHERNET SOURCE ADDRESS")
|
|
cpp_quote("typedef struct _ETHERNET_SRC_ADDRESS")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE RoutingBit: 1;")
|
|
cpp_quote(" BYTE LocalBit: 1;")
|
|
cpp_quote(" BYTE Byte0: 6;")
|
|
cpp_quote(" BYTE Reserved[5];")
|
|
cpp_quote("")
|
|
cpp_quote("} ETHERNET_SRC_ADDRESS;")
|
|
cpp_quote("typedef ETHERNET_SRC_ADDRESS *LPETHERNET_SRC_ADDRESS;")
|
|
|
|
// structure contains a bitfield, so must cpp_quote
|
|
cpp_quote("// ETHERNET DESTINATION ADDRESS")
|
|
cpp_quote("typedef struct _ETHERNET_DST_ADDRESS")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE GroupBit: 1;")
|
|
cpp_quote(" BYTE AdminBit: 1;")
|
|
cpp_quote(" BYTE Byte0: 6;")
|
|
cpp_quote(" BYTE Reserved[5];")
|
|
cpp_quote("} ETHERNET_DST_ADDRESS;")
|
|
cpp_quote("typedef ETHERNET_DST_ADDRESS *LPETHERNET_DST_ADDRESS;")
|
|
cpp_quote("")
|
|
cpp_quote("// FDDI addresses")
|
|
cpp_quote("typedef ETHERNET_SRC_ADDRESS FDDI_SRC_ADDRESS;")
|
|
cpp_quote("typedef ETHERNET_DST_ADDRESS FDDI_DST_ADDRESS;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef FDDI_SRC_ADDRESS *LPFDDI_SRC_ADDRESS;")
|
|
cpp_quote("typedef FDDI_DST_ADDRESS *LPFDDI_DST_ADDRESS;")
|
|
cpp_quote("")
|
|
|
|
// structure contains a bitfield, so must cpp_quote
|
|
cpp_quote("// TOKENRING Source Address")
|
|
cpp_quote("typedef struct _TOKENRING_SRC_ADDRESS")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE Byte0: 6;")
|
|
cpp_quote(" BYTE LocalBit: 1;")
|
|
cpp_quote(" BYTE RoutingBit: 1;")
|
|
cpp_quote(" BYTE Byte1;")
|
|
cpp_quote(" BYTE Byte2: 7;")
|
|
cpp_quote(" BYTE Functional: 1;")
|
|
cpp_quote(" BYTE Reserved[3];")
|
|
cpp_quote("} TOKENRING_SRC_ADDRESS;")
|
|
cpp_quote("typedef TOKENRING_SRC_ADDRESS *LPTOKENRING_SRC_ADDRESS;")
|
|
cpp_quote("")
|
|
|
|
// structure contains a bitfield, so must cpp_quote
|
|
cpp_quote("// TOKENRING Destination Address")
|
|
cpp_quote("typedef struct _TOKENRING_DST_ADDRESS")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE Byte0: 6;")
|
|
cpp_quote(" BYTE AdminBit: 1;")
|
|
cpp_quote(" BYTE GroupBit: 1;")
|
|
cpp_quote(" BYTE Reserved[5];")
|
|
cpp_quote("} TOKENRING_DST_ADDRESS;")
|
|
cpp_quote("typedef TOKENRING_DST_ADDRESS *LPTOKENRING_DST_ADDRESS;")
|
|
|
|
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("// Address Structure")
|
|
cpp_quote("typedef struct _ADDRESS")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD Type;")
|
|
cpp_quote("")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" // ADDRESS_TYPE_ETHERNET")
|
|
cpp_quote(" // ADDRESS_TYPE_TOKENRING")
|
|
cpp_quote(" // ADDRESS_TYPE_FDDI")
|
|
cpp_quote(" BYTE MACAddress[MAC_ADDRESS_SIZE];")
|
|
cpp_quote("")
|
|
cpp_quote(" // IP")
|
|
cpp_quote(" BYTE IPAddress[IP_ADDRESS_SIZE];")
|
|
cpp_quote("")
|
|
cpp_quote(" // raw IPX")
|
|
cpp_quote(" BYTE IPXRawAddress[IPX_ADDR_SIZE];")
|
|
cpp_quote("")
|
|
cpp_quote(" // real IPX")
|
|
cpp_quote(" IPX_ADDR IPXAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // raw Vines IP")
|
|
cpp_quote(" BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];")
|
|
cpp_quote("")
|
|
cpp_quote(" // real Vines IP")
|
|
cpp_quote(" VINES_IP_ADDRESS VinesIPAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // ethernet with bits defined")
|
|
cpp_quote(" ETHERNET_SRC_ADDRESS EthernetSrcAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // ethernet with bits defined")
|
|
cpp_quote(" ETHERNET_DST_ADDRESS EthernetDstAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // tokenring with bits defined")
|
|
cpp_quote(" TOKENRING_SRC_ADDRESS TokenringSrcAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // tokenring with bits defined")
|
|
cpp_quote(" TOKENRING_DST_ADDRESS TokenringDstAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // fddi with bits defined")
|
|
cpp_quote(" FDDI_SRC_ADDRESS FddiSrcAddress;")
|
|
cpp_quote("")
|
|
cpp_quote(" // fddi with bits defined")
|
|
cpp_quote(" FDDI_DST_ADDRESS FddiDstAddress;")
|
|
cpp_quote(" };")
|
|
cpp_quote(" ")
|
|
cpp_quote(" WORD Flags;")
|
|
cpp_quote("} ADDRESS;")
|
|
cpp_quote("typedef ADDRESS *LPADDRESS;")
|
|
cpp_quote("#define ADDRESS_SIZE sizeof(ADDRESS)")
|
|
cpp_quote("")
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Address Pair Structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD ADDRESS_FLAGS_MATCH_DST =0x0001;
|
|
const DWORD ADDRESS_FLAGS_MATCH_SRC =0x0002;
|
|
const DWORD ADDRESS_FLAGS_EXCLUDE =0x0004;
|
|
const DWORD ADDRESS_FLAGS_DST_GROUP_ADDR =0x0008;
|
|
|
|
const DWORD ADDRESS_FLAGS_MATCH_BOTH =0x0003;
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("typedef struct _ADDRESSPAIR")
|
|
cpp_quote("{")
|
|
cpp_quote(" WORD AddressFlags;")
|
|
cpp_quote(" WORD NalReserved;")
|
|
cpp_quote(" ADDRESS DstAddress;")
|
|
cpp_quote(" ADDRESS SrcAddress;")
|
|
cpp_quote("")
|
|
cpp_quote("} ADDRESSPAIR;")
|
|
cpp_quote("typedef ADDRESSPAIR *LPADDRESSPAIR;")
|
|
cpp_quote("#define ADDRESSPAIR_SIZE sizeof(ADDRESSPAIR)")
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Address table.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD MAX_ADDRESS_PAIRS =8;
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("typedef struct _ADDRESSTABLE")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD nAddressPairs;")
|
|
cpp_quote(" DWORD nNonMacAddressPairs;")
|
|
cpp_quote(" ADDRESSPAIR AddressPair[MAX_ADDRESS_PAIRS];")
|
|
cpp_quote("")
|
|
cpp_quote("} ADDRESSTABLE;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef ADDRESSTABLE *LPADDRESSTABLE;")
|
|
cpp_quote("#define ADDRESSTABLE_SIZE sizeof(ADDRESSTABLE)")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Network information.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD NETWORKINFO_FLAGS_PMODE_NOT_SUPPORTED =0x00000001;
|
|
|
|
const DWORD NETWORKINFO_FLAGS_REMOTE_NAL =0x00000004;
|
|
const DWORD NETWORKINFO_FLAGS_REMOTE_NAL_CONNECTED =0x00000008;
|
|
const DWORD NETWORKINFO_FLAGS_REMOTE_CARD =0x00000010;
|
|
const DWORD NETWORKINFO_FLAGS_RAS =0x00000020;
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("typedef struct _NETWORKINFO")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE PermanentAddr[6]; //... Permanent MAC address")
|
|
cpp_quote(" BYTE CurrentAddr[6]; //... Current MAC address")
|
|
cpp_quote(" ADDRESS OtherAddress; //... Other address supported (IP, IPX, etc...)")
|
|
cpp_quote(" DWORD LinkSpeed; //... Link speed in Mbits.")
|
|
cpp_quote(" DWORD MacType; //... Media type.")
|
|
cpp_quote(" DWORD MaxFrameSize; //... Max frame size allowed.")
|
|
cpp_quote(" DWORD Flags; //... Informational flags.")
|
|
cpp_quote(" DWORD TimestampScaleFactor; //... 1 = 1/1 ms, 10 = 1/10 ms, 100 = 1/100 ms, etc.")
|
|
cpp_quote(" BYTE NodeName[32]; //... Name of remote workstation.")
|
|
cpp_quote(" BOOL PModeSupported; //... Card claims to support P-Mode")
|
|
cpp_quote(" BYTE Comment[ADAPTER_COMMENT_LENGTH]; // Adapter comment field.")
|
|
cpp_quote("")
|
|
cpp_quote("} NETWORKINFO;")
|
|
cpp_quote("typedef NETWORKINFO *LPNETWORKINFO;")
|
|
cpp_quote("#define NETWORKINFO_SIZE sizeof(NETWORKINFO)")
|
|
const DWORD MINIMUM_FRAME_SIZE =32;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Pattern structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD MAX_PATTERN_LENGTH =16 ;
|
|
|
|
cpp_quote("// When set this flag will cause those frames which do NOT have the specified pattern")
|
|
cpp_quote("// in the proper stop to be kept.")
|
|
const DWORD PATTERN_MATCH_FLAGS_NOT =0x00000001;
|
|
|
|
// This flag was used in previous versions of Network Monitor and its value is therefore
|
|
// reserved for compatability reasons
|
|
const DWORD PATTERN_MATCH_FLAGS_RESERVED_1 =0x00000002;
|
|
|
|
cpp_quote("// When set this flag indicates that the user is not interested in a pattern match within ")
|
|
cpp_quote("// IP or IPX, but in the protocol that follows. The driver will ensure that the protocol")
|
|
cpp_quote("// given in OffsetBasis is there and then that the port in the fram matches the port given.")
|
|
cpp_quote("// It will then calculate the offset from the beginning of the protocol that follows IP or IPX.")
|
|
cpp_quote("// NOTE: This flag is ignored if it is used with any OffsetBasis other than ")
|
|
cpp_quote("// OFFSET_BASIS_RELATIVE_TO_IPX or OFFSET_BASIS_RELATIVE_TO_IP")
|
|
const DWORD PATTERN_MATCH_FLAGS_PORT_SPECIFIED =0x00000008;
|
|
|
|
|
|
cpp_quote("// The offset given is relative to the beginning of the frame. The ")
|
|
cpp_quote("// PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.")
|
|
const DWORD OFFSET_BASIS_RELATIVE_TO_FRAME =0;
|
|
|
|
cpp_quote("// The offset given is relative to the beginning of the Effective Protocol.")
|
|
cpp_quote("// The Effective Protocol is defined as the protocol that follows")
|
|
cpp_quote("// the last protocol that determines Etype/SAP. In normal terms this means ")
|
|
cpp_quote("// that the Effective Protocol will be IP, IPX, XNS, or any of their ilk.")
|
|
cpp_quote("// The PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.")
|
|
const DWORD OFFSET_BASIS_RELATIVE_TO_EFFECTIVE_PROTOCOL =1;
|
|
|
|
cpp_quote("// The offset given is relative to the beginning of IPX. If IPX is not present")
|
|
cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED")
|
|
cpp_quote("// flag is set then the offset is relative to the beginning of the protocol")
|
|
cpp_quote("// which follows IPX.")
|
|
const DWORD OFFSET_BASIS_RELATIVE_TO_IPX =2;
|
|
|
|
cpp_quote("// The offset given is relative to the beginning of IP. If IP is not present")
|
|
cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED")
|
|
cpp_quote("// flag is set then the offset is relative to the beginning of the protocol")
|
|
cpp_quote("// which follows IP.")
|
|
const DWORD OFFSET_BASIS_RELATIVE_TO_IP =3;
|
|
|
|
typedef union
|
|
{
|
|
BYTE IPPort;
|
|
WORD ByteSwappedIPXPort;
|
|
|
|
} GENERIC_PORT;
|
|
|
|
|
|
typedef struct _PATTERNMATCH
|
|
{
|
|
DWORD Flags;
|
|
BYTE OffsetBasis;
|
|
GENERIC_PORT Port;
|
|
WORD Offset;
|
|
WORD Length;
|
|
BYTE PatternToMatch[MAX_PATTERN_LENGTH];
|
|
|
|
} PATTERNMATCH;
|
|
typedef PATTERNMATCH *LPPATTERNMATCH;
|
|
const DWORD PATTERNMATCH_SIZE =sizeof(PATTERNMATCH);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Expression structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD MAX_PATTERNS =4;
|
|
|
|
typedef struct _ANDEXP
|
|
{
|
|
DWORD nPatternMatches;
|
|
PATTERNMATCH PatternMatch[MAX_PATTERNS];
|
|
|
|
} ANDEXP;
|
|
typedef ANDEXP *LPANDEXP;
|
|
const DWORD ANDEXP_SIZE =sizeof(ANDEXP);
|
|
|
|
typedef struct _EXPRESSION
|
|
{
|
|
DWORD nAndExps;
|
|
ANDEXP AndExp[MAX_PATTERNS];
|
|
|
|
} EXPRESSION;
|
|
typedef EXPRESSION *LPEXPRESSION;
|
|
const DWORD EXPRESSION_SIZE =sizeof(EXPRESSION);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Trigger.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const BYTE TRIGGER_TYPE_PATTERN_MATCH =1;
|
|
const BYTE TRIGGER_TYPE_BUFFER_CONTENT =2;
|
|
const BYTE TRIGGER_TYPE_PATTERN_MATCH_THEN_BUFFER_CONTENT =3;
|
|
const BYTE TRIGGER_TYPE_BUFFER_CONTENT_THEN_PATTERN_MATCH =4;
|
|
|
|
const DWORD TRIGGER_FLAGS_FRAME_RELATIVE =0x00000000 ;
|
|
const DWORD TRIGGER_FLAGS_DATA_RELATIVE =0x00000001 ;
|
|
|
|
const BYTE TRIGGER_ACTION_NOTIFY =0x00 ;
|
|
const BYTE TRIGGER_ACTION_STOP =0x02 ;
|
|
const BYTE TRIGGER_ACTION_PAUSE =0x03 ;
|
|
|
|
const DWORD TRIGGER_BUFFER_FULL_25_PERCENT =0 ;
|
|
const DWORD TRIGGER_BUFFER_FULL_50_PERCENT =1 ;
|
|
const DWORD TRIGGER_BUFFER_FULL_75_PERCENT =2 ;
|
|
const DWORD TRIGGER_BUFFER_FULL_100_PERCENT =3 ;
|
|
|
|
typedef struct _TRIGGER
|
|
{
|
|
BOOL TriggerActive; //... Whether trigger is running
|
|
BYTE TriggerType; //... Opcode of trigger
|
|
BYTE TriggerAction; //... Action to take when trigger occurs.
|
|
DWORD TriggerFlags; //... Trigger flags.
|
|
PATTERNMATCH TriggerPatternMatch; //... Trigger pattern match.
|
|
DWORD TriggerBufferSize; //... Trigger buffer size.
|
|
DWORD TriggerReserved; //... Set to all zeros - do not use
|
|
char TriggerCommandLine[MAX_PATH];
|
|
} TRIGGER;
|
|
typedef TRIGGER *LPTRIGGER;
|
|
const DWORD TRIGGER_SIZE =sizeof(TRIGGER);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Capture filter.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// Capture filter flags. By default all frames are rejected and")
|
|
cpp_quote("// Network Monitor enables them based on the CAPTUREFILTER flags")
|
|
cpp_quote("// defined below.")
|
|
|
|
const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS =0x0001;
|
|
const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES =0x0002;
|
|
const DWORD CAPTUREFILTER_FLAGS_TRIGGER =0x0004;
|
|
const DWORD CAPTUREFILTER_FLAGS_LOCAL_ONLY =0x0008;
|
|
cpp_quote("// throw away our internal comment frames")
|
|
const DWORD CAPTUREFILTER_FLAGS_DISCARD_COMMENTS =0x0010;
|
|
cpp_quote("// Keep SMT and Token Ring MAC frames")
|
|
const DWORD CAPTUREFILTER_FLAGS_KEEP_RAW =0x0020;
|
|
|
|
const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL =0x0003;
|
|
|
|
const DWORD BUFFER_FULL_25_PERCENT =0;
|
|
const DWORD BUFFER_FULL_50_PERCENT =1;
|
|
const DWORD BUFFER_FULL_75_PERCENT =2;
|
|
const DWORD BUFFER_FULL_100_PERCENT =3;
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("typedef struct _CAPTUREFILTER")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD FilterFlags; ")
|
|
cpp_quote(" LPBYTE lpSapTable; ")
|
|
cpp_quote(" LPWORD lpEtypeTable; ")
|
|
cpp_quote(" WORD nSaps; ")
|
|
cpp_quote(" WORD nEtypes; ")
|
|
cpp_quote(" LPADDRESSTABLE AddressTable; ")
|
|
cpp_quote(" EXPRESSION FilterExpression; ")
|
|
cpp_quote(" TRIGGER Trigger; ")
|
|
cpp_quote(" DWORD nFrameBytesToCopy;")
|
|
cpp_quote(" DWORD Reserved;")
|
|
cpp_quote("")
|
|
cpp_quote("} CAPTUREFILTER;")
|
|
cpp_quote("typedef CAPTUREFILTER *LPCAPTUREFILTER;")
|
|
cpp_quote("#define CAPTUREFILTER_SIZE sizeof(CAPTUREFILTER)")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Frame type.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// this structure may not be cpp_quoted as it is used in itransmt.idl
|
|
// (However its length used to be 0).
|
|
cpp_quote("// TimeStamp is in 1/1,000,000th seconds.")
|
|
typedef struct _FRAME
|
|
{
|
|
__int64 TimeStamp;
|
|
DWORD FrameLength;
|
|
DWORD nBytesAvail;
|
|
[size_is(nBytesAvail)] BYTE MacFrame[*];
|
|
|
|
} FRAME;
|
|
typedef FRAME *LPFRAME;
|
|
cpp_quote("typedef FRAME UNALIGNED *ULPFRAME;")
|
|
const DWORD FRAME_SIZE =sizeof(FRAME);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Frame descriptor type.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const BYTE LOW_PROTOCOL_IPX =OFFSET_BASIS_RELATIVE_TO_IPX;
|
|
const BYTE LOW_PROTOCOL_IP =OFFSET_BASIS_RELATIVE_TO_IP;
|
|
const BYTE LOW_PROTOCOL_UNKNOWN =((BYTE)-1);
|
|
|
|
typedef struct _FRAME_DESCRIPTOR
|
|
{
|
|
[size_is(FrameLength)] LPBYTE FramePointer;
|
|
__int64 TimeStamp;
|
|
DWORD FrameLength;
|
|
DWORD nBytesAvail;
|
|
WORD Etype;
|
|
BYTE Sap;
|
|
BYTE LowProtocol;
|
|
WORD LowProtocolOffset;
|
|
|
|
[switch_is(LowProtocol)] union
|
|
{
|
|
[default]
|
|
WORD Reserved;
|
|
|
|
[case(LOW_PROTOCOL_IP)]
|
|
BYTE IPPort;
|
|
|
|
[case(LOW_PROTOCOL_IPX)]
|
|
WORD ByteSwappedIPXPort;
|
|
|
|
} HighPort;
|
|
|
|
WORD HighProtocolOffset;
|
|
|
|
} FRAME_DESCRIPTOR;
|
|
typedef FRAME_DESCRIPTOR *LPFRAME_DESCRIPTOR;
|
|
const DWORD FRAME_DESCRIPTOR_SIZE =sizeof(FRAME_DESCRIPTOR);
|
|
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Frame descriptor table.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// this structure may not be cpp_quoted as it is used in UPDATE_EVENT
|
|
// (Besides, the array's length has always been 1)
|
|
typedef struct _FRAMETABLE
|
|
{
|
|
DWORD FrameTableLength;
|
|
DWORD StartIndex;
|
|
DWORD EndIndex;
|
|
DWORD FrameCount;
|
|
[size_is(FrameTableLength)] FRAME_DESCRIPTOR Frames[*];
|
|
|
|
} FRAMETABLE;
|
|
|
|
typedef FRAMETABLE *LPFRAMETABLE;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Station statistics.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const WORD STATIONSTATS_FLAGS_INITIALIZED =0x0001;
|
|
const WORD STATIONSTATS_FLAGS_EVENTPOSTED =0x0002;
|
|
|
|
const DWORD STATIONSTATS_POOL_SIZE =100;
|
|
|
|
typedef struct _STATIONSTATS
|
|
{
|
|
DWORD NextStationStats;
|
|
DWORD SessionPartnerList;
|
|
DWORD Flags;
|
|
BYTE StationAddress[6];
|
|
WORD Pad;
|
|
DWORD TotalPacketsReceived;
|
|
DWORD TotalDirectedPacketsSent;
|
|
DWORD TotalBroadcastPacketsSent;
|
|
DWORD TotalMulticastPacketsSent;
|
|
DWORD TotalBytesReceived;
|
|
DWORD TotalBytesSent;
|
|
|
|
} STATIONSTATS;
|
|
typedef STATIONSTATS * LPSTATIONSTATS;
|
|
const DWORD STATIONSTATS_SIZE =sizeof(STATIONSTATS);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Session statistics.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
|
|
const WORD SESSION_FLAGS_INITIALIZED =0x0001;
|
|
const WORD SESSION_FLAGS_EVENTPOSTED =0x0002;
|
|
|
|
const DWORD SESSION_POOL_SIZE =100;
|
|
|
|
typedef struct _SESSIONSTATS
|
|
{
|
|
DWORD NextSession;
|
|
DWORD StationOwner;
|
|
DWORD StationPartner;
|
|
DWORD Flags;
|
|
DWORD TotalPacketsSent;
|
|
|
|
} SESSIONSTATS;
|
|
typedef SESSIONSTATS * LPSESSIONSTATS;
|
|
const DWORD SESSIONSTATS_SIZE =sizeof(SESSIONSTATS);
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Station Query")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// These structures are used to decode network data and so need to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
const DWORD STATIONQUERY_FLAGS_LOADED =0x0001;
|
|
const DWORD STATIONQUERY_FLAGS_RUNNING =0x0002;
|
|
const DWORD STATIONQUERY_FLAGS_CAPTURING =0x0004;
|
|
const DWORD STATIONQUERY_FLAGS_TRANSMITTING =0x0008;
|
|
|
|
const BYTE STATIONQUERY_VERSION_MINOR =0x01;
|
|
const BYTE STATIONQUERY_VERSION_MAJOR =0x02;
|
|
|
|
typedef struct _OLDSTATIONQUERY
|
|
{
|
|
DWORD Flags;
|
|
BYTE BCDVerMinor;
|
|
BYTE BCDVerMajor;
|
|
DWORD LicenseNumber;
|
|
BYTE MachineName[MACHINE_NAME_LENGTH];
|
|
BYTE UserName[USER_NAME_LENGTH];
|
|
BYTE Reserved[32];
|
|
BYTE AdapterAddress[6];
|
|
|
|
} OLDSTATIONQUERY;
|
|
typedef OLDSTATIONQUERY *LPOLDSTATIONQUERY;
|
|
const DWORD OLDSTATIONQUERY_SIZE =sizeof(OLDSTATIONQUERY);
|
|
|
|
typedef struct _STATIONQUERY
|
|
{
|
|
DWORD Flags;
|
|
BYTE BCDVerMinor;
|
|
BYTE BCDVerMajor;
|
|
DWORD LicenseNumber;
|
|
BYTE MachineName[MACHINE_NAME_LENGTH];
|
|
BYTE UserName[USER_NAME_LENGTH];
|
|
BYTE Reserved[32];
|
|
BYTE AdapterAddress[6];
|
|
WCHAR WMachineName[MACHINE_NAME_LENGTH];
|
|
WCHAR WUserName[USER_NAME_LENGTH];
|
|
|
|
} STATIONQUERY;
|
|
typedef STATIONQUERY *LPSTATIONQUERY;
|
|
const DWORD STATIONQUERY_SIZE =sizeof(STATIONQUERY);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// this structure may not be cpp_quoted as it is used in the QueryStations methods in
|
|
// each interface below.
|
|
// (Besides, the array's length has always been 1)
|
|
typedef struct _QUERYTABLE
|
|
{
|
|
DWORD nStationQueries;
|
|
[size_is(nStationQueries)] STATIONQUERY StationQuery[*];
|
|
} QUERYTABLE;
|
|
typedef QUERYTABLE *LPQUERYTABLE;
|
|
const DWORD QUERYTABLE_SIZE =sizeof(QUERYTABLE);
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// The LINK structure is used to chain structures together into a list.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
#ifndef _LINK_
|
|
#define _LINK_
|
|
|
|
typedef struct _LINK *LPLINK;
|
|
|
|
typedef struct _LINK
|
|
{
|
|
LPLINK PrevLink;
|
|
LPLINK NextLink;
|
|
|
|
} LINK;
|
|
|
|
#endif //_LINK_
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Security Request packet")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
typedef struct _SECURITY_PERMISSION_CHECK
|
|
{
|
|
UINT Version;
|
|
DWORD RandomNumber;
|
|
BYTE MachineName[MACHINE_NAME_LENGTH];
|
|
BYTE UserName[USER_NAME_LENGTH];
|
|
UINT MacType;
|
|
BYTE PermanentAdapterAddress[MAC_ADDRESS_SIZE];
|
|
BYTE CurrentAdapterAddress[MAC_ADDRESS_SIZE];
|
|
WCHAR WMachineName[MACHINE_NAME_LENGTH];
|
|
WCHAR WUserName[USER_NAME_LENGTH];
|
|
|
|
} SECURITY_PERMISSION_CHECK;
|
|
|
|
typedef SECURITY_PERMISSION_CHECK * LPSECURITY_PERMISSION_CHECK;
|
|
cpp_quote("typedef SECURITY_PERMISSION_CHECK UNALIGNED * ULPSECURITY_PERMISSION_CHECK;")
|
|
|
|
const DWORD SECURITY_PERMISSION_CHECK_SIZE =sizeof(SECURITY_PERMISSION_CHECK);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Security Response packet")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
const DWORD MAX_SECURITY_BREACH_REASON_SIZE =100;
|
|
const DWORD MAX_SIGNATURE_LENGTH =128;
|
|
const DWORD MAX_USER_NAME_LENGTH =256;
|
|
|
|
typedef struct _SECURITY_PERMISSION_RESPONSE
|
|
{
|
|
UINT Version;
|
|
DWORD RandomNumber;
|
|
BYTE MachineName[MACHINE_NAME_LENGTH];
|
|
BYTE Address[MAC_ADDRESS_SIZE];
|
|
BYTE UserName[MAX_USER_NAME_LENGTH];
|
|
BYTE Reason[MAX_SECURITY_BREACH_REASON_SIZE];
|
|
DWORD SignatureLength;
|
|
BYTE Signature[MAX_SIGNATURE_LENGTH];
|
|
|
|
} SECURITY_PERMISSION_RESPONSE;
|
|
|
|
typedef SECURITY_PERMISSION_RESPONSE * LPSECURITY_PERMISSION_RESPONSE;
|
|
|
|
cpp_quote("typedef SECURITY_PERMISSION_RESPONSE UNALIGNED * ULPSECURITY_PERMISSION_RESPONSE;")
|
|
|
|
const DWORD SECURITY_PERMISSION_RESPONSE_SIZE =sizeof(SECURITY_PERMISSION_RESPONSE);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Callback type")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// generic events")
|
|
const DWORD UPDATE_EVENT_TERMINATE_THREAD =0x00000000;
|
|
const DWORD UPDATE_EVENT_NETWORK_STATUS =0x00000001;
|
|
|
|
cpp_quote("// rtc events")
|
|
const DWORD UPDATE_EVENT_RTC_INTERVAL_ELAPSED =0x00000002;
|
|
const DWORD UPDATE_EVENT_RTC_FRAME_TABLE_FULL =0x00000003;
|
|
const DWORD UPDATE_EVENT_RTC_BUFFER_FULL =0x00000004;
|
|
|
|
cpp_quote("// delayed events")
|
|
const DWORD UPDATE_EVENT_TRIGGER_BUFFER_CONTENT =0x00000005;
|
|
const DWORD UPDATE_EVENT_TRIGGER_PATTERN_MATCH =0x00000006;
|
|
const DWORD UPDATE_EVENT_TRIGGER_BUFFER_PATTERN =0x00000007;
|
|
const DWORD UPDATE_EVENT_TRIGGER_PATTERN_BUFFER =0x00000008;
|
|
|
|
cpp_quote("// transmit events")
|
|
const DWORD UPDATE_EVENT_TRANSMIT_STATUS =0x00000009;
|
|
|
|
cpp_quote("// Security events")
|
|
const DWORD UPDATE_EVENT_SECURITY_BREACH =0x0000000A;
|
|
|
|
cpp_quote("// Remote failure event")
|
|
const DWORD UPDATE_EVENT_REMOTE_FAILURE =0x0000000B;
|
|
|
|
cpp_quote("// actions")
|
|
const DWORD UPDATE_ACTION_TERMINATE_THREAD =0x00000000;
|
|
const DWORD UPDATE_ACTION_NOTIFY =0x00000001;
|
|
const DWORD UPDATE_ACTION_STOP_CAPTURE =0x00000002;
|
|
const DWORD UPDATE_ACTION_PAUSE_CAPTURE =0x00000003;
|
|
const DWORD UPDATE_ACTION_RTC_BUFFER_SWITCH =0x00000004;
|
|
|
|
typedef struct _UPDATE_EVENT
|
|
{
|
|
USHORT Event;
|
|
DWORD Action;
|
|
DWORD Status;
|
|
DWORD Value;
|
|
__int64 TimeStamp;
|
|
DWORD_PTR lpUserContext;
|
|
DWORD_PTR lpReserved;
|
|
UINT FramesDropped;
|
|
[switch_is(Event)] union
|
|
{
|
|
|
|
[default]
|
|
DWORD Reserved;
|
|
|
|
[case(2,3,4)]
|
|
LPFRAMETABLE lpFrameTable;
|
|
|
|
[case(9)]
|
|
DWORD_PTR lpPacketQueue;
|
|
|
|
[case(10)]
|
|
SECURITY_PERMISSION_RESPONSE SecurityResponse;
|
|
};
|
|
|
|
LPSTATISTICS lpFinalStats;
|
|
|
|
} UPDATE_EVENT;
|
|
typedef UPDATE_EVENT *PUPDATE_EVENT;
|
|
|
|
cpp_quote("// note for c++ users:")
|
|
cpp_quote("// the declaration for this callback should be in the public part of the header file:")
|
|
cpp_quote("// static WINAPI DWORD NetworkCallback( UPDATE_EVENT events);")
|
|
cpp_quote("// and the implementation should be, in the protected section of the cpp file:")
|
|
cpp_quote("// DWORD WINAPI ClassName::NetworkCallback( UPDATE_EVENT events) {};")
|
|
cpp_quote("//typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);")
|
|
cpp_quote("typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);")
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// NETWORKSTATUS data structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _NETWORKSTATUS
|
|
{
|
|
DWORD State;
|
|
DWORD Flags;
|
|
|
|
} NETWORKSTATUS;
|
|
|
|
typedef NETWORKSTATUS *LPNETWORKSTATUS;
|
|
|
|
const DWORD NETWORKSTATUS_SIZE =sizeof(NETWORKSTATUS);
|
|
|
|
const DWORD NETWORKSTATUS_STATE_VOID =0;
|
|
const DWORD NETWORKSTATUS_STATE_INIT =1;
|
|
const DWORD NETWORKSTATUS_STATE_CAPTURING =2;
|
|
const DWORD NETWORKSTATUS_STATE_PAUSED =3;
|
|
|
|
const DWORD NETWORKSTATUS_FLAGS_TRIGGER_PENDING =0x00000001;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// BONEPACKET structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
const BYTE BONE_COMMAND_STATION_QUERY_REQUEST =0;
|
|
const BYTE BONE_COMMAND_STATION_QUERY_RESPONSE =1;
|
|
const BYTE BONE_COMMAND_ALERT =2;
|
|
const BYTE BONE_COMMAND_PERMISSION_CHECK =3;
|
|
const BYTE BONE_COMMAND_PERMISSION_RESPONSE =4;
|
|
const BYTE BONE_COMMAND_SECURITY_MONITOR_EVENT =5;
|
|
|
|
typedef struct _BONEPACKET
|
|
{
|
|
DWORD Signature;
|
|
BYTE Command;
|
|
BYTE Flags;
|
|
DWORD Reserved;
|
|
WORD Length;
|
|
|
|
} BONEPACKET;
|
|
typedef BONEPACKET *LPBONEPACKET;
|
|
cpp_quote("typedef BONEPACKET UNALIGNED* ULPBONEPACKET;")
|
|
const DWORD BONEPACKET_SIZE =sizeof(BONEPACKET);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// BONE alert packet.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
const DWORD ALERT_CODE_BEGIN_TRANSMIT =0;
|
|
|
|
typedef struct _ALERT
|
|
{
|
|
DWORD AlertCode;
|
|
WCHAR WMachineName[MACHINE_NAME_LENGTH];
|
|
WCHAR WUserName[USER_NAME_LENGTH];
|
|
|
|
union
|
|
{
|
|
BYTE Pad[32];
|
|
DWORD nFramesToSend;
|
|
};
|
|
|
|
} ALERT;
|
|
typedef ALERT *LPALERT;
|
|
const DWORD ALERT_SIZE =sizeof(ALERT);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// BONEPACKET signature.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("#define MAKE_WORD(l, h) (((WORD) (l)) | (((WORD) (h)) << 8))")
|
|
cpp_quote("#define MAKE_LONG(l, h) (((DWORD) (l)) | (((DWORD) (h)) << 16L))")
|
|
cpp_quote("#define MAKE_SIG(a, b, c, d) MAKE_LONG(MAKE_WORD(a, b), MAKE_WORD(c, d))")
|
|
cpp_quote("#define BONE_PACKET_SIGNATURE MAKE_SIG('R', 'T', 'S', 'S')")
|
|
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// STATISTICS parameter structure.")
|
|
cpp_quote("//=============================================================================")
|
|
const DWORD MAX_SESSIONS =100;
|
|
const DWORD MAX_STATIONS =100;
|
|
|
|
typedef struct _STATISTICSPARAM
|
|
{
|
|
DWORD StatisticsSize;
|
|
STATISTICS Statistics;
|
|
DWORD StatisticsTableEntries;
|
|
STATIONSTATS StatisticsTable[MAX_STATIONS];
|
|
DWORD SessionTableEntries;
|
|
SESSIONSTATS SessionTable[MAX_SESSIONS];
|
|
|
|
} STATISTICSPARAM;
|
|
typedef STATISTICSPARAM *LPSTATISTICSPARAM;
|
|
const DWORD STATISTICSPARAM_SIZE =sizeof(STATISTICSPARAM);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Capture file header.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode file data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
const DWORD CAPTUREFILE_VERSION_MAJOR =2;
|
|
const DWORD CAPTUREFILE_VERSION_MINOR =0;
|
|
|
|
cpp_quote("#define MakeVersion(Major, Minor) ((DWORD) MAKEWORD(Minor, Major))")
|
|
cpp_quote("#define GetCurrentVersion() MakeVersion(CAPTUREFILE_VERSION_MAJOR, CAPTUREFILE_VERSION_MINOR)")
|
|
cpp_quote("#define NETMON_1_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('R', 'T', 'S', 'S')")
|
|
cpp_quote("#define NETMON_2_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('G', 'M', 'B', 'U')")
|
|
|
|
typedef struct _CAPTUREFILE_HEADER_VALUES
|
|
{
|
|
DWORD Signature; //... Unique identifier: 'RTSS'.
|
|
BYTE BCDVerMinor; //... Binary coded decimal (minor).
|
|
BYTE BCDVerMajor; //... Binary coded decimal (major).
|
|
WORD MacType; //... Topology type.
|
|
SYSTEMTIME TimeStamp; //... time of capture.
|
|
DWORD FrameTableOffset; //... Frame index table.
|
|
DWORD FrameTableLength; //... Frame index table size.
|
|
DWORD UserDataOffset; //... User data offset.
|
|
DWORD UserDataLength; //... User data length.
|
|
DWORD CommentDataOffset; //... Comment Data offset
|
|
DWORD CommentDataLength; //... Length of comment data.
|
|
DWORD StatisticsOffset; //....offset to STATISTICS STRUCTURE
|
|
DWORD StatisticsLength; //....length of stats struct
|
|
DWORD NetworkInfoOffset; //....offset to network info structure
|
|
DWORD NetworkInfoLength; //....length of network info structure
|
|
DWORD ConversationStatsOffset; //....offset of conv stats structure
|
|
DWORD ConversationStatsLength; //....length of conv stats structure
|
|
|
|
} CAPTUREFILE_HEADER_VALUES;
|
|
|
|
typedef CAPTUREFILE_HEADER_VALUES *LPCAPTUREFILE_HEADER_VALUES;
|
|
|
|
const DWORD CAPTUREFILE_HEADER_VALUES_SIZE =sizeof(CAPTUREFILE_HEADER_VALUES);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Capture file.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode file data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
typedef struct _CAPTUREFILE_HEADER
|
|
{
|
|
union
|
|
{
|
|
CAPTUREFILE_HEADER_VALUES ActualHeader;
|
|
BYTE Buffer[CAPTUREFILE_HEADER_VALUES_SIZE];
|
|
};
|
|
|
|
BYTE Reserved[128 - CAPTUREFILE_HEADER_VALUES_SIZE];
|
|
|
|
} CAPTUREFILE_HEADER;
|
|
|
|
typedef CAPTUREFILE_HEADER *LPCAPTUREFILE_HEADER;
|
|
|
|
const DWORD CAPTUREFILE_HEADER_SIZE =sizeof(CAPTUREFILE_HEADER);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Stats Frame definitions.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// These structures are used to create network data and so need to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
typedef struct _EFRAMEHDR
|
|
{
|
|
BYTE SrcAddress[6];
|
|
BYTE DstAddress[6];
|
|
WORD Length;
|
|
BYTE DSAP;
|
|
BYTE SSAP;
|
|
BYTE Control;
|
|
BYTE ProtocolID[3];
|
|
WORD EtherType;
|
|
|
|
} EFRAMEHDR;
|
|
|
|
typedef struct _TRFRAMEHDR
|
|
{
|
|
BYTE AC;
|
|
BYTE FC;
|
|
BYTE SrcAddress[6];
|
|
BYTE DstAddress[6];
|
|
BYTE DSAP;
|
|
BYTE SSAP;
|
|
BYTE Control;
|
|
BYTE ProtocolID[3];
|
|
WORD EtherType;
|
|
|
|
} TRFRAMEHDR;
|
|
|
|
const BYTE DEFAULT_TR_AC =0x00;
|
|
const BYTE DEFAULT_TR_FC =0x40;
|
|
const BYTE DEFAULT_SAP =0xAA;
|
|
const BYTE DEFAULT_CONTROL =0x03;
|
|
const WORD DEFAULT_ETHERTYPE =0x8419;
|
|
|
|
typedef struct _FDDIFRAMEHDR
|
|
{
|
|
BYTE FC;
|
|
BYTE SrcAddress[6];
|
|
BYTE DstAddress[6];
|
|
BYTE DSAP;
|
|
BYTE SSAP;
|
|
BYTE Control;
|
|
BYTE ProtocolID[3];
|
|
WORD EtherType;
|
|
|
|
} FDDIFRAMEHDR;
|
|
const BYTE DEFAULT_FDDI_FC =0x10;
|
|
|
|
typedef struct _FDDISTATFRAME
|
|
{
|
|
__int64 TimeStamp;
|
|
DWORD FrameLength;
|
|
DWORD nBytesAvail;
|
|
FDDIFRAMEHDR FrameHeader;
|
|
BYTE FrameID[4];
|
|
DWORD Flags;
|
|
DWORD FrameType;
|
|
WORD StatsDataLen;
|
|
DWORD StatsVersion;
|
|
STATISTICS Statistics;
|
|
|
|
} FDDISTATFRAME;
|
|
|
|
typedef FDDISTATFRAME *LPFDDISTATFRAME;
|
|
cpp_quote("typedef FDDISTATFRAME UNALIGNED *ULPFDDISTATFRAME;")
|
|
|
|
const DWORD FDDISTATFRAME_SIZE =sizeof(FDDISTATFRAME);
|
|
|
|
typedef struct _ATMFRAMEHDR
|
|
{
|
|
BYTE SrcAddress[6];
|
|
BYTE DstAddress[6];
|
|
WORD Vpi;
|
|
WORD Vci;
|
|
|
|
} ATMFRAMEHDR;
|
|
|
|
typedef struct _ATMSTATFRAME
|
|
{
|
|
__int64 TimeStamp;
|
|
DWORD FrameLength;
|
|
DWORD nBytesAvail;
|
|
ATMFRAMEHDR FrameHeader;
|
|
BYTE FrameID[4];
|
|
DWORD Flags;
|
|
DWORD FrameType;
|
|
WORD StatsDataLen;
|
|
DWORD StatsVersion;
|
|
STATISTICS Statistics;
|
|
|
|
} ATMSTATFRAME;
|
|
|
|
typedef ATMSTATFRAME *LPATMSTATFRAME;
|
|
cpp_quote("typedef ATMSTATFRAME UNALIGNED *ULPATMSTATFRAME;")
|
|
const DWORD ATMSTATFRAME_SIZE =sizeof(ATMSTATFRAME);
|
|
|
|
typedef struct _TRSTATFRAME
|
|
{
|
|
__int64 TimeStamp;
|
|
DWORD FrameLength;
|
|
DWORD nBytesAvail;
|
|
TRFRAMEHDR FrameHeader;
|
|
BYTE FrameID[4];
|
|
DWORD Flags;
|
|
DWORD FrameType;
|
|
WORD StatsDataLen;
|
|
DWORD StatsVersion;
|
|
STATISTICS Statistics;
|
|
|
|
} TRSTATFRAME;
|
|
|
|
typedef TRSTATFRAME *LPTRSTATFRAME;
|
|
cpp_quote("typedef TRSTATFRAME UNALIGNED *ULPTRSTATFRAME;")
|
|
const DWORD TRSTATFRAME_SIZE =sizeof(TRSTATFRAME);
|
|
|
|
typedef struct _ESTATFRAME
|
|
{
|
|
__int64 TimeStamp;
|
|
DWORD FrameLength;
|
|
DWORD nBytesAvail;
|
|
EFRAMEHDR FrameHeader;
|
|
BYTE FrameID[4];
|
|
DWORD Flags;
|
|
DWORD FrameType;
|
|
WORD StatsDataLen;
|
|
DWORD StatsVersion;
|
|
STATISTICS Statistics;
|
|
|
|
} ESTATFRAME;
|
|
|
|
|
|
typedef ESTATFRAME *LPESTATFRAME;
|
|
cpp_quote("typedef ESTATFRAME UNALIGNED *ULPESTATFRAME;")
|
|
const DWORD ESTATFRAME_SIZE =sizeof(ESTATFRAME);
|
|
|
|
const DWORD STATISTICS_VERSION_1_0 =0x00000000;
|
|
const DWORD STATISTICS_VERSION_2_0 =0x00000020;
|
|
|
|
|
|
// this variable could change if any of the above sizes changed
|
|
const DWORD MAX_STATSFRAME_SIZE =sizeof(TRSTATFRAME);
|
|
|
|
const DWORD STATS_FRAME_TYPE =103;
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMEvent.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// NMCOLUMNTYPE")
|
|
typedef enum
|
|
{
|
|
|
|
NMCOLUMNTYPE_UINT8 = 0,
|
|
NMCOLUMNTYPE_SINT8,
|
|
NMCOLUMNTYPE_UINT16,
|
|
NMCOLUMNTYPE_SINT16,
|
|
NMCOLUMNTYPE_UINT32,
|
|
NMCOLUMNTYPE_SINT32,
|
|
NMCOLUMNTYPE_FLOAT64,
|
|
NMCOLUMNTYPE_FRAME,
|
|
NMCOLUMNTYPE_YESNO,
|
|
NMCOLUMNTYPE_ONOFF,
|
|
NMCOLUMNTYPE_TRUEFALSE,
|
|
NMCOLUMNTYPE_MACADDR,
|
|
NMCOLUMNTYPE_IPXADDR,
|
|
NMCOLUMNTYPE_IPADDR,
|
|
NMCOLUMNTYPE_VARTIME,
|
|
NMCOLUMNTYPE_STRING
|
|
|
|
} NMCOLUMNTYPE;
|
|
|
|
cpp_quote("// NMCOLUMNVARIANT")
|
|
typedef struct _NMCOLUMNVARIANT
|
|
{
|
|
NMCOLUMNTYPE Type;
|
|
union
|
|
{
|
|
BYTE Uint8Val; // 8 bit unsigned value
|
|
char Sint8Val; // 8 bit signed value
|
|
WORD Uint16Val; // 16 bit unsigned value
|
|
short Sint16Val; // 16 bit signed value
|
|
DWORD Uint32Val; // 32 bit unsigned value
|
|
long Sint32Val; // 32 bit signed value
|
|
DOUBLE Float64Val; // 64 bit floating point value
|
|
DWORD FrameVal; // 32 bit unsigned frame value
|
|
BOOL YesNoVal; // 32 bit boolean: zero maps to 'NO', nonzero maps to 'YES'
|
|
BOOL OnOffVal; // 32 bit boolean: zero maps to 'OFF', nonzero maps to 'ON'
|
|
BOOL TrueFalseVal;// 32 bit boolean: zero maps to 'False', nonzero maps to 'True'
|
|
BYTE MACAddrVal[MAC_ADDRESS_SIZE];// 48 bit MAC address (6 bytes)
|
|
IPX_ADDR IPXAddrVal;// 10 byte ipx address (4 byte subnet. 6 byte address)
|
|
DWORD IPAddrVal; // 32 bit IP Address: ddd.ddd.ddd.ddd
|
|
DOUBLE VarTimeVal; // Double representation of time value (use VariantTimeToSystemTime to convert)
|
|
LPCSTR pStringVal; // pointer to a string value
|
|
|
|
} Value;
|
|
|
|
} NMCOLUMNVARIANT;
|
|
|
|
cpp_quote("// COLUMNINFO")
|
|
typedef struct _NMCOLUMNINFO
|
|
{
|
|
LPSTR szColumnName;// Name of column
|
|
NMCOLUMNVARIANT VariantData; // Value for column
|
|
|
|
} NMCOLUMNINFO;
|
|
typedef NMCOLUMNINFO* PNMCOLUMNINFO;
|
|
|
|
cpp_quote("// JTYPE")
|
|
typedef LPSTR JTYPE; // (structure placeholder)
|
|
|
|
// this structure contains may not be cpp_quoted as it is used in IEventq.idl
|
|
// (However, the array's length used to be 0)
|
|
cpp_quote("// EVENTDATA")
|
|
typedef struct _NMEVENTDATA
|
|
{
|
|
LPSTR pszReserved; // Reserved
|
|
BYTE Version; // Version for this structure (must be 0)
|
|
DWORD EventIdent; // ID for this event
|
|
DWORD Flags; // Flags for Expert generated or Monitor generated and others
|
|
DWORD Severity; // Severity level
|
|
BYTE NumColumns; // Number of optional columns for this event
|
|
LPSTR szSourceName; // Name of Monitor or Expert
|
|
LPSTR szEventName; // Name of event
|
|
LPSTR szDescription;// Description of event
|
|
LPSTR szMachine; // Name (or IPADDRESS?) of the machine supplying the event (NULL for Experts usually)
|
|
JTYPE Justification;// Justification pane info (currently a string, but possible structure)
|
|
LPSTR szUrl; // URL to Book of Knowledge (NULL for default for ID?)
|
|
SYSTEMTIME SysTime; // Systemtime of the event
|
|
[size_is(NumColumns)] NMCOLUMNINFO Column[*];
|
|
|
|
} NMEVENTDATA;
|
|
typedef NMEVENTDATA* PNMEVENTDATA;
|
|
|
|
cpp_quote("// EVENT FLAGS")
|
|
const DWORD NMEVENTFLAG_MONITOR =0x00000000;
|
|
const DWORD NMEVENTFLAG_EXPERT =0x00000001;
|
|
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY =0x80000000;
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE =0x40000000;
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME =0x20000000;
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION =0x10000000;
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE =0x08000000;
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_TIME =0x04000000;
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_DATE =0x02000000;
|
|
|
|
cpp_quote("//#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS (NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY | \\")
|
|
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE | \\")
|
|
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME | \\")
|
|
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION| \\")
|
|
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE | \\")
|
|
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_TIME | \\")
|
|
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_DATE )")
|
|
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS =0xFE000000;
|
|
|
|
|
|
enum _NMEVENT_SEVERITIES
|
|
{
|
|
NMEVENT_SEVERITY_INFORMATIONAL = 0,
|
|
NMEVENT_SEVERITY_WARNING,
|
|
NMEVENT_SEVERITY_STRONG_WARNING,
|
|
NMEVENT_SEVERITY_ERROR,
|
|
NMEVENT_SEVERITY_SEVERE_ERROR,
|
|
NMEVENT_SEVERITY_CRITICAL_ERROR
|
|
};
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMmcs.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Monitor status values returned from call to GetMonitorStatus")
|
|
cpp_quote("//=============================================================================")
|
|
const DWORD MONITOR_STATUS_ERROR =-1;
|
|
const DWORD MONITOR_STATUS_ENABLED =4;
|
|
const DWORD MONITOR_STATUS_CONFIGURED =5;
|
|
const DWORD MONITOR_STATUS_RUNNING =6;
|
|
const DWORD MONITOR_STATUS_RUNNING_FAULTED =9;
|
|
const DWORD MONITOR_STATUS_DELETED =10;
|
|
|
|
const DWORD MCS_COMMAND_ENABLE =13;
|
|
const DWORD MCS_COMMAND_DISABLE =14;
|
|
const DWORD MCS_COMMAND_SET_CONFIG =15;
|
|
const DWORD MCS_COMMAND_GET_CONFIG =16;
|
|
const DWORD MCS_COMMAND_START =17;
|
|
const DWORD MCS_COMMAND_STOP =18;
|
|
const DWORD MCS_COMMAND_CONNECT =19;
|
|
const DWORD MCS_COMMAND_RENAME =20;
|
|
const DWORD MCS_COMMAND_REFRESH_STATUS =21;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Monitor Creation Flags")
|
|
cpp_quote("//=============================================================================")
|
|
const DWORD MCS_CREATE_ONE_PER_NETCARD =0x00000001;
|
|
const DWORD MCS_CREATE_CONFIGS_BY_DEFAULT =0x00000010;
|
|
const DWORD MCS_CREATE_PMODE_NOT_REQUIRED =0x00000100;
|
|
|
|
typedef __int64 HNMMONITOR;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// NPP_INFO")
|
|
cpp_quote("//=============================================================================")
|
|
typedef struct
|
|
{
|
|
DWORD ListIndex;
|
|
[string] char* ShortName;
|
|
[string] char* LongName;
|
|
|
|
} NPP_INFO;
|
|
typedef NPP_INFO* PNPP_INFO;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// MONITOR_INFO")
|
|
cpp_quote("//=============================================================================")
|
|
typedef struct _MONITOR_INFO
|
|
{
|
|
// Our opaque pointer
|
|
HNMMONITOR MonitorInstance;
|
|
|
|
HNMMONITOR MonitorClass;
|
|
DWORD CreateFlags;
|
|
DWORD Status;
|
|
DWORD ListIndex;
|
|
[string] char* pDescription;
|
|
[string] char* pScript;
|
|
[string] char* pConfiguration;
|
|
[string] char* pName;
|
|
|
|
} MONITOR_INFO;
|
|
typedef MONITOR_INFO* PMONITOR_INFO;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// MONITOR_MESSAGE")
|
|
cpp_quote("//=============================================================================")
|
|
typedef struct
|
|
{
|
|
HNMMONITOR Monitor;
|
|
DWORD ListIndex;
|
|
[string] char* pszMessage;
|
|
|
|
} MONITOR_MESSAGE;
|
|
typedef MONITOR_MESSAGE* PMONITOR_MESSAGE;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// COMMAND_FAILED_EVENT")
|
|
cpp_quote("//=============================================================================")
|
|
typedef struct
|
|
{
|
|
HNMMONITOR Monitor;
|
|
DWORD Command;
|
|
DWORD FailureCode;
|
|
DWORD ListIndex;
|
|
DWORD Status;
|
|
|
|
} COMMAND_FAILED_EVENT;
|
|
typedef COMMAND_FAILED_EVENT* PCOMMAND_FAILED_EVENT;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// MONITOR_STATUS_EVENT")
|
|
cpp_quote("//=============================================================================")
|
|
typedef struct
|
|
{
|
|
HNMMONITOR Monitor;
|
|
DWORD LastCommand;
|
|
DWORD ListIndex;
|
|
DWORD Status;
|
|
DWORD FramesProcessed;
|
|
|
|
} MONITOR_STATUS_EVENT;
|
|
typedef MONITOR_STATUS_EVENT* PMONITOR_STATUS_EVENT;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// MCS_CLIENT")
|
|
cpp_quote("//=============================================================================")
|
|
typedef struct
|
|
{
|
|
[string] OLECHAR* pwszName;
|
|
FILETIME FileTime;
|
|
DWORD pXMCS;
|
|
BOOL bCurrent;
|
|
|
|
} MCS_CLIENT;
|
|
typedef MCS_CLIENT* PMCS_CLIENT;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (Finder.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Structures use by NPPs, the Finder, and monitors")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// these structures may not be cpp_quoted as they are used in IRemoteagent.idl
|
|
// (However, the array's length used to be 0)
|
|
typedef struct
|
|
{
|
|
DWORD dwNumBlobs;
|
|
[size_is(dwNumBlobs)] HBLOB hBlobs[*];
|
|
|
|
} BLOB_TABLE;
|
|
typedef BLOB_TABLE* PBLOB_TABLE;
|
|
|
|
typedef struct
|
|
{
|
|
DWORD size;
|
|
[size_is(size)] BYTE* pBytes;
|
|
|
|
} MBLOB;
|
|
|
|
typedef struct
|
|
{
|
|
DWORD dwNumBlobs;
|
|
[size_is(dwNumBlobs)] MBLOB mBlobs[*];
|
|
|
|
} MBLOB_TABLE;
|
|
typedef MBLOB_TABLE* PMBLOB_TABLE;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Functions called by monitors, tools, netmon")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("DWORD _cdecl GetNPPBlobTable(HBLOB hFilterBlob, ")
|
|
cpp_quote(" PBLOB_TABLE* ppBlobTable);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNPPBlobFromUI(HWND hwnd,")
|
|
cpp_quote(" HBLOB hFilterBlob,")
|
|
cpp_quote(" HBLOB* phBlob); ")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNPPBlobFromUIExU(HWND hwnd,")
|
|
cpp_quote(" HBLOB hFilterBlob,")
|
|
cpp_quote(" HBLOB* phBlob,")
|
|
cpp_quote(" char* szHelpFileName); ")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SelectNPPBlobFromTable( HWND hwnd,")
|
|
cpp_quote(" PBLOB_TABLE pBlobTable,")
|
|
cpp_quote(" HBLOB* hBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SelectNPPBlobFromTableExU( HWND hwnd,")
|
|
cpp_quote(" PBLOB_TABLE pBlobTable,")
|
|
cpp_quote(" HBLOB* hBlob,")
|
|
cpp_quote(" char* szHelpFileName);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Helper functions provided by the Finder")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("__inline DWORD BLOB_TABLE_SIZE(DWORD dwNumBlobs)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return (DWORD) (sizeof(BLOB_TABLE)+dwNumBlobs*sizeof(HBLOB));")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("__inline PBLOB_TABLE AllocBlobTable(DWORD dwNumBlobs)")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD size = BLOB_TABLE_SIZE(dwNumBlobs);")
|
|
cpp_quote("")
|
|
cpp_quote(" return (PBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("__inline DWORD MBLOB_TABLE_SIZE(DWORD dwNumBlobs)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return (DWORD) (sizeof(MBLOB_TABLE)+dwNumBlobs*sizeof(MBLOB));")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("__inline PMBLOB_TABLE AllocMBlobTable(DWORD dwNumBlobs)")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD size = MBLOB_TABLE_SIZE(dwNumBlobs);")
|
|
cpp_quote("")
|
|
cpp_quote(" return (PMBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Functions provided by NPPs, called by the Finder")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("// For NPP's that can return a Blob table without additional configuration.")
|
|
cpp_quote("DWORD _cdecl GetNPPBlobs(PBLOB_TABLE* ppBlobTable);")
|
|
cpp_quote("typedef DWORD (_cdecl FAR* BLOBSPROC) (PBLOB_TABLE* ppBlobTable);")
|
|
cpp_quote("")
|
|
cpp_quote("// For NPP's that need additional information to return a Blob table.")
|
|
cpp_quote("DWORD _cdecl GetConfigBlob(HBLOB* phBlob);")
|
|
cpp_quote("typedef DWORD (_cdecl FAR* GETCFGBLOB) (HBLOB, HBLOB*);")
|
|
cpp_quote("typedef DWORD (_cdecl FAR* CFGPROC) (HWND hwnd,")
|
|
cpp_quote(" HBLOB SpecialBlob,")
|
|
cpp_quote(" PBLOB_TABLE* ppBlobTable);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Handy functions")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("BOOL _cdecl FilterNPPBlob(HBLOB hBlob, HBLOB FilterBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL _cdecl RaiseNMEvent(HINSTANCE hInstance,")
|
|
cpp_quote(" WORD EventType, ")
|
|
cpp_quote(" DWORD EventID,")
|
|
cpp_quote(" WORD nStrings, ")
|
|
cpp_quote(" const char** aInsertStrs,")
|
|
cpp_quote(" LPVOID lpvData,")
|
|
cpp_quote(" DWORD dwDataSize);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMmonitor.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("#ifdef __cplusplus")
|
|
|
|
// Forward reference
|
|
cpp_quote("struct MONITOR;")
|
|
cpp_quote("typedef MONITOR* PMONITOR;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef void (WINAPI* MCSALERTPROC) (PMONITOR pMonitor, TCHAR* alert);")
|
|
cpp_quote("")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// Our exported Monitor functions, that must be supported by ALL monitors ")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// Create the Monitor, function called \"CreateMonitor\". The")
|
|
cpp_quote("// argument is a potential configuration structure")
|
|
cpp_quote("typedef DWORD (WINAPI* CREATEMONITOR)(PMONITOR* ppMonitor, ")
|
|
cpp_quote(" HBLOB hInputNPPBlob,")
|
|
cpp_quote(" char* pConfiguration,")
|
|
cpp_quote(" MCSALERTPROC McsAlertProc);")
|
|
cpp_quote("")
|
|
cpp_quote("// Destroy the Monitor, function called \"DestroyMonitor\"")
|
|
cpp_quote("typedef DWORD (WINAPI* DESTROYMONITOR)(PMONITOR);")
|
|
cpp_quote("")
|
|
cpp_quote("// We need the monitor's NPP filter blob: \"GetMonitorFilter\"")
|
|
cpp_quote("typedef DWORD (WINAPI* GETMONITORFILTER) (HBLOB* pFilterBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("// Get the monitor configuration \"GetMonitorConfig\"")
|
|
cpp_quote("// The pMonitor argument can not be null")
|
|
cpp_quote("typedef DWORD (WINAPI* GETMONITORCONFIG) (PMONITOR pMonitor,")
|
|
cpp_quote(" char** ppScript,")
|
|
cpp_quote(" char** ppConfiguration);")
|
|
cpp_quote("")
|
|
cpp_quote("// Set the monitor configuration \"SetMonitorConfig\"")
|
|
cpp_quote("// The pMonitor argument can not be null")
|
|
cpp_quote("typedef DWORD (WINAPI* SETMONITORCONFIG) (PMONITOR pMonitor, ")
|
|
cpp_quote(" char* pConfiguration);")
|
|
cpp_quote("")
|
|
cpp_quote("// The monitor's connect function: \"ConnectMonitor\"")
|
|
cpp_quote("typedef DWORD (WINAPI* CONNECTMONITOR) (PMONITOR pMonitor);")
|
|
cpp_quote("")
|
|
cpp_quote("// The monitor's start function: \"StartMonitor\"")
|
|
cpp_quote("typedef DWORD (WINAPI* STARTMONITOR) (PMONITOR pMonitor, char** ppResponse);")
|
|
cpp_quote("")
|
|
cpp_quote("// The monitor's stop function: \"StopMonitor\"")
|
|
cpp_quote("typedef DWORD (WINAPI* STOPMONITOR) (PMONITOR pMonitor);")
|
|
cpp_quote("")
|
|
cpp_quote("// Get the monitor status: \"GetMonitorStatus\"")
|
|
cpp_quote("typedef DWORD (WINAPI* GETMONITORSTATUS) (PMONITOR pMonitor, DWORD* pStatus);")
|
|
cpp_quote("")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// Optional function that allows the monitor dll to do specific functions")
|
|
cpp_quote("// prior to the creation of any monitors. \"OneTimeSetup\"")
|
|
cpp_quote("typedef DWORD (WINAPI* ONETIMESETUP) (void);")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// Optional function that provides a description of the monitor")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// For current display porpoises, we could use this: \"DescribeSelf\"")
|
|
cpp_quote("typedef DWORD (WINAPI* DESCRIBESELF) (const char** ppName,")
|
|
cpp_quote(" const char** ppDescription);")
|
|
cpp_quote("")
|
|
cpp_quote("#endif // __cplusplus")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMSupp.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("#ifndef __cplusplus")
|
|
cpp_quote("#ifndef try")
|
|
cpp_quote("#define try __try")
|
|
cpp_quote("#endif // try")
|
|
cpp_quote("")
|
|
cpp_quote("#ifndef except")
|
|
cpp_quote("#define except __except")
|
|
cpp_quote("#endif // except")
|
|
cpp_quote("#endif // __cplusplus")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Windows version constants.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD WINDOWS_VERSION_UNKNOWN =0;
|
|
const DWORD WINDOWS_VERSION_WIN32S =1;
|
|
const DWORD WINDOWS_VERSION_WIN32C =2;
|
|
const DWORD WINDOWS_VERSION_WIN32 =3;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Frame masks.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const BYTE FRAME_MASK_ETHERNET =((BYTE) ~0x01);
|
|
const BYTE FRAME_MASK_TOKENRING =((BYTE) ~0x80);
|
|
const BYTE FRAME_MASK_FDDI =((BYTE) ~0x01);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// ACCESSRIGHTS")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef enum _ACCESSRIGHTS
|
|
{
|
|
AccessRightsNoAccess, //... Access denied, invalid password.
|
|
AccessRightsMonitoring, //... Monitoring mode only.
|
|
AccessRightsUserAccess, //... User-level access rights.
|
|
AccessRightsAllAccess //... All access.
|
|
} ACCESSRIGHTS;
|
|
|
|
typedef ACCESSRIGHTS *PACCESSRIGHTS;
|
|
|
|
typedef LPVOID HPASSWORD;
|
|
|
|
cpp_quote("#define HANDLE_TYPE_PASSWORD MAKE_IDENTIFIER('P', 'W', 'D', '$')")
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Object heap type.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef LPVOID HOBJECTHEAP;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Object cleanup procedure.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("typedef VOID (WINAPI *OBJECTPROC)(HOBJECTHEAP, LPVOID);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Network Monitor timers.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _TIMER *HTIMER;
|
|
|
|
cpp_quote("typedef VOID (WINAPI *BHTIMERPROC)(LPVOID);")
|
|
cpp_quote("")
|
|
cpp_quote("HTIMER WINAPI BhSetTimer(BHTIMERPROC TimerProc, LPVOID InstData, DWORD TimeOut);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI BhKillTimer(HTIMER hTimer);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Network Monitor global error API.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI BhGetLastError(VOID);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI BhSetLastError(DWORD Error);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Object manager function prototypes.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("HOBJECTHEAP WINAPI CreateObjectHeap(DWORD ObjectSize, OBJECTPROC ObjectProc);")
|
|
cpp_quote("")
|
|
cpp_quote("HOBJECTHEAP WINAPI DestroyObjectHeap(HOBJECTHEAP hObjectHeap);")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI AllocObject(HOBJECTHEAP hObjectHeap);")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI FreeObject(HOBJECTHEAP hObjectHeap, LPVOID ObjectMemory);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GrowObjectHeap(HOBJECTHEAP hObjectHeap, DWORD nObjects);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetObjectHeapSize(HOBJECTHEAP hObjectHeap);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI PurgeObjectHeap(HOBJECTHEAP hObjectHeap);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Memory functions.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI AllocMemory(SIZE_T size);")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI ReallocMemory(LPVOID ptr, SIZE_T NewSize);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI FreeMemory(LPVOID ptr);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI TestMemory(LPVOID ptr);")
|
|
cpp_quote("")
|
|
cpp_quote("SIZE_T WINAPI MemorySize(LPVOID ptr);")
|
|
cpp_quote("")
|
|
cpp_quote("HANDLE WINAPI MemoryHandle(LPBYTE ptr);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Password API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("HPASSWORD WINAPI CreatePassword(LPSTR password);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI DestroyPassword(HPASSWORD hPassword);")
|
|
cpp_quote("")
|
|
cpp_quote("ACCESSRIGHTS WINAPI ValidatePassword(HPASSWORD hPassword);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// EXPRESSION API's")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("LPEXPRESSION WINAPI InitializeExpression(LPEXPRESSION Expression);")
|
|
cpp_quote("")
|
|
cpp_quote("LPPATTERNMATCH WINAPI InitializePattern(LPPATTERNMATCH Pattern, LPVOID ptr, DWORD offset, DWORD length);")
|
|
cpp_quote("")
|
|
cpp_quote("LPEXPRESSION WINAPI AndExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);")
|
|
cpp_quote("")
|
|
cpp_quote("LPEXPRESSION WINAPI OrExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);")
|
|
cpp_quote("")
|
|
cpp_quote("LPPATTERNMATCH WINAPI NegatePattern(LPPATTERNMATCH Pattern);")
|
|
cpp_quote("")
|
|
cpp_quote("LPADDRESSTABLE WINAPI AdjustOperatorPrecedence(LPADDRESSTABLE AddressTable);")
|
|
cpp_quote("")
|
|
cpp_quote("LPADDRESS WINAPI NormalizeAddress(LPADDRESS Address);")
|
|
cpp_quote("")
|
|
cpp_quote("LPADDRESSTABLE WINAPI NormalizeAddressTable(LPADDRESSTABLE AddressTable);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// MISC. API's")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI BhGetWindowsVersion(VOID);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI IsDaytona(VOID);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID _cdecl dprintf(LPSTR format, ...);")
|
|
cpp_quote("")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (BHTypes.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Unaligned base type definitions.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("typedef VOID UNALIGNED *ULPVOID;")
|
|
cpp_quote("typedef BYTE UNALIGNED *ULPBYTE;")
|
|
cpp_quote("typedef WORD UNALIGNED *ULPWORD;")
|
|
cpp_quote("typedef DWORD UNALIGNED *ULPDWORD;")
|
|
cpp_quote("typedef CHAR UNALIGNED *ULPSTR;")
|
|
cpp_quote("typedef SYSTEMTIME UNALIGNED *ULPSYSTEMTIME;")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Handle definitions.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _PARSER *HPARSER;
|
|
|
|
typedef struct _CAPFRAMEDESC *HFRAME;
|
|
typedef struct _CAPTURE *HCAPTURE;
|
|
typedef struct _FILTER *HFILTER;
|
|
typedef struct _ADDRESSDB *HADDRESSDB;
|
|
typedef struct _PROTOCOL *HPROTOCOL;
|
|
typedef DWORD_PTR HPROPERTY;
|
|
|
|
typedef HPROTOCOL *LPHPROTOCOL;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// GetTableSize() -- The following macro is used to calculate the actual")
|
|
cpp_quote("// length of Network Monitor variable-length table structures.")
|
|
cpp_quote("//")
|
|
cpp_quote("// EXAMPLE:")
|
|
cpp_quote("//")
|
|
cpp_quote("// GetTableSize(PROTOCOLTABLESIZE, ")
|
|
cpp_quote("// ProtocolTable->nProtocols, ")
|
|
cpp_quote("// sizeof(HPROTOCOL))")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("#define GetTableSize(TableBaseSize, nElements, ElementSize) ((TableBaseSize) + ((nElements) * (ElementSize)))")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Object type identifiers.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef DWORD OBJECTTYPE;
|
|
|
|
cpp_quote("#ifndef MAKE_IDENTIFIER")
|
|
cpp_quote("#define MAKE_IDENTIFIER(a, b, c, d) ((DWORD) MAKELONG(MAKEWORD(a, b), MAKEWORD(c, d)))")
|
|
cpp_quote("#endif // MAKE_IDENTIFIER")
|
|
|
|
cpp_quote("#define HANDLE_TYPE_INVALID MAKE_IDENTIFIER(-1, -1, -1, -1)")
|
|
cpp_quote("#define HANDLE_TYPE_CAPTURE MAKE_IDENTIFIER('C', 'A', 'P', '$')")
|
|
cpp_quote("#define HANDLE_TYPE_PARSER MAKE_IDENTIFIER('P', 'S', 'R', '$')")
|
|
cpp_quote("#define HANDLE_TYPE_ADDRESSDB MAKE_IDENTIFIER('A', 'D', 'R', '$')")
|
|
cpp_quote("#define HANDLE_TYPE_PROTOCOL MAKE_IDENTIFIER('P', 'R', 'T', '$')")
|
|
cpp_quote("#define HANDLE_TYPE_BUFFER MAKE_IDENTIFIER('B', 'U', 'F', '$')")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Network Monitor constant definitions.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("#define INLINE __inline")
|
|
cpp_quote("#define BHAPI WINAPI")
|
|
|
|
const DWORD MAX_NAME_LENGTH =16;
|
|
const DWORD MAX_ADDR_LENGTH =6;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Ethernet type (ETYPE) constant definitions.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const WORD ETYPE_LOOP =0x9000;
|
|
const WORD ETYPE_3COM_NETMAP1 =0x9001;
|
|
const WORD ETYPE_3COM_NETMAP2 =0x9002;
|
|
const WORD ETYPE_IBM_RT =0x80D5;
|
|
const WORD ETYPE_NETWARE =0x8137;
|
|
const WORD ETYPE_XNS1 =0x0600;
|
|
const WORD ETYPE_XNS2 =0x0807;
|
|
const WORD ETYPE_3COM_NBP0 =0x3C00;
|
|
const WORD ETYPE_3COM_NBP1 =0x3C01;
|
|
const WORD ETYPE_3COM_NBP2 =0x3C02;
|
|
const WORD ETYPE_3COM_NBP3 =0x3C03;
|
|
const WORD ETYPE_3COM_NBP4 =0x3C04;
|
|
const WORD ETYPE_3COM_NBP5 =0x3C05;
|
|
const WORD ETYPE_3COM_NBP6 =0x3C06;
|
|
const WORD ETYPE_3COM_NBP7 =0x3C07;
|
|
const WORD ETYPE_3COM_NBP8 =0x3C08;
|
|
const WORD ETYPE_3COM_NBP9 =0x3C09;
|
|
const WORD ETYPE_3COM_NBP10 =0x3C0A;
|
|
const WORD ETYPE_IP =0x0800;
|
|
const WORD ETYPE_ARP1 =0x0806;
|
|
const WORD ETYPE_ARP2 =0x0807;
|
|
const WORD ETYPE_RARP =0x8035;
|
|
const WORD ETYPE_TRLR0 =0x1000;
|
|
const WORD ETYPE_TRLR1 =0x1001;
|
|
const WORD ETYPE_TRLR2 =0x1002;
|
|
const WORD ETYPE_TRLR3 =0x1003;
|
|
const WORD ETYPE_TRLR4 =0x1004;
|
|
const WORD ETYPE_TRLR5 =0x1005;
|
|
const WORD ETYPE_PUP =0x0200;
|
|
const WORD ETYPE_PUP_ARP =0x0201;
|
|
const WORD ETYPE_APPLETALK_ARP =0x80F3;
|
|
const WORD ETYPE_APPLETALK_LAP =0x809B;
|
|
const WORD ETYPE_SNMP =0x814C;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LLC (802.2) SAP constant definitions.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const BYTE SAP_SNAP = 0xAA;
|
|
const BYTE SAP_BPDU = 0x42;
|
|
const BYTE SAP_IBM_NM = 0xF4;
|
|
const BYTE SAP_IBM_NETBIOS = 0xF0;
|
|
const BYTE SAP_SNA1 = 0x04;
|
|
const BYTE SAP_SNA2 = 0x05;
|
|
const BYTE SAP_SNA3 = 0x08;
|
|
const BYTE SAP_SNA4 = 0x0C;
|
|
const BYTE SAP_NETWARE1 = 0x10;
|
|
const BYTE SAP_NETWARE2 = 0xE0;
|
|
const BYTE SAP_NETWARE3 = 0xFE;
|
|
const BYTE SAP_IP = 0x06;
|
|
const BYTE SAP_X25 = 0x7E;
|
|
const BYTE SAP_RPL1 = 0xF8;
|
|
const BYTE SAP_RPL2 = 0xFC;
|
|
const BYTE SAP_UB = 0xFA;
|
|
const BYTE SAP_XNS = 0x80;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property constants")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// data types")
|
|
|
|
const BYTE PROP_TYPE_VOID =0x00;
|
|
const BYTE PROP_TYPE_SUMMARY =0x01;
|
|
const BYTE PROP_TYPE_BYTE =0x02;
|
|
const BYTE PROP_TYPE_WORD =0x03;
|
|
const BYTE PROP_TYPE_DWORD =0x04;
|
|
const BYTE PROP_TYPE_LARGEINT =0x05;
|
|
const BYTE PROP_TYPE_ADDR =0x06;
|
|
const BYTE PROP_TYPE_TIME =0x07;
|
|
const BYTE PROP_TYPE_STRING =0x08;
|
|
const BYTE PROP_TYPE_IP_ADDRESS =0x09;
|
|
const BYTE PROP_TYPE_IPX_ADDRESS =0x0A;
|
|
const BYTE PROP_TYPE_BYTESWAPPED_WORD =0x0B;
|
|
const BYTE PROP_TYPE_BYTESWAPPED_DWORD =0x0C;
|
|
const BYTE PROP_TYPE_TYPED_STRING =0x0D;
|
|
const BYTE PROP_TYPE_RAW_DATA =0x0E;
|
|
const BYTE PROP_TYPE_COMMENT =0x0F;
|
|
const BYTE PROP_TYPE_SRCFRIENDLYNAME =0x10;
|
|
const BYTE PROP_TYPE_DSTFRIENDLYNAME =0x11;
|
|
const BYTE PROP_TYPE_TOKENRING_ADDRESS =0x12;
|
|
const BYTE PROP_TYPE_FDDI_ADDRESS =0x13;
|
|
const BYTE PROP_TYPE_ETHERNET_ADDRESS =0x14;
|
|
const BYTE PROP_TYPE_OBJECT_IDENTIFIER =0x15;
|
|
const BYTE PROP_TYPE_VINES_IP_ADDRESS =0x16;
|
|
const BYTE PROP_TYPE_VAR_LEN_SMALL_INT =0x17;
|
|
const BYTE PROP_TYPE_ATM_ADDRESS =0x18;
|
|
const BYTE PROP_TYPE_1394_ADDRESS =0x19;
|
|
|
|
cpp_quote("// data qualifiers")
|
|
|
|
const BYTE PROP_QUAL_NONE =0x00;
|
|
const BYTE PROP_QUAL_RANGE =0x01;
|
|
const BYTE PROP_QUAL_SET =0x02;
|
|
const BYTE PROP_QUAL_BITFIELD =0x03;
|
|
const BYTE PROP_QUAL_LABELED_SET =0x04;
|
|
const BYTE PROP_QUAL_LABELED_BITFIELD =0x08;
|
|
const BYTE PROP_QUAL_CONST =0x09;
|
|
const BYTE PROP_QUAL_FLAGS =0x0A;
|
|
const BYTE PROP_QUAL_ARRAY =0x0B;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LARGEINT structure defined in winnt.h")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef LARGE_INTEGER *LPLARGEINT;
|
|
cpp_quote("typedef LARGE_INTEGER UNALIGNED *ULPLARGEINT;")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Range structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _RANGE
|
|
{
|
|
DWORD MinValue;
|
|
DWORD MaxValue;
|
|
|
|
} RANGE;
|
|
|
|
typedef RANGE *LPRANGE;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LABELED_BYTE structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _LABELED_BYTE
|
|
{
|
|
BYTE Value;
|
|
LPSTR Label;
|
|
|
|
} LABELED_BYTE;
|
|
|
|
typedef LABELED_BYTE *LPLABELED_BYTE;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LABELED_WORD structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _LABELED_WORD
|
|
{
|
|
WORD Value;
|
|
LPSTR Label;
|
|
|
|
} LABELED_WORD;
|
|
|
|
typedef LABELED_WORD *LPLABELED_WORD;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LABELED_DWORD structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _LABELED_DWORD
|
|
{
|
|
DWORD Value;
|
|
LPSTR Label;
|
|
|
|
} LABELED_DWORD;
|
|
|
|
typedef LABELED_DWORD *LPLABELED_DWORD;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LABELED_LARGEINT structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _LABELED_LARGEINT
|
|
{
|
|
LARGE_INTEGER Value;
|
|
LPSTR Label;
|
|
|
|
} LABELED_LARGEINT;
|
|
|
|
typedef LABELED_LARGEINT *LPLABELED_LARGEINT;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LABELED_SYSTEMTIME structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _LABELED_SYSTEMTIME
|
|
{
|
|
SYSTEMTIME Value;
|
|
LPSTR Label;
|
|
|
|
} LABELED_SYSTEMTIME;
|
|
|
|
typedef LABELED_SYSTEMTIME *LPLABELED_SYSTEMTIME;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LABELED_BIT structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// BitNumber starts at 0, up to 256 bits.")
|
|
typedef struct _LABELED_BIT
|
|
{
|
|
BYTE BitNumber;
|
|
LPSTR LabelOff;
|
|
LPSTR LabelOn;
|
|
|
|
} LABELED_BIT;
|
|
|
|
typedef LABELED_BIT *LPLABELED_BIT;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// TYPED_STRING structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD TYPED_STRING_NORMAL = 1;
|
|
const DWORD TYPED_STRING_UNICODE = 2;
|
|
const DWORD TYPED_STRING_EXFLAG = 1;
|
|
|
|
// structure contains bitfields, so must cpp_quote
|
|
cpp_quote("// Typed Strings are always Ex, so to actually Ex we set fStringEx and put the Ex data in Byte")
|
|
cpp_quote("typedef struct _TYPED_STRING")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE StringType:7;")
|
|
cpp_quote(" BYTE fStringEx:1;")
|
|
cpp_quote(" LPSTR lpString;")
|
|
cpp_quote(" BYTE Byte[0];")
|
|
cpp_quote("} TYPED_STRING;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef TYPED_STRING *LPTYPED_STRING;")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// OBJECT_IDENTIFIER structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _OBJECT_IDENTIFIER
|
|
{
|
|
DWORD Length;
|
|
LPDWORD lpIdentifier;
|
|
|
|
} OBJECT_IDENTIFIER;
|
|
|
|
typedef OBJECT_IDENTIFIER *LPOBJECT_IDENTIFIER;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Set structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _SET
|
|
{
|
|
DWORD nEntries;
|
|
|
|
union
|
|
{
|
|
//... set of values
|
|
|
|
LPVOID lpVoidTable; // set of anything.
|
|
LPBYTE lpByteTable; // set of bytes
|
|
LPWORD lpWordTable; // set of words
|
|
LPDWORD lpDwordTable; // set of dwords
|
|
LPLARGEINT lpLargeIntTable; // set of LARGEINT structures
|
|
LPSYSTEMTIME lpSystemTimeTable; // set of SYSTEMTIME structures
|
|
|
|
//... set of labeled values
|
|
|
|
LPLABELED_BYTE lpLabeledByteTable; // set of labeled_byte structs
|
|
LPLABELED_WORD lpLabeledWordTable; // set of labeled_word structs
|
|
LPLABELED_DWORD lpLabeledDwordTable; // set of labeled_dword structs
|
|
LPLABELED_LARGEINT lpLabeledLargeIntTable; // set of Labeled_LARGEINT structs
|
|
LPLABELED_SYSTEMTIME lpLabeledSystemTimeTable; // set of labeled_systemtime structs
|
|
LPLABELED_BIT lpLabeledBit; // set of labeled_bit structs.
|
|
};
|
|
|
|
} SET;
|
|
|
|
typedef SET *LPSET;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// String table.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// needs to be cpp_quoted because of the zero length array
|
|
cpp_quote("typedef struct _STRINGTABLE")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD nStrings;")
|
|
cpp_quote(" LPSTR String[0];")
|
|
cpp_quote("")
|
|
cpp_quote("} STRINGTABLE;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef STRINGTABLE *LPSTRINGTABLE;")
|
|
cpp_quote("#define STRINGTABLE_SIZE sizeof(STRINGTABLE)")
|
|
cpp_quote("")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// RECOGNIZEDATA structure.")
|
|
cpp_quote("//")
|
|
cpp_quote("// This structure to keep track of the start of each recognized protocol.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _RECOGNIZEDATA
|
|
{
|
|
WORD ProtocolID; //... Protocol which was recognized
|
|
WORD nProtocolOffset; //... Offset from the start of the frame of the start of this protocol.
|
|
LPVOID InstData; //... Opaque, for protocol only.
|
|
|
|
} RECOGNIZEDATA;
|
|
|
|
typedef RECOGNIZEDATA * LPRECOGNIZEDATA;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// RECOGNIZEDATATABLE structure.")
|
|
cpp_quote("//")
|
|
cpp_quote("// This structure to keep track of the start of each RECOGNIZEDATA structure")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// needs to be cpp_quoted because of the zero length array
|
|
cpp_quote("typedef struct _RECOGNIZEDATATABLE")
|
|
cpp_quote("{")
|
|
cpp_quote(" WORD nRecognizeDatas; //... number of RECOGNIZEDATA structures")
|
|
cpp_quote(" RECOGNIZEDATA RecognizeData[0]; //... array of RECOGNIZEDATA structures follows")
|
|
cpp_quote("")
|
|
cpp_quote("} RECOGNIZEDATATABLE;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef RECOGNIZEDATATABLE * LPRECOGNIZEDATATABLE;")
|
|
cpp_quote("")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property information structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _PROPERTYINFO
|
|
{
|
|
HPROPERTY hProperty; //... Handle to the property.
|
|
DWORD Version; //... Version of property.
|
|
LPSTR Label; //... name of property
|
|
LPSTR Comment; //... description of property
|
|
BYTE DataType; //... data type of property
|
|
BYTE DataQualifier; //... data qualifier of property
|
|
|
|
union
|
|
{
|
|
LPVOID lpExtendedInfo; //... generic pointer.
|
|
LPRANGE lpRange; //... pointer to range
|
|
LPSET lpSet; //... pointer to set
|
|
DWORD Bitmask; //... bitmask to apply
|
|
DWORD Value; //... constant value.
|
|
};
|
|
|
|
WORD FormatStringSize; //... max size to reserve for text description
|
|
LPVOID InstanceData; //... property-specific instance data.
|
|
|
|
} PROPERTYINFO;
|
|
|
|
typedef PROPERTYINFO *LPPROPERTYINFO;
|
|
|
|
const DWORD PROPERTYINFO_SIZE =sizeof(PROPERTYINFO);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property instance Extended structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// contains unaligned pointer, so must cpp_quote
|
|
cpp_quote("typedef struct _PROPERTYINSTEX")
|
|
cpp_quote("{")
|
|
cpp_quote(" WORD Length; //... length of raw data in frame")
|
|
cpp_quote(" WORD LengthEx; //... number of bytes following")
|
|
cpp_quote(" ULPVOID lpData; //... pointer to raw data in frame")
|
|
cpp_quote("")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" BYTE Byte[]; //... table of bytes follows")
|
|
cpp_quote(" WORD Word[]; //... table of words follows")
|
|
cpp_quote(" DWORD Dword[]; //... table of Dwords follows")
|
|
cpp_quote(" LARGE_INTEGER LargeInt[]; //... table of LARGEINT structures to follow")
|
|
cpp_quote(" SYSTEMTIME SysTime[]; //... table of SYSTEMTIME structures follows")
|
|
cpp_quote(" TYPED_STRING TypedString;//... a typed_string that may have extended data")
|
|
cpp_quote(" };")
|
|
cpp_quote("} PROPERTYINSTEX;")
|
|
cpp_quote("typedef PROPERTYINSTEX *LPPROPERTYINSTEX;")
|
|
cpp_quote("typedef PROPERTYINSTEX UNALIGNED *ULPPROPERTYINSTEX;")
|
|
cpp_quote("#define PROPERTYINSTEX_SIZE sizeof(PROPERTYINSTEX)")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property instance structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// contains unaligned pointer, so must cpp_quote
|
|
cpp_quote("typedef struct _PROPERTYINST")
|
|
cpp_quote("{")
|
|
cpp_quote(" LPPROPERTYINFO lpPropertyInfo; // pointer to property info")
|
|
cpp_quote(" LPSTR szPropertyText; // pointer to string description")
|
|
cpp_quote("")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" LPVOID lpData; // pointer to data")
|
|
cpp_quote(" ULPBYTE lpByte; // bytes")
|
|
cpp_quote(" ULPWORD lpWord; // words")
|
|
cpp_quote(" ULPDWORD lpDword; // dwords")
|
|
cpp_quote("")
|
|
cpp_quote(" ULPLARGEINT lpLargeInt; // LargeInt")
|
|
cpp_quote(" ULPSYSTEMTIME lpSysTime; // pointer to SYSTEMTIME structures")
|
|
cpp_quote(" LPPROPERTYINSTEX lpPropertyInstEx; // pointer to propertyinstex (if DataLength = -1)")
|
|
cpp_quote(" };")
|
|
cpp_quote("")
|
|
cpp_quote(" WORD DataLength; // length of data, or flag for propertyinstex struct")
|
|
cpp_quote(" WORD Level : 4 ; // level information ............1111")
|
|
cpp_quote(" WORD HelpID : 12 ; // context ID for helpfile 111111111111....")
|
|
cpp_quote(" // ---------------")
|
|
cpp_quote(" // total of 16 bits == 1 WORD == DWORD ALIGNED structure")
|
|
cpp_quote(" // Interpretation Flags: Flags that define attach time information to the")
|
|
cpp_quote(" // interpretation of the property. For example, in RPC, the client can be")
|
|
cpp_quote(" // Intel format and the server can be non-Intel format... thus the property")
|
|
cpp_quote(" // database cannot describe the property at database creation time.")
|
|
cpp_quote(" DWORD IFlags;")
|
|
cpp_quote("")
|
|
cpp_quote("} PROPERTYINST;")
|
|
cpp_quote("typedef PROPERTYINST *LPPROPERTYINST;")
|
|
cpp_quote("#define PROPERTYINST_SIZE sizeof(PROPERTYINST)")
|
|
cpp_quote("")
|
|
|
|
cpp_quote("// Flags passed at AttachPropertyInstance and AttachPropertyInstanceEx time in the IFlags field:")
|
|
cpp_quote("// flag for error condition ...............1")
|
|
const DWORD IFLAG_ERROR =0x00000001;
|
|
cpp_quote("// is the WORD or DWORD byte non-Intel format at attach time?")
|
|
const DWORD IFLAG_SWAPPED =0x00000002;
|
|
cpp_quote("// is the STRING UNICODE at attach time?")
|
|
const DWORD IFLAG_UNICODE =0x00000004;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property instance table structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _PROPERTYINSTTABLE
|
|
{
|
|
WORD nPropertyInsts; //... number of items
|
|
WORD nPropertyInstIndex; //... index to first item
|
|
|
|
} PROPERTYINSTTABLE;
|
|
|
|
typedef PROPERTYINSTTABLE *LPPROPERTYINSTTABLE;
|
|
|
|
const DWORD PROPERTYINSTTABLE_SIZE =sizeof(PROPERTYINSTTABLE);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property table structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// contains a structure that contains an unaligned pointer, so must cpp_quote
|
|
cpp_quote("typedef struct _PROPERTYTABLE")
|
|
cpp_quote("{")
|
|
cpp_quote(" LPVOID lpFormatBuffer; //... Opaque. (PRIVATE)")
|
|
cpp_quote(" DWORD FormatBufferLength; //... Opaque. (PRIVATE)")
|
|
cpp_quote(" DWORD nTotalPropertyInsts; //... total number of propertyinstances in array")
|
|
cpp_quote(" LPPROPERTYINST lpFirstPropertyInst; //... array of property instances")
|
|
cpp_quote(" BYTE nPropertyInstTables; //... total PropertyIndexTables following")
|
|
cpp_quote(" PROPERTYINSTTABLE PropertyInstTable[0]; //... array of propertyinstance index table structures")
|
|
cpp_quote("")
|
|
cpp_quote("} PROPERTYTABLE;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef PROPERTYTABLE *LPPROPERTYTABLE;")
|
|
cpp_quote("")
|
|
cpp_quote("#define PROPERTYTABLE_SIZE sizeof(PROPERTYTABLE)")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Protocol entry points.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("typedef VOID (WINAPI *REGISTER)(HPROTOCOL);")
|
|
cpp_quote("")
|
|
cpp_quote("typedef VOID (WINAPI *DEREGISTER)(HPROTOCOL);")
|
|
cpp_quote("")
|
|
cpp_quote("typedef LPBYTE (WINAPI *RECOGNIZEFRAME)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, LPDWORD, LPHPROTOCOL, PDWORD_PTR);")
|
|
cpp_quote("")
|
|
cpp_quote("typedef LPBYTE (WINAPI *ATTACHPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, DWORD_PTR);")
|
|
cpp_quote("")
|
|
cpp_quote("typedef DWORD (WINAPI *FORMATPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, LPPROPERTYINST);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Protocol entry point structure.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("typedef struct _ENTRYPOINTS")
|
|
cpp_quote("{")
|
|
cpp_quote(" REGISTER Register; //... Protocol Register() entry point.")
|
|
cpp_quote(" DEREGISTER Deregister; //... Protocol Deregister() entry point.")
|
|
cpp_quote(" RECOGNIZEFRAME RecognizeFrame; //... Protocol RecognizeFrame() entry point.")
|
|
cpp_quote(" ATTACHPROPERTIES AttachProperties; //... Protocol AttachProperties() entry point.")
|
|
cpp_quote(" FORMATPROPERTIES FormatProperties; //... Protocol FormatProperties() entry point.")
|
|
cpp_quote("")
|
|
cpp_quote("} ENTRYPOINTS;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef ENTRYPOINTS *LPENTRYPOINTS;")
|
|
cpp_quote("")
|
|
cpp_quote("#define ENTRYPOINTS_SIZE sizeof(ENTRYPOINTS)")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property database structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// structure contains zero length array, must cpp_quote
|
|
cpp_quote("typedef struct _PROPERTYDATABASE")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD nProperties; //... Number of properties in database.")
|
|
cpp_quote(" LPPROPERTYINFO PropertyInfo[0]; //... Array of property info pointers.")
|
|
cpp_quote("")
|
|
cpp_quote("} PROPERTYDATABASE;")
|
|
cpp_quote("#define PROPERTYDATABASE_SIZE sizeof(PROPERTYDATABASE)")
|
|
cpp_quote("typedef PROPERTYDATABASE *LPPROPERTYDATABASE;")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Protocol info structure (PUBLIC portion of HPROTOCOL).")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// structure contains a structure with a zero length array, must cpp_quote
|
|
cpp_quote("typedef struct _PROTOCOLINFO")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD ProtocolID; //... Prootocol ID of owning protocol.")
|
|
cpp_quote(" LPPROPERTYDATABASE PropertyDatabase; //... Property database.")
|
|
cpp_quote(" BYTE ProtocolName[16]; //... Protocol name.")
|
|
cpp_quote(" BYTE HelpFile[16]; //... Optional helpfile name.")
|
|
cpp_quote(" BYTE Comment[128]; //... Comment describing protocol.")
|
|
cpp_quote("} PROTOCOLINFO;")
|
|
cpp_quote("typedef PROTOCOLINFO *LPPROTOCOLINFO;")
|
|
cpp_quote("#define PROTOCOLINFO_SIZE sizeof(PROTOCOLINFO)")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Protocol Table.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
typedef struct _PROTOCOLTABLE
|
|
{
|
|
DWORD nProtocols;
|
|
HPROTOCOL hProtocol[1]; //... This must be the last member.
|
|
|
|
} PROTOCOLTABLE;
|
|
|
|
typedef PROTOCOLTABLE *LPPROTOCOLTABLE;
|
|
|
|
const DWORD PROTOCOLTABLE_SIZE =(sizeof(PROTOCOLTABLE) - sizeof(HPROTOCOL));
|
|
|
|
cpp_quote("#define PROTOCOLTABLE_ACTUAL_SIZE(p) GetTableSize(PROTOCOLTABLE_SIZE, (p)->nProtocols, sizeof(HPROTOCOL))")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// AddressInfo structure")
|
|
cpp_quote("//=============================================================================")
|
|
const DWORD SORT_BYADDRESS =0;
|
|
const DWORD SORT_BYNAME =1;
|
|
|
|
const DWORD PERMANENT_NAME =0x00000100;
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("typedef struct _ADDRESSINFO")
|
|
cpp_quote("{")
|
|
cpp_quote(" ADDRESS Address;")
|
|
cpp_quote(" WCHAR Name[MAX_NAME_SIZE];")
|
|
cpp_quote(" DWORD Flags;")
|
|
cpp_quote(" LPVOID lpAddressInstData;")
|
|
cpp_quote("")
|
|
cpp_quote("} ADDRESSINFO;")
|
|
cpp_quote("typedef struct _ADDRESSINFO *LPADDRESSINFO;")
|
|
cpp_quote("#define ADDRESSINFO_SIZE sizeof(ADDRESSINFO)")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// AddressInfoTable")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
// also contains zero length array, so must cpp_quote
|
|
cpp_quote("typedef struct _ADDRESSINFOTABLE")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD nAddressInfos;")
|
|
cpp_quote(" LPADDRESSINFO lpAddressInfo[0];")
|
|
cpp_quote("")
|
|
cpp_quote("} ADDRESSINFOTABLE;")
|
|
cpp_quote("typedef ADDRESSINFOTABLE *LPADDRESSINFOTABLE;")
|
|
cpp_quote("#define ADDRESSINFOTABLE_SIZE sizeof(ADDRESSINFOTABLE)")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// callback procedures.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("typedef DWORD (WINAPI *FILTERPROC)(HCAPTURE, HFRAME, LPVOID);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMErr.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// The operation succeeded.")
|
|
const DWORD NMERR_SUCCESS = 0;
|
|
|
|
cpp_quote("// An error occured creating a memory-mapped file.")
|
|
const DWORD NMERR_MEMORY_MAPPED_FILE_ERROR = 1;
|
|
|
|
cpp_quote("// The handle to a filter is invalid.")
|
|
const DWORD NMERR_INVALID_HFILTER = 2;
|
|
|
|
cpp_quote("// Capturing has already been started.")
|
|
const DWORD NMERR_CAPTURING = 3;
|
|
|
|
cpp_quote("// Capturing has not been started.")
|
|
const DWORD NMERR_NOT_CAPTURING = 4;
|
|
|
|
cpp_quote("// The are no frames available.")
|
|
const DWORD NMERR_NO_MORE_FRAMES = 5;
|
|
|
|
cpp_quote("// The buffer is too small to complete the operation.")
|
|
const DWORD NMERR_BUFFER_TOO_SMALL = 6;
|
|
|
|
cpp_quote("// No protocol was able to recognize the frame.")
|
|
const DWORD NMERR_FRAME_NOT_RECOGNIZED = 7;
|
|
|
|
cpp_quote("// The file already exists.")
|
|
const DWORD NMERR_FILE_ALREADY_EXISTS = 8;
|
|
|
|
cpp_quote("// A needed device driver was not found or is not loaded.")
|
|
const DWORD NMERR_DRIVER_NOT_FOUND = 9;
|
|
|
|
cpp_quote("// This address aready exists in the database.")
|
|
const DWORD NMERR_ADDRESS_ALREADY_EXISTS = 10;
|
|
|
|
cpp_quote("// The frame handle is invalid.")
|
|
const DWORD NMERR_INVALID_HFRAME = 11;
|
|
|
|
cpp_quote("// The protocol handle is invalid.")
|
|
const DWORD NMERR_INVALID_HPROTOCOL = 12;
|
|
|
|
cpp_quote("// The property handle is invalid.")
|
|
const DWORD NMERR_INVALID_HPROPERTY = 13;
|
|
|
|
cpp_quote("// The the object has been locked. ")
|
|
const DWORD NMERR_LOCKED = 14;
|
|
|
|
cpp_quote("// A pop operation was attempted on an empty stack.")
|
|
const DWORD NMERR_STACK_EMPTY = 15;
|
|
|
|
cpp_quote("// A push operation was attempted on an full stack.")
|
|
const DWORD NMERR_STACK_OVERFLOW = 16;
|
|
|
|
cpp_quote("// There are too many protocols active.")
|
|
const DWORD NMERR_TOO_MANY_PROTOCOLS = 17;
|
|
|
|
cpp_quote("// The file was not found.")
|
|
const DWORD NMERR_FILE_NOT_FOUND = 18;
|
|
|
|
cpp_quote("// No memory was available. Shut down windows to free up resources.")
|
|
const DWORD NMERR_OUT_OF_MEMORY = 19;
|
|
|
|
cpp_quote("// The capture is already in the paused state.")
|
|
const DWORD NMERR_CAPTURE_PAUSED = 20;
|
|
|
|
cpp_quote("// There are no buffers available or present.")
|
|
const DWORD NMERR_NO_BUFFERS = 21;
|
|
|
|
cpp_quote("// There are already buffers present.")
|
|
const DWORD NMERR_BUFFERS_ALREADY_EXIST = 22;
|
|
|
|
cpp_quote("// The object is not locked.")
|
|
const DWORD NMERR_NOT_LOCKED = 23;
|
|
|
|
cpp_quote("// A integer type was out of range.")
|
|
const DWORD NMERR_OUT_OF_RANGE = 24;
|
|
|
|
cpp_quote("// An object was locked too many times.")
|
|
const DWORD NMERR_LOCK_NESTING_TOO_DEEP = 25;
|
|
|
|
cpp_quote("// A parser failed to load.")
|
|
const DWORD NMERR_LOAD_PARSER_FAILED = 26;
|
|
|
|
cpp_quote("// A parser failed to unload.")
|
|
const DWORD NMERR_UNLOAD_PARSER_FAILED = 27;
|
|
|
|
cpp_quote("// The address database handle is invalid.")
|
|
const DWORD NMERR_INVALID_HADDRESSDB = 28;
|
|
|
|
cpp_quote("// The MAC address was not found in the database.")
|
|
const DWORD NMERR_ADDRESS_NOT_FOUND = 29;
|
|
|
|
cpp_quote("// The network software was not found in the system.")
|
|
const DWORD NMERR_NETWORK_NOT_PRESENT = 30;
|
|
|
|
cpp_quote("// There is no property database for a protocol.")
|
|
const DWORD NMERR_NO_PROPERTY_DATABASE = 31;
|
|
|
|
cpp_quote("// A property was not found in the database.")
|
|
const DWORD NMERR_PROPERTY_NOT_FOUND = 32;
|
|
|
|
cpp_quote("// The property database handle is in valid.")
|
|
const DWORD NMERR_INVALID_HPROPERTYDB = 33;
|
|
|
|
cpp_quote("// The protocol has not been enabled.")
|
|
const DWORD NMERR_PROTOCOL_NOT_ENABLED = 34;
|
|
|
|
cpp_quote("// The protocol DLL could not be found.")
|
|
const DWORD NMERR_PROTOCOL_NOT_FOUND = 35;
|
|
|
|
cpp_quote("// The parser DLL is not valid.")
|
|
const DWORD NMERR_INVALID_PARSER_DLL = 36;
|
|
|
|
cpp_quote("// There are no properties attached.")
|
|
const DWORD NMERR_NO_ATTACHED_PROPERTIES = 37;
|
|
|
|
cpp_quote("// There are no frames in the buffer.")
|
|
const DWORD NMERR_NO_FRAMES = 38;
|
|
|
|
cpp_quote("// The capture file format is not valid.")
|
|
const DWORD NMERR_INVALID_FILE_FORMAT = 39;
|
|
|
|
cpp_quote("// The OS could not create a temporary file.")
|
|
const DWORD NMERR_COULD_NOT_CREATE_TEMPFILE = 40;
|
|
|
|
cpp_quote("// There is not enough MS-DOS memory available.")
|
|
const DWORD NMERR_OUT_OF_DOS_MEMORY = 41;
|
|
|
|
cpp_quote("// There are no protocols enabled.")
|
|
const DWORD NMERR_NO_PROTOCOLS_ENABLED = 42;
|
|
|
|
cpp_quote("// The MAC type is invalid or unsupported.")
|
|
const DWORD NMERR_UNKNOWN_MACTYPE = 46;
|
|
|
|
cpp_quote("// There is no routing information present in the MAC frame.")
|
|
const DWORD NMERR_ROUTING_INFO_NOT_PRESENT = 47;
|
|
|
|
cpp_quote("// The network handle is invalid.")
|
|
const DWORD NMERR_INVALID_HNETWORK = 48;
|
|
|
|
cpp_quote("// The network is already open.")
|
|
const DWORD NMERR_NETWORK_ALREADY_OPENED = 49;
|
|
|
|
cpp_quote("// The network is not open.")
|
|
const DWORD NMERR_NETWORK_NOT_OPENED = 50;
|
|
|
|
cpp_quote("// The frame was not found in the buffer.")
|
|
const DWORD NMERR_FRAME_NOT_FOUND = 51;
|
|
|
|
cpp_quote("// There are no handles available.")
|
|
const DWORD NMERR_NO_HANDLES = 53;
|
|
|
|
cpp_quote("// The network ID is invalid.")
|
|
const DWORD NMERR_INVALID_NETWORK_ID = 54;
|
|
|
|
cpp_quote("// The capture handle is invalid.")
|
|
const DWORD NMERR_INVALID_HCAPTURE = 55;
|
|
|
|
cpp_quote("// The protocol has already been enabled.")
|
|
const DWORD NMERR_PROTOCOL_ALREADY_ENABLED = 56;
|
|
|
|
cpp_quote("// The filter expression is invalid.")
|
|
const DWORD NMERR_FILTER_INVALID_EXPRESSION = 57;
|
|
|
|
cpp_quote("// A transmit error occured.")
|
|
const DWORD NMERR_TRANSMIT_ERROR = 58;
|
|
|
|
cpp_quote("// The buffer handle is invalid.")
|
|
const DWORD NMERR_INVALID_HBUFFER = 59;
|
|
|
|
cpp_quote("// The specified data is unknown or invalid.")
|
|
const DWORD NMERR_INVALID_DATA = 60;
|
|
|
|
cpp_quote("// The MS-DOS/NDIS 2.0 network driver is not loaded.")
|
|
const DWORD NMERR_MSDOS_DRIVER_NOT_LOADED = 61;
|
|
|
|
cpp_quote("// The Windows VxD/NDIS 3.0 network driver is not loaded.")
|
|
const DWORD NMERR_WINDOWS_DRIVER_NOT_LOADED = 62;
|
|
|
|
cpp_quote("// The MS-DOS/NDIS 2.0 driver had an init-time failure.")
|
|
const DWORD NMERR_MSDOS_DRIVER_INIT_FAILURE = 63;
|
|
|
|
cpp_quote("// The Windows/NDIS 3.0 driver had an init-time failure.")
|
|
const DWORD NMERR_WINDOWS_DRIVER_INIT_FAILURE = 64;
|
|
|
|
cpp_quote("// The network driver is busy and cannot handle requests.")
|
|
const DWORD NMERR_NETWORK_BUSY = 65;
|
|
|
|
cpp_quote("// The capture is not paused.")
|
|
const DWORD NMERR_CAPTURE_NOT_PAUSED = 66;
|
|
|
|
cpp_quote("// The frame/packet length is not valid.")
|
|
const DWORD NMERR_INVALID_PACKET_LENGTH = 67;
|
|
|
|
cpp_quote("// An internal exception occured.")
|
|
const DWORD NMERR_INTERNAL_EXCEPTION = 69;
|
|
|
|
cpp_quote("// The MAC driver does not support promiscious mode.")
|
|
const DWORD NMERR_PROMISCUOUS_MODE_NOT_SUPPORTED= 70;
|
|
|
|
cpp_quote("// The MAC driver failed to open.")
|
|
const DWORD NMERR_MAC_DRIVER_OPEN_FAILURE = 71;
|
|
|
|
cpp_quote("// The protocol went off the end of the frame.")
|
|
const DWORD NMERR_RUNAWAY_PROTOCOL = 72;
|
|
|
|
cpp_quote("// An asynchronous operation is still pending.")
|
|
const DWORD NMERR_PENDING = 73;
|
|
|
|
cpp_quote("// Access is denied.")
|
|
const DWORD NMERR_ACCESS_DENIED = 74;
|
|
|
|
cpp_quote("// The password handle is invalid.")
|
|
const DWORD NMERR_INVALID_HPASSWORD = 75;
|
|
|
|
cpp_quote("// A bad parameter was detected.")
|
|
const DWORD NMERR_INVALID_PARAMETER = 76;
|
|
|
|
cpp_quote("// An error occured reading the file.")
|
|
const DWORD NMERR_FILE_READ_ERROR = 77;
|
|
|
|
cpp_quote("// An error occured writing to the file.")
|
|
const DWORD NMERR_FILE_WRITE_ERROR = 78;
|
|
|
|
cpp_quote("// The protocol has not been registered")
|
|
const DWORD NMERR_PROTOCOL_NOT_REGISTERED = 79;
|
|
|
|
cpp_quote("// The frame does not contain an IP address.")
|
|
const DWORD NMERR_IP_ADDRESS_NOT_FOUND = 80;
|
|
|
|
cpp_quote("// The transmit request was cancelled.")
|
|
const DWORD NMERR_TRANSMIT_CANCELLED = 81;
|
|
|
|
cpp_quote("// The operation cannot be performed on a capture with 1 or more locked frames.")
|
|
const DWORD NMERR_LOCKED_FRAMES = 82;
|
|
|
|
cpp_quote("// A cancel transmit request was submitted but there were no transmits pending.")
|
|
const DWORD NMERR_NO_TRANSMITS_PENDING = 83;
|
|
|
|
cpp_quote("// Path not found.")
|
|
const DWORD NMERR_PATH_NOT_FOUND = 84;
|
|
|
|
cpp_quote("// A windows error has occured.")
|
|
const DWORD NMERR_WINDOWS_ERROR = 85;
|
|
|
|
cpp_quote("// The handle to the frame has no frame number.")
|
|
const DWORD NMERR_NO_FRAME_NUMBER = 86;
|
|
|
|
cpp_quote("// The frame is not associated with any capture.")
|
|
const DWORD NMERR_FRAME_HAS_NO_CAPTURE = 87;
|
|
|
|
cpp_quote("// The frame is already associated with a capture.")
|
|
const DWORD NMERR_FRAME_ALREADY_HAS_CAPTURE = 88;
|
|
|
|
cpp_quote("// The NAL is not remotable.")
|
|
const DWORD NMERR_NAL_IS_NOT_REMOTE = 89;
|
|
|
|
cpp_quote("// The API is not supported")
|
|
const DWORD NMERR_NOT_SUPPORTED = 90;
|
|
|
|
cpp_quote("// Network Monitor should discard the current frame. ")
|
|
cpp_quote("// This error code is only used during a filtered SaveCapture() API call.")
|
|
const DWORD NMERR_DISCARD_FRAME = 91;
|
|
|
|
cpp_quote("// Network Monitor should cancel the current save. ")
|
|
cpp_quote("// This error code is only used during a filtered SaveCapture() API call.")
|
|
const DWORD NMERR_CANCEL_SAVE_CAPTURE = 92;
|
|
|
|
cpp_quote("// The connection to the remote machine has been lost")
|
|
const DWORD NMERR_LOST_CONNECTION = 93;
|
|
|
|
cpp_quote("// The media/mac type is not valid.")
|
|
const DWORD NMERR_INVALID_MEDIA_TYPE = 94;
|
|
|
|
cpp_quote("// The Remote Agent is currently in use")
|
|
const DWORD NMERR_AGENT_IN_USE = 95;
|
|
|
|
cpp_quote("// The request has timed out")
|
|
const DWORD NMERR_TIMEOUT = 96;
|
|
|
|
cpp_quote("// The remote agent has been disconnected")
|
|
const DWORD NMERR_DISCONNECTED = 97;
|
|
|
|
cpp_quote("// A timer required for operation failed creation")
|
|
const DWORD NMERR_SETTIMER_FAILED = 98;
|
|
|
|
cpp_quote("// A network error occured.")
|
|
const DWORD NMERR_NETWORK_ERROR = 99;
|
|
|
|
cpp_quote("// Frame callback procedure is not valid")
|
|
const DWORD NMERR_INVALID_FRAMESPROC = 100;
|
|
|
|
cpp_quote("// Capture type specified is unknown")
|
|
const DWORD NMERR_UNKNOWN_CAPTURETYPE = 101;
|
|
|
|
cpp_quote("// The NPP is not connected to a network.")
|
|
const DWORD NMERR_NOT_CONNECTED = 102;
|
|
|
|
cpp_quote("// The NPP is already connected to a network.")
|
|
const DWORD NMERR_ALREADY_CONNECTED = 103;
|
|
|
|
cpp_quote("// The registry tag does not indicate a known configuration.")
|
|
const DWORD NMERR_INVALID_REGISTRY_CONFIGURATION= 104;
|
|
|
|
cpp_quote("// The NPP is currently configured for delayed capturing.")
|
|
const DWORD NMERR_DELAYED = 105;
|
|
|
|
cpp_quote("// The NPP is not currently configured for delayed capturing.")
|
|
const DWORD NMERR_NOT_DELAYED = 106;
|
|
|
|
cpp_quote("// The NPP is currently configured for real time capturing.")
|
|
const DWORD NMERR_REALTIME = 107;
|
|
|
|
cpp_quote("// The NPP is not currently configured for real time capturing.")
|
|
const DWORD NMERR_NOT_REALTIME = 108;
|
|
|
|
cpp_quote("// The NPP is currently configured for stats only capturing.")
|
|
const DWORD NMERR_STATS_ONLY = 109;
|
|
|
|
cpp_quote("// The NPP is not currently configured for stats only capturing.")
|
|
const DWORD NMERR_NOT_STATS_ONLY = 110;
|
|
|
|
cpp_quote("// The NPP is currently configured for transmitting.")
|
|
const DWORD NMERR_TRANSMIT = 111;
|
|
|
|
cpp_quote("// The NPP is not currently configured for transmitting.")
|
|
const DWORD NMERR_NOT_TRANSMIT = 112;
|
|
|
|
cpp_quote("// The NPP is currently transmitting")
|
|
const DWORD NMERR_TRANSMITTING = 113;
|
|
|
|
cpp_quote("// The specified capture file hard disk is not local")
|
|
const DWORD NMERR_DISK_NOT_LOCAL_FIXED = 114;
|
|
|
|
cpp_quote("// Could not create the default capture directory on the given disk")
|
|
const DWORD NMERR_COULD_NOT_CREATE_DIRECTORY = 115;
|
|
|
|
cpp_quote("// The default capture directory was not set in the registry:")
|
|
cpp_quote("// HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\nm\\Parameters\\CapturePath")
|
|
const DWORD NMERR_NO_DEFAULT_CAPTURE_DIRECTORY = 116;
|
|
|
|
cpp_quote("// The capture file is an uplevel version that this netmon does not understand")
|
|
const DWORD NMERR_UPLEVEL_CAPTURE_FILE = 117;
|
|
|
|
cpp_quote("// An expert failed to load.")
|
|
const DWORD NMERR_LOAD_EXPERT_FAILED = 118;
|
|
|
|
cpp_quote("// An expert failed to report its EXPERT_INFO structs.")
|
|
const DWORD NMERR_EXPERT_REPORT_FAILED = 119;
|
|
|
|
cpp_quote("// Registry API call failed.")
|
|
const DWORD NMERR_REG_OPERATION_FAILED = 120;
|
|
|
|
cpp_quote("// Registry API call failed.")
|
|
const DWORD NMERR_NO_DLLS_FOUND = 121;
|
|
|
|
cpp_quote("// There are no conversation stats, they were not asked for.")
|
|
const DWORD NMERR_NO_CONVERSATION_STATS = 122;
|
|
|
|
cpp_quote("// We have received a security response packet from a security monitor.")
|
|
const DWORD NMERR_SECURITY_BREACH_CAPTURE_DELETED = 123;
|
|
|
|
cpp_quote("// The given frame failed the display filter.")
|
|
const DWORD NMERR_FRAME_FAILED_FILTER = 124;
|
|
|
|
cpp_quote("// Netmon wants the Expert to stop running.")
|
|
const DWORD NMERR_EXPERT_TERMINATE = 125;
|
|
|
|
cpp_quote("// Netmon needs the remote machine to be a server.")
|
|
const DWORD NMERR_REMOTE_NOT_A_SERVER = 126;
|
|
|
|
cpp_quote("// Netmon needs the remote machine to be a server.")
|
|
const DWORD NMERR_REMOTE_VERSION_OUTOFSYNC = 127;
|
|
|
|
cpp_quote("// The supplied group is an invalid handle")
|
|
const DWORD NMERR_INVALID_EXPERT_GROUP = 128;
|
|
|
|
cpp_quote("// The supplied expert name cannot be found")
|
|
const DWORD NMERR_INVALID_EXPERT_NAME = 129;
|
|
|
|
cpp_quote("// The supplied expert name cannot be found")
|
|
const DWORD NMERR_INVALID_EXPERT_HANDLE= 130;
|
|
|
|
cpp_quote("// The supplied group name already exists")
|
|
const DWORD NMERR_GROUP_NAME_ALREADY_EXISTS = 131;
|
|
|
|
cpp_quote("// The supplied group name is invalid")
|
|
const DWORD NMERR_INVALID_GROUP_NAME = 132;
|
|
|
|
cpp_quote("// The supplied Expert is already in the group. ")
|
|
const DWORD NMERR_EXPERT_ALREADY_IN_GROUP = 133;
|
|
|
|
cpp_quote("// The Expert cannot be deleted from the group because it is not in the group")
|
|
const DWORD NMERR_EXPERT_NOT_IN_GROUP = 134;
|
|
|
|
cpp_quote("// The COM object has not been initialized")
|
|
const DWORD NMERR_NOT_INITIALIZED = 135;
|
|
|
|
cpp_quote("// Cannot perform function to Root group")
|
|
const DWORD NMERR_INVALID_GROUP_ROOT = 136;
|
|
|
|
cpp_quote("// Potential data structure mismatch between NdisNpp and Driver.")
|
|
const DWORD NMERR_BAD_VERSION = 137;
|
|
|
|
cpp_quote("// The NPP is currently configured for ESP capturing.")
|
|
const DWORD NMERR_ESP = 138;
|
|
|
|
cpp_quote("// The NPP is not currently configured for ESP capturing.")
|
|
const DWORD NMERR_NOT_ESP = 139;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Blob Errors")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD NMERR_BLOB_NOT_INITIALIZED =1000;
|
|
const DWORD NMERR_INVALID_BLOB =1001;
|
|
const DWORD NMERR_UPLEVEL_BLOB =1002;
|
|
const DWORD NMERR_BLOB_ENTRY_ALREADY_EXISTS =1003;
|
|
const DWORD NMERR_BLOB_ENTRY_DOES_NOT_EXIST =1004;
|
|
const DWORD NMERR_AMBIGUOUS_SPECIFIER =1005;
|
|
const DWORD NMERR_BLOB_OWNER_NOT_FOUND =1006;
|
|
const DWORD NMERR_BLOB_CATEGORY_NOT_FOUND =1007;
|
|
const DWORD NMERR_UNKNOWN_CATEGORY =1008;
|
|
const DWORD NMERR_UNKNOWN_TAG =1009;
|
|
const DWORD NMERR_BLOB_CONVERSION_ERROR =1010;
|
|
const DWORD NMERR_ILLEGAL_TRIGGER =1011;
|
|
const DWORD NMERR_BLOB_STRING_INVALID =1012;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// FINDER errors")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD NMERR_UNABLE_TO_LOAD_LIBRARY =1013;
|
|
const DWORD NMERR_UNABLE_TO_GET_PROCADDR =1014;
|
|
const DWORD NMERR_CLASS_NOT_REGISTERED =1015;
|
|
const DWORD NMERR_INVALID_REMOTE_COMPUTERNAME =1016;
|
|
const DWORD NMERR_RPC_REMOTE_FAILURE =1017;
|
|
const DWORD NMERR_NO_NPPS =3016;
|
|
const DWORD NMERR_NO_MATCHING_NPPS =3017;
|
|
const DWORD NMERR_NO_NPP_SELECTED =3018;
|
|
const DWORD NMERR_NO_INPUT_BLOBS =3019;
|
|
const DWORD NMERR_NO_NPP_DLLS =3020;
|
|
const DWORD NMERR_NO_VALID_NPP_DLLS =3021;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Monitor errors")
|
|
cpp_quote("//=============================================================================")
|
|
const DWORD NMERR_INVALID_LIST_INDEX =2000;
|
|
const DWORD NMERR_INVALID_MONITOR =2001;
|
|
const DWORD NMERR_INVALID_MONITOR_DLL =2002;
|
|
const DWORD NMERR_UNABLE_TO_CREATE_MONITOR =2003;
|
|
const DWORD NMERR_INVALID_MONITOR_CONFIG =2005;
|
|
const DWORD NMERR_INVALID_INDEX =2006;
|
|
const DWORD NMERR_MONITOR_ENABLED =2007;
|
|
const DWORD NMERR_MONITOR_NOT_RUNNING =2008;
|
|
const DWORD NMERR_MONITOR_IS_BUSY =2009;
|
|
const DWORD NMERR_MCS_IS_BUSY =2010;
|
|
const DWORD NMERR_NO_MONITORS =2011;
|
|
const DWORD NMERR_ONE_MONITOR_PER_NETCARD =2012;
|
|
const DWORD NMERR_CONFIGURATION_REQUIRED =2013;
|
|
const DWORD NMERR_MONITOR_NOT_CONNECTED =2014;
|
|
const DWORD NMERR_MONITOR_NOT_CONFIGURED =2015;
|
|
const DWORD NMERR_MONITOR_CONFIG_FAILED =2016;
|
|
const DWORD NMERR_MONITOR_INIT_FAILED =2017;
|
|
const DWORD NMERR_MONITOR_FAULTED =2018;
|
|
const DWORD NMERR_SAVE_ALL_FAILED =2019;
|
|
const DWORD NMERR_SAVE_MONITOR_FAILED =2029;
|
|
const DWORD NMERR_MONITOR_CONNECT_FAILED =2021;
|
|
const DWORD NMERR_MONITOR_START_FAILED =2022;
|
|
const DWORD NMERR_MONITOR_STOP_FAILED =2023;
|
|
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Error Macros")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("#ifndef INLINE")
|
|
cpp_quote("#define INLINE __inline")
|
|
cpp_quote("#endif // INLINE")
|
|
|
|
#ifndef HRESULT
|
|
typedef LONG HRESULT; // From wtypes.h
|
|
#endif // HRESULT
|
|
|
|
cpp_quote("// normal Network Monitor errors will be put into the code portion of an hresult")
|
|
cpp_quote("// for return from OLE objects:")
|
|
cpp_quote("// these two macros will help to create and crack the scode")
|
|
cpp_quote("INLINE HRESULT NMERR_TO_HRESULT( DWORD nmerror )")
|
|
cpp_quote("{")
|
|
cpp_quote(" HRESULT hResult;")
|
|
cpp_quote(" if (nmerror == NMERR_SUCCESS)")
|
|
cpp_quote(" hResult = NOERROR;")
|
|
cpp_quote(" else")
|
|
cpp_quote(" hResult = MAKE_HRESULT( SEVERITY_ERROR,FACILITY_ITF, (WORD)nmerror) ;")
|
|
cpp_quote("")
|
|
cpp_quote(" return hResult;")
|
|
cpp_quote("}")
|
|
|
|
cpp_quote("//We use to decide whether the first bit was set to 1 or 0, not regarding ")
|
|
cpp_quote("//whether the result passed with a warning set in the low word. Now we ")
|
|
cpp_quote("//disregard the first bit and pass back the warning.")
|
|
cpp_quote("INLINE DWORD HRESULT_TO_NMERR( HRESULT hResult )")
|
|
cpp_quote("{")
|
|
cpp_quote(" return HRESULT_CODE(hResult);")
|
|
cpp_quote("}")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (BHFilter.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//============================================================================")
|
|
cpp_quote("// types")
|
|
cpp_quote("//============================================================================")
|
|
|
|
|
|
typedef HFILTER * LPHFILTER;
|
|
|
|
|
|
typedef DWORD FILTERACTIONTYPE;
|
|
typedef DWORD VALUETYPE;
|
|
|
|
cpp_quote("// check for protocols existing in the frame.")
|
|
cpp_quote("")
|
|
cpp_quote("// ProtocolPart")
|
|
cpp_quote("// this is the raw data for a Protocol based expression")
|
|
cpp_quote("//")
|
|
cpp_quote("// WHAT FIELD DESCRIPTION EXAMPLE")
|
|
cpp_quote("// ---- ----- ----------- -------")
|
|
cpp_quote("// Count of Protocol(nPropertyDBs) Number of protocols to pass 5")
|
|
cpp_quote("// PropertyDB Table (PropertyDB) Table of HPROTOCOL SMB, LLC, MAC")
|
|
cpp_quote("//")
|
|
cpp_quote("// NOTE: the nPropertyDBs field may also be the following, which implies that")
|
|
cpp_quote("// all are selected but that none have actually been put into the structure")
|
|
|
|
const DWORD PROTOCOL_NUM_ANY =(-1);
|
|
|
|
typedef PROTOCOLTABLE PROTOCOLTABLETYPE;
|
|
typedef PROTOCOLTABLETYPE *LPPROTOCOLTABLETYPE;
|
|
|
|
cpp_quote("// filter bits stores who passed what filter per frame to speed up")
|
|
cpp_quote("// the filter process... This is actually an array.")
|
|
typedef DWORD FILTERBITS;
|
|
|
|
typedef FILTERBITS *LPFILTERBITS;
|
|
|
|
typedef SYSTEMTIME *LPTIME;
|
|
cpp_quote("typedef SYSTEMTIME UNALIGNED * ULPTIME;")
|
|
|
|
|
|
cpp_quote("// The Filter Object is the basic unit of the postfix stack.")
|
|
cpp_quote("// I need to restart the convert property to value if the comparison does not match.")
|
|
cpp_quote("// To do this, I need the original pointer to the property. Pull the hProperty out of")
|
|
cpp_quote("// the union so that the pointer to the property is saved.")
|
|
|
|
// contains an unaligned pointer, so must cpp_quote
|
|
cpp_quote("typedef struct _FILTEROBJECT")
|
|
cpp_quote("{")
|
|
cpp_quote(" FILTERACTIONTYPE Action; // Object action, see codes below")
|
|
cpp_quote(" HPROPERTY hProperty; // property key")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" VALUETYPE Value; // value of the object.")
|
|
cpp_quote(" HPROTOCOL hProtocol; // protocol key.")
|
|
cpp_quote(" LPVOID lpArray; // if array, length is ItemCount below.")
|
|
cpp_quote(" LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.")
|
|
cpp_quote(" LPADDRESS lpAddress; // kernel type address, mac or ip")
|
|
cpp_quote(" ULPLARGEINT lpLargeInt; // Double DWORD used by NT")
|
|
cpp_quote(" ULPTIME lpTime; // pointer to SYSTEMTIME")
|
|
cpp_quote(" LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER")
|
|
cpp_quote("")
|
|
cpp_quote(" };")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" WORD ByteCount; // Number of BYTES!")
|
|
cpp_quote(" WORD ByteOffset; // offset for array compare")
|
|
cpp_quote(" };")
|
|
cpp_quote("")
|
|
cpp_quote(" struct _FILTEROBJECT * pNext; // reserved")
|
|
cpp_quote("")
|
|
cpp_quote("} FILTEROBJECT;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef FILTEROBJECT * LPFILTEROBJECT;")
|
|
cpp_quote("")
|
|
cpp_quote("#define FILTERINFO_SIZE (sizeof(FILTEROBJECT) )")
|
|
cpp_quote("")
|
|
cpp_quote("")
|
|
cpp_quote("")
|
|
cpp_quote("typedef struct _FILTERDESC")
|
|
cpp_quote("{")
|
|
cpp_quote(" WORD NumEntries;")
|
|
cpp_quote(" WORD Flags; // private")
|
|
cpp_quote(" LPFILTEROBJECT lpStack;")
|
|
cpp_quote(" LPFILTEROBJECT lpKeepLast;")
|
|
cpp_quote(" LPVOID UIInstanceData; // UI specific information.")
|
|
cpp_quote(" LPFILTERBITS lpFilterBits; // cache who passed")
|
|
cpp_quote(" LPFILTERBITS lpCheckBits; // have we looked at it yet?")
|
|
cpp_quote(" ")
|
|
cpp_quote("} FILTERDESC;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef FILTERDESC * LPFILTERDESC;")
|
|
cpp_quote("")
|
|
cpp_quote("#define FILTERDESC_SIZE sizeof(FILTERDESC)")
|
|
|
|
|
|
cpp_quote("//============================================================================")
|
|
cpp_quote("// Macros.")
|
|
cpp_quote("//============================================================================")
|
|
|
|
cpp_quote("#define FilterGetUIInstanceData(hfilt) (((LPFILTERDESC)hfilt)->UIInstanceData)")
|
|
cpp_quote("#define FilterSetUIInstanceData(hfilt,inst) (((LPFILTERDESC)hfilt)->UIInstanceData = (LPVOID)inst)")
|
|
|
|
cpp_quote("//============================================================================")
|
|
cpp_quote("// defines")
|
|
cpp_quote("//============================================================================")
|
|
|
|
const DWORD FILTERFREEPOOLSTART =20;
|
|
|
|
const DWORD INVALIDELEMENT =-1;
|
|
const DWORD INVALIDVALUE =((VALUETYPE) -9999);
|
|
|
|
cpp_quote("// use filter failed to check the return code on FilterFrame.")
|
|
const DWORD FILTER_FAIL_WITH_ERROR =-1;
|
|
const DWORD FILTER_PASSED =TRUE;
|
|
const DWORD FILTER_FAILED =FALSE;
|
|
|
|
// NOTE NOTE NOTE If you change the values of the following constants, you
|
|
// MUST modify the TableEval table in filtloc.h.
|
|
|
|
const DWORD FILTERACTION_INVALID = 0;
|
|
const DWORD FILTERACTION_PROPERTY = 1;
|
|
const DWORD FILTERACTION_VALUE = 2;
|
|
const DWORD FILTERACTION_STRING = 3;
|
|
const DWORD FILTERACTION_ARRAY = 4;
|
|
const DWORD FILTERACTION_AND = 5;
|
|
const DWORD FILTERACTION_OR = 6;
|
|
const DWORD FILTERACTION_XOR = 7;
|
|
const DWORD FILTERACTION_PROPERTYEXIST = 8;
|
|
const DWORD FILTERACTION_CONTAINSNC = 9;
|
|
const DWORD FILTERACTION_CONTAINS =10;
|
|
const DWORD FILTERACTION_NOT =11;
|
|
const DWORD FILTERACTION_EQUALNC =12;
|
|
const DWORD FILTERACTION_EQUAL =13;
|
|
const DWORD FILTERACTION_NOTEQUALNC =14;
|
|
const DWORD FILTERACTION_NOTEQUAL =15;
|
|
const DWORD FILTERACTION_GREATERNC =16;
|
|
const DWORD FILTERACTION_GREATER =17;
|
|
const DWORD FILTERACTION_LESSNC =18;
|
|
const DWORD FILTERACTION_LESS =19;
|
|
const DWORD FILTERACTION_GREATEREQUALNC =20;
|
|
const DWORD FILTERACTION_GREATEREQUAL =21;
|
|
const DWORD FILTERACTION_LESSEQUALNC =22;
|
|
const DWORD FILTERACTION_LESSEQUAL =23;
|
|
const DWORD FILTERACTION_PLUS =24;
|
|
const DWORD FILTERACTION_MINUS =25;
|
|
const DWORD FILTERACTION_ADDRESS =26;
|
|
const DWORD FILTERACTION_ADDRESSANY =27;
|
|
const DWORD FILTERACTION_FROM =28;
|
|
const DWORD FILTERACTION_TO =29;
|
|
const DWORD FILTERACTION_FROMTO =30;
|
|
const DWORD FILTERACTION_AREBITSON =31;
|
|
const DWORD FILTERACTION_AREBITSOFF =32;
|
|
const DWORD FILTERACTION_PROTOCOLSEXIST =33;
|
|
const DWORD FILTERACTION_PROTOCOLEXIST =34;
|
|
const DWORD FILTERACTION_ARRAYEQUAL =35;
|
|
const DWORD FILTERACTION_DEREFPROPERTY =36;
|
|
const DWORD FILTERACTION_LARGEINT =37;
|
|
const DWORD FILTERACTION_TIME =38;
|
|
const DWORD FILTERACTION_ADDR_ETHER =39;
|
|
const DWORD FILTERACTION_ADDR_TOKEN =40;
|
|
const DWORD FILTERACTION_ADDR_FDDI =41;
|
|
const DWORD FILTERACTION_ADDR_IPX =42;
|
|
const DWORD FILTERACTION_ADDR_IP =43;
|
|
const DWORD FILTERACTION_OID =44;
|
|
const DWORD FILTERACTION_OID_CONTAINS =45;
|
|
const DWORD FILTERACTION_OID_BEGINS_WITH =46;
|
|
const DWORD FILTERACTION_OID_ENDS_WITH =47;
|
|
const DWORD FILTERACTION_ADDR_VINES =48;
|
|
|
|
const DWORD FILTERACTION_EXPRESSION =97;
|
|
const DWORD FILTERACTION_BOOL =98;
|
|
const DWORD FILTERACTION_NOEVAL =99;
|
|
|
|
|
|
const DWORD FILTER_NO_MORE_FRAMES =0xFFFFFFFF;
|
|
const DWORD FILTER_CANCELED =0xFFFFFFFE;
|
|
const DWORD FILTER_DIRECTION_NEXT =TRUE;
|
|
const DWORD FILTER_DIRECTION_PREV =FALSE;
|
|
|
|
|
|
cpp_quote("//============================================================================")
|
|
cpp_quote("// Helper functions.")
|
|
cpp_quote("//============================================================================")
|
|
|
|
cpp_quote("typedef BOOL (WINAPI *STATUSPROC)(DWORD, HCAPTURE, HFILTER, LPVOID);")
|
|
// callback to show filter status:
|
|
// DWORD nFrame
|
|
// HCAPTURE
|
|
// HFILTER
|
|
// LPVOID UI Instance data (hwnd)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// FILTER API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("HFILTER WINAPI CreateFilter(VOID);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI DestroyFilter(HFILTER hFilter);")
|
|
cpp_quote("")
|
|
cpp_quote("HFILTER WINAPI FilterDuplicate(HFILTER hFilter);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI DisableParserFilter(HFILTER hFilter, HPARSER hParser);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI EnableParserFilter(HFILTER hFilter, HPARSER hParser);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI FilterAddObject(HFILTER hFilter, LPFILTEROBJECT lpFilterObject );")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI FilterFlushBits(HFILTER hFilter);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI FilterFrame(HFRAME hFrame, HFILTER hFilter, HCAPTURE hCapture);")
|
|
cpp_quote(" // returns -1 == check BH set last error")
|
|
cpp_quote(" // 0 == FALSE")
|
|
cpp_quote(" // 1 == TRUE")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI FilterAttachesProperties(HFILTER hFilter);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI FilterFindFrame ( HFILTER hFilter,")
|
|
cpp_quote(" HCAPTURE hCapture,")
|
|
cpp_quote(" DWORD nFrame,")
|
|
cpp_quote(" STATUSPROC StatusProc,")
|
|
cpp_quote(" LPVOID UIInstance,")
|
|
cpp_quote(" DWORD TimeDelta,")
|
|
cpp_quote(" BOOL FilterDirection );")
|
|
cpp_quote("")
|
|
cpp_quote("HFRAME FilterFindPropertyInstance ( HFRAME hFrame, ")
|
|
cpp_quote(" HFILTER hMasterFilter, ")
|
|
cpp_quote(" HCAPTURE hCapture,")
|
|
cpp_quote(" HFILTER hInstanceFilter,")
|
|
cpp_quote(" LPPROPERTYINST *lpPropRestartKey,")
|
|
cpp_quote(" STATUSPROC StatusProc,")
|
|
cpp_quote(" LPVOID UIInstance,")
|
|
cpp_quote(" DWORD TimeDelta,")
|
|
cpp_quote(" BOOL FilterForward );")
|
|
cpp_quote("")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI SetCurrentFilter(HFILTER);")
|
|
cpp_quote("HFILTER WINAPI GetCurrentFilter(VOID);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (Frame.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// 802.3 and ETHERNET MAC structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// structure contains zero length array, must cpp_quote
|
|
cpp_quote("typedef struct _ETHERNET")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.")
|
|
cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" WORD Length; //... 802.3 length field.")
|
|
cpp_quote(" WORD Type; //... Ethernet type field.")
|
|
cpp_quote(" };")
|
|
cpp_quote(" BYTE Info[0]; //... information field.")
|
|
cpp_quote("")
|
|
cpp_quote("} ETHERNET;")
|
|
cpp_quote("typedef ETHERNET *LPETHERNET;")
|
|
cpp_quote("typedef ETHERNET UNALIGNED *ULPETHERNET;")
|
|
cpp_quote("#define ETHERNET_SIZE sizeof(ETHERNET)")
|
|
const DWORD ETHERNET_HEADER_LENGTH =14;
|
|
|
|
const DWORD ETHERNET_DATA_LENGTH =0x05DC;
|
|
const DWORD ETHERNET_FRAME_LENGTH =0x05EA;
|
|
const DWORD ETHERNET_FRAME_TYPE =0x0600;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Header for NM_ATM Packets.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
//=============================================================================
|
|
// Header for NM_ATM Packets. -- change this & you must change netmon.idl
|
|
//=============================================================================
|
|
typedef struct _NM_ATM
|
|
{
|
|
UCHAR DstAddr[6];
|
|
UCHAR SrcAddr[6];
|
|
ULONG Vpi; // Network order
|
|
ULONG Vci; // Network order
|
|
} NM_ATM;
|
|
typedef NM_ATM* PNM_ATM;
|
|
typedef NM_ATM* UPNM_ATM;
|
|
cpp_quote("#define NM_ATM_HEADER_LENGTH sizeof(NM_ATM)")
|
|
//=============================================================================
|
|
// Header for NM_1394 Packets. -- change this & you must change netmon.idl
|
|
//=============================================================================
|
|
typedef struct _NM_1394
|
|
{
|
|
UCHAR DstAddr[6];
|
|
UCHAR SrcAddr[6];
|
|
ULONGLONG VcId;
|
|
} NM_1394;
|
|
typedef NM_1394* PNM_1394;
|
|
typedef NM_1394* UPNM_1394;
|
|
cpp_quote("#define NM_1394_HEADER_LENGTH sizeof(NM_1394)")
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// 802.5 (TOKENRING) MAC structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
// structure contains bitfields, so must cpp_quote
|
|
// also contains zero length array, so must cpp_quote
|
|
cpp_quote("typedef struct _TOKENRING")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE AccessCtrl; //... access control field.")
|
|
cpp_quote(" BYTE FrameCtrl; //... frame control field.")
|
|
cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.")
|
|
cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" BYTE Info[0]; //... information field.")
|
|
cpp_quote(" WORD RoutingInfo[0]; //... routing information field.")
|
|
cpp_quote(" };")
|
|
cpp_quote("} TOKENRING;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef TOKENRING *LPTOKENRING;")
|
|
cpp_quote("typedef TOKENRING UNALIGNED *ULPTOKENRING;")
|
|
cpp_quote("#define TOKENRING_SIZE sizeof(TOKENRING)")
|
|
const DWORD TOKENRING_HEADER_LENGTH =14;
|
|
|
|
const WORD TOKENRING_SA_ROUTING_INFO =0x0080;
|
|
const WORD TOKENRING_SA_LOCAL =0x0040;
|
|
const WORD TOKENRING_DA_LOCAL =0x0040;
|
|
const WORD TOKENRING_DA_GROUP =0x0080;
|
|
const WORD TOKENRING_RC_LENGTHMASK =0x001F;
|
|
const WORD TOKENRING_BC_MASK =0x00E0;
|
|
const WORD TOKENRING_TYPE_MAC =0x0000;
|
|
const WORD TOKENRING_TYPE_LLC =0x0040;
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// FDDI MAC structure.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
// This structure contains a zero length array, must be cpp_quoted
|
|
cpp_quote("typedef struct _FDDI")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE FrameCtrl; //... frame control field.")
|
|
cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.")
|
|
cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.")
|
|
cpp_quote(" BYTE Info[0]; //... information field.")
|
|
cpp_quote("")
|
|
cpp_quote("} FDDI;")
|
|
cpp_quote("#define FDDI_SIZE sizeof(FDDI)")
|
|
cpp_quote("typedef FDDI *LPFDDI;")
|
|
cpp_quote("typedef FDDI UNALIGNED *ULPFDDI;")
|
|
const DWORD FDDI_HEADER_LENGTH =13;
|
|
|
|
const DWORD FDDI_TYPE_MAC =0x00;
|
|
const DWORD FDDI_TYPE_LLC =0x10;
|
|
const DWORD FDDI_TYPE_LONG_ADDRESS =0x40;
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// LLC (802.2)")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// This structure is used to decode network data and so needs to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
typedef struct _LLC
|
|
{
|
|
BYTE dsap;
|
|
BYTE ssap;
|
|
|
|
struct
|
|
{
|
|
union
|
|
{
|
|
BYTE Command;
|
|
BYTE NextSend;
|
|
};
|
|
|
|
union
|
|
{
|
|
BYTE NextRecv;
|
|
BYTE Data[1];
|
|
};
|
|
} ControlField;
|
|
|
|
} LLC;
|
|
|
|
typedef LLC *LPLLC;
|
|
cpp_quote("typedef LLC UNALIGNED *ULPLLC;")
|
|
|
|
const DWORD LLC_SIZE =sizeof(LLC);
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Helper macros.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("#define IsRoutingInfoPresent(f) ((((ULPTOKENRING) (f))->SrcAddr[0] & TOKENRING_SA_ROUTING_INFO) ? TRUE : FALSE)")
|
|
cpp_quote("")
|
|
cpp_quote("#define GetRoutingInfoLength(f) (IsRoutingInfoPresent(f) \\")
|
|
cpp_quote(" ? (((ULPTOKENRING) (f))->RoutingInfo[0] & TOKENRING_RC_LENGTHMASK) : 0)")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (Parser.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Format Procedure Type.")
|
|
cpp_quote("//")
|
|
cpp_quote("// NOTE: All format functions *must* be declared as WINAPIV not WINAPI!")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("typedef VOID (WINAPIV *FORMAT)(LPPROPERTYINST, ...);")
|
|
cpp_quote("")
|
|
cpp_quote("// The protocol recognized the frame and moved the pointer to end of its")
|
|
cpp_quote("// protocol header. Network Monitor uses the protocols follow set to continue")
|
|
cpp_quote("// parsing.")
|
|
const DWORD PROTOCOL_STATUS_RECOGNIZED = 0;
|
|
|
|
cpp_quote("// The protocol did not recognized the frame and did not move the pointer")
|
|
cpp_quote("// (i.e. the start data pointer which was passed in). Network Monitor uses the")
|
|
cpp_quote("// protocols follow set to continue parsing.")
|
|
const DWORD PROTOCOL_STATUS_NOT_RECOGNIZED = 1;
|
|
|
|
cpp_quote("// The protocol recognized the frame and claimed it all for itself,")
|
|
cpp_quote("// and parsing terminates.")
|
|
const DWORD PROTOCOL_STATUS_CLAIMED = 2;
|
|
|
|
cpp_quote("// The protocol recognized the frame and moved the pointer to end of its")
|
|
cpp_quote("// protocol header. The current protocol requests that Network Monitor ")
|
|
cpp_quote("// continue parsing at a known next protocol by returning the next protocols")
|
|
cpp_quote("// handle back to Network Monitor. In this case, the follow of the current ")
|
|
cpp_quote("// protocol, if any, is not used.")
|
|
const DWORD PROTOCOL_STATUS_NEXT_PROTOCOL = 3;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Macros.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("extern BYTE HexTable[];")
|
|
cpp_quote("")
|
|
cpp_quote("#define XCHG(x) MAKEWORD( HIBYTE(x), LOBYTE(x) )")
|
|
cpp_quote("")
|
|
cpp_quote("#define DXCHG(x) MAKELONG( XCHG(HIWORD(x)), XCHG(LOWORD(x)) )")
|
|
cpp_quote("")
|
|
cpp_quote("#define LONIBBLE(b) ((BYTE) ((b) & 0x0F))")
|
|
cpp_quote("")
|
|
cpp_quote("#define HINIBBLE(b) ((BYTE) ((b) >> 4))")
|
|
cpp_quote("")
|
|
cpp_quote("#define HEX(b) (HexTable[LONIBBLE(b)])")
|
|
cpp_quote("")
|
|
cpp_quote("#define SWAPBYTES(w) ((w) = XCHG(w))")
|
|
cpp_quote("")
|
|
cpp_quote("#define SWAPWORDS(d) ((d) = DXCHG(d))")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// All the MAC frame types combined.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
// structure contains structures with bitfields, so must cpp_quote
|
|
cpp_quote("typedef union _MACFRAME")
|
|
cpp_quote("{")
|
|
cpp_quote(" LPBYTE MacHeader; //... generic pointer.")
|
|
cpp_quote(" LPETHERNET Ethernet; //... ethernet pointer.")
|
|
cpp_quote(" LPTOKENRING Tokenring; //... tokenring pointer.")
|
|
cpp_quote(" LPFDDI Fddi; //... FDDI pointer.")
|
|
cpp_quote("")
|
|
cpp_quote("} MACFRAME;")
|
|
cpp_quote("typedef MACFRAME *LPMACFRAME;")
|
|
cpp_quote("")
|
|
cpp_quote("#define HOT_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'T', '$')")
|
|
cpp_quote("#define HOE_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'E', '$')")
|
|
|
|
typedef struct _HANDOFFENTRY
|
|
{
|
|
DWORD hoe_sig; //... 'HOE$'
|
|
DWORD hoe_ProtIdentNumber; //Port/Socket number used to determine who to handoff to
|
|
HPROTOCOL hoe_ProtocolHandle; //Handle of Protocol to hand off to
|
|
DWORD hoe_ProtocolData; //Additional Data to pass to protocol when handed off
|
|
|
|
} HANDOFFENTRY;
|
|
typedef HANDOFFENTRY * LPHANDOFFENTRY;
|
|
|
|
typedef struct _HANDOFFTABLE
|
|
{
|
|
DWORD hot_sig; //... 'HOT$'
|
|
DWORD hot_NumEntries;
|
|
LPHANDOFFENTRY hot_Entries;
|
|
|
|
} HANDOFFTABLE, *LPHANDOFFTABLE;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Parser helper macros.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE LPVOID GetPropertyInstanceData(LPPROPERTYINST PropertyInst)")
|
|
cpp_quote("{")
|
|
cpp_quote(" if ( PropertyInst->DataLength != (WORD) -1 )")
|
|
cpp_quote(" {")
|
|
cpp_quote(" return PropertyInst->lpData;")
|
|
cpp_quote(" }")
|
|
cpp_quote("")
|
|
cpp_quote(" return (LPVOID) PropertyInst->lpPropertyInstEx->Byte;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("#define GetPropertyInstanceDataValue(p, type) ((type *) GetPropertyInstanceData(p))[0]")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD GetPropertyInstanceFrameDataLength(LPPROPERTYINST PropertyInst)")
|
|
cpp_quote("{")
|
|
cpp_quote(" if ( PropertyInst->DataLength != (WORD) -1 )")
|
|
cpp_quote(" {")
|
|
cpp_quote(" return PropertyInst->DataLength;")
|
|
cpp_quote(" }")
|
|
cpp_quote("")
|
|
cpp_quote(" return PropertyInst->lpPropertyInstEx->Length;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD GetPropertyInstanceExDataLength(LPPROPERTYINST PropertyInst)")
|
|
cpp_quote("{")
|
|
cpp_quote(" if ( PropertyInst->DataLength == (WORD) -1 )")
|
|
cpp_quote(" {")
|
|
cpp_quote(" PropertyInst->lpPropertyInstEx->Length;")
|
|
cpp_quote(" }")
|
|
cpp_quote("")
|
|
cpp_quote(" return (WORD) -1;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Parser helper functions.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("LPLABELED_WORD WINAPI GetProtocolDescriptionTable(LPDWORD TableSize);")
|
|
cpp_quote("")
|
|
cpp_quote("LPLABELED_WORD WINAPI GetProtocolDescription(DWORD ProtocolID);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetMacHeaderLength(LPVOID MacHeader, DWORD MacType);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetLLCHeaderLength(LPLLC Frame);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetEtype(LPVOID MacHeader, DWORD MacType);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetSaps(LPVOID MacHeader, DWORD MacType);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI IsLLCPresent(LPVOID MacHeader, DWORD MacType);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI CanonicalizeHexString(LPSTR hex, LPSTR dest, DWORD len);")
|
|
cpp_quote("")
|
|
cpp_quote("void WINAPI CanonHex(UCHAR * pDest, UCHAR * pSource, int iLen, BOOL fOx );")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ByteToBinary(LPSTR string, DWORD ByteValue);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI WordToBinary(LPSTR string, DWORD WordValue);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI DwordToBinary(LPSTR string, DWORD DwordValue);")
|
|
cpp_quote("")
|
|
cpp_quote("LPSTR WINAPI AddressToString(LPSTR string, BYTE *lpAddress);")
|
|
cpp_quote("")
|
|
cpp_quote("LPBYTE WINAPI StringToAddress(BYTE *lpAddress, LPSTR string);")
|
|
cpp_quote("")
|
|
cpp_quote("LPDWORD WINAPI VarLenSmallIntToDword( LPBYTE pValue, ")
|
|
cpp_quote(" WORD ValueLen, ")
|
|
cpp_quote(" BOOL fIsByteswapped,")
|
|
cpp_quote(" LPDWORD lpDword );")
|
|
cpp_quote("")
|
|
cpp_quote("LPBYTE WINAPI LookupByteSetString (LPSET lpSet, BYTE Value);")
|
|
cpp_quote("")
|
|
cpp_quote("LPBYTE WINAPI LookupWordSetString (LPSET lpSet, WORD Value);")
|
|
cpp_quote("")
|
|
cpp_quote("LPBYTE WINAPI LookupDwordSetString (LPSET lpSet, DWORD Value);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPIV FormatByteFlags(LPSTR string, DWORD ByteValue, DWORD BitMask);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPIV FormatWordFlags(LPSTR string, DWORD WordValue, DWORD BitMask);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPIV FormatDwordFlags(LPSTR string, DWORD DwordValue, DWORD BitMask);")
|
|
cpp_quote("")
|
|
cpp_quote("LPSTR WINAPIV FormatTimeAsString(SYSTEMTIME *time, LPSTR string);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatLabeledByteSetAsFlags(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatLabeledWordSetAsFlags(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatLabeledDwordSetAsFlags(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsByte(LPPROPERTYINST lpPropertyInst, DWORD Base);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsWord(LPPROPERTYINST lpPropertyInst, DWORD Base);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsDword(LPPROPERTYINST lpPropertyInst, DWORD Base);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatLabeledByteSet(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatLabeledWordSet(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatLabeledDwordSet(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsInt64(LPPROPERTYINST lpPropertyInst, DWORD Base);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsTime(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsString(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPIV FormatPropertyDataAsHexString(LPPROPERTYINST lpPropertyInst);")
|
|
cpp_quote("")
|
|
cpp_quote("// Parsers should NOT call LockFrame(). If a parser takes a lock and then gets")
|
|
cpp_quote("// faulted or returns without unlocking, it leaves the system in a state where")
|
|
cpp_quote("// it cannot change protocols or cut/copy frames. Parsers should use ParserTemporaryLockFrame")
|
|
cpp_quote("// which grants a lock ONLY during the context of the api entry into the parser. The ")
|
|
cpp_quote("// lock is released on exit from the parser for that frame.")
|
|
cpp_quote("ULPBYTE WINAPI ParserTemporaryLockFrame(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI GetCCInstPtr(VOID);")
|
|
cpp_quote("VOID WINAPI SetCCInstPtr(LPVOID lpCurCaptureInst);")
|
|
cpp_quote("LPVOID WINAPI CCHeapAlloc(DWORD dwBytes, BOOL bZeroInit);")
|
|
cpp_quote("LPVOID WINAPI CCHeapReAlloc(LPVOID lpMem, DWORD dwBytes, BOOL bZeroInit);")
|
|
cpp_quote("BOOL WINAPI CCHeapFree(LPVOID lpMem);")
|
|
cpp_quote("SIZE_T WINAPI CCHeapSize(LPVOID lpMem);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL _cdecl BERGetInteger( ULPBYTE pCurrentPointer,")
|
|
cpp_quote(" ULPBYTE *ppValuePointer,")
|
|
cpp_quote(" LPDWORD pHeaderLength,")
|
|
cpp_quote(" LPDWORD pDataLength,")
|
|
cpp_quote(" ULPBYTE *ppNext);")
|
|
cpp_quote("BOOL _cdecl BERGetString( ULPBYTE pCurrentPointer,")
|
|
cpp_quote(" ULPBYTE *ppValuePointer,")
|
|
cpp_quote(" LPDWORD pHeaderLength,")
|
|
cpp_quote(" LPDWORD pDataLength,")
|
|
cpp_quote(" ULPBYTE *ppNext);")
|
|
cpp_quote("BOOL _cdecl BERGetHeader( ULPBYTE pCurrentPointer,")
|
|
cpp_quote(" ULPBYTE pTag,")
|
|
cpp_quote(" LPDWORD pHeaderLength,")
|
|
cpp_quote(" LPDWORD pDataLength,")
|
|
cpp_quote(" ULPBYTE *ppNext);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Parser Finder Structures.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD MAX_PROTOCOL_COMMENT_LEN =256;
|
|
const DWORD NETMON_MAX_PROTOCOL_NAME_LEN =16;
|
|
|
|
cpp_quote("// the constant MAX_PROTOCOL_NAME_LEN conflicts with one of the same name")
|
|
cpp_quote("// but different size in rtutils.h.")
|
|
cpp_quote("// So if both headers are included, we do not define MAX_PROTOCOL_NAME_LEN.")
|
|
cpp_quote("#ifndef MAX_PROTOCOL_NAME_LEN")
|
|
const DWORD MAX_PROTOCOL_NAME_LEN =NETMON_MAX_PROTOCOL_NAME_LEN;
|
|
cpp_quote("#else")
|
|
cpp_quote("#undef MAX_PROTOCOL_NAME_LEN")
|
|
cpp_quote("#endif")
|
|
|
|
cpp_quote("// Handoff Value Format Base")
|
|
typedef enum
|
|
{
|
|
HANDOFF_VALUE_FORMAT_BASE_UNKNOWN = 0,
|
|
HANDOFF_VALUE_FORMAT_BASE_DECIMAL = 10,
|
|
HANDOFF_VALUE_FORMAT_BASE_HEX = 16
|
|
|
|
} PF_HANDOFFVALUEFORMATBASE;
|
|
|
|
cpp_quote("// PF_HANDOFFENTRY")
|
|
typedef struct _PF_HANDOFFENTRY
|
|
{
|
|
char szIniFile[MAX_PATH];
|
|
char szIniSection[MAX_PATH];
|
|
char szProtocol[NETMON_MAX_PROTOCOL_NAME_LEN];
|
|
DWORD dwHandOffValue;
|
|
PF_HANDOFFVALUEFORMATBASE ValueFormatBase;
|
|
|
|
} PF_HANDOFFENTRY;
|
|
typedef PF_HANDOFFENTRY* PPF_HANDOFFENTRY;
|
|
|
|
cpp_quote("// PF_HANDOFFSET")
|
|
// Structure contains zero length array, must cpp_quote
|
|
cpp_quote("typedef struct _PF_HANDOFFSET")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD nEntries;")
|
|
cpp_quote(" PF_HANDOFFENTRY Entry[0];")
|
|
cpp_quote("")
|
|
cpp_quote("} PF_HANDOFFSET;")
|
|
cpp_quote("typedef PF_HANDOFFSET* PPF_HANDOFFSET;")
|
|
|
|
cpp_quote("// FOLLOWENTRY")
|
|
typedef struct _PF_FOLLOWENTRY
|
|
{
|
|
char szProtocol[NETMON_MAX_PROTOCOL_NAME_LEN];
|
|
|
|
} PF_FOLLOWENTRY;
|
|
typedef PF_FOLLOWENTRY* PPF_FOLLOWENTRY;
|
|
|
|
cpp_quote("// PF_FOLLOWSET")
|
|
// Structure contains zero length array, must cpp_quote
|
|
cpp_quote("typedef struct _PF_FOLLOWSET")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD nEntries;")
|
|
cpp_quote(" PF_FOLLOWENTRY Entry[0];")
|
|
cpp_quote("")
|
|
cpp_quote("} PF_FOLLOWSET;")
|
|
cpp_quote("typedef PF_FOLLOWSET* PPF_FOLLOWSET;")
|
|
cpp_quote("")
|
|
|
|
cpp_quote("// PARSERINFO - contains information about a single parser")
|
|
// Structure contains structures with zero length arrays, must cpp_quote
|
|
cpp_quote("typedef struct _PF_PARSERINFO")
|
|
cpp_quote("{")
|
|
cpp_quote(" char szProtocolName[NETMON_MAX_PROTOCOL_NAME_LEN];")
|
|
cpp_quote(" char szComment[MAX_PROTOCOL_COMMENT_LEN];")
|
|
cpp_quote(" char szHelpFile[MAX_PATH];")
|
|
cpp_quote("")
|
|
cpp_quote(" PPF_FOLLOWSET pWhoCanPrecedeMe;")
|
|
cpp_quote(" PPF_FOLLOWSET pWhoCanFollowMe;")
|
|
cpp_quote("")
|
|
cpp_quote(" PPF_HANDOFFSET pWhoHandsOffToMe;")
|
|
cpp_quote(" PPF_HANDOFFSET pWhoDoIHandOffTo;")
|
|
cpp_quote("")
|
|
cpp_quote("} PF_PARSERINFO;")
|
|
cpp_quote("typedef PF_PARSERINFO* PPF_PARSERINFO;")
|
|
cpp_quote("")
|
|
|
|
cpp_quote("// PF_PARSERDLLINFO - contains information about a single parser DLL")
|
|
// Structure contains zero length array, must cpp_quote
|
|
cpp_quote("typedef struct _PF_PARSERDLLINFO")
|
|
cpp_quote("{ ")
|
|
cpp_quote("// char szDLLName[MAX_PATH];")
|
|
cpp_quote(" DWORD nParsers;")
|
|
cpp_quote(" PF_PARSERINFO ParserInfo[0];")
|
|
cpp_quote("")
|
|
cpp_quote("} PF_PARSERDLLINFO;")
|
|
cpp_quote("typedef PF_PARSERDLLINFO* PPF_PARSERDLLINFO;")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (IniLib.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD INI_PATH_LENGTH =256;
|
|
const DWORD MAX_HANDOFF_ENTRY_LENGTH =80;
|
|
const DWORD MAX_PROTOCOL_NAME =40;
|
|
const DWORD NUMALLOCENTRIES =10;
|
|
const DWORD RAW_INI_STR_LEN =200;
|
|
|
|
cpp_quote("#define PARSERS_SUBDIR \"PARSERS\"")
|
|
cpp_quote("#define INI_EXTENSION \"INI\"")
|
|
cpp_quote("#define BASE10_FORMAT_STR \"%ld=%s %ld\"")
|
|
cpp_quote("#define BASE16_FORMAT_STR \"%lx=%s %lx\"")
|
|
|
|
|
|
cpp_quote("// Given \"XNS\" or \"TCP\" or whatever BuildINIPath will return fully qual. path to \"XNS.INI\" or \"TCP.INI\"")
|
|
cpp_quote("LPSTR _cdecl BuildINIPath( char *FullPath,")
|
|
cpp_quote(" char *IniFileName );")
|
|
cpp_quote("")
|
|
cpp_quote("// Builds Handoff Set")
|
|
cpp_quote("DWORD WINAPI CreateHandoffTable(LPSTR secName,")
|
|
cpp_quote(" LPSTR iniFile,")
|
|
cpp_quote(" LPHANDOFFTABLE * hTable,")
|
|
cpp_quote(" DWORD nMaxProtocolEntries,")
|
|
cpp_quote(" DWORD base);")
|
|
cpp_quote("")
|
|
cpp_quote("HPROTOCOL WINAPI GetProtocolFromTable(LPHANDOFFTABLE hTable, // lp to Handoff Table...")
|
|
cpp_quote(" DWORD ItemToFind, // port number etc...")
|
|
cpp_quote(" PDWORD_PTR lpInstData ); // inst data to give to next protocol")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI DestroyHandoffTable( LPHANDOFFTABLE hTable );")
|
|
cpp_quote("")
|
|
cpp_quote("BOOLEAN WINAPI IsRawIPXEnabled(LPSTR secName,")
|
|
cpp_quote(" LPSTR iniFile,")
|
|
cpp_quote(" LPSTR CurProtocol );")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMExpert.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
const DWORD EXPERTSTRINGLENGTH =MAX_PATH;
|
|
const DWORD EXPERTGROUPNAMELENGTH =25;
|
|
|
|
cpp_quote("// HEXPERTKEY tracks running experts. It is only used by experts for ")
|
|
cpp_quote("// self reference. It refers to a RUNNINGEXPERT (an internal only structure)..")
|
|
typedef LPVOID HEXPERTKEY;
|
|
typedef HEXPERTKEY * PHEXPERTKEY;
|
|
|
|
cpp_quote("// HEXPERT tracks loaded experts. It refers to an EXPERTENUMINFO.")
|
|
typedef LPVOID HEXPERT;
|
|
typedef HEXPERT * PHEXPERT;
|
|
|
|
cpp_quote("// HRUNNINGEXPERT tracks a currently running expert.")
|
|
cpp_quote("// It refers to a RUNNINGEXPERT (an internal only structure).")
|
|
typedef LPVOID HRUNNINGEXPERT;
|
|
typedef HRUNNINGEXPERT * PHRUNNINGEXPERT;
|
|
|
|
// forward ref
|
|
cpp_quote("typedef struct _EXPERTENUMINFO * PEXPERTENUMINFO;")
|
|
cpp_quote("typedef struct _EXPERTCONFIG * PEXPERTCONFIG;")
|
|
cpp_quote("typedef struct _EXPERTSTARTUPINFO * PEXPERTSTARTUPINFO;")
|
|
|
|
cpp_quote("// Definitions needed to call experts")
|
|
cpp_quote("#define EXPERTENTRY_REGISTER \"Register\"")
|
|
cpp_quote("#define EXPERTENTRY_CONFIGURE \"Configure\"")
|
|
cpp_quote("#define EXPERTENTRY_RUN \"Run\"")
|
|
cpp_quote("typedef BOOL (WINAPI * PEXPERTREGISTERPROC)( PEXPERTENUMINFO );")
|
|
cpp_quote("typedef BOOL (WINAPI * PEXPERTCONFIGPROC) ( HEXPERTKEY, PEXPERTCONFIG*, PEXPERTSTARTUPINFO, DWORD, HWND );")
|
|
cpp_quote("typedef BOOL (WINAPI * PEXPERTRUNPROC) ( HEXPERTKEY, PEXPERTCONFIG, PEXPERTSTARTUPINFO, DWORD, HWND);")
|
|
|
|
|
|
cpp_quote("// EXPERTENUMINFO describes an expert that NetMon has loaded from disk. ")
|
|
cpp_quote("// It does not include any configuration or runtime information.")
|
|
cpp_quote("typedef struct _EXPERTENUMINFO")
|
|
cpp_quote("{")
|
|
cpp_quote(" char szName[EXPERTSTRINGLENGTH];")
|
|
cpp_quote(" char szVendor[EXPERTSTRINGLENGTH];")
|
|
cpp_quote(" char szDescription[EXPERTSTRINGLENGTH];")
|
|
cpp_quote(" DWORD Version; ")
|
|
cpp_quote(" DWORD Flags;")
|
|
cpp_quote(" char szDllName[MAX_PATH]; // private, dont' touch")
|
|
cpp_quote(" HEXPERT hExpert; // private, don't touch")
|
|
cpp_quote(" HINSTANCE hModule; // private, don't touch")
|
|
cpp_quote(" PEXPERTREGISTERPROC pRegisterProc; // private, don't touch")
|
|
cpp_quote(" PEXPERTCONFIGPROC pConfigProc; // private, don't touch")
|
|
cpp_quote(" PEXPERTRUNPROC pRunProc; // private, don't touch")
|
|
cpp_quote("")
|
|
cpp_quote("} EXPERTENUMINFO;")
|
|
cpp_quote("typedef EXPERTENUMINFO * PEXPERTENUMINFO;")
|
|
|
|
const DWORD EXPERT_ENUM_FLAG_CONFIGURABLE =0x0001;
|
|
const DWORD EXPERT_ENUM_FLAG_VIEWER_PRIVATE =0x0002;
|
|
const DWORD EXPERT_ENUM_FLAG_NO_VIEWER =0x0004;
|
|
const DWORD EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_SUMMARY =0x0010;
|
|
const DWORD EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_DETAIL =0x0020;
|
|
|
|
// contains a structure that contains an unaligned pointer, so must cpp_quote
|
|
cpp_quote("// EXPERTSTARTUPINFO")
|
|
cpp_quote("// This gives the Expert an indication of where he came from.")
|
|
cpp_quote("// Note: if the lpPropertyInst->PropertyInfo->DataQualifier == PROP_QUAL_FLAGS")
|
|
cpp_quote("// then the sBitField structure is filled in")
|
|
cpp_quote("typedef struct _EXPERTSTARTUPINFO")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD Flags;")
|
|
cpp_quote(" HCAPTURE hCapture;")
|
|
cpp_quote(" char szCaptureFile[MAX_PATH];")
|
|
cpp_quote(" DWORD dwFrameNumber;")
|
|
cpp_quote(" HPROTOCOL hProtocol;")
|
|
cpp_quote("")
|
|
cpp_quote(" LPPROPERTYINST lpPropertyInst;")
|
|
cpp_quote("")
|
|
cpp_quote(" struct")
|
|
cpp_quote(" {")
|
|
cpp_quote(" BYTE BitNumber;")
|
|
cpp_quote(" BOOL bOn;")
|
|
cpp_quote(" } sBitfield;")
|
|
cpp_quote("")
|
|
cpp_quote("} EXPERTSTARTUPINFO;")
|
|
|
|
cpp_quote("// EXPERTCONFIG")
|
|
cpp_quote("// This is a generic holder for an Expert's config data.")
|
|
// structure contains a zero length array, must be cpp_quoted
|
|
cpp_quote("typedef struct _EXPERTCONFIG")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD RawConfigLength;")
|
|
cpp_quote(" BYTE RawConfigData[0];")
|
|
cpp_quote("")
|
|
cpp_quote("} EXPERTCONFIG;")
|
|
cpp_quote("typedef EXPERTCONFIG * PEXPERTCONFIG;")
|
|
|
|
cpp_quote("// CONFIGUREDEXPERT")
|
|
cpp_quote("// This structure associates a loaded expert with its configuration data.")
|
|
// structure contains a zero length array, must be cpp_quoted
|
|
cpp_quote("typedef struct")
|
|
cpp_quote("{")
|
|
cpp_quote(" HEXPERT hExpert;")
|
|
cpp_quote(" DWORD StartupFlags;")
|
|
cpp_quote(" PEXPERTCONFIG pConfig;")
|
|
cpp_quote("} CONFIGUREDEXPERT;")
|
|
cpp_quote("typedef CONFIGUREDEXPERT * PCONFIGUREDEXPERT;")
|
|
|
|
cpp_quote("// EXPERTFRAMEDESCRIPTOR - passed back to the expert to fulfil the request for a frame")
|
|
// contains an unaligned pointer, so must cpp_quote
|
|
cpp_quote("typedef struct")
|
|
cpp_quote("{")
|
|
cpp_quote(" DWORD FrameNumber; // Frame Number.")
|
|
cpp_quote(" HFRAME hFrame; // Handle to the frame.")
|
|
cpp_quote(" ULPFRAME pFrame; // pointer to frame.")
|
|
cpp_quote(" LPRECOGNIZEDATATABLE lpRecognizeDataTable;// pointer to table of RECOGNIZEDATA structures.")
|
|
cpp_quote(" LPPROPERTYTABLE lpPropertyTable; // pointer to property table.")
|
|
cpp_quote("")
|
|
cpp_quote("} EXPERTFRAMEDESCRIPTOR;")
|
|
cpp_quote("typedef EXPERTFRAMEDESCRIPTOR * LPEXPERTFRAMEDESCRIPTOR;")
|
|
|
|
// other definitions
|
|
const DWORD GET_SPECIFIED_FRAME = 0;
|
|
const DWORD GET_FRAME_NEXT_FORWARD = 1;
|
|
const DWORD GET_FRAME_NEXT_BACKWARD = 2;
|
|
|
|
const DWORD FLAGS_DEFER_TO_UI_FILTER =0x1;
|
|
const DWORD FLAGS_ATTACH_PROPERTIES =0x2;
|
|
|
|
cpp_quote("// EXPERTSTATUSENUM")
|
|
cpp_quote("// gives the possible values for the status field in the EXPERTSTATUS structure")
|
|
typedef enum
|
|
{
|
|
EXPERTSTATUS_INACTIVE = 0,
|
|
EXPERTSTATUS_STARTING,
|
|
EXPERTSTATUS_RUNNING,
|
|
EXPERTSTATUS_PROBLEM,
|
|
EXPERTSTATUS_ABORTED,
|
|
EXPERTSTATUS_DONE,
|
|
} EXPERTSTATUSENUMERATION;
|
|
|
|
cpp_quote("// EXPERTSUBSTATUS bitfield ")
|
|
cpp_quote("// gives the possible values for the substatus field in the EXPERTSTATUS structure")
|
|
const WORD EXPERTSUBSTATUS_ABORTED_USER =0x0001;
|
|
const WORD EXPERTSUBSTATUS_ABORTED_LOAD_FAIL =0x0002;
|
|
const WORD EXPERTSUBSTATUS_ABORTED_THREAD_FAIL =0x0004;
|
|
const WORD EXPERTSUBSTATUS_ABORTED_BAD_ENTRY =0x0008;
|
|
|
|
cpp_quote("// EXPERTSTATUS")
|
|
cpp_quote("// Indicates the current status of a running expert.")
|
|
typedef struct
|
|
{
|
|
EXPERTSTATUSENUMERATION Status;
|
|
DWORD SubStatus;
|
|
DWORD PercentDone;
|
|
DWORD Frame;
|
|
char szStatusText[EXPERTSTRINGLENGTH];
|
|
} EXPERTSTATUS;
|
|
typedef EXPERTSTATUS * PEXPERTSTATUS;
|
|
|
|
|
|
cpp_quote("// EXPERT STARTUP FLAGS")
|
|
const DWORD EXPERT_STARTUP_FLAG_USE_STARTUP_DATA_OVER_CONFIG_DATA =0x00000001;
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NetMon.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// A frame with no number contains this value as its frame number.")
|
|
const DWORD INVALID_FRAME_NUMBER =((DWORD) -1);
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Capture file flags.")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("#define CAPTUREFILE_OPEN OPEN_EXISTING")
|
|
cpp_quote("#define CAPTUREFILE_CREATE CREATE_NEW")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// CAPTURE CONTEXT API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("LPSYSTEMTIME WINAPI GetCaptureTimeStamp(HCAPTURE hCapture);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetCaptureMacType(HCAPTURE hCapture);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetCaptureTotalFrames(HCAPTURE hCapture);")
|
|
cpp_quote("")
|
|
cpp_quote("LPSTR WINAPI GetCaptureComment(HCAPTURE hCapture);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// FRAME HELP API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI MacTypeToAddressType(DWORD MacType);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI AddressTypeToMacType(DWORD AddressType);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameDstAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameSrcAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);")
|
|
cpp_quote("")
|
|
cpp_quote("HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameDestAddress(HFRAME hFrame,")
|
|
cpp_quote(" LPADDRESS lpAddress,")
|
|
cpp_quote(" DWORD AddressType,")
|
|
cpp_quote(" DWORD Flags);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameSourceAddress(HFRAME hFrame,")
|
|
cpp_quote(" LPADDRESS lpAddress,")
|
|
cpp_quote(" DWORD AddressType,")
|
|
cpp_quote(" DWORD Flags);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI CompareFrameDestAddress(HFRAME hFrame, LPADDRESS lpAddress);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI CompareFrameSourceAddress(HFRAME hFrame, LPADDRESS lpAddress);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameLength(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameStoredLength(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameMacType(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetFrameNumber(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("__int64 WINAPI GetFrameTimeStamp(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("ULPFRAME WINAPI GetFrameFromFrameHandle(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// FRAME API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("HFRAME WINAPI ModifyFrame(HCAPTURE hCapture,")
|
|
cpp_quote(" DWORD FrameNumber,")
|
|
cpp_quote(" LPBYTE FrameData,")
|
|
cpp_quote(" DWORD FrameLength,")
|
|
cpp_quote(" __int64 TimeStamp);")
|
|
cpp_quote("")
|
|
cpp_quote("HFRAME WINAPI FindNextFrame(HFRAME hCurrentFrame,")
|
|
cpp_quote(" LPSTR ProtocolName,")
|
|
cpp_quote(" LPADDRESS lpDesstAddress,")
|
|
cpp_quote(" LPADDRESS lpSrcAddress,")
|
|
cpp_quote(" LPWORD ProtocolOffset,")
|
|
cpp_quote(" DWORD OriginalFrameNumber,")
|
|
cpp_quote(" DWORD nHighestFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("HFRAME WINAPI FindPreviousFrame(HFRAME hCurrentFrame,")
|
|
cpp_quote(" LPSTR ProtocolName,")
|
|
cpp_quote(" LPADDRESS lpDstAddress,")
|
|
cpp_quote(" LPADDRESS lpSrcAddress,")
|
|
cpp_quote(" LPWORD ProtocolOffset,")
|
|
cpp_quote(" DWORD OriginalFrameNumber,")
|
|
cpp_quote(" DWORD nLowestFrame );")
|
|
cpp_quote("")
|
|
cpp_quote("HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME);")
|
|
cpp_quote("")
|
|
cpp_quote("HFRAME WINAPI GetFrame(HCAPTURE hCapture, DWORD FrameNumber);")
|
|
cpp_quote("")
|
|
cpp_quote("LPRECOGNIZEDATATABLE WINAPI GetFrameRecognizeData(HFRAME hFrame);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Protocol API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("HPROTOCOL WINAPI CreateProtocol(LPSTR ProtocolName,")
|
|
cpp_quote(" LPENTRYPOINTS lpEntryPoints,")
|
|
cpp_quote(" DWORD cbEntryPoints);")
|
|
cpp_quote("")
|
|
cpp_quote("VOID WINAPI DestroyProtocol(HPROTOCOL hProtocol);")
|
|
cpp_quote("")
|
|
cpp_quote("LPPROTOCOLINFO WINAPI GetProtocolInfo(HPROTOCOL hProtocol);")
|
|
cpp_quote("")
|
|
cpp_quote("HPROPERTY WINAPI GetProperty(HPROTOCOL hProtocol, LPSTR PropertyName);")
|
|
cpp_quote("")
|
|
cpp_quote("HPROTOCOL WINAPI GetProtocolFromName(LPSTR ProtocolName);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetProtocolStartOffset(HFRAME hFrame, LPSTR ProtocolName);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetProtocolStartOffsetHandle(HFRAME hFrame, HPROTOCOL hProtocol);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetPreviousProtocolOffsetByName(HFRAME hFrame,")
|
|
cpp_quote(" DWORD dwStartOffset,")
|
|
cpp_quote(" LPSTR szProtocolName,")
|
|
cpp_quote(" DWORD* pdwPreviousOffset);")
|
|
cpp_quote("")
|
|
cpp_quote("LPPROTOCOLTABLE WINAPI GetEnabledProtocols(HCAPTURE hCapture);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Property API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI CreatePropertyDatabase(HPROTOCOL hProtocol, DWORD nProperties);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI DestroyPropertyDatabase(HPROTOCOL hProtocol);")
|
|
cpp_quote("")
|
|
cpp_quote("HPROPERTY WINAPI AddProperty(HPROTOCOL hProtocol, LPPROPERTYINFO PropertyInfo);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI AttachPropertyInstance(HFRAME hFrame,")
|
|
cpp_quote(" HPROPERTY hProperty,")
|
|
cpp_quote(" DWORD Length,")
|
|
cpp_quote(" ULPVOID lpData,")
|
|
cpp_quote(" DWORD HelpID,")
|
|
cpp_quote(" DWORD Level,")
|
|
cpp_quote(" DWORD IFlags);")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL WINAPI AttachPropertyInstanceEx(HFRAME hFrame,")
|
|
cpp_quote(" HPROPERTY hProperty,")
|
|
cpp_quote(" DWORD Length,")
|
|
cpp_quote(" ULPVOID lpData,")
|
|
cpp_quote(" DWORD ExLength,")
|
|
cpp_quote(" ULPVOID lpExData,")
|
|
cpp_quote(" DWORD HelpID,")
|
|
cpp_quote(" DWORD Level,")
|
|
cpp_quote(" DWORD IFlags);")
|
|
cpp_quote("")
|
|
cpp_quote("LPPROPERTYINST WINAPI FindPropertyInstance(HFRAME hFrame, HPROPERTY hProperty);")
|
|
cpp_quote("")
|
|
cpp_quote("LPPROPERTYINST WINAPI FindPropertyInstanceRestart (HFRAME hFrame, ")
|
|
cpp_quote(" HPROPERTY hProperty, ")
|
|
cpp_quote(" LPPROPERTYINST *lpRestartKey, ")
|
|
cpp_quote(" BOOL DirForward );")
|
|
cpp_quote("")
|
|
cpp_quote("LPPROPERTYINFO WINAPI GetPropertyInfo(HPROPERTY hProperty);")
|
|
cpp_quote("")
|
|
cpp_quote("LPSTR WINAPI GetPropertyText(HFRAME hFrame, LPPROPERTYINST lpPI, LPSTR szBuffer, DWORD BufferSize);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ResetPropertyInstanceLength( LPPROPERTYINST lpProp, ")
|
|
cpp_quote(" WORD nOrgLen, ")
|
|
cpp_quote(" WORD nNewLen );")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// MISC. API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI GetCaptureCommentFromFilename(LPSTR lpFilename, LPSTR lpComment, DWORD BufferSize);")
|
|
cpp_quote("")
|
|
cpp_quote("int WINAPI CompareAddresses(LPADDRESS lpAddress1, LPADDRESS lpAddress2);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPIV FormatPropertyInstance(LPPROPERTYINST lpPropertyInst, ...);")
|
|
cpp_quote("")
|
|
cpp_quote("SYSTEMTIME * WINAPI AdjustSystemTime(SYSTEMTIME *SystemTime, __int64 TimeDelta);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// EXPERT API's for use by Experts")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ExpertGetFrame( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" IN DWORD Direction,")
|
|
cpp_quote(" IN DWORD RequestFlags,")
|
|
cpp_quote(" IN DWORD RequestedFrameNumber,")
|
|
cpp_quote(" IN HFILTER hFilter,")
|
|
cpp_quote(" OUT LPEXPERTFRAMEDESCRIPTOR pEFrameDescriptor);")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI ExpertAllocMemory( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" IN SIZE_T nBytes,")
|
|
cpp_quote(" OUT DWORD* pError);")
|
|
cpp_quote("")
|
|
cpp_quote("LPVOID WINAPI ExpertReallocMemory( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" IN LPVOID pOriginalMemory,")
|
|
cpp_quote(" IN SIZE_T nBytes,")
|
|
cpp_quote(" OUT DWORD* pError);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ExpertFreeMemory( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" IN LPVOID pOriginalMemory);")
|
|
cpp_quote("")
|
|
cpp_quote("SIZE_T WINAPI ExpertMemorySize( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" IN LPVOID pOriginalMemory);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ExpertIndicateStatus( IN HEXPERTKEY hExpertKey, ")
|
|
cpp_quote(" IN EXPERTSTATUSENUMERATION Status,")
|
|
cpp_quote(" IN DWORD SubStatus,")
|
|
cpp_quote(" IN const char * szText,")
|
|
cpp_quote(" IN LONG PercentDone);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ExpertSubmitEvent( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" IN PNMEVENTDATA pExpertEvent);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD WINAPI ExpertGetStartupInfo( IN HEXPERTKEY hExpertKey,")
|
|
cpp_quote(" OUT PEXPERTSTARTUPINFO pExpertStartupInfo);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// DEBUG API's.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("#ifdef DEBUG")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// BreakPoint() macro.")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// We do not want breakpoints in our code any more...")
|
|
cpp_quote("// so we are defining DebugBreak(), usually a system call, to be")
|
|
cpp_quote("// just a dprintf. BreakPoint() is still defined as DebugBreak().")
|
|
cpp_quote("")
|
|
cpp_quote("#ifdef DebugBreak")
|
|
cpp_quote("#undef DebugBreak")
|
|
cpp_quote("#endif // DebugBreak")
|
|
cpp_quote("")
|
|
cpp_quote("#define DebugBreak() dprintf(\"DebugBreak Called at %s:%s\", __FILE__, __LINE__);")
|
|
cpp_quote("#define BreakPoint() DebugBreak()")
|
|
cpp_quote("")
|
|
cpp_quote("#endif // DEBUG")
|
|
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMBlob.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Blob Constants")
|
|
cpp_quote("//=============================================================================")
|
|
const DWORD INITIAL_RESTART_KEY =0xFFFFFFFF;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Blob Core Helper Routines ")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("DWORD _cdecl CreateBlob(HBLOB * phBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl DestroyBlob(HBLOB hBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetStringInBlob(HBLOB hBlob, ")
|
|
cpp_quote(" const char * pOwnerName, ")
|
|
cpp_quote(" const char * pCategoryName, ")
|
|
cpp_quote(" const char * pTagName, ")
|
|
cpp_quote(" const char * pString); ")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetStringFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" const char ** ppString);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetStringsFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pRequestedOwnerName,")
|
|
cpp_quote(" const char * pRequestedCategoryName,")
|
|
cpp_quote(" const char * pRequestedTagName,")
|
|
cpp_quote(" const char ** ppReturnedOwnerName,")
|
|
cpp_quote(" const char ** ppReturnedCategoryName,")
|
|
cpp_quote(" const char ** ppReturnedTagName,")
|
|
cpp_quote(" const char ** ppReturnedString,")
|
|
cpp_quote(" DWORD * pRestartKey);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl RemoveFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl LockBlob(HBLOB hBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl UnlockBlob(HBLOB hBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl FindUnknownBlobCategories( HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pKnownCategoriesTable[],")
|
|
cpp_quote(" HBLOB hUnknownCategoriesBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Blob Helper Routines ")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("DWORD _cdecl MergeBlob(HBLOB hDstBlob,")
|
|
cpp_quote(" HBLOB hSrcBlob); ")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl DuplicateBlob (HBLOB hSrcBlob,")
|
|
cpp_quote(" HBLOB *hBlobThatWillBeCreated ); ")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl WriteBlobToFile(HBLOB hBlob,")
|
|
cpp_quote(" const char * pFileName);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl ReadBlobFromFile(HBLOB* phBlob,")
|
|
cpp_quote(" const char * pFileName);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl RegCreateBlobKey(HKEY hkey, const char* szBlobName, HBLOB hBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl RegOpenBlobKey(HKEY hkey, const char* szBlobName, HBLOB* phBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl MarshalBlob(HBLOB hBlob, DWORD* pSize, BYTE** ppBytes);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl UnMarshalBlob(HBLOB* phBlob, DWORD Size, BYTE* pBytes);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetDwordInBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" DWORD Dword);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetDwordFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" DWORD * pDword);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetBoolInBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" BOOL Bool);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetBoolFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" BOOL * pBool);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetMacAddressFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" BYTE * pMacAddress);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetMacAddressInBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pTagName,")
|
|
cpp_quote(" const BYTE * pMacAddress);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl FindUnknownBlobTags( HBLOB hBlob,")
|
|
cpp_quote(" const char * pOwnerName,")
|
|
cpp_quote(" const char * pCategoryName,")
|
|
cpp_quote(" const char * pKnownTagsTable[],")
|
|
cpp_quote(" HBLOB hUnknownTagsBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Blob NPP Helper Routines")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("DWORD _cdecl SetNetworkInfoInBlob(HBLOB hBlob, ")
|
|
cpp_quote(" LPNETWORKINFO lpNetworkInfo);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNetworkInfoFromBlob(HBLOB hBlob, ")
|
|
cpp_quote(" LPNETWORKINFO lpNetworkInfo);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl CreateNPPInterface ( HBLOB hBlob,")
|
|
cpp_quote(" REFIID iid,")
|
|
cpp_quote(" void ** ppvObject);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetClassIDInBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char* pOwnerName,")
|
|
cpp_quote(" const char* pCategoryName,")
|
|
cpp_quote(" const char* pTagName,")
|
|
cpp_quote(" const CLSID* pClsID);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetClassIDFromBlob(HBLOB hBlob,")
|
|
cpp_quote(" const char* pOwnerName,")
|
|
cpp_quote(" const char* pCategoryName,")
|
|
cpp_quote(" const char* pTagName,")
|
|
cpp_quote(" CLSID * pClsID);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetNPPPatternFilterInBlob( HBLOB hBlob,")
|
|
cpp_quote(" LPEXPRESSION pExpression,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNPPPatternFilterFromBlob( HBLOB hBlob,")
|
|
cpp_quote(" LPEXPRESSION pExpression,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetNPPAddressFilterInBlob( HBLOB hBlob,")
|
|
cpp_quote(" LPADDRESSTABLE pAddressTable);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNPPAddressFilterFromBlob( HBLOB hBlob,")
|
|
cpp_quote(" LPADDRESSTABLE pAddressTable,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetNPPTriggerInBlob( HBLOB hBlob,")
|
|
cpp_quote(" LPTRIGGER pTrigger,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNPPTriggerFromBlob( HBLOB hBlob,")
|
|
cpp_quote(" LPTRIGGER pTrigger,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl SetNPPEtypeSapFilter(HBLOB hBlob, ")
|
|
cpp_quote(" WORD nSaps,")
|
|
cpp_quote(" WORD nEtypes,")
|
|
cpp_quote(" LPBYTE lpSapTable,")
|
|
cpp_quote(" LPWORD lpEtypeTable,")
|
|
cpp_quote(" DWORD FilterFlags,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("DWORD _cdecl GetNPPEtypeSapFilter(HBLOB hBlob, ")
|
|
cpp_quote(" WORD *pnSaps,")
|
|
cpp_quote(" WORD *pnEtypes,")
|
|
cpp_quote(" LPBYTE *ppSapTable,")
|
|
cpp_quote(" LPWORD *ppEtypeTable,")
|
|
cpp_quote(" DWORD *pFilterFlags,")
|
|
cpp_quote(" HBLOB hErrorBlob);")
|
|
cpp_quote("")
|
|
cpp_quote("// GetNPPMacTypeAsNumber maps the tag NPP:NetworkInfo:MacType to the MAC_TYPE_*")
|
|
cpp_quote("// defined in the NPPTYPES.h. If the tag is unavailable, the API returns MAC_TYPE_UNKNOWN.")
|
|
cpp_quote("DWORD _cdecl GetNPPMacTypeAsNumber(HBLOB hBlob, ")
|
|
cpp_quote(" LPDWORD lpMacType);")
|
|
cpp_quote("")
|
|
cpp_quote("// See if a remote catagory exists... and make sure that the remote computername")
|
|
cpp_quote("// isn't the same as the local computername.")
|
|
cpp_quote("BOOL _cdecl IsRemoteNPP ( HBLOB hBLOB);")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// npp tag definitions")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("#define OWNER_NPP \"NPP\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_NETWORKINFO \"NetworkInfo\"")
|
|
cpp_quote("#define TAG_MACTYPE \"MacType\"")
|
|
cpp_quote("#define TAG_CURRENTADDRESS \"CurrentAddress\"")
|
|
cpp_quote("#define TAG_LINKSPEED \"LinkSpeed\"")
|
|
cpp_quote("#define TAG_MAXFRAMESIZE \"MaxFrameSize\"")
|
|
cpp_quote("#define TAG_FLAGS \"Flags\"")
|
|
cpp_quote("#define TAG_TIMESTAMPSCALEFACTOR \"TimeStampScaleFactor\"")
|
|
cpp_quote("#define TAG_COMMENT \"Comment\"")
|
|
cpp_quote("#define TAG_NODENAME \"NodeName\"")
|
|
cpp_quote("#define TAG_NAME \"Name\"")
|
|
cpp_quote("#define TAG_FAKENPP \"Fake\"")
|
|
cpp_quote("#define TAG_PROMISCUOUS_MODE \"PMode\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_LOCATION \"Location\"")
|
|
cpp_quote("#define TAG_RAS \"Dial-up Connection\"")
|
|
cpp_quote("#define TAG_MACADDRESS \"MacAddress\"")
|
|
cpp_quote("#define TAG_CLASSID \"ClassID\"")
|
|
cpp_quote("#define TAG_NAME \"Name\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_CONFIG \"Config\"")
|
|
cpp_quote("#define TAG_FRAME_SIZE \"FrameSize\"")
|
|
cpp_quote("#define TAG_UPDATE_FREQUENCY \"UpdateFreq\"")
|
|
cpp_quote("#define TAG_BUFFER_SIZE \"BufferSize\"")
|
|
cpp_quote("#define TAG_DRIVE_LETTER \"DriveLetter\"")
|
|
cpp_quote("#define TAG_PATTERN_DESIGNATOR \"PatternMatch\"")
|
|
cpp_quote("#define TAG_PATTERN \"Pattern\"")
|
|
cpp_quote("#define TAG_ADDRESS_PAIR \"AddressPair\"")
|
|
cpp_quote("#define TAG_CONNECTIONFLAGS \"ConnectionFlags\"")
|
|
cpp_quote("#define TAG_ETYPES \"Etypes\"")
|
|
cpp_quote("#define TAG_SAPS \"Saps\"")
|
|
cpp_quote("#define TAG_NO_CONVERSATION_STATS \"NoConversationStats\"")
|
|
cpp_quote("#define TAG_NO_STATS_FRAME \"NoStatsFrame\"")
|
|
cpp_quote("#define TAG_DONT_DELETE_EMPTY_CAPTURE \"DontDeleteEmptyCapture\"")
|
|
cpp_quote("#define TAG_WANT_PROTOCOL_INFO \"WantProtocolInfo\"")
|
|
cpp_quote("#define TAG_INTERFACE_DELAYED_CAPTURE \"IDdC\"")
|
|
cpp_quote("#define TAG_INTERFACE_REALTIME_CAPTURE \"IRTC\"")
|
|
cpp_quote("#define TAG_INTERFACE_STATS \"ISts\"")
|
|
cpp_quote("#define TAG_INTERFACE_TRANSMIT \"IXmt\"")
|
|
cpp_quote("#define TAG_INTERFACE_EXPERT_STATS \"IESP\"")
|
|
cpp_quote("#define TAG_LOCAL_ONLY \"LocalOnly\"")
|
|
cpp_quote("// Is_Remote is set to TRUE by NPPs that go remote. Note that when you")
|
|
cpp_quote("// are looking for a remote NPP, you probably also need to ask for")
|
|
cpp_quote("// blobs that have the TAG_GET_SPECIAL_BLOBS bool set")
|
|
cpp_quote("#define TAG_IS_REMOTE \"IsRemote\"")
|
|
cpp_quote("")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_TRIGGER \"Trigger\"")
|
|
cpp_quote("#define TAG_TRIGGER \"Trigger\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_FINDER \"Finder\"")
|
|
cpp_quote("#define TAG_ROOT \"Root\"")
|
|
cpp_quote("#define TAG_PROCNAME \"ProcName\"")
|
|
cpp_quote("#define TAG_DISP_STRING \"Display\"")
|
|
cpp_quote("#define TAG_DLL_FILENAME \"DLLName\"")
|
|
cpp_quote("#define TAG_GET_SPECIAL_BLOBS \"Specials\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_REMOTE \"Remote\"")
|
|
cpp_quote("#define TAG_REMOTECOMPUTER \"RemoteComputer\"")
|
|
cpp_quote("#define TAG_REMOTECLASSID \"ClassID\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define CATEGORY_ESP \"ESP\"")
|
|
cpp_quote("#define TAG_ESP_GENERAL_ACTIVE \"ESPGeneralActive\"")
|
|
cpp_quote("#define TAG_ESP_PROTOCOL_ACTIVE \"ESPProtocolActive\"")
|
|
cpp_quote("#define TAG_ESP_MAC_ACTIVE \"ESPMacActive\"")
|
|
cpp_quote("#define TAG_ESP_MAC2MAC_ACTIVE \"ESPMac2MacActive\"")
|
|
cpp_quote("#define TAG_ESP_IP_ACTIVE \"ESPIpActive\"")
|
|
cpp_quote("#define TAG_ESP_IP2IP_ACTIVE \"ESPIp2IpActive\"")
|
|
cpp_quote("#define TAG_ESP_IP_APP_ACTIVE \"ESPIpAppActive\"")
|
|
cpp_quote("#define TAG_ESP_IPX_ACTIVE \"ESPIpxActive\"")
|
|
cpp_quote("#define TAG_ESP_IPX2IPX_ACTIVE \"ESPIpx2IpxActive\"")
|
|
cpp_quote("#define TAG_ESP_IPX_APP_ACTIVE \"ESPIpxAppActive\"")
|
|
cpp_quote("#define TAG_ESP_DEC_ACTIVE \"ESPDecActive\"")
|
|
cpp_quote("#define TAG_ESP_DEC2DEC_ACTIVE \"ESPDec2DecActive\"")
|
|
cpp_quote("#define TAG_ESP_DEC_APP_ACTIVE \"ESPDecAppActive\"")
|
|
cpp_quote("#define TAG_ESP_APPLE_ACTIVE \"ESPAppleActive\"")
|
|
cpp_quote("#define TAG_ESP_APPLE2APPLE_ACTIVE \"ESPApple2AppleActive\"")
|
|
cpp_quote("#define TAG_ESP_APPLE_APP_ACTIVE \"ESPAppleAppActive\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define TAG_ESP_UTIL_SIZE \"ESPUtilSize\"")
|
|
cpp_quote("#define TAG_ESP_TIME_SIZE \"ESPTimeSize\"")
|
|
cpp_quote("#define TAG_ESP_BPS_SIZE \"ESPBpsSize\"")
|
|
cpp_quote("#define TAG_ESP_BPS_THRESH \"ESPBpsThresh\"")
|
|
cpp_quote("#define TAG_ESP_FPS_THRESH \"ESPFpsThresh\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define TAG_ESP_MAC \"ESPMac\"")
|
|
cpp_quote("#define TAG_ESP_IPX \"ESPIpx\"")
|
|
cpp_quote("#define TAG_ESP_IPXSPX \"ESPIpxSpx\"")
|
|
cpp_quote("#define TAG_ESP_NCP \"ESPNcp\"")
|
|
cpp_quote("#define TAG_ESP_IP \"ESPIp\"")
|
|
cpp_quote("#define TAG_ESP_UDP \"ESPUdp\"")
|
|
cpp_quote("#define TAG_ESP_TCP \"ESPTcp\"")
|
|
cpp_quote("#define TAG_ESP_ICMP \"ESPIcmp\"")
|
|
cpp_quote("#define TAG_ESP_ARP \"ESPArp\"")
|
|
cpp_quote("#define TAG_ESP_RARP \"ESPRarp\"")
|
|
cpp_quote("#define TAG_ESP_APPLE \"ESPApple\"")
|
|
cpp_quote("#define TAG_ESP_AARP \"ESPAarp\"")
|
|
cpp_quote("#define TAG_ESP_DEC \"ESPDec\"")
|
|
cpp_quote("#define TAG_ESP_NETBIOS \"ESPNetbios\"")
|
|
cpp_quote("#define TAG_ESP_SNA \"ESPSna\"")
|
|
cpp_quote("#define TAG_ESP_BPDU \"ESPBpdu\"")
|
|
cpp_quote("#define TAG_ESP_LLC \"ESPLlc\"")
|
|
cpp_quote("#define TAG_ESP_RPL \"ESPRpl\"")
|
|
cpp_quote("#define TAG_ESP_BANYAN \"ESPBanyan\"")
|
|
cpp_quote("#define TAG_ESP_LANMAN \"ESPLanMan\"")
|
|
cpp_quote("#define TAG_ESP_SNMP \"ESPSnmp\"")
|
|
cpp_quote("#define TAG_ESP_X25 \"ESPX25\"")
|
|
cpp_quote("#define TAG_ESP_XNS \"ESPXns\"")
|
|
cpp_quote("#define TAG_ESP_ISO \"ESPIso\"")
|
|
cpp_quote("#define TAG_ESP_UNKNOWN \"ESPUnknown\"")
|
|
cpp_quote("#define TAG_ESP_ATP \"ESPAtp\"")
|
|
cpp_quote("#define TAG_ESP_ADSP \"ESPAdsp\"")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// npp value definitions")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// Mac types")
|
|
cpp_quote("#define PROTOCOL_STRING_ETHERNET_TXT \"ETHERNET\"")
|
|
cpp_quote("#define PROTOCOL_STRING_TOKENRING_TXT \"TOKENRING\"")
|
|
cpp_quote("#define PROTOCOL_STRING_FDDI_TXT \"FDDI\"")
|
|
cpp_quote("#define PROTOCOL_STRING_ATM_TXT \"ATM\"")
|
|
cpp_quote("#define PROTOCOL_STRING_1394_TXT \"IP/1394\"")
|
|
cpp_quote("")
|
|
cpp_quote("// lower protocols")
|
|
cpp_quote("#define PROTOCOL_STRING_IP_TXT \"IP\"")
|
|
cpp_quote("#define PROTOCOL_STRING_IPX_TXT \"IPX\"")
|
|
cpp_quote("#define PROTOCOL_STRING_XNS_TXT \"XNS\"")
|
|
cpp_quote("#define PROTOCOL_STRING_VINES_IP_TXT \"VINES IP\"")
|
|
cpp_quote("")
|
|
cpp_quote("// upper protocols")
|
|
cpp_quote("#define PROTOCOL_STRING_ICMP_TXT \"ICMP\"")
|
|
cpp_quote("#define PROTOCOL_STRING_TCP_TXT \"TCP\"")
|
|
cpp_quote("#define PROTOCOL_STRING_UDP_TXT \"UDP\"")
|
|
cpp_quote("#define PROTOCOL_STRING_SPX_TXT \"SPX\"")
|
|
cpp_quote("#define PROTOCOL_STRING_NCP_TXT \"NCP\"")
|
|
cpp_quote("")
|
|
cpp_quote("// pseudo protocols")
|
|
cpp_quote("#define PROTOCOL_STRING_ANY_TXT \"ANY\"")
|
|
cpp_quote("#define PROTOCOL_STRING_ANY_GROUP_TXT \"ANY GROUP\"")
|
|
cpp_quote("#define PROTOCOL_STRING_HIGHEST_TXT \"HIGHEST\"")
|
|
cpp_quote("#define PROTOCOL_STRING_LOCAL_ONLY_TXT \"LOCAL ONLY\"")
|
|
cpp_quote("#define PROTOCOL_STRING_UNKNOWN_TXT \"UNKNOWN\"")
|
|
cpp_quote("#define PROTOCOL_STRING_DATA_TXT \"DATA\"")
|
|
cpp_quote("#define PROTOCOL_STRING_FRAME_TXT \"FRAME\"")
|
|
cpp_quote("#define PROTOCOL_STRING_NONE_TXT \"NONE\"")
|
|
cpp_quote("#define PROTOCOL_STRING_EFFECTIVE_TXT \"EFFECTIVE\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define ADDRESS_PAIR_INCLUDE_TXT \"INCLUDE\"")
|
|
cpp_quote("#define ADDRESS_PAIR_EXCLUDE_TXT \"EXCLUDE\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define INCLUDE_ALL_EXCEPT_TXT \"INCLUDE ALL EXCEPT\"")
|
|
cpp_quote("#define EXCLUDE_ALL_EXCEPT_TXT \"EXCLUDE ALL EXCEPT\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define PATTERN_MATCH_OR_TXT \"OR(\"")
|
|
cpp_quote("#define PATTERN_MATCH_AND_TXT \"AND(\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define TRIGGER_PATTERN_TXT \"PATTERN MATCH\"")
|
|
cpp_quote("#define TRIGGER_BUFFER_TXT \"BUFFER CONTENT\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define TRIGGER_NOTIFY_TXT \"NOTIFY\"")
|
|
cpp_quote("#define TRIGGER_STOP_TXT \"STOP\"")
|
|
cpp_quote("#define TRIGGER_PAUSE_TXT \"PAUSE\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define TRIGGER_25_PERCENT_TXT \"25 PERCENT\"")
|
|
cpp_quote("#define TRIGGER_50_PERCENT_TXT \"50 PERCENT\"")
|
|
cpp_quote("#define TRIGGER_75_PERCENT_TXT \"75 PERCENT\"")
|
|
cpp_quote("#define TRIGGER_100_PERCENT_TXT \"100 PERCENT\"")
|
|
cpp_quote("")
|
|
cpp_quote("#define PATTERN_MATCH_NOT_TXT \"NOT\"")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMRegHelp.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("// Registry helpers")
|
|
cpp_quote("LPCSTR _cdecl FindOneOf(LPCSTR p1, LPCSTR p2);")
|
|
cpp_quote("")
|
|
cpp_quote("LONG _cdecl recursiveDeleteKey(HKEY hKeyParent, // Parent of key to delete.")
|
|
cpp_quote(" const char* lpszKeyChild); // Key to delete.")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL _cdecl SubkeyExists(const char* pszPath, // Path of key to check")
|
|
cpp_quote(" const char* szSubkey); // Key to check")
|
|
cpp_quote("")
|
|
cpp_quote("BOOL _cdecl setKeyAndValue(const char* szKey, ")
|
|
cpp_quote(" const char* szSubkey, ")
|
|
cpp_quote(" const char* szValue,")
|
|
cpp_quote(" const char* szName) ;")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMIpStructs.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("")
|
|
cpp_quote("// These structures are used to decode network data and so need to be packed")
|
|
#pragma pack(push, 1)
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// IP Packet Structure")
|
|
cpp_quote("//")
|
|
// contains a zero length array, so must cpp_quote
|
|
cpp_quote("typedef struct _IP ")
|
|
cpp_quote("{")
|
|
cpp_quote(" union ")
|
|
cpp_quote(" {")
|
|
cpp_quote(" BYTE Version;")
|
|
cpp_quote(" BYTE HdrLen;")
|
|
cpp_quote(" };")
|
|
cpp_quote(" BYTE ServiceType;")
|
|
cpp_quote(" WORD TotalLen;")
|
|
cpp_quote(" WORD ID;")
|
|
cpp_quote(" union ")
|
|
cpp_quote(" {")
|
|
cpp_quote(" WORD Flags;")
|
|
cpp_quote(" WORD FragOff;")
|
|
cpp_quote(" };")
|
|
cpp_quote(" BYTE TimeToLive;")
|
|
cpp_quote(" BYTE Protocol;")
|
|
cpp_quote(" WORD HdrChksum;")
|
|
cpp_quote(" DWORD SrcAddr;")
|
|
cpp_quote(" DWORD DstAddr;")
|
|
cpp_quote(" BYTE Options[0];")
|
|
cpp_quote("} IP;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef IP * LPIP;")
|
|
cpp_quote("typedef IP UNALIGNED * ULPIP;")
|
|
|
|
|
|
cpp_quote("// Psuedo Header used for CheckSum Calculations")
|
|
typedef struct _PSUHDR
|
|
{
|
|
DWORD ph_SrcIP;
|
|
DWORD ph_DstIP;
|
|
UCHAR ph_Zero;
|
|
UCHAR ph_Proto;
|
|
WORD ph_ProtLen;
|
|
} PSUHDR;
|
|
cpp_quote("typedef PSUHDR UNALIGNED * LPPSUHDR;")
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// IP Bitmasks that are useful")
|
|
cpp_quote("// (and the appropriate bit shifts, as well)")
|
|
cpp_quote("//")
|
|
cpp_quote("")
|
|
cpp_quote("#define IP_VERSION_MASK ((BYTE) 0xf0)")
|
|
cpp_quote("#define IP_VERSION_SHIFT (4)")
|
|
cpp_quote("#define IP_HDRLEN_MASK ((BYTE) 0x0f)")
|
|
cpp_quote("#define IP_HDRLEN_SHIFT (0)")
|
|
cpp_quote("#define IP_PRECEDENCE_MASK ((BYTE) 0xE0)")
|
|
cpp_quote("#define IP_PRECEDENCE_SHIFT (5)")
|
|
cpp_quote("#define IP_TOS_MASK ((BYTE) 0x1E)")
|
|
cpp_quote("#define IP_TOS_SHIFT (1)")
|
|
cpp_quote("#define IP_DELAY_MASK ((BYTE) 0x10)")
|
|
cpp_quote("#define IP_THROUGHPUT_MASK ((BYTE) 0x08)")
|
|
cpp_quote("#define IP_RELIABILITY_MASK ((BYTE) 0x04)")
|
|
cpp_quote("#define IP_FLAGS_MASK ((BYTE) 0xE0)")
|
|
cpp_quote("#define IP_FLAGS_SHIFT (13)")
|
|
cpp_quote("#define IP_DF_MASK ((BYTE) 0x40)")
|
|
cpp_quote("#define IP_MF_MASK ((BYTE) 0x20)")
|
|
cpp_quote("#define IP_MF_SHIFT (5)")
|
|
cpp_quote("#define IP_FRAGOFF_MASK ((WORD) 0x1FFF)")
|
|
cpp_quote("#define IP_FRAGOFF_SHIFT (3)")
|
|
cpp_quote("#define IP_TCC_MASK ((DWORD) 0xFFFFFF00)")
|
|
cpp_quote("#define IP_TIME_OPTS_MASK ((BYTE) 0x0F)")
|
|
cpp_quote("#define IP_MISS_STNS_MASK ((BYTE) 0xF0)")
|
|
cpp_quote("")
|
|
cpp_quote("#define IP_TIME_OPTS_SHIFT (0)")
|
|
cpp_quote("#define IP_MISS_STNS_SHIFT (4)")
|
|
cpp_quote("")
|
|
cpp_quote("//")
|
|
cpp_quote("// Offset to checksum field in ip header")
|
|
cpp_quote("//")
|
|
cpp_quote("#define IP_CHKSUM_OFF 10")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE BYTE IP_Version(ULPIP pIP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return (pIP->Version & IP_VERSION_MASK) >> IP_VERSION_SHIFT;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD IP_HdrLen(ULPIP pIP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return ((pIP->HdrLen & IP_HDRLEN_MASK) >> IP_HDRLEN_SHIFT) << 2;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE WORD IP_FragOff(ULPIP pIP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return (XCHG(pIP->FragOff) & IP_FRAGOFF_MASK) << IP_FRAGOFF_SHIFT;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD IP_TotalLen(ULPIP pIP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return XCHG(pIP->TotalLen);")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD IP_MoreFragments(ULPIP pIP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return (pIP->Flags & IP_MF_MASK) >> IP_MF_SHIFT;")
|
|
cpp_quote("}")
|
|
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// Well known ports in the TCP/IP protocol (See RFC 1060)")
|
|
cpp_quote("//")
|
|
cpp_quote("#define PORT_TCPMUX 1 // TCP Port Service Multiplexer")
|
|
cpp_quote("#define PORT_RJE 5 // Remote Job Entry")
|
|
cpp_quote("#define PORT_ECHO 7 // Echo")
|
|
cpp_quote("#define PORT_DISCARD 9 // Discard")
|
|
cpp_quote("#define PORT_USERS 11 // Active users")
|
|
cpp_quote("#define PORT_DAYTIME 13 // Daytime")
|
|
cpp_quote("#define PORT_NETSTAT 15 // Netstat")
|
|
cpp_quote("#define PORT_QUOTE 17 // Quote of the day")
|
|
cpp_quote("#define PORT_CHARGEN 19 // Character Generator")
|
|
cpp_quote("#define PORT_FTPDATA 20 // File transfer [default data]")
|
|
cpp_quote("#define PORT_FTP 21 // File transfer [Control]")
|
|
cpp_quote("#define PORT_TELNET 23 // Telnet")
|
|
cpp_quote("#define PORT_SMTP 25 // Simple Mail Transfer")
|
|
cpp_quote("#define PORT_NSWFE 27 // NSW User System FE")
|
|
cpp_quote("#define PORT_MSGICP 29 // MSG ICP")
|
|
cpp_quote("#define PORT_MSGAUTH 31 // MSG Authentication")
|
|
cpp_quote("#define PORT_DSP 33 // Display Support")
|
|
cpp_quote("#define PORT_PRTSERVER 35 // any private printer server")
|
|
cpp_quote("#define PORT_TIME 37 // Time")
|
|
cpp_quote("#define PORT_RLP 39 // Resource Location Protocol")
|
|
cpp_quote("#define PORT_GRAPHICS 41 // Graphics")
|
|
cpp_quote("#define PORT_NAMESERVER 42 // Host Name Server")
|
|
cpp_quote("#define PORT_NICNAME 43 // Who is")
|
|
cpp_quote("#define PORT_MPMFLAGS 44 // MPM Flags ")
|
|
cpp_quote("#define PORT_MPM 45 // Message Processing Module [recv]")
|
|
cpp_quote("#define PORT_MPMSND 46 // MPM [default send]")
|
|
cpp_quote("#define PORT_NIFTP 47 // NI FTP")
|
|
cpp_quote("#define PORT_LOGIN 49 // Login Host Protocol")
|
|
cpp_quote("#define PORT_LAMAINT 51 // IMP Logical Address Maintenance")
|
|
cpp_quote("#define PORT_DOMAIN 53 // Domain Name Server")
|
|
cpp_quote("#define PORT_ISIGL 55 // ISI Graphics Language")
|
|
cpp_quote("#define PORT_ANYTERMACC 57 // any private terminal access")
|
|
cpp_quote("#define PORT_ANYFILESYS 59 // any private file service")
|
|
cpp_quote("#define PORT_NIMAIL 61 // NI Mail")
|
|
cpp_quote("#define PORT_VIAFTP 63 // VIA Systems - FTP")
|
|
cpp_quote("#define PORT_TACACSDS 65 // TACACS - Database Service")
|
|
cpp_quote("#define PORT_BOOTPS 67 // Bootstrap Protocol server")
|
|
cpp_quote("#define PORT_BOOTPC 68 // Bootstrap Protocol client")
|
|
cpp_quote("#define PORT_TFTP 69 // Trivial File Transfer")
|
|
cpp_quote("#define PORT_NETRJS1 71 // Remote Job service")
|
|
cpp_quote("#define PORT_NETRJS2 72 // Remote Job service")
|
|
cpp_quote("#define PORT_NETRJS3 73 // Remote Job service")
|
|
cpp_quote("#define PORT_NETRJS4 74 // Remote Job service")
|
|
cpp_quote("#define PORT_ANYDIALOUT 75 // any private dial out service")
|
|
cpp_quote("#define PORT_ANYRJE 77 // any private RJE service")
|
|
cpp_quote("#define PORT_FINGER 79 // Finger")
|
|
cpp_quote("#define PORT_HTTP 80 // HTTP (www)")
|
|
cpp_quote("#define PORT_HOSTS2NS 81 // Hosts2 Name Server")
|
|
cpp_quote("#define PORT_MITMLDEV1 83 // MIT ML Device")
|
|
cpp_quote("#define PORT_MITMLDEV2 85 // MIT ML Device")
|
|
cpp_quote("#define PORT_ANYTERMLINK 87 // any private terminal link")
|
|
cpp_quote("#define PORT_SUMITTG 89 // SU/MIT Telnet Gateway")
|
|
cpp_quote("#define PORT_MITDOV 91 // MIT Dover Spooler")
|
|
cpp_quote("#define PORT_DCP 93 // Device Control Protocol")
|
|
cpp_quote("#define PORT_SUPDUP 95 // SUPDUP")
|
|
cpp_quote("#define PORT_SWIFTRVF 97 // Swift Remote Vitural File Protocol")
|
|
cpp_quote("#define PORT_TACNEWS 98 // TAC News")
|
|
cpp_quote("#define PORT_METAGRAM 99 // Metagram Relay")
|
|
cpp_quote("#define PORT_NEWACCT 100 // [Unauthorized use]")
|
|
cpp_quote("#define PORT_HOSTNAME 101 // NIC Host Name Server")
|
|
cpp_quote("#define PORT_ISOTSAP 102 // ISO-TSAP")
|
|
cpp_quote("#define PORT_X400 103 // X400")
|
|
cpp_quote("#define PORT_X400SND 104 // X400 - SND")
|
|
cpp_quote("#define PORT_CSNETNS 105 // Mailbox Name Nameserver")
|
|
cpp_quote("#define PORT_RTELNET 107 // Remote Telnet Service")
|
|
cpp_quote("#define PORT_POP2 109 // Post Office Protocol - version 2")
|
|
cpp_quote("#define PORT_POP3 110 // Post Office Protocol - version 3")
|
|
cpp_quote("#define PORT_SUNRPC 111 // SUN Remote Procedure Call")
|
|
cpp_quote("#define PORT_AUTH 113 // Authentication")
|
|
cpp_quote("#define PORT_SFTP 115 // Simple File Transfer Protocol")
|
|
cpp_quote("#define PORT_UUCPPATH 117 // UUCP Path Service")
|
|
cpp_quote("#define PORT_NNTP 119 // Network News Transfer Protocol")
|
|
cpp_quote("#define PORT_ERPC 121 // Encore Expedited Remote Proc. Call")
|
|
cpp_quote("#define PORT_NTP 123 // Network Time Protocol")
|
|
cpp_quote("#define PORT_LOCUSMAP 125 // Locus PC-Interface Net Map Sesrver")
|
|
cpp_quote("#define PORT_LOCUSCON 127 // Locus PC-Interface Conn Server")
|
|
cpp_quote("#define PORT_PWDGEN 129 // Password Generator Protocol")
|
|
cpp_quote("#define PORT_CISCOFNA 130 // CISCO FNATIVE")
|
|
cpp_quote("#define PORT_CISCOTNA 131 // CISCO TNATIVE")
|
|
cpp_quote("#define PORT_CISCOSYS 132 // CISCO SYSMAINT")
|
|
cpp_quote("#define PORT_STATSRV 133 // Statistics Service")
|
|
cpp_quote("#define PORT_INGRESNET 134 // Ingres net service")
|
|
cpp_quote("#define PORT_LOCSRV 135 // Location Service")
|
|
cpp_quote("#define PORT_PROFILE 136 // PROFILE Naming System")
|
|
cpp_quote("#define PORT_NETBIOSNS 137 // NETBIOS Name Service")
|
|
cpp_quote("#define PORT_NETBIOSDGM 138 // NETBIOS Datagram Service")
|
|
cpp_quote("#define PORT_NETBIOSSSN 139 // NETBIOS Session Service")
|
|
cpp_quote("#define PORT_EMFISDATA 140 // EMFIS Data Service")
|
|
cpp_quote("#define PORT_EMFISCNTL 141 // EMFIS Control Service")
|
|
cpp_quote("#define PORT_BLIDM 142 // Britton-Lee IDM")
|
|
cpp_quote("#define PORT_IMAP2 143 // Interim Mail Access Protocol v2")
|
|
cpp_quote("#define PORT_NEWS 144 // NewS")
|
|
cpp_quote("#define PORT_UAAC 145 // UAAC protocol")
|
|
cpp_quote("#define PORT_ISOTP0 146 // ISO-IP0")
|
|
cpp_quote("#define PORT_ISOIP 147 // ISO-IP")
|
|
cpp_quote("#define PORT_CRONUS 148 // CRONUS-Support")
|
|
cpp_quote("#define PORT_AED512 149 // AED 512 Emulation Service")
|
|
cpp_quote("#define PORT_SQLNET 150 // SQL-NET")
|
|
cpp_quote("#define PORT_HEMS 151 // HEMS")
|
|
cpp_quote("#define PORT_BFTP 152 // Background File Transfer Protocol")
|
|
cpp_quote("#define PORT_SGMP 153 // SGMP")
|
|
cpp_quote("#define PORT_NETSCPROD 154 // NETSC")
|
|
cpp_quote("#define PORT_NETSCDEV 155 // NETSC")
|
|
cpp_quote("#define PORT_SQLSRV 156 // SQL service")
|
|
cpp_quote("#define PORT_KNETCMP 157 // KNET/VM Command/Message Protocol")
|
|
cpp_quote("#define PORT_PCMAILSRV 158 // PCMail server")
|
|
cpp_quote("#define PORT_NSSROUTING 159 // NSS routing")
|
|
cpp_quote("#define PORT_SGMPTRAPS 160 // SGMP-TRAPS")
|
|
cpp_quote("#define PORT_SNMP 161 // SNMP")
|
|
cpp_quote("#define PORT_SNMPTRAP 162 // SNMPTRAP")
|
|
cpp_quote("#define PORT_CMIPMANAGE 163 // CMIP/TCP Manager")
|
|
cpp_quote("#define PORT_CMIPAGENT 164 // CMIP/TCP Agent")
|
|
cpp_quote("#define PORT_XNSCOURIER 165 // Xerox")
|
|
cpp_quote("#define PORT_SNET 166 // Sirius Systems")
|
|
cpp_quote("#define PORT_NAMP 167 // NAMP")
|
|
cpp_quote("#define PORT_RSVD 168 // RSVC")
|
|
cpp_quote("#define PORT_SEND 169 // SEND")
|
|
cpp_quote("#define PORT_PRINTSRV 170 // Network Postscript")
|
|
cpp_quote("#define PORT_MULTIPLEX 171 // Network Innovations Multiples")
|
|
cpp_quote("#define PORT_CL1 172 // Network Innovations CL/1")
|
|
cpp_quote("#define PORT_XYPLEXMUX 173 // Xyplex")
|
|
cpp_quote("#define PORT_MAILQ 174 // MAILQ")
|
|
cpp_quote("#define PORT_VMNET 175 // VMNET")
|
|
cpp_quote("#define PORT_GENRADMUX 176 // GENRAD-MUX")
|
|
cpp_quote("#define PORT_XDMCP 177 // X Display Manager Control Protocol")
|
|
cpp_quote("#define PORT_NEXTSTEP 178 // NextStep Window Server")
|
|
cpp_quote("#define PORT_BGP 179 // Border Gateway Protocol")
|
|
cpp_quote("#define PORT_RIS 180 // Intergraph")
|
|
cpp_quote("#define PORT_UNIFY 181 // Unify")
|
|
cpp_quote("#define PORT_UNISYSCAM 182 // Unisys-Cam")
|
|
cpp_quote("#define PORT_OCBINDER 183 // OCBinder")
|
|
cpp_quote("#define PORT_OCSERVER 184 // OCServer")
|
|
cpp_quote("#define PORT_REMOTEKIS 185 // Remote-KIS")
|
|
cpp_quote("#define PORT_KIS 186 // KIS protocol")
|
|
cpp_quote("#define PORT_ACI 187 // Application Communication Interface")
|
|
cpp_quote("#define PORT_MUMPS 188 // MUMPS")
|
|
cpp_quote("#define PORT_QFT 189 // Queued File Transport")
|
|
cpp_quote("#define PORT_GACP 190 // Gateway Access Control Protocol")
|
|
cpp_quote("#define PORT_PROSPERO 191 // Prospero")
|
|
cpp_quote("#define PORT_OSUNMS 192 // OSU Network Monitoring System")
|
|
cpp_quote("#define PORT_SRMP 193 // Spider Remote Monitoring Protocol")
|
|
cpp_quote("#define PORT_IRC 194 // Internet Relay Chat Protocol")
|
|
cpp_quote("#define PORT_DN6NLMAUD 195 // DNSIX Network Level Module Audit")
|
|
cpp_quote("#define PORT_DN6SMMRED 196 // DSNIX Session Mgt Module Audit Redirector")
|
|
cpp_quote("#define PORT_DLS 197 // Directory Location Service")
|
|
cpp_quote("#define PORT_DLSMON 198 // Directory Location Service Monitor")
|
|
cpp_quote("#define PORT_ATRMTP 201 // AppleTalk Routing Maintenance")
|
|
cpp_quote("#define PORT_ATNBP 202 // AppleTalk Name Binding")
|
|
cpp_quote("#define PORT_AT3 203 // AppleTalk Unused")
|
|
cpp_quote("#define PORT_ATECHO 204 // AppleTalk Echo")
|
|
cpp_quote("#define PORT_AT5 205 // AppleTalk Unused")
|
|
cpp_quote("#define PORT_ATZIS 206 // AppleTalk Zone Information")
|
|
cpp_quote("#define PORT_AT7 207 // AppleTalk Unused")
|
|
cpp_quote("#define PORT_AT8 208 // AppleTalk Unused")
|
|
cpp_quote("#define PORT_SURMEAS 243 // Survey Measurement")
|
|
cpp_quote("#define PORT_LINK 245 // LINK")
|
|
cpp_quote("#define PORT_DSP3270 246 // Display Systems Protocol")
|
|
cpp_quote("#define PORT_LDAP1 389 // LDAP")
|
|
cpp_quote("#define PORT_ISAKMP 500 // ISAKMP")
|
|
cpp_quote("#define PORT_REXEC 512 // Remote Process Execution")
|
|
cpp_quote("#define PORT_RLOGIN 513 // Remote login a la telnet")
|
|
cpp_quote("#define PORT_RSH 514 // Remote command")
|
|
cpp_quote("#define PORT_LPD 515 // Line printer spooler - LPD")
|
|
cpp_quote("#define PORT_RIP 520 // TCP=? / UDP=RIP")
|
|
cpp_quote("#define PORT_TEMPO 526 // Newdate")
|
|
cpp_quote("#define PORT_COURIER 530 // rpc")
|
|
cpp_quote("#define PORT_NETNEWS 532 // READNEWS")
|
|
cpp_quote("#define PORT_UUCPD 540 // UUCPD")
|
|
cpp_quote("#define PORT_KLOGIN 543 //")
|
|
cpp_quote("#define PORT_KSHELL 544 // krcmd")
|
|
cpp_quote("#define PORT_DSF 555 //")
|
|
cpp_quote("#define PORT_REMOTEEFS 556 // RFS server")
|
|
cpp_quote("#define PORT_CHSHELL 562 // chmod")
|
|
cpp_quote("#define PORT_METER 570 // METER")
|
|
cpp_quote("#define PORT_PCSERVER 600 // SUN IPC Server")
|
|
cpp_quote("#define PORT_NQS 607 // NQS")
|
|
cpp_quote("#define PORT_HMMP_INDICATION 612 // ")
|
|
cpp_quote("#define PORT_HMMP_OPERATION 613 // ")
|
|
cpp_quote("#define PORT_MDQS 666 // MDQS")
|
|
cpp_quote("#define PORT_LPD721 721 // LPD Client (lpd client ports 721 - 731)")
|
|
cpp_quote("#define PORT_LPD722 722 // LPD Client (see RFC 1179)")
|
|
cpp_quote("#define PORT_LPD723 723 // LPD Client")
|
|
cpp_quote("#define PORT_LPD724 724 // LPD Client")
|
|
cpp_quote("#define PORT_LPD725 725 // LPD Client")
|
|
cpp_quote("#define PORT_LPD726 726 // LPD Client")
|
|
cpp_quote("#define PORT_LPD727 727 // LPD Client")
|
|
cpp_quote("#define PORT_LPD728 728 // LPD Client")
|
|
cpp_quote("#define PORT_LPD729 729 // LPD Client")
|
|
cpp_quote("#define PORT_LPD730 730 // LPD Client")
|
|
cpp_quote("#define PORT_LPD731 731 // LPD Client")
|
|
cpp_quote("#define PORT_RFILE 750 // RFILE")
|
|
cpp_quote("#define PORT_PUMP 751 // PUMP")
|
|
cpp_quote("#define PORT_QRH 752 // QRH")
|
|
cpp_quote("#define PORT_RRH 753 // RRH")
|
|
cpp_quote("#define PORT_TELL 754 // TELL")
|
|
cpp_quote("#define PORT_NLOGIN 758 // NLOGIN")
|
|
cpp_quote("#define PORT_CON 759 // CON")
|
|
cpp_quote("#define PORT_NS 760 // NS")
|
|
cpp_quote("#define PORT_RXE 761 // RXE")
|
|
cpp_quote("#define PORT_QUOTAD 762 // QUOTAD")
|
|
cpp_quote("#define PORT_CYCLESERV 763 // CYCLESERV")
|
|
cpp_quote("#define PORT_OMSERV 764 // OMSERV")
|
|
cpp_quote("#define PORT_WEBSTER 765 // WEBSTER")
|
|
cpp_quote("#define PORT_PHONEBOOK 767 // PHONE")
|
|
cpp_quote("#define PORT_VID 769 // VID")
|
|
cpp_quote("#define PORT_RTIP 771 // RTIP")
|
|
cpp_quote("#define PORT_CYCLESERV2 772 // CYCLESERV-2")
|
|
cpp_quote("#define PORT_SUBMIT 773 // submit")
|
|
cpp_quote("#define PORT_RPASSWD 774 // RPASSWD")
|
|
cpp_quote("#define PORT_ENTOMB 775 // ENTOMB")
|
|
cpp_quote("#define PORT_WPAGES 776 // WPAGES")
|
|
cpp_quote("#define PORT_WPGS 780 // wpgs")
|
|
cpp_quote("#define PORT_MDBSDAEMON 800 // MDBS DAEMON")
|
|
cpp_quote("#define PORT_DEVICE 801 // DEVICE")
|
|
cpp_quote("#define PORT_MAITRD 997 // MAITRD")
|
|
cpp_quote("#define PORT_BUSBOY 998 // BUSBOY")
|
|
cpp_quote("#define PORT_GARCON 999 // GARCON")
|
|
cpp_quote("#define PORT_NFS 2049 // NFS")
|
|
cpp_quote("#define PORT_LDAP2 3268 // LDAP")
|
|
cpp_quote("#define PORT_PPTP 5678 // PPTP")
|
|
cpp_quote("")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMIcmpStructs.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("")
|
|
cpp_quote("//")
|
|
cpp_quote("// ICMP Frame Structure")
|
|
cpp_quote("//")
|
|
|
|
typedef struct _RequestReplyFields
|
|
{
|
|
WORD ID;
|
|
WORD SeqNo;
|
|
} ReqReply;
|
|
|
|
typedef struct _ParameterProblemFields
|
|
{
|
|
BYTE Pointer;
|
|
BYTE junk[3];
|
|
} ParmProb;
|
|
|
|
typedef struct _TimestampFields
|
|
{
|
|
DWORD tsOrig;
|
|
DWORD tsRecv;
|
|
DWORD tsXmit;
|
|
} TS;
|
|
|
|
typedef struct _RouterAnnounceHeaderFields
|
|
{
|
|
BYTE NumAddrs;
|
|
BYTE AddrEntrySize;
|
|
WORD Lifetime;
|
|
} RouterAH;
|
|
|
|
typedef struct _RouterAnnounceEntry
|
|
{
|
|
DWORD Address;
|
|
DWORD PreferenceLevel;
|
|
} RouterAE;
|
|
|
|
// contains a zero length array, so must cpp_quote
|
|
cpp_quote("typedef struct _ICMP ")
|
|
cpp_quote("{")
|
|
cpp_quote(" BYTE Type;")
|
|
cpp_quote(" BYTE Code;")
|
|
cpp_quote(" WORD Checksum;")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" DWORD Unused;")
|
|
cpp_quote(" DWORD Address;")
|
|
cpp_quote(" ReqReply RR;")
|
|
cpp_quote(" ParmProb PP;")
|
|
cpp_quote(" RouterAH RAH; ")
|
|
cpp_quote(" };")
|
|
cpp_quote("")
|
|
cpp_quote(" union")
|
|
cpp_quote(" {")
|
|
cpp_quote(" TS Time;")
|
|
cpp_quote(" IP IP;")
|
|
cpp_quote(" RouterAE RAE[0];")
|
|
cpp_quote(" };")
|
|
cpp_quote("} ICMP;")
|
|
cpp_quote("")
|
|
cpp_quote("typedef ICMP * LPICMP;")
|
|
cpp_quote("typedef ICMP UNALIGNED * ULPICMP;")
|
|
|
|
const DWORD ICMP_HEADER_LENGTH =8;
|
|
cpp_quote("// # of *BYTES* of IP data to attach to")
|
|
cpp_quote("// datagram in addition to IP header")
|
|
const DWORD ICMP_IP_DATA_LENGTH =8;
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// ICMP Packet Types")
|
|
cpp_quote("//")
|
|
|
|
const BYTE ECHO_REPLY = 0;
|
|
const BYTE DESTINATION_UNREACHABLE = 3;
|
|
const BYTE SOURCE_QUENCH = 4;
|
|
const BYTE REDIRECT = 5;
|
|
const BYTE ECHO = 8;
|
|
const BYTE ROUTER_ADVERTISEMENT = 9;
|
|
const BYTE ROUTER_SOLICITATION =10;
|
|
const BYTE TIME_EXCEEDED =11;
|
|
const BYTE PARAMETER_PROBLEM =12;
|
|
const BYTE TIMESTAMP =13;
|
|
const BYTE TIMESTAMP_REPLY =14;
|
|
const BYTE INFORMATION_REQUEST =15;
|
|
const BYTE INFORMATION_REPLY =16;
|
|
const BYTE ADDRESS_MASK_REQUEST =17;
|
|
const BYTE ADDRESS_MASK_REPLY =18;
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMIpxStructs.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("// IPX")
|
|
typedef struct
|
|
{
|
|
UCHAR ha_address[6];
|
|
|
|
} HOST_ADDRESS;
|
|
|
|
typedef struct _IPXADDRESS
|
|
{
|
|
ULONG ipx_NetNumber;
|
|
HOST_ADDRESS ipx_HostAddr;
|
|
|
|
} IPXADDRESS;
|
|
cpp_quote("typedef IPXADDRESS UNALIGNED * PIPXADDRESS;")
|
|
|
|
typedef struct _NET_ADDRESS
|
|
{
|
|
IPXADDRESS na_IPXAddr;
|
|
USHORT na_socket;
|
|
|
|
} NET_ADDRESS;
|
|
cpp_quote("typedef NET_ADDRESS UNALIGNED * UPNET_ADDRESS;")
|
|
|
|
cpp_quote("// IPX Internetwork Packet eXchange Protocol Header.")
|
|
typedef struct
|
|
{
|
|
USHORT ipx_checksum;
|
|
USHORT ipx_length;
|
|
UCHAR ipx_xport_control; // nee ipx_hopcnt
|
|
UCHAR ipx_packet_type; // nee ipx_pkttyp
|
|
NET_ADDRESS ipx_dest;
|
|
NET_ADDRESS ipx_source;
|
|
|
|
} IPX_HDR;
|
|
cpp_quote("typedef IPX_HDR UNALIGNED * ULPIPX_HDR;")
|
|
|
|
cpp_quote("// SPX - Sequenced Packet Protocol")
|
|
typedef struct _SPX_HDR
|
|
{
|
|
IPX_HDR spx_idp_hdr;
|
|
UCHAR spx_conn_ctrl; // bits 0-3 defined (SPX_CTRL_xxx)
|
|
UCHAR spx_data_type; // 0 (defined to be used by higher layers)
|
|
USHORT spx_src_conn_id; // b.e.
|
|
USHORT spx_dest_conn_id; // b.e.
|
|
USHORT spx_sequence_num; // sequence number (b.e.).
|
|
USHORT spx_ack_num; // acknowledge number (b.e.)
|
|
USHORT spx_alloc_num; // allocation (b.e.)
|
|
|
|
} SPX_HDR;
|
|
cpp_quote("typedef SPX_HDR UNALIGNED *PSPX_HDR;")
|
|
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("// (NMTcpStructs.h)")
|
|
cpp_quote("//=============================================================================")
|
|
cpp_quote("//=============================================================================")
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// TCP Packet Structure")
|
|
cpp_quote("//")
|
|
|
|
typedef struct _TCP
|
|
{
|
|
WORD SrcPort;
|
|
WORD DstPort;
|
|
DWORD SeqNum;
|
|
DWORD AckNum;
|
|
BYTE DataOff;
|
|
BYTE Flags;
|
|
WORD Window;
|
|
WORD Chksum;
|
|
WORD UrgPtr;
|
|
} TCP;
|
|
|
|
typedef TCP * LPTCP;
|
|
cpp_quote("typedef TCP UNALIGNED * ULPTCP;")
|
|
|
|
cpp_quote("INLINE DWORD TCP_HdrLen(ULPTCP pTCP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return (pTCP->DataOff & 0xf0) >> 2;")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD TCP_SrcPort(ULPTCP pTCP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return XCHG(pTCP->SrcPort);")
|
|
cpp_quote("}")
|
|
cpp_quote("")
|
|
cpp_quote("INLINE DWORD TCP_DstPort(ULPTCP pTCP)")
|
|
cpp_quote("{")
|
|
cpp_quote(" return XCHG(pTCP->DstPort);")
|
|
cpp_quote("}")
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// TCP Option Opcodes")
|
|
cpp_quote("//")
|
|
|
|
const DWORD TCP_OPTION_ENDOFOPTIONS = 0;
|
|
const DWORD TCP_OPTION_NOP = 1;
|
|
const DWORD TCP_OPTION_MAXSEGSIZE = 2;
|
|
const DWORD TCP_OPTION_WSCALE = 3;
|
|
const DWORD TCP_OPTION_SACK_PERMITTED= 4;
|
|
const DWORD TCP_OPTION_SACK = 5;
|
|
const DWORD TCP_OPTION_TIMESTAMPS = 8;
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// TCP Flags")
|
|
cpp_quote("//")
|
|
|
|
const BYTE TCP_FLAG_URGENT =0x20;
|
|
const BYTE TCP_FLAG_ACK =0x10;
|
|
const BYTE TCP_FLAG_PUSH =0x08;
|
|
const BYTE TCP_FLAG_RESET =0x04;
|
|
const BYTE TCP_FLAG_SYN =0x02;
|
|
const BYTE TCP_FLAG_FIN =0x01;
|
|
|
|
cpp_quote("//")
|
|
cpp_quote("// TCP Field Masks")
|
|
cpp_quote("//")
|
|
const DWORD TCP_RESERVED_MASK =0x0FC0;
|
|
|
|
#pragma pack(pop)
|
|
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// IDelaydC - used by a consumer to get frames after a capture has completed.")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
|
|
const DWORD DEFAULT_DELAYED_BUFFER_SIZE =1; // 1 meg
|
|
const char USE_DEFAULT_DRIVE_LETTER =0; // "read from registry"
|
|
const DWORD RTC_FRAME_SIZE_FULL =0; // keep all
|
|
|
|
// GUID association
|
|
[
|
|
object,
|
|
uuid(BFF9C030-B58F-11ce-B5B0-00AA006CB37D),
|
|
pointer_default(unique)
|
|
]
|
|
|
|
// Interface Definition
|
|
[local]interface IDelaydC : IUnknown
|
|
{
|
|
import "unknwn.idl";
|
|
|
|
///////////////////////////////////////////////
|
|
// Connection Methods
|
|
///////////////////////////////////////////////
|
|
// Connect, this is where you actually connect to a network
|
|
HRESULT Connect( [in] HBLOB hInputBlob,
|
|
[in] LPVOID StatusCallbackProc,
|
|
[in] LPVOID UserContext,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
// Disconnect, Connect's logical opposite
|
|
HRESULT Disconnect( void );
|
|
|
|
// Get the status of the current capture
|
|
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
|
|
|
|
///////////////////////////////////////////////
|
|
// Configuration Methods
|
|
///////////////////////////////////////////////
|
|
HRESULT Configure( [in] HBLOB hConfigurationBlob,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
|
|
///////////////////////////////////////////////
|
|
// Control Methods
|
|
///////////////////////////////////////////////
|
|
// Start, begin capturing
|
|
HRESULT Start( [out] char *pFileName);
|
|
|
|
// Pause, take a break (out of p-mode we hope)
|
|
HRESULT Pause( void);
|
|
|
|
// Resume, sort of an 'un-pause'
|
|
HRESULT Resume( void);
|
|
|
|
// Stop, sort of an 'un-start'
|
|
HRESULT Stop( [out] LPSTATISTICS lpStats );
|
|
|
|
// Get two status flags:
|
|
// IsRunning, Are we capturing (regardless of paused state)
|
|
// IsPaused , Are we paused
|
|
HRESULT GetControlState( [out] BOOL * IsRunnning,
|
|
[out] BOOL * IsPaused );
|
|
|
|
///////////////////////////////////////////////
|
|
// Statistics Methods
|
|
///////////////////////////////////////////////
|
|
// GetTotalStatistics, fills in stats structure
|
|
HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats,
|
|
[in] BOOL fClearAfterReading);
|
|
|
|
// GetSessionStatistics, fills in Session and Station structures
|
|
HRESULT GetConversationStatistics([out] DWORD *nSessions,
|
|
[out, size_is(100)] LPSESSIONSTATS lpSessionStats,
|
|
[out] DWORD *nStations,
|
|
[out, size_is(100)] LPSTATIONSTATS lpStationStats,
|
|
[in] BOOL fClearAfterReading);
|
|
|
|
///////////////////////////////////////////////
|
|
// Special Methods
|
|
///////////////////////////////////////////////
|
|
// add a comment frame to ALL current captures
|
|
HRESULT InsertSpecialFrame( [in] DWORD FrameType,
|
|
[in] DWORD Flags,
|
|
[in] BYTE* pUserData,
|
|
[in] DWORD UserDataLength);
|
|
|
|
// QueryStations, get a list of machines running Network Monitor
|
|
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
|
|
}
|
|
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// IESP - used by a consumer to get extended statistics, no frames.")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
|
|
// GUID association
|
|
[
|
|
object,
|
|
uuid(E99A04AA-AB95-11d0-BE96-00A0C94989DE),
|
|
pointer_default(unique)
|
|
]
|
|
|
|
// Interface Definition
|
|
[local]interface IESP : IUnknown
|
|
{
|
|
import "unknwn.idl";
|
|
|
|
|
|
///////////////////////////////////////////////
|
|
// Connection Methods
|
|
///////////////////////////////////////////////
|
|
// Connect, this is where you actually connect to a network
|
|
HRESULT Connect( [in] HBLOB hInputBlob,
|
|
[in] LPVOID StatusCallbackProc,
|
|
[in] LPVOID UserContext,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
// Disconnect, Connect's logical opposite
|
|
HRESULT Disconnect( void );
|
|
|
|
// Get the status of the current capture
|
|
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
|
|
|
|
///////////////////////////////////////////////
|
|
// Configuration Methods
|
|
///////////////////////////////////////////////
|
|
HRESULT Configure( [in] HBLOB hConfigurationBlob,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
///////////////////////////////////////////////
|
|
// Control Methods
|
|
///////////////////////////////////////////////
|
|
// Start, begin capturing
|
|
HRESULT Start( [string, out] char *pFileName);
|
|
|
|
// Pause, take a break (out of p-mode we hope)
|
|
HRESULT Pause( [out] LPSTATISTICS lpStats);
|
|
|
|
// Resume, sort of an 'un-pause'
|
|
HRESULT Resume( void);
|
|
|
|
// Stop, sort of an 'un-start'
|
|
HRESULT Stop( [out] LPSTATISTICS lpStats);
|
|
|
|
// Get two status flags:
|
|
// IsRunning, Are we capturing (regardless of paused state)
|
|
// IsPaused , Are we paused
|
|
HRESULT GetControlState( [out] BOOL * IsRunnning,
|
|
[out] BOOL * IsPaused );
|
|
|
|
// QueryStations, get a list of machines running Network Monitor
|
|
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
|
|
|
|
}
|
|
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// IRTC - used by a consumer to get an interface to local entry points")
|
|
cpp_quote("// necessary to do real time capture processing. It includes a method")
|
|
cpp_quote("// for handing a callback to the NPP.")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
|
|
// Constants
|
|
const DWORD DEFAULT_RTC_BUFFER_SIZE =0x100000; /* 1 meg */
|
|
|
|
// GUID association
|
|
[
|
|
object,
|
|
uuid(4811EA40-B582-11ce-B5AF-00AA006CB37D),
|
|
pointer_default(unique)
|
|
]
|
|
|
|
// Interface Definition
|
|
[local]interface IRTC : IUnknown
|
|
{
|
|
import "unknwn.idl";
|
|
|
|
///////////////////////////////////////////////
|
|
// Connection Methods
|
|
///////////////////////////////////////////////
|
|
// Connect, this is where you actually connect to a network
|
|
HRESULT Connect( [in] HBLOB hInputBlob,
|
|
[in] LPVOID StatusCallbackProc,
|
|
[in] LPVOID FramesCallbackProc,
|
|
[in] LPVOID UserContext,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
// Disconnect, Connect's logical opposite
|
|
HRESULT Disconnect( void );
|
|
|
|
// Get the status of the current capture
|
|
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
|
|
|
|
///////////////////////////////////////////////
|
|
// Configuration Methods
|
|
///////////////////////////////////////////////
|
|
HRESULT Configure( [in] HBLOB hConfigurationBlob,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
|
|
///////////////////////////////////////////////
|
|
// Control Methods
|
|
///////////////////////////////////////////////
|
|
// Start, begin capturing
|
|
HRESULT Start( void);
|
|
|
|
// Pause, take a break (out of p-mode we hope)
|
|
HRESULT Pause( void);
|
|
|
|
// Resume, sort of an 'un-pause'
|
|
HRESULT Resume( void);
|
|
|
|
// Stop, sort of an 'un-start'
|
|
HRESULT Stop( void);
|
|
|
|
// Get two status flags:
|
|
// IsRunning, Are we capturing (regardless of paused state)
|
|
// IsPaused , Are we paused
|
|
HRESULT GetControlState( [out] BOOL * IsRunnning,
|
|
[out] BOOL * IsPaused );
|
|
|
|
|
|
///////////////////////////////////////////////
|
|
// Statistics Methods
|
|
///////////////////////////////////////////////
|
|
// GetTotalStatistics, fills in stats structure
|
|
HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats,
|
|
[in] BOOL fClearAfterReading);
|
|
|
|
// GetSessionStatistics, fills in Session and Station structures
|
|
HRESULT GetConversationStatistics([out] DWORD *nSessions,
|
|
[out, size_is(100)] LPSESSIONSTATS lpSessionStats,
|
|
[out] DWORD *nStations,
|
|
[out, size_is(100)] LPSTATIONSTATS lpStationStats,
|
|
[in] BOOL fClearAfterReading);
|
|
|
|
///////////////////////////////////////////////
|
|
// Special Methods
|
|
///////////////////////////////////////////////
|
|
// add a comment frame to ALL current captures
|
|
HRESULT InsertSpecialFrame( [in] DWORD FrameType,
|
|
[in] DWORD Flags,
|
|
[in] BYTE* pUserData,
|
|
[in] DWORD UserDataLength);
|
|
|
|
// QueryStations, get a list of machines running Network Monitor
|
|
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
|
|
|
|
}
|
|
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("// IStats - used by a consumer to get just statistics, no frames.")
|
|
cpp_quote("//****************************************************************************")
|
|
cpp_quote("//****************************************************************************")
|
|
|
|
// GUID association
|
|
[
|
|
object,
|
|
uuid(944AD530-B09D-11ce-B59C-00AA006CB37D),
|
|
pointer_default(unique)
|
|
]
|
|
|
|
// Interface Definition
|
|
[local]interface IStats : IUnknown
|
|
{
|
|
import "unknwn.idl";
|
|
|
|
|
|
///////////////////////////////////////////////
|
|
// Connection Methods
|
|
///////////////////////////////////////////////
|
|
// Connect, this is where you actually connect to a network
|
|
HRESULT Connect( [in] HBLOB hInputBlob,
|
|
[in] LPVOID StatusCallbackProc,
|
|
[in] LPVOID UserContext,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
// Disconnect, Connect's logical opposite
|
|
HRESULT Disconnect( void );
|
|
|
|
// Get the status of the current capture
|
|
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
|
|
|
|
///////////////////////////////////////////////
|
|
// Configuration Methods
|
|
///////////////////////////////////////////////
|
|
HRESULT Configure( [in] HBLOB hConfigurationBlob,
|
|
[out] HBLOB hErrorBlob);
|
|
|
|
///////////////////////////////////////////////
|
|
// Control Methods
|
|
///////////////////////////////////////////////
|
|
// Start, begin capturing
|
|
HRESULT Start( void);
|
|
|
|
// Pause, take a break (out of p-mode we hope)
|
|
HRESULT Pause( void);
|
|
|
|
// Resume, sort of an 'un-pause'
|
|
HRESULT Resume( void);
|
|
|
|
// Stop, sort of an 'un-start'
|
|
HRESULT Stop( void);
|
|
|
|
// Get two status flags:
|
|
// IsRunning, Are we capturing (regardless of paused state)
|
|
// IsPaused , Are we paused
|
|
HRESULT GetControlState( [out] BOOL * IsRunnning,
|
|
[out] BOOL * IsPaused );
|
|
|
|
///////////////////////////////////////////////
|
|
// Statistics Methods
|
|
///////////////////////////////////////////////
|
|
// GetTotalStatistics, fills in stats structure
|
|
HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats,
|
|
[in] BOOL fClearAfterReading);
|
|
|
|
// GetSessionStatistics, fills in Session and Station structures
|
|
HRESULT GetConversationStatistics([out] DWORD *nSessions,
|
|
[out, size_is(100)] LPSESSIONSTATS lpSessionStats,
|
|
[out] DWORD *nStations,
|
|
[out, size_is(100)] LPSTATIONSTATS lpStationStats,
|
|
[in] BOOL fClearAfterReading);
|
|
|
|
///////////////////////////////////////////////
|
|
// Special Methods
|
|
///////////////////////////////////////////////
|
|
// add a comment frame to ALL current captures
|
|
HRESULT InsertSpecialFrame( [in] DWORD FrameType,
|
|
[in] DWORD Flags,
|
|
[in] BYTE* pUserData,
|
|
[in] DWORD UserDataLength);
|
|
// QueryStations, get a list of machines running Network Monitor
|
|
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
|
|
}
|
|
|
|
|
|
#pragma warning(default:4200)
|
|
#pragma pack()
|
|
|
|
|
|
|
|
|