|
|
/* this ALWAYS GENERATED file contains the definitions for the interfaces */
/* File created by MIDL compiler version 6.00.0361 *//* Compiler settings for netmon.idl:
Oicf, W1, Zp8, env=Win32 (32b run) protocol : dce , ms_ext, c_ext, robust error checks: allocation ref bounds_check enum stub_data VC __declspec() decoration level: __declspec(uuid()), __declspec(selectany), __declspec(novtable) DECLSPEC_UUID(), MIDL_INTERFACE()*///@@MIDL_FILE_HEADING( )
#pragma warning( disable: 4049 ) /* more than 64k source lines */
/* verify that the <rpcndr.h> version is high enough to compile this file*/#ifndef __REQUIRED_RPCNDR_H_VERSION__
#define __REQUIRED_RPCNDR_H_VERSION__ 475
#endif
#include "rpc.h"
#include "rpcndr.h"
#ifndef __RPCNDR_H_VERSION__
#error this stub requires an updated version of <rpcndr.h>
#endif // __RPCNDR_H_VERSION__
#ifndef COM_NO_WINDOWS_H
#include "windows.h"
#include "ole2.h"
#endif /*COM_NO_WINDOWS_H*/
#ifndef __netmon_h__
#define __netmon_h__
#if defined(_MSC_VER) && (_MSC_VER >= 1020)
#pragma once
#endif
/* Forward Declarations */
#ifndef __IDelaydC_FWD_DEFINED__
#define __IDelaydC_FWD_DEFINED__
typedef interface IDelaydC IDelaydC;#endif /* __IDelaydC_FWD_DEFINED__ */
#ifndef __IRTC_FWD_DEFINED__
#define __IRTC_FWD_DEFINED__
typedef interface IRTC IRTC;#endif /* __IRTC_FWD_DEFINED__ */
#ifndef __IStats_FWD_DEFINED__
#define __IStats_FWD_DEFINED__
typedef interface IStats IStats;#endif /* __IStats_FWD_DEFINED__ */
/* header files for imported files */#include "unknwn.h"
#ifdef __cplusplus
extern "C"{#endif
void * __RPC_USER MIDL_user_allocate(size_t);void __RPC_USER MIDL_user_free( void * );
/* interface __MIDL_itf_netmon_0000 *//* [local] */
//=============================================================================
// Microsoft (R) Network Monitor (tm).
// Copyright (C) Microsoft Corporation. All rights reserved.
//
// MODULE: netmon.h
//
// This is the consolidated include file for all Network Monitor components.
//
// It contains the contents of these files from previous SDKs:
//
// NPPTypes.h
// Finder.h
// NMSupp.h
// BHTypes.h
// NMErr.h
// BHFilter.h
// Frame.h
// Parser.h
// IniLib.h
// NMExpert.h (previously Expert.h)
// Netmon.h (previously bh.h)
// NMBlob.h (previously blob.h)
// NMRegHelp.h (previously reghelp.h)
// NMIpStructs.h (previously IpStructs.h)
// NMIcmpStructs.h (previously IcmpStructs.h)
// NMIpxStructs.h (previously IpxStructs.h)
// NMTcpStructs.h (previously TcpStructs.h)
//
// IDelaydC.idl
// IRTC.idl
// IStats.idl
//
//=============================================================================
#include <winerror.h>
#include <winerror.h>
#pragma pack(1)
// For backward compatability with old SDK versions, all structures within this header
// file will be byte packed on x86 platforms. All other platforms will only have those
// structures that will be used to decode network data packed.
#ifdef _X86_
#pragma pack(1)
#else
#pragma pack()
#endif
// yes we know that many of our structures have:
// warning C4200: nonstandard extension used : zero-sized array in struct/union
// this is OK and intended
#pragma warning(disable:4200)
//=============================================================================
//=============================================================================
// (NPPTypes.h)
//=============================================================================
//=============================================================================
typedef BYTE *LPBYTE;
typedef const void *HBLOB;
//=============================================================================
// General constants.
//=============================================================================
#define MAC_TYPE_UNKNOWN ( 0 )
#define MAC_TYPE_ETHERNET ( 1 )
#define MAC_TYPE_TOKENRING ( 2 )
#define MAC_TYPE_FDDI ( 3 )
#define MAC_TYPE_ATM ( 4 )
#define MAC_TYPE_1394 ( 5 )
#define MACHINE_NAME_LENGTH ( 16 )
#define USER_NAME_LENGTH ( 32 )
#define ADAPTER_COMMENT_LENGTH ( 32 )
#define CONNECTION_FLAGS_WANT_CONVERSATION_STATS ( 0x1 )
//=============================================================================
// Transmit statistics structure.
//=============================================================================
typedef struct _TRANSMITSTATS { DWORD TotalFramesSent; DWORD TotalBytesSent; DWORD TotalTransmitErrors; } TRANSMITSTATS;
typedef TRANSMITSTATS *LPTRANSMITSTATS;
#define TRANSMITSTATS_SIZE ( sizeof( TRANSMITSTATS ) )
//=============================================================================
// Statistics structure.
//=============================================================================
typedef struct _STATISTICS { __int64 TimeElapsed; DWORD TotalFramesCaptured; DWORD TotalBytesCaptured; DWORD TotalFramesFiltered; DWORD TotalBytesFiltered; DWORD TotalMulticastsFiltered; DWORD TotalBroadcastsFiltered; DWORD TotalFramesSeen; DWORD TotalBytesSeen; DWORD TotalMulticastsReceived; DWORD TotalBroadcastsReceived; DWORD TotalFramesDropped; DWORD TotalFramesDroppedFromBuffer; DWORD MacFramesReceived; DWORD MacCRCErrors; __int64 MacBytesReceivedEx; DWORD MacFramesDropped_NoBuffers; DWORD MacMulticastsReceived; DWORD MacBroadcastsReceived; DWORD MacFramesDropped_HwError; } STATISTICS;
typedef STATISTICS *LPSTATISTICS;
#define STATISTICS_SIZE ( sizeof( STATISTICS ) )
//=============================================================================
// Address structures
//=============================================================================
// These structures are used to decode network data and so need to be packed
#pragma pack(push, 1)
#define MAX_NAME_SIZE ( 32 )
#define IP_ADDRESS_SIZE ( 4 )
#define MAC_ADDRESS_SIZE ( 6 )
#define IP6_ADDRESS_SIZE ( 16 )
// Q: What is the maximum address size that we could have to copy?
// A: IP6
#define MAX_ADDRESS_SIZE ( 16 )
#define ADDRESS_TYPE_ETHERNET ( 0 )
#define ADDRESS_TYPE_IP ( 1 )
#define ADDRESS_TYPE_IPX ( 2 )
#define ADDRESS_TYPE_TOKENRING ( 3 )
#define ADDRESS_TYPE_FDDI ( 4 )
#define ADDRESS_TYPE_XNS ( 5 )
#define ADDRESS_TYPE_ANY ( 6 )
#define ADDRESS_TYPE_ANY_GROUP ( 7 )
#define ADDRESS_TYPE_FIND_HIGHEST ( 8 )
#define ADDRESS_TYPE_VINES_IP ( 9 )
#define ADDRESS_TYPE_LOCAL_ONLY ( 10 )
#define ADDRESS_TYPE_ATM ( 11 )
#define ADDRESS_TYPE_1394 ( 12 )
#define ADDRESS_TYPE_IP6 ( 13 )
#define ADDRESSTYPE_FLAGS_NORMALIZE ( 0x1 )
#define ADDRESSTYPE_FLAGS_BIT_REVERSE ( 0x2 )
// Vines IP Address Structure
typedef struct _VINES_IP_ADDRESS { DWORD NetID; WORD SubnetID; } VINES_IP_ADDRESS;
typedef VINES_IP_ADDRESS *LPVINES_IP_ADDRESS;
#define VINES_IP_ADDRESS_SIZE ( sizeof( VINES_IP_ADDRESS ) )
// IPX Address Structure
typedef struct _IPX_ADDR { BYTE Subnet[ 4 ]; BYTE Address[ 6 ]; } IPX_ADDR;
typedef IPX_ADDR *LPIPX_ADDR;
#define IPX_ADDR_SIZE ( sizeof( IPX_ADDR ) )
// XNS Address Structure
typedef IPX_ADDR XNS_ADDRESS;
typedef IPX_ADDR *LPXNS_ADDRESS;
// ETHERNET SOURCE ADDRESS
typedef struct _ETHERNET_SRC_ADDRESS{ BYTE RoutingBit: 1; BYTE LocalBit: 1; BYTE Byte0: 6; BYTE Reserved[5];
} ETHERNET_SRC_ADDRESS;typedef ETHERNET_SRC_ADDRESS *LPETHERNET_SRC_ADDRESS;// ETHERNET DESTINATION ADDRESS
typedef struct _ETHERNET_DST_ADDRESS{ BYTE GroupBit: 1; BYTE AdminBit: 1; BYTE Byte0: 6; BYTE Reserved[5];} ETHERNET_DST_ADDRESS;typedef ETHERNET_DST_ADDRESS *LPETHERNET_DST_ADDRESS;
// FDDI addresses
typedef ETHERNET_SRC_ADDRESS FDDI_SRC_ADDRESS;typedef ETHERNET_DST_ADDRESS FDDI_DST_ADDRESS;
typedef FDDI_SRC_ADDRESS *LPFDDI_SRC_ADDRESS;typedef FDDI_DST_ADDRESS *LPFDDI_DST_ADDRESS;
// TOKENRING Source Address
typedef struct _TOKENRING_SRC_ADDRESS{ BYTE Byte0: 6; BYTE LocalBit: 1; BYTE RoutingBit: 1; BYTE Byte1; BYTE Byte2: 7; BYTE Functional: 1; BYTE Reserved[3];} TOKENRING_SRC_ADDRESS;typedef TOKENRING_SRC_ADDRESS *LPTOKENRING_SRC_ADDRESS;
// TOKENRING Destination Address
typedef struct _TOKENRING_DST_ADDRESS{ BYTE Byte0: 6; BYTE AdminBit: 1; BYTE GroupBit: 1; BYTE Reserved[5];} TOKENRING_DST_ADDRESS;typedef TOKENRING_DST_ADDRESS *LPTOKENRING_DST_ADDRESS;// Address Structure
typedef struct _ADDRESS2{ DWORD Type;
union { // ADDRESS_TYPE_ETHERNET
// ADDRESS_TYPE_TOKENRING
// ADDRESS_TYPE_FDDI
BYTE MACAddress[MAC_ADDRESS_SIZE];
// IP
BYTE IPAddress[IP_ADDRESS_SIZE];
// IP6
BYTE IP6Address[IP6_ADDRESS_SIZE];
// raw IPX
BYTE IPXRawAddress[IPX_ADDR_SIZE];
// real IPX
IPX_ADDR IPXAddress;
// raw Vines IP
BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];
// real Vines IP
VINES_IP_ADDRESS VinesIPAddress;
// ethernet with bits defined
ETHERNET_SRC_ADDRESS EthernetSrcAddress;
// ethernet with bits defined
ETHERNET_DST_ADDRESS EthernetDstAddress;
// tokenring with bits defined
TOKENRING_SRC_ADDRESS TokenringSrcAddress;
// tokenring with bits defined
TOKENRING_DST_ADDRESS TokenringDstAddress;
// fddi with bits defined
FDDI_SRC_ADDRESS FddiSrcAddress;
// fddi with bits defined
FDDI_DST_ADDRESS FddiDstAddress; }; WORD Flags;} ADDRESS2;typedef ADDRESS2 *LPADDRESS2;#define ADDRESS2_SIZE sizeof(ADDRESS2)
#pragma pack(pop)
//=============================================================================
// Address Pair Structure
//=============================================================================
#define ADDRESS_FLAGS_MATCH_DST ( 0x1 )
#define ADDRESS_FLAGS_MATCH_SRC ( 0x2 )
#define ADDRESS_FLAGS_EXCLUDE ( 0x4 )
#define ADDRESS_FLAGS_DST_GROUP_ADDR ( 0x8 )
#define ADDRESS_FLAGS_MATCH_BOTH ( 0x3 )
typedef struct _ADDRESSPAIR2{ WORD AddressFlags; WORD NalReserved; ADDRESS2 DstAddress; ADDRESS2 SrcAddress;
} ADDRESSPAIR2;typedef ADDRESSPAIR2 *LPADDRESSPAIR2;#define ADDRESSPAIR2_SIZE sizeof(ADDRESSPAIR2)
//=============================================================================
// Address table.
//=============================================================================
#define MAX_ADDRESS_PAIRS ( 8 )
typedef struct _ADDRESSTABLE2{ DWORD nAddressPairs; DWORD nNonMacAddressPairs; ADDRESSPAIR2 AddressPair[MAX_ADDRESS_PAIRS];
} ADDRESSTABLE2;
typedef ADDRESSTABLE2 *LPADDRESSTABLE2;#define ADDRESSTABLE2_SIZE sizeof(ADDRESSTABLE2)
//=============================================================================
// Network information.
//=============================================================================
#define NETWORKINFO_FLAGS_PMODE_NOT_SUPPORTED ( 0x1 )
#define NETWORKINFO_FLAGS_REMOTE_NAL ( 0x4 )
#define NETWORKINFO_FLAGS_REMOTE_NAL_CONNECTED ( 0x8 )
#define NETWORKINFO_FLAGS_REMOTE_CARD ( 0x10 )
#define NETWORKINFO_FLAGS_RAS ( 0x20 )
#define NETWORKINFO_RESERVED_FIELD_SIZE (FIELD_OFFSET(ADDRESS2,IPXAddress) + sizeof(IPX_ADDR))
typedef struct _NETWORKINFO{ BYTE PermanentAddr[6]; //... Permanent MAC address
BYTE CurrentAddr[6]; //... Current MAC address
BYTE Reserved[NETWORKINFO_RESERVED_FIELD_SIZE]; DWORD LinkSpeed; //... Link speed in Mbits.
DWORD MacType; //... Media type.
DWORD MaxFrameSize; //... Max frame size allowed.
DWORD Flags; //... Informational flags.
DWORD TimestampScaleFactor; //... 1 = 1/1 ms, 10 = 1/10 ms, 100 = 1/100 ms, etc.
BYTE NodeName[32]; //... Name of remote workstation.
BOOL PModeSupported; //... Card claims to support P-Mode
BYTE Comment[ADAPTER_COMMENT_LENGTH]; // Adapter comment field.
} NETWORKINFO;typedef NETWORKINFO *LPNETWORKINFO;#define NETWORKINFO_SIZE sizeof(NETWORKINFO)
#define MINIMUM_FRAME_SIZE ( 32 )
//=============================================================================
// Pattern structure.
//=============================================================================
#define MAX_PATTERN_LENGTH ( 16 )
// When set this flag will cause those frames which do NOT have the specified pattern
// in the proper stop to be kept.
#define PATTERN_MATCH_FLAGS_NOT ( 0x1 )
#define PATTERN_MATCH_FLAGS_RESERVED_1 ( 0x2 )
// When set this flag indicates that the user is not interested in a pattern match within
// IP or IPX, but in the protocol that follows. The driver will ensure that the protocol
// given in OffsetBasis is there and then that the port in the fram matches the port given.
// It will then calculate the offset from the beginning of the protocol that follows IP or IPX.
// NOTE: This flag is ignored if it is used with any OffsetBasis other than
// OFFSET_BASIS_RELATIVE_TO_IPX or OFFSET_BASIS_RELATIVE_TO_IP
#define PATTERN_MATCH_FLAGS_PORT_SPECIFIED ( 0x8 )
// The offset given is relative to the beginning of the frame. The
// PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.
#define OFFSET_BASIS_RELATIVE_TO_FRAME ( 0 )
// The offset given is relative to the beginning of the Effective Protocol.
// The Effective Protocol is defined as the protocol that follows
// the last protocol that determines Etype/SAP. In normal terms this means
// that the Effective Protocol will be IP, IPX, XNS, or any of their ilk.
// The PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.
#define OFFSET_BASIS_RELATIVE_TO_EFFECTIVE_PROTOCOL ( 1 )
// The offset given is relative to the beginning of IPX. If IPX is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IPX.
#define OFFSET_BASIS_RELATIVE_TO_IPX ( 2 )
// The offset given is relative to the beginning of IP. If IP is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IP.
#define OFFSET_BASIS_RELATIVE_TO_IP ( 3 )
// The offset given is relative to the beginning of IP6. If IP6 is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IP6.
#define OFFSET_BASIS_RELATIVE_TO_IP6 ( 4 )
typedef /* [public][public][public][public][public][public][public][public][public] */ union __MIDL___MIDL_itf_netmon_0000_0001 { BYTE NextHeader; BYTE IPPort; WORD ByteSwappedIPXPort; } GENERIC_PORT;
typedef struct _PATTERNMATCH { DWORD Flags; BYTE OffsetBasis; GENERIC_PORT Port; WORD Offset; WORD Length; BYTE PatternToMatch[ 16 ]; } PATTERNMATCH;
typedef PATTERNMATCH *LPPATTERNMATCH;
#define PATTERNMATCH_SIZE ( sizeof( PATTERNMATCH ) )
//=============================================================================
// Expression structure.
//=============================================================================
#define MAX_PATTERNS ( 4 )
typedef struct _ANDEXP { DWORD nPatternMatches; PATTERNMATCH PatternMatch[ 4 ]; } ANDEXP;
typedef ANDEXP *LPANDEXP;
#define ANDEXP_SIZE ( sizeof( ANDEXP ) )
typedef struct _EXPRESSION { DWORD nAndExps; ANDEXP AndExp[ 4 ]; } EXPRESSION;
typedef EXPRESSION *LPEXPRESSION;
#define EXPRESSION_SIZE ( sizeof( EXPRESSION ) )
//=============================================================================
// Trigger.
//=============================================================================
#define TRIGGER_TYPE_PATTERN_MATCH ( 1 )
#define TRIGGER_TYPE_BUFFER_CONTENT ( 2 )
#define TRIGGER_TYPE_PATTERN_MATCH_THEN_BUFFER_CONTENT ( 3 )
#define TRIGGER_TYPE_BUFFER_CONTENT_THEN_PATTERN_MATCH ( 4 )
#define TRIGGER_FLAGS_FRAME_RELATIVE ( 0 )
#define TRIGGER_FLAGS_DATA_RELATIVE ( 0x1 )
#define TRIGGER_ACTION_NOTIFY ( 0 )
#define TRIGGER_ACTION_STOP ( 0x2 )
#define TRIGGER_ACTION_PAUSE ( 0x3 )
#define TRIGGER_BUFFER_FULL_25_PERCENT ( 0 )
#define TRIGGER_BUFFER_FULL_50_PERCENT ( 1 )
#define TRIGGER_BUFFER_FULL_75_PERCENT ( 2 )
#define TRIGGER_BUFFER_FULL_100_PERCENT ( 3 )
typedef struct _TRIGGER { BOOL TriggerActive; BYTE TriggerType; BYTE TriggerAction; DWORD TriggerFlags; PATTERNMATCH TriggerPatternMatch; DWORD TriggerBufferSize; DWORD TriggerReserved; char TriggerCommandLine[ 260 ]; } TRIGGER;
typedef TRIGGER *LPTRIGGER;
#define TRIGGER_SIZE ( sizeof( TRIGGER ) )
//=============================================================================
// Capture filter.
//=============================================================================
// Capture filter flags. By default all frames are rejected and
// Network Monitor enables them based on the CAPTUREFILTER flags
// defined below.
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS ( 0x1 )
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES ( 0x2 )
#define CAPTUREFILTER_FLAGS_TRIGGER ( 0x4 )
#define CAPTUREFILTER_FLAGS_LOCAL_ONLY ( 0x8 )
// throw away our internal comment frames
#define CAPTUREFILTER_FLAGS_DISCARD_COMMENTS ( 0x10 )
// Keep SMT and Token Ring MAC frames
#define CAPTUREFILTER_FLAGS_KEEP_RAW ( 0x20 )
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL ( 0x3 )
#define BUFFER_FULL_25_PERCENT ( 0 )
#define BUFFER_FULL_50_PERCENT ( 1 )
#define BUFFER_FULL_75_PERCENT ( 2 )
#define BUFFER_FULL_100_PERCENT ( 3 )
typedef struct _CAPTUREFILTER{ DWORD FilterFlags; LPBYTE lpSapTable; LPWORD lpEtypeTable; WORD nSaps; WORD nEtypes; LPADDRESSTABLE2 AddressTable; EXPRESSION FilterExpression; TRIGGER Trigger; DWORD nFrameBytesToCopy; DWORD Reserved;
} CAPTUREFILTER;typedef CAPTUREFILTER *LPCAPTUREFILTER;#define CAPTUREFILTER_SIZE sizeof(CAPTUREFILTER)
//=============================================================================
// Frame type.
//=============================================================================
// TimeStamp is in 1/1,000,000th seconds.
typedef struct _FRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; /* [size_is] */ BYTE MacFrame[ 1 ]; } FRAME;
typedef FRAME *LPFRAME;
typedef FRAME UNALIGNED *ULPFRAME;#define FRAME_SIZE ( sizeof( FRAME ) )
//=============================================================================
// Frame descriptor type.
//=============================================================================
#define LOW_PROTOCOL_IPX ( OFFSET_BASIS_RELATIVE_TO_IPX )
#define LOW_PROTOCOL_IP ( OFFSET_BASIS_RELATIVE_TO_IP )
#define LOW_PROTOCOL_IP6 ( OFFSET_BASIS_RELATIVE_TO_IP6 )
#define LOW_PROTOCOL_UNKNOWN ( ( BYTE )-1 )
typedef struct _FRAME_DESCRIPTOR { /* [size_is] */ LPBYTE FramePointer; __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; WORD Etype; BYTE Sap; BYTE LowProtocol; WORD LowProtocolOffset; /* [switch_is] */ /* [switch_type] */ union { /* [default] */ WORD Reserved; /* [case()] */ BYTE IPPort; /* [case()] */ WORD ByteSwappedIPXPort; } HighPort; WORD HighProtocolOffset; } FRAME_DESCRIPTOR;
typedef FRAME_DESCRIPTOR *LPFRAME_DESCRIPTOR;
#define FRAME_DESCRIPTOR_SIZE ( sizeof( FRAME_DESCRIPTOR ) )
//=============================================================================
// Frame descriptor table.
//=============================================================================
typedef struct _FRAMETABLE { DWORD FrameTableLength; DWORD StartIndex; DWORD EndIndex; DWORD FrameCount; /* [size_is] */ FRAME_DESCRIPTOR Frames[ 1 ]; } FRAMETABLE;
typedef FRAMETABLE *LPFRAMETABLE;
//=============================================================================
// Station statistics.
//=============================================================================
#define STATIONSTATS_FLAGS_INITIALIZED ( 0x1 )
#define STATIONSTATS_FLAGS_EVENTPOSTED ( 0x2 )
#define STATIONSTATS_POOL_SIZE ( 100 )
typedef struct _STATIONSTATS { DWORD NextStationStats; DWORD SessionPartnerList; DWORD Flags; BYTE StationAddress[ 6 ]; WORD Pad; DWORD TotalPacketsReceived; DWORD TotalDirectedPacketsSent; DWORD TotalBroadcastPacketsSent; DWORD TotalMulticastPacketsSent; DWORD TotalBytesReceived; DWORD TotalBytesSent; } STATIONSTATS;
typedef STATIONSTATS *LPSTATIONSTATS;
#define STATIONSTATS_SIZE ( sizeof( STATIONSTATS ) )
//=============================================================================
// Session statistics.
//=============================================================================
#define SESSION_FLAGS_INITIALIZED ( 0x1 )
#define SESSION_FLAGS_EVENTPOSTED ( 0x2 )
#define SESSION_POOL_SIZE ( 100 )
typedef struct _SESSIONSTATS { DWORD NextSession; DWORD StationOwner; DWORD StationPartner; DWORD Flags; DWORD TotalPacketsSent; } SESSIONSTATS;
typedef SESSIONSTATS *LPSESSIONSTATS;
#define SESSIONSTATS_SIZE ( sizeof( SESSIONSTATS ) )
//=============================================================================
// Station Query
//=============================================================================
// These structures are obsolete and should not be used
// They are included so that our interfaces need not change
#pragma pack(push, 1)
typedef struct _STATIONQUERY { DWORD Flags; BYTE BCDVerMinor; BYTE BCDVerMajor; DWORD LicenseNumber; BYTE MachineName[ 16 ]; BYTE UserName[ 32 ]; BYTE Reserved[ 32 ]; BYTE AdapterAddress[ 6 ]; WCHAR WMachineName[ 16 ]; WCHAR WUserName[ 32 ]; } STATIONQUERY;
typedef STATIONQUERY *LPSTATIONQUERY;
#define STATIONQUERY_SIZE ( sizeof( STATIONQUERY ) )
#pragma pack(pop)
//=============================================================================
// structure.
//=============================================================================
typedef struct _QUERYTABLE { DWORD nStationQueries; /* [size_is] */ STATIONQUERY StationQuery[ 1 ]; } QUERYTABLE;
typedef QUERYTABLE *LPQUERYTABLE;
#define QUERYTABLE_SIZE ( sizeof( QUERYTABLE ) )
//=============================================================================
// The LINK structure is used to chain structures together into a list.
//=============================================================================
typedef struct _LINK *LPLINK;
typedef struct _LINK { LPLINK PrevLink; LPLINK NextLink; } LINK;
//=============================================================================
// Security Response packet
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
#define MAX_SECURITY_BREACH_REASON_SIZE ( 100 )
#define MAX_SIGNATURE_LENGTH ( 128 )
#define MAX_USER_NAME_LENGTH ( 256 )
typedef struct _SECURITY_PERMISSION_RESPONSE { UINT Version; DWORD RandomNumber; BYTE MachineName[ 16 ]; BYTE Address[ 6 ]; BYTE UserName[ 256 ]; BYTE Reason[ 100 ]; DWORD SignatureLength; BYTE Signature[ 128 ]; } SECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE *LPSECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE UNALIGNED * ULPSECURITY_PERMISSION_RESPONSE;#define SECURITY_PERMISSION_RESPONSE_SIZE ( sizeof( SECURITY_PERMISSION_RESPONSE ) )
#pragma pack(pop)
//=============================================================================
// Callback type
//=============================================================================
// generic events
#define UPDATE_EVENT_TERMINATE_THREAD ( 0 )
#define UPDATE_EVENT_NETWORK_STATUS ( 0x1 )
// rtc events
#define UPDATE_EVENT_RTC_INTERVAL_ELAPSED ( 0x2 )
#define UPDATE_EVENT_RTC_FRAME_TABLE_FULL ( 0x3 )
#define UPDATE_EVENT_RTC_BUFFER_FULL ( 0x4 )
// delayed events
#define UPDATE_EVENT_TRIGGER_BUFFER_CONTENT ( 0x5 )
#define UPDATE_EVENT_TRIGGER_PATTERN_MATCH ( 0x6 )
#define UPDATE_EVENT_TRIGGER_BUFFER_PATTERN ( 0x7 )
#define UPDATE_EVENT_TRIGGER_PATTERN_BUFFER ( 0x8 )
// transmit events
#define UPDATE_EVENT_TRANSMIT_STATUS ( 0x9 )
// Security events
#define UPDATE_EVENT_SECURITY_BREACH ( 0xa )
// Remote failure event
#define UPDATE_EVENT_REMOTE_FAILURE ( 0xb )
// actions
#define UPDATE_ACTION_TERMINATE_THREAD ( 0 )
#define UPDATE_ACTION_NOTIFY ( 0x1 )
#define UPDATE_ACTION_STOP_CAPTURE ( 0x2 )
#define UPDATE_ACTION_PAUSE_CAPTURE ( 0x3 )
#define UPDATE_ACTION_RTC_BUFFER_SWITCH ( 0x4 )
typedef struct _UPDATE_EVENT { USHORT Event; DWORD Action; DWORD Status; DWORD Value; __int64 TimeStamp; DWORD_PTR lpUserContext; DWORD_PTR lpReserved; UINT FramesDropped; /* [switch_is] */ /* [switch_type] */ union { /* [default] */ DWORD Reserved; /* [case()] */ LPFRAMETABLE lpFrameTable; /* [case()] */ DWORD_PTR lpPacketQueue; /* [case()] */ SECURITY_PERMISSION_RESPONSE SecurityResponse; } ; LPSTATISTICS lpFinalStats; } UPDATE_EVENT;
typedef UPDATE_EVENT *PUPDATE_EVENT;
// note for c++ users:
// the declaration for this callback should be in the public part of the header file:
// static WINAPI DWORD NetworkCallback( UPDATE_EVENT events);
// and the implementation should be, in the protected section of the cpp file:
// DWORD WINAPI ClassName::NetworkCallback( UPDATE_EVENT events) {};
//typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);
typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);//=============================================================================
// NETWORKSTATUS data structure.
//=============================================================================
typedef struct _NETWORKSTATUS { DWORD State; DWORD Flags; } NETWORKSTATUS;
typedef NETWORKSTATUS *LPNETWORKSTATUS;
#define NETWORKSTATUS_SIZE ( sizeof( NETWORKSTATUS ) )
#define NETWORKSTATUS_STATE_VOID ( 0 )
#define NETWORKSTATUS_STATE_INIT ( 1 )
#define NETWORKSTATUS_STATE_CAPTURING ( 2 )
#define NETWORKSTATUS_STATE_PAUSED ( 3 )
#define NETWORKSTATUS_FLAGS_TRIGGER_PENDING ( 0x1 )
#define MAKE_WORD(l, h) (((WORD) (l)) | (((WORD) (h)) << 8))
#define MAKE_LONG(l, h) (((DWORD) (l)) | (((DWORD) (h)) << 16L))
#define MAKE_SIG(a, b, c, d) MAKE_LONG(MAKE_WORD(a, b), MAKE_WORD(c, d))
//=============================================================================
// STATISTICS parameter structure.
//=============================================================================
#define MAX_SESSIONS ( 100 )
#define MAX_STATIONS ( 100 )
typedef struct _STATISTICSPARAM { DWORD StatisticsSize; STATISTICS Statistics; DWORD StatisticsTableEntries; STATIONSTATS StatisticsTable[ 100 ]; DWORD SessionTableEntries; SESSIONSTATS SessionTable[ 100 ]; } STATISTICSPARAM;
typedef STATISTICSPARAM *LPSTATISTICSPARAM;
#define STATISTICSPARAM_SIZE ( sizeof( STATISTICSPARAM ) )
//=============================================================================
// Capture file header.
//=============================================================================
// This structure is used to decode file data and so needs to be packed
#pragma pack(push, 1)
#define CAPTUREFILE_VERSION_MAJOR ( 2 )
#define CAPTUREFILE_VERSION_MINOR ( 0 )
#define MakeVersion(Major, Minor) ((DWORD) MAKEWORD(Minor, Major))
#define GetCurrentVersion() MakeVersion(CAPTUREFILE_VERSION_MAJOR, CAPTUREFILE_VERSION_MINOR)
#define NETMON_1_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('R', 'T', 'S', 'S')
#define NETMON_2_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('G', 'M', 'B', 'U')
typedef struct _CAPTUREFILE_HEADER_VALUES { DWORD Signature; BYTE BCDVerMinor; BYTE BCDVerMajor; WORD MacType; SYSTEMTIME TimeStamp; DWORD FrameTableOffset; DWORD FrameTableLength; DWORD UserDataOffset; DWORD UserDataLength; DWORD CommentDataOffset; DWORD CommentDataLength; DWORD StatisticsOffset; DWORD StatisticsLength; DWORD NetworkInfoOffset; DWORD NetworkInfoLength; DWORD ConversationStatsOffset; DWORD ConversationStatsLength; } CAPTUREFILE_HEADER_VALUES;
typedef CAPTUREFILE_HEADER_VALUES *LPCAPTUREFILE_HEADER_VALUES;
#define CAPTUREFILE_HEADER_VALUES_SIZE ( sizeof( CAPTUREFILE_HEADER_VALUES ) )
#pragma pack(pop)
//=============================================================================
// Capture file.
//=============================================================================
// This structure is used to decode file data and so needs to be packed
#pragma pack(push, 1)
typedef struct _CAPTUREFILE_HEADER { union { CAPTUREFILE_HEADER_VALUES ActualHeader; BYTE Buffer[ 72 ]; } ; BYTE Reserved[ 56 ]; } CAPTUREFILE_HEADER;
typedef CAPTUREFILE_HEADER *LPCAPTUREFILE_HEADER;
#define CAPTUREFILE_HEADER_SIZE ( sizeof( CAPTUREFILE_HEADER ) )
#pragma pack(pop)
//=============================================================================
// Stats Frame definitions.
//=============================================================================
// These structures are used to create network data and so need to be packed
#pragma pack(push, 1)
typedef struct _EFRAMEHDR { BYTE SrcAddress[ 6 ]; BYTE DstAddress[ 6 ]; WORD Length; BYTE DSAP; BYTE SSAP; BYTE Control; BYTE ProtocolID[ 3 ]; WORD EtherType; } EFRAMEHDR;
typedef struct _TRFRAMEHDR { BYTE AC; BYTE FC; BYTE SrcAddress[ 6 ]; BYTE DstAddress[ 6 ]; BYTE DSAP; BYTE SSAP; BYTE Control; BYTE ProtocolID[ 3 ]; WORD EtherType; } TRFRAMEHDR;
#define DEFAULT_TR_AC ( 0 )
#define DEFAULT_TR_FC ( 0x40 )
#define DEFAULT_SAP ( 0xaa )
#define DEFAULT_CONTROL ( 0x3 )
#define DEFAULT_ETHERTYPE ( 0x8419 )
typedef struct _FDDIFRAMEHDR { BYTE FC; BYTE SrcAddress[ 6 ]; BYTE DstAddress[ 6 ]; BYTE DSAP; BYTE SSAP; BYTE Control; BYTE ProtocolID[ 3 ]; WORD EtherType; } FDDIFRAMEHDR;
#define DEFAULT_FDDI_FC ( 0x10 )
typedef struct _FDDISTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; FDDIFRAMEHDR FrameHeader; BYTE FrameID[ 4 ]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } FDDISTATFRAME;
typedef FDDISTATFRAME *LPFDDISTATFRAME;
typedef FDDISTATFRAME UNALIGNED *ULPFDDISTATFRAME;#define FDDISTATFRAME_SIZE ( sizeof( FDDISTATFRAME ) )
typedef struct _ATMFRAMEHDR { BYTE SrcAddress[ 6 ]; BYTE DstAddress[ 6 ]; WORD Vpi; WORD Vci; } ATMFRAMEHDR;
typedef struct _ATMSTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; ATMFRAMEHDR FrameHeader; BYTE FrameID[ 4 ]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } ATMSTATFRAME;
typedef ATMSTATFRAME *LPATMSTATFRAME;
typedef ATMSTATFRAME UNALIGNED *ULPATMSTATFRAME;#define ATMSTATFRAME_SIZE ( sizeof( ATMSTATFRAME ) )
typedef struct _TRSTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; TRFRAMEHDR FrameHeader; BYTE FrameID[ 4 ]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } TRSTATFRAME;
typedef TRSTATFRAME *LPTRSTATFRAME;
typedef TRSTATFRAME UNALIGNED *ULPTRSTATFRAME;#define TRSTATFRAME_SIZE ( sizeof( TRSTATFRAME ) )
typedef struct _ESTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; EFRAMEHDR FrameHeader; BYTE FrameID[ 4 ]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } ESTATFRAME;
typedef ESTATFRAME *LPESTATFRAME;
typedef ESTATFRAME UNALIGNED *ULPESTATFRAME;#define ESTATFRAME_SIZE ( sizeof( ESTATFRAME ) )
#define STATISTICS_VERSION_1_0 ( 0 )
#define STATISTICS_VERSION_2_0 ( 0x20 )
#define MAX_STATSFRAME_SIZE ( sizeof( TRSTATFRAME ) )
#define STATS_FRAME_TYPE ( 103 )
#pragma pack(pop)
//****************************************************************************
//****************************************************************************
// Obsolete structures
// The newer structures (named with a 2 appended) should be used
//****************************************************************************
//****************************************************************************
#pragma pack(push, 1)
// Address Structure
// Obsolete, ADDRESS2 should be used
typedef struct _ADDRESS{ DWORD Type;
union { // ADDRESS_TYPE_ETHERNET
// ADDRESS_TYPE_TOKENRING
// ADDRESS_TYPE_FDDI
BYTE MACAddress[MAC_ADDRESS_SIZE];
// IP
BYTE IPAddress[IP_ADDRESS_SIZE];
// raw IPX
BYTE IPXRawAddress[IPX_ADDR_SIZE];
// real IPX
IPX_ADDR IPXAddress;
// raw Vines IP
BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];
// real Vines IP
VINES_IP_ADDRESS VinesIPAddress;
// ethernet with bits defined
ETHERNET_SRC_ADDRESS EthernetSrcAddress;
// ethernet with bits defined
ETHERNET_DST_ADDRESS EthernetDstAddress;
// tokenring with bits defined
TOKENRING_SRC_ADDRESS TokenringSrcAddress;
// tokenring with bits defined
TOKENRING_DST_ADDRESS TokenringDstAddress;
// fddi with bits defined
FDDI_SRC_ADDRESS FddiSrcAddress;
// fddi with bits defined
FDDI_DST_ADDRESS FddiDstAddress; }; WORD Flags;} ADDRESS;typedef ADDRESS *LPADDRESS;#define ADDRESS_SIZE sizeof(ADDRESS)
#pragma pack(pop)
// Obsolete, ADDRESSPAIR2 should be used
typedef struct _ADDRESSPAIR{ WORD AddressFlags; WORD NalReserved; ADDRESS DstAddress; ADDRESS SrcAddress;
} ADDRESSPAIR;typedef ADDRESSPAIR *LPADDRESSPAIR;#define ADDRESSPAIR_SIZE sizeof(ADDRESSPAIR)
// Obsolete, ADDRESSTABLE2 should be used
typedef struct _ADDRESSTABLE{ DWORD nAddressPairs; DWORD nNonMacAddressPairs; ADDRESSPAIR AddressPair[MAX_ADDRESS_PAIRS];
} ADDRESSTABLE;
typedef ADDRESSTABLE *LPADDRESSTABLE;#define ADDRESSTABLE_SIZE sizeof(ADDRESSTABLE)
// Obsolete, ADDRESSINFO2 should be used
typedef struct _ADDRESSINFO{ ADDRESS Address; WCHAR Name[MAX_NAME_SIZE]; DWORD Flags; LPVOID lpAddressInstData;
} ADDRESSINFO;typedef struct _ADDRESSINFO *LPADDRESSINFO;#define ADDRESSINFO_SIZE sizeof(ADDRESSINFO)
// Obsolete, ADDRESSINFOTABLE2 should be used
typedef struct _ADDRESSINFOTABLE{ DWORD nAddressInfos; LPADDRESSINFO lpAddressInfo[0];
} ADDRESSINFOTABLE;typedef ADDRESSINFOTABLE *LPADDRESSINFOTABLE;#define ADDRESSINFOTABLE_SIZE sizeof(ADDRESSINFOTABLE)
//****************************************************************************
//****************************************************************************
// Obsolete functions
// The newer functions should be used
//****************************************************************************
//****************************************************************************
// Obsolete, SetNPPAddress2FilterInBlob should be used
DWORD _cdecl SetNPPAddressFilterInBlob( HBLOB hBlob, LPADDRESSTABLE pAddressTable);// Obsolete, GetNPPAddress2FilterFromBlob should be used
DWORD _cdecl GetNPPAddressFilterFromBlob( HBLOB hBlob, LPADDRESSTABLE pAddressTable, HBLOB hErrorBlob);//=============================================================================
//=============================================================================
// (NMEvent.h)
//=============================================================================
//=============================================================================
#pragma pack(push, 8)
// NMCOLUMNTYPE
typedef /* [public][public][public][public][public][public] */ enum __MIDL___MIDL_itf_netmon_0000_0005 { NMCOLUMNTYPE_UINT8 = 0, NMCOLUMNTYPE_SINT8 = NMCOLUMNTYPE_UINT8 + 1, NMCOLUMNTYPE_UINT16 = NMCOLUMNTYPE_SINT8 + 1, NMCOLUMNTYPE_SINT16 = NMCOLUMNTYPE_UINT16 + 1, NMCOLUMNTYPE_UINT32 = NMCOLUMNTYPE_SINT16 + 1, NMCOLUMNTYPE_SINT32 = NMCOLUMNTYPE_UINT32 + 1, NMCOLUMNTYPE_FLOAT64 = NMCOLUMNTYPE_SINT32 + 1, NMCOLUMNTYPE_FRAME = NMCOLUMNTYPE_FLOAT64 + 1, NMCOLUMNTYPE_YESNO = NMCOLUMNTYPE_FRAME + 1, NMCOLUMNTYPE_ONOFF = NMCOLUMNTYPE_YESNO + 1, NMCOLUMNTYPE_TRUEFALSE = NMCOLUMNTYPE_ONOFF + 1, NMCOLUMNTYPE_MACADDR = NMCOLUMNTYPE_TRUEFALSE + 1, NMCOLUMNTYPE_IPXADDR = NMCOLUMNTYPE_MACADDR + 1, NMCOLUMNTYPE_IPADDR = NMCOLUMNTYPE_IPXADDR + 1, NMCOLUMNTYPE_VARTIME = NMCOLUMNTYPE_IPADDR + 1, NMCOLUMNTYPE_STRING = NMCOLUMNTYPE_VARTIME + 1 } NMCOLUMNTYPE;
// NMCOLUMNVARIANT
typedef struct _NMCOLUMNVARIANT { NMCOLUMNTYPE Type; union { BYTE Uint8Val; char Sint8Val; WORD Uint16Val; short Sint16Val; DWORD Uint32Val; long Sint32Val; DOUBLE Float64Val; DWORD FrameVal; BOOL YesNoVal; BOOL OnOffVal; BOOL TrueFalseVal; BYTE MACAddrVal[ 6 ]; IPX_ADDR IPXAddrVal; DWORD IPAddrVal; DOUBLE VarTimeVal; LPCSTR pStringVal; } Value; } NMCOLUMNVARIANT;
// COLUMNINFO
typedef struct _NMCOLUMNINFO { LPSTR szColumnName; NMCOLUMNVARIANT VariantData; } NMCOLUMNINFO;
typedef NMCOLUMNINFO *PNMCOLUMNINFO;
// JTYPE
typedef LPSTR JTYPE;
// EVENTDATA
#ifdef MIDL_PASS
typedef struct _NMEVENTDATA { LPSTR pszReserved; BYTE Version; DWORD EventIdent; DWORD Flags; DWORD Severity; BYTE NumColumns; LPSTR szSourceName; LPSTR szEventName; LPSTR szDescription; LPSTR szMachine; JTYPE Justification; PVOID pvReserved; SYSTEMTIME SysTime; /* [size_is] */ NMCOLUMNINFO Column[ 1 ]; } NMEVENTDATA;
#else // MIDL_PASS
typedef struct _NMEVENTDATA { LPSTR pszReserved; // Reserved
BYTE Version; // Version for this structure (must be 0)
DWORD EventIdent; // ID for this event
DWORD Flags; // Flags for Expert generated and others
DWORD Severity; // Severity level
BYTE NumColumns; // Number of optional columns for this event
LPSTR szSourceName; // Name of Expert
LPSTR szEventName; // Name of event
LPSTR szDescription;// Description of event
LPSTR szMachine; // Name (or IPADDRESS?) of the machine supplying the event (NULL for Experts usually)
JTYPE Justification;// Justification pane info (currently a string, but possible structure)
PVOID pvReserved; // Reserved
SYSTEMTIME SysTime; // Systemtime of the event
NMCOLUMNINFO Column[0]; } NMEVENTDATA;#endif // MIDL_PASS
typedef NMEVENTDATA *PNMEVENTDATA;
#pragma pack(pop)
// EVENT FLAGS
#define NMEVENTFLAG_EXPERT ( 0x1 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY ( 0x80000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE ( 0x40000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME ( 0x20000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION ( 0x10000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE ( 0x8000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_TIME ( 0x4000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_DATE ( 0x2000000 )
//#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS (NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY | \// NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE | \// NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME | \// NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION| \// NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE | \// NMEVENTFLAG_DO_NOT_DISPLAY_TIME | \// NMEVENTFLAG_DO_NOT_DISPLAY_DATE )
#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS ( 0xfe000000 )
enum _NMEVENT_SEVERITIES { NMEVENT_SEVERITY_INFORMATIONAL = 0, NMEVENT_SEVERITY_WARNING = NMEVENT_SEVERITY_INFORMATIONAL + 1, NMEVENT_SEVERITY_STRONG_WARNING = NMEVENT_SEVERITY_WARNING + 1, NMEVENT_SEVERITY_ERROR = NMEVENT_SEVERITY_STRONG_WARNING + 1, NMEVENT_SEVERITY_SEVERE_ERROR = NMEVENT_SEVERITY_ERROR + 1, NMEVENT_SEVERITY_CRITICAL_ERROR = NMEVENT_SEVERITY_SEVERE_ERROR + 1 } ;//=============================================================================
//=============================================================================
// (Finder.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Structures use by NPPs & the Finder
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0007 { DWORD dwNumBlobs; /* [size_is] */ HBLOB hBlobs[ 1 ]; } BLOB_TABLE;
typedef BLOB_TABLE *PBLOB_TABLE;
typedef /* [public][public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0008 { DWORD size; /* [size_is] */ BYTE *pBytes; } MBLOB;
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0009 { DWORD dwNumBlobs; /* [size_is] */ MBLOB mBlobs[ 1 ]; } MBLOB_TABLE;
typedef MBLOB_TABLE *PMBLOB_TABLE;
//=============================================================================
// Functions called by monitors, tools, netmon
//=============================================================================
DWORD _cdecl GetNPPBlobTable(HBLOB hFilterBlob, PBLOB_TABLE* ppBlobTable);
DWORD _cdecl GetNPPBlobFromUI(HWND hwnd, HBLOB hFilterBlob, HBLOB* phBlob);
DWORD _cdecl GetNPPBlobFromUIExU(HWND hwnd, HBLOB hFilterBlob, HBLOB* phBlob, char* szHelpFileName);
DWORD _cdecl SelectNPPBlobFromTable( HWND hwnd, PBLOB_TABLE pBlobTable, HBLOB* hBlob);
DWORD _cdecl SelectNPPBlobFromTableExU( HWND hwnd, PBLOB_TABLE pBlobTable, HBLOB* hBlob, char* szHelpFileName);
//=============================================================================
// Helper functions provided by the Finder
//=============================================================================
__inline DWORD BLOB_TABLE_SIZE(DWORD dwNumBlobs){ return (DWORD) (sizeof(BLOB_TABLE)+dwNumBlobs*sizeof(HBLOB));}
__inline PBLOB_TABLE AllocBlobTable(DWORD dwNumBlobs){ DWORD size = BLOB_TABLE_SIZE(dwNumBlobs);
return (PBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);}
__inline DWORD MBLOB_TABLE_SIZE(DWORD dwNumBlobs){ return (DWORD) (sizeof(MBLOB_TABLE)+dwNumBlobs*sizeof(MBLOB));}
__inline PMBLOB_TABLE AllocMBlobTable(DWORD dwNumBlobs){ DWORD size = MBLOB_TABLE_SIZE(dwNumBlobs);
return (PMBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);}
//=============================================================================
// Functions provided by NPPs, called by the Finder
//=============================================================================
// For NPP's that can return a Blob table without additional configuration.
DWORD _cdecl GetNPPBlobs(PBLOB_TABLE* ppBlobTable);typedef DWORD (_cdecl FAR* BLOBSPROC) (PBLOB_TABLE* ppBlobTable);
// For NPP's that need additional information to return a Blob table.
DWORD _cdecl GetConfigBlob(HBLOB* phBlob);typedef DWORD (_cdecl FAR* GETCFGBLOB) (HBLOB, HBLOB*);typedef DWORD (_cdecl FAR* CFGPROC) (HWND hwnd, HBLOB SpecialBlob, PBLOB_TABLE* ppBlobTable);
//=============================================================================
// Handy functions
//=============================================================================
BOOL _cdecl FilterNPPBlob(HBLOB hBlob, HBLOB FilterBlob);
BOOL _cdecl RaiseNMEvent(HINSTANCE hInstance, WORD EventType, DWORD EventID, WORD nStrings, const char** aInsertStrs, LPVOID lpvData, DWORD dwDataSize);
//=============================================================================
//=============================================================================
// (NMmonitor.h)
//=============================================================================
//=============================================================================
//=============================================================================
//=============================================================================
// (NMSupp.h)
//=============================================================================
//=============================================================================
#ifndef __cplusplus
#ifndef try
#define try __try
#endif // try
#ifndef except
#define except __except
#endif // except
#endif // __cplusplus
//=============================================================================
// Windows version constants.
//=============================================================================
#define WINDOWS_VERSION_UNKNOWN ( 0 )
#define WINDOWS_VERSION_WIN32S ( 1 )
#define WINDOWS_VERSION_WIN32C ( 2 )
#define WINDOWS_VERSION_WIN32 ( 3 )
//=============================================================================
// Frame masks.
//=============================================================================
#define FRAME_MASK_ETHERNET ( ( BYTE )~0x1 )
#define FRAME_MASK_TOKENRING ( ( BYTE )~0x80 )
#define FRAME_MASK_FDDI ( ( BYTE )~0x1 )
//=============================================================================
// Object heap type.
//=============================================================================
typedef LPVOID HOBJECTHEAP;
//=============================================================================
// Object cleanup procedure.
//=============================================================================
typedef VOID (WINAPI *OBJECTPROC)(HOBJECTHEAP, LPVOID);
//=============================================================================
// Network Monitor timers.
//=============================================================================
typedef struct _TIMER *HTIMER;
typedef VOID (WINAPI *BHTIMERPROC)(LPVOID);
HTIMER WINAPI BhSetTimer(BHTIMERPROC TimerProc, LPVOID InstData, DWORD TimeOut);
VOID WINAPI BhKillTimer(HTIMER hTimer);
//=============================================================================
// Network Monitor global error API.
//=============================================================================
DWORD WINAPI BhGetLastError(VOID);
DWORD WINAPI BhSetLastError(DWORD Error);
//=============================================================================
// Object manager function prototypes.
//=============================================================================
HOBJECTHEAP WINAPI CreateObjectHeap(DWORD ObjectSize, OBJECTPROC ObjectProc);
HOBJECTHEAP WINAPI DestroyObjectHeap(HOBJECTHEAP hObjectHeap);
LPVOID WINAPI AllocObject(HOBJECTHEAP hObjectHeap);
LPVOID WINAPI FreeObject(HOBJECTHEAP hObjectHeap, LPVOID ObjectMemory);
DWORD WINAPI GrowObjectHeap(HOBJECTHEAP hObjectHeap, DWORD nObjects);
DWORD WINAPI GetObjectHeapSize(HOBJECTHEAP hObjectHeap);
VOID WINAPI PurgeObjectHeap(HOBJECTHEAP hObjectHeap);
//=============================================================================
// Memory functions.
//=============================================================================
LPVOID WINAPI AllocMemory(SIZE_T size);
LPVOID WINAPI ReallocMemory(LPVOID ptr, SIZE_T NewSize);
VOID WINAPI FreeMemory(LPVOID ptr);
VOID WINAPI TestMemory(LPVOID ptr);
SIZE_T WINAPI MemorySize(LPVOID ptr);
HANDLE WINAPI MemoryHandle(LPBYTE ptr);
//=============================================================================
// EXPRESSION API's
//=============================================================================
LPEXPRESSION WINAPI InitializeExpression(LPEXPRESSION Expression);
LPPATTERNMATCH WINAPI InitializePattern(LPPATTERNMATCH Pattern, LPVOID ptr, DWORD offset, DWORD length);
LPEXPRESSION WINAPI AndExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);
LPEXPRESSION WINAPI OrExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);
LPPATTERNMATCH WINAPI NegatePattern(LPPATTERNMATCH Pattern);
LPADDRESSTABLE2 WINAPI AdjustOperatorPrecedence(LPADDRESSTABLE2 AddressTable);
LPADDRESS2 WINAPI NormalizeAddress(LPADDRESS2 Address);
LPADDRESSTABLE2 WINAPI NormalizeAddressTable(LPADDRESSTABLE2 AddressTable);
//=============================================================================
// MISC. API's
//=============================================================================
DWORD WINAPI BhGetWindowsVersion(VOID);
BOOL WINAPI IsDaytona(VOID);
VOID _cdecl dprintf(LPSTR format, ...);
//=============================================================================
//=============================================================================
// (BHTypes.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Unaligned base type definitions.
//=============================================================================
typedef VOID UNALIGNED *ULPVOID;typedef BYTE UNALIGNED *ULPBYTE;typedef WORD UNALIGNED *ULPWORD;typedef DWORD UNALIGNED *ULPDWORD;typedef CHAR UNALIGNED *ULPSTR;typedef SYSTEMTIME UNALIGNED *ULPSYSTEMTIME;//=============================================================================
// Handle definitions.
//=============================================================================
typedef struct _PARSER *HPARSER;
typedef struct _CAPFRAMEDESC *HFRAME;
typedef struct _CAPTURE *HCAPTURE;
typedef struct _FILTER *HFILTER;
typedef struct _ADDRESSDB *HADDRESSDB;
typedef struct _PROTOCOL *HPROTOCOL;
typedef DWORD_PTR HPROPERTY;
typedef HPROTOCOL *LPHPROTOCOL;
//=============================================================================
// GetTableSize() -- The following macro is used to calculate the actual
// length of Network Monitor variable-length table structures.
//
// EXAMPLE:
//
// GetTableSize(PROTOCOLTABLESIZE,
// ProtocolTable->nProtocols,
// sizeof(HPROTOCOL))
//=============================================================================
#define GetTableSize(TableBaseSize, nElements, ElementSize) ((TableBaseSize) + ((nElements) * (ElementSize)))
//=============================================================================
// Object type identifiers.
//=============================================================================
typedef DWORD OBJECTTYPE;
#ifndef MAKE_IDENTIFIER
#define MAKE_IDENTIFIER(a, b, c, d) ((DWORD) MAKELONG(MAKEWORD(a, b), MAKEWORD(c, d)))
#endif // MAKE_IDENTIFIER
#define HANDLE_TYPE_INVALID MAKE_IDENTIFIER(-1, -1, -1, -1)
#define HANDLE_TYPE_CAPTURE MAKE_IDENTIFIER('C', 'A', 'P', '$')
#define HANDLE_TYPE_PARSER MAKE_IDENTIFIER('P', 'S', 'R', '$')
#define HANDLE_TYPE_ADDRESSDB MAKE_IDENTIFIER('A', 'D', 'R', '$')
#define HANDLE_TYPE_PROTOCOL MAKE_IDENTIFIER('P', 'R', 'T', '$')
#define HANDLE_TYPE_BUFFER MAKE_IDENTIFIER('B', 'U', 'F', '$')
//=============================================================================
// Network Monitor constant definitions.
//=============================================================================
#define INLINE __inline
#define BHAPI WINAPI
#define MAX_NAME_LENGTH ( 16 )
#define MAX_ADDR_LENGTH ( 6 )
//=============================================================================
// Ethernet type (ETYPE) constant definitions.
//=============================================================================
#define ETYPE_LOOP ( 0x9000 )
#define ETYPE_3COM_NETMAP1 ( 0x9001 )
#define ETYPE_3COM_NETMAP2 ( 0x9002 )
#define ETYPE_IBM_RT ( 0x80d5 )
#define ETYPE_NETWARE ( 0x8137 )
#define ETYPE_XNS1 ( 0x600 )
#define ETYPE_XNS2 ( 0x807 )
#define ETYPE_3COM_NBP0 ( 0x3c00 )
#define ETYPE_3COM_NBP1 ( 0x3c01 )
#define ETYPE_3COM_NBP2 ( 0x3c02 )
#define ETYPE_3COM_NBP3 ( 0x3c03 )
#define ETYPE_3COM_NBP4 ( 0x3c04 )
#define ETYPE_3COM_NBP5 ( 0x3c05 )
#define ETYPE_3COM_NBP6 ( 0x3c06 )
#define ETYPE_3COM_NBP7 ( 0x3c07 )
#define ETYPE_3COM_NBP8 ( 0x3c08 )
#define ETYPE_3COM_NBP9 ( 0x3c09 )
#define ETYPE_3COM_NBP10 ( 0x3c0a )
#define ETYPE_IP ( 0x800 )
#define ETYPE_ARP1 ( 0x806 )
#define ETYPE_ARP2 ( 0x807 )
#define ETYPE_RARP ( 0x8035 )
#define ETYPE_TRLR0 ( 0x1000 )
#define ETYPE_TRLR1 ( 0x1001 )
#define ETYPE_TRLR2 ( 0x1002 )
#define ETYPE_TRLR3 ( 0x1003 )
#define ETYPE_TRLR4 ( 0x1004 )
#define ETYPE_TRLR5 ( 0x1005 )
#define ETYPE_PUP ( 0x200 )
#define ETYPE_PUP_ARP ( 0x201 )
#define ETYPE_APPLETALK_ARP ( 0x80f3 )
#define ETYPE_APPLETALK_LAP ( 0x809b )
#define ETYPE_SNMP ( 0x814c )
//=============================================================================
// LLC (802.2) SAP constant definitions.
//=============================================================================
#define SAP_SNAP ( 0xaa )
#define SAP_BPDU ( 0x42 )
#define SAP_IBM_NM ( 0xf4 )
#define SAP_IBM_NETBIOS ( 0xf0 )
#define SAP_SNA1 ( 0x4 )
#define SAP_SNA2 ( 0x5 )
#define SAP_SNA3 ( 0x8 )
#define SAP_SNA4 ( 0xc )
#define SAP_NETWARE1 ( 0x10 )
#define SAP_NETWARE2 ( 0xe0 )
#define SAP_NETWARE3 ( 0xfe )
#define SAP_IP ( 0x6 )
#define SAP_X25 ( 0x7e )
#define SAP_RPL1 ( 0xf8 )
#define SAP_RPL2 ( 0xfc )
#define SAP_UB ( 0xfa )
#define SAP_XNS ( 0x80 )
//=============================================================================
// Property constants
//=============================================================================
// data types
#define PROP_TYPE_VOID ( 0 )
#define PROP_TYPE_SUMMARY ( 0x1 )
#define PROP_TYPE_BYTE ( 0x2 )
#define PROP_TYPE_WORD ( 0x3 )
#define PROP_TYPE_DWORD ( 0x4 )
#define PROP_TYPE_LARGEINT ( 0x5 )
#define PROP_TYPE_ADDR ( 0x6 )
#define PROP_TYPE_TIME ( 0x7 )
#define PROP_TYPE_STRING ( 0x8 )
#define PROP_TYPE_IP_ADDRESS ( 0x9 )
#define PROP_TYPE_IPX_ADDRESS ( 0xa )
#define PROP_TYPE_BYTESWAPPED_WORD ( 0xb )
#define PROP_TYPE_BYTESWAPPED_DWORD ( 0xc )
#define PROP_TYPE_TYPED_STRING ( 0xd )
#define PROP_TYPE_RAW_DATA ( 0xe )
#define PROP_TYPE_COMMENT ( 0xf )
#define PROP_TYPE_SRCFRIENDLYNAME ( 0x10 )
#define PROP_TYPE_DSTFRIENDLYNAME ( 0x11 )
#define PROP_TYPE_TOKENRING_ADDRESS ( 0x12 )
#define PROP_TYPE_FDDI_ADDRESS ( 0x13 )
#define PROP_TYPE_ETHERNET_ADDRESS ( 0x14 )
#define PROP_TYPE_OBJECT_IDENTIFIER ( 0x15 )
#define PROP_TYPE_VINES_IP_ADDRESS ( 0x16 )
#define PROP_TYPE_VAR_LEN_SMALL_INT ( 0x17 )
#define PROP_TYPE_ATM_ADDRESS ( 0x18 )
#define PROP_TYPE_1394_ADDRESS ( 0x19 )
#define PROP_TYPE_IP6_ADDRESS ( 0x1a )
// data qualifiers
#define PROP_QUAL_NONE ( 0 )
#define PROP_QUAL_RANGE ( 0x1 )
#define PROP_QUAL_SET ( 0x2 )
#define PROP_QUAL_BITFIELD ( 0x3 )
#define PROP_QUAL_LABELED_SET ( 0x4 )
#define PROP_QUAL_LABELED_BITFIELD ( 0x8 )
#define PROP_QUAL_CONST ( 0x9 )
#define PROP_QUAL_FLAGS ( 0xa )
#define PROP_QUAL_ARRAY ( 0xb )
//=============================================================================
// LARGEINT structure defined in winnt.h
//=============================================================================
typedef LARGE_INTEGER *LPLARGEINT;
typedef LARGE_INTEGER UNALIGNED *ULPLARGEINT;//=============================================================================
// Range structure.
//=============================================================================
typedef struct _RANGE { DWORD MinValue; DWORD MaxValue; } RANGE;
typedef RANGE *LPRANGE;
//=============================================================================
// LABELED_BYTE structure
//=============================================================================
typedef struct _LABELED_BYTE { BYTE Value; LPSTR Label; } LABELED_BYTE;
typedef LABELED_BYTE *LPLABELED_BYTE;
//=============================================================================
// LABELED_WORD structure
//=============================================================================
typedef struct _LABELED_WORD { WORD Value; LPSTR Label; } LABELED_WORD;
typedef LABELED_WORD *LPLABELED_WORD;
//=============================================================================
// LABELED_DWORD structure
//=============================================================================
typedef struct _LABELED_DWORD { DWORD Value; LPSTR Label; } LABELED_DWORD;
typedef LABELED_DWORD *LPLABELED_DWORD;
//=============================================================================
// LABELED_LARGEINT structure
//=============================================================================
typedef struct _LABELED_LARGEINT { LARGE_INTEGER Value; LPSTR Label; } LABELED_LARGEINT;
typedef LABELED_LARGEINT *LPLABELED_LARGEINT;
//=============================================================================
// LABELED_SYSTEMTIME structure
//=============================================================================
typedef struct _LABELED_SYSTEMTIME { SYSTEMTIME Value; LPSTR Label; } LABELED_SYSTEMTIME;
typedef LABELED_SYSTEMTIME *LPLABELED_SYSTEMTIME;
//=============================================================================
// LABELED_BIT structure
//=============================================================================
// BitNumber starts at 0, up to 256 bits.
typedef struct _LABELED_BIT { BYTE BitNumber; LPSTR LabelOff; LPSTR LabelOn; } LABELED_BIT;
typedef LABELED_BIT *LPLABELED_BIT;
//=============================================================================
// TYPED_STRING structure
//=============================================================================
#define TYPED_STRING_NORMAL ( 1 )
#define TYPED_STRING_UNICODE ( 2 )
#define TYPED_STRING_EXFLAG ( 1 )
// Typed Strings are always Ex, so to actually Ex we set fStringEx and put the Ex data in Byte
typedef struct _TYPED_STRING{ BYTE StringType:7; BYTE fStringEx:1; LPSTR lpString; BYTE Byte[0];} TYPED_STRING;
typedef TYPED_STRING *LPTYPED_STRING;//=============================================================================
// OBJECT_IDENTIFIER structure
//=============================================================================
typedef struct _OBJECT_IDENTIFIER { DWORD Length; LPDWORD lpIdentifier; } OBJECT_IDENTIFIER;
typedef OBJECT_IDENTIFIER *LPOBJECT_IDENTIFIER;
//=============================================================================
// Set structure.
//=============================================================================
typedef struct _SET { DWORD nEntries; union { LPVOID lpVoidTable; LPBYTE lpByteTable; LPWORD lpWordTable; LPDWORD lpDwordTable; LPLARGEINT lpLargeIntTable; LPSYSTEMTIME lpSystemTimeTable; LPLABELED_BYTE lpLabeledByteTable; LPLABELED_WORD lpLabeledWordTable; LPLABELED_DWORD lpLabeledDwordTable; LPLABELED_LARGEINT lpLabeledLargeIntTable; LPLABELED_SYSTEMTIME lpLabeledSystemTimeTable; LPLABELED_BIT lpLabeledBit; } ; } SET;
typedef SET *LPSET;
//=============================================================================
// String table.
//=============================================================================
typedef struct _STRINGTABLE{ DWORD nStrings; LPSTR String[0];
} STRINGTABLE;
typedef STRINGTABLE *LPSTRINGTABLE;#define STRINGTABLE_SIZE sizeof(STRINGTABLE)
//=============================================================================
// RECOGNIZEDATA structure.
//
// This structure to keep track of the start of each recognized protocol.
//=============================================================================
typedef struct _RECOGNIZEDATA { WORD ProtocolID; WORD nProtocolOffset; LPVOID InstData; } RECOGNIZEDATA;
typedef RECOGNIZEDATA *LPRECOGNIZEDATA;
//=============================================================================
// RECOGNIZEDATATABLE structure.
//
// This structure to keep track of the start of each RECOGNIZEDATA structure
//=============================================================================
typedef struct _RECOGNIZEDATATABLE{ WORD nRecognizeDatas; //... number of RECOGNIZEDATA structures
RECOGNIZEDATA RecognizeData[0]; //... array of RECOGNIZEDATA structures follows
} RECOGNIZEDATATABLE;
typedef RECOGNIZEDATATABLE * LPRECOGNIZEDATATABLE;
//=============================================================================
// Property information structure.
//=============================================================================
typedef struct _PROPERTYINFO { HPROPERTY hProperty; DWORD Version; LPSTR Label; LPSTR Comment; BYTE DataType; BYTE DataQualifier; union { LPVOID lpExtendedInfo; LPRANGE lpRange; LPSET lpSet; DWORD Bitmask; DWORD Value; } ; WORD FormatStringSize; LPVOID InstanceData; } PROPERTYINFO;
typedef PROPERTYINFO *LPPROPERTYINFO;
#define PROPERTYINFO_SIZE ( sizeof( PROPERTYINFO ) )
//=============================================================================
// Property instance Extended structure.
//=============================================================================
typedef struct _PROPERTYINSTEX{ WORD Length; //... length of raw data in frame
WORD LengthEx; //... number of bytes following
ULPVOID lpData; //... pointer to raw data in frame
union { BYTE Byte[]; //... table of bytes follows
WORD Word[]; //... table of words follows
DWORD Dword[]; //... table of Dwords follows
LARGE_INTEGER LargeInt[]; //... table of LARGEINT structures to follow
SYSTEMTIME SysTime[]; //... table of SYSTEMTIME structures follows
TYPED_STRING TypedString;//... a typed_string that may have extended data
};} PROPERTYINSTEX;typedef PROPERTYINSTEX *LPPROPERTYINSTEX;typedef PROPERTYINSTEX UNALIGNED *ULPPROPERTYINSTEX;#define PROPERTYINSTEX_SIZE sizeof(PROPERTYINSTEX)
//=============================================================================
// Property instance structure.
//=============================================================================
typedef struct _PROPERTYINST{ LPPROPERTYINFO lpPropertyInfo; // pointer to property info
LPSTR szPropertyText; // pointer to string description
union { LPVOID lpData; // pointer to data
ULPBYTE lpByte; // bytes
ULPWORD lpWord; // words
ULPDWORD lpDword; // dwords
ULPLARGEINT lpLargeInt; // LargeInt
ULPSYSTEMTIME lpSysTime; // pointer to SYSTEMTIME structures
LPPROPERTYINSTEX lpPropertyInstEx; // pointer to propertyinstex (if DataLength = -1)
};
WORD DataLength; // length of data, or flag for propertyinstex struct
WORD Level : 4 ; // level information ............1111
WORD HelpID : 12 ; // context ID for helpfile 111111111111....
// ---------------
// total of 16 bits == 1 WORD == DWORD ALIGNED structure
// Interpretation Flags: Flags that define attach time information to the
// interpretation of the property. For example, in RPC, the client can be
// Intel format and the server can be non-Intel format... thus the property
// database cannot describe the property at database creation time.
DWORD IFlags;
} PROPERTYINST;typedef PROPERTYINST *LPPROPERTYINST;#define PROPERTYINST_SIZE sizeof(PROPERTYINST)
// Flags passed at AttachPropertyInstance and AttachPropertyInstanceEx time in the IFlags field:
// flag for error condition ...............1
#define IFLAG_ERROR ( 0x1 )
// is the WORD or DWORD byte non-Intel format at attach time?
#define IFLAG_SWAPPED ( 0x2 )
// is the STRING UNICODE at attach time?
#define IFLAG_UNICODE ( 0x4 )
//=============================================================================
// Property instance table structure.
//=============================================================================
typedef struct _PROPERTYINSTTABLE { WORD nPropertyInsts; WORD nPropertyInstIndex; } PROPERTYINSTTABLE;
typedef PROPERTYINSTTABLE *LPPROPERTYINSTTABLE;
#define PROPERTYINSTTABLE_SIZE ( sizeof( PROPERTYINSTTABLE ) )
//=============================================================================
// Property table structure.
//=============================================================================
typedef struct _PROPERTYTABLE{ LPVOID lpFormatBuffer; //... Opaque. (PRIVATE)
DWORD FormatBufferLength; //... Opaque. (PRIVATE)
DWORD nTotalPropertyInsts; //... total number of propertyinstances in array
LPPROPERTYINST lpFirstPropertyInst; //... array of property instances
BYTE nPropertyInstTables; //... total PropertyIndexTables following
PROPERTYINSTTABLE PropertyInstTable[0]; //... array of propertyinstance index table structures
} PROPERTYTABLE;
typedef PROPERTYTABLE *LPPROPERTYTABLE;
#define PROPERTYTABLE_SIZE sizeof(PROPERTYTABLE)
//=============================================================================
// Protocol entry points.
//=============================================================================
typedef VOID (WINAPI *REGISTER)(HPROTOCOL);
typedef VOID (WINAPI *DEREGISTER)(HPROTOCOL);
typedef LPBYTE (WINAPI *RECOGNIZEFRAME)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, LPDWORD, LPHPROTOCOL, PDWORD_PTR);
typedef LPBYTE (WINAPI *ATTACHPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, DWORD_PTR);
typedef DWORD (WINAPI *FORMATPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, LPPROPERTYINST);
//=============================================================================
// Protocol entry point structure.
//=============================================================================
typedef struct _ENTRYPOINTS{ REGISTER Register; //... Protocol Register() entry point.
DEREGISTER Deregister; //... Protocol Deregister() entry point.
RECOGNIZEFRAME RecognizeFrame; //... Protocol RecognizeFrame() entry point.
ATTACHPROPERTIES AttachProperties; //... Protocol AttachProperties() entry point.
FORMATPROPERTIES FormatProperties; //... Protocol FormatProperties() entry point.
} ENTRYPOINTS;
typedef ENTRYPOINTS *LPENTRYPOINTS;
#define ENTRYPOINTS_SIZE sizeof(ENTRYPOINTS)
//=============================================================================
// Property database structure.
//=============================================================================
typedef struct _PROPERTYDATABASE{ DWORD nProperties; //... Number of properties in database.
LPPROPERTYINFO PropertyInfo[0]; //... Array of property info pointers.
} PROPERTYDATABASE;#define PROPERTYDATABASE_SIZE sizeof(PROPERTYDATABASE)
typedef PROPERTYDATABASE *LPPROPERTYDATABASE;
//=============================================================================
// Protocol info structure (PUBLIC portion of HPROTOCOL).
//=============================================================================
typedef struct _PROTOCOLINFO{ DWORD ProtocolID; //... Prootocol ID of owning protocol.
LPPROPERTYDATABASE PropertyDatabase; //... Property database.
BYTE ProtocolName[16]; //... Protocol name.
BYTE HelpFile[16]; //... Optional helpfile name.
BYTE Comment[128]; //... Comment describing protocol.
} PROTOCOLINFO;typedef PROTOCOLINFO *LPPROTOCOLINFO;#define PROTOCOLINFO_SIZE sizeof(PROTOCOLINFO)
//=============================================================================
// Protocol Table.
//=============================================================================
typedef struct _PROTOCOLTABLE { DWORD nProtocols; HPROTOCOL hProtocol[ 1 ]; } PROTOCOLTABLE;
typedef PROTOCOLTABLE *LPPROTOCOLTABLE;
#define PROTOCOLTABLE_SIZE ( sizeof( PROTOCOLTABLE ) - sizeof( HPROTOCOL ) )
#define PROTOCOLTABLE_ACTUAL_SIZE(p) GetTableSize(PROTOCOLTABLE_SIZE, (p)->nProtocols, sizeof(HPROTOCOL))
//=============================================================================
// AddressInfo structure
//=============================================================================
#define SORT_BYADDRESS ( 0 )
#define SORT_BYNAME ( 1 )
#define PERMANENT_NAME ( 0x100 )
typedef struct _ADDRESSINFO2{ ADDRESS2 Address; WCHAR Name[MAX_NAME_SIZE]; DWORD Flags; LPVOID lpAddressInstData;
} ADDRESSINFO2;typedef struct _ADDRESSINFO2 *LPADDRESSINFO2;#define ADDRESSINFO2_SIZE sizeof(ADDRESSINFO2)
//=============================================================================
// AddressInfoTable
//=============================================================================
typedef struct _ADDRESSINFOTABLE2{ DWORD nAddressInfos; LPADDRESSINFO2 lpAddressInfo[0];
} ADDRESSINFOTABLE2;typedef ADDRESSINFOTABLE2 *LPADDRESSINFOTABLE2;#define ADDRESSINFOTABLE2_SIZE sizeof(ADDRESSINFOTABLE2)
//=============================================================================
// callback procedures.
//=============================================================================
typedef DWORD (WINAPI *FILTERPROC)(HCAPTURE, HFRAME, LPVOID);
//=============================================================================
//=============================================================================
// (NMErr.h)
//=============================================================================
//=============================================================================
// The operation succeeded.
#define NMERR_SUCCESS ( 0 )
// An error occured creating a memory-mapped file.
#define NMERR_MEMORY_MAPPED_FILE_ERROR ( 1 )
// The handle to a filter is invalid.
#define NMERR_INVALID_HFILTER ( 2 )
// Capturing has already been started.
#define NMERR_CAPTURING ( 3 )
// Capturing has not been started.
#define NMERR_NOT_CAPTURING ( 4 )
// The are no frames available.
#define NMERR_NO_MORE_FRAMES ( 5 )
// The buffer is too small to complete the operation.
#define NMERR_BUFFER_TOO_SMALL ( 6 )
// No protocol was able to recognize the frame.
#define NMERR_FRAME_NOT_RECOGNIZED ( 7 )
// The file already exists.
#define NMERR_FILE_ALREADY_EXISTS ( 8 )
// A needed device driver was not found or is not loaded.
#define NMERR_DRIVER_NOT_FOUND ( 9 )
// This address aready exists in the database.
#define NMERR_ADDRESS_ALREADY_EXISTS ( 10 )
// The frame handle is invalid.
#define NMERR_INVALID_HFRAME ( 11 )
// The protocol handle is invalid.
#define NMERR_INVALID_HPROTOCOL ( 12 )
// The property handle is invalid.
#define NMERR_INVALID_HPROPERTY ( 13 )
// The the object has been locked.
#define NMERR_LOCKED ( 14 )
// A pop operation was attempted on an empty stack.
#define NMERR_STACK_EMPTY ( 15 )
// A push operation was attempted on an full stack.
#define NMERR_STACK_OVERFLOW ( 16 )
// There are too many protocols active.
#define NMERR_TOO_MANY_PROTOCOLS ( 17 )
// The file was not found.
#define NMERR_FILE_NOT_FOUND ( 18 )
// No memory was available. Shut down windows to free up resources.
#define NMERR_OUT_OF_MEMORY ( 19 )
// The capture is already in the paused state.
#define NMERR_CAPTURE_PAUSED ( 20 )
// There are no buffers available or present.
#define NMERR_NO_BUFFERS ( 21 )
// There are already buffers present.
#define NMERR_BUFFERS_ALREADY_EXIST ( 22 )
// The object is not locked.
#define NMERR_NOT_LOCKED ( 23 )
// A integer type was out of range.
#define NMERR_OUT_OF_RANGE ( 24 )
// An object was locked too many times.
#define NMERR_LOCK_NESTING_TOO_DEEP ( 25 )
// A parser failed to load.
#define NMERR_LOAD_PARSER_FAILED ( 26 )
// A parser failed to unload.
#define NMERR_UNLOAD_PARSER_FAILED ( 27 )
// The address database handle is invalid.
#define NMERR_INVALID_HADDRESSDB ( 28 )
// The MAC address was not found in the database.
#define NMERR_ADDRESS_NOT_FOUND ( 29 )
// The network software was not found in the system.
#define NMERR_NETWORK_NOT_PRESENT ( 30 )
// There is no property database for a protocol.
#define NMERR_NO_PROPERTY_DATABASE ( 31 )
// A property was not found in the database.
#define NMERR_PROPERTY_NOT_FOUND ( 32 )
// The property database handle is in valid.
#define NMERR_INVALID_HPROPERTYDB ( 33 )
// The protocol has not been enabled.
#define NMERR_PROTOCOL_NOT_ENABLED ( 34 )
// The protocol DLL could not be found.
#define NMERR_PROTOCOL_NOT_FOUND ( 35 )
// The parser DLL is not valid.
#define NMERR_INVALID_PARSER_DLL ( 36 )
// There are no properties attached.
#define NMERR_NO_ATTACHED_PROPERTIES ( 37 )
// There are no frames in the buffer.
#define NMERR_NO_FRAMES ( 38 )
// The capture file format is not valid.
#define NMERR_INVALID_FILE_FORMAT ( 39 )
// The OS could not create a temporary file.
#define NMERR_COULD_NOT_CREATE_TEMPFILE ( 40 )
// There is not enough MS-DOS memory available.
#define NMERR_OUT_OF_DOS_MEMORY ( 41 )
// There are no protocols enabled.
#define NMERR_NO_PROTOCOLS_ENABLED ( 42 )
// The MAC type is invalid or unsupported.
#define NMERR_UNKNOWN_MACTYPE ( 46 )
// There is no routing information present in the MAC frame.
#define NMERR_ROUTING_INFO_NOT_PRESENT ( 47 )
// The network handle is invalid.
#define NMERR_INVALID_HNETWORK ( 48 )
// The network is already open.
#define NMERR_NETWORK_ALREADY_OPENED ( 49 )
// The network is not open.
#define NMERR_NETWORK_NOT_OPENED ( 50 )
// The frame was not found in the buffer.
#define NMERR_FRAME_NOT_FOUND ( 51 )
// There are no handles available.
#define NMERR_NO_HANDLES ( 53 )
// The network ID is invalid.
#define NMERR_INVALID_NETWORK_ID ( 54 )
// The capture handle is invalid.
#define NMERR_INVALID_HCAPTURE ( 55 )
// The protocol has already been enabled.
#define NMERR_PROTOCOL_ALREADY_ENABLED ( 56 )
// The filter expression is invalid.
#define NMERR_FILTER_INVALID_EXPRESSION ( 57 )
// A transmit error occured.
#define NMERR_TRANSMIT_ERROR ( 58 )
// The buffer handle is invalid.
#define NMERR_INVALID_HBUFFER ( 59 )
// The specified data is unknown or invalid.
#define NMERR_INVALID_DATA ( 60 )
// The MS-DOS/NDIS 2.0 network driver is not loaded.
#define NMERR_MSDOS_DRIVER_NOT_LOADED ( 61 )
// The Windows VxD/NDIS 3.0 network driver is not loaded.
#define NMERR_WINDOWS_DRIVER_NOT_LOADED ( 62 )
// The MS-DOS/NDIS 2.0 driver had an init-time failure.
#define NMERR_MSDOS_DRIVER_INIT_FAILURE ( 63 )
// The Windows/NDIS 3.0 driver had an init-time failure.
#define NMERR_WINDOWS_DRIVER_INIT_FAILURE ( 64 )
// The network driver is busy and cannot handle requests.
#define NMERR_NETWORK_BUSY ( 65 )
// The capture is not paused.
#define NMERR_CAPTURE_NOT_PAUSED ( 66 )
// The frame/packet length is not valid.
#define NMERR_INVALID_PACKET_LENGTH ( 67 )
// An internal exception occured.
#define NMERR_INTERNAL_EXCEPTION ( 69 )
// The MAC driver does not support promiscious mode.
#define NMERR_PROMISCUOUS_MODE_NOT_SUPPORTED ( 70 )
// The MAC driver failed to open.
#define NMERR_MAC_DRIVER_OPEN_FAILURE ( 71 )
// The protocol went off the end of the frame.
#define NMERR_RUNAWAY_PROTOCOL ( 72 )
// An asynchronous operation is still pending.
#define NMERR_PENDING ( 73 )
// Access is denied.
#define NMERR_ACCESS_DENIED ( 74 )
// The password handle is invalid.
#define NMERR_INVALID_HPASSWORD ( 75 )
// A bad parameter was detected.
#define NMERR_INVALID_PARAMETER ( 76 )
// An error occured reading the file.
#define NMERR_FILE_READ_ERROR ( 77 )
// An error occured writing to the file.
#define NMERR_FILE_WRITE_ERROR ( 78 )
// The protocol has not been registered
#define NMERR_PROTOCOL_NOT_REGISTERED ( 79 )
// The frame does not contain an IP address.
#define NMERR_IP_ADDRESS_NOT_FOUND ( 80 )
// The transmit request was cancelled.
#define NMERR_TRANSMIT_CANCELLED ( 81 )
// The operation cannot be performed on a capture with 1 or more locked frames.
#define NMERR_LOCKED_FRAMES ( 82 )
// A cancel transmit request was submitted but there were no transmits pending.
#define NMERR_NO_TRANSMITS_PENDING ( 83 )
// Path not found.
#define NMERR_PATH_NOT_FOUND ( 84 )
// A windows error has occured.
#define NMERR_WINDOWS_ERROR ( 85 )
// The handle to the frame has no frame number.
#define NMERR_NO_FRAME_NUMBER ( 86 )
// The frame is not associated with any capture.
#define NMERR_FRAME_HAS_NO_CAPTURE ( 87 )
// The frame is already associated with a capture.
#define NMERR_FRAME_ALREADY_HAS_CAPTURE ( 88 )
// The NAL is not remotable.
#define NMERR_NAL_IS_NOT_REMOTE ( 89 )
// The API is not supported
#define NMERR_NOT_SUPPORTED ( 90 )
// Network Monitor should discard the current frame.
// This error code is only used during a filtered SaveCapture() API call.
#define NMERR_DISCARD_FRAME ( 91 )
// Network Monitor should cancel the current save.
// This error code is only used during a filtered SaveCapture() API call.
#define NMERR_CANCEL_SAVE_CAPTURE ( 92 )
// The connection to the remote machine has been lost
#define NMERR_LOST_CONNECTION ( 93 )
// The media/mac type is not valid.
#define NMERR_INVALID_MEDIA_TYPE ( 94 )
// The Remote Agent is currently in use
#define NMERR_AGENT_IN_USE ( 95 )
// The request has timed out
#define NMERR_TIMEOUT ( 96 )
// The remote agent has been disconnected
#define NMERR_DISCONNECTED ( 97 )
// A timer required for operation failed creation
#define NMERR_SETTIMER_FAILED ( 98 )
// A network error occured.
#define NMERR_NETWORK_ERROR ( 99 )
// Frame callback procedure is not valid
#define NMERR_INVALID_FRAMESPROC ( 100 )
// Capture type specified is unknown
#define NMERR_UNKNOWN_CAPTURETYPE ( 101 )
// The NPP is not connected to a network.
#define NMERR_NOT_CONNECTED ( 102 )
// The NPP is already connected to a network.
#define NMERR_ALREADY_CONNECTED ( 103 )
// The registry tag does not indicate a known configuration.
#define NMERR_INVALID_REGISTRY_CONFIGURATION ( 104 )
// The NPP is currently configured for delayed capturing.
#define NMERR_DELAYED ( 105 )
// The NPP is not currently configured for delayed capturing.
#define NMERR_NOT_DELAYED ( 106 )
// The NPP is currently configured for real time capturing.
#define NMERR_REALTIME ( 107 )
// The NPP is not currently configured for real time capturing.
#define NMERR_NOT_REALTIME ( 108 )
// The NPP is currently configured for stats only capturing.
#define NMERR_STATS_ONLY ( 109 )
// The NPP is not currently configured for stats only capturing.
#define NMERR_NOT_STATS_ONLY ( 110 )
// The NPP is currently configured for transmitting.
#define NMERR_TRANSMIT ( 111 )
// The NPP is not currently configured for transmitting.
#define NMERR_NOT_TRANSMIT ( 112 )
// The NPP is currently transmitting
#define NMERR_TRANSMITTING ( 113 )
// The specified capture file hard disk is not local
#define NMERR_DISK_NOT_LOCAL_FIXED ( 114 )
// Could not create the default capture directory on the given disk
#define NMERR_COULD_NOT_CREATE_DIRECTORY ( 115 )
// The default capture directory was not set in the registry:
// HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nm\Parameters\CapturePath
#define NMERR_NO_DEFAULT_CAPTURE_DIRECTORY ( 116 )
// The capture file is an uplevel version that this netmon does not understand
#define NMERR_UPLEVEL_CAPTURE_FILE ( 117 )
// An expert failed to load.
#define NMERR_LOAD_EXPERT_FAILED ( 118 )
// An expert failed to report its EXPERT_INFO structs.
#define NMERR_EXPERT_REPORT_FAILED ( 119 )
// Registry API call failed.
#define NMERR_REG_OPERATION_FAILED ( 120 )
// Registry API call failed.
#define NMERR_NO_DLLS_FOUND ( 121 )
// There are no conversation stats, they were not asked for.
#define NMERR_NO_CONVERSATION_STATS ( 122 )
// We have received a security response packet from a security monitor.
#define NMERR_SECURITY_BREACH_CAPTURE_DELETED ( 123 )
// The given frame failed the display filter.
#define NMERR_FRAME_FAILED_FILTER ( 124 )
// Netmon wants the Expert to stop running.
#define NMERR_EXPERT_TERMINATE ( 125 )
// Netmon needs the remote machine to be a server.
#define NMERR_REMOTE_NOT_A_SERVER ( 126 )
// Netmon needs the remote machine to be a server.
#define NMERR_REMOTE_VERSION_OUTOFSYNC ( 127 )
// The supplied group is an invalid handle
#define NMERR_INVALID_EXPERT_GROUP ( 128 )
// The supplied expert name cannot be found
#define NMERR_INVALID_EXPERT_NAME ( 129 )
// The supplied expert name cannot be found
#define NMERR_INVALID_EXPERT_HANDLE ( 130 )
// The supplied group name already exists
#define NMERR_GROUP_NAME_ALREADY_EXISTS ( 131 )
// The supplied group name is invalid
#define NMERR_INVALID_GROUP_NAME ( 132 )
// The supplied Expert is already in the group.
#define NMERR_EXPERT_ALREADY_IN_GROUP ( 133 )
// The Expert cannot be deleted from the group because it is not in the group
#define NMERR_EXPERT_NOT_IN_GROUP ( 134 )
// The COM object has not been initialized
#define NMERR_NOT_INITIALIZED ( 135 )
// Cannot perform function to Root group
#define NMERR_INVALID_GROUP_ROOT ( 136 )
// Potential data structure mismatch between NdisNpp and Driver.
#define NMERR_BAD_VERSION ( 137 )
// The NPP is currently configured for ESP capturing.
#define NMERR_ESP ( 138 )
// The NPP is not currently configured for ESP capturing.
#define NMERR_NOT_ESP ( 139 )
//=============================================================================
// Blob Errors
//=============================================================================
#define NMERR_BLOB_NOT_INITIALIZED ( 1000 )
#define NMERR_INVALID_BLOB ( 1001 )
#define NMERR_UPLEVEL_BLOB ( 1002 )
#define NMERR_BLOB_ENTRY_ALREADY_EXISTS ( 1003 )
#define NMERR_BLOB_ENTRY_DOES_NOT_EXIST ( 1004 )
#define NMERR_AMBIGUOUS_SPECIFIER ( 1005 )
#define NMERR_BLOB_OWNER_NOT_FOUND ( 1006 )
#define NMERR_BLOB_CATEGORY_NOT_FOUND ( 1007 )
#define NMERR_UNKNOWN_CATEGORY ( 1008 )
#define NMERR_UNKNOWN_TAG ( 1009 )
#define NMERR_BLOB_CONVERSION_ERROR ( 1010 )
#define NMERR_ILLEGAL_TRIGGER ( 1011 )
#define NMERR_BLOB_STRING_INVALID ( 1012 )
//=============================================================================
// FINDER errors
//=============================================================================
#define NMERR_UNABLE_TO_LOAD_LIBRARY ( 1013 )
#define NMERR_UNABLE_TO_GET_PROCADDR ( 1014 )
#define NMERR_CLASS_NOT_REGISTERED ( 1015 )
#define NMERR_INVALID_REMOTE_COMPUTERNAME ( 1016 )
#define NMERR_RPC_REMOTE_FAILURE ( 1017 )
#define NMERR_NO_NPPS ( 3016 )
#define NMERR_NO_MATCHING_NPPS ( 3017 )
#define NMERR_NO_NPP_SELECTED ( 3018 )
#define NMERR_NO_INPUT_BLOBS ( 3019 )
#define NMERR_NO_NPP_DLLS ( 3020 )
#define NMERR_NO_VALID_NPP_DLLS ( 3021 )
//=============================================================================
// Error Macros
//=============================================================================
#ifndef INLINE
#define INLINE __inline
#endif // INLINE
typedef LONG HRESULT;
// normal Network Monitor errors will be put into the code portion of an hresult
// for return from OLE objects:
// these two macros will help to create and crack the scode
INLINE HRESULT NMERR_TO_HRESULT( DWORD nmerror ){ HRESULT hResult; if (nmerror == NMERR_SUCCESS) hResult = NOERROR; else hResult = MAKE_HRESULT( SEVERITY_ERROR,FACILITY_ITF, (WORD)nmerror) ;
return hResult;}//We use to decide whether the first bit was set to 1 or 0, not regarding
//whether the result passed with a warning set in the low word. Now we
//disregard the first bit and pass back the warning.
INLINE DWORD HRESULT_TO_NMERR( HRESULT hResult ){ return HRESULT_CODE(hResult);}//=============================================================================
//=============================================================================
// (BHFilter.h)
//=============================================================================
//=============================================================================
//============================================================================
// types
//============================================================================
typedef HFILTER *LPHFILTER;
typedef DWORD FILTERACTIONTYPE;
typedef DWORD VALUETYPE;
// check for protocols existing in the frame.
// ProtocolPart
// this is the raw data for a Protocol based expression
//
// WHAT FIELD DESCRIPTION EXAMPLE
// ---- ----- ----------- -------
// Count of Protocol(nPropertyDBs) Number of protocols to pass 5
// PropertyDB Table (PropertyDB) Table of HPROTOCOL SMB, LLC, MAC
//
// NOTE: the nPropertyDBs field may also be the following, which implies that
// all are selected but that none have actually been put into the structure
#define PROTOCOL_NUM_ANY ( -1 )
typedef PROTOCOLTABLE PROTOCOLTABLETYPE;
typedef PROTOCOLTABLETYPE *LPPROTOCOLTABLETYPE;
// filter bits stores who passed what filter per frame to speed up
// the filter process... This is actually an array.
typedef DWORD FILTERBITS;
typedef FILTERBITS *LPFILTERBITS;
typedef SYSTEMTIME *LPTIME;
typedef SYSTEMTIME UNALIGNED * ULPTIME;// The Filter Object is the basic unit of the postfix stack.
// I need to restart the convert property to value if the comparison does not match.
// To do this, I need the original pointer to the property. Pull the hProperty out of
// the union so that the pointer to the property is saved.
typedef struct _FILTEROBJECT2{ FILTERACTIONTYPE Action; // Object action, see codes below
HPROPERTY hProperty; // property key
union { VALUETYPE Value; // value of the object.
HPROTOCOL hProtocol; // protocol key.
LPVOID lpArray; // if array, length is ItemCount below.
LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.
LPADDRESS2 lpAddress; // kernel type address, mac or ip
ULPLARGEINT lpLargeInt; // Double DWORD used by NT
ULPTIME lpTime; // pointer to SYSTEMTIME
LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER
}; union { WORD ByteCount; // Number of BYTES!
WORD ByteOffset; // offset for array compare
};
struct _FILTEROBJECT2 * pNext; // reserved
} FILTEROBJECT2;
typedef FILTEROBJECT2 * LPFILTEROBJECT2;
#define FILTERINFO_SIZE (sizeof(FILTEROBJECT2) )
typedef struct _FILTERDESC2{ WORD NumEntries; WORD Flags; // private
LPFILTEROBJECT2 lpStack; LPFILTEROBJECT2 lpKeepLast; LPVOID UIInstanceData; // UI specific information.
LPFILTERBITS lpFilterBits; // cache who passed
LPFILTERBITS lpCheckBits; // have we looked at it yet?
} FILTERDESC2;
typedef FILTERDESC2 * LPFILTERDESC2;
#define FILTERDESC2_SIZE sizeof(FILTERDESC2)
// Obsolete, FILTEROBJECT2 should be used
typedef struct _FILTEROBJECT{ FILTERACTIONTYPE Action; // Object action, see codes below
HPROPERTY hProperty; // property key
union { VALUETYPE Value; // value of the object.
HPROTOCOL hProtocol; // protocol key.
LPVOID lpArray; // if array, length is ItemCount below.
LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.
LPADDRESS lpAddress; // kernel type address, mac or ip
ULPLARGEINT lpLargeInt; // Double DWORD used by NT
ULPTIME lpTime; // pointer to SYSTEMTIME
LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER
}; union { WORD ByteCount; // Number of BYTES!
WORD ByteOffset; // offset for array compare
};
struct _FILTEROBJECT * pNext; // reserved
} FILTEROBJECT;typedef FILTEROBJECT * LPFILTEROBJECT;// Obsolete, FILTERDESC2 should be used
typedef struct _FILTERDESC{ WORD NumEntries; WORD Flags; // private
LPFILTEROBJECT lpStack; LPFILTEROBJECT lpKeepLast; LPVOID UIInstanceData; // UI specific information.
LPFILTERBITS lpFilterBits; // cache who passed
LPFILTERBITS lpCheckBits; // have we looked at it yet?
} FILTERDESC;typedef FILTERDESC * LPFILTERDESC;#define FILTERDESC_SIZE sizeof(FILTERDESC)
//============================================================================
// Macros.
//============================================================================
#define FilterGetUIInstanceData(hfilt) (((LPFILTERDESC2)hfilt)->UIInstanceData)
#define FilterSetUIInstanceData(hfilt,inst) (((LPFILTERDESC2)hfilt)->UIInstanceData = (LPVOID)inst)
//============================================================================
// defines
//============================================================================
#define FILTERFREEPOOLSTART ( 20 )
#define INVALIDELEMENT ( -1 )
#define INVALIDVALUE ( ( VALUETYPE )-9999 )
// use filter failed to check the return code on FilterFrame.
#define FILTER_FAIL_WITH_ERROR ( -1 )
#define FILTER_PASSED ( TRUE )
#define FILTER_FAILED ( FALSE )
#define FILTERACTION_INVALID ( 0 )
#define FILTERACTION_PROPERTY ( 1 )
#define FILTERACTION_VALUE ( 2 )
#define FILTERACTION_STRING ( 3 )
#define FILTERACTION_ARRAY ( 4 )
#define FILTERACTION_AND ( 5 )
#define FILTERACTION_OR ( 6 )
#define FILTERACTION_XOR ( 7 )
#define FILTERACTION_PROPERTYEXIST ( 8 )
#define FILTERACTION_CONTAINSNC ( 9 )
#define FILTERACTION_CONTAINS ( 10 )
#define FILTERACTION_NOT ( 11 )
#define FILTERACTION_EQUALNC ( 12 )
#define FILTERACTION_EQUAL ( 13 )
#define FILTERACTION_NOTEQUALNC ( 14 )
#define FILTERACTION_NOTEQUAL ( 15 )
#define FILTERACTION_GREATERNC ( 16 )
#define FILTERACTION_GREATER ( 17 )
#define FILTERACTION_LESSNC ( 18 )
#define FILTERACTION_LESS ( 19 )
#define FILTERACTION_GREATEREQUALNC ( 20 )
#define FILTERACTION_GREATEREQUAL ( 21 )
#define FILTERACTION_LESSEQUALNC ( 22 )
#define FILTERACTION_LESSEQUAL ( 23 )
#define FILTERACTION_PLUS ( 24 )
#define FILTERACTION_MINUS ( 25 )
#define FILTERACTION_ADDRESS ( 26 )
#define FILTERACTION_ADDRESSANY ( 27 )
#define FILTERACTION_FROM ( 28 )
#define FILTERACTION_TO ( 29 )
#define FILTERACTION_FROMTO ( 30 )
#define FILTERACTION_AREBITSON ( 31 )
#define FILTERACTION_AREBITSOFF ( 32 )
#define FILTERACTION_PROTOCOLSEXIST ( 33 )
#define FILTERACTION_PROTOCOLEXIST ( 34 )
#define FILTERACTION_ARRAYEQUAL ( 35 )
#define FILTERACTION_DEREFPROPERTY ( 36 )
#define FILTERACTION_LARGEINT ( 37 )
#define FILTERACTION_TIME ( 38 )
#define FILTERACTION_ADDR_ETHER ( 39 )
#define FILTERACTION_ADDR_TOKEN ( 40 )
#define FILTERACTION_ADDR_FDDI ( 41 )
#define FILTERACTION_ADDR_IPX ( 42 )
#define FILTERACTION_ADDR_IP ( 43 )
#define FILTERACTION_OID ( 44 )
#define FILTERACTION_OID_CONTAINS ( 45 )
#define FILTERACTION_OID_BEGINS_WITH ( 46 )
#define FILTERACTION_OID_ENDS_WITH ( 47 )
#define FILTERACTION_ADDR_VINES ( 48 )
#define FILTERACTION_ADDR_IP6 ( 49 )
#define FILTERACTION_EXPRESSION ( 97 )
#define FILTERACTION_BOOL ( 98 )
#define FILTERACTION_NOEVAL ( 99 )
#define FILTER_NO_MORE_FRAMES ( 0xffffffff )
#define FILTER_CANCELED ( 0xfffffffe )
#define FILTER_DIRECTION_NEXT ( TRUE )
#define FILTER_DIRECTION_PREV ( FALSE )
//============================================================================
// Helper functions.
//============================================================================
typedef BOOL (WINAPI *STATUSPROC)(DWORD, HCAPTURE, HFILTER, LPVOID);//=============================================================================
// FILTER API's.
//=============================================================================
HFILTER WINAPI CreateFilter(VOID);
DWORD WINAPI DestroyFilter(HFILTER hFilter);
HFILTER WINAPI FilterDuplicate(HFILTER hFilter);
DWORD WINAPI DisableParserFilter(HFILTER hFilter, HPARSER hParser);
DWORD WINAPI EnableParserFilter(HFILTER hFilter, HPARSER hParser);
DWORD WINAPI FilterAddObject(HFILTER hFilter, LPFILTEROBJECT2 lpFilterObject );
VOID WINAPI FilterFlushBits(HFILTER hFilter);
DWORD WINAPI FilterFrame(HFRAME hFrame, HFILTER hFilter, HCAPTURE hCapture); // returns -1 == check BH set last error
// 0 == FALSE
// 1 == TRUE
BOOL WINAPI FilterAttachesProperties(HFILTER hFilter);
DWORD WINAPI FilterFindFrame ( HFILTER hFilter, HCAPTURE hCapture, DWORD nFrame, STATUSPROC StatusProc, LPVOID UIInstance, DWORD TimeDelta, BOOL FilterDirection );
HFRAME FilterFindPropertyInstance ( HFRAME hFrame, HFILTER hMasterFilter, HCAPTURE hCapture, HFILTER hInstanceFilter, LPPROPERTYINST *lpPropRestartKey, STATUSPROC StatusProc, LPVOID UIInstance, DWORD TimeDelta, BOOL FilterForward );
VOID WINAPI SetCurrentFilter(HFILTER);HFILTER WINAPI GetCurrentFilter(VOID);
//=============================================================================
//=============================================================================
// (Frame.h)
//=============================================================================
//=============================================================================
//=============================================================================
// 802.3 and ETHERNET MAC structure.
//=============================================================================
typedef struct _ETHERNET{ BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
union { WORD Length; //... 802.3 length field.
WORD Type; //... Ethernet type field.
}; BYTE Info[0]; //... information field.
} ETHERNET;typedef ETHERNET *LPETHERNET;typedef ETHERNET UNALIGNED *ULPETHERNET;#define ETHERNET_SIZE sizeof(ETHERNET)
#define ETHERNET_HEADER_LENGTH ( 14 )
#define ETHERNET_DATA_LENGTH ( 0x5dc )
#define ETHERNET_FRAME_LENGTH ( 0x5ea )
#define ETHERNET_FRAME_TYPE ( 0x600 )
//=============================================================================
// Header for NM_ATM Packets.
//=============================================================================
typedef struct _NM_ATM { UCHAR DstAddr[ 6 ]; UCHAR SrcAddr[ 6 ]; ULONG Vpi; ULONG Vci; } NM_ATM;
typedef NM_ATM *PNM_ATM;
typedef NM_ATM *UPNM_ATM;
#define NM_ATM_HEADER_LENGTH sizeof(NM_ATM)
#pragma pack(push, 1)
typedef struct _NM_1394 { UCHAR DstAddr[ 6 ]; UCHAR SrcAddr[ 6 ]; ULONGLONG VcId; } NM_1394;
typedef NM_1394 *PNM_1394;
typedef NM_1394 *UPNM_1394;
#define NM_1394_HEADER_LENGTH sizeof(NM_1394)
//=============================================================================
// 802.5 (TOKENRING) MAC structure.
//=============================================================================
// This structure is used to decode network data and so needs to be packed
typedef struct _TOKENRING{ BYTE AccessCtrl; //... access control field.
BYTE FrameCtrl; //... frame control field.
BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
union { BYTE Info[0]; //... information field.
WORD RoutingInfo[0]; //... routing information field.
};} TOKENRING;
typedef TOKENRING *LPTOKENRING;typedef TOKENRING UNALIGNED *ULPTOKENRING;#define TOKENRING_SIZE sizeof(TOKENRING)
#define TOKENRING_HEADER_LENGTH ( 14 )
#define TOKENRING_SA_ROUTING_INFO ( 0x80 )
#define TOKENRING_SA_LOCAL ( 0x40 )
#define TOKENRING_DA_LOCAL ( 0x40 )
#define TOKENRING_DA_GROUP ( 0x80 )
#define TOKENRING_RC_LENGTHMASK ( 0x1f )
#define TOKENRING_BC_MASK ( 0xe0 )
#define TOKENRING_TYPE_MAC ( 0 )
#define TOKENRING_TYPE_LLC ( 0x40 )
#pragma pack(pop)
//=============================================================================
// FDDI MAC structure.
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
typedef struct _FDDI{ BYTE FrameCtrl; //... frame control field.
BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
BYTE Info[0]; //... information field.
} FDDI;#define FDDI_SIZE sizeof(FDDI)
typedef FDDI *LPFDDI;typedef FDDI UNALIGNED *ULPFDDI;#define FDDI_HEADER_LENGTH ( 13 )
#define FDDI_TYPE_MAC ( 0 )
#define FDDI_TYPE_LLC ( 0x10 )
#define FDDI_TYPE_LONG_ADDRESS ( 0x40 )
#pragma pack(pop)
//=============================================================================
// LLC (802.2)
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
typedef struct _LLC { BYTE dsap; BYTE ssap; struct { union { BYTE Command; BYTE NextSend; } ; union { BYTE NextRecv; BYTE Data[ 1 ]; } ; } ControlField; } LLC;
typedef LLC *LPLLC;
typedef LLC UNALIGNED *ULPLLC;#define LLC_SIZE ( sizeof( LLC ) )
#pragma pack(pop)
//=============================================================================
// Helper macros.
//=============================================================================
#define IsRoutingInfoPresent(f) ((((ULPTOKENRING) (f))->SrcAddr[0] & TOKENRING_SA_ROUTING_INFO) ? TRUE : FALSE)
#define GetRoutingInfoLength(f) (IsRoutingInfoPresent(f) \
? (((ULPTOKENRING) (f))->RoutingInfo[0] & TOKENRING_RC_LENGTHMASK) : 0)
//=============================================================================
//=============================================================================
// (Parser.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Format Procedure Type.
//
// NOTE: All format functions *must* be declared as WINAPIV not WINAPI!
//=============================================================================
typedef VOID (WINAPIV *FORMAT)(LPPROPERTYINST, ...);
// The protocol recognized the frame and moved the pointer to end of its
// protocol header. Network Monitor uses the protocols follow set to continue
// parsing.
#define PROTOCOL_STATUS_RECOGNIZED ( 0 )
// The protocol did not recognized the frame and did not move the pointer
// (i.e. the start data pointer which was passed in). Network Monitor uses the
// protocols follow set to continue parsing.
#define PROTOCOL_STATUS_NOT_RECOGNIZED ( 1 )
// The protocol recognized the frame and claimed it all for itself,
// and parsing terminates.
#define PROTOCOL_STATUS_CLAIMED ( 2 )
// The protocol recognized the frame and moved the pointer to end of its
// protocol header. The current protocol requests that Network Monitor
// continue parsing at a known next protocol by returning the next protocols
// handle back to Network Monitor. In this case, the follow of the current
// protocol, if any, is not used.
#define PROTOCOL_STATUS_NEXT_PROTOCOL ( 3 )
//=============================================================================
// Macros.
//=============================================================================
extern BYTE HexTable[];
#define XCHG(x) MAKEWORD( HIBYTE(x), LOBYTE(x) )
#define DXCHG(x) MAKELONG( XCHG(HIWORD(x)), XCHG(LOWORD(x)) )
#define LONIBBLE(b) ((BYTE) ((b) & 0x0F))
#define HINIBBLE(b) ((BYTE) ((b) >> 4))
#define HEX(b) (HexTable[LONIBBLE(b)])
#define SWAPBYTES(w) ((w) = XCHG(w))
#define SWAPWORDS(d) ((d) = DXCHG(d))
//=============================================================================
// All the MAC frame types combined.
//=============================================================================
typedef union _MACFRAME{ LPBYTE MacHeader; //... generic pointer.
LPETHERNET Ethernet; //... ethernet pointer.
LPTOKENRING Tokenring; //... tokenring pointer.
LPFDDI Fddi; //... FDDI pointer.
} MACFRAME;typedef MACFRAME *LPMACFRAME;
#define HOT_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'T', '$')
#define HOE_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'E', '$')
typedef struct _HANDOFFENTRY { DWORD hoe_sig; DWORD hoe_ProtIdentNumber; HPROTOCOL hoe_ProtocolHandle; DWORD hoe_ProtocolData; } HANDOFFENTRY;
typedef HANDOFFENTRY *LPHANDOFFENTRY;
typedef struct _HANDOFFTABLE { DWORD hot_sig; DWORD hot_NumEntries; LPHANDOFFENTRY hot_Entries; } HANDOFFTABLE;
typedef struct _HANDOFFTABLE *LPHANDOFFTABLE;
//=============================================================================
// Parser helper macros.
//=============================================================================
INLINE LPVOID GetPropertyInstanceData(LPPROPERTYINST PropertyInst){ if ( PropertyInst->DataLength != (WORD) -1 ) { return PropertyInst->lpData; }
return (LPVOID) PropertyInst->lpPropertyInstEx->Byte;}
#define GetPropertyInstanceDataValue(p, type) ((type *) GetPropertyInstanceData(p))[0]
INLINE DWORD GetPropertyInstanceFrameDataLength(LPPROPERTYINST PropertyInst){ if ( PropertyInst->DataLength != (WORD) -1 ) { return PropertyInst->DataLength; }
return PropertyInst->lpPropertyInstEx->Length;}
INLINE DWORD GetPropertyInstanceExDataLength(LPPROPERTYINST PropertyInst){ if ( PropertyInst->DataLength == (WORD) -1 ) { PropertyInst->lpPropertyInstEx->Length; }
return (WORD) -1;}
//=============================================================================
// Parser helper functions.
//=============================================================================
LPLABELED_WORD WINAPI GetProtocolDescriptionTable(LPDWORD TableSize);
LPLABELED_WORD WINAPI GetProtocolDescription(DWORD ProtocolID);
DWORD WINAPI GetMacHeaderLength(LPVOID MacHeader, DWORD MacType);
DWORD WINAPI GetLLCHeaderLength(LPLLC Frame);
DWORD WINAPI GetEtype(LPVOID MacHeader, DWORD MacType);
DWORD WINAPI GetSaps(LPVOID MacHeader, DWORD MacType);
BOOL WINAPI IsLLCPresent(LPVOID MacHeader, DWORD MacType);
VOID WINAPI CanonicalizeHexString(LPSTR hex, LPSTR dest, DWORD len);
void WINAPI CanonHex(UCHAR * pDest, UCHAR * pSource, int iLen, BOOL fOx );
DWORD WINAPI ByteToBinary(LPSTR string, DWORD ByteValue);
DWORD WINAPI WordToBinary(LPSTR string, DWORD WordValue);
DWORD WINAPI DwordToBinary(LPSTR string, DWORD DwordValue);
LPSTR WINAPI AddressToString(LPSTR string, BYTE *lpAddress);
LPBYTE WINAPI StringToAddress(BYTE *lpAddress, LPSTR string);
LPDWORD WINAPI VarLenSmallIntToDword( LPBYTE pValue, WORD ValueLen, BOOL fIsByteswapped, LPDWORD lpDword );
LPBYTE WINAPI LookupByteSetString (LPSET lpSet, BYTE Value);
LPBYTE WINAPI LookupWordSetString (LPSET lpSet, WORD Value);
LPBYTE WINAPI LookupDwordSetString (LPSET lpSet, DWORD Value);
DWORD WINAPIV FormatByteFlags(LPSTR string, DWORD ByteValue, DWORD BitMask);
DWORD WINAPIV FormatWordFlags(LPSTR string, DWORD WordValue, DWORD BitMask);
DWORD WINAPIV FormatDwordFlags(LPSTR string, DWORD DwordValue, DWORD BitMask);
LPSTR WINAPIV FormatTimeAsString(SYSTEMTIME *time, LPSTR string);
VOID WINAPIV FormatLabeledByteSetAsFlags(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledWordSetAsFlags(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledDwordSetAsFlags(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsByte(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatPropertyDataAsWord(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatPropertyDataAsDword(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatLabeledByteSet(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledWordSet(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledDwordSet(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsInt64(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatPropertyDataAsTime(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsString(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsHexString(LPPROPERTYINST lpPropertyInst);
// Parsers should NOT call LockFrame(). If a parser takes a lock and then gets
// faulted or returns without unlocking, it leaves the system in a state where
// it cannot change protocols or cut/copy frames. Parsers should use ParserTemporaryLockFrame
// which grants a lock ONLY during the context of the api entry into the parser. The
// lock is released on exit from the parser for that frame.
ULPBYTE WINAPI ParserTemporaryLockFrame(HFRAME hFrame);
LPVOID WINAPI GetCCInstPtr(VOID);VOID WINAPI SetCCInstPtr(LPVOID lpCurCaptureInst);LPVOID WINAPI CCHeapAlloc(DWORD dwBytes, BOOL bZeroInit);LPVOID WINAPI CCHeapReAlloc(LPVOID lpMem, DWORD dwBytes, BOOL bZeroInit);BOOL WINAPI CCHeapFree(LPVOID lpMem);SIZE_T WINAPI CCHeapSize(LPVOID lpMem);
BOOL _cdecl BERGetInteger( ULPBYTE pCurrentPointer, ULPBYTE *ppValuePointer, LPDWORD pHeaderLength, LPDWORD pDataLength, ULPBYTE *ppNext);BOOL _cdecl BERGetString( ULPBYTE pCurrentPointer, ULPBYTE *ppValuePointer, LPDWORD pHeaderLength, LPDWORD pDataLength, ULPBYTE *ppNext);BOOL _cdecl BERGetHeader( ULPBYTE pCurrentPointer, ULPBYTE pTag, LPDWORD pHeaderLength, LPDWORD pDataLength, ULPBYTE *ppNext);
//=============================================================================
// Parser Finder Structures.
//=============================================================================
#define MAX_PROTOCOL_COMMENT_LEN ( 256 )
#define NETMON_MAX_PROTOCOL_NAME_LEN ( 16 )
// the constant MAX_PROTOCOL_NAME_LEN conflicts with one of the same name
// but different size in rtutils.h.
// So if both headers are included, we do not define MAX_PROTOCOL_NAME_LEN.
#ifndef MAX_PROTOCOL_NAME_LEN
#define MAX_PROTOCOL_NAME_LEN ( NETMON_MAX_PROTOCOL_NAME_LEN )
#else
#undef MAX_PROTOCOL_NAME_LEN
#endif
// Handoff Value Format Base
typedef /* [public][public][public] */ enum __MIDL___MIDL_itf_netmon_0000_0015 { HANDOFF_VALUE_FORMAT_BASE_UNKNOWN = 0, HANDOFF_VALUE_FORMAT_BASE_DECIMAL = 10, HANDOFF_VALUE_FORMAT_BASE_HEX = 16 } PF_HANDOFFVALUEFORMATBASE;
// PF_HANDOFFENTRY
typedef struct _PF_HANDOFFENTRY { char szIniFile[ 260 ]; char szIniSection[ 260 ]; char szProtocol[ 16 ]; DWORD dwHandOffValue; PF_HANDOFFVALUEFORMATBASE ValueFormatBase; } PF_HANDOFFENTRY;
typedef PF_HANDOFFENTRY *PPF_HANDOFFENTRY;
// PF_HANDOFFSET
typedef struct _PF_HANDOFFSET{ DWORD nEntries; PF_HANDOFFENTRY Entry[0];
} PF_HANDOFFSET;typedef PF_HANDOFFSET* PPF_HANDOFFSET;// FOLLOWENTRY
typedef struct _PF_FOLLOWENTRY { char szProtocol[ 16 ]; } PF_FOLLOWENTRY;
typedef PF_FOLLOWENTRY *PPF_FOLLOWENTRY;
// PF_FOLLOWSET
typedef struct _PF_FOLLOWSET{ DWORD nEntries; PF_FOLLOWENTRY Entry[0];
} PF_FOLLOWSET;typedef PF_FOLLOWSET* PPF_FOLLOWSET;
// PARSERINFO - contains information about a single parser
typedef struct _PF_PARSERINFO{ char szProtocolName[NETMON_MAX_PROTOCOL_NAME_LEN]; char szComment[MAX_PROTOCOL_COMMENT_LEN]; char szHelpFile[MAX_PATH];
PPF_FOLLOWSET pWhoCanPrecedeMe; PPF_FOLLOWSET pWhoCanFollowMe;
PPF_HANDOFFSET pWhoHandsOffToMe; PPF_HANDOFFSET pWhoDoIHandOffTo;
} PF_PARSERINFO;typedef PF_PARSERINFO* PPF_PARSERINFO;
// PF_PARSERDLLINFO - contains information about a single parser DLL
typedef struct _PF_PARSERDLLINFO{ // char szDLLName[MAX_PATH];
DWORD nParsers; PF_PARSERINFO ParserInfo[0];
} PF_PARSERDLLINFO;typedef PF_PARSERDLLINFO* PPF_PARSERDLLINFO;//=============================================================================
//=============================================================================
// (IniLib.h)
//=============================================================================
//=============================================================================
#define INI_PATH_LENGTH ( 256 )
#define MAX_HANDOFF_ENTRY_LENGTH ( 80 )
#define MAX_PROTOCOL_NAME ( 40 )
#define NUMALLOCENTRIES ( 10 )
#define RAW_INI_STR_LEN ( 200 )
#define PARSERS_SUBDIR "PARSERS"
#define INI_EXTENSION "INI"
#define BASE10_FORMAT_STR "%ld=%s %ld"
#define BASE16_FORMAT_STR "%lx=%s %lx"
// Given "XNS" or "TCP" or whatever BuildINIPath will return fully qual. path to "XNS.INI" or "TCP.INI"
LPSTR _cdecl BuildINIPath( char *FullPath, char *IniFileName );
// Builds Handoff Set
DWORD WINAPI CreateHandoffTable(LPSTR secName, LPSTR iniFile, LPHANDOFFTABLE * hTable, DWORD nMaxProtocolEntries, DWORD base);
HPROTOCOL WINAPI GetProtocolFromTable(LPHANDOFFTABLE hTable, // lp to Handoff Table...
DWORD ItemToFind, // port number etc...
PDWORD_PTR lpInstData ); // inst data to give to next protocol
VOID WINAPI DestroyHandoffTable( LPHANDOFFTABLE hTable );
BOOLEAN WINAPI IsRawIPXEnabled(LPSTR secName, LPSTR iniFile, LPSTR CurProtocol );
//=============================================================================
//=============================================================================
// (NMExpert.h)
//=============================================================================
//=============================================================================
#define EXPERTSTRINGLENGTH ( 260 )
#define EXPERTGROUPNAMELENGTH ( 25 )
// HEXPERTKEY tracks running experts. It is only used by experts for
// self reference. It refers to a RUNNINGEXPERT (an internal only structure)..
typedef LPVOID HEXPERTKEY;
typedef HEXPERTKEY *PHEXPERTKEY;
// HEXPERT tracks loaded experts. It refers to an EXPERTENUMINFO.
typedef LPVOID HEXPERT;
typedef HEXPERT *PHEXPERT;
// HRUNNINGEXPERT tracks a currently running expert.
// It refers to a RUNNINGEXPERT (an internal only structure).
typedef LPVOID HRUNNINGEXPERT;
typedef HRUNNINGEXPERT *PHRUNNINGEXPERT;
typedef struct _EXPERTENUMINFO * PEXPERTENUMINFO;typedef struct _EXPERTCONFIG * PEXPERTCONFIG;typedef struct _EXPERTSTARTUPINFO * PEXPERTSTARTUPINFO;// Definitions needed to call experts
#define EXPERTENTRY_REGISTER "Register"
#define EXPERTENTRY_CONFIGURE "Configure"
#define EXPERTENTRY_RUN "Run"
typedef BOOL (WINAPI * PEXPERTREGISTERPROC)( PEXPERTENUMINFO );typedef BOOL (WINAPI * PEXPERTCONFIGPROC) ( HEXPERTKEY, PEXPERTCONFIG*, PEXPERTSTARTUPINFO, DWORD, HWND );typedef BOOL (WINAPI * PEXPERTRUNPROC) ( HEXPERTKEY, PEXPERTCONFIG, PEXPERTSTARTUPINFO, DWORD, HWND);// EXPERTENUMINFO describes an expert that NetMon has loaded from disk.
// It does not include any configuration or runtime information.
typedef struct _EXPERTENUMINFO{ char szName[EXPERTSTRINGLENGTH]; char szVendor[EXPERTSTRINGLENGTH]; char szDescription[EXPERTSTRINGLENGTH]; DWORD Version; DWORD Flags; char szDllName[MAX_PATH]; // private, dont' touch
HEXPERT hExpert; // private, don't touch
HINSTANCE hModule; // private, don't touch
PEXPERTREGISTERPROC pRegisterProc; // private, don't touch
PEXPERTCONFIGPROC pConfigProc; // private, don't touch
PEXPERTRUNPROC pRunProc; // private, don't touch
} EXPERTENUMINFO;typedef EXPERTENUMINFO * PEXPERTENUMINFO;#define EXPERT_ENUM_FLAG_CONFIGURABLE ( 0x1 )
#define EXPERT_ENUM_FLAG_VIEWER_PRIVATE ( 0x2 )
#define EXPERT_ENUM_FLAG_NO_VIEWER ( 0x4 )
#define EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_SUMMARY ( 0x10 )
#define EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_DETAIL ( 0x20 )
// EXPERTSTARTUPINFO
// This gives the Expert an indication of where he came from.
// Note: if the lpPropertyInst->PropertyInfo->DataQualifier == PROP_QUAL_FLAGS
// then the sBitField structure is filled in
typedef struct _EXPERTSTARTUPINFO{ DWORD Flags; HCAPTURE hCapture; char szCaptureFile[MAX_PATH]; DWORD dwFrameNumber; HPROTOCOL hProtocol;
LPPROPERTYINST lpPropertyInst;
struct { BYTE BitNumber; BOOL bOn; } sBitfield;
} EXPERTSTARTUPINFO;// EXPERTCONFIG
// This is a generic holder for an Expert's config data.
typedef struct _EXPERTCONFIG{ DWORD RawConfigLength; BYTE RawConfigData[0];
} EXPERTCONFIG;typedef EXPERTCONFIG * PEXPERTCONFIG;// CONFIGUREDEXPERT
// This structure associates a loaded expert with its configuration data.
typedef struct{ HEXPERT hExpert; DWORD StartupFlags; PEXPERTCONFIG pConfig;} CONFIGUREDEXPERT;typedef CONFIGUREDEXPERT * PCONFIGUREDEXPERT;// EXPERTFRAMEDESCRIPTOR - passed back to the expert to fulfil the request for a frame
typedef struct{ DWORD FrameNumber; // Frame Number.
HFRAME hFrame; // Handle to the frame.
ULPFRAME pFrame; // pointer to frame.
LPRECOGNIZEDATATABLE lpRecognizeDataTable;// pointer to table of RECOGNIZEDATA structures.
LPPROPERTYTABLE lpPropertyTable; // pointer to property table.
} EXPERTFRAMEDESCRIPTOR;typedef EXPERTFRAMEDESCRIPTOR * LPEXPERTFRAMEDESCRIPTOR;#define GET_SPECIFIED_FRAME ( 0 )
#define GET_FRAME_NEXT_FORWARD ( 1 )
#define GET_FRAME_NEXT_BACKWARD ( 2 )
#define FLAGS_DEFER_TO_UI_FILTER ( 0x1 )
#define FLAGS_ATTACH_PROPERTIES ( 0x2 )
// EXPERTSTATUSENUM
// gives the possible values for the status field in the EXPERTSTATUS structure
typedef /* [public][public][public] */ enum __MIDL___MIDL_itf_netmon_0000_0016 { EXPERTSTATUS_INACTIVE = 0, EXPERTSTATUS_STARTING = EXPERTSTATUS_INACTIVE + 1, EXPERTSTATUS_RUNNING = EXPERTSTATUS_STARTING + 1, EXPERTSTATUS_PROBLEM = EXPERTSTATUS_RUNNING + 1, EXPERTSTATUS_ABORTED = EXPERTSTATUS_PROBLEM + 1, EXPERTSTATUS_DONE = EXPERTSTATUS_ABORTED + 1 } EXPERTSTATUSENUMERATION;
// EXPERTSUBSTATUS bitfield
// gives the possible values for the substatus field in the EXPERTSTATUS structure
#define EXPERTSUBSTATUS_ABORTED_USER ( 0x1 )
#define EXPERTSUBSTATUS_ABORTED_LOAD_FAIL ( 0x2 )
#define EXPERTSUBSTATUS_ABORTED_THREAD_FAIL ( 0x4 )
#define EXPERTSUBSTATUS_ABORTED_BAD_ENTRY ( 0x8 )
// EXPERTSTATUS
// Indicates the current status of a running expert.
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0017 { EXPERTSTATUSENUMERATION Status; DWORD SubStatus; DWORD PercentDone; DWORD Frame; char szStatusText[ 260 ]; } EXPERTSTATUS;
typedef EXPERTSTATUS *PEXPERTSTATUS;
// EXPERT STARTUP FLAGS
#define EXPERT_STARTUP_FLAG_USE_STARTUP_DATA_OVER_CONFIG_DATA ( 0x1 )
//=============================================================================
//=============================================================================
// (NetMon.h)
//=============================================================================
//=============================================================================
// A frame with no number contains this value as its frame number.
#define INVALID_FRAME_NUMBER ( ( DWORD )-1 )
//=============================================================================
// Capture file flags.
//=============================================================================
#define CAPTUREFILE_OPEN OPEN_EXISTING
#define CAPTUREFILE_CREATE CREATE_NEW
//=============================================================================
// CAPTURE CONTEXT API's.
//=============================================================================
LPSYSTEMTIME WINAPI GetCaptureTimeStamp(HCAPTURE hCapture);
DWORD WINAPI GetCaptureMacType(HCAPTURE hCapture);
DWORD WINAPI GetCaptureTotalFrames(HCAPTURE hCapture);
LPSTR WINAPI GetCaptureComment(HCAPTURE hCapture);
//=============================================================================
// FRAME HELP API's.
//=============================================================================
DWORD WINAPI MacTypeToAddressType(DWORD MacType);
DWORD WINAPI AddressTypeToMacType(DWORD AddressType);
DWORD WINAPI GetFrameDstAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);
DWORD WINAPI GetFrameSrcAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);
HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME hFrame);
DWORD WINAPI GetFrameDestAddress(HFRAME hFrame, LPADDRESS2 lpAddress, DWORD AddressType, DWORD Flags);
DWORD WINAPI GetFrameSourceAddress(HFRAME hFrame, LPADDRESS2 lpAddress, DWORD AddressType, DWORD Flags);
DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);
BOOL WINAPI CompareFrameDestAddress(HFRAME hFrame, LPADDRESS2 lpAddress);
BOOL WINAPI CompareFrameSourceAddress(HFRAME hFrame, LPADDRESS2 lpAddress);
DWORD WINAPI GetFrameLength(HFRAME hFrame);
DWORD WINAPI GetFrameStoredLength(HFRAME hFrame);
DWORD WINAPI GetFrameMacType(HFRAME hFrame);
DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);
DWORD WINAPI GetFrameNumber(HFRAME hFrame);
__int64 WINAPI GetFrameTimeStamp(HFRAME hFrame);
ULPFRAME WINAPI GetFrameFromFrameHandle(HFRAME hFrame);
//=============================================================================
// FRAME API's.
//=============================================================================
HFRAME WINAPI ModifyFrame(HCAPTURE hCapture, DWORD FrameNumber, LPBYTE FrameData, DWORD FrameLength, __int64 TimeStamp);
HFRAME WINAPI FindNextFrame(HFRAME hCurrentFrame, LPSTR ProtocolName, LPADDRESS2 lpDestAddress, LPADDRESS2 lpSrcAddress, LPWORD ProtocolOffset, DWORD OriginalFrameNumber, DWORD nHighestFrame);
HFRAME WINAPI FindPreviousFrame(HFRAME hCurrentFrame, LPSTR ProtocolName, LPADDRESS2 lpDstAddress, LPADDRESS2 lpSrcAddress, LPWORD ProtocolOffset, DWORD OriginalFrameNumber, DWORD nLowestFrame );
HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME);
HFRAME WINAPI GetFrame(HCAPTURE hCapture, DWORD FrameNumber);
LPRECOGNIZEDATATABLE WINAPI GetFrameRecognizeData(HFRAME hFrame);
//=============================================================================
// Protocol API's.
//=============================================================================
HPROTOCOL WINAPI CreateProtocol(LPSTR ProtocolName, LPENTRYPOINTS lpEntryPoints, DWORD cbEntryPoints);
VOID WINAPI DestroyProtocol(HPROTOCOL hProtocol);
LPPROTOCOLINFO WINAPI GetProtocolInfo(HPROTOCOL hProtocol);
HPROPERTY WINAPI GetProperty(HPROTOCOL hProtocol, LPSTR PropertyName);
HPROTOCOL WINAPI GetProtocolFromName(LPSTR ProtocolName);
DWORD WINAPI GetProtocolStartOffset(HFRAME hFrame, LPSTR ProtocolName);
DWORD WINAPI GetProtocolStartOffsetHandle(HFRAME hFrame, HPROTOCOL hProtocol);
DWORD WINAPI GetPreviousProtocolOffsetByName(HFRAME hFrame, DWORD dwStartOffset, LPSTR szProtocolName, DWORD* pdwPreviousOffset);
LPPROTOCOLTABLE WINAPI GetEnabledProtocols(HCAPTURE hCapture);
//=============================================================================
// Property API's.
//=============================================================================
DWORD WINAPI CreatePropertyDatabase(HPROTOCOL hProtocol, DWORD nProperties);
DWORD WINAPI DestroyPropertyDatabase(HPROTOCOL hProtocol);
HPROPERTY WINAPI AddProperty(HPROTOCOL hProtocol, LPPROPERTYINFO PropertyInfo);
BOOL WINAPI AttachPropertyInstance(HFRAME hFrame, HPROPERTY hProperty, DWORD Length, ULPVOID lpData, DWORD HelpID, DWORD Level, DWORD IFlags);
BOOL WINAPI AttachPropertyInstanceEx(HFRAME hFrame, HPROPERTY hProperty, DWORD Length, ULPVOID lpData, DWORD ExLength, ULPVOID lpExData, DWORD HelpID, DWORD Level, DWORD IFlags);
LPPROPERTYINST WINAPI FindPropertyInstance(HFRAME hFrame, HPROPERTY hProperty);
LPPROPERTYINST WINAPI FindPropertyInstanceRestart (HFRAME hFrame, HPROPERTY hProperty, LPPROPERTYINST *lpRestartKey, BOOL DirForward );
LPPROPERTYINFO WINAPI GetPropertyInfo(HPROPERTY hProperty);
LPSTR WINAPI GetPropertyText(HFRAME hFrame, LPPROPERTYINST lpPI, LPSTR szBuffer, DWORD BufferSize);
DWORD WINAPI ResetPropertyInstanceLength( LPPROPERTYINST lpProp, WORD nOrgLen, WORD nNewLen );//=============================================================================
// MISC. API's.
//=============================================================================
DWORD WINAPI GetCaptureCommentFromFilename(LPSTR lpFilename, LPSTR lpComment, DWORD BufferSize);
int WINAPI CompareAddresses(LPADDRESS2 lpAddress1, LPADDRESS2 lpAddress2);
DWORD WINAPIV FormatPropertyInstance(LPPROPERTYINST lpPropertyInst, ...);
SYSTEMTIME * WINAPI AdjustSystemTime(SYSTEMTIME *SystemTime, __int64 TimeDelta);
LPSTR WINAPI NMRtlIpv6AddressToStringA(const BYTE IP6Addr[],LPSTR S);
LPWSTR WINAPI NMRtlIpv6AddressToStringW(const BYTE IP6Addr[], LPWSTR S);
ULONG WINAPI NMRtlIpv6StringToAddressA(LPCSTR S, LPCSTR *Terminator, BYTE IP6Addr[]);
ULONG WINAPI NMRtlIpv6StringToAddressW(LPCWSTR S, LPCWSTR *Terminator, BYTE IP6Addr[]);
//=============================================================================
// EXPERT API's for use by Experts
//=============================================================================
DWORD WINAPI ExpertGetFrame( IN HEXPERTKEY hExpertKey, IN DWORD Direction, IN DWORD RequestFlags, IN DWORD RequestedFrameNumber, IN HFILTER hFilter, OUT LPEXPERTFRAMEDESCRIPTOR pEFrameDescriptor);
LPVOID WINAPI ExpertAllocMemory( IN HEXPERTKEY hExpertKey, IN SIZE_T nBytes, OUT DWORD* pError);
LPVOID WINAPI ExpertReallocMemory( IN HEXPERTKEY hExpertKey, IN LPVOID pOriginalMemory, IN SIZE_T nBytes, OUT DWORD* pError);
DWORD WINAPI ExpertFreeMemory( IN HEXPERTKEY hExpertKey, IN LPVOID pOriginalMemory);
SIZE_T WINAPI ExpertMemorySize( IN HEXPERTKEY hExpertKey, IN LPVOID pOriginalMemory);
DWORD WINAPI ExpertIndicateStatus( IN HEXPERTKEY hExpertKey, IN EXPERTSTATUSENUMERATION Status, IN DWORD SubStatus, IN const char * szText, IN LONG PercentDone);
DWORD WINAPI ExpertSubmitEvent( IN HEXPERTKEY hExpertKey, IN PNMEVENTDATA pExpertEvent);
DWORD WINAPI ExpertGetStartupInfo( IN HEXPERTKEY hExpertKey, OUT PEXPERTSTARTUPINFO pExpertStartupInfo);
//=============================================================================
// DEBUG API's.
//=============================================================================
#ifdef DEBUG
//=============================================================================
// BreakPoint() macro.
//=============================================================================
// We do not want breakpoints in our code any more...
// so we are defining DebugBreak(), usually a system call, to be
// just a dprintf. BreakPoint() is still defined as DebugBreak().
#ifdef DebugBreak
#undef DebugBreak
#endif // DebugBreak
#define DebugBreak() dprintf("DebugBreak Called at %s:%s", __FILE__, __LINE__);
#define BreakPoint() DebugBreak()
#endif // DEBUG
//=============================================================================
//=============================================================================
// (NMBlob.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Blob Constants
//=============================================================================
#define INITIAL_RESTART_KEY ( 0xffffffff )
//=============================================================================
// Blob Core Helper Routines
//=============================================================================
DWORD _cdecl CreateBlob(HBLOB * phBlob);
DWORD _cdecl DestroyBlob(HBLOB hBlob);
DWORD _cdecl SetStringInBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, const char * pString);
DWORD _cdecl SetWStringInBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, const WCHAR * pwString);
DWORD _cdecl ConvertWStringToHexString(const WCHAR *pwsz, char ** ppsz);
DWORD _cdecl GetStringFromBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, const char ** ppString);
DWORD _cdecl ConvertHexStringToWString(CHAR *psz, WCHAR **ppwsz);
DWORD _cdecl GetWStringFromBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, WCHAR ** ppwString);
DWORD _cdecl GetStringsFromBlob(HBLOB hBlob, const char * pRequestedOwnerName, const char * pRequestedCategoryName, const char * pRequestedTagName, const char ** ppReturnedOwnerName, const char ** ppReturnedCategoryName, const char ** ppReturnedTagName, const char ** ppReturnedString, DWORD * pRestartKey);
DWORD _cdecl RemoveFromBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName);
DWORD _cdecl LockBlob(HBLOB hBlob);
DWORD _cdecl UnlockBlob(HBLOB hBlob);
DWORD _cdecl FindUnknownBlobCategories( HBLOB hBlob, const char * pOwnerName, const char * pKnownCategoriesTable[], HBLOB hUnknownCategoriesBlob);
//=============================================================================
// Blob Helper Routines
//=============================================================================
DWORD _cdecl MergeBlob(HBLOB hDstBlob, HBLOB hSrcBlob);
DWORD _cdecl DuplicateBlob (HBLOB hSrcBlob, HBLOB *hBlobThatWillBeCreated );
DWORD _cdecl WriteBlobToFile(HBLOB hBlob, const char * pFileName);
DWORD _cdecl ReadBlobFromFile(HBLOB* phBlob, const char * pFileName);
DWORD _cdecl RegCreateBlobKey(HKEY hkey, const char* szBlobName, HBLOB hBlob);
DWORD _cdecl RegOpenBlobKey(HKEY hkey, const char* szBlobName, HBLOB* phBlob);
DWORD _cdecl MarshalBlob(HBLOB hBlob, DWORD* pSize, BYTE** ppBytes);
DWORD _cdecl UnMarshalBlob(HBLOB* phBlob, DWORD Size, BYTE* pBytes);
DWORD _cdecl SetDwordInBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, DWORD Dword);
DWORD _cdecl GetDwordFromBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, DWORD * pDword);
DWORD _cdecl SetBoolInBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, BOOL Bool);
DWORD _cdecl GetBoolFromBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, BOOL * pBool);
DWORD _cdecl GetMacAddressFromBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, BYTE * pMacAddress);
DWORD _cdecl SetMacAddressInBlob(HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pTagName, const BYTE * pMacAddress);
DWORD _cdecl FindUnknownBlobTags( HBLOB hBlob, const char * pOwnerName, const char * pCategoryName, const char * pKnownTagsTable[], HBLOB hUnknownTagsBlob);
//=============================================================================
// Blob NPP Helper Routines
//=============================================================================
DWORD _cdecl SetNetworkInfoInBlob(HBLOB hBlob, LPNETWORKINFO lpNetworkInfo);
DWORD _cdecl GetNetworkInfoFromBlob(HBLOB hBlob, LPNETWORKINFO lpNetworkInfo);
DWORD _cdecl CreateNPPInterface ( HBLOB hBlob, REFIID iid, void ** ppvObject);
DWORD _cdecl SetClassIDInBlob(HBLOB hBlob, const char* pOwnerName, const char* pCategoryName, const char* pTagName, const CLSID* pClsID);
DWORD _cdecl GetClassIDFromBlob(HBLOB hBlob, const char* pOwnerName, const char* pCategoryName, const char* pTagName, CLSID * pClsID);
DWORD _cdecl SetNPPPatternFilterInBlob( HBLOB hBlob, LPEXPRESSION pExpression, HBLOB hErrorBlob);
DWORD _cdecl GetNPPPatternFilterFromBlob( HBLOB hBlob, LPEXPRESSION pExpression, HBLOB hErrorBlob);
DWORD _cdecl SetNPPAddress2FilterInBlob( HBLOB hBlob, LPADDRESSTABLE2 pAddressTable);
DWORD _cdecl GetNPPAddress2FilterFromBlob( HBLOB hBlob, LPADDRESSTABLE2 pAddressTable, HBLOB hErrorBlob);
DWORD _cdecl SetNPPTriggerInBlob( HBLOB hBlob, LPTRIGGER pTrigger, HBLOB hErrorBlob);
DWORD _cdecl GetNPPTriggerFromBlob( HBLOB hBlob, LPTRIGGER pTrigger, HBLOB hErrorBlob);
DWORD _cdecl SetNPPEtypeSapFilter(HBLOB hBlob, WORD nSaps, WORD nEtypes, LPBYTE lpSapTable, LPWORD lpEtypeTable, DWORD FilterFlags, HBLOB hErrorBlob);
DWORD _cdecl GetNPPEtypeSapFilter(HBLOB hBlob, WORD *pnSaps, WORD *pnEtypes, LPBYTE *ppSapTable, LPWORD *ppEtypeTable, DWORD *pFilterFlags, HBLOB hErrorBlob);
// GetNPPMacTypeAsNumber maps the tag NPP:NetworkInfo:MacType to the MAC_TYPE_*
// defined in the NPPTYPES.h. If the tag is unavailable, the API returns MAC_TYPE_UNKNOWN.
DWORD _cdecl GetNPPMacTypeAsNumber(HBLOB hBlob, LPDWORD lpMacType);
// See if a remote catagory exists... and make sure that the remote computername
// isn't the same as the local computername.
BOOL _cdecl IsRemoteNPP ( HBLOB hBLOB);
//=============================================================================
// npp tag definitions
//=============================================================================
#define OWNER_NPP "NPP"
#define CATEGORY_NETWORKINFO "NetworkInfo"
#define TAG_MACTYPE "MacType"
#define TAG_CURRENTADDRESS "CurrentAddress"
#define TAG_LINKSPEED "LinkSpeed"
#define TAG_MAXFRAMESIZE "MaxFrameSize"
#define TAG_FLAGS "Flags"
#define TAG_TIMESTAMPSCALEFACTOR "TimeStampScaleFactor"
#define TAG_COMMENT "Comment"
#define TAG_NODENAME "NodeName"
#define TAG_NAME "Name"
#define TAG_FAKENPP "Fake"
#define TAG_PROMISCUOUS_MODE "PMode"
#define CATEGORY_LOCATION "Location"
#define TAG_RAS "Dial-up Connection"
#define TAG_MACADDRESS "MacAddress"
#define TAG_CLASSID "ClassID"
#define TAG_NAME "Name"
#define TAG_CONNECTIONNAME "Connection Name"
#define TAG_FRIENDLYNAME "Friendly Name"
#define CATEGORY_CONFIG "Config"
#define TAG_FRAME_SIZE "FrameSize"
#define TAG_UPDATE_FREQUENCY "UpdateFreq"
#define TAG_BUFFER_SIZE "BufferSize"
#define TAG_PATTERN_DESIGNATOR "PatternMatch"
#define TAG_PATTERN "Pattern"
#define TAG_ADDRESS_PAIR "AddressPair"
#define TAG_CONNECTIONFLAGS "ConnectionFlags"
#define TAG_ETYPES "Etypes"
#define TAG_SAPS "Saps"
#define TAG_NO_CONVERSATION_STATS "NoConversationStats"
#define TAG_NO_STATS_FRAME "NoStatsFrame"
#define TAG_DONT_DELETE_EMPTY_CAPTURE "DontDeleteEmptyCapture"
#define TAG_WANT_PROTOCOL_INFO "WantProtocolInfo"
#define TAG_INTERFACE_DELAYED_CAPTURE "IDdC"
#define TAG_INTERFACE_REALTIME_CAPTURE "IRTC"
#define TAG_INTERFACE_STATS "ISts"
#define TAG_INTERFACE_TRANSMIT "IXmt"
#define TAG_LOCAL_ONLY "LocalOnly"
// Is_Remote is set to TRUE by NPPs that go remote. Note that when you
// are looking for a remote NPP, you probably also need to ask for
// blobs that have the TAG_GET_SPECIAL_BLOBS bool set
#define TAG_IS_REMOTE "IsRemote"
#define CATEGORY_TRIGGER "Trigger"
#define TAG_TRIGGER "Trigger"
#define CATEGORY_FINDER "Finder"
#define TAG_ROOT "Root"
#define TAG_PROCNAME "ProcName"
#define TAG_DISP_STRING "Display"
#define TAG_DLL_FILENAME "DLLName"
#define TAG_GET_SPECIAL_BLOBS "Specials"
#define CATEGORY_REMOTE "Remote"
#define TAG_REMOTECOMPUTER "RemoteComputer"
#define TAG_REMOTECLASSID "ClassID"
//=============================================================================
// npp value definitions
//=============================================================================
// Mac types
#define PROTOCOL_STRING_ETHERNET_TXT "ETHERNET"
#define PROTOCOL_STRING_TOKENRING_TXT "TOKENRING"
#define PROTOCOL_STRING_FDDI_TXT "FDDI"
#define PROTOCOL_STRING_ATM_TXT "ATM"
#define PROTOCOL_STRING_1394_TXT "IP/1394"
// lower protocols
#define PROTOCOL_STRING_IP_TXT "IP"
#define PROTOCOL_STRING_IP6_TXT "IP6"
#define PROTOCOL_STRING_IPX_TXT "IPX"
#define PROTOCOL_STRING_XNS_TXT "XNS"
#define PROTOCOL_STRING_VINES_IP_TXT "VINES IP"
// upper protocols
#define PROTOCOL_STRING_ICMP_TXT "ICMP"
#define PROTOCOL_STRING_TCP_TXT "TCP"
#define PROTOCOL_STRING_UDP_TXT "UDP"
#define PROTOCOL_STRING_SPX_TXT "SPX"
#define PROTOCOL_STRING_NCP_TXT "NCP"
// pseudo protocols
#define PROTOCOL_STRING_ANY_TXT "ANY"
#define PROTOCOL_STRING_ANY_GROUP_TXT "ANY GROUP"
#define PROTOCOL_STRING_HIGHEST_TXT "HIGHEST"
#define PROTOCOL_STRING_LOCAL_ONLY_TXT "LOCAL ONLY"
#define PROTOCOL_STRING_UNKNOWN_TXT "UNKNOWN"
#define PROTOCOL_STRING_DATA_TXT "DATA"
#define PROTOCOL_STRING_FRAME_TXT "FRAME"
#define PROTOCOL_STRING_NONE_TXT "NONE"
#define PROTOCOL_STRING_EFFECTIVE_TXT "EFFECTIVE"
#define ADDRESS_PAIR_INCLUDE_TXT "INCLUDE"
#define ADDRESS_PAIR_EXCLUDE_TXT "EXCLUDE"
#define INCLUDE_ALL_EXCEPT_TXT "INCLUDE ALL EXCEPT"
#define EXCLUDE_ALL_EXCEPT_TXT "EXCLUDE ALL EXCEPT"
#define PATTERN_MATCH_OR_TXT "OR("
#define PATTERN_MATCH_AND_TXT "AND("
#define TRIGGER_PATTERN_TXT "PATTERN MATCH"
#define TRIGGER_BUFFER_TXT "BUFFER CONTENT"
#define TRIGGER_NOTIFY_TXT "NOTIFY"
#define TRIGGER_STOP_TXT "STOP"
#define TRIGGER_PAUSE_TXT "PAUSE"
#define TRIGGER_25_PERCENT_TXT "25 PERCENT"
#define TRIGGER_50_PERCENT_TXT "50 PERCENT"
#define TRIGGER_75_PERCENT_TXT "75 PERCENT"
#define TRIGGER_100_PERCENT_TXT "100 PERCENT"
#define PATTERN_MATCH_NOT_TXT "NOT"
//=============================================================================
//=============================================================================
// (NMRegHelp.h)
//=============================================================================
//=============================================================================
// Registry helpers
LPCSTR _cdecl FindOneOf(LPCSTR p1, LPCSTR p2);
LONG _cdecl recursiveDeleteKey(HKEY hKeyParent, // Parent of key to delete.
const char* lpszKeyChild); // Key to delete.
BOOL _cdecl SubkeyExists(const char* pszPath, // Path of key to check
const char* szSubkey); // Key to check
BOOL _cdecl setKeyAndValue(const char* szKey, const char* szSubkey, const char* szValue, const char* szName) ;
//=============================================================================
//=============================================================================
// (NMIpStructs.h)
//=============================================================================
//=============================================================================
// These structures are used to decode network data and so need to be packed
#pragma pack(push, 1)
//
// IP Packet Structure
//
typedef struct _IP { union { BYTE Version; BYTE HdrLen; }; BYTE ServiceType; WORD TotalLen; WORD ID; union { WORD Flags; WORD FragOff; }; BYTE TimeToLive; BYTE Protocol; WORD HdrChksum; DWORD SrcAddr; DWORD DstAddr; BYTE Options[0];} IP;
typedef IP * LPIP;typedef IP UNALIGNED * ULPIP;// Psuedo Header used for CheckSum Calculations
typedef struct _PSUHDR { DWORD ph_SrcIP; DWORD ph_DstIP; UCHAR ph_Zero; UCHAR ph_Proto; WORD ph_ProtLen; } PSUHDR;
typedef PSUHDR UNALIGNED * LPPSUHDR;//
// IP Bitmasks that are useful
// (and the appropriate bit shifts, as well)
//
#define IP_VERSION_MASK ((BYTE) 0xf0)
#define IP_VERSION_SHIFT (4)
#define IP_HDRLEN_MASK ((BYTE) 0x0f)
#define IP_HDRLEN_SHIFT (0)
#define IP_PRECEDENCE_MASK ((BYTE) 0xE0)
#define IP_PRECEDENCE_SHIFT (5)
#define IP_TOS_MASK ((BYTE) 0x1E)
#define IP_TOS_SHIFT (1)
#define IP_DELAY_MASK ((BYTE) 0x10)
#define IP_THROUGHPUT_MASK ((BYTE) 0x08)
#define IP_RELIABILITY_MASK ((BYTE) 0x04)
#define IP_FLAGS_MASK ((BYTE) 0xE0)
#define IP_FLAGS_SHIFT (13)
#define IP_DF_MASK ((BYTE) 0x40)
#define IP_MF_MASK ((BYTE) 0x20)
#define IP_MF_SHIFT (5)
#define IP_FRAGOFF_MASK ((WORD) 0x1FFF)
#define IP_FRAGOFF_SHIFT (3)
#define IP_TCC_MASK ((DWORD) 0xFFFFFF00)
#define IP_TIME_OPTS_MASK ((BYTE) 0x0F)
#define IP_MISS_STNS_MASK ((BYTE) 0xF0)
#define IP_TIME_OPTS_SHIFT (0)
#define IP_MISS_STNS_SHIFT (4)
//
// Offset to checksum field in ip header
//
#define IP_CHKSUM_OFF 10
INLINE BYTE IP_Version(ULPIP pIP){ return (pIP->Version & IP_VERSION_MASK) >> IP_VERSION_SHIFT;}
INLINE DWORD IP_HdrLen(ULPIP pIP){ return ((pIP->HdrLen & IP_HDRLEN_MASK) >> IP_HDRLEN_SHIFT) << 2;}
INLINE WORD IP_FragOff(ULPIP pIP){ return (XCHG(pIP->FragOff) & IP_FRAGOFF_MASK) << IP_FRAGOFF_SHIFT;}
INLINE DWORD IP_TotalLen(ULPIP pIP){ return XCHG(pIP->TotalLen);}
INLINE DWORD IP_MoreFragments(ULPIP pIP){ return (pIP->Flags & IP_MF_MASK) >> IP_MF_SHIFT;}//
// Well known ports in the TCP/IP protocol (See RFC 1060)
//
#define PORT_TCPMUX 1 // TCP Port Service Multiplexer
#define PORT_RJE 5 // Remote Job Entry
#define PORT_ECHO 7 // Echo
#define PORT_DISCARD 9 // Discard
#define PORT_USERS 11 // Active users
#define PORT_DAYTIME 13 // Daytime
#define PORT_NETSTAT 15 // Netstat
#define PORT_QUOTE 17 // Quote of the day
#define PORT_CHARGEN 19 // Character Generator
#define PORT_FTPDATA 20 // File transfer [default data]
#define PORT_FTP 21 // File transfer [Control]
#define PORT_TELNET 23 // Telnet
#define PORT_SMTP 25 // Simple Mail Transfer
#define PORT_NSWFE 27 // NSW User System FE
#define PORT_MSGICP 29 // MSG ICP
#define PORT_MSGAUTH 31 // MSG Authentication
#define PORT_DSP 33 // Display Support
#define PORT_PRTSERVER 35 // any private printer server
#define PORT_TIME 37 // Time
#define PORT_RLP 39 // Resource Location Protocol
#define PORT_GRAPHICS 41 // Graphics
#define PORT_NAMESERVER 42 // Host Name Server
#define PORT_NICNAME 43 // Who is
#define PORT_MPMFLAGS 44 // MPM Flags
#define PORT_MPM 45 // Message Processing Module [recv]
#define PORT_MPMSND 46 // MPM [default send]
#define PORT_NIFTP 47 // NI FTP
#define PORT_LOGIN 49 // Login Host Protocol
#define PORT_LAMAINT 51 // IMP Logical Address Maintenance
#define PORT_DOMAIN 53 // Domain Name Server
#define PORT_ISIGL 55 // ISI Graphics Language
#define PORT_ANYTERMACC 57 // any private terminal access
#define PORT_ANYFILESYS 59 // any private file service
#define PORT_NIMAIL 61 // NI Mail
#define PORT_VIAFTP 63 // VIA Systems - FTP
#define PORT_TACACSDS 65 // TACACS - Database Service
#define PORT_BOOTPS 67 // Bootstrap Protocol server
#define PORT_BOOTPC 68 // Bootstrap Protocol client
#define PORT_TFTP 69 // Trivial File Transfer
#define PORT_NETRJS1 71 // Remote Job service
#define PORT_NETRJS2 72 // Remote Job service
#define PORT_NETRJS3 73 // Remote Job service
#define PORT_NETRJS4 74 // Remote Job service
#define PORT_ANYDIALOUT 75 // any private dial out service
#define PORT_ANYRJE 77 // any private RJE service
#define PORT_FINGER 79 // Finger
#define PORT_HTTP 80 // HTTP (www)
#define PORT_HOSTS2NS 81 // Hosts2 Name Server
#define PORT_MITMLDEV1 83 // MIT ML Device
#define PORT_MITMLDEV2 85 // MIT ML Device
#define PORT_ANYTERMLINK 87 // any private terminal link
#define PORT_SUMITTG 89 // SU/MIT Telnet Gateway
#define PORT_MITDOV 91 // MIT Dover Spooler
#define PORT_DCP 93 // Device Control Protocol
#define PORT_SUPDUP 95 // SUPDUP
#define PORT_SWIFTRVF 97 // Swift Remote Vitural File Protocol
#define PORT_TACNEWS 98 // TAC News
#define PORT_METAGRAM 99 // Metagram Relay
#define PORT_NEWACCT 100 // [Unauthorized use]
#define PORT_HOSTNAME 101 // NIC Host Name Server
#define PORT_ISOTSAP 102 // ISO-TSAP
#define PORT_X400 103 // X400
#define PORT_X400SND 104 // X400 - SND
#define PORT_CSNETNS 105 // Mailbox Name Nameserver
#define PORT_RTELNET 107 // Remote Telnet Service
#define PORT_POP2 109 // Post Office Protocol - version 2
#define PORT_POP3 110 // Post Office Protocol - version 3
#define PORT_SUNRPC 111 // SUN Remote Procedure Call
#define PORT_AUTH 113 // Authentication
#define PORT_SFTP 115 // Simple File Transfer Protocol
#define PORT_UUCPPATH 117 // UUCP Path Service
#define PORT_NNTP 119 // Network News Transfer Protocol
#define PORT_ERPC 121 // Encore Expedited Remote Proc. Call
#define PORT_NTP 123 // Network Time Protocol
#define PORT_LOCUSMAP 125 // Locus PC-Interface Net Map Sesrver
#define PORT_LOCUSCON 127 // Locus PC-Interface Conn Server
#define PORT_PWDGEN 129 // Password Generator Protocol
#define PORT_CISCOFNA 130 // CISCO FNATIVE
#define PORT_CISCOTNA 131 // CISCO TNATIVE
#define PORT_CISCOSYS 132 // CISCO SYSMAINT
#define PORT_STATSRV 133 // Statistics Service
#define PORT_INGRESNET 134 // Ingres net service
#define PORT_LOCSRV 135 // Location Service
#define PORT_PROFILE 136 // PROFILE Naming System
#define PORT_NETBIOSNS 137 // NETBIOS Name Service
#define PORT_NETBIOSDGM 138 // NETBIOS Datagram Service
#define PORT_NETBIOSSSN 139 // NETBIOS Session Service
#define PORT_EMFISDATA 140 // EMFIS Data Service
#define PORT_EMFISCNTL 141 // EMFIS Control Service
#define PORT_BLIDM 142 // Britton-Lee IDM
#define PORT_IMAP2 143 // Interim Mail Access Protocol v2
#define PORT_NEWS 144 // NewS
#define PORT_UAAC 145 // UAAC protocol
#define PORT_ISOTP0 146 // ISO-IP0
#define PORT_ISOIP 147 // ISO-IP
#define PORT_CRONUS 148 // CRONUS-Support
#define PORT_AED512 149 // AED 512 Emulation Service
#define PORT_SQLNET 150 // SQL-NET
#define PORT_HEMS 151 // HEMS
#define PORT_BFTP 152 // Background File Transfer Protocol
#define PORT_SGMP 153 // SGMP
#define PORT_NETSCPROD 154 // NETSC
#define PORT_NETSCDEV 155 // NETSC
#define PORT_SQLSRV 156 // SQL service
#define PORT_KNETCMP 157 // KNET/VM Command/Message Protocol
#define PORT_PCMAILSRV 158 // PCMail server
#define PORT_NSSROUTING 159 // NSS routing
#define PORT_SGMPTRAPS 160 // SGMP-TRAPS
#define PORT_SNMP 161 // SNMP
#define PORT_SNMPTRAP 162 // SNMPTRAP
#define PORT_CMIPMANAGE 163 // CMIP/TCP Manager
#define PORT_CMIPAGENT 164 // CMIP/TCP Agent
#define PORT_XNSCOURIER 165 // Xerox
#define PORT_SNET 166 // Sirius Systems
#define PORT_NAMP 167 // NAMP
#define PORT_RSVD 168 // RSVC
#define PORT_SEND 169 // SEND
#define PORT_PRINTSRV 170 // Network Postscript
#define PORT_MULTIPLEX 171 // Network Innovations Multiples
#define PORT_CL1 172 // Network Innovations CL/1
#define PORT_XYPLEXMUX 173 // Xyplex
#define PORT_MAILQ 174 // MAILQ
#define PORT_VMNET 175 // VMNET
#define PORT_GENRADMUX 176 // GENRAD-MUX
#define PORT_XDMCP 177 // X Display Manager Control Protocol
#define PORT_NEXTSTEP 178 // NextStep Window Server
#define PORT_BGP 179 // Border Gateway Protocol
#define PORT_RIS 180 // Intergraph
#define PORT_UNIFY 181 // Unify
#define PORT_UNISYSCAM 182 // Unisys-Cam
#define PORT_OCBINDER 183 // OCBinder
#define PORT_OCSERVER 184 // OCServer
#define PORT_REMOTEKIS 185 // Remote-KIS
#define PORT_KIS 186 // KIS protocol
#define PORT_ACI 187 // Application Communication Interface
#define PORT_MUMPS 188 // MUMPS
#define PORT_QFT 189 // Queued File Transport
#define PORT_GACP 190 // Gateway Access Control Protocol
#define PORT_PROSPERO 191 // Prospero
#define PORT_OSUNMS 192 // OSU Network Monitoring System
#define PORT_SRMP 193 // Spider Remote Monitoring Protocol
#define PORT_IRC 194 // Internet Relay Chat Protocol
#define PORT_DN6NLMAUD 195 // DNSIX Network Level Module Audit
#define PORT_DN6SMMRED 196 // DSNIX Session Mgt Module Audit Redirector
#define PORT_DLS 197 // Directory Location Service
#define PORT_DLSMON 198 // Directory Location Service Monitor
#define PORT_ATRMTP 201 // AppleTalk Routing Maintenance
#define PORT_ATNBP 202 // AppleTalk Name Binding
#define PORT_AT3 203 // AppleTalk Unused
#define PORT_ATECHO 204 // AppleTalk Echo
#define PORT_AT5 205 // AppleTalk Unused
#define PORT_ATZIS 206 // AppleTalk Zone Information
#define PORT_AT7 207 // AppleTalk Unused
#define PORT_AT8 208 // AppleTalk Unused
#define PORT_SURMEAS 243 // Survey Measurement
#define PORT_LINK 245 // LINK
#define PORT_DSP3270 246 // Display Systems Protocol
#define PORT_LDAP1 389 // LDAP
#define PORT_ISAKMP 500 // ISAKMP
#define PORT_REXEC 512 // Remote Process Execution
#define PORT_RLOGIN 513 // Remote login a la telnet
#define PORT_RSH 514 // Remote command
#define PORT_LPD 515 // Line printer spooler - LPD
#define PORT_RIP 520 // TCP=? / UDP=RIP
#define PORT_TEMPO 526 // Newdate
#define PORT_COURIER 530 // rpc
#define PORT_NETNEWS 532 // READNEWS
#define PORT_UUCPD 540 // UUCPD
#define PORT_KLOGIN 543 //
#define PORT_KSHELL 544 // krcmd
#define PORT_DSF 555 //
#define PORT_REMOTEEFS 556 // RFS server
#define PORT_CHSHELL 562 // chmod
#define PORT_METER 570 // METER
#define PORT_PCSERVER 600 // SUN IPC Server
#define PORT_NQS 607 // NQS
#define PORT_HMMP_INDICATION 612 //
#define PORT_HMMP_OPERATION 613 //
#define PORT_MDQS 666 // MDQS
#define PORT_LPD721 721 // LPD Client (lpd client ports 721 - 731)
#define PORT_LPD722 722 // LPD Client (see RFC 1179)
#define PORT_LPD723 723 // LPD Client
#define PORT_LPD724 724 // LPD Client
#define PORT_LPD725 725 // LPD Client
#define PORT_LPD726 726 // LPD Client
#define PORT_LPD727 727 // LPD Client
#define PORT_LPD728 728 // LPD Client
#define PORT_LPD729 729 // LPD Client
#define PORT_LPD730 730 // LPD Client
#define PORT_LPD731 731 // LPD Client
#define PORT_RFILE 750 // RFILE
#define PORT_PUMP 751 // PUMP
#define PORT_QRH 752 // QRH
#define PORT_RRH 753 // RRH
#define PORT_TELL 754 // TELL
#define PORT_NLOGIN 758 // NLOGIN
#define PORT_CON 759 // CON
#define PORT_NS 760 // NS
#define PORT_RXE 761 // RXE
#define PORT_QUOTAD 762 // QUOTAD
#define PORT_CYCLESERV 763 // CYCLESERV
#define PORT_OMSERV 764 // OMSERV
#define PORT_WEBSTER 765 // WEBSTER
#define PORT_PHONEBOOK 767 // PHONE
#define PORT_VID 769 // VID
#define PORT_RTIP 771 // RTIP
#define PORT_CYCLESERV2 772 // CYCLESERV-2
#define PORT_SUBMIT 773 // submit
#define PORT_RPASSWD 774 // RPASSWD
#define PORT_ENTOMB 775 // ENTOMB
#define PORT_WPAGES 776 // WPAGES
#define PORT_WPGS 780 // wpgs
#define PORT_MDBSDAEMON 800 // MDBS DAEMON
#define PORT_DEVICE 801 // DEVICE
#define PORT_MAITRD 997 // MAITRD
#define PORT_BUSBOY 998 // BUSBOY
#define PORT_GARCON 999 // GARCON
#define PORT_NFS 2049 // NFS
#define PORT_LDAP2 3268 // LDAP
#define PORT_PPTP 5678 // PPTP
//=============================================================================
//=============================================================================
// (NMIcmpStructs.h)
//=============================================================================
//=============================================================================
//
// ICMP Frame Structure
//
typedef struct _RequestReplyFields { WORD ID; WORD SeqNo; } ReqReply;
typedef struct _ParameterProblemFields { BYTE Pointer; BYTE junk[ 3 ]; } ParmProb;
typedef struct _TimestampFields { DWORD tsOrig; DWORD tsRecv; DWORD tsXmit; } TS;
typedef struct _RouterAnnounceHeaderFields { BYTE NumAddrs; BYTE AddrEntrySize; WORD Lifetime; } RouterAH;
typedef struct _RouterAnnounceEntry { DWORD Address; DWORD PreferenceLevel; } RouterAE;
typedef struct _ICMP { BYTE Type; BYTE Code; WORD Checksum; union { DWORD Unused; DWORD Address; ReqReply RR; ParmProb PP; RouterAH RAH; };
union { TS Time; IP IP; RouterAE RAE[0]; };} ICMP;
typedef ICMP * LPICMP;typedef ICMP UNALIGNED * ULPICMP;#define ICMP_HEADER_LENGTH ( 8 )
// # of *BYTES* of IP data to attach to
// datagram in addition to IP header
#define ICMP_IP_DATA_LENGTH ( 8 )
//
// ICMP Packet Types
//
#define ECHO_REPLY ( 0 )
#define DESTINATION_UNREACHABLE ( 3 )
#define SOURCE_QUENCH ( 4 )
#define REDIRECT ( 5 )
#define ECHO ( 8 )
#define ROUTER_ADVERTISEMENT ( 9 )
#define ROUTER_SOLICITATION ( 10 )
#define TIME_EXCEEDED ( 11 )
#define PARAMETER_PROBLEM ( 12 )
#define TIMESTAMP ( 13 )
#define TIMESTAMP_REPLY ( 14 )
#define INFORMATION_REQUEST ( 15 )
#define INFORMATION_REPLY ( 16 )
#define ADDRESS_MASK_REQUEST ( 17 )
#define ADDRESS_MASK_REPLY ( 18 )
//=============================================================================
//=============================================================================
// (NMIpxStructs.h)
//=============================================================================
//=============================================================================
// IPX
typedef /* [public][public][public][public][public][public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0018 { UCHAR ha_address[ 6 ]; } HOST_ADDRESS;
typedef struct _IPXADDRESS { ULONG ipx_NetNumber; HOST_ADDRESS ipx_HostAddr; } IPXADDRESS;
typedef IPXADDRESS UNALIGNED * PIPXADDRESS;typedef struct _NET_ADDRESS { IPXADDRESS na_IPXAddr; USHORT na_socket; } NET_ADDRESS;
typedef NET_ADDRESS UNALIGNED * UPNET_ADDRESS;// IPX Internetwork Packet eXchange Protocol Header.
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0019 { USHORT ipx_checksum; USHORT ipx_length; UCHAR ipx_xport_control; UCHAR ipx_packet_type; NET_ADDRESS ipx_dest; NET_ADDRESS ipx_source; } IPX_HDR;
typedef IPX_HDR UNALIGNED * ULPIPX_HDR;// SPX - Sequenced Packet Protocol
typedef struct _SPX_HDR { IPX_HDR spx_idp_hdr; UCHAR spx_conn_ctrl; UCHAR spx_data_type; USHORT spx_src_conn_id; USHORT spx_dest_conn_id; USHORT spx_sequence_num; USHORT spx_ack_num; USHORT spx_alloc_num; } SPX_HDR;
typedef SPX_HDR UNALIGNED *PSPX_HDR;//=============================================================================
//=============================================================================
// (NMTcpStructs.h)
//=============================================================================
//=============================================================================
//
// TCP Packet Structure
//
typedef struct _TCP { WORD SrcPort; WORD DstPort; DWORD SeqNum; DWORD AckNum; BYTE DataOff; BYTE Flags; WORD Window; WORD Chksum; WORD UrgPtr; } TCP;
typedef TCP *LPTCP;
typedef TCP UNALIGNED * ULPTCP;INLINE DWORD TCP_HdrLen(ULPTCP pTCP){ return (pTCP->DataOff & 0xf0) >> 2;}
INLINE DWORD TCP_SrcPort(ULPTCP pTCP){ return XCHG(pTCP->SrcPort);}
INLINE DWORD TCP_DstPort(ULPTCP pTCP){ return XCHG(pTCP->DstPort);}//
// TCP Option Opcodes
//
#define TCP_OPTION_ENDOFOPTIONS ( 0 )
#define TCP_OPTION_NOP ( 1 )
#define TCP_OPTION_MAXSEGSIZE ( 2 )
#define TCP_OPTION_WSCALE ( 3 )
#define TCP_OPTION_SACK_PERMITTED ( 4 )
#define TCP_OPTION_SACK ( 5 )
#define TCP_OPTION_TIMESTAMPS ( 8 )
//
// TCP Flags
//
#define TCP_FLAG_URGENT ( 0x20 )
#define TCP_FLAG_ACK ( 0x10 )
#define TCP_FLAG_PUSH ( 0x8 )
#define TCP_FLAG_RESET ( 0x4 )
#define TCP_FLAG_SYN ( 0x2 )
#define TCP_FLAG_FIN ( 0x1 )
//
// TCP Field Masks
//
#define TCP_RESERVED_MASK ( 0xfc0 )
#pragma pack(pop)
//****************************************************************************
//****************************************************************************
// IDelaydC - used by a consumer to get frames after a capture has completed.
//****************************************************************************
//****************************************************************************
#define DEFAULT_DELAYED_BUFFER_SIZE ( 1 )
#define USE_DEFAULT_DRIVE_LETTER ( 0 )
#define RTC_FRAME_SIZE_FULL ( 0 )
extern RPC_IF_HANDLE __MIDL_itf_netmon_0000_v0_0_c_ifspec;extern RPC_IF_HANDLE __MIDL_itf_netmon_0000_v0_0_s_ifspec;
#ifndef __IDelaydC_INTERFACE_DEFINED__
#define __IDelaydC_INTERFACE_DEFINED__
/* interface IDelaydC *//* [local][unique][uuid][object] */
EXTERN_C const IID IID_IDelaydC;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("BFF9C030-B58F-11ce-B5B0-00AA006CB37D") IDelaydC : public IUnknown { public: virtual HRESULT STDMETHODCALLTYPE Connect( /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob) = 0; virtual HRESULT STDMETHODCALLTYPE Disconnect( void) = 0; virtual HRESULT STDMETHODCALLTYPE QueryStatus( /* [out] */ NETWORKSTATUS *pNetworkStatus) = 0; virtual HRESULT STDMETHODCALLTYPE Configure( /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob) = 0; virtual HRESULT STDMETHODCALLTYPE Start( /* [out] */ char *pFileName) = 0; virtual HRESULT STDMETHODCALLTYPE Pause( void) = 0; virtual HRESULT STDMETHODCALLTYPE Resume( void) = 0; virtual HRESULT STDMETHODCALLTYPE Stop( /* [out] */ LPSTATISTICS lpStats) = 0; virtual HRESULT STDMETHODCALLTYPE GetControlState( /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused) = 0; virtual HRESULT STDMETHODCALLTYPE GetTotalStatistics( /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading) = 0; virtual HRESULT STDMETHODCALLTYPE GetConversationStatistics( /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading) = 0; virtual HRESULT STDMETHODCALLTYPE InsertSpecialFrame( /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength) = 0; virtual HRESULT STDMETHODCALLTYPE QueryStations( /* [out][in] */ QUERYTABLE *lpQueryTable) = 0; }; #else /* C style interface */
typedef struct IDelaydCVtbl { BEGIN_INTERFACE HRESULT ( STDMETHODCALLTYPE *QueryInterface )( IDelaydC * This, /* [in] */ REFIID riid, /* [iid_is][out] */ void **ppvObject); ULONG ( STDMETHODCALLTYPE *AddRef )( IDelaydC * This); ULONG ( STDMETHODCALLTYPE *Release )( IDelaydC * This); HRESULT ( STDMETHODCALLTYPE *Connect )( IDelaydC * This, /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob); HRESULT ( STDMETHODCALLTYPE *Disconnect )( IDelaydC * This); HRESULT ( STDMETHODCALLTYPE *QueryStatus )( IDelaydC * This, /* [out] */ NETWORKSTATUS *pNetworkStatus); HRESULT ( STDMETHODCALLTYPE *Configure )( IDelaydC * This, /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob); HRESULT ( STDMETHODCALLTYPE *Start )( IDelaydC * This, /* [out] */ char *pFileName); HRESULT ( STDMETHODCALLTYPE *Pause )( IDelaydC * This); HRESULT ( STDMETHODCALLTYPE *Resume )( IDelaydC * This); HRESULT ( STDMETHODCALLTYPE *Stop )( IDelaydC * This, /* [out] */ LPSTATISTICS lpStats); HRESULT ( STDMETHODCALLTYPE *GetControlState )( IDelaydC * This, /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused); HRESULT ( STDMETHODCALLTYPE *GetTotalStatistics )( IDelaydC * This, /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading); HRESULT ( STDMETHODCALLTYPE *GetConversationStatistics )( IDelaydC * This, /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading); HRESULT ( STDMETHODCALLTYPE *InsertSpecialFrame )( IDelaydC * This, /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength); HRESULT ( STDMETHODCALLTYPE *QueryStations )( IDelaydC * This, /* [out][in] */ QUERYTABLE *lpQueryTable); END_INTERFACE } IDelaydCVtbl;
interface IDelaydC { CONST_VTBL struct IDelaydCVtbl *lpVtbl; };
#ifdef COBJMACROS
#define IDelaydC_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IDelaydC_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IDelaydC_Release(This) \
(This)->lpVtbl -> Release(This)
#define IDelaydC_Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob) \
(This)->lpVtbl -> Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob)
#define IDelaydC_Disconnect(This) \
(This)->lpVtbl -> Disconnect(This)
#define IDelaydC_QueryStatus(This,pNetworkStatus) \
(This)->lpVtbl -> QueryStatus(This,pNetworkStatus)
#define IDelaydC_Configure(This,hConfigurationBlob,hErrorBlob) \
(This)->lpVtbl -> Configure(This,hConfigurationBlob,hErrorBlob)
#define IDelaydC_Start(This,pFileName) \
(This)->lpVtbl -> Start(This,pFileName)
#define IDelaydC_Pause(This) \
(This)->lpVtbl -> Pause(This)
#define IDelaydC_Resume(This) \
(This)->lpVtbl -> Resume(This)
#define IDelaydC_Stop(This,lpStats) \
(This)->lpVtbl -> Stop(This,lpStats)
#define IDelaydC_GetControlState(This,IsRunnning,IsPaused) \
(This)->lpVtbl -> GetControlState(This,IsRunnning,IsPaused)
#define IDelaydC_GetTotalStatistics(This,lpStats,fClearAfterReading) \
(This)->lpVtbl -> GetTotalStatistics(This,lpStats,fClearAfterReading)
#define IDelaydC_GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading) \
(This)->lpVtbl -> GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading)
#define IDelaydC_InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength) \
(This)->lpVtbl -> InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength)
#define IDelaydC_QueryStations(This,lpQueryTable) \
(This)->lpVtbl -> QueryStations(This,lpQueryTable)
#endif /* COBJMACROS */
#endif /* C style interface */
HRESULT STDMETHODCALLTYPE IDelaydC_Connect_Proxy( IDelaydC * This, /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IDelaydC_Connect_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Disconnect_Proxy( IDelaydC * This);
void __RPC_STUB IDelaydC_Disconnect_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_QueryStatus_Proxy( IDelaydC * This, /* [out] */ NETWORKSTATUS *pNetworkStatus);
void __RPC_STUB IDelaydC_QueryStatus_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Configure_Proxy( IDelaydC * This, /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IDelaydC_Configure_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Start_Proxy( IDelaydC * This, /* [out] */ char *pFileName);
void __RPC_STUB IDelaydC_Start_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Pause_Proxy( IDelaydC * This);
void __RPC_STUB IDelaydC_Pause_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Resume_Proxy( IDelaydC * This);
void __RPC_STUB IDelaydC_Resume_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Stop_Proxy( IDelaydC * This, /* [out] */ LPSTATISTICS lpStats);
void __RPC_STUB IDelaydC_Stop_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_GetControlState_Proxy( IDelaydC * This, /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused);
void __RPC_STUB IDelaydC_GetControlState_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_GetTotalStatistics_Proxy( IDelaydC * This, /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IDelaydC_GetTotalStatistics_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_GetConversationStatistics_Proxy( IDelaydC * This, /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IDelaydC_GetConversationStatistics_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_InsertSpecialFrame_Proxy( IDelaydC * This, /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength);
void __RPC_STUB IDelaydC_InsertSpecialFrame_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_QueryStations_Proxy( IDelaydC * This, /* [out][in] */ QUERYTABLE *lpQueryTable);
void __RPC_STUB IDelaydC_QueryStations_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
#endif /* __IDelaydC_INTERFACE_DEFINED__ */
/* interface __MIDL_itf_netmon_0010 *//* [local] */
//****************************************************************************
//****************************************************************************
// IRTC - used by a consumer to get an interface to local entry points
// necessary to do real time capture processing. It includes a method
// for handing a callback to the NPP.
//****************************************************************************
//****************************************************************************
#define DEFAULT_RTC_BUFFER_SIZE ( 0x100000 )
extern RPC_IF_HANDLE __MIDL_itf_netmon_0010_v0_0_c_ifspec;extern RPC_IF_HANDLE __MIDL_itf_netmon_0010_v0_0_s_ifspec;
#ifndef __IRTC_INTERFACE_DEFINED__
#define __IRTC_INTERFACE_DEFINED__
/* interface IRTC *//* [local][unique][uuid][object] */
EXTERN_C const IID IID_IRTC;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("4811EA40-B582-11ce-B5AF-00AA006CB37D") IRTC : public IUnknown { public: virtual HRESULT STDMETHODCALLTYPE Connect( /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID FramesCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob) = 0; virtual HRESULT STDMETHODCALLTYPE Disconnect( void) = 0; virtual HRESULT STDMETHODCALLTYPE QueryStatus( /* [out] */ NETWORKSTATUS *pNetworkStatus) = 0; virtual HRESULT STDMETHODCALLTYPE Configure( /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob) = 0; virtual HRESULT STDMETHODCALLTYPE Start( void) = 0; virtual HRESULT STDMETHODCALLTYPE Pause( void) = 0; virtual HRESULT STDMETHODCALLTYPE Resume( void) = 0; virtual HRESULT STDMETHODCALLTYPE Stop( void) = 0; virtual HRESULT STDMETHODCALLTYPE GetControlState( /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused) = 0; virtual HRESULT STDMETHODCALLTYPE GetTotalStatistics( /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading) = 0; virtual HRESULT STDMETHODCALLTYPE GetConversationStatistics( /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading) = 0; virtual HRESULT STDMETHODCALLTYPE InsertSpecialFrame( /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength) = 0; virtual HRESULT STDMETHODCALLTYPE QueryStations( /* [out][in] */ QUERYTABLE *lpQueryTable) = 0; }; #else /* C style interface */
typedef struct IRTCVtbl { BEGIN_INTERFACE HRESULT ( STDMETHODCALLTYPE *QueryInterface )( IRTC * This, /* [in] */ REFIID riid, /* [iid_is][out] */ void **ppvObject); ULONG ( STDMETHODCALLTYPE *AddRef )( IRTC * This); ULONG ( STDMETHODCALLTYPE *Release )( IRTC * This); HRESULT ( STDMETHODCALLTYPE *Connect )( IRTC * This, /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID FramesCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob); HRESULT ( STDMETHODCALLTYPE *Disconnect )( IRTC * This); HRESULT ( STDMETHODCALLTYPE *QueryStatus )( IRTC * This, /* [out] */ NETWORKSTATUS *pNetworkStatus); HRESULT ( STDMETHODCALLTYPE *Configure )( IRTC * This, /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob); HRESULT ( STDMETHODCALLTYPE *Start )( IRTC * This); HRESULT ( STDMETHODCALLTYPE *Pause )( IRTC * This); HRESULT ( STDMETHODCALLTYPE *Resume )( IRTC * This); HRESULT ( STDMETHODCALLTYPE *Stop )( IRTC * This); HRESULT ( STDMETHODCALLTYPE *GetControlState )( IRTC * This, /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused); HRESULT ( STDMETHODCALLTYPE *GetTotalStatistics )( IRTC * This, /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading); HRESULT ( STDMETHODCALLTYPE *GetConversationStatistics )( IRTC * This, /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading); HRESULT ( STDMETHODCALLTYPE *InsertSpecialFrame )( IRTC * This, /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength); HRESULT ( STDMETHODCALLTYPE *QueryStations )( IRTC * This, /* [out][in] */ QUERYTABLE *lpQueryTable); END_INTERFACE } IRTCVtbl;
interface IRTC { CONST_VTBL struct IRTCVtbl *lpVtbl; };
#ifdef COBJMACROS
#define IRTC_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IRTC_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IRTC_Release(This) \
(This)->lpVtbl -> Release(This)
#define IRTC_Connect(This,hInputBlob,StatusCallbackProc,FramesCallbackProc,UserContext,hErrorBlob) \
(This)->lpVtbl -> Connect(This,hInputBlob,StatusCallbackProc,FramesCallbackProc,UserContext,hErrorBlob)
#define IRTC_Disconnect(This) \
(This)->lpVtbl -> Disconnect(This)
#define IRTC_QueryStatus(This,pNetworkStatus) \
(This)->lpVtbl -> QueryStatus(This,pNetworkStatus)
#define IRTC_Configure(This,hConfigurationBlob,hErrorBlob) \
(This)->lpVtbl -> Configure(This,hConfigurationBlob,hErrorBlob)
#define IRTC_Start(This) \
(This)->lpVtbl -> Start(This)
#define IRTC_Pause(This) \
(This)->lpVtbl -> Pause(This)
#define IRTC_Resume(This) \
(This)->lpVtbl -> Resume(This)
#define IRTC_Stop(This) \
(This)->lpVtbl -> Stop(This)
#define IRTC_GetControlState(This,IsRunnning,IsPaused) \
(This)->lpVtbl -> GetControlState(This,IsRunnning,IsPaused)
#define IRTC_GetTotalStatistics(This,lpStats,fClearAfterReading) \
(This)->lpVtbl -> GetTotalStatistics(This,lpStats,fClearAfterReading)
#define IRTC_GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading) \
(This)->lpVtbl -> GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading)
#define IRTC_InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength) \
(This)->lpVtbl -> InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength)
#define IRTC_QueryStations(This,lpQueryTable) \
(This)->lpVtbl -> QueryStations(This,lpQueryTable)
#endif /* COBJMACROS */
#endif /* C style interface */
HRESULT STDMETHODCALLTYPE IRTC_Connect_Proxy( IRTC * This, /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID FramesCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IRTC_Connect_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Disconnect_Proxy( IRTC * This);
void __RPC_STUB IRTC_Disconnect_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_QueryStatus_Proxy( IRTC * This, /* [out] */ NETWORKSTATUS *pNetworkStatus);
void __RPC_STUB IRTC_QueryStatus_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Configure_Proxy( IRTC * This, /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IRTC_Configure_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Start_Proxy( IRTC * This);
void __RPC_STUB IRTC_Start_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Pause_Proxy( IRTC * This);
void __RPC_STUB IRTC_Pause_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Resume_Proxy( IRTC * This);
void __RPC_STUB IRTC_Resume_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Stop_Proxy( IRTC * This);
void __RPC_STUB IRTC_Stop_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_GetControlState_Proxy( IRTC * This, /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused);
void __RPC_STUB IRTC_GetControlState_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_GetTotalStatistics_Proxy( IRTC * This, /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IRTC_GetTotalStatistics_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_GetConversationStatistics_Proxy( IRTC * This, /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IRTC_GetConversationStatistics_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_InsertSpecialFrame_Proxy( IRTC * This, /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength);
void __RPC_STUB IRTC_InsertSpecialFrame_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_QueryStations_Proxy( IRTC * This, /* [out][in] */ QUERYTABLE *lpQueryTable);
void __RPC_STUB IRTC_QueryStations_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
#endif /* __IRTC_INTERFACE_DEFINED__ */
/* interface __MIDL_itf_netmon_0012 *//* [local] */
//****************************************************************************
//****************************************************************************
// IStats - used by a consumer to get just statistics, no frames.
//****************************************************************************
//****************************************************************************
extern RPC_IF_HANDLE __MIDL_itf_netmon_0012_v0_0_c_ifspec;extern RPC_IF_HANDLE __MIDL_itf_netmon_0012_v0_0_s_ifspec;
#ifndef __IStats_INTERFACE_DEFINED__
#define __IStats_INTERFACE_DEFINED__
/* interface IStats *//* [local][unique][uuid][object] */
EXTERN_C const IID IID_IStats;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("944AD530-B09D-11ce-B59C-00AA006CB37D") IStats : public IUnknown { public: virtual HRESULT STDMETHODCALLTYPE Connect( /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob) = 0; virtual HRESULT STDMETHODCALLTYPE Disconnect( void) = 0; virtual HRESULT STDMETHODCALLTYPE QueryStatus( /* [out] */ NETWORKSTATUS *pNetworkStatus) = 0; virtual HRESULT STDMETHODCALLTYPE Configure( /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob) = 0; virtual HRESULT STDMETHODCALLTYPE Start( void) = 0; virtual HRESULT STDMETHODCALLTYPE Pause( void) = 0; virtual HRESULT STDMETHODCALLTYPE Resume( void) = 0; virtual HRESULT STDMETHODCALLTYPE Stop( void) = 0; virtual HRESULT STDMETHODCALLTYPE GetControlState( /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused) = 0; virtual HRESULT STDMETHODCALLTYPE GetTotalStatistics( /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading) = 0; virtual HRESULT STDMETHODCALLTYPE GetConversationStatistics( /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading) = 0; virtual HRESULT STDMETHODCALLTYPE InsertSpecialFrame( /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength) = 0; virtual HRESULT STDMETHODCALLTYPE QueryStations( /* [out][in] */ QUERYTABLE *lpQueryTable) = 0; }; #else /* C style interface */
typedef struct IStatsVtbl { BEGIN_INTERFACE HRESULT ( STDMETHODCALLTYPE *QueryInterface )( IStats * This, /* [in] */ REFIID riid, /* [iid_is][out] */ void **ppvObject); ULONG ( STDMETHODCALLTYPE *AddRef )( IStats * This); ULONG ( STDMETHODCALLTYPE *Release )( IStats * This); HRESULT ( STDMETHODCALLTYPE *Connect )( IStats * This, /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob); HRESULT ( STDMETHODCALLTYPE *Disconnect )( IStats * This); HRESULT ( STDMETHODCALLTYPE *QueryStatus )( IStats * This, /* [out] */ NETWORKSTATUS *pNetworkStatus); HRESULT ( STDMETHODCALLTYPE *Configure )( IStats * This, /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob); HRESULT ( STDMETHODCALLTYPE *Start )( IStats * This); HRESULT ( STDMETHODCALLTYPE *Pause )( IStats * This); HRESULT ( STDMETHODCALLTYPE *Resume )( IStats * This); HRESULT ( STDMETHODCALLTYPE *Stop )( IStats * This); HRESULT ( STDMETHODCALLTYPE *GetControlState )( IStats * This, /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused); HRESULT ( STDMETHODCALLTYPE *GetTotalStatistics )( IStats * This, /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading); HRESULT ( STDMETHODCALLTYPE *GetConversationStatistics )( IStats * This, /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading); HRESULT ( STDMETHODCALLTYPE *InsertSpecialFrame )( IStats * This, /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength); HRESULT ( STDMETHODCALLTYPE *QueryStations )( IStats * This, /* [out][in] */ QUERYTABLE *lpQueryTable); END_INTERFACE } IStatsVtbl;
interface IStats { CONST_VTBL struct IStatsVtbl *lpVtbl; };
#ifdef COBJMACROS
#define IStats_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IStats_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IStats_Release(This) \
(This)->lpVtbl -> Release(This)
#define IStats_Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob) \
(This)->lpVtbl -> Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob)
#define IStats_Disconnect(This) \
(This)->lpVtbl -> Disconnect(This)
#define IStats_QueryStatus(This,pNetworkStatus) \
(This)->lpVtbl -> QueryStatus(This,pNetworkStatus)
#define IStats_Configure(This,hConfigurationBlob,hErrorBlob) \
(This)->lpVtbl -> Configure(This,hConfigurationBlob,hErrorBlob)
#define IStats_Start(This) \
(This)->lpVtbl -> Start(This)
#define IStats_Pause(This) \
(This)->lpVtbl -> Pause(This)
#define IStats_Resume(This) \
(This)->lpVtbl -> Resume(This)
#define IStats_Stop(This) \
(This)->lpVtbl -> Stop(This)
#define IStats_GetControlState(This,IsRunnning,IsPaused) \
(This)->lpVtbl -> GetControlState(This,IsRunnning,IsPaused)
#define IStats_GetTotalStatistics(This,lpStats,fClearAfterReading) \
(This)->lpVtbl -> GetTotalStatistics(This,lpStats,fClearAfterReading)
#define IStats_GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading) \
(This)->lpVtbl -> GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading)
#define IStats_InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength) \
(This)->lpVtbl -> InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength)
#define IStats_QueryStations(This,lpQueryTable) \
(This)->lpVtbl -> QueryStations(This,lpQueryTable)
#endif /* COBJMACROS */
#endif /* C style interface */
HRESULT STDMETHODCALLTYPE IStats_Connect_Proxy( IStats * This, /* [in] */ HBLOB hInputBlob, /* [in] */ LPVOID StatusCallbackProc, /* [in] */ LPVOID UserContext, /* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IStats_Connect_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Disconnect_Proxy( IStats * This);
void __RPC_STUB IStats_Disconnect_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_QueryStatus_Proxy( IStats * This, /* [out] */ NETWORKSTATUS *pNetworkStatus);
void __RPC_STUB IStats_QueryStatus_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Configure_Proxy( IStats * This, /* [in] */ HBLOB hConfigurationBlob, /* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IStats_Configure_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Start_Proxy( IStats * This);
void __RPC_STUB IStats_Start_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Pause_Proxy( IStats * This);
void __RPC_STUB IStats_Pause_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Resume_Proxy( IStats * This);
void __RPC_STUB IStats_Resume_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Stop_Proxy( IStats * This);
void __RPC_STUB IStats_Stop_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_GetControlState_Proxy( IStats * This, /* [out] */ BOOL *IsRunnning, /* [out] */ BOOL *IsPaused);
void __RPC_STUB IStats_GetControlState_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_GetTotalStatistics_Proxy( IStats * This, /* [out] */ LPSTATISTICS lpStats, /* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IStats_GetTotalStatistics_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_GetConversationStatistics_Proxy( IStats * This, /* [out] */ DWORD *nSessions, /* [size_is][out] */ LPSESSIONSTATS lpSessionStats, /* [out] */ DWORD *nStations, /* [size_is][out] */ LPSTATIONSTATS lpStationStats, /* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IStats_GetConversationStatistics_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_InsertSpecialFrame_Proxy( IStats * This, /* [in] */ DWORD FrameType, /* [in] */ DWORD Flags, /* [in] */ BYTE *pUserData, /* [in] */ DWORD UserDataLength);
void __RPC_STUB IStats_InsertSpecialFrame_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_QueryStations_Proxy( IStats * This, /* [out][in] */ QUERYTABLE *lpQueryTable);
void __RPC_STUB IStats_QueryStations_Stub( IRpcStubBuffer *This, IRpcChannelBuffer *_pRpcChannelBuffer, PRPC_MESSAGE _pRpcMessage, DWORD *_pdwStubPhase);
#endif /* __IStats_INTERFACE_DEFINED__ */
/* interface __MIDL_itf_netmon_0014 *//* [local] */
#pragma warning(default:4200)
#pragma pack()
extern RPC_IF_HANDLE __MIDL_itf_netmon_0014_v0_0_c_ifspec;extern RPC_IF_HANDLE __MIDL_itf_netmon_0014_v0_0_s_ifspec;
/* Additional Prototypes for ALL interfaces */
/* end of Additional Prototypes */
#ifdef __cplusplus
}#endif
#endif
|
