Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

6226 lines
204 KiB

/* this ALWAYS GENERATED file contains the definitions for the interfaces */
/* File created by MIDL compiler version 6.00.0361 */
/* Compiler settings for netmon.idl:
Oicf, W1, Zp8, env=Win32 (32b run)
protocol : dce , ms_ext, c_ext, robust
error checks: allocation ref bounds_check enum stub_data
VC __declspec() decoration level:
__declspec(uuid()), __declspec(selectany), __declspec(novtable)
DECLSPEC_UUID(), MIDL_INTERFACE()
*/
//@@MIDL_FILE_HEADING( )
#pragma warning( disable: 4049 ) /* more than 64k source lines */
/* verify that the <rpcndr.h> version is high enough to compile this file*/
#ifndef __REQUIRED_RPCNDR_H_VERSION__
#define __REQUIRED_RPCNDR_H_VERSION__ 475
#endif
#include "rpc.h"
#include "rpcndr.h"
#ifndef __RPCNDR_H_VERSION__
#error this stub requires an updated version of <rpcndr.h>
#endif // __RPCNDR_H_VERSION__
#ifndef COM_NO_WINDOWS_H
#include "windows.h"
#include "ole2.h"
#endif /*COM_NO_WINDOWS_H*/
#ifndef __netmon_h__
#define __netmon_h__
#if defined(_MSC_VER) && (_MSC_VER >= 1020)
#pragma once
#endif
/* Forward Declarations */
#ifndef __IDelaydC_FWD_DEFINED__
#define __IDelaydC_FWD_DEFINED__
typedef interface IDelaydC IDelaydC;
#endif /* __IDelaydC_FWD_DEFINED__ */
#ifndef __IRTC_FWD_DEFINED__
#define __IRTC_FWD_DEFINED__
typedef interface IRTC IRTC;
#endif /* __IRTC_FWD_DEFINED__ */
#ifndef __IStats_FWD_DEFINED__
#define __IStats_FWD_DEFINED__
typedef interface IStats IStats;
#endif /* __IStats_FWD_DEFINED__ */
/* header files for imported files */
#include "unknwn.h"
#ifdef __cplusplus
extern "C"{
#endif
void * __RPC_USER MIDL_user_allocate(size_t);
void __RPC_USER MIDL_user_free( void * );
/* interface __MIDL_itf_netmon_0000 */
/* [local] */
//=============================================================================
// Microsoft (R) Network Monitor (tm).
// Copyright (C) Microsoft Corporation. All rights reserved.
//
// MODULE: netmon.h
//
// This is the consolidated include file for all Network Monitor components.
//
// It contains the contents of these files from previous SDKs:
//
// NPPTypes.h
// Finder.h
// NMSupp.h
// BHTypes.h
// NMErr.h
// BHFilter.h
// Frame.h
// Parser.h
// IniLib.h
// NMExpert.h (previously Expert.h)
// Netmon.h (previously bh.h)
// NMBlob.h (previously blob.h)
// NMRegHelp.h (previously reghelp.h)
// NMIpStructs.h (previously IpStructs.h)
// NMIcmpStructs.h (previously IcmpStructs.h)
// NMIpxStructs.h (previously IpxStructs.h)
// NMTcpStructs.h (previously TcpStructs.h)
//
// IDelaydC.idl
// IRTC.idl
// IStats.idl
//
//=============================================================================
#include <winerror.h>
#include <winerror.h>
#pragma pack(1)
// For backward compatability with old SDK versions, all structures within this header
// file will be byte packed on x86 platforms. All other platforms will only have those
// structures that will be used to decode network data packed.
#ifdef _X86_
#pragma pack(1)
#else
#pragma pack()
#endif
// yes we know that many of our structures have:
// warning C4200: nonstandard extension used : zero-sized array in struct/union
// this is OK and intended
#pragma warning(disable:4200)
//=============================================================================
//=============================================================================
// (NPPTypes.h)
//=============================================================================
//=============================================================================
typedef BYTE *LPBYTE;
typedef const void *HBLOB;
//=============================================================================
// General constants.
//=============================================================================
#define MAC_TYPE_UNKNOWN ( 0 )
#define MAC_TYPE_ETHERNET ( 1 )
#define MAC_TYPE_TOKENRING ( 2 )
#define MAC_TYPE_FDDI ( 3 )
#define MAC_TYPE_ATM ( 4 )
#define MAC_TYPE_1394 ( 5 )
#define MACHINE_NAME_LENGTH ( 16 )
#define USER_NAME_LENGTH ( 32 )
#define ADAPTER_COMMENT_LENGTH ( 32 )
#define CONNECTION_FLAGS_WANT_CONVERSATION_STATS ( 0x1 )
//=============================================================================
// Transmit statistics structure.
//=============================================================================
typedef struct _TRANSMITSTATS
{
DWORD TotalFramesSent;
DWORD TotalBytesSent;
DWORD TotalTransmitErrors;
} TRANSMITSTATS;
typedef TRANSMITSTATS *LPTRANSMITSTATS;
#define TRANSMITSTATS_SIZE ( sizeof( TRANSMITSTATS ) )
//=============================================================================
// Statistics structure.
//=============================================================================
typedef struct _STATISTICS
{
__int64 TimeElapsed;
DWORD TotalFramesCaptured;
DWORD TotalBytesCaptured;
DWORD TotalFramesFiltered;
DWORD TotalBytesFiltered;
DWORD TotalMulticastsFiltered;
DWORD TotalBroadcastsFiltered;
DWORD TotalFramesSeen;
DWORD TotalBytesSeen;
DWORD TotalMulticastsReceived;
DWORD TotalBroadcastsReceived;
DWORD TotalFramesDropped;
DWORD TotalFramesDroppedFromBuffer;
DWORD MacFramesReceived;
DWORD MacCRCErrors;
__int64 MacBytesReceivedEx;
DWORD MacFramesDropped_NoBuffers;
DWORD MacMulticastsReceived;
DWORD MacBroadcastsReceived;
DWORD MacFramesDropped_HwError;
} STATISTICS;
typedef STATISTICS *LPSTATISTICS;
#define STATISTICS_SIZE ( sizeof( STATISTICS ) )
//=============================================================================
// Address structures
//=============================================================================
// These structures are used to decode network data and so need to be packed
#pragma pack(push, 1)
#define MAX_NAME_SIZE ( 32 )
#define IP_ADDRESS_SIZE ( 4 )
#define MAC_ADDRESS_SIZE ( 6 )
#define IP6_ADDRESS_SIZE ( 16 )
// Q: What is the maximum address size that we could have to copy?
// A: IP6
#define MAX_ADDRESS_SIZE ( 16 )
#define ADDRESS_TYPE_ETHERNET ( 0 )
#define ADDRESS_TYPE_IP ( 1 )
#define ADDRESS_TYPE_IPX ( 2 )
#define ADDRESS_TYPE_TOKENRING ( 3 )
#define ADDRESS_TYPE_FDDI ( 4 )
#define ADDRESS_TYPE_XNS ( 5 )
#define ADDRESS_TYPE_ANY ( 6 )
#define ADDRESS_TYPE_ANY_GROUP ( 7 )
#define ADDRESS_TYPE_FIND_HIGHEST ( 8 )
#define ADDRESS_TYPE_VINES_IP ( 9 )
#define ADDRESS_TYPE_LOCAL_ONLY ( 10 )
#define ADDRESS_TYPE_ATM ( 11 )
#define ADDRESS_TYPE_1394 ( 12 )
#define ADDRESS_TYPE_IP6 ( 13 )
#define ADDRESSTYPE_FLAGS_NORMALIZE ( 0x1 )
#define ADDRESSTYPE_FLAGS_BIT_REVERSE ( 0x2 )
// Vines IP Address Structure
typedef struct _VINES_IP_ADDRESS
{
DWORD NetID;
WORD SubnetID;
} VINES_IP_ADDRESS;
typedef VINES_IP_ADDRESS *LPVINES_IP_ADDRESS;
#define VINES_IP_ADDRESS_SIZE ( sizeof( VINES_IP_ADDRESS ) )
// IPX Address Structure
typedef struct _IPX_ADDR
{
BYTE Subnet[ 4 ];
BYTE Address[ 6 ];
} IPX_ADDR;
typedef IPX_ADDR *LPIPX_ADDR;
#define IPX_ADDR_SIZE ( sizeof( IPX_ADDR ) )
// XNS Address Structure
typedef IPX_ADDR XNS_ADDRESS;
typedef IPX_ADDR *LPXNS_ADDRESS;
// ETHERNET SOURCE ADDRESS
typedef struct _ETHERNET_SRC_ADDRESS
{
BYTE RoutingBit: 1;
BYTE LocalBit: 1;
BYTE Byte0: 6;
BYTE Reserved[5];
} ETHERNET_SRC_ADDRESS;
typedef ETHERNET_SRC_ADDRESS *LPETHERNET_SRC_ADDRESS;
// ETHERNET DESTINATION ADDRESS
typedef struct _ETHERNET_DST_ADDRESS
{
BYTE GroupBit: 1;
BYTE AdminBit: 1;
BYTE Byte0: 6;
BYTE Reserved[5];
} ETHERNET_DST_ADDRESS;
typedef ETHERNET_DST_ADDRESS *LPETHERNET_DST_ADDRESS;
// FDDI addresses
typedef ETHERNET_SRC_ADDRESS FDDI_SRC_ADDRESS;
typedef ETHERNET_DST_ADDRESS FDDI_DST_ADDRESS;
typedef FDDI_SRC_ADDRESS *LPFDDI_SRC_ADDRESS;
typedef FDDI_DST_ADDRESS *LPFDDI_DST_ADDRESS;
// TOKENRING Source Address
typedef struct _TOKENRING_SRC_ADDRESS
{
BYTE Byte0: 6;
BYTE LocalBit: 1;
BYTE RoutingBit: 1;
BYTE Byte1;
BYTE Byte2: 7;
BYTE Functional: 1;
BYTE Reserved[3];
} TOKENRING_SRC_ADDRESS;
typedef TOKENRING_SRC_ADDRESS *LPTOKENRING_SRC_ADDRESS;
// TOKENRING Destination Address
typedef struct _TOKENRING_DST_ADDRESS
{
BYTE Byte0: 6;
BYTE AdminBit: 1;
BYTE GroupBit: 1;
BYTE Reserved[5];
} TOKENRING_DST_ADDRESS;
typedef TOKENRING_DST_ADDRESS *LPTOKENRING_DST_ADDRESS;
// Address Structure
typedef struct _ADDRESS2
{
DWORD Type;
union
{
// ADDRESS_TYPE_ETHERNET
// ADDRESS_TYPE_TOKENRING
// ADDRESS_TYPE_FDDI
BYTE MACAddress[MAC_ADDRESS_SIZE];
// IP
BYTE IPAddress[IP_ADDRESS_SIZE];
// IP6
BYTE IP6Address[IP6_ADDRESS_SIZE];
// raw IPX
BYTE IPXRawAddress[IPX_ADDR_SIZE];
// real IPX
IPX_ADDR IPXAddress;
// raw Vines IP
BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];
// real Vines IP
VINES_IP_ADDRESS VinesIPAddress;
// ethernet with bits defined
ETHERNET_SRC_ADDRESS EthernetSrcAddress;
// ethernet with bits defined
ETHERNET_DST_ADDRESS EthernetDstAddress;
// tokenring with bits defined
TOKENRING_SRC_ADDRESS TokenringSrcAddress;
// tokenring with bits defined
TOKENRING_DST_ADDRESS TokenringDstAddress;
// fddi with bits defined
FDDI_SRC_ADDRESS FddiSrcAddress;
// fddi with bits defined
FDDI_DST_ADDRESS FddiDstAddress;
};
WORD Flags;
} ADDRESS2;
typedef ADDRESS2 *LPADDRESS2;
#define ADDRESS2_SIZE sizeof(ADDRESS2)
#pragma pack(pop)
//=============================================================================
// Address Pair Structure
//=============================================================================
#define ADDRESS_FLAGS_MATCH_DST ( 0x1 )
#define ADDRESS_FLAGS_MATCH_SRC ( 0x2 )
#define ADDRESS_FLAGS_EXCLUDE ( 0x4 )
#define ADDRESS_FLAGS_DST_GROUP_ADDR ( 0x8 )
#define ADDRESS_FLAGS_MATCH_BOTH ( 0x3 )
typedef struct _ADDRESSPAIR2
{
WORD AddressFlags;
WORD NalReserved;
ADDRESS2 DstAddress;
ADDRESS2 SrcAddress;
} ADDRESSPAIR2;
typedef ADDRESSPAIR2 *LPADDRESSPAIR2;
#define ADDRESSPAIR2_SIZE sizeof(ADDRESSPAIR2)
//=============================================================================
// Address table.
//=============================================================================
#define MAX_ADDRESS_PAIRS ( 8 )
typedef struct _ADDRESSTABLE2
{
DWORD nAddressPairs;
DWORD nNonMacAddressPairs;
ADDRESSPAIR2 AddressPair[MAX_ADDRESS_PAIRS];
} ADDRESSTABLE2;
typedef ADDRESSTABLE2 *LPADDRESSTABLE2;
#define ADDRESSTABLE2_SIZE sizeof(ADDRESSTABLE2)
//=============================================================================
// Network information.
//=============================================================================
#define NETWORKINFO_FLAGS_PMODE_NOT_SUPPORTED ( 0x1 )
#define NETWORKINFO_FLAGS_REMOTE_NAL ( 0x4 )
#define NETWORKINFO_FLAGS_REMOTE_NAL_CONNECTED ( 0x8 )
#define NETWORKINFO_FLAGS_REMOTE_CARD ( 0x10 )
#define NETWORKINFO_FLAGS_RAS ( 0x20 )
#define NETWORKINFO_RESERVED_FIELD_SIZE (FIELD_OFFSET(ADDRESS2,IPXAddress) + sizeof(IPX_ADDR))
typedef struct _NETWORKINFO
{
BYTE PermanentAddr[6]; //... Permanent MAC address
BYTE CurrentAddr[6]; //... Current MAC address
BYTE Reserved[NETWORKINFO_RESERVED_FIELD_SIZE];
DWORD LinkSpeed; //... Link speed in Mbits.
DWORD MacType; //... Media type.
DWORD MaxFrameSize; //... Max frame size allowed.
DWORD Flags; //... Informational flags.
DWORD TimestampScaleFactor; //... 1 = 1/1 ms, 10 = 1/10 ms, 100 = 1/100 ms, etc.
BYTE NodeName[32]; //... Name of remote workstation.
BOOL PModeSupported; //... Card claims to support P-Mode
BYTE Comment[ADAPTER_COMMENT_LENGTH]; // Adapter comment field.
} NETWORKINFO;
typedef NETWORKINFO *LPNETWORKINFO;
#define NETWORKINFO_SIZE sizeof(NETWORKINFO)
#define MINIMUM_FRAME_SIZE ( 32 )
//=============================================================================
// Pattern structure.
//=============================================================================
#define MAX_PATTERN_LENGTH ( 16 )
// When set this flag will cause those frames which do NOT have the specified pattern
// in the proper stop to be kept.
#define PATTERN_MATCH_FLAGS_NOT ( 0x1 )
#define PATTERN_MATCH_FLAGS_RESERVED_1 ( 0x2 )
// When set this flag indicates that the user is not interested in a pattern match within
// IP or IPX, but in the protocol that follows. The driver will ensure that the protocol
// given in OffsetBasis is there and then that the port in the fram matches the port given.
// It will then calculate the offset from the beginning of the protocol that follows IP or IPX.
// NOTE: This flag is ignored if it is used with any OffsetBasis other than
// OFFSET_BASIS_RELATIVE_TO_IPX or OFFSET_BASIS_RELATIVE_TO_IP
#define PATTERN_MATCH_FLAGS_PORT_SPECIFIED ( 0x8 )
// The offset given is relative to the beginning of the frame. The
// PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.
#define OFFSET_BASIS_RELATIVE_TO_FRAME ( 0 )
// The offset given is relative to the beginning of the Effective Protocol.
// The Effective Protocol is defined as the protocol that follows
// the last protocol that determines Etype/SAP. In normal terms this means
// that the Effective Protocol will be IP, IPX, XNS, or any of their ilk.
// The PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.
#define OFFSET_BASIS_RELATIVE_TO_EFFECTIVE_PROTOCOL ( 1 )
// The offset given is relative to the beginning of IPX. If IPX is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IPX.
#define OFFSET_BASIS_RELATIVE_TO_IPX ( 2 )
// The offset given is relative to the beginning of IP. If IP is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IP.
#define OFFSET_BASIS_RELATIVE_TO_IP ( 3 )
// The offset given is relative to the beginning of IP6. If IP6 is not present
// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED
// flag is set then the offset is relative to the beginning of the protocol
// which follows IP6.
#define OFFSET_BASIS_RELATIVE_TO_IP6 ( 4 )
typedef /* [public][public][public][public][public][public][public][public][public] */ union __MIDL___MIDL_itf_netmon_0000_0001
{
BYTE NextHeader;
BYTE IPPort;
WORD ByteSwappedIPXPort;
} GENERIC_PORT;
typedef struct _PATTERNMATCH
{
DWORD Flags;
BYTE OffsetBasis;
GENERIC_PORT Port;
WORD Offset;
WORD Length;
BYTE PatternToMatch[ 16 ];
} PATTERNMATCH;
typedef PATTERNMATCH *LPPATTERNMATCH;
#define PATTERNMATCH_SIZE ( sizeof( PATTERNMATCH ) )
//=============================================================================
// Expression structure.
//=============================================================================
#define MAX_PATTERNS ( 4 )
typedef struct _ANDEXP
{
DWORD nPatternMatches;
PATTERNMATCH PatternMatch[ 4 ];
} ANDEXP;
typedef ANDEXP *LPANDEXP;
#define ANDEXP_SIZE ( sizeof( ANDEXP ) )
typedef struct _EXPRESSION
{
DWORD nAndExps;
ANDEXP AndExp[ 4 ];
} EXPRESSION;
typedef EXPRESSION *LPEXPRESSION;
#define EXPRESSION_SIZE ( sizeof( EXPRESSION ) )
//=============================================================================
// Trigger.
//=============================================================================
#define TRIGGER_TYPE_PATTERN_MATCH ( 1 )
#define TRIGGER_TYPE_BUFFER_CONTENT ( 2 )
#define TRIGGER_TYPE_PATTERN_MATCH_THEN_BUFFER_CONTENT ( 3 )
#define TRIGGER_TYPE_BUFFER_CONTENT_THEN_PATTERN_MATCH ( 4 )
#define TRIGGER_FLAGS_FRAME_RELATIVE ( 0 )
#define TRIGGER_FLAGS_DATA_RELATIVE ( 0x1 )
#define TRIGGER_ACTION_NOTIFY ( 0 )
#define TRIGGER_ACTION_STOP ( 0x2 )
#define TRIGGER_ACTION_PAUSE ( 0x3 )
#define TRIGGER_BUFFER_FULL_25_PERCENT ( 0 )
#define TRIGGER_BUFFER_FULL_50_PERCENT ( 1 )
#define TRIGGER_BUFFER_FULL_75_PERCENT ( 2 )
#define TRIGGER_BUFFER_FULL_100_PERCENT ( 3 )
typedef struct _TRIGGER
{
BOOL TriggerActive;
BYTE TriggerType;
BYTE TriggerAction;
DWORD TriggerFlags;
PATTERNMATCH TriggerPatternMatch;
DWORD TriggerBufferSize;
DWORD TriggerReserved;
char TriggerCommandLine[ 260 ];
} TRIGGER;
typedef TRIGGER *LPTRIGGER;
#define TRIGGER_SIZE ( sizeof( TRIGGER ) )
//=============================================================================
// Capture filter.
//=============================================================================
// Capture filter flags. By default all frames are rejected and
// Network Monitor enables them based on the CAPTUREFILTER flags
// defined below.
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS ( 0x1 )
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES ( 0x2 )
#define CAPTUREFILTER_FLAGS_TRIGGER ( 0x4 )
#define CAPTUREFILTER_FLAGS_LOCAL_ONLY ( 0x8 )
// throw away our internal comment frames
#define CAPTUREFILTER_FLAGS_DISCARD_COMMENTS ( 0x10 )
// Keep SMT and Token Ring MAC frames
#define CAPTUREFILTER_FLAGS_KEEP_RAW ( 0x20 )
#define CAPTUREFILTER_FLAGS_INCLUDE_ALL ( 0x3 )
#define BUFFER_FULL_25_PERCENT ( 0 )
#define BUFFER_FULL_50_PERCENT ( 1 )
#define BUFFER_FULL_75_PERCENT ( 2 )
#define BUFFER_FULL_100_PERCENT ( 3 )
typedef struct _CAPTUREFILTER
{
DWORD FilterFlags;
LPBYTE lpSapTable;
LPWORD lpEtypeTable;
WORD nSaps;
WORD nEtypes;
LPADDRESSTABLE2 AddressTable;
EXPRESSION FilterExpression;
TRIGGER Trigger;
DWORD nFrameBytesToCopy;
DWORD Reserved;
} CAPTUREFILTER;
typedef CAPTUREFILTER *LPCAPTUREFILTER;
#define CAPTUREFILTER_SIZE sizeof(CAPTUREFILTER)
//=============================================================================
// Frame type.
//=============================================================================
// TimeStamp is in 1/1,000,000th seconds.
typedef struct _FRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
/* [size_is] */ BYTE MacFrame[ 1 ];
} FRAME;
typedef FRAME *LPFRAME;
typedef FRAME UNALIGNED *ULPFRAME;
#define FRAME_SIZE ( sizeof( FRAME ) )
//=============================================================================
// Frame descriptor type.
//=============================================================================
#define LOW_PROTOCOL_IPX ( OFFSET_BASIS_RELATIVE_TO_IPX )
#define LOW_PROTOCOL_IP ( OFFSET_BASIS_RELATIVE_TO_IP )
#define LOW_PROTOCOL_IP6 ( OFFSET_BASIS_RELATIVE_TO_IP6 )
#define LOW_PROTOCOL_UNKNOWN ( ( BYTE )-1 )
typedef struct _FRAME_DESCRIPTOR
{
/* [size_is] */ LPBYTE FramePointer;
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
WORD Etype;
BYTE Sap;
BYTE LowProtocol;
WORD LowProtocolOffset;
/* [switch_is] */ /* [switch_type] */ union
{
/* [default] */ WORD Reserved;
/* [case()] */ BYTE IPPort;
/* [case()] */ WORD ByteSwappedIPXPort;
} HighPort;
WORD HighProtocolOffset;
} FRAME_DESCRIPTOR;
typedef FRAME_DESCRIPTOR *LPFRAME_DESCRIPTOR;
#define FRAME_DESCRIPTOR_SIZE ( sizeof( FRAME_DESCRIPTOR ) )
//=============================================================================
// Frame descriptor table.
//=============================================================================
typedef struct _FRAMETABLE
{
DWORD FrameTableLength;
DWORD StartIndex;
DWORD EndIndex;
DWORD FrameCount;
/* [size_is] */ FRAME_DESCRIPTOR Frames[ 1 ];
} FRAMETABLE;
typedef FRAMETABLE *LPFRAMETABLE;
//=============================================================================
// Station statistics.
//=============================================================================
#define STATIONSTATS_FLAGS_INITIALIZED ( 0x1 )
#define STATIONSTATS_FLAGS_EVENTPOSTED ( 0x2 )
#define STATIONSTATS_POOL_SIZE ( 100 )
typedef struct _STATIONSTATS
{
DWORD NextStationStats;
DWORD SessionPartnerList;
DWORD Flags;
BYTE StationAddress[ 6 ];
WORD Pad;
DWORD TotalPacketsReceived;
DWORD TotalDirectedPacketsSent;
DWORD TotalBroadcastPacketsSent;
DWORD TotalMulticastPacketsSent;
DWORD TotalBytesReceived;
DWORD TotalBytesSent;
} STATIONSTATS;
typedef STATIONSTATS *LPSTATIONSTATS;
#define STATIONSTATS_SIZE ( sizeof( STATIONSTATS ) )
//=============================================================================
// Session statistics.
//=============================================================================
#define SESSION_FLAGS_INITIALIZED ( 0x1 )
#define SESSION_FLAGS_EVENTPOSTED ( 0x2 )
#define SESSION_POOL_SIZE ( 100 )
typedef struct _SESSIONSTATS
{
DWORD NextSession;
DWORD StationOwner;
DWORD StationPartner;
DWORD Flags;
DWORD TotalPacketsSent;
} SESSIONSTATS;
typedef SESSIONSTATS *LPSESSIONSTATS;
#define SESSIONSTATS_SIZE ( sizeof( SESSIONSTATS ) )
//=============================================================================
// Station Query
//=============================================================================
// These structures are obsolete and should not be used
// They are included so that our interfaces need not change
#pragma pack(push, 1)
typedef struct _STATIONQUERY
{
DWORD Flags;
BYTE BCDVerMinor;
BYTE BCDVerMajor;
DWORD LicenseNumber;
BYTE MachineName[ 16 ];
BYTE UserName[ 32 ];
BYTE Reserved[ 32 ];
BYTE AdapterAddress[ 6 ];
WCHAR WMachineName[ 16 ];
WCHAR WUserName[ 32 ];
} STATIONQUERY;
typedef STATIONQUERY *LPSTATIONQUERY;
#define STATIONQUERY_SIZE ( sizeof( STATIONQUERY ) )
#pragma pack(pop)
//=============================================================================
// structure.
//=============================================================================
typedef struct _QUERYTABLE
{
DWORD nStationQueries;
/* [size_is] */ STATIONQUERY StationQuery[ 1 ];
} QUERYTABLE;
typedef QUERYTABLE *LPQUERYTABLE;
#define QUERYTABLE_SIZE ( sizeof( QUERYTABLE ) )
//=============================================================================
// The LINK structure is used to chain structures together into a list.
//=============================================================================
typedef struct _LINK *LPLINK;
typedef struct _LINK
{
LPLINK PrevLink;
LPLINK NextLink;
} LINK;
//=============================================================================
// Security Response packet
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
#define MAX_SECURITY_BREACH_REASON_SIZE ( 100 )
#define MAX_SIGNATURE_LENGTH ( 128 )
#define MAX_USER_NAME_LENGTH ( 256 )
typedef struct _SECURITY_PERMISSION_RESPONSE
{
UINT Version;
DWORD RandomNumber;
BYTE MachineName[ 16 ];
BYTE Address[ 6 ];
BYTE UserName[ 256 ];
BYTE Reason[ 100 ];
DWORD SignatureLength;
BYTE Signature[ 128 ];
} SECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE *LPSECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE UNALIGNED * ULPSECURITY_PERMISSION_RESPONSE;
#define SECURITY_PERMISSION_RESPONSE_SIZE ( sizeof( SECURITY_PERMISSION_RESPONSE ) )
#pragma pack(pop)
//=============================================================================
// Callback type
//=============================================================================
// generic events
#define UPDATE_EVENT_TERMINATE_THREAD ( 0 )
#define UPDATE_EVENT_NETWORK_STATUS ( 0x1 )
// rtc events
#define UPDATE_EVENT_RTC_INTERVAL_ELAPSED ( 0x2 )
#define UPDATE_EVENT_RTC_FRAME_TABLE_FULL ( 0x3 )
#define UPDATE_EVENT_RTC_BUFFER_FULL ( 0x4 )
// delayed events
#define UPDATE_EVENT_TRIGGER_BUFFER_CONTENT ( 0x5 )
#define UPDATE_EVENT_TRIGGER_PATTERN_MATCH ( 0x6 )
#define UPDATE_EVENT_TRIGGER_BUFFER_PATTERN ( 0x7 )
#define UPDATE_EVENT_TRIGGER_PATTERN_BUFFER ( 0x8 )
// transmit events
#define UPDATE_EVENT_TRANSMIT_STATUS ( 0x9 )
// Security events
#define UPDATE_EVENT_SECURITY_BREACH ( 0xa )
// Remote failure event
#define UPDATE_EVENT_REMOTE_FAILURE ( 0xb )
// actions
#define UPDATE_ACTION_TERMINATE_THREAD ( 0 )
#define UPDATE_ACTION_NOTIFY ( 0x1 )
#define UPDATE_ACTION_STOP_CAPTURE ( 0x2 )
#define UPDATE_ACTION_PAUSE_CAPTURE ( 0x3 )
#define UPDATE_ACTION_RTC_BUFFER_SWITCH ( 0x4 )
typedef struct _UPDATE_EVENT
{
USHORT Event;
DWORD Action;
DWORD Status;
DWORD Value;
__int64 TimeStamp;
DWORD_PTR lpUserContext;
DWORD_PTR lpReserved;
UINT FramesDropped;
/* [switch_is] */ /* [switch_type] */ union
{
/* [default] */ DWORD Reserved;
/* [case()] */ LPFRAMETABLE lpFrameTable;
/* [case()] */ DWORD_PTR lpPacketQueue;
/* [case()] */ SECURITY_PERMISSION_RESPONSE SecurityResponse;
} ;
LPSTATISTICS lpFinalStats;
} UPDATE_EVENT;
typedef UPDATE_EVENT *PUPDATE_EVENT;
// note for c++ users:
// the declaration for this callback should be in the public part of the header file:
// static WINAPI DWORD NetworkCallback( UPDATE_EVENT events);
// and the implementation should be, in the protected section of the cpp file:
// DWORD WINAPI ClassName::NetworkCallback( UPDATE_EVENT events) {};
//typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);
typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);
//=============================================================================
// NETWORKSTATUS data structure.
//=============================================================================
typedef struct _NETWORKSTATUS
{
DWORD State;
DWORD Flags;
} NETWORKSTATUS;
typedef NETWORKSTATUS *LPNETWORKSTATUS;
#define NETWORKSTATUS_SIZE ( sizeof( NETWORKSTATUS ) )
#define NETWORKSTATUS_STATE_VOID ( 0 )
#define NETWORKSTATUS_STATE_INIT ( 1 )
#define NETWORKSTATUS_STATE_CAPTURING ( 2 )
#define NETWORKSTATUS_STATE_PAUSED ( 3 )
#define NETWORKSTATUS_FLAGS_TRIGGER_PENDING ( 0x1 )
#define MAKE_WORD(l, h) (((WORD) (l)) | (((WORD) (h)) << 8))
#define MAKE_LONG(l, h) (((DWORD) (l)) | (((DWORD) (h)) << 16L))
#define MAKE_SIG(a, b, c, d) MAKE_LONG(MAKE_WORD(a, b), MAKE_WORD(c, d))
//=============================================================================
// STATISTICS parameter structure.
//=============================================================================
#define MAX_SESSIONS ( 100 )
#define MAX_STATIONS ( 100 )
typedef struct _STATISTICSPARAM
{
DWORD StatisticsSize;
STATISTICS Statistics;
DWORD StatisticsTableEntries;
STATIONSTATS StatisticsTable[ 100 ];
DWORD SessionTableEntries;
SESSIONSTATS SessionTable[ 100 ];
} STATISTICSPARAM;
typedef STATISTICSPARAM *LPSTATISTICSPARAM;
#define STATISTICSPARAM_SIZE ( sizeof( STATISTICSPARAM ) )
//=============================================================================
// Capture file header.
//=============================================================================
// This structure is used to decode file data and so needs to be packed
#pragma pack(push, 1)
#define CAPTUREFILE_VERSION_MAJOR ( 2 )
#define CAPTUREFILE_VERSION_MINOR ( 0 )
#define MakeVersion(Major, Minor) ((DWORD) MAKEWORD(Minor, Major))
#define GetCurrentVersion() MakeVersion(CAPTUREFILE_VERSION_MAJOR, CAPTUREFILE_VERSION_MINOR)
#define NETMON_1_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('R', 'T', 'S', 'S')
#define NETMON_2_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('G', 'M', 'B', 'U')
typedef struct _CAPTUREFILE_HEADER_VALUES
{
DWORD Signature;
BYTE BCDVerMinor;
BYTE BCDVerMajor;
WORD MacType;
SYSTEMTIME TimeStamp;
DWORD FrameTableOffset;
DWORD FrameTableLength;
DWORD UserDataOffset;
DWORD UserDataLength;
DWORD CommentDataOffset;
DWORD CommentDataLength;
DWORD StatisticsOffset;
DWORD StatisticsLength;
DWORD NetworkInfoOffset;
DWORD NetworkInfoLength;
DWORD ConversationStatsOffset;
DWORD ConversationStatsLength;
} CAPTUREFILE_HEADER_VALUES;
typedef CAPTUREFILE_HEADER_VALUES *LPCAPTUREFILE_HEADER_VALUES;
#define CAPTUREFILE_HEADER_VALUES_SIZE ( sizeof( CAPTUREFILE_HEADER_VALUES ) )
#pragma pack(pop)
//=============================================================================
// Capture file.
//=============================================================================
// This structure is used to decode file data and so needs to be packed
#pragma pack(push, 1)
typedef struct _CAPTUREFILE_HEADER
{
union
{
CAPTUREFILE_HEADER_VALUES ActualHeader;
BYTE Buffer[ 72 ];
} ;
BYTE Reserved[ 56 ];
} CAPTUREFILE_HEADER;
typedef CAPTUREFILE_HEADER *LPCAPTUREFILE_HEADER;
#define CAPTUREFILE_HEADER_SIZE ( sizeof( CAPTUREFILE_HEADER ) )
#pragma pack(pop)
//=============================================================================
// Stats Frame definitions.
//=============================================================================
// These structures are used to create network data and so need to be packed
#pragma pack(push, 1)
typedef struct _EFRAMEHDR
{
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
WORD Length;
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[ 3 ];
WORD EtherType;
} EFRAMEHDR;
typedef struct _TRFRAMEHDR
{
BYTE AC;
BYTE FC;
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[ 3 ];
WORD EtherType;
} TRFRAMEHDR;
#define DEFAULT_TR_AC ( 0 )
#define DEFAULT_TR_FC ( 0x40 )
#define DEFAULT_SAP ( 0xaa )
#define DEFAULT_CONTROL ( 0x3 )
#define DEFAULT_ETHERTYPE ( 0x8419 )
typedef struct _FDDIFRAMEHDR
{
BYTE FC;
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[ 3 ];
WORD EtherType;
} FDDIFRAMEHDR;
#define DEFAULT_FDDI_FC ( 0x10 )
typedef struct _FDDISTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
FDDIFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} FDDISTATFRAME;
typedef FDDISTATFRAME *LPFDDISTATFRAME;
typedef FDDISTATFRAME UNALIGNED *ULPFDDISTATFRAME;
#define FDDISTATFRAME_SIZE ( sizeof( FDDISTATFRAME ) )
typedef struct _ATMFRAMEHDR
{
BYTE SrcAddress[ 6 ];
BYTE DstAddress[ 6 ];
WORD Vpi;
WORD Vci;
} ATMFRAMEHDR;
typedef struct _ATMSTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
ATMFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} ATMSTATFRAME;
typedef ATMSTATFRAME *LPATMSTATFRAME;
typedef ATMSTATFRAME UNALIGNED *ULPATMSTATFRAME;
#define ATMSTATFRAME_SIZE ( sizeof( ATMSTATFRAME ) )
typedef struct _TRSTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
TRFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} TRSTATFRAME;
typedef TRSTATFRAME *LPTRSTATFRAME;
typedef TRSTATFRAME UNALIGNED *ULPTRSTATFRAME;
#define TRSTATFRAME_SIZE ( sizeof( TRSTATFRAME ) )
typedef struct _ESTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
EFRAMEHDR FrameHeader;
BYTE FrameID[ 4 ];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} ESTATFRAME;
typedef ESTATFRAME *LPESTATFRAME;
typedef ESTATFRAME UNALIGNED *ULPESTATFRAME;
#define ESTATFRAME_SIZE ( sizeof( ESTATFRAME ) )
#define STATISTICS_VERSION_1_0 ( 0 )
#define STATISTICS_VERSION_2_0 ( 0x20 )
#define MAX_STATSFRAME_SIZE ( sizeof( TRSTATFRAME ) )
#define STATS_FRAME_TYPE ( 103 )
#pragma pack(pop)
//****************************************************************************
//****************************************************************************
// Obsolete structures
// The newer structures (named with a 2 appended) should be used
//****************************************************************************
//****************************************************************************
#pragma pack(push, 1)
// Address Structure
// Obsolete, ADDRESS2 should be used
typedef struct _ADDRESS
{
DWORD Type;
union
{
// ADDRESS_TYPE_ETHERNET
// ADDRESS_TYPE_TOKENRING
// ADDRESS_TYPE_FDDI
BYTE MACAddress[MAC_ADDRESS_SIZE];
// IP
BYTE IPAddress[IP_ADDRESS_SIZE];
// raw IPX
BYTE IPXRawAddress[IPX_ADDR_SIZE];
// real IPX
IPX_ADDR IPXAddress;
// raw Vines IP
BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];
// real Vines IP
VINES_IP_ADDRESS VinesIPAddress;
// ethernet with bits defined
ETHERNET_SRC_ADDRESS EthernetSrcAddress;
// ethernet with bits defined
ETHERNET_DST_ADDRESS EthernetDstAddress;
// tokenring with bits defined
TOKENRING_SRC_ADDRESS TokenringSrcAddress;
// tokenring with bits defined
TOKENRING_DST_ADDRESS TokenringDstAddress;
// fddi with bits defined
FDDI_SRC_ADDRESS FddiSrcAddress;
// fddi with bits defined
FDDI_DST_ADDRESS FddiDstAddress;
};
WORD Flags;
} ADDRESS;
typedef ADDRESS *LPADDRESS;
#define ADDRESS_SIZE sizeof(ADDRESS)
#pragma pack(pop)
// Obsolete, ADDRESSPAIR2 should be used
typedef struct _ADDRESSPAIR
{
WORD AddressFlags;
WORD NalReserved;
ADDRESS DstAddress;
ADDRESS SrcAddress;
} ADDRESSPAIR;
typedef ADDRESSPAIR *LPADDRESSPAIR;
#define ADDRESSPAIR_SIZE sizeof(ADDRESSPAIR)
// Obsolete, ADDRESSTABLE2 should be used
typedef struct _ADDRESSTABLE
{
DWORD nAddressPairs;
DWORD nNonMacAddressPairs;
ADDRESSPAIR AddressPair[MAX_ADDRESS_PAIRS];
} ADDRESSTABLE;
typedef ADDRESSTABLE *LPADDRESSTABLE;
#define ADDRESSTABLE_SIZE sizeof(ADDRESSTABLE)
// Obsolete, ADDRESSINFO2 should be used
typedef struct _ADDRESSINFO
{
ADDRESS Address;
WCHAR Name[MAX_NAME_SIZE];
DWORD Flags;
LPVOID lpAddressInstData;
} ADDRESSINFO;
typedef struct _ADDRESSINFO *LPADDRESSINFO;
#define ADDRESSINFO_SIZE sizeof(ADDRESSINFO)
// Obsolete, ADDRESSINFOTABLE2 should be used
typedef struct _ADDRESSINFOTABLE
{
DWORD nAddressInfos;
LPADDRESSINFO lpAddressInfo[0];
} ADDRESSINFOTABLE;
typedef ADDRESSINFOTABLE *LPADDRESSINFOTABLE;
#define ADDRESSINFOTABLE_SIZE sizeof(ADDRESSINFOTABLE)
//****************************************************************************
//****************************************************************************
// Obsolete functions
// The newer functions should be used
//****************************************************************************
//****************************************************************************
// Obsolete, SetNPPAddress2FilterInBlob should be used
DWORD _cdecl SetNPPAddressFilterInBlob( HBLOB hBlob,
LPADDRESSTABLE pAddressTable);
// Obsolete, GetNPPAddress2FilterFromBlob should be used
DWORD _cdecl GetNPPAddressFilterFromBlob( HBLOB hBlob,
LPADDRESSTABLE pAddressTable,
HBLOB hErrorBlob);
//=============================================================================
//=============================================================================
// (NMEvent.h)
//=============================================================================
//=============================================================================
#pragma pack(push, 8)
// NMCOLUMNTYPE
typedef /* [public][public][public][public][public][public] */
enum __MIDL___MIDL_itf_netmon_0000_0005
{ NMCOLUMNTYPE_UINT8 = 0,
NMCOLUMNTYPE_SINT8 = NMCOLUMNTYPE_UINT8 + 1,
NMCOLUMNTYPE_UINT16 = NMCOLUMNTYPE_SINT8 + 1,
NMCOLUMNTYPE_SINT16 = NMCOLUMNTYPE_UINT16 + 1,
NMCOLUMNTYPE_UINT32 = NMCOLUMNTYPE_SINT16 + 1,
NMCOLUMNTYPE_SINT32 = NMCOLUMNTYPE_UINT32 + 1,
NMCOLUMNTYPE_FLOAT64 = NMCOLUMNTYPE_SINT32 + 1,
NMCOLUMNTYPE_FRAME = NMCOLUMNTYPE_FLOAT64 + 1,
NMCOLUMNTYPE_YESNO = NMCOLUMNTYPE_FRAME + 1,
NMCOLUMNTYPE_ONOFF = NMCOLUMNTYPE_YESNO + 1,
NMCOLUMNTYPE_TRUEFALSE = NMCOLUMNTYPE_ONOFF + 1,
NMCOLUMNTYPE_MACADDR = NMCOLUMNTYPE_TRUEFALSE + 1,
NMCOLUMNTYPE_IPXADDR = NMCOLUMNTYPE_MACADDR + 1,
NMCOLUMNTYPE_IPADDR = NMCOLUMNTYPE_IPXADDR + 1,
NMCOLUMNTYPE_VARTIME = NMCOLUMNTYPE_IPADDR + 1,
NMCOLUMNTYPE_STRING = NMCOLUMNTYPE_VARTIME + 1
} NMCOLUMNTYPE;
// NMCOLUMNVARIANT
typedef struct _NMCOLUMNVARIANT
{
NMCOLUMNTYPE Type;
union
{
BYTE Uint8Val;
char Sint8Val;
WORD Uint16Val;
short Sint16Val;
DWORD Uint32Val;
long Sint32Val;
DOUBLE Float64Val;
DWORD FrameVal;
BOOL YesNoVal;
BOOL OnOffVal;
BOOL TrueFalseVal;
BYTE MACAddrVal[ 6 ];
IPX_ADDR IPXAddrVal;
DWORD IPAddrVal;
DOUBLE VarTimeVal;
LPCSTR pStringVal;
} Value;
} NMCOLUMNVARIANT;
// COLUMNINFO
typedef struct _NMCOLUMNINFO
{
LPSTR szColumnName;
NMCOLUMNVARIANT VariantData;
} NMCOLUMNINFO;
typedef NMCOLUMNINFO *PNMCOLUMNINFO;
// JTYPE
typedef LPSTR JTYPE;
// EVENTDATA
#ifdef MIDL_PASS
typedef struct _NMEVENTDATA
{
LPSTR pszReserved;
BYTE Version;
DWORD EventIdent;
DWORD Flags;
DWORD Severity;
BYTE NumColumns;
LPSTR szSourceName;
LPSTR szEventName;
LPSTR szDescription;
LPSTR szMachine;
JTYPE Justification;
PVOID pvReserved;
SYSTEMTIME SysTime;
/* [size_is] */ NMCOLUMNINFO Column[ 1 ];
} NMEVENTDATA;
#else // MIDL_PASS
typedef struct _NMEVENTDATA
{
LPSTR pszReserved; // Reserved
BYTE Version; // Version for this structure (must be 0)
DWORD EventIdent; // ID for this event
DWORD Flags; // Flags for Expert generated and others
DWORD Severity; // Severity level
BYTE NumColumns; // Number of optional columns for this event
LPSTR szSourceName; // Name of Expert
LPSTR szEventName; // Name of event
LPSTR szDescription;// Description of event
LPSTR szMachine; // Name (or IPADDRESS?) of the machine supplying the event (NULL for Experts usually)
JTYPE Justification;// Justification pane info (currently a string, but possible structure)
PVOID pvReserved; // Reserved
SYSTEMTIME SysTime; // Systemtime of the event
NMCOLUMNINFO Column[0];
} NMEVENTDATA;
#endif // MIDL_PASS
typedef NMEVENTDATA *PNMEVENTDATA;
#pragma pack(pop)
// EVENT FLAGS
#define NMEVENTFLAG_EXPERT ( 0x1 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY ( 0x80000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE ( 0x40000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME ( 0x20000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION ( 0x10000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE ( 0x8000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_TIME ( 0x4000000 )
#define NMEVENTFLAG_DO_NOT_DISPLAY_DATE ( 0x2000000 )
//#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS (NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY | \
// NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE | \
// NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME | \
// NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION| \
// NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE | \
// NMEVENTFLAG_DO_NOT_DISPLAY_TIME | \
// NMEVENTFLAG_DO_NOT_DISPLAY_DATE )
#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS ( 0xfe000000 )
enum _NMEVENT_SEVERITIES
{ NMEVENT_SEVERITY_INFORMATIONAL = 0,
NMEVENT_SEVERITY_WARNING = NMEVENT_SEVERITY_INFORMATIONAL + 1,
NMEVENT_SEVERITY_STRONG_WARNING = NMEVENT_SEVERITY_WARNING + 1,
NMEVENT_SEVERITY_ERROR = NMEVENT_SEVERITY_STRONG_WARNING + 1,
NMEVENT_SEVERITY_SEVERE_ERROR = NMEVENT_SEVERITY_ERROR + 1,
NMEVENT_SEVERITY_CRITICAL_ERROR = NMEVENT_SEVERITY_SEVERE_ERROR + 1
} ;
//=============================================================================
//=============================================================================
// (Finder.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Structures use by NPPs & the Finder
//=============================================================================
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0007
{
DWORD dwNumBlobs;
/* [size_is] */ HBLOB hBlobs[ 1 ];
} BLOB_TABLE;
typedef BLOB_TABLE *PBLOB_TABLE;
typedef /* [public][public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0008
{
DWORD size;
/* [size_is] */ BYTE *pBytes;
} MBLOB;
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0009
{
DWORD dwNumBlobs;
/* [size_is] */ MBLOB mBlobs[ 1 ];
} MBLOB_TABLE;
typedef MBLOB_TABLE *PMBLOB_TABLE;
//=============================================================================
// Functions called by monitors, tools, netmon
//=============================================================================
DWORD _cdecl GetNPPBlobTable(HBLOB hFilterBlob,
PBLOB_TABLE* ppBlobTable);
DWORD _cdecl GetNPPBlobFromUI(HWND hwnd,
HBLOB hFilterBlob,
HBLOB* phBlob);
DWORD _cdecl GetNPPBlobFromUIExU(HWND hwnd,
HBLOB hFilterBlob,
HBLOB* phBlob,
char* szHelpFileName);
DWORD _cdecl SelectNPPBlobFromTable( HWND hwnd,
PBLOB_TABLE pBlobTable,
HBLOB* hBlob);
DWORD _cdecl SelectNPPBlobFromTableExU( HWND hwnd,
PBLOB_TABLE pBlobTable,
HBLOB* hBlob,
char* szHelpFileName);
//=============================================================================
// Helper functions provided by the Finder
//=============================================================================
__inline DWORD BLOB_TABLE_SIZE(DWORD dwNumBlobs)
{
return (DWORD) (sizeof(BLOB_TABLE)+dwNumBlobs*sizeof(HBLOB));
}
__inline PBLOB_TABLE AllocBlobTable(DWORD dwNumBlobs)
{
DWORD size = BLOB_TABLE_SIZE(dwNumBlobs);
return (PBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
}
__inline DWORD MBLOB_TABLE_SIZE(DWORD dwNumBlobs)
{
return (DWORD) (sizeof(MBLOB_TABLE)+dwNumBlobs*sizeof(MBLOB));
}
__inline PMBLOB_TABLE AllocMBlobTable(DWORD dwNumBlobs)
{
DWORD size = MBLOB_TABLE_SIZE(dwNumBlobs);
return (PMBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
}
//=============================================================================
// Functions provided by NPPs, called by the Finder
//=============================================================================
// For NPP's that can return a Blob table without additional configuration.
DWORD _cdecl GetNPPBlobs(PBLOB_TABLE* ppBlobTable);
typedef DWORD (_cdecl FAR* BLOBSPROC) (PBLOB_TABLE* ppBlobTable);
// For NPP's that need additional information to return a Blob table.
DWORD _cdecl GetConfigBlob(HBLOB* phBlob);
typedef DWORD (_cdecl FAR* GETCFGBLOB) (HBLOB, HBLOB*);
typedef DWORD (_cdecl FAR* CFGPROC) (HWND hwnd,
HBLOB SpecialBlob,
PBLOB_TABLE* ppBlobTable);
//=============================================================================
// Handy functions
//=============================================================================
BOOL _cdecl FilterNPPBlob(HBLOB hBlob, HBLOB FilterBlob);
BOOL _cdecl RaiseNMEvent(HINSTANCE hInstance,
WORD EventType,
DWORD EventID,
WORD nStrings,
const char** aInsertStrs,
LPVOID lpvData,
DWORD dwDataSize);
//=============================================================================
//=============================================================================
// (NMmonitor.h)
//=============================================================================
//=============================================================================
//=============================================================================
//=============================================================================
// (NMSupp.h)
//=============================================================================
//=============================================================================
#ifndef __cplusplus
#ifndef try
#define try __try
#endif // try
#ifndef except
#define except __except
#endif // except
#endif // __cplusplus
//=============================================================================
// Windows version constants.
//=============================================================================
#define WINDOWS_VERSION_UNKNOWN ( 0 )
#define WINDOWS_VERSION_WIN32S ( 1 )
#define WINDOWS_VERSION_WIN32C ( 2 )
#define WINDOWS_VERSION_WIN32 ( 3 )
//=============================================================================
// Frame masks.
//=============================================================================
#define FRAME_MASK_ETHERNET ( ( BYTE )~0x1 )
#define FRAME_MASK_TOKENRING ( ( BYTE )~0x80 )
#define FRAME_MASK_FDDI ( ( BYTE )~0x1 )
//=============================================================================
// Object heap type.
//=============================================================================
typedef LPVOID HOBJECTHEAP;
//=============================================================================
// Object cleanup procedure.
//=============================================================================
typedef VOID (WINAPI *OBJECTPROC)(HOBJECTHEAP, LPVOID);
//=============================================================================
// Network Monitor timers.
//=============================================================================
typedef struct _TIMER *HTIMER;
typedef VOID (WINAPI *BHTIMERPROC)(LPVOID);
HTIMER WINAPI BhSetTimer(BHTIMERPROC TimerProc, LPVOID InstData, DWORD TimeOut);
VOID WINAPI BhKillTimer(HTIMER hTimer);
//=============================================================================
// Network Monitor global error API.
//=============================================================================
DWORD WINAPI BhGetLastError(VOID);
DWORD WINAPI BhSetLastError(DWORD Error);
//=============================================================================
// Object manager function prototypes.
//=============================================================================
HOBJECTHEAP WINAPI CreateObjectHeap(DWORD ObjectSize, OBJECTPROC ObjectProc);
HOBJECTHEAP WINAPI DestroyObjectHeap(HOBJECTHEAP hObjectHeap);
LPVOID WINAPI AllocObject(HOBJECTHEAP hObjectHeap);
LPVOID WINAPI FreeObject(HOBJECTHEAP hObjectHeap, LPVOID ObjectMemory);
DWORD WINAPI GrowObjectHeap(HOBJECTHEAP hObjectHeap, DWORD nObjects);
DWORD WINAPI GetObjectHeapSize(HOBJECTHEAP hObjectHeap);
VOID WINAPI PurgeObjectHeap(HOBJECTHEAP hObjectHeap);
//=============================================================================
// Memory functions.
//=============================================================================
LPVOID WINAPI AllocMemory(SIZE_T size);
LPVOID WINAPI ReallocMemory(LPVOID ptr, SIZE_T NewSize);
VOID WINAPI FreeMemory(LPVOID ptr);
VOID WINAPI TestMemory(LPVOID ptr);
SIZE_T WINAPI MemorySize(LPVOID ptr);
HANDLE WINAPI MemoryHandle(LPBYTE ptr);
//=============================================================================
// EXPRESSION API's
//=============================================================================
LPEXPRESSION WINAPI InitializeExpression(LPEXPRESSION Expression);
LPPATTERNMATCH WINAPI InitializePattern(LPPATTERNMATCH Pattern, LPVOID ptr, DWORD offset, DWORD length);
LPEXPRESSION WINAPI AndExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);
LPEXPRESSION WINAPI OrExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);
LPPATTERNMATCH WINAPI NegatePattern(LPPATTERNMATCH Pattern);
LPADDRESSTABLE2 WINAPI AdjustOperatorPrecedence(LPADDRESSTABLE2 AddressTable);
LPADDRESS2 WINAPI NormalizeAddress(LPADDRESS2 Address);
LPADDRESSTABLE2 WINAPI NormalizeAddressTable(LPADDRESSTABLE2 AddressTable);
//=============================================================================
// MISC. API's
//=============================================================================
DWORD WINAPI BhGetWindowsVersion(VOID);
BOOL WINAPI IsDaytona(VOID);
VOID _cdecl dprintf(LPSTR format, ...);
//=============================================================================
//=============================================================================
// (BHTypes.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Unaligned base type definitions.
//=============================================================================
typedef VOID UNALIGNED *ULPVOID;
typedef BYTE UNALIGNED *ULPBYTE;
typedef WORD UNALIGNED *ULPWORD;
typedef DWORD UNALIGNED *ULPDWORD;
typedef CHAR UNALIGNED *ULPSTR;
typedef SYSTEMTIME UNALIGNED *ULPSYSTEMTIME;
//=============================================================================
// Handle definitions.
//=============================================================================
typedef struct _PARSER *HPARSER;
typedef struct _CAPFRAMEDESC *HFRAME;
typedef struct _CAPTURE *HCAPTURE;
typedef struct _FILTER *HFILTER;
typedef struct _ADDRESSDB *HADDRESSDB;
typedef struct _PROTOCOL *HPROTOCOL;
typedef DWORD_PTR HPROPERTY;
typedef HPROTOCOL *LPHPROTOCOL;
//=============================================================================
// GetTableSize() -- The following macro is used to calculate the actual
// length of Network Monitor variable-length table structures.
//
// EXAMPLE:
//
// GetTableSize(PROTOCOLTABLESIZE,
// ProtocolTable->nProtocols,
// sizeof(HPROTOCOL))
//=============================================================================
#define GetTableSize(TableBaseSize, nElements, ElementSize) ((TableBaseSize) + ((nElements) * (ElementSize)))
//=============================================================================
// Object type identifiers.
//=============================================================================
typedef DWORD OBJECTTYPE;
#ifndef MAKE_IDENTIFIER
#define MAKE_IDENTIFIER(a, b, c, d) ((DWORD) MAKELONG(MAKEWORD(a, b), MAKEWORD(c, d)))
#endif // MAKE_IDENTIFIER
#define HANDLE_TYPE_INVALID MAKE_IDENTIFIER(-1, -1, -1, -1)
#define HANDLE_TYPE_CAPTURE MAKE_IDENTIFIER('C', 'A', 'P', '$')
#define HANDLE_TYPE_PARSER MAKE_IDENTIFIER('P', 'S', 'R', '$')
#define HANDLE_TYPE_ADDRESSDB MAKE_IDENTIFIER('A', 'D', 'R', '$')
#define HANDLE_TYPE_PROTOCOL MAKE_IDENTIFIER('P', 'R', 'T', '$')
#define HANDLE_TYPE_BUFFER MAKE_IDENTIFIER('B', 'U', 'F', '$')
//=============================================================================
// Network Monitor constant definitions.
//=============================================================================
#define INLINE __inline
#define BHAPI WINAPI
#define MAX_NAME_LENGTH ( 16 )
#define MAX_ADDR_LENGTH ( 6 )
//=============================================================================
// Ethernet type (ETYPE) constant definitions.
//=============================================================================
#define ETYPE_LOOP ( 0x9000 )
#define ETYPE_3COM_NETMAP1 ( 0x9001 )
#define ETYPE_3COM_NETMAP2 ( 0x9002 )
#define ETYPE_IBM_RT ( 0x80d5 )
#define ETYPE_NETWARE ( 0x8137 )
#define ETYPE_XNS1 ( 0x600 )
#define ETYPE_XNS2 ( 0x807 )
#define ETYPE_3COM_NBP0 ( 0x3c00 )
#define ETYPE_3COM_NBP1 ( 0x3c01 )
#define ETYPE_3COM_NBP2 ( 0x3c02 )
#define ETYPE_3COM_NBP3 ( 0x3c03 )
#define ETYPE_3COM_NBP4 ( 0x3c04 )
#define ETYPE_3COM_NBP5 ( 0x3c05 )
#define ETYPE_3COM_NBP6 ( 0x3c06 )
#define ETYPE_3COM_NBP7 ( 0x3c07 )
#define ETYPE_3COM_NBP8 ( 0x3c08 )
#define ETYPE_3COM_NBP9 ( 0x3c09 )
#define ETYPE_3COM_NBP10 ( 0x3c0a )
#define ETYPE_IP ( 0x800 )
#define ETYPE_ARP1 ( 0x806 )
#define ETYPE_ARP2 ( 0x807 )
#define ETYPE_RARP ( 0x8035 )
#define ETYPE_TRLR0 ( 0x1000 )
#define ETYPE_TRLR1 ( 0x1001 )
#define ETYPE_TRLR2 ( 0x1002 )
#define ETYPE_TRLR3 ( 0x1003 )
#define ETYPE_TRLR4 ( 0x1004 )
#define ETYPE_TRLR5 ( 0x1005 )
#define ETYPE_PUP ( 0x200 )
#define ETYPE_PUP_ARP ( 0x201 )
#define ETYPE_APPLETALK_ARP ( 0x80f3 )
#define ETYPE_APPLETALK_LAP ( 0x809b )
#define ETYPE_SNMP ( 0x814c )
//=============================================================================
// LLC (802.2) SAP constant definitions.
//=============================================================================
#define SAP_SNAP ( 0xaa )
#define SAP_BPDU ( 0x42 )
#define SAP_IBM_NM ( 0xf4 )
#define SAP_IBM_NETBIOS ( 0xf0 )
#define SAP_SNA1 ( 0x4 )
#define SAP_SNA2 ( 0x5 )
#define SAP_SNA3 ( 0x8 )
#define SAP_SNA4 ( 0xc )
#define SAP_NETWARE1 ( 0x10 )
#define SAP_NETWARE2 ( 0xe0 )
#define SAP_NETWARE3 ( 0xfe )
#define SAP_IP ( 0x6 )
#define SAP_X25 ( 0x7e )
#define SAP_RPL1 ( 0xf8 )
#define SAP_RPL2 ( 0xfc )
#define SAP_UB ( 0xfa )
#define SAP_XNS ( 0x80 )
//=============================================================================
// Property constants
//=============================================================================
// data types
#define PROP_TYPE_VOID ( 0 )
#define PROP_TYPE_SUMMARY ( 0x1 )
#define PROP_TYPE_BYTE ( 0x2 )
#define PROP_TYPE_WORD ( 0x3 )
#define PROP_TYPE_DWORD ( 0x4 )
#define PROP_TYPE_LARGEINT ( 0x5 )
#define PROP_TYPE_ADDR ( 0x6 )
#define PROP_TYPE_TIME ( 0x7 )
#define PROP_TYPE_STRING ( 0x8 )
#define PROP_TYPE_IP_ADDRESS ( 0x9 )
#define PROP_TYPE_IPX_ADDRESS ( 0xa )
#define PROP_TYPE_BYTESWAPPED_WORD ( 0xb )
#define PROP_TYPE_BYTESWAPPED_DWORD ( 0xc )
#define PROP_TYPE_TYPED_STRING ( 0xd )
#define PROP_TYPE_RAW_DATA ( 0xe )
#define PROP_TYPE_COMMENT ( 0xf )
#define PROP_TYPE_SRCFRIENDLYNAME ( 0x10 )
#define PROP_TYPE_DSTFRIENDLYNAME ( 0x11 )
#define PROP_TYPE_TOKENRING_ADDRESS ( 0x12 )
#define PROP_TYPE_FDDI_ADDRESS ( 0x13 )
#define PROP_TYPE_ETHERNET_ADDRESS ( 0x14 )
#define PROP_TYPE_OBJECT_IDENTIFIER ( 0x15 )
#define PROP_TYPE_VINES_IP_ADDRESS ( 0x16 )
#define PROP_TYPE_VAR_LEN_SMALL_INT ( 0x17 )
#define PROP_TYPE_ATM_ADDRESS ( 0x18 )
#define PROP_TYPE_1394_ADDRESS ( 0x19 )
#define PROP_TYPE_IP6_ADDRESS ( 0x1a )
// data qualifiers
#define PROP_QUAL_NONE ( 0 )
#define PROP_QUAL_RANGE ( 0x1 )
#define PROP_QUAL_SET ( 0x2 )
#define PROP_QUAL_BITFIELD ( 0x3 )
#define PROP_QUAL_LABELED_SET ( 0x4 )
#define PROP_QUAL_LABELED_BITFIELD ( 0x8 )
#define PROP_QUAL_CONST ( 0x9 )
#define PROP_QUAL_FLAGS ( 0xa )
#define PROP_QUAL_ARRAY ( 0xb )
//=============================================================================
// LARGEINT structure defined in winnt.h
//=============================================================================
typedef LARGE_INTEGER *LPLARGEINT;
typedef LARGE_INTEGER UNALIGNED *ULPLARGEINT;
//=============================================================================
// Range structure.
//=============================================================================
typedef struct _RANGE
{
DWORD MinValue;
DWORD MaxValue;
} RANGE;
typedef RANGE *LPRANGE;
//=============================================================================
// LABELED_BYTE structure
//=============================================================================
typedef struct _LABELED_BYTE
{
BYTE Value;
LPSTR Label;
} LABELED_BYTE;
typedef LABELED_BYTE *LPLABELED_BYTE;
//=============================================================================
// LABELED_WORD structure
//=============================================================================
typedef struct _LABELED_WORD
{
WORD Value;
LPSTR Label;
} LABELED_WORD;
typedef LABELED_WORD *LPLABELED_WORD;
//=============================================================================
// LABELED_DWORD structure
//=============================================================================
typedef struct _LABELED_DWORD
{
DWORD Value;
LPSTR Label;
} LABELED_DWORD;
typedef LABELED_DWORD *LPLABELED_DWORD;
//=============================================================================
// LABELED_LARGEINT structure
//=============================================================================
typedef struct _LABELED_LARGEINT
{
LARGE_INTEGER Value;
LPSTR Label;
} LABELED_LARGEINT;
typedef LABELED_LARGEINT *LPLABELED_LARGEINT;
//=============================================================================
// LABELED_SYSTEMTIME structure
//=============================================================================
typedef struct _LABELED_SYSTEMTIME
{
SYSTEMTIME Value;
LPSTR Label;
} LABELED_SYSTEMTIME;
typedef LABELED_SYSTEMTIME *LPLABELED_SYSTEMTIME;
//=============================================================================
// LABELED_BIT structure
//=============================================================================
// BitNumber starts at 0, up to 256 bits.
typedef struct _LABELED_BIT
{
BYTE BitNumber;
LPSTR LabelOff;
LPSTR LabelOn;
} LABELED_BIT;
typedef LABELED_BIT *LPLABELED_BIT;
//=============================================================================
// TYPED_STRING structure
//=============================================================================
#define TYPED_STRING_NORMAL ( 1 )
#define TYPED_STRING_UNICODE ( 2 )
#define TYPED_STRING_EXFLAG ( 1 )
// Typed Strings are always Ex, so to actually Ex we set fStringEx and put the Ex data in Byte
typedef struct _TYPED_STRING
{
BYTE StringType:7;
BYTE fStringEx:1;
LPSTR lpString;
BYTE Byte[0];
} TYPED_STRING;
typedef TYPED_STRING *LPTYPED_STRING;
//=============================================================================
// OBJECT_IDENTIFIER structure
//=============================================================================
typedef struct _OBJECT_IDENTIFIER
{
DWORD Length;
LPDWORD lpIdentifier;
} OBJECT_IDENTIFIER;
typedef OBJECT_IDENTIFIER *LPOBJECT_IDENTIFIER;
//=============================================================================
// Set structure.
//=============================================================================
typedef struct _SET
{
DWORD nEntries;
union
{
LPVOID lpVoidTable;
LPBYTE lpByteTable;
LPWORD lpWordTable;
LPDWORD lpDwordTable;
LPLARGEINT lpLargeIntTable;
LPSYSTEMTIME lpSystemTimeTable;
LPLABELED_BYTE lpLabeledByteTable;
LPLABELED_WORD lpLabeledWordTable;
LPLABELED_DWORD lpLabeledDwordTable;
LPLABELED_LARGEINT lpLabeledLargeIntTable;
LPLABELED_SYSTEMTIME lpLabeledSystemTimeTable;
LPLABELED_BIT lpLabeledBit;
} ;
} SET;
typedef SET *LPSET;
//=============================================================================
// String table.
//=============================================================================
typedef struct _STRINGTABLE
{
DWORD nStrings;
LPSTR String[0];
} STRINGTABLE;
typedef STRINGTABLE *LPSTRINGTABLE;
#define STRINGTABLE_SIZE sizeof(STRINGTABLE)
//=============================================================================
// RECOGNIZEDATA structure.
//
// This structure to keep track of the start of each recognized protocol.
//=============================================================================
typedef struct _RECOGNIZEDATA
{
WORD ProtocolID;
WORD nProtocolOffset;
LPVOID InstData;
} RECOGNIZEDATA;
typedef RECOGNIZEDATA *LPRECOGNIZEDATA;
//=============================================================================
// RECOGNIZEDATATABLE structure.
//
// This structure to keep track of the start of each RECOGNIZEDATA structure
//=============================================================================
typedef struct _RECOGNIZEDATATABLE
{
WORD nRecognizeDatas; //... number of RECOGNIZEDATA structures
RECOGNIZEDATA RecognizeData[0]; //... array of RECOGNIZEDATA structures follows
} RECOGNIZEDATATABLE;
typedef RECOGNIZEDATATABLE * LPRECOGNIZEDATATABLE;
//=============================================================================
// Property information structure.
//=============================================================================
typedef struct _PROPERTYINFO
{
HPROPERTY hProperty;
DWORD Version;
LPSTR Label;
LPSTR Comment;
BYTE DataType;
BYTE DataQualifier;
union
{
LPVOID lpExtendedInfo;
LPRANGE lpRange;
LPSET lpSet;
DWORD Bitmask;
DWORD Value;
} ;
WORD FormatStringSize;
LPVOID InstanceData;
} PROPERTYINFO;
typedef PROPERTYINFO *LPPROPERTYINFO;
#define PROPERTYINFO_SIZE ( sizeof( PROPERTYINFO ) )
//=============================================================================
// Property instance Extended structure.
//=============================================================================
typedef struct _PROPERTYINSTEX
{
WORD Length; //... length of raw data in frame
WORD LengthEx; //... number of bytes following
ULPVOID lpData; //... pointer to raw data in frame
union
{
BYTE Byte[]; //... table of bytes follows
WORD Word[]; //... table of words follows
DWORD Dword[]; //... table of Dwords follows
LARGE_INTEGER LargeInt[]; //... table of LARGEINT structures to follow
SYSTEMTIME SysTime[]; //... table of SYSTEMTIME structures follows
TYPED_STRING TypedString;//... a typed_string that may have extended data
};
} PROPERTYINSTEX;
typedef PROPERTYINSTEX *LPPROPERTYINSTEX;
typedef PROPERTYINSTEX UNALIGNED *ULPPROPERTYINSTEX;
#define PROPERTYINSTEX_SIZE sizeof(PROPERTYINSTEX)
//=============================================================================
// Property instance structure.
//=============================================================================
typedef struct _PROPERTYINST
{
LPPROPERTYINFO lpPropertyInfo; // pointer to property info
LPSTR szPropertyText; // pointer to string description
union
{
LPVOID lpData; // pointer to data
ULPBYTE lpByte; // bytes
ULPWORD lpWord; // words
ULPDWORD lpDword; // dwords
ULPLARGEINT lpLargeInt; // LargeInt
ULPSYSTEMTIME lpSysTime; // pointer to SYSTEMTIME structures
LPPROPERTYINSTEX lpPropertyInstEx; // pointer to propertyinstex (if DataLength = -1)
};
WORD DataLength; // length of data, or flag for propertyinstex struct
WORD Level : 4 ; // level information ............1111
WORD HelpID : 12 ; // context ID for helpfile 111111111111....
// ---------------
// total of 16 bits == 1 WORD == DWORD ALIGNED structure
// Interpretation Flags: Flags that define attach time information to the
// interpretation of the property. For example, in RPC, the client can be
// Intel format and the server can be non-Intel format... thus the property
// database cannot describe the property at database creation time.
DWORD IFlags;
} PROPERTYINST;
typedef PROPERTYINST *LPPROPERTYINST;
#define PROPERTYINST_SIZE sizeof(PROPERTYINST)
// Flags passed at AttachPropertyInstance and AttachPropertyInstanceEx time in the IFlags field:
// flag for error condition ...............1
#define IFLAG_ERROR ( 0x1 )
// is the WORD or DWORD byte non-Intel format at attach time?
#define IFLAG_SWAPPED ( 0x2 )
// is the STRING UNICODE at attach time?
#define IFLAG_UNICODE ( 0x4 )
//=============================================================================
// Property instance table structure.
//=============================================================================
typedef struct _PROPERTYINSTTABLE
{
WORD nPropertyInsts;
WORD nPropertyInstIndex;
} PROPERTYINSTTABLE;
typedef PROPERTYINSTTABLE *LPPROPERTYINSTTABLE;
#define PROPERTYINSTTABLE_SIZE ( sizeof( PROPERTYINSTTABLE ) )
//=============================================================================
// Property table structure.
//=============================================================================
typedef struct _PROPERTYTABLE
{
LPVOID lpFormatBuffer; //... Opaque. (PRIVATE)
DWORD FormatBufferLength; //... Opaque. (PRIVATE)
DWORD nTotalPropertyInsts; //... total number of propertyinstances in array
LPPROPERTYINST lpFirstPropertyInst; //... array of property instances
BYTE nPropertyInstTables; //... total PropertyIndexTables following
PROPERTYINSTTABLE PropertyInstTable[0]; //... array of propertyinstance index table structures
} PROPERTYTABLE;
typedef PROPERTYTABLE *LPPROPERTYTABLE;
#define PROPERTYTABLE_SIZE sizeof(PROPERTYTABLE)
//=============================================================================
// Protocol entry points.
//=============================================================================
typedef VOID (WINAPI *REGISTER)(HPROTOCOL);
typedef VOID (WINAPI *DEREGISTER)(HPROTOCOL);
typedef LPBYTE (WINAPI *RECOGNIZEFRAME)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, LPDWORD, LPHPROTOCOL, PDWORD_PTR);
typedef LPBYTE (WINAPI *ATTACHPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, DWORD_PTR);
typedef DWORD (WINAPI *FORMATPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, LPPROPERTYINST);
//=============================================================================
// Protocol entry point structure.
//=============================================================================
typedef struct _ENTRYPOINTS
{
REGISTER Register; //... Protocol Register() entry point.
DEREGISTER Deregister; //... Protocol Deregister() entry point.
RECOGNIZEFRAME RecognizeFrame; //... Protocol RecognizeFrame() entry point.
ATTACHPROPERTIES AttachProperties; //... Protocol AttachProperties() entry point.
FORMATPROPERTIES FormatProperties; //... Protocol FormatProperties() entry point.
} ENTRYPOINTS;
typedef ENTRYPOINTS *LPENTRYPOINTS;
#define ENTRYPOINTS_SIZE sizeof(ENTRYPOINTS)
//=============================================================================
// Property database structure.
//=============================================================================
typedef struct _PROPERTYDATABASE
{
DWORD nProperties; //... Number of properties in database.
LPPROPERTYINFO PropertyInfo[0]; //... Array of property info pointers.
} PROPERTYDATABASE;
#define PROPERTYDATABASE_SIZE sizeof(PROPERTYDATABASE)
typedef PROPERTYDATABASE *LPPROPERTYDATABASE;
//=============================================================================
// Protocol info structure (PUBLIC portion of HPROTOCOL).
//=============================================================================
typedef struct _PROTOCOLINFO
{
DWORD ProtocolID; //... Prootocol ID of owning protocol.
LPPROPERTYDATABASE PropertyDatabase; //... Property database.
BYTE ProtocolName[16]; //... Protocol name.
BYTE HelpFile[16]; //... Optional helpfile name.
BYTE Comment[128]; //... Comment describing protocol.
} PROTOCOLINFO;
typedef PROTOCOLINFO *LPPROTOCOLINFO;
#define PROTOCOLINFO_SIZE sizeof(PROTOCOLINFO)
//=============================================================================
// Protocol Table.
//=============================================================================
typedef struct _PROTOCOLTABLE
{
DWORD nProtocols;
HPROTOCOL hProtocol[ 1 ];
} PROTOCOLTABLE;
typedef PROTOCOLTABLE *LPPROTOCOLTABLE;
#define PROTOCOLTABLE_SIZE ( sizeof( PROTOCOLTABLE ) - sizeof( HPROTOCOL ) )
#define PROTOCOLTABLE_ACTUAL_SIZE(p) GetTableSize(PROTOCOLTABLE_SIZE, (p)->nProtocols, sizeof(HPROTOCOL))
//=============================================================================
// AddressInfo structure
//=============================================================================
#define SORT_BYADDRESS ( 0 )
#define SORT_BYNAME ( 1 )
#define PERMANENT_NAME ( 0x100 )
typedef struct _ADDRESSINFO2
{
ADDRESS2 Address;
WCHAR Name[MAX_NAME_SIZE];
DWORD Flags;
LPVOID lpAddressInstData;
} ADDRESSINFO2;
typedef struct _ADDRESSINFO2 *LPADDRESSINFO2;
#define ADDRESSINFO2_SIZE sizeof(ADDRESSINFO2)
//=============================================================================
// AddressInfoTable
//=============================================================================
typedef struct _ADDRESSINFOTABLE2
{
DWORD nAddressInfos;
LPADDRESSINFO2 lpAddressInfo[0];
} ADDRESSINFOTABLE2;
typedef ADDRESSINFOTABLE2 *LPADDRESSINFOTABLE2;
#define ADDRESSINFOTABLE2_SIZE sizeof(ADDRESSINFOTABLE2)
//=============================================================================
// callback procedures.
//=============================================================================
typedef DWORD (WINAPI *FILTERPROC)(HCAPTURE, HFRAME, LPVOID);
//=============================================================================
//=============================================================================
// (NMErr.h)
//=============================================================================
//=============================================================================
// The operation succeeded.
#define NMERR_SUCCESS ( 0 )
// An error occured creating a memory-mapped file.
#define NMERR_MEMORY_MAPPED_FILE_ERROR ( 1 )
// The handle to a filter is invalid.
#define NMERR_INVALID_HFILTER ( 2 )
// Capturing has already been started.
#define NMERR_CAPTURING ( 3 )
// Capturing has not been started.
#define NMERR_NOT_CAPTURING ( 4 )
// The are no frames available.
#define NMERR_NO_MORE_FRAMES ( 5 )
// The buffer is too small to complete the operation.
#define NMERR_BUFFER_TOO_SMALL ( 6 )
// No protocol was able to recognize the frame.
#define NMERR_FRAME_NOT_RECOGNIZED ( 7 )
// The file already exists.
#define NMERR_FILE_ALREADY_EXISTS ( 8 )
// A needed device driver was not found or is not loaded.
#define NMERR_DRIVER_NOT_FOUND ( 9 )
// This address aready exists in the database.
#define NMERR_ADDRESS_ALREADY_EXISTS ( 10 )
// The frame handle is invalid.
#define NMERR_INVALID_HFRAME ( 11 )
// The protocol handle is invalid.
#define NMERR_INVALID_HPROTOCOL ( 12 )
// The property handle is invalid.
#define NMERR_INVALID_HPROPERTY ( 13 )
// The the object has been locked.
#define NMERR_LOCKED ( 14 )
// A pop operation was attempted on an empty stack.
#define NMERR_STACK_EMPTY ( 15 )
// A push operation was attempted on an full stack.
#define NMERR_STACK_OVERFLOW ( 16 )
// There are too many protocols active.
#define NMERR_TOO_MANY_PROTOCOLS ( 17 )
// The file was not found.
#define NMERR_FILE_NOT_FOUND ( 18 )
// No memory was available. Shut down windows to free up resources.
#define NMERR_OUT_OF_MEMORY ( 19 )
// The capture is already in the paused state.
#define NMERR_CAPTURE_PAUSED ( 20 )
// There are no buffers available or present.
#define NMERR_NO_BUFFERS ( 21 )
// There are already buffers present.
#define NMERR_BUFFERS_ALREADY_EXIST ( 22 )
// The object is not locked.
#define NMERR_NOT_LOCKED ( 23 )
// A integer type was out of range.
#define NMERR_OUT_OF_RANGE ( 24 )
// An object was locked too many times.
#define NMERR_LOCK_NESTING_TOO_DEEP ( 25 )
// A parser failed to load.
#define NMERR_LOAD_PARSER_FAILED ( 26 )
// A parser failed to unload.
#define NMERR_UNLOAD_PARSER_FAILED ( 27 )
// The address database handle is invalid.
#define NMERR_INVALID_HADDRESSDB ( 28 )
// The MAC address was not found in the database.
#define NMERR_ADDRESS_NOT_FOUND ( 29 )
// The network software was not found in the system.
#define NMERR_NETWORK_NOT_PRESENT ( 30 )
// There is no property database for a protocol.
#define NMERR_NO_PROPERTY_DATABASE ( 31 )
// A property was not found in the database.
#define NMERR_PROPERTY_NOT_FOUND ( 32 )
// The property database handle is in valid.
#define NMERR_INVALID_HPROPERTYDB ( 33 )
// The protocol has not been enabled.
#define NMERR_PROTOCOL_NOT_ENABLED ( 34 )
// The protocol DLL could not be found.
#define NMERR_PROTOCOL_NOT_FOUND ( 35 )
// The parser DLL is not valid.
#define NMERR_INVALID_PARSER_DLL ( 36 )
// There are no properties attached.
#define NMERR_NO_ATTACHED_PROPERTIES ( 37 )
// There are no frames in the buffer.
#define NMERR_NO_FRAMES ( 38 )
// The capture file format is not valid.
#define NMERR_INVALID_FILE_FORMAT ( 39 )
// The OS could not create a temporary file.
#define NMERR_COULD_NOT_CREATE_TEMPFILE ( 40 )
// There is not enough MS-DOS memory available.
#define NMERR_OUT_OF_DOS_MEMORY ( 41 )
// There are no protocols enabled.
#define NMERR_NO_PROTOCOLS_ENABLED ( 42 )
// The MAC type is invalid or unsupported.
#define NMERR_UNKNOWN_MACTYPE ( 46 )
// There is no routing information present in the MAC frame.
#define NMERR_ROUTING_INFO_NOT_PRESENT ( 47 )
// The network handle is invalid.
#define NMERR_INVALID_HNETWORK ( 48 )
// The network is already open.
#define NMERR_NETWORK_ALREADY_OPENED ( 49 )
// The network is not open.
#define NMERR_NETWORK_NOT_OPENED ( 50 )
// The frame was not found in the buffer.
#define NMERR_FRAME_NOT_FOUND ( 51 )
// There are no handles available.
#define NMERR_NO_HANDLES ( 53 )
// The network ID is invalid.
#define NMERR_INVALID_NETWORK_ID ( 54 )
// The capture handle is invalid.
#define NMERR_INVALID_HCAPTURE ( 55 )
// The protocol has already been enabled.
#define NMERR_PROTOCOL_ALREADY_ENABLED ( 56 )
// The filter expression is invalid.
#define NMERR_FILTER_INVALID_EXPRESSION ( 57 )
// A transmit error occured.
#define NMERR_TRANSMIT_ERROR ( 58 )
// The buffer handle is invalid.
#define NMERR_INVALID_HBUFFER ( 59 )
// The specified data is unknown or invalid.
#define NMERR_INVALID_DATA ( 60 )
// The MS-DOS/NDIS 2.0 network driver is not loaded.
#define NMERR_MSDOS_DRIVER_NOT_LOADED ( 61 )
// The Windows VxD/NDIS 3.0 network driver is not loaded.
#define NMERR_WINDOWS_DRIVER_NOT_LOADED ( 62 )
// The MS-DOS/NDIS 2.0 driver had an init-time failure.
#define NMERR_MSDOS_DRIVER_INIT_FAILURE ( 63 )
// The Windows/NDIS 3.0 driver had an init-time failure.
#define NMERR_WINDOWS_DRIVER_INIT_FAILURE ( 64 )
// The network driver is busy and cannot handle requests.
#define NMERR_NETWORK_BUSY ( 65 )
// The capture is not paused.
#define NMERR_CAPTURE_NOT_PAUSED ( 66 )
// The frame/packet length is not valid.
#define NMERR_INVALID_PACKET_LENGTH ( 67 )
// An internal exception occured.
#define NMERR_INTERNAL_EXCEPTION ( 69 )
// The MAC driver does not support promiscious mode.
#define NMERR_PROMISCUOUS_MODE_NOT_SUPPORTED ( 70 )
// The MAC driver failed to open.
#define NMERR_MAC_DRIVER_OPEN_FAILURE ( 71 )
// The protocol went off the end of the frame.
#define NMERR_RUNAWAY_PROTOCOL ( 72 )
// An asynchronous operation is still pending.
#define NMERR_PENDING ( 73 )
// Access is denied.
#define NMERR_ACCESS_DENIED ( 74 )
// The password handle is invalid.
#define NMERR_INVALID_HPASSWORD ( 75 )
// A bad parameter was detected.
#define NMERR_INVALID_PARAMETER ( 76 )
// An error occured reading the file.
#define NMERR_FILE_READ_ERROR ( 77 )
// An error occured writing to the file.
#define NMERR_FILE_WRITE_ERROR ( 78 )
// The protocol has not been registered
#define NMERR_PROTOCOL_NOT_REGISTERED ( 79 )
// The frame does not contain an IP address.
#define NMERR_IP_ADDRESS_NOT_FOUND ( 80 )
// The transmit request was cancelled.
#define NMERR_TRANSMIT_CANCELLED ( 81 )
// The operation cannot be performed on a capture with 1 or more locked frames.
#define NMERR_LOCKED_FRAMES ( 82 )
// A cancel transmit request was submitted but there were no transmits pending.
#define NMERR_NO_TRANSMITS_PENDING ( 83 )
// Path not found.
#define NMERR_PATH_NOT_FOUND ( 84 )
// A windows error has occured.
#define NMERR_WINDOWS_ERROR ( 85 )
// The handle to the frame has no frame number.
#define NMERR_NO_FRAME_NUMBER ( 86 )
// The frame is not associated with any capture.
#define NMERR_FRAME_HAS_NO_CAPTURE ( 87 )
// The frame is already associated with a capture.
#define NMERR_FRAME_ALREADY_HAS_CAPTURE ( 88 )
// The NAL is not remotable.
#define NMERR_NAL_IS_NOT_REMOTE ( 89 )
// The API is not supported
#define NMERR_NOT_SUPPORTED ( 90 )
// Network Monitor should discard the current frame.
// This error code is only used during a filtered SaveCapture() API call.
#define NMERR_DISCARD_FRAME ( 91 )
// Network Monitor should cancel the current save.
// This error code is only used during a filtered SaveCapture() API call.
#define NMERR_CANCEL_SAVE_CAPTURE ( 92 )
// The connection to the remote machine has been lost
#define NMERR_LOST_CONNECTION ( 93 )
// The media/mac type is not valid.
#define NMERR_INVALID_MEDIA_TYPE ( 94 )
// The Remote Agent is currently in use
#define NMERR_AGENT_IN_USE ( 95 )
// The request has timed out
#define NMERR_TIMEOUT ( 96 )
// The remote agent has been disconnected
#define NMERR_DISCONNECTED ( 97 )
// A timer required for operation failed creation
#define NMERR_SETTIMER_FAILED ( 98 )
// A network error occured.
#define NMERR_NETWORK_ERROR ( 99 )
// Frame callback procedure is not valid
#define NMERR_INVALID_FRAMESPROC ( 100 )
// Capture type specified is unknown
#define NMERR_UNKNOWN_CAPTURETYPE ( 101 )
// The NPP is not connected to a network.
#define NMERR_NOT_CONNECTED ( 102 )
// The NPP is already connected to a network.
#define NMERR_ALREADY_CONNECTED ( 103 )
// The registry tag does not indicate a known configuration.
#define NMERR_INVALID_REGISTRY_CONFIGURATION ( 104 )
// The NPP is currently configured for delayed capturing.
#define NMERR_DELAYED ( 105 )
// The NPP is not currently configured for delayed capturing.
#define NMERR_NOT_DELAYED ( 106 )
// The NPP is currently configured for real time capturing.
#define NMERR_REALTIME ( 107 )
// The NPP is not currently configured for real time capturing.
#define NMERR_NOT_REALTIME ( 108 )
// The NPP is currently configured for stats only capturing.
#define NMERR_STATS_ONLY ( 109 )
// The NPP is not currently configured for stats only capturing.
#define NMERR_NOT_STATS_ONLY ( 110 )
// The NPP is currently configured for transmitting.
#define NMERR_TRANSMIT ( 111 )
// The NPP is not currently configured for transmitting.
#define NMERR_NOT_TRANSMIT ( 112 )
// The NPP is currently transmitting
#define NMERR_TRANSMITTING ( 113 )
// The specified capture file hard disk is not local
#define NMERR_DISK_NOT_LOCAL_FIXED ( 114 )
// Could not create the default capture directory on the given disk
#define NMERR_COULD_NOT_CREATE_DIRECTORY ( 115 )
// The default capture directory was not set in the registry:
// HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nm\Parameters\CapturePath
#define NMERR_NO_DEFAULT_CAPTURE_DIRECTORY ( 116 )
// The capture file is an uplevel version that this netmon does not understand
#define NMERR_UPLEVEL_CAPTURE_FILE ( 117 )
// An expert failed to load.
#define NMERR_LOAD_EXPERT_FAILED ( 118 )
// An expert failed to report its EXPERT_INFO structs.
#define NMERR_EXPERT_REPORT_FAILED ( 119 )
// Registry API call failed.
#define NMERR_REG_OPERATION_FAILED ( 120 )
// Registry API call failed.
#define NMERR_NO_DLLS_FOUND ( 121 )
// There are no conversation stats, they were not asked for.
#define NMERR_NO_CONVERSATION_STATS ( 122 )
// We have received a security response packet from a security monitor.
#define NMERR_SECURITY_BREACH_CAPTURE_DELETED ( 123 )
// The given frame failed the display filter.
#define NMERR_FRAME_FAILED_FILTER ( 124 )
// Netmon wants the Expert to stop running.
#define NMERR_EXPERT_TERMINATE ( 125 )
// Netmon needs the remote machine to be a server.
#define NMERR_REMOTE_NOT_A_SERVER ( 126 )
// Netmon needs the remote machine to be a server.
#define NMERR_REMOTE_VERSION_OUTOFSYNC ( 127 )
// The supplied group is an invalid handle
#define NMERR_INVALID_EXPERT_GROUP ( 128 )
// The supplied expert name cannot be found
#define NMERR_INVALID_EXPERT_NAME ( 129 )
// The supplied expert name cannot be found
#define NMERR_INVALID_EXPERT_HANDLE ( 130 )
// The supplied group name already exists
#define NMERR_GROUP_NAME_ALREADY_EXISTS ( 131 )
// The supplied group name is invalid
#define NMERR_INVALID_GROUP_NAME ( 132 )
// The supplied Expert is already in the group.
#define NMERR_EXPERT_ALREADY_IN_GROUP ( 133 )
// The Expert cannot be deleted from the group because it is not in the group
#define NMERR_EXPERT_NOT_IN_GROUP ( 134 )
// The COM object has not been initialized
#define NMERR_NOT_INITIALIZED ( 135 )
// Cannot perform function to Root group
#define NMERR_INVALID_GROUP_ROOT ( 136 )
// Potential data structure mismatch between NdisNpp and Driver.
#define NMERR_BAD_VERSION ( 137 )
// The NPP is currently configured for ESP capturing.
#define NMERR_ESP ( 138 )
// The NPP is not currently configured for ESP capturing.
#define NMERR_NOT_ESP ( 139 )
//=============================================================================
// Blob Errors
//=============================================================================
#define NMERR_BLOB_NOT_INITIALIZED ( 1000 )
#define NMERR_INVALID_BLOB ( 1001 )
#define NMERR_UPLEVEL_BLOB ( 1002 )
#define NMERR_BLOB_ENTRY_ALREADY_EXISTS ( 1003 )
#define NMERR_BLOB_ENTRY_DOES_NOT_EXIST ( 1004 )
#define NMERR_AMBIGUOUS_SPECIFIER ( 1005 )
#define NMERR_BLOB_OWNER_NOT_FOUND ( 1006 )
#define NMERR_BLOB_CATEGORY_NOT_FOUND ( 1007 )
#define NMERR_UNKNOWN_CATEGORY ( 1008 )
#define NMERR_UNKNOWN_TAG ( 1009 )
#define NMERR_BLOB_CONVERSION_ERROR ( 1010 )
#define NMERR_ILLEGAL_TRIGGER ( 1011 )
#define NMERR_BLOB_STRING_INVALID ( 1012 )
//=============================================================================
// FINDER errors
//=============================================================================
#define NMERR_UNABLE_TO_LOAD_LIBRARY ( 1013 )
#define NMERR_UNABLE_TO_GET_PROCADDR ( 1014 )
#define NMERR_CLASS_NOT_REGISTERED ( 1015 )
#define NMERR_INVALID_REMOTE_COMPUTERNAME ( 1016 )
#define NMERR_RPC_REMOTE_FAILURE ( 1017 )
#define NMERR_NO_NPPS ( 3016 )
#define NMERR_NO_MATCHING_NPPS ( 3017 )
#define NMERR_NO_NPP_SELECTED ( 3018 )
#define NMERR_NO_INPUT_BLOBS ( 3019 )
#define NMERR_NO_NPP_DLLS ( 3020 )
#define NMERR_NO_VALID_NPP_DLLS ( 3021 )
//=============================================================================
// Error Macros
//=============================================================================
#ifndef INLINE
#define INLINE __inline
#endif // INLINE
typedef LONG HRESULT;
// normal Network Monitor errors will be put into the code portion of an hresult
// for return from OLE objects:
// these two macros will help to create and crack the scode
INLINE HRESULT NMERR_TO_HRESULT( DWORD nmerror )
{
HRESULT hResult;
if (nmerror == NMERR_SUCCESS)
hResult = NOERROR;
else
hResult = MAKE_HRESULT( SEVERITY_ERROR,FACILITY_ITF, (WORD)nmerror) ;
return hResult;
}
//We use to decide whether the first bit was set to 1 or 0, not regarding
//whether the result passed with a warning set in the low word. Now we
//disregard the first bit and pass back the warning.
INLINE DWORD HRESULT_TO_NMERR( HRESULT hResult )
{
return HRESULT_CODE(hResult);
}
//=============================================================================
//=============================================================================
// (BHFilter.h)
//=============================================================================
//=============================================================================
//============================================================================
// types
//============================================================================
typedef HFILTER *LPHFILTER;
typedef DWORD FILTERACTIONTYPE;
typedef DWORD VALUETYPE;
// check for protocols existing in the frame.
// ProtocolPart
// this is the raw data for a Protocol based expression
//
// WHAT FIELD DESCRIPTION EXAMPLE
// ---- ----- ----------- -------
// Count of Protocol(nPropertyDBs) Number of protocols to pass 5
// PropertyDB Table (PropertyDB) Table of HPROTOCOL SMB, LLC, MAC
//
// NOTE: the nPropertyDBs field may also be the following, which implies that
// all are selected but that none have actually been put into the structure
#define PROTOCOL_NUM_ANY ( -1 )
typedef PROTOCOLTABLE PROTOCOLTABLETYPE;
typedef PROTOCOLTABLETYPE *LPPROTOCOLTABLETYPE;
// filter bits stores who passed what filter per frame to speed up
// the filter process... This is actually an array.
typedef DWORD FILTERBITS;
typedef FILTERBITS *LPFILTERBITS;
typedef SYSTEMTIME *LPTIME;
typedef SYSTEMTIME UNALIGNED * ULPTIME;
// The Filter Object is the basic unit of the postfix stack.
// I need to restart the convert property to value if the comparison does not match.
// To do this, I need the original pointer to the property. Pull the hProperty out of
// the union so that the pointer to the property is saved.
typedef struct _FILTEROBJECT2
{
FILTERACTIONTYPE Action; // Object action, see codes below
HPROPERTY hProperty; // property key
union
{
VALUETYPE Value; // value of the object.
HPROTOCOL hProtocol; // protocol key.
LPVOID lpArray; // if array, length is ItemCount below.
LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.
LPADDRESS2 lpAddress; // kernel type address, mac or ip
ULPLARGEINT lpLargeInt; // Double DWORD used by NT
ULPTIME lpTime; // pointer to SYSTEMTIME
LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER
};
union
{
WORD ByteCount; // Number of BYTES!
WORD ByteOffset; // offset for array compare
};
struct _FILTEROBJECT2 * pNext; // reserved
} FILTEROBJECT2;
typedef FILTEROBJECT2 * LPFILTEROBJECT2;
#define FILTERINFO_SIZE (sizeof(FILTEROBJECT2) )
typedef struct _FILTERDESC2
{
WORD NumEntries;
WORD Flags; // private
LPFILTEROBJECT2 lpStack;
LPFILTEROBJECT2 lpKeepLast;
LPVOID UIInstanceData; // UI specific information.
LPFILTERBITS lpFilterBits; // cache who passed
LPFILTERBITS lpCheckBits; // have we looked at it yet?
} FILTERDESC2;
typedef FILTERDESC2 * LPFILTERDESC2;
#define FILTERDESC2_SIZE sizeof(FILTERDESC2)
// Obsolete, FILTEROBJECT2 should be used
typedef struct _FILTEROBJECT
{
FILTERACTIONTYPE Action; // Object action, see codes below
HPROPERTY hProperty; // property key
union
{
VALUETYPE Value; // value of the object.
HPROTOCOL hProtocol; // protocol key.
LPVOID lpArray; // if array, length is ItemCount below.
LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.
LPADDRESS lpAddress; // kernel type address, mac or ip
ULPLARGEINT lpLargeInt; // Double DWORD used by NT
ULPTIME lpTime; // pointer to SYSTEMTIME
LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER
};
union
{
WORD ByteCount; // Number of BYTES!
WORD ByteOffset; // offset for array compare
};
struct _FILTEROBJECT * pNext; // reserved
} FILTEROBJECT;
typedef FILTEROBJECT * LPFILTEROBJECT;
// Obsolete, FILTERDESC2 should be used
typedef struct _FILTERDESC
{
WORD NumEntries;
WORD Flags; // private
LPFILTEROBJECT lpStack;
LPFILTEROBJECT lpKeepLast;
LPVOID UIInstanceData; // UI specific information.
LPFILTERBITS lpFilterBits; // cache who passed
LPFILTERBITS lpCheckBits; // have we looked at it yet?
} FILTERDESC;
typedef FILTERDESC * LPFILTERDESC;
#define FILTERDESC_SIZE sizeof(FILTERDESC)
//============================================================================
// Macros.
//============================================================================
#define FilterGetUIInstanceData(hfilt) (((LPFILTERDESC2)hfilt)->UIInstanceData)
#define FilterSetUIInstanceData(hfilt,inst) (((LPFILTERDESC2)hfilt)->UIInstanceData = (LPVOID)inst)
//============================================================================
// defines
//============================================================================
#define FILTERFREEPOOLSTART ( 20 )
#define INVALIDELEMENT ( -1 )
#define INVALIDVALUE ( ( VALUETYPE )-9999 )
// use filter failed to check the return code on FilterFrame.
#define FILTER_FAIL_WITH_ERROR ( -1 )
#define FILTER_PASSED ( TRUE )
#define FILTER_FAILED ( FALSE )
#define FILTERACTION_INVALID ( 0 )
#define FILTERACTION_PROPERTY ( 1 )
#define FILTERACTION_VALUE ( 2 )
#define FILTERACTION_STRING ( 3 )
#define FILTERACTION_ARRAY ( 4 )
#define FILTERACTION_AND ( 5 )
#define FILTERACTION_OR ( 6 )
#define FILTERACTION_XOR ( 7 )
#define FILTERACTION_PROPERTYEXIST ( 8 )
#define FILTERACTION_CONTAINSNC ( 9 )
#define FILTERACTION_CONTAINS ( 10 )
#define FILTERACTION_NOT ( 11 )
#define FILTERACTION_EQUALNC ( 12 )
#define FILTERACTION_EQUAL ( 13 )
#define FILTERACTION_NOTEQUALNC ( 14 )
#define FILTERACTION_NOTEQUAL ( 15 )
#define FILTERACTION_GREATERNC ( 16 )
#define FILTERACTION_GREATER ( 17 )
#define FILTERACTION_LESSNC ( 18 )
#define FILTERACTION_LESS ( 19 )
#define FILTERACTION_GREATEREQUALNC ( 20 )
#define FILTERACTION_GREATEREQUAL ( 21 )
#define FILTERACTION_LESSEQUALNC ( 22 )
#define FILTERACTION_LESSEQUAL ( 23 )
#define FILTERACTION_PLUS ( 24 )
#define FILTERACTION_MINUS ( 25 )
#define FILTERACTION_ADDRESS ( 26 )
#define FILTERACTION_ADDRESSANY ( 27 )
#define FILTERACTION_FROM ( 28 )
#define FILTERACTION_TO ( 29 )
#define FILTERACTION_FROMTO ( 30 )
#define FILTERACTION_AREBITSON ( 31 )
#define FILTERACTION_AREBITSOFF ( 32 )
#define FILTERACTION_PROTOCOLSEXIST ( 33 )
#define FILTERACTION_PROTOCOLEXIST ( 34 )
#define FILTERACTION_ARRAYEQUAL ( 35 )
#define FILTERACTION_DEREFPROPERTY ( 36 )
#define FILTERACTION_LARGEINT ( 37 )
#define FILTERACTION_TIME ( 38 )
#define FILTERACTION_ADDR_ETHER ( 39 )
#define FILTERACTION_ADDR_TOKEN ( 40 )
#define FILTERACTION_ADDR_FDDI ( 41 )
#define FILTERACTION_ADDR_IPX ( 42 )
#define FILTERACTION_ADDR_IP ( 43 )
#define FILTERACTION_OID ( 44 )
#define FILTERACTION_OID_CONTAINS ( 45 )
#define FILTERACTION_OID_BEGINS_WITH ( 46 )
#define FILTERACTION_OID_ENDS_WITH ( 47 )
#define FILTERACTION_ADDR_VINES ( 48 )
#define FILTERACTION_ADDR_IP6 ( 49 )
#define FILTERACTION_EXPRESSION ( 97 )
#define FILTERACTION_BOOL ( 98 )
#define FILTERACTION_NOEVAL ( 99 )
#define FILTER_NO_MORE_FRAMES ( 0xffffffff )
#define FILTER_CANCELED ( 0xfffffffe )
#define FILTER_DIRECTION_NEXT ( TRUE )
#define FILTER_DIRECTION_PREV ( FALSE )
//============================================================================
// Helper functions.
//============================================================================
typedef BOOL (WINAPI *STATUSPROC)(DWORD, HCAPTURE, HFILTER, LPVOID);
//=============================================================================
// FILTER API's.
//=============================================================================
HFILTER WINAPI CreateFilter(VOID);
DWORD WINAPI DestroyFilter(HFILTER hFilter);
HFILTER WINAPI FilterDuplicate(HFILTER hFilter);
DWORD WINAPI DisableParserFilter(HFILTER hFilter, HPARSER hParser);
DWORD WINAPI EnableParserFilter(HFILTER hFilter, HPARSER hParser);
DWORD WINAPI FilterAddObject(HFILTER hFilter, LPFILTEROBJECT2 lpFilterObject );
VOID WINAPI FilterFlushBits(HFILTER hFilter);
DWORD WINAPI FilterFrame(HFRAME hFrame, HFILTER hFilter, HCAPTURE hCapture);
// returns -1 == check BH set last error
// 0 == FALSE
// 1 == TRUE
BOOL WINAPI FilterAttachesProperties(HFILTER hFilter);
DWORD WINAPI FilterFindFrame ( HFILTER hFilter,
HCAPTURE hCapture,
DWORD nFrame,
STATUSPROC StatusProc,
LPVOID UIInstance,
DWORD TimeDelta,
BOOL FilterDirection );
HFRAME FilterFindPropertyInstance ( HFRAME hFrame,
HFILTER hMasterFilter,
HCAPTURE hCapture,
HFILTER hInstanceFilter,
LPPROPERTYINST *lpPropRestartKey,
STATUSPROC StatusProc,
LPVOID UIInstance,
DWORD TimeDelta,
BOOL FilterForward );
VOID WINAPI SetCurrentFilter(HFILTER);
HFILTER WINAPI GetCurrentFilter(VOID);
//=============================================================================
//=============================================================================
// (Frame.h)
//=============================================================================
//=============================================================================
//=============================================================================
// 802.3 and ETHERNET MAC structure.
//=============================================================================
typedef struct _ETHERNET
{
BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
union
{
WORD Length; //... 802.3 length field.
WORD Type; //... Ethernet type field.
};
BYTE Info[0]; //... information field.
} ETHERNET;
typedef ETHERNET *LPETHERNET;
typedef ETHERNET UNALIGNED *ULPETHERNET;
#define ETHERNET_SIZE sizeof(ETHERNET)
#define ETHERNET_HEADER_LENGTH ( 14 )
#define ETHERNET_DATA_LENGTH ( 0x5dc )
#define ETHERNET_FRAME_LENGTH ( 0x5ea )
#define ETHERNET_FRAME_TYPE ( 0x600 )
//=============================================================================
// Header for NM_ATM Packets.
//=============================================================================
typedef struct _NM_ATM
{
UCHAR DstAddr[ 6 ];
UCHAR SrcAddr[ 6 ];
ULONG Vpi;
ULONG Vci;
} NM_ATM;
typedef NM_ATM *PNM_ATM;
typedef NM_ATM *UPNM_ATM;
#define NM_ATM_HEADER_LENGTH sizeof(NM_ATM)
#pragma pack(push, 1)
typedef struct _NM_1394
{
UCHAR DstAddr[ 6 ];
UCHAR SrcAddr[ 6 ];
ULONGLONG VcId;
} NM_1394;
typedef NM_1394 *PNM_1394;
typedef NM_1394 *UPNM_1394;
#define NM_1394_HEADER_LENGTH sizeof(NM_1394)
//=============================================================================
// 802.5 (TOKENRING) MAC structure.
//=============================================================================
// This structure is used to decode network data and so needs to be packed
typedef struct _TOKENRING
{
BYTE AccessCtrl; //... access control field.
BYTE FrameCtrl; //... frame control field.
BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
union
{
BYTE Info[0]; //... information field.
WORD RoutingInfo[0]; //... routing information field.
};
} TOKENRING;
typedef TOKENRING *LPTOKENRING;
typedef TOKENRING UNALIGNED *ULPTOKENRING;
#define TOKENRING_SIZE sizeof(TOKENRING)
#define TOKENRING_HEADER_LENGTH ( 14 )
#define TOKENRING_SA_ROUTING_INFO ( 0x80 )
#define TOKENRING_SA_LOCAL ( 0x40 )
#define TOKENRING_DA_LOCAL ( 0x40 )
#define TOKENRING_DA_GROUP ( 0x80 )
#define TOKENRING_RC_LENGTHMASK ( 0x1f )
#define TOKENRING_BC_MASK ( 0xe0 )
#define TOKENRING_TYPE_MAC ( 0 )
#define TOKENRING_TYPE_LLC ( 0x40 )
#pragma pack(pop)
//=============================================================================
// FDDI MAC structure.
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
typedef struct _FDDI
{
BYTE FrameCtrl; //... frame control field.
BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.
BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.
BYTE Info[0]; //... information field.
} FDDI;
#define FDDI_SIZE sizeof(FDDI)
typedef FDDI *LPFDDI;
typedef FDDI UNALIGNED *ULPFDDI;
#define FDDI_HEADER_LENGTH ( 13 )
#define FDDI_TYPE_MAC ( 0 )
#define FDDI_TYPE_LLC ( 0x10 )
#define FDDI_TYPE_LONG_ADDRESS ( 0x40 )
#pragma pack(pop)
//=============================================================================
// LLC (802.2)
//=============================================================================
// This structure is used to decode network data and so needs to be packed
#pragma pack(push, 1)
typedef struct _LLC
{
BYTE dsap;
BYTE ssap;
struct
{
union
{
BYTE Command;
BYTE NextSend;
} ;
union
{
BYTE NextRecv;
BYTE Data[ 1 ];
} ;
} ControlField;
} LLC;
typedef LLC *LPLLC;
typedef LLC UNALIGNED *ULPLLC;
#define LLC_SIZE ( sizeof( LLC ) )
#pragma pack(pop)
//=============================================================================
// Helper macros.
//=============================================================================
#define IsRoutingInfoPresent(f) ((((ULPTOKENRING) (f))->SrcAddr[0] & TOKENRING_SA_ROUTING_INFO) ? TRUE : FALSE)
#define GetRoutingInfoLength(f) (IsRoutingInfoPresent(f) \
? (((ULPTOKENRING) (f))->RoutingInfo[0] & TOKENRING_RC_LENGTHMASK) : 0)
//=============================================================================
//=============================================================================
// (Parser.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Format Procedure Type.
//
// NOTE: All format functions *must* be declared as WINAPIV not WINAPI!
//=============================================================================
typedef VOID (WINAPIV *FORMAT)(LPPROPERTYINST, ...);
// The protocol recognized the frame and moved the pointer to end of its
// protocol header. Network Monitor uses the protocols follow set to continue
// parsing.
#define PROTOCOL_STATUS_RECOGNIZED ( 0 )
// The protocol did not recognized the frame and did not move the pointer
// (i.e. the start data pointer which was passed in). Network Monitor uses the
// protocols follow set to continue parsing.
#define PROTOCOL_STATUS_NOT_RECOGNIZED ( 1 )
// The protocol recognized the frame and claimed it all for itself,
// and parsing terminates.
#define PROTOCOL_STATUS_CLAIMED ( 2 )
// The protocol recognized the frame and moved the pointer to end of its
// protocol header. The current protocol requests that Network Monitor
// continue parsing at a known next protocol by returning the next protocols
// handle back to Network Monitor. In this case, the follow of the current
// protocol, if any, is not used.
#define PROTOCOL_STATUS_NEXT_PROTOCOL ( 3 )
//=============================================================================
// Macros.
//=============================================================================
extern BYTE HexTable[];
#define XCHG(x) MAKEWORD( HIBYTE(x), LOBYTE(x) )
#define DXCHG(x) MAKELONG( XCHG(HIWORD(x)), XCHG(LOWORD(x)) )
#define LONIBBLE(b) ((BYTE) ((b) & 0x0F))
#define HINIBBLE(b) ((BYTE) ((b) >> 4))
#define HEX(b) (HexTable[LONIBBLE(b)])
#define SWAPBYTES(w) ((w) = XCHG(w))
#define SWAPWORDS(d) ((d) = DXCHG(d))
//=============================================================================
// All the MAC frame types combined.
//=============================================================================
typedef union _MACFRAME
{
LPBYTE MacHeader; //... generic pointer.
LPETHERNET Ethernet; //... ethernet pointer.
LPTOKENRING Tokenring; //... tokenring pointer.
LPFDDI Fddi; //... FDDI pointer.
} MACFRAME;
typedef MACFRAME *LPMACFRAME;
#define HOT_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'T', '$')
#define HOE_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'E', '$')
typedef struct _HANDOFFENTRY
{
DWORD hoe_sig;
DWORD hoe_ProtIdentNumber;
HPROTOCOL hoe_ProtocolHandle;
DWORD hoe_ProtocolData;
} HANDOFFENTRY;
typedef HANDOFFENTRY *LPHANDOFFENTRY;
typedef struct _HANDOFFTABLE
{
DWORD hot_sig;
DWORD hot_NumEntries;
LPHANDOFFENTRY hot_Entries;
} HANDOFFTABLE;
typedef struct _HANDOFFTABLE *LPHANDOFFTABLE;
//=============================================================================
// Parser helper macros.
//=============================================================================
INLINE LPVOID GetPropertyInstanceData(LPPROPERTYINST PropertyInst)
{
if ( PropertyInst->DataLength != (WORD) -1 )
{
return PropertyInst->lpData;
}
return (LPVOID) PropertyInst->lpPropertyInstEx->Byte;
}
#define GetPropertyInstanceDataValue(p, type) ((type *) GetPropertyInstanceData(p))[0]
INLINE DWORD GetPropertyInstanceFrameDataLength(LPPROPERTYINST PropertyInst)
{
if ( PropertyInst->DataLength != (WORD) -1 )
{
return PropertyInst->DataLength;
}
return PropertyInst->lpPropertyInstEx->Length;
}
INLINE DWORD GetPropertyInstanceExDataLength(LPPROPERTYINST PropertyInst)
{
if ( PropertyInst->DataLength == (WORD) -1 )
{
PropertyInst->lpPropertyInstEx->Length;
}
return (WORD) -1;
}
//=============================================================================
// Parser helper functions.
//=============================================================================
LPLABELED_WORD WINAPI GetProtocolDescriptionTable(LPDWORD TableSize);
LPLABELED_WORD WINAPI GetProtocolDescription(DWORD ProtocolID);
DWORD WINAPI GetMacHeaderLength(LPVOID MacHeader, DWORD MacType);
DWORD WINAPI GetLLCHeaderLength(LPLLC Frame);
DWORD WINAPI GetEtype(LPVOID MacHeader, DWORD MacType);
DWORD WINAPI GetSaps(LPVOID MacHeader, DWORD MacType);
BOOL WINAPI IsLLCPresent(LPVOID MacHeader, DWORD MacType);
VOID WINAPI CanonicalizeHexString(LPSTR hex, LPSTR dest, DWORD len);
void WINAPI CanonHex(UCHAR * pDest, UCHAR * pSource, int iLen, BOOL fOx );
DWORD WINAPI ByteToBinary(LPSTR string, DWORD ByteValue);
DWORD WINAPI WordToBinary(LPSTR string, DWORD WordValue);
DWORD WINAPI DwordToBinary(LPSTR string, DWORD DwordValue);
LPSTR WINAPI AddressToString(LPSTR string, BYTE *lpAddress);
LPBYTE WINAPI StringToAddress(BYTE *lpAddress, LPSTR string);
LPDWORD WINAPI VarLenSmallIntToDword( LPBYTE pValue,
WORD ValueLen,
BOOL fIsByteswapped,
LPDWORD lpDword );
LPBYTE WINAPI LookupByteSetString (LPSET lpSet, BYTE Value);
LPBYTE WINAPI LookupWordSetString (LPSET lpSet, WORD Value);
LPBYTE WINAPI LookupDwordSetString (LPSET lpSet, DWORD Value);
DWORD WINAPIV FormatByteFlags(LPSTR string, DWORD ByteValue, DWORD BitMask);
DWORD WINAPIV FormatWordFlags(LPSTR string, DWORD WordValue, DWORD BitMask);
DWORD WINAPIV FormatDwordFlags(LPSTR string, DWORD DwordValue, DWORD BitMask);
LPSTR WINAPIV FormatTimeAsString(SYSTEMTIME *time, LPSTR string);
VOID WINAPIV FormatLabeledByteSetAsFlags(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledWordSetAsFlags(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledDwordSetAsFlags(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsByte(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatPropertyDataAsWord(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatPropertyDataAsDword(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatLabeledByteSet(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledWordSet(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatLabeledDwordSet(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsInt64(LPPROPERTYINST lpPropertyInst, DWORD Base);
VOID WINAPIV FormatPropertyDataAsTime(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsString(LPPROPERTYINST lpPropertyInst);
VOID WINAPIV FormatPropertyDataAsHexString(LPPROPERTYINST lpPropertyInst);
// Parsers should NOT call LockFrame(). If a parser takes a lock and then gets
// faulted or returns without unlocking, it leaves the system in a state where
// it cannot change protocols or cut/copy frames. Parsers should use ParserTemporaryLockFrame
// which grants a lock ONLY during the context of the api entry into the parser. The
// lock is released on exit from the parser for that frame.
ULPBYTE WINAPI ParserTemporaryLockFrame(HFRAME hFrame);
LPVOID WINAPI GetCCInstPtr(VOID);
VOID WINAPI SetCCInstPtr(LPVOID lpCurCaptureInst);
LPVOID WINAPI CCHeapAlloc(DWORD dwBytes, BOOL bZeroInit);
LPVOID WINAPI CCHeapReAlloc(LPVOID lpMem, DWORD dwBytes, BOOL bZeroInit);
BOOL WINAPI CCHeapFree(LPVOID lpMem);
SIZE_T WINAPI CCHeapSize(LPVOID lpMem);
BOOL _cdecl BERGetInteger( ULPBYTE pCurrentPointer,
ULPBYTE *ppValuePointer,
LPDWORD pHeaderLength,
LPDWORD pDataLength,
ULPBYTE *ppNext);
BOOL _cdecl BERGetString( ULPBYTE pCurrentPointer,
ULPBYTE *ppValuePointer,
LPDWORD pHeaderLength,
LPDWORD pDataLength,
ULPBYTE *ppNext);
BOOL _cdecl BERGetHeader( ULPBYTE pCurrentPointer,
ULPBYTE pTag,
LPDWORD pHeaderLength,
LPDWORD pDataLength,
ULPBYTE *ppNext);
//=============================================================================
// Parser Finder Structures.
//=============================================================================
#define MAX_PROTOCOL_COMMENT_LEN ( 256 )
#define NETMON_MAX_PROTOCOL_NAME_LEN ( 16 )
// the constant MAX_PROTOCOL_NAME_LEN conflicts with one of the same name
// but different size in rtutils.h.
// So if both headers are included, we do not define MAX_PROTOCOL_NAME_LEN.
#ifndef MAX_PROTOCOL_NAME_LEN
#define MAX_PROTOCOL_NAME_LEN ( NETMON_MAX_PROTOCOL_NAME_LEN )
#else
#undef MAX_PROTOCOL_NAME_LEN
#endif
// Handoff Value Format Base
typedef /* [public][public][public] */
enum __MIDL___MIDL_itf_netmon_0000_0015
{ HANDOFF_VALUE_FORMAT_BASE_UNKNOWN = 0,
HANDOFF_VALUE_FORMAT_BASE_DECIMAL = 10,
HANDOFF_VALUE_FORMAT_BASE_HEX = 16
} PF_HANDOFFVALUEFORMATBASE;
// PF_HANDOFFENTRY
typedef struct _PF_HANDOFFENTRY
{
char szIniFile[ 260 ];
char szIniSection[ 260 ];
char szProtocol[ 16 ];
DWORD dwHandOffValue;
PF_HANDOFFVALUEFORMATBASE ValueFormatBase;
} PF_HANDOFFENTRY;
typedef PF_HANDOFFENTRY *PPF_HANDOFFENTRY;
// PF_HANDOFFSET
typedef struct _PF_HANDOFFSET
{
DWORD nEntries;
PF_HANDOFFENTRY Entry[0];
} PF_HANDOFFSET;
typedef PF_HANDOFFSET* PPF_HANDOFFSET;
// FOLLOWENTRY
typedef struct _PF_FOLLOWENTRY
{
char szProtocol[ 16 ];
} PF_FOLLOWENTRY;
typedef PF_FOLLOWENTRY *PPF_FOLLOWENTRY;
// PF_FOLLOWSET
typedef struct _PF_FOLLOWSET
{
DWORD nEntries;
PF_FOLLOWENTRY Entry[0];
} PF_FOLLOWSET;
typedef PF_FOLLOWSET* PPF_FOLLOWSET;
// PARSERINFO - contains information about a single parser
typedef struct _PF_PARSERINFO
{
char szProtocolName[NETMON_MAX_PROTOCOL_NAME_LEN];
char szComment[MAX_PROTOCOL_COMMENT_LEN];
char szHelpFile[MAX_PATH];
PPF_FOLLOWSET pWhoCanPrecedeMe;
PPF_FOLLOWSET pWhoCanFollowMe;
PPF_HANDOFFSET pWhoHandsOffToMe;
PPF_HANDOFFSET pWhoDoIHandOffTo;
} PF_PARSERINFO;
typedef PF_PARSERINFO* PPF_PARSERINFO;
// PF_PARSERDLLINFO - contains information about a single parser DLL
typedef struct _PF_PARSERDLLINFO
{
// char szDLLName[MAX_PATH];
DWORD nParsers;
PF_PARSERINFO ParserInfo[0];
} PF_PARSERDLLINFO;
typedef PF_PARSERDLLINFO* PPF_PARSERDLLINFO;
//=============================================================================
//=============================================================================
// (IniLib.h)
//=============================================================================
//=============================================================================
#define INI_PATH_LENGTH ( 256 )
#define MAX_HANDOFF_ENTRY_LENGTH ( 80 )
#define MAX_PROTOCOL_NAME ( 40 )
#define NUMALLOCENTRIES ( 10 )
#define RAW_INI_STR_LEN ( 200 )
#define PARSERS_SUBDIR "PARSERS"
#define INI_EXTENSION "INI"
#define BASE10_FORMAT_STR "%ld=%s %ld"
#define BASE16_FORMAT_STR "%lx=%s %lx"
// Given "XNS" or "TCP" or whatever BuildINIPath will return fully qual. path to "XNS.INI" or "TCP.INI"
LPSTR _cdecl BuildINIPath( char *FullPath,
char *IniFileName );
// Builds Handoff Set
DWORD WINAPI CreateHandoffTable(LPSTR secName,
LPSTR iniFile,
LPHANDOFFTABLE * hTable,
DWORD nMaxProtocolEntries,
DWORD base);
HPROTOCOL WINAPI GetProtocolFromTable(LPHANDOFFTABLE hTable, // lp to Handoff Table...
DWORD ItemToFind, // port number etc...
PDWORD_PTR lpInstData ); // inst data to give to next protocol
VOID WINAPI DestroyHandoffTable( LPHANDOFFTABLE hTable );
BOOLEAN WINAPI IsRawIPXEnabled(LPSTR secName,
LPSTR iniFile,
LPSTR CurProtocol );
//=============================================================================
//=============================================================================
// (NMExpert.h)
//=============================================================================
//=============================================================================
#define EXPERTSTRINGLENGTH ( 260 )
#define EXPERTGROUPNAMELENGTH ( 25 )
// HEXPERTKEY tracks running experts. It is only used by experts for
// self reference. It refers to a RUNNINGEXPERT (an internal only structure)..
typedef LPVOID HEXPERTKEY;
typedef HEXPERTKEY *PHEXPERTKEY;
// HEXPERT tracks loaded experts. It refers to an EXPERTENUMINFO.
typedef LPVOID HEXPERT;
typedef HEXPERT *PHEXPERT;
// HRUNNINGEXPERT tracks a currently running expert.
// It refers to a RUNNINGEXPERT (an internal only structure).
typedef LPVOID HRUNNINGEXPERT;
typedef HRUNNINGEXPERT *PHRUNNINGEXPERT;
typedef struct _EXPERTENUMINFO * PEXPERTENUMINFO;
typedef struct _EXPERTCONFIG * PEXPERTCONFIG;
typedef struct _EXPERTSTARTUPINFO * PEXPERTSTARTUPINFO;
// Definitions needed to call experts
#define EXPERTENTRY_REGISTER "Register"
#define EXPERTENTRY_CONFIGURE "Configure"
#define EXPERTENTRY_RUN "Run"
typedef BOOL (WINAPI * PEXPERTREGISTERPROC)( PEXPERTENUMINFO );
typedef BOOL (WINAPI * PEXPERTCONFIGPROC) ( HEXPERTKEY, PEXPERTCONFIG*, PEXPERTSTARTUPINFO, DWORD, HWND );
typedef BOOL (WINAPI * PEXPERTRUNPROC) ( HEXPERTKEY, PEXPERTCONFIG, PEXPERTSTARTUPINFO, DWORD, HWND);
// EXPERTENUMINFO describes an expert that NetMon has loaded from disk.
// It does not include any configuration or runtime information.
typedef struct _EXPERTENUMINFO
{
char szName[EXPERTSTRINGLENGTH];
char szVendor[EXPERTSTRINGLENGTH];
char szDescription[EXPERTSTRINGLENGTH];
DWORD Version;
DWORD Flags;
char szDllName[MAX_PATH]; // private, dont' touch
HEXPERT hExpert; // private, don't touch
HINSTANCE hModule; // private, don't touch
PEXPERTREGISTERPROC pRegisterProc; // private, don't touch
PEXPERTCONFIGPROC pConfigProc; // private, don't touch
PEXPERTRUNPROC pRunProc; // private, don't touch
} EXPERTENUMINFO;
typedef EXPERTENUMINFO * PEXPERTENUMINFO;
#define EXPERT_ENUM_FLAG_CONFIGURABLE ( 0x1 )
#define EXPERT_ENUM_FLAG_VIEWER_PRIVATE ( 0x2 )
#define EXPERT_ENUM_FLAG_NO_VIEWER ( 0x4 )
#define EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_SUMMARY ( 0x10 )
#define EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_DETAIL ( 0x20 )
// EXPERTSTARTUPINFO
// This gives the Expert an indication of where he came from.
// Note: if the lpPropertyInst->PropertyInfo->DataQualifier == PROP_QUAL_FLAGS
// then the sBitField structure is filled in
typedef struct _EXPERTSTARTUPINFO
{
DWORD Flags;
HCAPTURE hCapture;
char szCaptureFile[MAX_PATH];
DWORD dwFrameNumber;
HPROTOCOL hProtocol;
LPPROPERTYINST lpPropertyInst;
struct
{
BYTE BitNumber;
BOOL bOn;
} sBitfield;
} EXPERTSTARTUPINFO;
// EXPERTCONFIG
// This is a generic holder for an Expert's config data.
typedef struct _EXPERTCONFIG
{
DWORD RawConfigLength;
BYTE RawConfigData[0];
} EXPERTCONFIG;
typedef EXPERTCONFIG * PEXPERTCONFIG;
// CONFIGUREDEXPERT
// This structure associates a loaded expert with its configuration data.
typedef struct
{
HEXPERT hExpert;
DWORD StartupFlags;
PEXPERTCONFIG pConfig;
} CONFIGUREDEXPERT;
typedef CONFIGUREDEXPERT * PCONFIGUREDEXPERT;
// EXPERTFRAMEDESCRIPTOR - passed back to the expert to fulfil the request for a frame
typedef struct
{
DWORD FrameNumber; // Frame Number.
HFRAME hFrame; // Handle to the frame.
ULPFRAME pFrame; // pointer to frame.
LPRECOGNIZEDATATABLE lpRecognizeDataTable;// pointer to table of RECOGNIZEDATA structures.
LPPROPERTYTABLE lpPropertyTable; // pointer to property table.
} EXPERTFRAMEDESCRIPTOR;
typedef EXPERTFRAMEDESCRIPTOR * LPEXPERTFRAMEDESCRIPTOR;
#define GET_SPECIFIED_FRAME ( 0 )
#define GET_FRAME_NEXT_FORWARD ( 1 )
#define GET_FRAME_NEXT_BACKWARD ( 2 )
#define FLAGS_DEFER_TO_UI_FILTER ( 0x1 )
#define FLAGS_ATTACH_PROPERTIES ( 0x2 )
// EXPERTSTATUSENUM
// gives the possible values for the status field in the EXPERTSTATUS structure
typedef /* [public][public][public] */
enum __MIDL___MIDL_itf_netmon_0000_0016
{ EXPERTSTATUS_INACTIVE = 0,
EXPERTSTATUS_STARTING = EXPERTSTATUS_INACTIVE + 1,
EXPERTSTATUS_RUNNING = EXPERTSTATUS_STARTING + 1,
EXPERTSTATUS_PROBLEM = EXPERTSTATUS_RUNNING + 1,
EXPERTSTATUS_ABORTED = EXPERTSTATUS_PROBLEM + 1,
EXPERTSTATUS_DONE = EXPERTSTATUS_ABORTED + 1
} EXPERTSTATUSENUMERATION;
// EXPERTSUBSTATUS bitfield
// gives the possible values for the substatus field in the EXPERTSTATUS structure
#define EXPERTSUBSTATUS_ABORTED_USER ( 0x1 )
#define EXPERTSUBSTATUS_ABORTED_LOAD_FAIL ( 0x2 )
#define EXPERTSUBSTATUS_ABORTED_THREAD_FAIL ( 0x4 )
#define EXPERTSUBSTATUS_ABORTED_BAD_ENTRY ( 0x8 )
// EXPERTSTATUS
// Indicates the current status of a running expert.
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0017
{
EXPERTSTATUSENUMERATION Status;
DWORD SubStatus;
DWORD PercentDone;
DWORD Frame;
char szStatusText[ 260 ];
} EXPERTSTATUS;
typedef EXPERTSTATUS *PEXPERTSTATUS;
// EXPERT STARTUP FLAGS
#define EXPERT_STARTUP_FLAG_USE_STARTUP_DATA_OVER_CONFIG_DATA ( 0x1 )
//=============================================================================
//=============================================================================
// (NetMon.h)
//=============================================================================
//=============================================================================
// A frame with no number contains this value as its frame number.
#define INVALID_FRAME_NUMBER ( ( DWORD )-1 )
//=============================================================================
// Capture file flags.
//=============================================================================
#define CAPTUREFILE_OPEN OPEN_EXISTING
#define CAPTUREFILE_CREATE CREATE_NEW
//=============================================================================
// CAPTURE CONTEXT API's.
//=============================================================================
LPSYSTEMTIME WINAPI GetCaptureTimeStamp(HCAPTURE hCapture);
DWORD WINAPI GetCaptureMacType(HCAPTURE hCapture);
DWORD WINAPI GetCaptureTotalFrames(HCAPTURE hCapture);
LPSTR WINAPI GetCaptureComment(HCAPTURE hCapture);
//=============================================================================
// FRAME HELP API's.
//=============================================================================
DWORD WINAPI MacTypeToAddressType(DWORD MacType);
DWORD WINAPI AddressTypeToMacType(DWORD AddressType);
DWORD WINAPI GetFrameDstAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);
DWORD WINAPI GetFrameSrcAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);
HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME hFrame);
DWORD WINAPI GetFrameDestAddress(HFRAME hFrame,
LPADDRESS2 lpAddress,
DWORD AddressType,
DWORD Flags);
DWORD WINAPI GetFrameSourceAddress(HFRAME hFrame,
LPADDRESS2 lpAddress,
DWORD AddressType,
DWORD Flags);
DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);
BOOL WINAPI CompareFrameDestAddress(HFRAME hFrame, LPADDRESS2 lpAddress);
BOOL WINAPI CompareFrameSourceAddress(HFRAME hFrame, LPADDRESS2 lpAddress);
DWORD WINAPI GetFrameLength(HFRAME hFrame);
DWORD WINAPI GetFrameStoredLength(HFRAME hFrame);
DWORD WINAPI GetFrameMacType(HFRAME hFrame);
DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);
DWORD WINAPI GetFrameNumber(HFRAME hFrame);
__int64 WINAPI GetFrameTimeStamp(HFRAME hFrame);
ULPFRAME WINAPI GetFrameFromFrameHandle(HFRAME hFrame);
//=============================================================================
// FRAME API's.
//=============================================================================
HFRAME WINAPI ModifyFrame(HCAPTURE hCapture,
DWORD FrameNumber,
LPBYTE FrameData,
DWORD FrameLength,
__int64 TimeStamp);
HFRAME WINAPI FindNextFrame(HFRAME hCurrentFrame,
LPSTR ProtocolName,
LPADDRESS2 lpDestAddress,
LPADDRESS2 lpSrcAddress,
LPWORD ProtocolOffset,
DWORD OriginalFrameNumber,
DWORD nHighestFrame);
HFRAME WINAPI FindPreviousFrame(HFRAME hCurrentFrame,
LPSTR ProtocolName,
LPADDRESS2 lpDstAddress,
LPADDRESS2 lpSrcAddress,
LPWORD ProtocolOffset,
DWORD OriginalFrameNumber,
DWORD nLowestFrame );
HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME);
HFRAME WINAPI GetFrame(HCAPTURE hCapture, DWORD FrameNumber);
LPRECOGNIZEDATATABLE WINAPI GetFrameRecognizeData(HFRAME hFrame);
//=============================================================================
// Protocol API's.
//=============================================================================
HPROTOCOL WINAPI CreateProtocol(LPSTR ProtocolName,
LPENTRYPOINTS lpEntryPoints,
DWORD cbEntryPoints);
VOID WINAPI DestroyProtocol(HPROTOCOL hProtocol);
LPPROTOCOLINFO WINAPI GetProtocolInfo(HPROTOCOL hProtocol);
HPROPERTY WINAPI GetProperty(HPROTOCOL hProtocol, LPSTR PropertyName);
HPROTOCOL WINAPI GetProtocolFromName(LPSTR ProtocolName);
DWORD WINAPI GetProtocolStartOffset(HFRAME hFrame, LPSTR ProtocolName);
DWORD WINAPI GetProtocolStartOffsetHandle(HFRAME hFrame, HPROTOCOL hProtocol);
DWORD WINAPI GetPreviousProtocolOffsetByName(HFRAME hFrame,
DWORD dwStartOffset,
LPSTR szProtocolName,
DWORD* pdwPreviousOffset);
LPPROTOCOLTABLE WINAPI GetEnabledProtocols(HCAPTURE hCapture);
//=============================================================================
// Property API's.
//=============================================================================
DWORD WINAPI CreatePropertyDatabase(HPROTOCOL hProtocol, DWORD nProperties);
DWORD WINAPI DestroyPropertyDatabase(HPROTOCOL hProtocol);
HPROPERTY WINAPI AddProperty(HPROTOCOL hProtocol, LPPROPERTYINFO PropertyInfo);
BOOL WINAPI AttachPropertyInstance(HFRAME hFrame,
HPROPERTY hProperty,
DWORD Length,
ULPVOID lpData,
DWORD HelpID,
DWORD Level,
DWORD IFlags);
BOOL WINAPI AttachPropertyInstanceEx(HFRAME hFrame,
HPROPERTY hProperty,
DWORD Length,
ULPVOID lpData,
DWORD ExLength,
ULPVOID lpExData,
DWORD HelpID,
DWORD Level,
DWORD IFlags);
LPPROPERTYINST WINAPI FindPropertyInstance(HFRAME hFrame, HPROPERTY hProperty);
LPPROPERTYINST WINAPI FindPropertyInstanceRestart (HFRAME hFrame,
HPROPERTY hProperty,
LPPROPERTYINST *lpRestartKey,
BOOL DirForward );
LPPROPERTYINFO WINAPI GetPropertyInfo(HPROPERTY hProperty);
LPSTR WINAPI GetPropertyText(HFRAME hFrame, LPPROPERTYINST lpPI, LPSTR szBuffer, DWORD BufferSize);
DWORD WINAPI ResetPropertyInstanceLength( LPPROPERTYINST lpProp,
WORD nOrgLen,
WORD nNewLen );
//=============================================================================
// MISC. API's.
//=============================================================================
DWORD WINAPI GetCaptureCommentFromFilename(LPSTR lpFilename, LPSTR lpComment, DWORD BufferSize);
int WINAPI CompareAddresses(LPADDRESS2 lpAddress1, LPADDRESS2 lpAddress2);
DWORD WINAPIV FormatPropertyInstance(LPPROPERTYINST lpPropertyInst, ...);
SYSTEMTIME * WINAPI AdjustSystemTime(SYSTEMTIME *SystemTime, __int64 TimeDelta);
LPSTR WINAPI NMRtlIpv6AddressToStringA(const BYTE IP6Addr[],LPSTR S);
LPWSTR WINAPI NMRtlIpv6AddressToStringW(const BYTE IP6Addr[], LPWSTR S);
ULONG WINAPI NMRtlIpv6StringToAddressA(LPCSTR S, LPCSTR *Terminator, BYTE IP6Addr[]);
ULONG WINAPI NMRtlIpv6StringToAddressW(LPCWSTR S, LPCWSTR *Terminator, BYTE IP6Addr[]);
//=============================================================================
// EXPERT API's for use by Experts
//=============================================================================
DWORD WINAPI ExpertGetFrame( IN HEXPERTKEY hExpertKey,
IN DWORD Direction,
IN DWORD RequestFlags,
IN DWORD RequestedFrameNumber,
IN HFILTER hFilter,
OUT LPEXPERTFRAMEDESCRIPTOR pEFrameDescriptor);
LPVOID WINAPI ExpertAllocMemory( IN HEXPERTKEY hExpertKey,
IN SIZE_T nBytes,
OUT DWORD* pError);
LPVOID WINAPI ExpertReallocMemory( IN HEXPERTKEY hExpertKey,
IN LPVOID pOriginalMemory,
IN SIZE_T nBytes,
OUT DWORD* pError);
DWORD WINAPI ExpertFreeMemory( IN HEXPERTKEY hExpertKey,
IN LPVOID pOriginalMemory);
SIZE_T WINAPI ExpertMemorySize( IN HEXPERTKEY hExpertKey,
IN LPVOID pOriginalMemory);
DWORD WINAPI ExpertIndicateStatus( IN HEXPERTKEY hExpertKey,
IN EXPERTSTATUSENUMERATION Status,
IN DWORD SubStatus,
IN const char * szText,
IN LONG PercentDone);
DWORD WINAPI ExpertSubmitEvent( IN HEXPERTKEY hExpertKey,
IN PNMEVENTDATA pExpertEvent);
DWORD WINAPI ExpertGetStartupInfo( IN HEXPERTKEY hExpertKey,
OUT PEXPERTSTARTUPINFO pExpertStartupInfo);
//=============================================================================
// DEBUG API's.
//=============================================================================
#ifdef DEBUG
//=============================================================================
// BreakPoint() macro.
//=============================================================================
// We do not want breakpoints in our code any more...
// so we are defining DebugBreak(), usually a system call, to be
// just a dprintf. BreakPoint() is still defined as DebugBreak().
#ifdef DebugBreak
#undef DebugBreak
#endif // DebugBreak
#define DebugBreak() dprintf("DebugBreak Called at %s:%s", __FILE__, __LINE__);
#define BreakPoint() DebugBreak()
#endif // DEBUG
//=============================================================================
//=============================================================================
// (NMBlob.h)
//=============================================================================
//=============================================================================
//=============================================================================
// Blob Constants
//=============================================================================
#define INITIAL_RESTART_KEY ( 0xffffffff )
//=============================================================================
// Blob Core Helper Routines
//=============================================================================
DWORD _cdecl CreateBlob(HBLOB * phBlob);
DWORD _cdecl DestroyBlob(HBLOB hBlob);
DWORD _cdecl SetStringInBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
const char * pString);
DWORD _cdecl SetWStringInBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
const WCHAR * pwString);
DWORD _cdecl ConvertWStringToHexString(const WCHAR *pwsz,
char ** ppsz);
DWORD _cdecl GetStringFromBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
const char ** ppString);
DWORD _cdecl ConvertHexStringToWString(CHAR *psz,
WCHAR **ppwsz);
DWORD _cdecl GetWStringFromBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
WCHAR ** ppwString);
DWORD _cdecl GetStringsFromBlob(HBLOB hBlob,
const char * pRequestedOwnerName,
const char * pRequestedCategoryName,
const char * pRequestedTagName,
const char ** ppReturnedOwnerName,
const char ** ppReturnedCategoryName,
const char ** ppReturnedTagName,
const char ** ppReturnedString,
DWORD * pRestartKey);
DWORD _cdecl RemoveFromBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName);
DWORD _cdecl LockBlob(HBLOB hBlob);
DWORD _cdecl UnlockBlob(HBLOB hBlob);
DWORD _cdecl FindUnknownBlobCategories( HBLOB hBlob,
const char * pOwnerName,
const char * pKnownCategoriesTable[],
HBLOB hUnknownCategoriesBlob);
//=============================================================================
// Blob Helper Routines
//=============================================================================
DWORD _cdecl MergeBlob(HBLOB hDstBlob,
HBLOB hSrcBlob);
DWORD _cdecl DuplicateBlob (HBLOB hSrcBlob,
HBLOB *hBlobThatWillBeCreated );
DWORD _cdecl WriteBlobToFile(HBLOB hBlob,
const char * pFileName);
DWORD _cdecl ReadBlobFromFile(HBLOB* phBlob,
const char * pFileName);
DWORD _cdecl RegCreateBlobKey(HKEY hkey, const char* szBlobName, HBLOB hBlob);
DWORD _cdecl RegOpenBlobKey(HKEY hkey, const char* szBlobName, HBLOB* phBlob);
DWORD _cdecl MarshalBlob(HBLOB hBlob, DWORD* pSize, BYTE** ppBytes);
DWORD _cdecl UnMarshalBlob(HBLOB* phBlob, DWORD Size, BYTE* pBytes);
DWORD _cdecl SetDwordInBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
DWORD Dword);
DWORD _cdecl GetDwordFromBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
DWORD * pDword);
DWORD _cdecl SetBoolInBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
BOOL Bool);
DWORD _cdecl GetBoolFromBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
BOOL * pBool);
DWORD _cdecl GetMacAddressFromBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
BYTE * pMacAddress);
DWORD _cdecl SetMacAddressInBlob(HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pTagName,
const BYTE * pMacAddress);
DWORD _cdecl FindUnknownBlobTags( HBLOB hBlob,
const char * pOwnerName,
const char * pCategoryName,
const char * pKnownTagsTable[],
HBLOB hUnknownTagsBlob);
//=============================================================================
// Blob NPP Helper Routines
//=============================================================================
DWORD _cdecl SetNetworkInfoInBlob(HBLOB hBlob,
LPNETWORKINFO lpNetworkInfo);
DWORD _cdecl GetNetworkInfoFromBlob(HBLOB hBlob,
LPNETWORKINFO lpNetworkInfo);
DWORD _cdecl CreateNPPInterface ( HBLOB hBlob,
REFIID iid,
void ** ppvObject);
DWORD _cdecl SetClassIDInBlob(HBLOB hBlob,
const char* pOwnerName,
const char* pCategoryName,
const char* pTagName,
const CLSID* pClsID);
DWORD _cdecl GetClassIDFromBlob(HBLOB hBlob,
const char* pOwnerName,
const char* pCategoryName,
const char* pTagName,
CLSID * pClsID);
DWORD _cdecl SetNPPPatternFilterInBlob( HBLOB hBlob,
LPEXPRESSION pExpression,
HBLOB hErrorBlob);
DWORD _cdecl GetNPPPatternFilterFromBlob( HBLOB hBlob,
LPEXPRESSION pExpression,
HBLOB hErrorBlob);
DWORD _cdecl SetNPPAddress2FilterInBlob( HBLOB hBlob,
LPADDRESSTABLE2 pAddressTable);
DWORD _cdecl GetNPPAddress2FilterFromBlob( HBLOB hBlob,
LPADDRESSTABLE2 pAddressTable,
HBLOB hErrorBlob);
DWORD _cdecl SetNPPTriggerInBlob( HBLOB hBlob,
LPTRIGGER pTrigger,
HBLOB hErrorBlob);
DWORD _cdecl GetNPPTriggerFromBlob( HBLOB hBlob,
LPTRIGGER pTrigger,
HBLOB hErrorBlob);
DWORD _cdecl SetNPPEtypeSapFilter(HBLOB hBlob,
WORD nSaps,
WORD nEtypes,
LPBYTE lpSapTable,
LPWORD lpEtypeTable,
DWORD FilterFlags,
HBLOB hErrorBlob);
DWORD _cdecl GetNPPEtypeSapFilter(HBLOB hBlob,
WORD *pnSaps,
WORD *pnEtypes,
LPBYTE *ppSapTable,
LPWORD *ppEtypeTable,
DWORD *pFilterFlags,
HBLOB hErrorBlob);
// GetNPPMacTypeAsNumber maps the tag NPP:NetworkInfo:MacType to the MAC_TYPE_*
// defined in the NPPTYPES.h. If the tag is unavailable, the API returns MAC_TYPE_UNKNOWN.
DWORD _cdecl GetNPPMacTypeAsNumber(HBLOB hBlob,
LPDWORD lpMacType);
// See if a remote catagory exists... and make sure that the remote computername
// isn't the same as the local computername.
BOOL _cdecl IsRemoteNPP ( HBLOB hBLOB);
//=============================================================================
// npp tag definitions
//=============================================================================
#define OWNER_NPP "NPP"
#define CATEGORY_NETWORKINFO "NetworkInfo"
#define TAG_MACTYPE "MacType"
#define TAG_CURRENTADDRESS "CurrentAddress"
#define TAG_LINKSPEED "LinkSpeed"
#define TAG_MAXFRAMESIZE "MaxFrameSize"
#define TAG_FLAGS "Flags"
#define TAG_TIMESTAMPSCALEFACTOR "TimeStampScaleFactor"
#define TAG_COMMENT "Comment"
#define TAG_NODENAME "NodeName"
#define TAG_NAME "Name"
#define TAG_FAKENPP "Fake"
#define TAG_PROMISCUOUS_MODE "PMode"
#define CATEGORY_LOCATION "Location"
#define TAG_RAS "Dial-up Connection"
#define TAG_MACADDRESS "MacAddress"
#define TAG_CLASSID "ClassID"
#define TAG_NAME "Name"
#define TAG_CONNECTIONNAME "Connection Name"
#define TAG_FRIENDLYNAME "Friendly Name"
#define CATEGORY_CONFIG "Config"
#define TAG_FRAME_SIZE "FrameSize"
#define TAG_UPDATE_FREQUENCY "UpdateFreq"
#define TAG_BUFFER_SIZE "BufferSize"
#define TAG_PATTERN_DESIGNATOR "PatternMatch"
#define TAG_PATTERN "Pattern"
#define TAG_ADDRESS_PAIR "AddressPair"
#define TAG_CONNECTIONFLAGS "ConnectionFlags"
#define TAG_ETYPES "Etypes"
#define TAG_SAPS "Saps"
#define TAG_NO_CONVERSATION_STATS "NoConversationStats"
#define TAG_NO_STATS_FRAME "NoStatsFrame"
#define TAG_DONT_DELETE_EMPTY_CAPTURE "DontDeleteEmptyCapture"
#define TAG_WANT_PROTOCOL_INFO "WantProtocolInfo"
#define TAG_INTERFACE_DELAYED_CAPTURE "IDdC"
#define TAG_INTERFACE_REALTIME_CAPTURE "IRTC"
#define TAG_INTERFACE_STATS "ISts"
#define TAG_INTERFACE_TRANSMIT "IXmt"
#define TAG_LOCAL_ONLY "LocalOnly"
// Is_Remote is set to TRUE by NPPs that go remote. Note that when you
// are looking for a remote NPP, you probably also need to ask for
// blobs that have the TAG_GET_SPECIAL_BLOBS bool set
#define TAG_IS_REMOTE "IsRemote"
#define CATEGORY_TRIGGER "Trigger"
#define TAG_TRIGGER "Trigger"
#define CATEGORY_FINDER "Finder"
#define TAG_ROOT "Root"
#define TAG_PROCNAME "ProcName"
#define TAG_DISP_STRING "Display"
#define TAG_DLL_FILENAME "DLLName"
#define TAG_GET_SPECIAL_BLOBS "Specials"
#define CATEGORY_REMOTE "Remote"
#define TAG_REMOTECOMPUTER "RemoteComputer"
#define TAG_REMOTECLASSID "ClassID"
//=============================================================================
// npp value definitions
//=============================================================================
// Mac types
#define PROTOCOL_STRING_ETHERNET_TXT "ETHERNET"
#define PROTOCOL_STRING_TOKENRING_TXT "TOKENRING"
#define PROTOCOL_STRING_FDDI_TXT "FDDI"
#define PROTOCOL_STRING_ATM_TXT "ATM"
#define PROTOCOL_STRING_1394_TXT "IP/1394"
// lower protocols
#define PROTOCOL_STRING_IP_TXT "IP"
#define PROTOCOL_STRING_IP6_TXT "IP6"
#define PROTOCOL_STRING_IPX_TXT "IPX"
#define PROTOCOL_STRING_XNS_TXT "XNS"
#define PROTOCOL_STRING_VINES_IP_TXT "VINES IP"
// upper protocols
#define PROTOCOL_STRING_ICMP_TXT "ICMP"
#define PROTOCOL_STRING_TCP_TXT "TCP"
#define PROTOCOL_STRING_UDP_TXT "UDP"
#define PROTOCOL_STRING_SPX_TXT "SPX"
#define PROTOCOL_STRING_NCP_TXT "NCP"
// pseudo protocols
#define PROTOCOL_STRING_ANY_TXT "ANY"
#define PROTOCOL_STRING_ANY_GROUP_TXT "ANY GROUP"
#define PROTOCOL_STRING_HIGHEST_TXT "HIGHEST"
#define PROTOCOL_STRING_LOCAL_ONLY_TXT "LOCAL ONLY"
#define PROTOCOL_STRING_UNKNOWN_TXT "UNKNOWN"
#define PROTOCOL_STRING_DATA_TXT "DATA"
#define PROTOCOL_STRING_FRAME_TXT "FRAME"
#define PROTOCOL_STRING_NONE_TXT "NONE"
#define PROTOCOL_STRING_EFFECTIVE_TXT "EFFECTIVE"
#define ADDRESS_PAIR_INCLUDE_TXT "INCLUDE"
#define ADDRESS_PAIR_EXCLUDE_TXT "EXCLUDE"
#define INCLUDE_ALL_EXCEPT_TXT "INCLUDE ALL EXCEPT"
#define EXCLUDE_ALL_EXCEPT_TXT "EXCLUDE ALL EXCEPT"
#define PATTERN_MATCH_OR_TXT "OR("
#define PATTERN_MATCH_AND_TXT "AND("
#define TRIGGER_PATTERN_TXT "PATTERN MATCH"
#define TRIGGER_BUFFER_TXT "BUFFER CONTENT"
#define TRIGGER_NOTIFY_TXT "NOTIFY"
#define TRIGGER_STOP_TXT "STOP"
#define TRIGGER_PAUSE_TXT "PAUSE"
#define TRIGGER_25_PERCENT_TXT "25 PERCENT"
#define TRIGGER_50_PERCENT_TXT "50 PERCENT"
#define TRIGGER_75_PERCENT_TXT "75 PERCENT"
#define TRIGGER_100_PERCENT_TXT "100 PERCENT"
#define PATTERN_MATCH_NOT_TXT "NOT"
//=============================================================================
//=============================================================================
// (NMRegHelp.h)
//=============================================================================
//=============================================================================
// Registry helpers
LPCSTR _cdecl FindOneOf(LPCSTR p1, LPCSTR p2);
LONG _cdecl recursiveDeleteKey(HKEY hKeyParent, // Parent of key to delete.
const char* lpszKeyChild); // Key to delete.
BOOL _cdecl SubkeyExists(const char* pszPath, // Path of key to check
const char* szSubkey); // Key to check
BOOL _cdecl setKeyAndValue(const char* szKey,
const char* szSubkey,
const char* szValue,
const char* szName) ;
//=============================================================================
//=============================================================================
// (NMIpStructs.h)
//=============================================================================
//=============================================================================
// These structures are used to decode network data and so need to be packed
#pragma pack(push, 1)
//
// IP Packet Structure
//
typedef struct _IP
{
union
{
BYTE Version;
BYTE HdrLen;
};
BYTE ServiceType;
WORD TotalLen;
WORD ID;
union
{
WORD Flags;
WORD FragOff;
};
BYTE TimeToLive;
BYTE Protocol;
WORD HdrChksum;
DWORD SrcAddr;
DWORD DstAddr;
BYTE Options[0];
} IP;
typedef IP * LPIP;
typedef IP UNALIGNED * ULPIP;
// Psuedo Header used for CheckSum Calculations
typedef struct _PSUHDR
{
DWORD ph_SrcIP;
DWORD ph_DstIP;
UCHAR ph_Zero;
UCHAR ph_Proto;
WORD ph_ProtLen;
} PSUHDR;
typedef PSUHDR UNALIGNED * LPPSUHDR;
//
// IP Bitmasks that are useful
// (and the appropriate bit shifts, as well)
//
#define IP_VERSION_MASK ((BYTE) 0xf0)
#define IP_VERSION_SHIFT (4)
#define IP_HDRLEN_MASK ((BYTE) 0x0f)
#define IP_HDRLEN_SHIFT (0)
#define IP_PRECEDENCE_MASK ((BYTE) 0xE0)
#define IP_PRECEDENCE_SHIFT (5)
#define IP_TOS_MASK ((BYTE) 0x1E)
#define IP_TOS_SHIFT (1)
#define IP_DELAY_MASK ((BYTE) 0x10)
#define IP_THROUGHPUT_MASK ((BYTE) 0x08)
#define IP_RELIABILITY_MASK ((BYTE) 0x04)
#define IP_FLAGS_MASK ((BYTE) 0xE0)
#define IP_FLAGS_SHIFT (13)
#define IP_DF_MASK ((BYTE) 0x40)
#define IP_MF_MASK ((BYTE) 0x20)
#define IP_MF_SHIFT (5)
#define IP_FRAGOFF_MASK ((WORD) 0x1FFF)
#define IP_FRAGOFF_SHIFT (3)
#define IP_TCC_MASK ((DWORD) 0xFFFFFF00)
#define IP_TIME_OPTS_MASK ((BYTE) 0x0F)
#define IP_MISS_STNS_MASK ((BYTE) 0xF0)
#define IP_TIME_OPTS_SHIFT (0)
#define IP_MISS_STNS_SHIFT (4)
//
// Offset to checksum field in ip header
//
#define IP_CHKSUM_OFF 10
INLINE BYTE IP_Version(ULPIP pIP)
{
return (pIP->Version & IP_VERSION_MASK) >> IP_VERSION_SHIFT;
}
INLINE DWORD IP_HdrLen(ULPIP pIP)
{
return ((pIP->HdrLen & IP_HDRLEN_MASK) >> IP_HDRLEN_SHIFT) << 2;
}
INLINE WORD IP_FragOff(ULPIP pIP)
{
return (XCHG(pIP->FragOff) & IP_FRAGOFF_MASK) << IP_FRAGOFF_SHIFT;
}
INLINE DWORD IP_TotalLen(ULPIP pIP)
{
return XCHG(pIP->TotalLen);
}
INLINE DWORD IP_MoreFragments(ULPIP pIP)
{
return (pIP->Flags & IP_MF_MASK) >> IP_MF_SHIFT;
}
//
// Well known ports in the TCP/IP protocol (See RFC 1060)
//
#define PORT_TCPMUX 1 // TCP Port Service Multiplexer
#define PORT_RJE 5 // Remote Job Entry
#define PORT_ECHO 7 // Echo
#define PORT_DISCARD 9 // Discard
#define PORT_USERS 11 // Active users
#define PORT_DAYTIME 13 // Daytime
#define PORT_NETSTAT 15 // Netstat
#define PORT_QUOTE 17 // Quote of the day
#define PORT_CHARGEN 19 // Character Generator
#define PORT_FTPDATA 20 // File transfer [default data]
#define PORT_FTP 21 // File transfer [Control]
#define PORT_TELNET 23 // Telnet
#define PORT_SMTP 25 // Simple Mail Transfer
#define PORT_NSWFE 27 // NSW User System FE
#define PORT_MSGICP 29 // MSG ICP
#define PORT_MSGAUTH 31 // MSG Authentication
#define PORT_DSP 33 // Display Support
#define PORT_PRTSERVER 35 // any private printer server
#define PORT_TIME 37 // Time
#define PORT_RLP 39 // Resource Location Protocol
#define PORT_GRAPHICS 41 // Graphics
#define PORT_NAMESERVER 42 // Host Name Server
#define PORT_NICNAME 43 // Who is
#define PORT_MPMFLAGS 44 // MPM Flags
#define PORT_MPM 45 // Message Processing Module [recv]
#define PORT_MPMSND 46 // MPM [default send]
#define PORT_NIFTP 47 // NI FTP
#define PORT_LOGIN 49 // Login Host Protocol
#define PORT_LAMAINT 51 // IMP Logical Address Maintenance
#define PORT_DOMAIN 53 // Domain Name Server
#define PORT_ISIGL 55 // ISI Graphics Language
#define PORT_ANYTERMACC 57 // any private terminal access
#define PORT_ANYFILESYS 59 // any private file service
#define PORT_NIMAIL 61 // NI Mail
#define PORT_VIAFTP 63 // VIA Systems - FTP
#define PORT_TACACSDS 65 // TACACS - Database Service
#define PORT_BOOTPS 67 // Bootstrap Protocol server
#define PORT_BOOTPC 68 // Bootstrap Protocol client
#define PORT_TFTP 69 // Trivial File Transfer
#define PORT_NETRJS1 71 // Remote Job service
#define PORT_NETRJS2 72 // Remote Job service
#define PORT_NETRJS3 73 // Remote Job service
#define PORT_NETRJS4 74 // Remote Job service
#define PORT_ANYDIALOUT 75 // any private dial out service
#define PORT_ANYRJE 77 // any private RJE service
#define PORT_FINGER 79 // Finger
#define PORT_HTTP 80 // HTTP (www)
#define PORT_HOSTS2NS 81 // Hosts2 Name Server
#define PORT_MITMLDEV1 83 // MIT ML Device
#define PORT_MITMLDEV2 85 // MIT ML Device
#define PORT_ANYTERMLINK 87 // any private terminal link
#define PORT_SUMITTG 89 // SU/MIT Telnet Gateway
#define PORT_MITDOV 91 // MIT Dover Spooler
#define PORT_DCP 93 // Device Control Protocol
#define PORT_SUPDUP 95 // SUPDUP
#define PORT_SWIFTRVF 97 // Swift Remote Vitural File Protocol
#define PORT_TACNEWS 98 // TAC News
#define PORT_METAGRAM 99 // Metagram Relay
#define PORT_NEWACCT 100 // [Unauthorized use]
#define PORT_HOSTNAME 101 // NIC Host Name Server
#define PORT_ISOTSAP 102 // ISO-TSAP
#define PORT_X400 103 // X400
#define PORT_X400SND 104 // X400 - SND
#define PORT_CSNETNS 105 // Mailbox Name Nameserver
#define PORT_RTELNET 107 // Remote Telnet Service
#define PORT_POP2 109 // Post Office Protocol - version 2
#define PORT_POP3 110 // Post Office Protocol - version 3
#define PORT_SUNRPC 111 // SUN Remote Procedure Call
#define PORT_AUTH 113 // Authentication
#define PORT_SFTP 115 // Simple File Transfer Protocol
#define PORT_UUCPPATH 117 // UUCP Path Service
#define PORT_NNTP 119 // Network News Transfer Protocol
#define PORT_ERPC 121 // Encore Expedited Remote Proc. Call
#define PORT_NTP 123 // Network Time Protocol
#define PORT_LOCUSMAP 125 // Locus PC-Interface Net Map Sesrver
#define PORT_LOCUSCON 127 // Locus PC-Interface Conn Server
#define PORT_PWDGEN 129 // Password Generator Protocol
#define PORT_CISCOFNA 130 // CISCO FNATIVE
#define PORT_CISCOTNA 131 // CISCO TNATIVE
#define PORT_CISCOSYS 132 // CISCO SYSMAINT
#define PORT_STATSRV 133 // Statistics Service
#define PORT_INGRESNET 134 // Ingres net service
#define PORT_LOCSRV 135 // Location Service
#define PORT_PROFILE 136 // PROFILE Naming System
#define PORT_NETBIOSNS 137 // NETBIOS Name Service
#define PORT_NETBIOSDGM 138 // NETBIOS Datagram Service
#define PORT_NETBIOSSSN 139 // NETBIOS Session Service
#define PORT_EMFISDATA 140 // EMFIS Data Service
#define PORT_EMFISCNTL 141 // EMFIS Control Service
#define PORT_BLIDM 142 // Britton-Lee IDM
#define PORT_IMAP2 143 // Interim Mail Access Protocol v2
#define PORT_NEWS 144 // NewS
#define PORT_UAAC 145 // UAAC protocol
#define PORT_ISOTP0 146 // ISO-IP0
#define PORT_ISOIP 147 // ISO-IP
#define PORT_CRONUS 148 // CRONUS-Support
#define PORT_AED512 149 // AED 512 Emulation Service
#define PORT_SQLNET 150 // SQL-NET
#define PORT_HEMS 151 // HEMS
#define PORT_BFTP 152 // Background File Transfer Protocol
#define PORT_SGMP 153 // SGMP
#define PORT_NETSCPROD 154 // NETSC
#define PORT_NETSCDEV 155 // NETSC
#define PORT_SQLSRV 156 // SQL service
#define PORT_KNETCMP 157 // KNET/VM Command/Message Protocol
#define PORT_PCMAILSRV 158 // PCMail server
#define PORT_NSSROUTING 159 // NSS routing
#define PORT_SGMPTRAPS 160 // SGMP-TRAPS
#define PORT_SNMP 161 // SNMP
#define PORT_SNMPTRAP 162 // SNMPTRAP
#define PORT_CMIPMANAGE 163 // CMIP/TCP Manager
#define PORT_CMIPAGENT 164 // CMIP/TCP Agent
#define PORT_XNSCOURIER 165 // Xerox
#define PORT_SNET 166 // Sirius Systems
#define PORT_NAMP 167 // NAMP
#define PORT_RSVD 168 // RSVC
#define PORT_SEND 169 // SEND
#define PORT_PRINTSRV 170 // Network Postscript
#define PORT_MULTIPLEX 171 // Network Innovations Multiples
#define PORT_CL1 172 // Network Innovations CL/1
#define PORT_XYPLEXMUX 173 // Xyplex
#define PORT_MAILQ 174 // MAILQ
#define PORT_VMNET 175 // VMNET
#define PORT_GENRADMUX 176 // GENRAD-MUX
#define PORT_XDMCP 177 // X Display Manager Control Protocol
#define PORT_NEXTSTEP 178 // NextStep Window Server
#define PORT_BGP 179 // Border Gateway Protocol
#define PORT_RIS 180 // Intergraph
#define PORT_UNIFY 181 // Unify
#define PORT_UNISYSCAM 182 // Unisys-Cam
#define PORT_OCBINDER 183 // OCBinder
#define PORT_OCSERVER 184 // OCServer
#define PORT_REMOTEKIS 185 // Remote-KIS
#define PORT_KIS 186 // KIS protocol
#define PORT_ACI 187 // Application Communication Interface
#define PORT_MUMPS 188 // MUMPS
#define PORT_QFT 189 // Queued File Transport
#define PORT_GACP 190 // Gateway Access Control Protocol
#define PORT_PROSPERO 191 // Prospero
#define PORT_OSUNMS 192 // OSU Network Monitoring System
#define PORT_SRMP 193 // Spider Remote Monitoring Protocol
#define PORT_IRC 194 // Internet Relay Chat Protocol
#define PORT_DN6NLMAUD 195 // DNSIX Network Level Module Audit
#define PORT_DN6SMMRED 196 // DSNIX Session Mgt Module Audit Redirector
#define PORT_DLS 197 // Directory Location Service
#define PORT_DLSMON 198 // Directory Location Service Monitor
#define PORT_ATRMTP 201 // AppleTalk Routing Maintenance
#define PORT_ATNBP 202 // AppleTalk Name Binding
#define PORT_AT3 203 // AppleTalk Unused
#define PORT_ATECHO 204 // AppleTalk Echo
#define PORT_AT5 205 // AppleTalk Unused
#define PORT_ATZIS 206 // AppleTalk Zone Information
#define PORT_AT7 207 // AppleTalk Unused
#define PORT_AT8 208 // AppleTalk Unused
#define PORT_SURMEAS 243 // Survey Measurement
#define PORT_LINK 245 // LINK
#define PORT_DSP3270 246 // Display Systems Protocol
#define PORT_LDAP1 389 // LDAP
#define PORT_ISAKMP 500 // ISAKMP
#define PORT_REXEC 512 // Remote Process Execution
#define PORT_RLOGIN 513 // Remote login a la telnet
#define PORT_RSH 514 // Remote command
#define PORT_LPD 515 // Line printer spooler - LPD
#define PORT_RIP 520 // TCP=? / UDP=RIP
#define PORT_TEMPO 526 // Newdate
#define PORT_COURIER 530 // rpc
#define PORT_NETNEWS 532 // READNEWS
#define PORT_UUCPD 540 // UUCPD
#define PORT_KLOGIN 543 //
#define PORT_KSHELL 544 // krcmd
#define PORT_DSF 555 //
#define PORT_REMOTEEFS 556 // RFS server
#define PORT_CHSHELL 562 // chmod
#define PORT_METER 570 // METER
#define PORT_PCSERVER 600 // SUN IPC Server
#define PORT_NQS 607 // NQS
#define PORT_HMMP_INDICATION 612 //
#define PORT_HMMP_OPERATION 613 //
#define PORT_MDQS 666 // MDQS
#define PORT_LPD721 721 // LPD Client (lpd client ports 721 - 731)
#define PORT_LPD722 722 // LPD Client (see RFC 1179)
#define PORT_LPD723 723 // LPD Client
#define PORT_LPD724 724 // LPD Client
#define PORT_LPD725 725 // LPD Client
#define PORT_LPD726 726 // LPD Client
#define PORT_LPD727 727 // LPD Client
#define PORT_LPD728 728 // LPD Client
#define PORT_LPD729 729 // LPD Client
#define PORT_LPD730 730 // LPD Client
#define PORT_LPD731 731 // LPD Client
#define PORT_RFILE 750 // RFILE
#define PORT_PUMP 751 // PUMP
#define PORT_QRH 752 // QRH
#define PORT_RRH 753 // RRH
#define PORT_TELL 754 // TELL
#define PORT_NLOGIN 758 // NLOGIN
#define PORT_CON 759 // CON
#define PORT_NS 760 // NS
#define PORT_RXE 761 // RXE
#define PORT_QUOTAD 762 // QUOTAD
#define PORT_CYCLESERV 763 // CYCLESERV
#define PORT_OMSERV 764 // OMSERV
#define PORT_WEBSTER 765 // WEBSTER
#define PORT_PHONEBOOK 767 // PHONE
#define PORT_VID 769 // VID
#define PORT_RTIP 771 // RTIP
#define PORT_CYCLESERV2 772 // CYCLESERV-2
#define PORT_SUBMIT 773 // submit
#define PORT_RPASSWD 774 // RPASSWD
#define PORT_ENTOMB 775 // ENTOMB
#define PORT_WPAGES 776 // WPAGES
#define PORT_WPGS 780 // wpgs
#define PORT_MDBSDAEMON 800 // MDBS DAEMON
#define PORT_DEVICE 801 // DEVICE
#define PORT_MAITRD 997 // MAITRD
#define PORT_BUSBOY 998 // BUSBOY
#define PORT_GARCON 999 // GARCON
#define PORT_NFS 2049 // NFS
#define PORT_LDAP2 3268 // LDAP
#define PORT_PPTP 5678 // PPTP
//=============================================================================
//=============================================================================
// (NMIcmpStructs.h)
//=============================================================================
//=============================================================================
//
// ICMP Frame Structure
//
typedef struct _RequestReplyFields
{
WORD ID;
WORD SeqNo;
} ReqReply;
typedef struct _ParameterProblemFields
{
BYTE Pointer;
BYTE junk[ 3 ];
} ParmProb;
typedef struct _TimestampFields
{
DWORD tsOrig;
DWORD tsRecv;
DWORD tsXmit;
} TS;
typedef struct _RouterAnnounceHeaderFields
{
BYTE NumAddrs;
BYTE AddrEntrySize;
WORD Lifetime;
} RouterAH;
typedef struct _RouterAnnounceEntry
{
DWORD Address;
DWORD PreferenceLevel;
} RouterAE;
typedef struct _ICMP
{
BYTE Type;
BYTE Code;
WORD Checksum;
union
{
DWORD Unused;
DWORD Address;
ReqReply RR;
ParmProb PP;
RouterAH RAH;
};
union
{
TS Time;
IP IP;
RouterAE RAE[0];
};
} ICMP;
typedef ICMP * LPICMP;
typedef ICMP UNALIGNED * ULPICMP;
#define ICMP_HEADER_LENGTH ( 8 )
// # of *BYTES* of IP data to attach to
// datagram in addition to IP header
#define ICMP_IP_DATA_LENGTH ( 8 )
//
// ICMP Packet Types
//
#define ECHO_REPLY ( 0 )
#define DESTINATION_UNREACHABLE ( 3 )
#define SOURCE_QUENCH ( 4 )
#define REDIRECT ( 5 )
#define ECHO ( 8 )
#define ROUTER_ADVERTISEMENT ( 9 )
#define ROUTER_SOLICITATION ( 10 )
#define TIME_EXCEEDED ( 11 )
#define PARAMETER_PROBLEM ( 12 )
#define TIMESTAMP ( 13 )
#define TIMESTAMP_REPLY ( 14 )
#define INFORMATION_REQUEST ( 15 )
#define INFORMATION_REPLY ( 16 )
#define ADDRESS_MASK_REQUEST ( 17 )
#define ADDRESS_MASK_REPLY ( 18 )
//=============================================================================
//=============================================================================
// (NMIpxStructs.h)
//=============================================================================
//=============================================================================
// IPX
typedef /* [public][public][public][public][public][public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0018
{
UCHAR ha_address[ 6 ];
} HOST_ADDRESS;
typedef struct _IPXADDRESS
{
ULONG ipx_NetNumber;
HOST_ADDRESS ipx_HostAddr;
} IPXADDRESS;
typedef IPXADDRESS UNALIGNED * PIPXADDRESS;
typedef struct _NET_ADDRESS
{
IPXADDRESS na_IPXAddr;
USHORT na_socket;
} NET_ADDRESS;
typedef NET_ADDRESS UNALIGNED * UPNET_ADDRESS;
// IPX Internetwork Packet eXchange Protocol Header.
typedef /* [public][public] */ struct __MIDL___MIDL_itf_netmon_0000_0019
{
USHORT ipx_checksum;
USHORT ipx_length;
UCHAR ipx_xport_control;
UCHAR ipx_packet_type;
NET_ADDRESS ipx_dest;
NET_ADDRESS ipx_source;
} IPX_HDR;
typedef IPX_HDR UNALIGNED * ULPIPX_HDR;
// SPX - Sequenced Packet Protocol
typedef struct _SPX_HDR
{
IPX_HDR spx_idp_hdr;
UCHAR spx_conn_ctrl;
UCHAR spx_data_type;
USHORT spx_src_conn_id;
USHORT spx_dest_conn_id;
USHORT spx_sequence_num;
USHORT spx_ack_num;
USHORT spx_alloc_num;
} SPX_HDR;
typedef SPX_HDR UNALIGNED *PSPX_HDR;
//=============================================================================
//=============================================================================
// (NMTcpStructs.h)
//=============================================================================
//=============================================================================
//
// TCP Packet Structure
//
typedef struct _TCP
{
WORD SrcPort;
WORD DstPort;
DWORD SeqNum;
DWORD AckNum;
BYTE DataOff;
BYTE Flags;
WORD Window;
WORD Chksum;
WORD UrgPtr;
} TCP;
typedef TCP *LPTCP;
typedef TCP UNALIGNED * ULPTCP;
INLINE DWORD TCP_HdrLen(ULPTCP pTCP)
{
return (pTCP->DataOff & 0xf0) >> 2;
}
INLINE DWORD TCP_SrcPort(ULPTCP pTCP)
{
return XCHG(pTCP->SrcPort);
}
INLINE DWORD TCP_DstPort(ULPTCP pTCP)
{
return XCHG(pTCP->DstPort);
}
//
// TCP Option Opcodes
//
#define TCP_OPTION_ENDOFOPTIONS ( 0 )
#define TCP_OPTION_NOP ( 1 )
#define TCP_OPTION_MAXSEGSIZE ( 2 )
#define TCP_OPTION_WSCALE ( 3 )
#define TCP_OPTION_SACK_PERMITTED ( 4 )
#define TCP_OPTION_SACK ( 5 )
#define TCP_OPTION_TIMESTAMPS ( 8 )
//
// TCP Flags
//
#define TCP_FLAG_URGENT ( 0x20 )
#define TCP_FLAG_ACK ( 0x10 )
#define TCP_FLAG_PUSH ( 0x8 )
#define TCP_FLAG_RESET ( 0x4 )
#define TCP_FLAG_SYN ( 0x2 )
#define TCP_FLAG_FIN ( 0x1 )
//
// TCP Field Masks
//
#define TCP_RESERVED_MASK ( 0xfc0 )
#pragma pack(pop)
//****************************************************************************
//****************************************************************************
// IDelaydC - used by a consumer to get frames after a capture has completed.
//****************************************************************************
//****************************************************************************
#define DEFAULT_DELAYED_BUFFER_SIZE ( 1 )
#define USE_DEFAULT_DRIVE_LETTER ( 0 )
#define RTC_FRAME_SIZE_FULL ( 0 )
extern RPC_IF_HANDLE __MIDL_itf_netmon_0000_v0_0_c_ifspec;
extern RPC_IF_HANDLE __MIDL_itf_netmon_0000_v0_0_s_ifspec;
#ifndef __IDelaydC_INTERFACE_DEFINED__
#define __IDelaydC_INTERFACE_DEFINED__
/* interface IDelaydC */
/* [local][unique][uuid][object] */
EXTERN_C const IID IID_IDelaydC;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("BFF9C030-B58F-11ce-B5B0-00AA006CB37D")
IDelaydC : public IUnknown
{
public:
virtual HRESULT STDMETHODCALLTYPE Connect(
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob) = 0;
virtual HRESULT STDMETHODCALLTYPE Disconnect( void) = 0;
virtual HRESULT STDMETHODCALLTYPE QueryStatus(
/* [out] */ NETWORKSTATUS *pNetworkStatus) = 0;
virtual HRESULT STDMETHODCALLTYPE Configure(
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob) = 0;
virtual HRESULT STDMETHODCALLTYPE Start(
/* [out] */ char *pFileName) = 0;
virtual HRESULT STDMETHODCALLTYPE Pause( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Resume( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Stop(
/* [out] */ LPSTATISTICS lpStats) = 0;
virtual HRESULT STDMETHODCALLTYPE GetControlState(
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused) = 0;
virtual HRESULT STDMETHODCALLTYPE GetTotalStatistics(
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading) = 0;
virtual HRESULT STDMETHODCALLTYPE GetConversationStatistics(
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading) = 0;
virtual HRESULT STDMETHODCALLTYPE InsertSpecialFrame(
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength) = 0;
virtual HRESULT STDMETHODCALLTYPE QueryStations(
/* [out][in] */ QUERYTABLE *lpQueryTable) = 0;
};
#else /* C style interface */
typedef struct IDelaydCVtbl
{
BEGIN_INTERFACE
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(
IDelaydC * This,
/* [in] */ REFIID riid,
/* [iid_is][out] */ void **ppvObject);
ULONG ( STDMETHODCALLTYPE *AddRef )(
IDelaydC * This);
ULONG ( STDMETHODCALLTYPE *Release )(
IDelaydC * This);
HRESULT ( STDMETHODCALLTYPE *Connect )(
IDelaydC * This,
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob);
HRESULT ( STDMETHODCALLTYPE *Disconnect )(
IDelaydC * This);
HRESULT ( STDMETHODCALLTYPE *QueryStatus )(
IDelaydC * This,
/* [out] */ NETWORKSTATUS *pNetworkStatus);
HRESULT ( STDMETHODCALLTYPE *Configure )(
IDelaydC * This,
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob);
HRESULT ( STDMETHODCALLTYPE *Start )(
IDelaydC * This,
/* [out] */ char *pFileName);
HRESULT ( STDMETHODCALLTYPE *Pause )(
IDelaydC * This);
HRESULT ( STDMETHODCALLTYPE *Resume )(
IDelaydC * This);
HRESULT ( STDMETHODCALLTYPE *Stop )(
IDelaydC * This,
/* [out] */ LPSTATISTICS lpStats);
HRESULT ( STDMETHODCALLTYPE *GetControlState )(
IDelaydC * This,
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused);
HRESULT ( STDMETHODCALLTYPE *GetTotalStatistics )(
IDelaydC * This,
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading);
HRESULT ( STDMETHODCALLTYPE *GetConversationStatistics )(
IDelaydC * This,
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading);
HRESULT ( STDMETHODCALLTYPE *InsertSpecialFrame )(
IDelaydC * This,
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength);
HRESULT ( STDMETHODCALLTYPE *QueryStations )(
IDelaydC * This,
/* [out][in] */ QUERYTABLE *lpQueryTable);
END_INTERFACE
} IDelaydCVtbl;
interface IDelaydC
{
CONST_VTBL struct IDelaydCVtbl *lpVtbl;
};
#ifdef COBJMACROS
#define IDelaydC_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IDelaydC_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IDelaydC_Release(This) \
(This)->lpVtbl -> Release(This)
#define IDelaydC_Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob) \
(This)->lpVtbl -> Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob)
#define IDelaydC_Disconnect(This) \
(This)->lpVtbl -> Disconnect(This)
#define IDelaydC_QueryStatus(This,pNetworkStatus) \
(This)->lpVtbl -> QueryStatus(This,pNetworkStatus)
#define IDelaydC_Configure(This,hConfigurationBlob,hErrorBlob) \
(This)->lpVtbl -> Configure(This,hConfigurationBlob,hErrorBlob)
#define IDelaydC_Start(This,pFileName) \
(This)->lpVtbl -> Start(This,pFileName)
#define IDelaydC_Pause(This) \
(This)->lpVtbl -> Pause(This)
#define IDelaydC_Resume(This) \
(This)->lpVtbl -> Resume(This)
#define IDelaydC_Stop(This,lpStats) \
(This)->lpVtbl -> Stop(This,lpStats)
#define IDelaydC_GetControlState(This,IsRunnning,IsPaused) \
(This)->lpVtbl -> GetControlState(This,IsRunnning,IsPaused)
#define IDelaydC_GetTotalStatistics(This,lpStats,fClearAfterReading) \
(This)->lpVtbl -> GetTotalStatistics(This,lpStats,fClearAfterReading)
#define IDelaydC_GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading) \
(This)->lpVtbl -> GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading)
#define IDelaydC_InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength) \
(This)->lpVtbl -> InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength)
#define IDelaydC_QueryStations(This,lpQueryTable) \
(This)->lpVtbl -> QueryStations(This,lpQueryTable)
#endif /* COBJMACROS */
#endif /* C style interface */
HRESULT STDMETHODCALLTYPE IDelaydC_Connect_Proxy(
IDelaydC * This,
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IDelaydC_Connect_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Disconnect_Proxy(
IDelaydC * This);
void __RPC_STUB IDelaydC_Disconnect_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_QueryStatus_Proxy(
IDelaydC * This,
/* [out] */ NETWORKSTATUS *pNetworkStatus);
void __RPC_STUB IDelaydC_QueryStatus_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Configure_Proxy(
IDelaydC * This,
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IDelaydC_Configure_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Start_Proxy(
IDelaydC * This,
/* [out] */ char *pFileName);
void __RPC_STUB IDelaydC_Start_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Pause_Proxy(
IDelaydC * This);
void __RPC_STUB IDelaydC_Pause_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Resume_Proxy(
IDelaydC * This);
void __RPC_STUB IDelaydC_Resume_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_Stop_Proxy(
IDelaydC * This,
/* [out] */ LPSTATISTICS lpStats);
void __RPC_STUB IDelaydC_Stop_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_GetControlState_Proxy(
IDelaydC * This,
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused);
void __RPC_STUB IDelaydC_GetControlState_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_GetTotalStatistics_Proxy(
IDelaydC * This,
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IDelaydC_GetTotalStatistics_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_GetConversationStatistics_Proxy(
IDelaydC * This,
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IDelaydC_GetConversationStatistics_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_InsertSpecialFrame_Proxy(
IDelaydC * This,
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength);
void __RPC_STUB IDelaydC_InsertSpecialFrame_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IDelaydC_QueryStations_Proxy(
IDelaydC * This,
/* [out][in] */ QUERYTABLE *lpQueryTable);
void __RPC_STUB IDelaydC_QueryStations_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
#endif /* __IDelaydC_INTERFACE_DEFINED__ */
/* interface __MIDL_itf_netmon_0010 */
/* [local] */
//****************************************************************************
//****************************************************************************
// IRTC - used by a consumer to get an interface to local entry points
// necessary to do real time capture processing. It includes a method
// for handing a callback to the NPP.
//****************************************************************************
//****************************************************************************
#define DEFAULT_RTC_BUFFER_SIZE ( 0x100000 )
extern RPC_IF_HANDLE __MIDL_itf_netmon_0010_v0_0_c_ifspec;
extern RPC_IF_HANDLE __MIDL_itf_netmon_0010_v0_0_s_ifspec;
#ifndef __IRTC_INTERFACE_DEFINED__
#define __IRTC_INTERFACE_DEFINED__
/* interface IRTC */
/* [local][unique][uuid][object] */
EXTERN_C const IID IID_IRTC;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("4811EA40-B582-11ce-B5AF-00AA006CB37D")
IRTC : public IUnknown
{
public:
virtual HRESULT STDMETHODCALLTYPE Connect(
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID FramesCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob) = 0;
virtual HRESULT STDMETHODCALLTYPE Disconnect( void) = 0;
virtual HRESULT STDMETHODCALLTYPE QueryStatus(
/* [out] */ NETWORKSTATUS *pNetworkStatus) = 0;
virtual HRESULT STDMETHODCALLTYPE Configure(
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob) = 0;
virtual HRESULT STDMETHODCALLTYPE Start( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Pause( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Resume( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Stop( void) = 0;
virtual HRESULT STDMETHODCALLTYPE GetControlState(
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused) = 0;
virtual HRESULT STDMETHODCALLTYPE GetTotalStatistics(
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading) = 0;
virtual HRESULT STDMETHODCALLTYPE GetConversationStatistics(
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading) = 0;
virtual HRESULT STDMETHODCALLTYPE InsertSpecialFrame(
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength) = 0;
virtual HRESULT STDMETHODCALLTYPE QueryStations(
/* [out][in] */ QUERYTABLE *lpQueryTable) = 0;
};
#else /* C style interface */
typedef struct IRTCVtbl
{
BEGIN_INTERFACE
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(
IRTC * This,
/* [in] */ REFIID riid,
/* [iid_is][out] */ void **ppvObject);
ULONG ( STDMETHODCALLTYPE *AddRef )(
IRTC * This);
ULONG ( STDMETHODCALLTYPE *Release )(
IRTC * This);
HRESULT ( STDMETHODCALLTYPE *Connect )(
IRTC * This,
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID FramesCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob);
HRESULT ( STDMETHODCALLTYPE *Disconnect )(
IRTC * This);
HRESULT ( STDMETHODCALLTYPE *QueryStatus )(
IRTC * This,
/* [out] */ NETWORKSTATUS *pNetworkStatus);
HRESULT ( STDMETHODCALLTYPE *Configure )(
IRTC * This,
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob);
HRESULT ( STDMETHODCALLTYPE *Start )(
IRTC * This);
HRESULT ( STDMETHODCALLTYPE *Pause )(
IRTC * This);
HRESULT ( STDMETHODCALLTYPE *Resume )(
IRTC * This);
HRESULT ( STDMETHODCALLTYPE *Stop )(
IRTC * This);
HRESULT ( STDMETHODCALLTYPE *GetControlState )(
IRTC * This,
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused);
HRESULT ( STDMETHODCALLTYPE *GetTotalStatistics )(
IRTC * This,
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading);
HRESULT ( STDMETHODCALLTYPE *GetConversationStatistics )(
IRTC * This,
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading);
HRESULT ( STDMETHODCALLTYPE *InsertSpecialFrame )(
IRTC * This,
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength);
HRESULT ( STDMETHODCALLTYPE *QueryStations )(
IRTC * This,
/* [out][in] */ QUERYTABLE *lpQueryTable);
END_INTERFACE
} IRTCVtbl;
interface IRTC
{
CONST_VTBL struct IRTCVtbl *lpVtbl;
};
#ifdef COBJMACROS
#define IRTC_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IRTC_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IRTC_Release(This) \
(This)->lpVtbl -> Release(This)
#define IRTC_Connect(This,hInputBlob,StatusCallbackProc,FramesCallbackProc,UserContext,hErrorBlob) \
(This)->lpVtbl -> Connect(This,hInputBlob,StatusCallbackProc,FramesCallbackProc,UserContext,hErrorBlob)
#define IRTC_Disconnect(This) \
(This)->lpVtbl -> Disconnect(This)
#define IRTC_QueryStatus(This,pNetworkStatus) \
(This)->lpVtbl -> QueryStatus(This,pNetworkStatus)
#define IRTC_Configure(This,hConfigurationBlob,hErrorBlob) \
(This)->lpVtbl -> Configure(This,hConfigurationBlob,hErrorBlob)
#define IRTC_Start(This) \
(This)->lpVtbl -> Start(This)
#define IRTC_Pause(This) \
(This)->lpVtbl -> Pause(This)
#define IRTC_Resume(This) \
(This)->lpVtbl -> Resume(This)
#define IRTC_Stop(This) \
(This)->lpVtbl -> Stop(This)
#define IRTC_GetControlState(This,IsRunnning,IsPaused) \
(This)->lpVtbl -> GetControlState(This,IsRunnning,IsPaused)
#define IRTC_GetTotalStatistics(This,lpStats,fClearAfterReading) \
(This)->lpVtbl -> GetTotalStatistics(This,lpStats,fClearAfterReading)
#define IRTC_GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading) \
(This)->lpVtbl -> GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading)
#define IRTC_InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength) \
(This)->lpVtbl -> InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength)
#define IRTC_QueryStations(This,lpQueryTable) \
(This)->lpVtbl -> QueryStations(This,lpQueryTable)
#endif /* COBJMACROS */
#endif /* C style interface */
HRESULT STDMETHODCALLTYPE IRTC_Connect_Proxy(
IRTC * This,
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID FramesCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IRTC_Connect_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Disconnect_Proxy(
IRTC * This);
void __RPC_STUB IRTC_Disconnect_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_QueryStatus_Proxy(
IRTC * This,
/* [out] */ NETWORKSTATUS *pNetworkStatus);
void __RPC_STUB IRTC_QueryStatus_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Configure_Proxy(
IRTC * This,
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IRTC_Configure_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Start_Proxy(
IRTC * This);
void __RPC_STUB IRTC_Start_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Pause_Proxy(
IRTC * This);
void __RPC_STUB IRTC_Pause_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Resume_Proxy(
IRTC * This);
void __RPC_STUB IRTC_Resume_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_Stop_Proxy(
IRTC * This);
void __RPC_STUB IRTC_Stop_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_GetControlState_Proxy(
IRTC * This,
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused);
void __RPC_STUB IRTC_GetControlState_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_GetTotalStatistics_Proxy(
IRTC * This,
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IRTC_GetTotalStatistics_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_GetConversationStatistics_Proxy(
IRTC * This,
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IRTC_GetConversationStatistics_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_InsertSpecialFrame_Proxy(
IRTC * This,
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength);
void __RPC_STUB IRTC_InsertSpecialFrame_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IRTC_QueryStations_Proxy(
IRTC * This,
/* [out][in] */ QUERYTABLE *lpQueryTable);
void __RPC_STUB IRTC_QueryStations_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
#endif /* __IRTC_INTERFACE_DEFINED__ */
/* interface __MIDL_itf_netmon_0012 */
/* [local] */
//****************************************************************************
//****************************************************************************
// IStats - used by a consumer to get just statistics, no frames.
//****************************************************************************
//****************************************************************************
extern RPC_IF_HANDLE __MIDL_itf_netmon_0012_v0_0_c_ifspec;
extern RPC_IF_HANDLE __MIDL_itf_netmon_0012_v0_0_s_ifspec;
#ifndef __IStats_INTERFACE_DEFINED__
#define __IStats_INTERFACE_DEFINED__
/* interface IStats */
/* [local][unique][uuid][object] */
EXTERN_C const IID IID_IStats;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("944AD530-B09D-11ce-B59C-00AA006CB37D")
IStats : public IUnknown
{
public:
virtual HRESULT STDMETHODCALLTYPE Connect(
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob) = 0;
virtual HRESULT STDMETHODCALLTYPE Disconnect( void) = 0;
virtual HRESULT STDMETHODCALLTYPE QueryStatus(
/* [out] */ NETWORKSTATUS *pNetworkStatus) = 0;
virtual HRESULT STDMETHODCALLTYPE Configure(
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob) = 0;
virtual HRESULT STDMETHODCALLTYPE Start( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Pause( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Resume( void) = 0;
virtual HRESULT STDMETHODCALLTYPE Stop( void) = 0;
virtual HRESULT STDMETHODCALLTYPE GetControlState(
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused) = 0;
virtual HRESULT STDMETHODCALLTYPE GetTotalStatistics(
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading) = 0;
virtual HRESULT STDMETHODCALLTYPE GetConversationStatistics(
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading) = 0;
virtual HRESULT STDMETHODCALLTYPE InsertSpecialFrame(
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength) = 0;
virtual HRESULT STDMETHODCALLTYPE QueryStations(
/* [out][in] */ QUERYTABLE *lpQueryTable) = 0;
};
#else /* C style interface */
typedef struct IStatsVtbl
{
BEGIN_INTERFACE
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(
IStats * This,
/* [in] */ REFIID riid,
/* [iid_is][out] */ void **ppvObject);
ULONG ( STDMETHODCALLTYPE *AddRef )(
IStats * This);
ULONG ( STDMETHODCALLTYPE *Release )(
IStats * This);
HRESULT ( STDMETHODCALLTYPE *Connect )(
IStats * This,
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob);
HRESULT ( STDMETHODCALLTYPE *Disconnect )(
IStats * This);
HRESULT ( STDMETHODCALLTYPE *QueryStatus )(
IStats * This,
/* [out] */ NETWORKSTATUS *pNetworkStatus);
HRESULT ( STDMETHODCALLTYPE *Configure )(
IStats * This,
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob);
HRESULT ( STDMETHODCALLTYPE *Start )(
IStats * This);
HRESULT ( STDMETHODCALLTYPE *Pause )(
IStats * This);
HRESULT ( STDMETHODCALLTYPE *Resume )(
IStats * This);
HRESULT ( STDMETHODCALLTYPE *Stop )(
IStats * This);
HRESULT ( STDMETHODCALLTYPE *GetControlState )(
IStats * This,
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused);
HRESULT ( STDMETHODCALLTYPE *GetTotalStatistics )(
IStats * This,
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading);
HRESULT ( STDMETHODCALLTYPE *GetConversationStatistics )(
IStats * This,
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading);
HRESULT ( STDMETHODCALLTYPE *InsertSpecialFrame )(
IStats * This,
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength);
HRESULT ( STDMETHODCALLTYPE *QueryStations )(
IStats * This,
/* [out][in] */ QUERYTABLE *lpQueryTable);
END_INTERFACE
} IStatsVtbl;
interface IStats
{
CONST_VTBL struct IStatsVtbl *lpVtbl;
};
#ifdef COBJMACROS
#define IStats_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IStats_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IStats_Release(This) \
(This)->lpVtbl -> Release(This)
#define IStats_Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob) \
(This)->lpVtbl -> Connect(This,hInputBlob,StatusCallbackProc,UserContext,hErrorBlob)
#define IStats_Disconnect(This) \
(This)->lpVtbl -> Disconnect(This)
#define IStats_QueryStatus(This,pNetworkStatus) \
(This)->lpVtbl -> QueryStatus(This,pNetworkStatus)
#define IStats_Configure(This,hConfigurationBlob,hErrorBlob) \
(This)->lpVtbl -> Configure(This,hConfigurationBlob,hErrorBlob)
#define IStats_Start(This) \
(This)->lpVtbl -> Start(This)
#define IStats_Pause(This) \
(This)->lpVtbl -> Pause(This)
#define IStats_Resume(This) \
(This)->lpVtbl -> Resume(This)
#define IStats_Stop(This) \
(This)->lpVtbl -> Stop(This)
#define IStats_GetControlState(This,IsRunnning,IsPaused) \
(This)->lpVtbl -> GetControlState(This,IsRunnning,IsPaused)
#define IStats_GetTotalStatistics(This,lpStats,fClearAfterReading) \
(This)->lpVtbl -> GetTotalStatistics(This,lpStats,fClearAfterReading)
#define IStats_GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading) \
(This)->lpVtbl -> GetConversationStatistics(This,nSessions,lpSessionStats,nStations,lpStationStats,fClearAfterReading)
#define IStats_InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength) \
(This)->lpVtbl -> InsertSpecialFrame(This,FrameType,Flags,pUserData,UserDataLength)
#define IStats_QueryStations(This,lpQueryTable) \
(This)->lpVtbl -> QueryStations(This,lpQueryTable)
#endif /* COBJMACROS */
#endif /* C style interface */
HRESULT STDMETHODCALLTYPE IStats_Connect_Proxy(
IStats * This,
/* [in] */ HBLOB hInputBlob,
/* [in] */ LPVOID StatusCallbackProc,
/* [in] */ LPVOID UserContext,
/* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IStats_Connect_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Disconnect_Proxy(
IStats * This);
void __RPC_STUB IStats_Disconnect_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_QueryStatus_Proxy(
IStats * This,
/* [out] */ NETWORKSTATUS *pNetworkStatus);
void __RPC_STUB IStats_QueryStatus_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Configure_Proxy(
IStats * This,
/* [in] */ HBLOB hConfigurationBlob,
/* [out] */ HBLOB hErrorBlob);
void __RPC_STUB IStats_Configure_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Start_Proxy(
IStats * This);
void __RPC_STUB IStats_Start_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Pause_Proxy(
IStats * This);
void __RPC_STUB IStats_Pause_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Resume_Proxy(
IStats * This);
void __RPC_STUB IStats_Resume_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_Stop_Proxy(
IStats * This);
void __RPC_STUB IStats_Stop_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_GetControlState_Proxy(
IStats * This,
/* [out] */ BOOL *IsRunnning,
/* [out] */ BOOL *IsPaused);
void __RPC_STUB IStats_GetControlState_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_GetTotalStatistics_Proxy(
IStats * This,
/* [out] */ LPSTATISTICS lpStats,
/* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IStats_GetTotalStatistics_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_GetConversationStatistics_Proxy(
IStats * This,
/* [out] */ DWORD *nSessions,
/* [size_is][out] */ LPSESSIONSTATS lpSessionStats,
/* [out] */ DWORD *nStations,
/* [size_is][out] */ LPSTATIONSTATS lpStationStats,
/* [in] */ BOOL fClearAfterReading);
void __RPC_STUB IStats_GetConversationStatistics_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_InsertSpecialFrame_Proxy(
IStats * This,
/* [in] */ DWORD FrameType,
/* [in] */ DWORD Flags,
/* [in] */ BYTE *pUserData,
/* [in] */ DWORD UserDataLength);
void __RPC_STUB IStats_InsertSpecialFrame_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
HRESULT STDMETHODCALLTYPE IStats_QueryStations_Proxy(
IStats * This,
/* [out][in] */ QUERYTABLE *lpQueryTable);
void __RPC_STUB IStats_QueryStations_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
#endif /* __IStats_INTERFACE_DEFINED__ */
/* interface __MIDL_itf_netmon_0014 */
/* [local] */
#pragma warning(default:4200)
#pragma pack()
extern RPC_IF_HANDLE __MIDL_itf_netmon_0014_v0_0_c_ifspec;
extern RPC_IF_HANDLE __MIDL_itf_netmon_0014_v0_0_s_ifspec;
/* Additional Prototypes for ALL interfaces */
/* end of Additional Prototypes */
#ifdef __cplusplus
}
#endif
#endif