Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

5248 lines
231 KiB

cpp_quote("//=============================================================================")
cpp_quote("// Microsoft (R) Network Monitor (tm). ")
cpp_quote("// Copyright (C) Microsoft Corporation. All rights reserved.")
cpp_quote("//")
cpp_quote("// MODULE: netmon.h")
cpp_quote("//")
cpp_quote("// This is the consolidated include file for all Network Monitor components.")
cpp_quote("//")
cpp_quote("// It contains the contents of these files from previous SDKs:")
cpp_quote("//")
cpp_quote("// NPPTypes.h")
cpp_quote("// Finder.h")
cpp_quote("// NMSupp.h")
cpp_quote("// BHTypes.h")
cpp_quote("// NMErr.h")
cpp_quote("// BHFilter.h")
cpp_quote("// Frame.h")
cpp_quote("// Parser.h")
cpp_quote("// IniLib.h")
cpp_quote("// NMExpert.h (previously Expert.h)")
cpp_quote("// Netmon.h (previously bh.h)")
cpp_quote("// NMBlob.h (previously blob.h)")
cpp_quote("// NMRegHelp.h (previously reghelp.h)")
cpp_quote("// NMIpStructs.h (previously IpStructs.h)")
cpp_quote("// NMIcmpStructs.h (previously IcmpStructs.h)")
cpp_quote("// NMIpxStructs.h (previously IpxStructs.h)")
cpp_quote("// NMTcpStructs.h (previously TcpStructs.h)")
cpp_quote("//")
cpp_quote("// IDelaydC.idl")
cpp_quote("// IRTC.idl")
cpp_quote("// IStats.idl")
cpp_quote("//")
cpp_quote("//=============================================================================")
import "unknwn.idl";
cpp_quote("#include <winerror.h>")
cpp_quote("#include <winerror.h>")
//cpp_quote("#include <tchar.h>")
// this first part is so that the idl file gets the proper packing
#ifdef _X86_
#pragma pack(1)
#else
#pragma pack()
#endif
cpp_quote("// For backward compatability with old SDK versions, all structures within this header")
cpp_quote("// file will be byte packed on x86 platforms. All other platforms will only have those")
cpp_quote("// structures that will be used to decode network data packed.")
// this next part is so that the resultant header file will be correct regardless of
// which platform the idl file was compiled for
cpp_quote("#ifdef _X86_")
cpp_quote("#pragma pack(1)")
cpp_quote("#else")
cpp_quote("#pragma pack()")
cpp_quote("#endif")
cpp_quote("")
cpp_quote("// yes we know that many of our structures have:")
cpp_quote("// warning C4200: nonstandard extension used : zero-sized array in struct/union")
cpp_quote("// this is OK and intended")
#pragma warning(disable:4200)
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NPPTypes.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
// normally MAX_PATH is not defined for our MIDL builds
#ifndef MAX_PATH
#define MAX_PATH 260
#endif
#ifndef LPBYTE
typedef BYTE *LPBYTE;
#endif //LPBYTE
typedef const void * HBLOB;
cpp_quote("//=============================================================================")
cpp_quote("// General constants.")
cpp_quote("//=============================================================================")
const DWORD MAC_TYPE_UNKNOWN = 0;
const DWORD MAC_TYPE_ETHERNET = 1;
const DWORD MAC_TYPE_TOKENRING = 2;
const DWORD MAC_TYPE_FDDI = 3;
const DWORD MAC_TYPE_ATM = 4;
const DWORD MAC_TYPE_1394 = 5;
const DWORD MACHINE_NAME_LENGTH = 16 ;
const DWORD USER_NAME_LENGTH = 32 ;
const DWORD ADAPTER_COMMENT_LENGTH = 32 ;
const DWORD CONNECTION_FLAGS_WANT_CONVERSATION_STATS =0x00000001;
cpp_quote("//=============================================================================")
cpp_quote("// Transmit statistics structure.")
cpp_quote("//=============================================================================")
typedef struct _TRANSMITSTATS
{
DWORD TotalFramesSent;
DWORD TotalBytesSent;
DWORD TotalTransmitErrors;
} TRANSMITSTATS;
typedef TRANSMITSTATS *LPTRANSMITSTATS;
const DWORD TRANSMITSTATS_SIZE =sizeof(TRANSMITSTATS);
cpp_quote("//=============================================================================")
cpp_quote("// Statistics structure.")
cpp_quote("//=============================================================================")
typedef struct _STATISTICS
{
__int64 TimeElapsed; // in millionths of a second
//...Buffer statistics
DWORD TotalFramesCaptured;
DWORD TotalBytesCaptured;
//...Filtered statistics
DWORD TotalFramesFiltered;
DWORD TotalBytesFiltered;
DWORD TotalMulticastsFiltered;
DWORD TotalBroadcastsFiltered;
//...Overall statistics.
DWORD TotalFramesSeen;
DWORD TotalBytesSeen;
DWORD TotalMulticastsReceived;
DWORD TotalBroadcastsReceived;
DWORD TotalFramesDropped;
DWORD TotalFramesDroppedFromBuffer;
//... Statistics kept by MAC driver.
DWORD MacFramesReceived;
DWORD MacCRCErrors;
__int64 MacBytesReceivedEx;
DWORD MacFramesDropped_NoBuffers;
DWORD MacMulticastsReceived;
DWORD MacBroadcastsReceived;
DWORD MacFramesDropped_HwError;
} STATISTICS;
typedef STATISTICS *LPSTATISTICS;
const DWORD STATISTICS_SIZE =sizeof(STATISTICS);
cpp_quote("//=============================================================================")
cpp_quote("// Address structures")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// These structures are used to decode network data and so need to be packed")
#pragma pack(push, 1)
const DWORD MAX_NAME_SIZE =32;
const DWORD IP_ADDRESS_SIZE =4;
const DWORD MAC_ADDRESS_SIZE =6;
const DWORD IP6_ADDRESS_SIZE =16;
cpp_quote("// Q: What is the maximum address size that we could have to copy?")
cpp_quote("// A: IP6 ")
const DWORD MAX_ADDRESS_SIZE =16;
const DWORD ADDRESS_TYPE_ETHERNET =0;
const DWORD ADDRESS_TYPE_IP =1;
const DWORD ADDRESS_TYPE_IPX =2;
const DWORD ADDRESS_TYPE_TOKENRING =3;
const DWORD ADDRESS_TYPE_FDDI =4;
const DWORD ADDRESS_TYPE_XNS =5;
const DWORD ADDRESS_TYPE_ANY =6;
const DWORD ADDRESS_TYPE_ANY_GROUP =7;
const DWORD ADDRESS_TYPE_FIND_HIGHEST =8;
const DWORD ADDRESS_TYPE_VINES_IP =9;
const DWORD ADDRESS_TYPE_LOCAL_ONLY =10;
const DWORD ADDRESS_TYPE_ATM =11;
const DWORD ADDRESS_TYPE_1394 =12;
const DWORD ADDRESS_TYPE_IP6 =13;
const DWORD ADDRESSTYPE_FLAGS_NORMALIZE =0x0001 ;
const DWORD ADDRESSTYPE_FLAGS_BIT_REVERSE =0x0002 ;
cpp_quote("// Vines IP Address Structure")
typedef struct _VINES_IP_ADDRESS
{
DWORD NetID;
WORD SubnetID;
} VINES_IP_ADDRESS;
typedef VINES_IP_ADDRESS *LPVINES_IP_ADDRESS;
const DWORD VINES_IP_ADDRESS_SIZE =sizeof(VINES_IP_ADDRESS);
cpp_quote("// IPX Address Structure")
typedef struct _IPX_ADDR
{
BYTE Subnet[4];
BYTE Address[6];
} IPX_ADDR;
typedef IPX_ADDR *LPIPX_ADDR;
const DWORD IPX_ADDR_SIZE =sizeof(IPX_ADDR);
cpp_quote("// XNS Address Structure")
typedef IPX_ADDR XNS_ADDRESS;
typedef IPX_ADDR *LPXNS_ADDRESS;
// structure contains a bitfield, so must cpp_quote
cpp_quote("// ETHERNET SOURCE ADDRESS")
cpp_quote("typedef struct _ETHERNET_SRC_ADDRESS")
cpp_quote("{")
cpp_quote(" BYTE RoutingBit: 1;")
cpp_quote(" BYTE LocalBit: 1;")
cpp_quote(" BYTE Byte0: 6;")
cpp_quote(" BYTE Reserved[5];")
cpp_quote("")
cpp_quote("} ETHERNET_SRC_ADDRESS;")
cpp_quote("typedef ETHERNET_SRC_ADDRESS *LPETHERNET_SRC_ADDRESS;")
// structure contains a bitfield, so must cpp_quote
cpp_quote("// ETHERNET DESTINATION ADDRESS")
cpp_quote("typedef struct _ETHERNET_DST_ADDRESS")
cpp_quote("{")
cpp_quote(" BYTE GroupBit: 1;")
cpp_quote(" BYTE AdminBit: 1;")
cpp_quote(" BYTE Byte0: 6;")
cpp_quote(" BYTE Reserved[5];")
cpp_quote("} ETHERNET_DST_ADDRESS;")
cpp_quote("typedef ETHERNET_DST_ADDRESS *LPETHERNET_DST_ADDRESS;")
cpp_quote("")
cpp_quote("// FDDI addresses")
cpp_quote("typedef ETHERNET_SRC_ADDRESS FDDI_SRC_ADDRESS;")
cpp_quote("typedef ETHERNET_DST_ADDRESS FDDI_DST_ADDRESS;")
cpp_quote("")
cpp_quote("typedef FDDI_SRC_ADDRESS *LPFDDI_SRC_ADDRESS;")
cpp_quote("typedef FDDI_DST_ADDRESS *LPFDDI_DST_ADDRESS;")
cpp_quote("")
// structure contains a bitfield, so must cpp_quote
cpp_quote("// TOKENRING Source Address")
cpp_quote("typedef struct _TOKENRING_SRC_ADDRESS")
cpp_quote("{")
cpp_quote(" BYTE Byte0: 6;")
cpp_quote(" BYTE LocalBit: 1;")
cpp_quote(" BYTE RoutingBit: 1;")
cpp_quote(" BYTE Byte1;")
cpp_quote(" BYTE Byte2: 7;")
cpp_quote(" BYTE Functional: 1;")
cpp_quote(" BYTE Reserved[3];")
cpp_quote("} TOKENRING_SRC_ADDRESS;")
cpp_quote("typedef TOKENRING_SRC_ADDRESS *LPTOKENRING_SRC_ADDRESS;")
cpp_quote("")
// structure contains a bitfield, so must cpp_quote
cpp_quote("// TOKENRING Destination Address")
cpp_quote("typedef struct _TOKENRING_DST_ADDRESS")
cpp_quote("{")
cpp_quote(" BYTE Byte0: 6;")
cpp_quote(" BYTE AdminBit: 1;")
cpp_quote(" BYTE GroupBit: 1;")
cpp_quote(" BYTE Reserved[5];")
cpp_quote("} TOKENRING_DST_ADDRESS;")
cpp_quote("typedef TOKENRING_DST_ADDRESS *LPTOKENRING_DST_ADDRESS;")
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("// Address Structure")
cpp_quote("typedef struct _ADDRESS2")
cpp_quote("{")
cpp_quote(" DWORD Type;")
cpp_quote("")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" // ADDRESS_TYPE_ETHERNET")
cpp_quote(" // ADDRESS_TYPE_TOKENRING")
cpp_quote(" // ADDRESS_TYPE_FDDI")
cpp_quote(" BYTE MACAddress[MAC_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // IP")
cpp_quote(" BYTE IPAddress[IP_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // IP6")
cpp_quote(" BYTE IP6Address[IP6_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // raw IPX")
cpp_quote(" BYTE IPXRawAddress[IPX_ADDR_SIZE];")
cpp_quote("")
cpp_quote(" // real IPX")
cpp_quote(" IPX_ADDR IPXAddress;")
cpp_quote("")
cpp_quote(" // raw Vines IP")
cpp_quote(" BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // real Vines IP")
cpp_quote(" VINES_IP_ADDRESS VinesIPAddress;")
cpp_quote("")
cpp_quote(" // ethernet with bits defined")
cpp_quote(" ETHERNET_SRC_ADDRESS EthernetSrcAddress;")
cpp_quote("")
cpp_quote(" // ethernet with bits defined")
cpp_quote(" ETHERNET_DST_ADDRESS EthernetDstAddress;")
cpp_quote("")
cpp_quote(" // tokenring with bits defined")
cpp_quote(" TOKENRING_SRC_ADDRESS TokenringSrcAddress;")
cpp_quote("")
cpp_quote(" // tokenring with bits defined")
cpp_quote(" TOKENRING_DST_ADDRESS TokenringDstAddress;")
cpp_quote("")
cpp_quote(" // fddi with bits defined")
cpp_quote(" FDDI_SRC_ADDRESS FddiSrcAddress;")
cpp_quote("")
cpp_quote(" // fddi with bits defined")
cpp_quote(" FDDI_DST_ADDRESS FddiDstAddress;")
cpp_quote(" };")
cpp_quote(" ")
cpp_quote(" WORD Flags;")
cpp_quote("} ADDRESS2;")
cpp_quote("typedef ADDRESS2 *LPADDRESS2;")
cpp_quote("#define ADDRESS2_SIZE sizeof(ADDRESS2)")
cpp_quote("")
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// Address Pair Structure")
cpp_quote("//=============================================================================")
const DWORD ADDRESS_FLAGS_MATCH_DST =0x0001;
const DWORD ADDRESS_FLAGS_MATCH_SRC =0x0002;
const DWORD ADDRESS_FLAGS_EXCLUDE =0x0004;
const DWORD ADDRESS_FLAGS_DST_GROUP_ADDR =0x0008;
const DWORD ADDRESS_FLAGS_MATCH_BOTH =0x0003;
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("typedef struct _ADDRESSPAIR2")
cpp_quote("{")
cpp_quote(" WORD AddressFlags;")
cpp_quote(" WORD NalReserved;")
cpp_quote(" ADDRESS2 DstAddress;")
cpp_quote(" ADDRESS2 SrcAddress;")
cpp_quote("")
cpp_quote("} ADDRESSPAIR2;")
cpp_quote("typedef ADDRESSPAIR2 *LPADDRESSPAIR2;")
cpp_quote("#define ADDRESSPAIR2_SIZE sizeof(ADDRESSPAIR2)")
cpp_quote("//=============================================================================")
cpp_quote("// Address table.")
cpp_quote("//=============================================================================")
const DWORD MAX_ADDRESS_PAIRS =8;
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("typedef struct _ADDRESSTABLE2")
cpp_quote("{")
cpp_quote(" DWORD nAddressPairs;")
cpp_quote(" DWORD nNonMacAddressPairs;")
cpp_quote(" ADDRESSPAIR2 AddressPair[MAX_ADDRESS_PAIRS];")
cpp_quote("")
cpp_quote("} ADDRESSTABLE2;")
cpp_quote("")
cpp_quote("typedef ADDRESSTABLE2 *LPADDRESSTABLE2;")
cpp_quote("#define ADDRESSTABLE2_SIZE sizeof(ADDRESSTABLE2)")
cpp_quote("//=============================================================================")
cpp_quote("// Network information.")
cpp_quote("//=============================================================================")
const DWORD NETWORKINFO_FLAGS_PMODE_NOT_SUPPORTED =0x00000001;
const DWORD NETWORKINFO_FLAGS_REMOTE_NAL =0x00000004;
const DWORD NETWORKINFO_FLAGS_REMOTE_NAL_CONNECTED =0x00000008;
const DWORD NETWORKINFO_FLAGS_REMOTE_CARD =0x00000010;
const DWORD NETWORKINFO_FLAGS_RAS =0x00000020;
cpp_quote("#define NETWORKINFO_RESERVED_FIELD_SIZE (FIELD_OFFSET(ADDRESS2,IPXAddress) + sizeof(IPX_ADDR))")
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("typedef struct _NETWORKINFO")
cpp_quote("{")
cpp_quote(" BYTE PermanentAddr[6]; //... Permanent MAC address")
cpp_quote(" BYTE CurrentAddr[6]; //... Current MAC address")
cpp_quote(" BYTE Reserved[NETWORKINFO_RESERVED_FIELD_SIZE];")
cpp_quote(" DWORD LinkSpeed; //... Link speed in Mbits.")
cpp_quote(" DWORD MacType; //... Media type.")
cpp_quote(" DWORD MaxFrameSize; //... Max frame size allowed.")
cpp_quote(" DWORD Flags; //... Informational flags.")
cpp_quote(" DWORD TimestampScaleFactor; //... 1 = 1/1 ms, 10 = 1/10 ms, 100 = 1/100 ms, etc.")
cpp_quote(" BYTE NodeName[32]; //... Name of remote workstation.")
cpp_quote(" BOOL PModeSupported; //... Card claims to support P-Mode")
cpp_quote(" BYTE Comment[ADAPTER_COMMENT_LENGTH]; // Adapter comment field.")
cpp_quote("")
cpp_quote("} NETWORKINFO;")
cpp_quote("typedef NETWORKINFO *LPNETWORKINFO;")
cpp_quote("#define NETWORKINFO_SIZE sizeof(NETWORKINFO)")
const DWORD MINIMUM_FRAME_SIZE =32;
cpp_quote("//=============================================================================")
cpp_quote("// Pattern structure.")
cpp_quote("//=============================================================================")
const DWORD MAX_PATTERN_LENGTH =16 ;
cpp_quote("// When set this flag will cause those frames which do NOT have the specified pattern")
cpp_quote("// in the proper stop to be kept.")
const DWORD PATTERN_MATCH_FLAGS_NOT =0x00000001;
// This flag was used in previous versions of Network Monitor and its value is therefore
// reserved for compatability reasons
const DWORD PATTERN_MATCH_FLAGS_RESERVED_1 =0x00000002;
cpp_quote("// When set this flag indicates that the user is not interested in a pattern match within ")
cpp_quote("// IP or IPX, but in the protocol that follows. The driver will ensure that the protocol")
cpp_quote("// given in OffsetBasis is there and then that the port in the fram matches the port given.")
cpp_quote("// It will then calculate the offset from the beginning of the protocol that follows IP or IPX.")
cpp_quote("// NOTE: This flag is ignored if it is used with any OffsetBasis other than ")
cpp_quote("// OFFSET_BASIS_RELATIVE_TO_IPX or OFFSET_BASIS_RELATIVE_TO_IP")
const DWORD PATTERN_MATCH_FLAGS_PORT_SPECIFIED =0x00000008;
cpp_quote("// The offset given is relative to the beginning of the frame. The ")
cpp_quote("// PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.")
const DWORD OFFSET_BASIS_RELATIVE_TO_FRAME =0;
cpp_quote("// The offset given is relative to the beginning of the Effective Protocol.")
cpp_quote("// The Effective Protocol is defined as the protocol that follows")
cpp_quote("// the last protocol that determines Etype/SAP. In normal terms this means ")
cpp_quote("// that the Effective Protocol will be IP, IPX, XNS, or any of their ilk.")
cpp_quote("// The PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.")
const DWORD OFFSET_BASIS_RELATIVE_TO_EFFECTIVE_PROTOCOL =1;
cpp_quote("// The offset given is relative to the beginning of IPX. If IPX is not present")
cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED")
cpp_quote("// flag is set then the offset is relative to the beginning of the protocol")
cpp_quote("// which follows IPX.")
const DWORD OFFSET_BASIS_RELATIVE_TO_IPX =2;
cpp_quote("// The offset given is relative to the beginning of IP. If IP is not present")
cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED")
cpp_quote("// flag is set then the offset is relative to the beginning of the protocol")
cpp_quote("// which follows IP.")
const DWORD OFFSET_BASIS_RELATIVE_TO_IP =3;
cpp_quote("// The offset given is relative to the beginning of IP6. If IP6 is not present")
cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED")
cpp_quote("// flag is set then the offset is relative to the beginning of the protocol")
cpp_quote("// which follows IP6.")
const DWORD OFFSET_BASIS_RELATIVE_TO_IP6 =4;
typedef union
{
BYTE NextHeader; // IPV6
BYTE IPPort;
WORD ByteSwappedIPXPort;
} GENERIC_PORT;
typedef struct _PATTERNMATCH
{
DWORD Flags;
BYTE OffsetBasis;
GENERIC_PORT Port;
WORD Offset;
WORD Length;
BYTE PatternToMatch[MAX_PATTERN_LENGTH];
} PATTERNMATCH;
typedef PATTERNMATCH *LPPATTERNMATCH;
const DWORD PATTERNMATCH_SIZE =sizeof(PATTERNMATCH);
cpp_quote("//=============================================================================")
cpp_quote("// Expression structure.")
cpp_quote("//=============================================================================")
const DWORD MAX_PATTERNS =4;
typedef struct _ANDEXP
{
DWORD nPatternMatches;
PATTERNMATCH PatternMatch[MAX_PATTERNS];
} ANDEXP;
typedef ANDEXP *LPANDEXP;
const DWORD ANDEXP_SIZE =sizeof(ANDEXP);
typedef struct _EXPRESSION
{
DWORD nAndExps;
ANDEXP AndExp[MAX_PATTERNS];
} EXPRESSION;
typedef EXPRESSION *LPEXPRESSION;
const DWORD EXPRESSION_SIZE =sizeof(EXPRESSION);
cpp_quote("//=============================================================================")
cpp_quote("// Trigger.")
cpp_quote("//=============================================================================")
const BYTE TRIGGER_TYPE_PATTERN_MATCH =1;
const BYTE TRIGGER_TYPE_BUFFER_CONTENT =2;
const BYTE TRIGGER_TYPE_PATTERN_MATCH_THEN_BUFFER_CONTENT =3;
const BYTE TRIGGER_TYPE_BUFFER_CONTENT_THEN_PATTERN_MATCH =4;
const DWORD TRIGGER_FLAGS_FRAME_RELATIVE =0x00000000 ;
const DWORD TRIGGER_FLAGS_DATA_RELATIVE =0x00000001 ;
const BYTE TRIGGER_ACTION_NOTIFY =0x00 ;
const BYTE TRIGGER_ACTION_STOP =0x02 ;
const BYTE TRIGGER_ACTION_PAUSE =0x03 ;
const DWORD TRIGGER_BUFFER_FULL_25_PERCENT =0 ;
const DWORD TRIGGER_BUFFER_FULL_50_PERCENT =1 ;
const DWORD TRIGGER_BUFFER_FULL_75_PERCENT =2 ;
const DWORD TRIGGER_BUFFER_FULL_100_PERCENT =3 ;
typedef struct _TRIGGER
{
BOOL TriggerActive; //... Whether trigger is running
BYTE TriggerType; //... Opcode of trigger
BYTE TriggerAction; //... Action to take when trigger occurs.
DWORD TriggerFlags; //... Trigger flags.
PATTERNMATCH TriggerPatternMatch; //... Trigger pattern match.
DWORD TriggerBufferSize; //... Trigger buffer size.
DWORD TriggerReserved; //... Set to all zeros - do not use
char TriggerCommandLine[MAX_PATH];
} TRIGGER;
typedef TRIGGER *LPTRIGGER;
const DWORD TRIGGER_SIZE =sizeof(TRIGGER);
cpp_quote("//=============================================================================")
cpp_quote("// Capture filter.")
cpp_quote("//=============================================================================")
cpp_quote("// Capture filter flags. By default all frames are rejected and")
cpp_quote("// Network Monitor enables them based on the CAPTUREFILTER flags")
cpp_quote("// defined below.")
const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS =0x0001;
const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES =0x0002;
const DWORD CAPTUREFILTER_FLAGS_TRIGGER =0x0004;
const DWORD CAPTUREFILTER_FLAGS_LOCAL_ONLY =0x0008;
cpp_quote("// throw away our internal comment frames")
const DWORD CAPTUREFILTER_FLAGS_DISCARD_COMMENTS =0x0010;
cpp_quote("// Keep SMT and Token Ring MAC frames")
const DWORD CAPTUREFILTER_FLAGS_KEEP_RAW =0x0020;
const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL =0x0003;
const DWORD BUFFER_FULL_25_PERCENT =0;
const DWORD BUFFER_FULL_50_PERCENT =1;
const DWORD BUFFER_FULL_75_PERCENT =2;
const DWORD BUFFER_FULL_100_PERCENT =3;
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("typedef struct _CAPTUREFILTER")
cpp_quote("{")
cpp_quote(" DWORD FilterFlags; ")
cpp_quote(" LPBYTE lpSapTable; ")
cpp_quote(" LPWORD lpEtypeTable; ")
cpp_quote(" WORD nSaps; ")
cpp_quote(" WORD nEtypes; ")
cpp_quote(" LPADDRESSTABLE2 AddressTable; ")
cpp_quote(" EXPRESSION FilterExpression; ")
cpp_quote(" TRIGGER Trigger; ")
cpp_quote(" DWORD nFrameBytesToCopy;")
cpp_quote(" DWORD Reserved;")
cpp_quote("")
cpp_quote("} CAPTUREFILTER;")
cpp_quote("typedef CAPTUREFILTER *LPCAPTUREFILTER;")
cpp_quote("#define CAPTUREFILTER_SIZE sizeof(CAPTUREFILTER)")
cpp_quote("//=============================================================================")
cpp_quote("// Frame type.")
cpp_quote("//=============================================================================")
// this structure may not be cpp_quoted as it is used in itransmt.idl
// (However its length used to be 0).
cpp_quote("// TimeStamp is in 1/1,000,000th seconds.")
typedef struct _FRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
[size_is(nBytesAvail)] BYTE MacFrame[*];
} FRAME;
typedef FRAME *LPFRAME;
cpp_quote("typedef FRAME UNALIGNED *ULPFRAME;")
const DWORD FRAME_SIZE =sizeof(FRAME);
cpp_quote("//=============================================================================")
cpp_quote("// Frame descriptor type.")
cpp_quote("//=============================================================================")
const BYTE LOW_PROTOCOL_IPX =OFFSET_BASIS_RELATIVE_TO_IPX;
const BYTE LOW_PROTOCOL_IP =OFFSET_BASIS_RELATIVE_TO_IP;
const BYTE LOW_PROTOCOL_IP6 =OFFSET_BASIS_RELATIVE_TO_IP6;
const BYTE LOW_PROTOCOL_UNKNOWN =((BYTE)-1);
typedef struct _FRAME_DESCRIPTOR
{
[size_is(FrameLength)] LPBYTE FramePointer;
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
WORD Etype;
BYTE Sap;
BYTE LowProtocol;
WORD LowProtocolOffset;
[switch_is(LowProtocol)] union
{
[default]
WORD Reserved;
[case(LOW_PROTOCOL_IP)]
BYTE IPPort;
[case(LOW_PROTOCOL_IPX)]
WORD ByteSwappedIPXPort;
} HighPort;
WORD HighProtocolOffset;
} FRAME_DESCRIPTOR;
typedef FRAME_DESCRIPTOR *LPFRAME_DESCRIPTOR;
const DWORD FRAME_DESCRIPTOR_SIZE =sizeof(FRAME_DESCRIPTOR);
cpp_quote("//=============================================================================")
cpp_quote("// Frame descriptor table.")
cpp_quote("//=============================================================================")
// this structure may not be cpp_quoted as it is used in UPDATE_EVENT
// (Besides, the array's length has always been 1)
typedef struct _FRAMETABLE
{
DWORD FrameTableLength;
DWORD StartIndex;
DWORD EndIndex;
DWORD FrameCount;
[size_is(FrameTableLength)] FRAME_DESCRIPTOR Frames[*];
} FRAMETABLE;
typedef FRAMETABLE *LPFRAMETABLE;
cpp_quote("//=============================================================================")
cpp_quote("// Station statistics.")
cpp_quote("//=============================================================================")
const WORD STATIONSTATS_FLAGS_INITIALIZED =0x0001;
const WORD STATIONSTATS_FLAGS_EVENTPOSTED =0x0002;
const DWORD STATIONSTATS_POOL_SIZE =100;
typedef struct _STATIONSTATS
{
DWORD NextStationStats;
DWORD SessionPartnerList;
DWORD Flags;
BYTE StationAddress[6];
WORD Pad;
DWORD TotalPacketsReceived;
DWORD TotalDirectedPacketsSent;
DWORD TotalBroadcastPacketsSent;
DWORD TotalMulticastPacketsSent;
DWORD TotalBytesReceived;
DWORD TotalBytesSent;
} STATIONSTATS;
typedef STATIONSTATS * LPSTATIONSTATS;
const DWORD STATIONSTATS_SIZE =sizeof(STATIONSTATS);
cpp_quote("//=============================================================================")
cpp_quote("// Session statistics.")
cpp_quote("//=============================================================================")
const WORD SESSION_FLAGS_INITIALIZED =0x0001;
const WORD SESSION_FLAGS_EVENTPOSTED =0x0002;
const DWORD SESSION_POOL_SIZE =100;
typedef struct _SESSIONSTATS
{
DWORD NextSession;
DWORD StationOwner;
DWORD StationPartner;
DWORD Flags;
DWORD TotalPacketsSent;
} SESSIONSTATS;
typedef SESSIONSTATS * LPSESSIONSTATS;
const DWORD SESSIONSTATS_SIZE =sizeof(SESSIONSTATS);
cpp_quote("//=============================================================================")
cpp_quote("// Station Query")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// These structures are obsolete and should not be used")
cpp_quote("// They are included so that our interfaces need not change")
#pragma pack(push, 1)
typedef struct _STATIONQUERY
{
DWORD Flags;
BYTE BCDVerMinor;
BYTE BCDVerMajor;
DWORD LicenseNumber;
BYTE MachineName[MACHINE_NAME_LENGTH];
BYTE UserName[USER_NAME_LENGTH];
BYTE Reserved[32];
BYTE AdapterAddress[6];
WCHAR WMachineName[MACHINE_NAME_LENGTH];
WCHAR WUserName[USER_NAME_LENGTH];
} STATIONQUERY;
typedef STATIONQUERY *LPSTATIONQUERY;
const DWORD STATIONQUERY_SIZE =sizeof(STATIONQUERY);
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// structure.")
cpp_quote("//=============================================================================")
// this structure may not be cpp_quoted as it is used in the QueryStations methods in
// each interface below.
// (Besides, the array's length has always been 1)
typedef struct _QUERYTABLE
{
DWORD nStationQueries;
[size_is(nStationQueries)] STATIONQUERY StationQuery[*];
} QUERYTABLE;
typedef QUERYTABLE *LPQUERYTABLE;
const DWORD QUERYTABLE_SIZE =sizeof(QUERYTABLE);
cpp_quote("//=============================================================================")
cpp_quote("// The LINK structure is used to chain structures together into a list.")
cpp_quote("//=============================================================================")
#ifndef _LINK_
#define _LINK_
typedef struct _LINK *LPLINK;
typedef struct _LINK
{
LPLINK PrevLink;
LPLINK NextLink;
} LINK;
#endif //_LINK_
cpp_quote("//=============================================================================")
cpp_quote("// Security Response packet")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// This structure is used to decode network data and so needs to be packed")
#pragma pack(push, 1)
const DWORD MAX_SECURITY_BREACH_REASON_SIZE =100;
const DWORD MAX_SIGNATURE_LENGTH =128;
const DWORD MAX_USER_NAME_LENGTH =256;
typedef struct _SECURITY_PERMISSION_RESPONSE
{
UINT Version;
DWORD RandomNumber;
BYTE MachineName[MACHINE_NAME_LENGTH];
BYTE Address[MAC_ADDRESS_SIZE];
BYTE UserName[MAX_USER_NAME_LENGTH];
BYTE Reason[MAX_SECURITY_BREACH_REASON_SIZE];
DWORD SignatureLength;
BYTE Signature[MAX_SIGNATURE_LENGTH];
} SECURITY_PERMISSION_RESPONSE;
typedef SECURITY_PERMISSION_RESPONSE * LPSECURITY_PERMISSION_RESPONSE;
cpp_quote("typedef SECURITY_PERMISSION_RESPONSE UNALIGNED * ULPSECURITY_PERMISSION_RESPONSE;")
const DWORD SECURITY_PERMISSION_RESPONSE_SIZE =sizeof(SECURITY_PERMISSION_RESPONSE);
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// Callback type")
cpp_quote("//=============================================================================")
cpp_quote("// generic events")
const DWORD UPDATE_EVENT_TERMINATE_THREAD =0x00000000;
const DWORD UPDATE_EVENT_NETWORK_STATUS =0x00000001;
cpp_quote("// rtc events")
const DWORD UPDATE_EVENT_RTC_INTERVAL_ELAPSED =0x00000002;
const DWORD UPDATE_EVENT_RTC_FRAME_TABLE_FULL =0x00000003;
const DWORD UPDATE_EVENT_RTC_BUFFER_FULL =0x00000004;
cpp_quote("// delayed events")
const DWORD UPDATE_EVENT_TRIGGER_BUFFER_CONTENT =0x00000005;
const DWORD UPDATE_EVENT_TRIGGER_PATTERN_MATCH =0x00000006;
const DWORD UPDATE_EVENT_TRIGGER_BUFFER_PATTERN =0x00000007;
const DWORD UPDATE_EVENT_TRIGGER_PATTERN_BUFFER =0x00000008;
cpp_quote("// transmit events")
const DWORD UPDATE_EVENT_TRANSMIT_STATUS =0x00000009;
cpp_quote("// Security events")
const DWORD UPDATE_EVENT_SECURITY_BREACH =0x0000000A;
cpp_quote("// Remote failure event")
const DWORD UPDATE_EVENT_REMOTE_FAILURE =0x0000000B;
cpp_quote("// actions")
const DWORD UPDATE_ACTION_TERMINATE_THREAD =0x00000000;
const DWORD UPDATE_ACTION_NOTIFY =0x00000001;
const DWORD UPDATE_ACTION_STOP_CAPTURE =0x00000002;
const DWORD UPDATE_ACTION_PAUSE_CAPTURE =0x00000003;
const DWORD UPDATE_ACTION_RTC_BUFFER_SWITCH =0x00000004;
typedef struct _UPDATE_EVENT
{
USHORT Event;
DWORD Action;
DWORD Status;
DWORD Value;
__int64 TimeStamp;
DWORD_PTR lpUserContext;
DWORD_PTR lpReserved;
UINT FramesDropped;
[switch_is(Event)] union
{
[default]
DWORD Reserved;
[case(2,3,4)]
LPFRAMETABLE lpFrameTable;
[case(9)]
DWORD_PTR lpPacketQueue;
[case(10)]
SECURITY_PERMISSION_RESPONSE SecurityResponse;
};
LPSTATISTICS lpFinalStats;
} UPDATE_EVENT;
typedef UPDATE_EVENT *PUPDATE_EVENT;
cpp_quote("// note for c++ users:")
cpp_quote("// the declaration for this callback should be in the public part of the header file:")
cpp_quote("// static WINAPI DWORD NetworkCallback( UPDATE_EVENT events);")
cpp_quote("// and the implementation should be, in the protected section of the cpp file:")
cpp_quote("// DWORD WINAPI ClassName::NetworkCallback( UPDATE_EVENT events) {};")
cpp_quote("//typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);")
cpp_quote("typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);")
cpp_quote("//=============================================================================")
cpp_quote("// NETWORKSTATUS data structure.")
cpp_quote("//=============================================================================")
typedef struct _NETWORKSTATUS
{
DWORD State;
DWORD Flags;
} NETWORKSTATUS;
typedef NETWORKSTATUS *LPNETWORKSTATUS;
const DWORD NETWORKSTATUS_SIZE =sizeof(NETWORKSTATUS);
const DWORD NETWORKSTATUS_STATE_VOID =0;
const DWORD NETWORKSTATUS_STATE_INIT =1;
const DWORD NETWORKSTATUS_STATE_CAPTURING =2;
const DWORD NETWORKSTATUS_STATE_PAUSED =3;
const DWORD NETWORKSTATUS_FLAGS_TRIGGER_PENDING =0x00000001;
cpp_quote("#define MAKE_WORD(l, h) (((WORD) (l)) | (((WORD) (h)) << 8))")
cpp_quote("#define MAKE_LONG(l, h) (((DWORD) (l)) | (((DWORD) (h)) << 16L))")
cpp_quote("#define MAKE_SIG(a, b, c, d) MAKE_LONG(MAKE_WORD(a, b), MAKE_WORD(c, d))")
cpp_quote("//=============================================================================")
cpp_quote("// STATISTICS parameter structure.")
cpp_quote("//=============================================================================")
const DWORD MAX_SESSIONS =100;
const DWORD MAX_STATIONS =100;
typedef struct _STATISTICSPARAM
{
DWORD StatisticsSize;
STATISTICS Statistics;
DWORD StatisticsTableEntries;
STATIONSTATS StatisticsTable[MAX_STATIONS];
DWORD SessionTableEntries;
SESSIONSTATS SessionTable[MAX_SESSIONS];
} STATISTICSPARAM;
typedef STATISTICSPARAM *LPSTATISTICSPARAM;
const DWORD STATISTICSPARAM_SIZE =sizeof(STATISTICSPARAM);
cpp_quote("//=============================================================================")
cpp_quote("// Capture file header.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// This structure is used to decode file data and so needs to be packed")
#pragma pack(push, 1)
const DWORD CAPTUREFILE_VERSION_MAJOR =2;
const DWORD CAPTUREFILE_VERSION_MINOR =0;
cpp_quote("#define MakeVersion(Major, Minor) ((DWORD) MAKEWORD(Minor, Major))")
cpp_quote("#define GetCurrentVersion() MakeVersion(CAPTUREFILE_VERSION_MAJOR, CAPTUREFILE_VERSION_MINOR)")
cpp_quote("#define NETMON_1_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('R', 'T', 'S', 'S')")
cpp_quote("#define NETMON_2_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('G', 'M', 'B', 'U')")
typedef struct _CAPTUREFILE_HEADER_VALUES
{
DWORD Signature; //... Unique identifier: 'RTSS'.
BYTE BCDVerMinor; //... Binary coded decimal (minor).
BYTE BCDVerMajor; //... Binary coded decimal (major).
WORD MacType; //... Topology type.
SYSTEMTIME TimeStamp; //... time of capture.
DWORD FrameTableOffset; //... Frame index table.
DWORD FrameTableLength; //... Frame index table size.
DWORD UserDataOffset; //... User data offset.
DWORD UserDataLength; //... User data length.
DWORD CommentDataOffset; //... Comment Data offset
DWORD CommentDataLength; //... Length of comment data.
DWORD StatisticsOffset; //....offset to STATISTICS STRUCTURE
DWORD StatisticsLength; //....length of stats struct
DWORD NetworkInfoOffset; //....offset to network info structure
DWORD NetworkInfoLength; //....length of network info structure
DWORD ConversationStatsOffset; //....offset of conv stats structure
DWORD ConversationStatsLength; //....length of conv stats structure
} CAPTUREFILE_HEADER_VALUES;
typedef CAPTUREFILE_HEADER_VALUES *LPCAPTUREFILE_HEADER_VALUES;
const DWORD CAPTUREFILE_HEADER_VALUES_SIZE =sizeof(CAPTUREFILE_HEADER_VALUES);
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// Capture file.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// This structure is used to decode file data and so needs to be packed")
#pragma pack(push, 1)
typedef struct _CAPTUREFILE_HEADER
{
union
{
CAPTUREFILE_HEADER_VALUES ActualHeader;
BYTE Buffer[CAPTUREFILE_HEADER_VALUES_SIZE];
};
BYTE Reserved[128 - CAPTUREFILE_HEADER_VALUES_SIZE];
} CAPTUREFILE_HEADER;
typedef CAPTUREFILE_HEADER *LPCAPTUREFILE_HEADER;
const DWORD CAPTUREFILE_HEADER_SIZE =sizeof(CAPTUREFILE_HEADER);
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// Stats Frame definitions.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// These structures are used to create network data and so need to be packed")
#pragma pack(push, 1)
typedef struct _EFRAMEHDR
{
BYTE SrcAddress[6];
BYTE DstAddress[6];
WORD Length;
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[3];
WORD EtherType;
} EFRAMEHDR;
typedef struct _TRFRAMEHDR
{
BYTE AC;
BYTE FC;
BYTE SrcAddress[6];
BYTE DstAddress[6];
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[3];
WORD EtherType;
} TRFRAMEHDR;
const BYTE DEFAULT_TR_AC =0x00;
const BYTE DEFAULT_TR_FC =0x40;
const BYTE DEFAULT_SAP =0xAA;
const BYTE DEFAULT_CONTROL =0x03;
const WORD DEFAULT_ETHERTYPE =0x8419;
typedef struct _FDDIFRAMEHDR
{
BYTE FC;
BYTE SrcAddress[6];
BYTE DstAddress[6];
BYTE DSAP;
BYTE SSAP;
BYTE Control;
BYTE ProtocolID[3];
WORD EtherType;
} FDDIFRAMEHDR;
const BYTE DEFAULT_FDDI_FC =0x10;
typedef struct _FDDISTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
FDDIFRAMEHDR FrameHeader;
BYTE FrameID[4];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} FDDISTATFRAME;
typedef FDDISTATFRAME *LPFDDISTATFRAME;
cpp_quote("typedef FDDISTATFRAME UNALIGNED *ULPFDDISTATFRAME;")
const DWORD FDDISTATFRAME_SIZE =sizeof(FDDISTATFRAME);
typedef struct _ATMFRAMEHDR
{
BYTE SrcAddress[6];
BYTE DstAddress[6];
WORD Vpi;
WORD Vci;
} ATMFRAMEHDR;
typedef struct _ATMSTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
ATMFRAMEHDR FrameHeader;
BYTE FrameID[4];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} ATMSTATFRAME;
typedef ATMSTATFRAME *LPATMSTATFRAME;
cpp_quote("typedef ATMSTATFRAME UNALIGNED *ULPATMSTATFRAME;")
const DWORD ATMSTATFRAME_SIZE =sizeof(ATMSTATFRAME);
typedef struct _TRSTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
TRFRAMEHDR FrameHeader;
BYTE FrameID[4];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} TRSTATFRAME;
typedef TRSTATFRAME *LPTRSTATFRAME;
cpp_quote("typedef TRSTATFRAME UNALIGNED *ULPTRSTATFRAME;")
const DWORD TRSTATFRAME_SIZE =sizeof(TRSTATFRAME);
typedef struct _ESTATFRAME
{
__int64 TimeStamp;
DWORD FrameLength;
DWORD nBytesAvail;
EFRAMEHDR FrameHeader;
BYTE FrameID[4];
DWORD Flags;
DWORD FrameType;
WORD StatsDataLen;
DWORD StatsVersion;
STATISTICS Statistics;
} ESTATFRAME;
typedef ESTATFRAME *LPESTATFRAME;
cpp_quote("typedef ESTATFRAME UNALIGNED *ULPESTATFRAME;")
const DWORD ESTATFRAME_SIZE =sizeof(ESTATFRAME);
const DWORD STATISTICS_VERSION_1_0 =0x00000000;
const DWORD STATISTICS_VERSION_2_0 =0x00000020;
// this variable could change if any of the above sizes changed
const DWORD MAX_STATSFRAME_SIZE =sizeof(TRSTATFRAME);
const DWORD STATS_FRAME_TYPE =103;
#pragma pack(pop)
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
cpp_quote("// Obsolete structures")
cpp_quote("// The newer structures (named with a 2 appended) should be used")
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
// structure contains structures with bitfields, so must cpp_quote
#pragma pack(push, 1)
cpp_quote("// Address Structure")
cpp_quote("// Obsolete, ADDRESS2 should be used")
cpp_quote("typedef struct _ADDRESS")
cpp_quote("{")
cpp_quote(" DWORD Type;")
cpp_quote("")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" // ADDRESS_TYPE_ETHERNET")
cpp_quote(" // ADDRESS_TYPE_TOKENRING")
cpp_quote(" // ADDRESS_TYPE_FDDI")
cpp_quote(" BYTE MACAddress[MAC_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // IP")
cpp_quote(" BYTE IPAddress[IP_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // raw IPX")
cpp_quote(" BYTE IPXRawAddress[IPX_ADDR_SIZE];")
cpp_quote("")
cpp_quote(" // real IPX")
cpp_quote(" IPX_ADDR IPXAddress;")
cpp_quote("")
cpp_quote(" // raw Vines IP")
cpp_quote(" BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];")
cpp_quote("")
cpp_quote(" // real Vines IP")
cpp_quote(" VINES_IP_ADDRESS VinesIPAddress;")
cpp_quote("")
cpp_quote(" // ethernet with bits defined")
cpp_quote(" ETHERNET_SRC_ADDRESS EthernetSrcAddress;")
cpp_quote("")
cpp_quote(" // ethernet with bits defined")
cpp_quote(" ETHERNET_DST_ADDRESS EthernetDstAddress;")
cpp_quote("")
cpp_quote(" // tokenring with bits defined")
cpp_quote(" TOKENRING_SRC_ADDRESS TokenringSrcAddress;")
cpp_quote("")
cpp_quote(" // tokenring with bits defined")
cpp_quote(" TOKENRING_DST_ADDRESS TokenringDstAddress;")
cpp_quote("")
cpp_quote(" // fddi with bits defined")
cpp_quote(" FDDI_SRC_ADDRESS FddiSrcAddress;")
cpp_quote("")
cpp_quote(" // fddi with bits defined")
cpp_quote(" FDDI_DST_ADDRESS FddiDstAddress;")
cpp_quote(" };")
cpp_quote(" ")
cpp_quote(" WORD Flags;")
cpp_quote("} ADDRESS;")
cpp_quote("typedef ADDRESS *LPADDRESS;")
cpp_quote("#define ADDRESS_SIZE sizeof(ADDRESS)")
cpp_quote("")
#pragma pack(pop)
cpp_quote("// Obsolete, ADDRESSPAIR2 should be used")
cpp_quote("typedef struct _ADDRESSPAIR")
cpp_quote("{")
cpp_quote(" WORD AddressFlags;")
cpp_quote(" WORD NalReserved;")
cpp_quote(" ADDRESS DstAddress;")
cpp_quote(" ADDRESS SrcAddress;")
cpp_quote("")
cpp_quote("} ADDRESSPAIR;")
cpp_quote("typedef ADDRESSPAIR *LPADDRESSPAIR;")
cpp_quote("#define ADDRESSPAIR_SIZE sizeof(ADDRESSPAIR)")
cpp_quote("// Obsolete, ADDRESSTABLE2 should be used")
cpp_quote("typedef struct _ADDRESSTABLE")
cpp_quote("{")
cpp_quote(" DWORD nAddressPairs;")
cpp_quote(" DWORD nNonMacAddressPairs;")
cpp_quote(" ADDRESSPAIR AddressPair[MAX_ADDRESS_PAIRS];")
cpp_quote("")
cpp_quote("} ADDRESSTABLE;")
cpp_quote("")
cpp_quote("typedef ADDRESSTABLE *LPADDRESSTABLE;")
cpp_quote("#define ADDRESSTABLE_SIZE sizeof(ADDRESSTABLE)")
cpp_quote("// Obsolete, ADDRESSINFO2 should be used")
cpp_quote("typedef struct _ADDRESSINFO")
cpp_quote("{")
cpp_quote(" ADDRESS Address;")
cpp_quote(" WCHAR Name[MAX_NAME_SIZE];")
cpp_quote(" DWORD Flags;")
cpp_quote(" LPVOID lpAddressInstData;")
cpp_quote("")
cpp_quote("} ADDRESSINFO;")
cpp_quote("typedef struct _ADDRESSINFO *LPADDRESSINFO;")
cpp_quote("#define ADDRESSINFO_SIZE sizeof(ADDRESSINFO)")
cpp_quote("// Obsolete, ADDRESSINFOTABLE2 should be used")
cpp_quote("typedef struct _ADDRESSINFOTABLE")
cpp_quote("{")
cpp_quote(" DWORD nAddressInfos;")
cpp_quote(" LPADDRESSINFO lpAddressInfo[0];")
cpp_quote("")
cpp_quote("} ADDRESSINFOTABLE;")
cpp_quote("typedef ADDRESSINFOTABLE *LPADDRESSINFOTABLE;")
cpp_quote("#define ADDRESSINFOTABLE_SIZE sizeof(ADDRESSINFOTABLE)")
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
cpp_quote("// Obsolete functions")
cpp_quote("// The newer functions should be used")
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
cpp_quote("// Obsolete, SetNPPAddress2FilterInBlob should be used")
cpp_quote("DWORD _cdecl SetNPPAddressFilterInBlob( HBLOB hBlob,")
cpp_quote(" LPADDRESSTABLE pAddressTable);")
cpp_quote("// Obsolete, GetNPPAddress2FilterFromBlob should be used")
cpp_quote("DWORD _cdecl GetNPPAddressFilterFromBlob( HBLOB hBlob,")
cpp_quote(" LPADDRESSTABLE pAddressTable,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMEvent.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
#pragma pack(push, 8)
cpp_quote("// NMCOLUMNTYPE")
typedef enum
{
NMCOLUMNTYPE_UINT8 = 0,
NMCOLUMNTYPE_SINT8,
NMCOLUMNTYPE_UINT16,
NMCOLUMNTYPE_SINT16,
NMCOLUMNTYPE_UINT32,
NMCOLUMNTYPE_SINT32,
NMCOLUMNTYPE_FLOAT64,
NMCOLUMNTYPE_FRAME,
NMCOLUMNTYPE_YESNO,
NMCOLUMNTYPE_ONOFF,
NMCOLUMNTYPE_TRUEFALSE,
NMCOLUMNTYPE_MACADDR,
NMCOLUMNTYPE_IPXADDR,
NMCOLUMNTYPE_IPADDR,
NMCOLUMNTYPE_VARTIME,
NMCOLUMNTYPE_STRING
} NMCOLUMNTYPE;
cpp_quote("// NMCOLUMNVARIANT")
typedef struct _NMCOLUMNVARIANT
{
NMCOLUMNTYPE Type;
union
{
BYTE Uint8Val; // 8 bit unsigned value
char Sint8Val; // 8 bit signed value
WORD Uint16Val; // 16 bit unsigned value
short Sint16Val; // 16 bit signed value
DWORD Uint32Val; // 32 bit unsigned value
long Sint32Val; // 32 bit signed value
DOUBLE Float64Val; // 64 bit floating point value
DWORD FrameVal; // 32 bit unsigned frame value
BOOL YesNoVal; // 32 bit boolean: zero maps to 'NO', nonzero maps to 'YES'
BOOL OnOffVal; // 32 bit boolean: zero maps to 'OFF', nonzero maps to 'ON'
BOOL TrueFalseVal;// 32 bit boolean: zero maps to 'False', nonzero maps to 'True'
BYTE MACAddrVal[MAC_ADDRESS_SIZE];// 48 bit MAC address (6 bytes)
IPX_ADDR IPXAddrVal;// 10 byte ipx address (4 byte subnet. 6 byte address)
DWORD IPAddrVal; // 32 bit IP Address: ddd.ddd.ddd.ddd
DOUBLE VarTimeVal; // Double representation of time value (use VariantTimeToSystemTime to convert)
LPCSTR pStringVal; // pointer to a string value
} Value;
} NMCOLUMNVARIANT;
cpp_quote("// COLUMNINFO")
typedef struct _NMCOLUMNINFO
{
LPSTR szColumnName;// Name of column
NMCOLUMNVARIANT VariantData; // Value for column
} NMCOLUMNINFO;
typedef NMCOLUMNINFO* PNMCOLUMNINFO;
cpp_quote("// JTYPE")
typedef LPSTR JTYPE; // (structure placeholder)
// this structure contains may not be cpp_quoted as it is used in IEventq.idl
// (However, the array's length used to be 0)
cpp_quote("// EVENTDATA")
cpp_quote("#ifdef MIDL_PASS")
typedef struct _NMEVENTDATA
{
LPSTR pszReserved; // Reserved
BYTE Version; // Version for this structure (must be 0)
DWORD EventIdent; // ID for this event
DWORD Flags; // Flags for Expert generated and others
DWORD Severity; // Severity level
BYTE NumColumns; // Number of optional columns for this event
LPSTR szSourceName; // Name of Expert
LPSTR szEventName; // Name of event
LPSTR szDescription;// Description of event
LPSTR szMachine; // Name (or IPADDRESS?) of the machine supplying the event (NULL for Experts usually)
JTYPE Justification;// Justification pane info (currently a string, but possible structure)
PVOID pvReserved; // Reserved
SYSTEMTIME SysTime; // Systemtime of the event
[size_is(NumColumns)] NMCOLUMNINFO Column[*];
} NMEVENTDATA;
cpp_quote("#else // MIDL_PASS")
cpp_quote("typedef struct _NMEVENTDATA ")
cpp_quote("{ ")
cpp_quote(" LPSTR pszReserved; // Reserved")
cpp_quote(" BYTE Version; // Version for this structure (must be 0)")
cpp_quote(" DWORD EventIdent; // ID for this event")
cpp_quote(" DWORD Flags; // Flags for Expert generated and others")
cpp_quote(" DWORD Severity; // Severity level")
cpp_quote(" BYTE NumColumns; // Number of optional columns for this event")
cpp_quote(" LPSTR szSourceName; // Name of Expert")
cpp_quote(" LPSTR szEventName; // Name of event")
cpp_quote(" LPSTR szDescription;// Description of event")
cpp_quote(" LPSTR szMachine; // Name (or IPADDRESS?) of the machine supplying the event (NULL for Experts usually)")
cpp_quote(" JTYPE Justification;// Justification pane info (currently a string, but possible structure)")
cpp_quote(" PVOID pvReserved; // Reserved")
cpp_quote(" SYSTEMTIME SysTime; // Systemtime of the event")
cpp_quote(" NMCOLUMNINFO Column[0]; ")
cpp_quote("} NMEVENTDATA;")
cpp_quote("#endif // MIDL_PASS")
typedef NMEVENTDATA* PNMEVENTDATA;
#pragma pack(pop)
cpp_quote("// EVENT FLAGS")
const DWORD NMEVENTFLAG_EXPERT =0x00000001;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY =0x80000000;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE =0x40000000;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME =0x20000000;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION =0x10000000;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE =0x08000000;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_TIME =0x04000000;
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_DATE =0x02000000;
cpp_quote("//#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS (NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY | \\")
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE | \\")
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME | \\")
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION| \\")
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE | \\")
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_TIME | \\")
cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_DATE )")
const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS =0xFE000000;
enum _NMEVENT_SEVERITIES
{
NMEVENT_SEVERITY_INFORMATIONAL = 0,
NMEVENT_SEVERITY_WARNING,
NMEVENT_SEVERITY_STRONG_WARNING,
NMEVENT_SEVERITY_ERROR,
NMEVENT_SEVERITY_SEVERE_ERROR,
NMEVENT_SEVERITY_CRITICAL_ERROR
};
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (Finder.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// Structures use by NPPs & the Finder")
cpp_quote("//=============================================================================")
// these structures may not be cpp_quoted as they are used in IRemoteagent.idl
// (However, the array's length used to be 0)
typedef struct
{
DWORD dwNumBlobs;
[size_is(dwNumBlobs)] HBLOB hBlobs[*];
} BLOB_TABLE;
typedef BLOB_TABLE* PBLOB_TABLE;
typedef struct
{
DWORD size;
[size_is(size)] BYTE* pBytes;
} MBLOB;
typedef struct
{
DWORD dwNumBlobs;
[size_is(dwNumBlobs)] MBLOB mBlobs[*];
} MBLOB_TABLE;
typedef MBLOB_TABLE* PMBLOB_TABLE;
cpp_quote("//=============================================================================")
cpp_quote("// Functions called by monitors, tools, netmon")
cpp_quote("//=============================================================================")
cpp_quote("DWORD _cdecl GetNPPBlobTable(HBLOB hFilterBlob, ")
cpp_quote(" PBLOB_TABLE* ppBlobTable);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNPPBlobFromUI(HWND hwnd,")
cpp_quote(" HBLOB hFilterBlob,")
cpp_quote(" HBLOB* phBlob); ")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNPPBlobFromUIExU(HWND hwnd,")
cpp_quote(" HBLOB hFilterBlob,")
cpp_quote(" HBLOB* phBlob,")
cpp_quote(" char* szHelpFileName); ")
cpp_quote("")
cpp_quote("DWORD _cdecl SelectNPPBlobFromTable( HWND hwnd,")
cpp_quote(" PBLOB_TABLE pBlobTable,")
cpp_quote(" HBLOB* hBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl SelectNPPBlobFromTableExU( HWND hwnd,")
cpp_quote(" PBLOB_TABLE pBlobTable,")
cpp_quote(" HBLOB* hBlob,")
cpp_quote(" char* szHelpFileName);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Helper functions provided by the Finder")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("__inline DWORD BLOB_TABLE_SIZE(DWORD dwNumBlobs)")
cpp_quote("{")
cpp_quote(" return (DWORD) (sizeof(BLOB_TABLE)+dwNumBlobs*sizeof(HBLOB));")
cpp_quote("}")
cpp_quote("")
cpp_quote("__inline PBLOB_TABLE AllocBlobTable(DWORD dwNumBlobs)")
cpp_quote("{")
cpp_quote(" DWORD size = BLOB_TABLE_SIZE(dwNumBlobs);")
cpp_quote("")
cpp_quote(" return (PBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);")
cpp_quote("}")
cpp_quote("")
cpp_quote("__inline DWORD MBLOB_TABLE_SIZE(DWORD dwNumBlobs)")
cpp_quote("{")
cpp_quote(" return (DWORD) (sizeof(MBLOB_TABLE)+dwNumBlobs*sizeof(MBLOB));")
cpp_quote("}")
cpp_quote("")
cpp_quote("__inline PMBLOB_TABLE AllocMBlobTable(DWORD dwNumBlobs)")
cpp_quote("{")
cpp_quote(" DWORD size = MBLOB_TABLE_SIZE(dwNumBlobs);")
cpp_quote("")
cpp_quote(" return (PMBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);")
cpp_quote("}")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Functions provided by NPPs, called by the Finder")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// For NPP's that can return a Blob table without additional configuration.")
cpp_quote("DWORD _cdecl GetNPPBlobs(PBLOB_TABLE* ppBlobTable);")
cpp_quote("typedef DWORD (_cdecl FAR* BLOBSPROC) (PBLOB_TABLE* ppBlobTable);")
cpp_quote("")
cpp_quote("// For NPP's that need additional information to return a Blob table.")
cpp_quote("DWORD _cdecl GetConfigBlob(HBLOB* phBlob);")
cpp_quote("typedef DWORD (_cdecl FAR* GETCFGBLOB) (HBLOB, HBLOB*);")
cpp_quote("typedef DWORD (_cdecl FAR* CFGPROC) (HWND hwnd,")
cpp_quote(" HBLOB SpecialBlob,")
cpp_quote(" PBLOB_TABLE* ppBlobTable);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Handy functions")
cpp_quote("//=============================================================================")
cpp_quote("BOOL _cdecl FilterNPPBlob(HBLOB hBlob, HBLOB FilterBlob);")
cpp_quote("")
cpp_quote("BOOL _cdecl RaiseNMEvent(HINSTANCE hInstance,")
cpp_quote(" WORD EventType, ")
cpp_quote(" DWORD EventID,")
cpp_quote(" WORD nStrings, ")
cpp_quote(" const char** aInsertStrs,")
cpp_quote(" LPVOID lpvData,")
cpp_quote(" DWORD dwDataSize);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMmonitor.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMSupp.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("#ifndef __cplusplus")
cpp_quote("#ifndef try")
cpp_quote("#define try __try")
cpp_quote("#endif // try")
cpp_quote("")
cpp_quote("#ifndef except")
cpp_quote("#define except __except")
cpp_quote("#endif // except")
cpp_quote("#endif // __cplusplus")
cpp_quote("//=============================================================================")
cpp_quote("// Windows version constants.")
cpp_quote("//=============================================================================")
const DWORD WINDOWS_VERSION_UNKNOWN =0;
const DWORD WINDOWS_VERSION_WIN32S =1;
const DWORD WINDOWS_VERSION_WIN32C =2;
const DWORD WINDOWS_VERSION_WIN32 =3;
cpp_quote("//=============================================================================")
cpp_quote("// Frame masks.")
cpp_quote("//=============================================================================")
const BYTE FRAME_MASK_ETHERNET =((BYTE) ~0x01);
const BYTE FRAME_MASK_TOKENRING =((BYTE) ~0x80);
const BYTE FRAME_MASK_FDDI =((BYTE) ~0x01);
cpp_quote("//=============================================================================")
cpp_quote("// Object heap type.")
cpp_quote("//=============================================================================")
typedef LPVOID HOBJECTHEAP;
cpp_quote("//=============================================================================")
cpp_quote("// Object cleanup procedure.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("typedef VOID (WINAPI *OBJECTPROC)(HOBJECTHEAP, LPVOID);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Network Monitor timers.")
cpp_quote("//=============================================================================")
typedef struct _TIMER *HTIMER;
cpp_quote("typedef VOID (WINAPI *BHTIMERPROC)(LPVOID);")
cpp_quote("")
cpp_quote("HTIMER WINAPI BhSetTimer(BHTIMERPROC TimerProc, LPVOID InstData, DWORD TimeOut);")
cpp_quote("")
cpp_quote("VOID WINAPI BhKillTimer(HTIMER hTimer);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Network Monitor global error API.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("DWORD WINAPI BhGetLastError(VOID);")
cpp_quote("")
cpp_quote("DWORD WINAPI BhSetLastError(DWORD Error);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Object manager function prototypes.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("HOBJECTHEAP WINAPI CreateObjectHeap(DWORD ObjectSize, OBJECTPROC ObjectProc);")
cpp_quote("")
cpp_quote("HOBJECTHEAP WINAPI DestroyObjectHeap(HOBJECTHEAP hObjectHeap);")
cpp_quote("")
cpp_quote("LPVOID WINAPI AllocObject(HOBJECTHEAP hObjectHeap);")
cpp_quote("")
cpp_quote("LPVOID WINAPI FreeObject(HOBJECTHEAP hObjectHeap, LPVOID ObjectMemory);")
cpp_quote("")
cpp_quote("DWORD WINAPI GrowObjectHeap(HOBJECTHEAP hObjectHeap, DWORD nObjects);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetObjectHeapSize(HOBJECTHEAP hObjectHeap);")
cpp_quote("")
cpp_quote("VOID WINAPI PurgeObjectHeap(HOBJECTHEAP hObjectHeap);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Memory functions.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("LPVOID WINAPI AllocMemory(SIZE_T size);")
cpp_quote("")
cpp_quote("LPVOID WINAPI ReallocMemory(LPVOID ptr, SIZE_T NewSize);")
cpp_quote("")
cpp_quote("VOID WINAPI FreeMemory(LPVOID ptr);")
cpp_quote("")
cpp_quote("VOID WINAPI TestMemory(LPVOID ptr);")
cpp_quote("")
cpp_quote("SIZE_T WINAPI MemorySize(LPVOID ptr);")
cpp_quote("")
cpp_quote("HANDLE WINAPI MemoryHandle(LPBYTE ptr);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// EXPRESSION API's")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("LPEXPRESSION WINAPI InitializeExpression(LPEXPRESSION Expression);")
cpp_quote("")
cpp_quote("LPPATTERNMATCH WINAPI InitializePattern(LPPATTERNMATCH Pattern, LPVOID ptr, DWORD offset, DWORD length);")
cpp_quote("")
cpp_quote("LPEXPRESSION WINAPI AndExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);")
cpp_quote("")
cpp_quote("LPEXPRESSION WINAPI OrExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);")
cpp_quote("")
cpp_quote("LPPATTERNMATCH WINAPI NegatePattern(LPPATTERNMATCH Pattern);")
cpp_quote("")
cpp_quote("LPADDRESSTABLE2 WINAPI AdjustOperatorPrecedence(LPADDRESSTABLE2 AddressTable);")
cpp_quote("")
cpp_quote("LPADDRESS2 WINAPI NormalizeAddress(LPADDRESS2 Address);")
cpp_quote("")
cpp_quote("LPADDRESSTABLE2 WINAPI NormalizeAddressTable(LPADDRESSTABLE2 AddressTable);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// MISC. API's")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("DWORD WINAPI BhGetWindowsVersion(VOID);")
cpp_quote("")
cpp_quote("BOOL WINAPI IsDaytona(VOID);")
cpp_quote("")
cpp_quote("VOID _cdecl dprintf(LPSTR format, ...);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (BHTypes.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// Unaligned base type definitions.")
cpp_quote("//=============================================================================")
cpp_quote("typedef VOID UNALIGNED *ULPVOID;")
cpp_quote("typedef BYTE UNALIGNED *ULPBYTE;")
cpp_quote("typedef WORD UNALIGNED *ULPWORD;")
cpp_quote("typedef DWORD UNALIGNED *ULPDWORD;")
cpp_quote("typedef CHAR UNALIGNED *ULPSTR;")
cpp_quote("typedef SYSTEMTIME UNALIGNED *ULPSYSTEMTIME;")
cpp_quote("//=============================================================================")
cpp_quote("// Handle definitions.")
cpp_quote("//=============================================================================")
typedef struct _PARSER *HPARSER;
typedef struct _CAPFRAMEDESC *HFRAME;
typedef struct _CAPTURE *HCAPTURE;
typedef struct _FILTER *HFILTER;
typedef struct _ADDRESSDB *HADDRESSDB;
typedef struct _PROTOCOL *HPROTOCOL;
typedef DWORD_PTR HPROPERTY;
typedef HPROTOCOL *LPHPROTOCOL;
cpp_quote("//=============================================================================")
cpp_quote("// GetTableSize() -- The following macro is used to calculate the actual")
cpp_quote("// length of Network Monitor variable-length table structures.")
cpp_quote("//")
cpp_quote("// EXAMPLE:")
cpp_quote("//")
cpp_quote("// GetTableSize(PROTOCOLTABLESIZE, ")
cpp_quote("// ProtocolTable->nProtocols, ")
cpp_quote("// sizeof(HPROTOCOL))")
cpp_quote("//=============================================================================")
cpp_quote("#define GetTableSize(TableBaseSize, nElements, ElementSize) ((TableBaseSize) + ((nElements) * (ElementSize)))")
cpp_quote("//=============================================================================")
cpp_quote("// Object type identifiers.")
cpp_quote("//=============================================================================")
typedef DWORD OBJECTTYPE;
cpp_quote("#ifndef MAKE_IDENTIFIER")
cpp_quote("#define MAKE_IDENTIFIER(a, b, c, d) ((DWORD) MAKELONG(MAKEWORD(a, b), MAKEWORD(c, d)))")
cpp_quote("#endif // MAKE_IDENTIFIER")
cpp_quote("#define HANDLE_TYPE_INVALID MAKE_IDENTIFIER(-1, -1, -1, -1)")
cpp_quote("#define HANDLE_TYPE_CAPTURE MAKE_IDENTIFIER('C', 'A', 'P', '$')")
cpp_quote("#define HANDLE_TYPE_PARSER MAKE_IDENTIFIER('P', 'S', 'R', '$')")
cpp_quote("#define HANDLE_TYPE_ADDRESSDB MAKE_IDENTIFIER('A', 'D', 'R', '$')")
cpp_quote("#define HANDLE_TYPE_PROTOCOL MAKE_IDENTIFIER('P', 'R', 'T', '$')")
cpp_quote("#define HANDLE_TYPE_BUFFER MAKE_IDENTIFIER('B', 'U', 'F', '$')")
cpp_quote("//=============================================================================")
cpp_quote("// Network Monitor constant definitions.")
cpp_quote("//=============================================================================")
cpp_quote("#define INLINE __inline")
cpp_quote("#define BHAPI WINAPI")
const DWORD MAX_NAME_LENGTH =16;
const DWORD MAX_ADDR_LENGTH =6;
cpp_quote("//=============================================================================")
cpp_quote("// Ethernet type (ETYPE) constant definitions.")
cpp_quote("//=============================================================================")
const WORD ETYPE_LOOP =0x9000;
const WORD ETYPE_3COM_NETMAP1 =0x9001;
const WORD ETYPE_3COM_NETMAP2 =0x9002;
const WORD ETYPE_IBM_RT =0x80D5;
const WORD ETYPE_NETWARE =0x8137;
const WORD ETYPE_XNS1 =0x0600;
const WORD ETYPE_XNS2 =0x0807;
const WORD ETYPE_3COM_NBP0 =0x3C00;
const WORD ETYPE_3COM_NBP1 =0x3C01;
const WORD ETYPE_3COM_NBP2 =0x3C02;
const WORD ETYPE_3COM_NBP3 =0x3C03;
const WORD ETYPE_3COM_NBP4 =0x3C04;
const WORD ETYPE_3COM_NBP5 =0x3C05;
const WORD ETYPE_3COM_NBP6 =0x3C06;
const WORD ETYPE_3COM_NBP7 =0x3C07;
const WORD ETYPE_3COM_NBP8 =0x3C08;
const WORD ETYPE_3COM_NBP9 =0x3C09;
const WORD ETYPE_3COM_NBP10 =0x3C0A;
const WORD ETYPE_IP =0x0800;
const WORD ETYPE_ARP1 =0x0806;
const WORD ETYPE_ARP2 =0x0807;
const WORD ETYPE_RARP =0x8035;
const WORD ETYPE_TRLR0 =0x1000;
const WORD ETYPE_TRLR1 =0x1001;
const WORD ETYPE_TRLR2 =0x1002;
const WORD ETYPE_TRLR3 =0x1003;
const WORD ETYPE_TRLR4 =0x1004;
const WORD ETYPE_TRLR5 =0x1005;
const WORD ETYPE_PUP =0x0200;
const WORD ETYPE_PUP_ARP =0x0201;
const WORD ETYPE_APPLETALK_ARP =0x80F3;
const WORD ETYPE_APPLETALK_LAP =0x809B;
const WORD ETYPE_SNMP =0x814C;
cpp_quote("//=============================================================================")
cpp_quote("// LLC (802.2) SAP constant definitions.")
cpp_quote("//=============================================================================")
const BYTE SAP_SNAP = 0xAA;
const BYTE SAP_BPDU = 0x42;
const BYTE SAP_IBM_NM = 0xF4;
const BYTE SAP_IBM_NETBIOS = 0xF0;
const BYTE SAP_SNA1 = 0x04;
const BYTE SAP_SNA2 = 0x05;
const BYTE SAP_SNA3 = 0x08;
const BYTE SAP_SNA4 = 0x0C;
const BYTE SAP_NETWARE1 = 0x10;
const BYTE SAP_NETWARE2 = 0xE0;
const BYTE SAP_NETWARE3 = 0xFE;
const BYTE SAP_IP = 0x06;
const BYTE SAP_X25 = 0x7E;
const BYTE SAP_RPL1 = 0xF8;
const BYTE SAP_RPL2 = 0xFC;
const BYTE SAP_UB = 0xFA;
const BYTE SAP_XNS = 0x80;
cpp_quote("//=============================================================================")
cpp_quote("// Property constants")
cpp_quote("//=============================================================================")
cpp_quote("// data types")
const BYTE PROP_TYPE_VOID =0x00;
const BYTE PROP_TYPE_SUMMARY =0x01;
const BYTE PROP_TYPE_BYTE =0x02;
const BYTE PROP_TYPE_WORD =0x03;
const BYTE PROP_TYPE_DWORD =0x04;
const BYTE PROP_TYPE_LARGEINT =0x05;
const BYTE PROP_TYPE_ADDR =0x06;
const BYTE PROP_TYPE_TIME =0x07;
const BYTE PROP_TYPE_STRING =0x08;
const BYTE PROP_TYPE_IP_ADDRESS =0x09;
const BYTE PROP_TYPE_IPX_ADDRESS =0x0A;
const BYTE PROP_TYPE_BYTESWAPPED_WORD =0x0B;
const BYTE PROP_TYPE_BYTESWAPPED_DWORD =0x0C;
const BYTE PROP_TYPE_TYPED_STRING =0x0D;
const BYTE PROP_TYPE_RAW_DATA =0x0E;
const BYTE PROP_TYPE_COMMENT =0x0F;
const BYTE PROP_TYPE_SRCFRIENDLYNAME =0x10;
const BYTE PROP_TYPE_DSTFRIENDLYNAME =0x11;
const BYTE PROP_TYPE_TOKENRING_ADDRESS =0x12;
const BYTE PROP_TYPE_FDDI_ADDRESS =0x13;
const BYTE PROP_TYPE_ETHERNET_ADDRESS =0x14;
const BYTE PROP_TYPE_OBJECT_IDENTIFIER =0x15;
const BYTE PROP_TYPE_VINES_IP_ADDRESS =0x16;
const BYTE PROP_TYPE_VAR_LEN_SMALL_INT =0x17;
const BYTE PROP_TYPE_ATM_ADDRESS =0x18;
const BYTE PROP_TYPE_1394_ADDRESS =0x19;
const BYTE PROP_TYPE_IP6_ADDRESS =0x1A;
cpp_quote("// data qualifiers")
const BYTE PROP_QUAL_NONE =0x00;
const BYTE PROP_QUAL_RANGE =0x01;
const BYTE PROP_QUAL_SET =0x02;
const BYTE PROP_QUAL_BITFIELD =0x03;
const BYTE PROP_QUAL_LABELED_SET =0x04;
const BYTE PROP_QUAL_LABELED_BITFIELD =0x08;
const BYTE PROP_QUAL_CONST =0x09;
const BYTE PROP_QUAL_FLAGS =0x0A;
const BYTE PROP_QUAL_ARRAY =0x0B;
cpp_quote("//=============================================================================")
cpp_quote("// LARGEINT structure defined in winnt.h")
cpp_quote("//=============================================================================")
typedef LARGE_INTEGER *LPLARGEINT;
cpp_quote("typedef LARGE_INTEGER UNALIGNED *ULPLARGEINT;")
cpp_quote("//=============================================================================")
cpp_quote("// Range structure.")
cpp_quote("//=============================================================================")
typedef struct _RANGE
{
DWORD MinValue;
DWORD MaxValue;
} RANGE;
typedef RANGE *LPRANGE;
cpp_quote("//=============================================================================")
cpp_quote("// LABELED_BYTE structure")
cpp_quote("//=============================================================================")
typedef struct _LABELED_BYTE
{
BYTE Value;
LPSTR Label;
} LABELED_BYTE;
typedef LABELED_BYTE *LPLABELED_BYTE;
cpp_quote("//=============================================================================")
cpp_quote("// LABELED_WORD structure")
cpp_quote("//=============================================================================")
typedef struct _LABELED_WORD
{
WORD Value;
LPSTR Label;
} LABELED_WORD;
typedef LABELED_WORD *LPLABELED_WORD;
cpp_quote("//=============================================================================")
cpp_quote("// LABELED_DWORD structure")
cpp_quote("//=============================================================================")
typedef struct _LABELED_DWORD
{
DWORD Value;
LPSTR Label;
} LABELED_DWORD;
typedef LABELED_DWORD *LPLABELED_DWORD;
cpp_quote("//=============================================================================")
cpp_quote("// LABELED_LARGEINT structure")
cpp_quote("//=============================================================================")
typedef struct _LABELED_LARGEINT
{
LARGE_INTEGER Value;
LPSTR Label;
} LABELED_LARGEINT;
typedef LABELED_LARGEINT *LPLABELED_LARGEINT;
cpp_quote("//=============================================================================")
cpp_quote("// LABELED_SYSTEMTIME structure")
cpp_quote("//=============================================================================")
typedef struct _LABELED_SYSTEMTIME
{
SYSTEMTIME Value;
LPSTR Label;
} LABELED_SYSTEMTIME;
typedef LABELED_SYSTEMTIME *LPLABELED_SYSTEMTIME;
cpp_quote("//=============================================================================")
cpp_quote("// LABELED_BIT structure")
cpp_quote("//=============================================================================")
cpp_quote("// BitNumber starts at 0, up to 256 bits.")
typedef struct _LABELED_BIT
{
BYTE BitNumber;
LPSTR LabelOff;
LPSTR LabelOn;
} LABELED_BIT;
typedef LABELED_BIT *LPLABELED_BIT;
cpp_quote("//=============================================================================")
cpp_quote("// TYPED_STRING structure")
cpp_quote("//=============================================================================")
const DWORD TYPED_STRING_NORMAL = 1;
const DWORD TYPED_STRING_UNICODE = 2;
const DWORD TYPED_STRING_EXFLAG = 1;
// structure contains bitfields, so must cpp_quote
cpp_quote("// Typed Strings are always Ex, so to actually Ex we set fStringEx and put the Ex data in Byte")
cpp_quote("typedef struct _TYPED_STRING")
cpp_quote("{")
cpp_quote(" BYTE StringType:7;")
cpp_quote(" BYTE fStringEx:1;")
cpp_quote(" LPSTR lpString;")
cpp_quote(" BYTE Byte[0];")
cpp_quote("} TYPED_STRING;")
cpp_quote("")
cpp_quote("typedef TYPED_STRING *LPTYPED_STRING;")
cpp_quote("//=============================================================================")
cpp_quote("// OBJECT_IDENTIFIER structure")
cpp_quote("//=============================================================================")
typedef struct _OBJECT_IDENTIFIER
{
DWORD Length;
LPDWORD lpIdentifier;
} OBJECT_IDENTIFIER;
typedef OBJECT_IDENTIFIER *LPOBJECT_IDENTIFIER;
cpp_quote("//=============================================================================")
cpp_quote("// Set structure.")
cpp_quote("//=============================================================================")
typedef struct _SET
{
DWORD nEntries;
union
{
//... set of values
LPVOID lpVoidTable; // set of anything.
LPBYTE lpByteTable; // set of bytes
LPWORD lpWordTable; // set of words
LPDWORD lpDwordTable; // set of dwords
LPLARGEINT lpLargeIntTable; // set of LARGEINT structures
LPSYSTEMTIME lpSystemTimeTable; // set of SYSTEMTIME structures
//... set of labeled values
LPLABELED_BYTE lpLabeledByteTable; // set of labeled_byte structs
LPLABELED_WORD lpLabeledWordTable; // set of labeled_word structs
LPLABELED_DWORD lpLabeledDwordTable; // set of labeled_dword structs
LPLABELED_LARGEINT lpLabeledLargeIntTable; // set of Labeled_LARGEINT structs
LPLABELED_SYSTEMTIME lpLabeledSystemTimeTable; // set of labeled_systemtime structs
LPLABELED_BIT lpLabeledBit; // set of labeled_bit structs.
};
} SET;
typedef SET *LPSET;
cpp_quote("//=============================================================================")
cpp_quote("// String table.")
cpp_quote("//=============================================================================")
// needs to be cpp_quoted because of the zero length array
cpp_quote("typedef struct _STRINGTABLE")
cpp_quote("{")
cpp_quote(" DWORD nStrings;")
cpp_quote(" LPSTR String[0];")
cpp_quote("")
cpp_quote("} STRINGTABLE;")
cpp_quote("")
cpp_quote("typedef STRINGTABLE *LPSTRINGTABLE;")
cpp_quote("#define STRINGTABLE_SIZE sizeof(STRINGTABLE)")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// RECOGNIZEDATA structure.")
cpp_quote("//")
cpp_quote("// This structure to keep track of the start of each recognized protocol.")
cpp_quote("//=============================================================================")
typedef struct _RECOGNIZEDATA
{
WORD ProtocolID; //... Protocol which was recognized
WORD nProtocolOffset; //... Offset from the start of the frame of the start of this protocol.
LPVOID InstData; //... Opaque, for protocol only.
} RECOGNIZEDATA;
typedef RECOGNIZEDATA * LPRECOGNIZEDATA;
cpp_quote("//=============================================================================")
cpp_quote("// RECOGNIZEDATATABLE structure.")
cpp_quote("//")
cpp_quote("// This structure to keep track of the start of each RECOGNIZEDATA structure")
cpp_quote("//=============================================================================")
// needs to be cpp_quoted because of the zero length array
cpp_quote("typedef struct _RECOGNIZEDATATABLE")
cpp_quote("{")
cpp_quote(" WORD nRecognizeDatas; //... number of RECOGNIZEDATA structures")
cpp_quote(" RECOGNIZEDATA RecognizeData[0]; //... array of RECOGNIZEDATA structures follows")
cpp_quote("")
cpp_quote("} RECOGNIZEDATATABLE;")
cpp_quote("")
cpp_quote("typedef RECOGNIZEDATATABLE * LPRECOGNIZEDATATABLE;")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Property information structure.")
cpp_quote("//=============================================================================")
typedef struct _PROPERTYINFO
{
HPROPERTY hProperty; //... Handle to the property.
DWORD Version; //... Version of property.
LPSTR Label; //... name of property
LPSTR Comment; //... description of property
BYTE DataType; //... data type of property
BYTE DataQualifier; //... data qualifier of property
union
{
LPVOID lpExtendedInfo; //... generic pointer.
LPRANGE lpRange; //... pointer to range
LPSET lpSet; //... pointer to set
DWORD Bitmask; //... bitmask to apply
DWORD Value; //... constant value.
};
WORD FormatStringSize; //... max size to reserve for text description
LPVOID InstanceData; //... property-specific instance data.
} PROPERTYINFO;
typedef PROPERTYINFO *LPPROPERTYINFO;
const DWORD PROPERTYINFO_SIZE =sizeof(PROPERTYINFO);
cpp_quote("//=============================================================================")
cpp_quote("// Property instance Extended structure.")
cpp_quote("//=============================================================================")
// contains unaligned pointer, so must cpp_quote
cpp_quote("typedef struct _PROPERTYINSTEX")
cpp_quote("{")
cpp_quote(" WORD Length; //... length of raw data in frame")
cpp_quote(" WORD LengthEx; //... number of bytes following")
cpp_quote(" ULPVOID lpData; //... pointer to raw data in frame")
cpp_quote("")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" BYTE Byte[]; //... table of bytes follows")
cpp_quote(" WORD Word[]; //... table of words follows")
cpp_quote(" DWORD Dword[]; //... table of Dwords follows")
cpp_quote(" LARGE_INTEGER LargeInt[]; //... table of LARGEINT structures to follow")
cpp_quote(" SYSTEMTIME SysTime[]; //... table of SYSTEMTIME structures follows")
cpp_quote(" TYPED_STRING TypedString;//... a typed_string that may have extended data")
cpp_quote(" };")
cpp_quote("} PROPERTYINSTEX;")
cpp_quote("typedef PROPERTYINSTEX *LPPROPERTYINSTEX;")
cpp_quote("typedef PROPERTYINSTEX UNALIGNED *ULPPROPERTYINSTEX;")
cpp_quote("#define PROPERTYINSTEX_SIZE sizeof(PROPERTYINSTEX)")
cpp_quote("//=============================================================================")
cpp_quote("// Property instance structure.")
cpp_quote("//=============================================================================")
// contains unaligned pointer, so must cpp_quote
cpp_quote("typedef struct _PROPERTYINST")
cpp_quote("{")
cpp_quote(" LPPROPERTYINFO lpPropertyInfo; // pointer to property info")
cpp_quote(" LPSTR szPropertyText; // pointer to string description")
cpp_quote("")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" LPVOID lpData; // pointer to data")
cpp_quote(" ULPBYTE lpByte; // bytes")
cpp_quote(" ULPWORD lpWord; // words")
cpp_quote(" ULPDWORD lpDword; // dwords")
cpp_quote("")
cpp_quote(" ULPLARGEINT lpLargeInt; // LargeInt")
cpp_quote(" ULPSYSTEMTIME lpSysTime; // pointer to SYSTEMTIME structures")
cpp_quote(" LPPROPERTYINSTEX lpPropertyInstEx; // pointer to propertyinstex (if DataLength = -1)")
cpp_quote(" };")
cpp_quote("")
cpp_quote(" WORD DataLength; // length of data, or flag for propertyinstex struct")
cpp_quote(" WORD Level : 4 ; // level information ............1111")
cpp_quote(" WORD HelpID : 12 ; // context ID for helpfile 111111111111....")
cpp_quote(" // ---------------")
cpp_quote(" // total of 16 bits == 1 WORD == DWORD ALIGNED structure")
cpp_quote(" // Interpretation Flags: Flags that define attach time information to the")
cpp_quote(" // interpretation of the property. For example, in RPC, the client can be")
cpp_quote(" // Intel format and the server can be non-Intel format... thus the property")
cpp_quote(" // database cannot describe the property at database creation time.")
cpp_quote(" DWORD IFlags;")
cpp_quote("")
cpp_quote("} PROPERTYINST;")
cpp_quote("typedef PROPERTYINST *LPPROPERTYINST;")
cpp_quote("#define PROPERTYINST_SIZE sizeof(PROPERTYINST)")
cpp_quote("")
cpp_quote("// Flags passed at AttachPropertyInstance and AttachPropertyInstanceEx time in the IFlags field:")
cpp_quote("// flag for error condition ...............1")
const DWORD IFLAG_ERROR =0x00000001;
cpp_quote("// is the WORD or DWORD byte non-Intel format at attach time?")
const DWORD IFLAG_SWAPPED =0x00000002;
cpp_quote("// is the STRING UNICODE at attach time?")
const DWORD IFLAG_UNICODE =0x00000004;
cpp_quote("//=============================================================================")
cpp_quote("// Property instance table structure.")
cpp_quote("//=============================================================================")
typedef struct _PROPERTYINSTTABLE
{
WORD nPropertyInsts; //... number of items
WORD nPropertyInstIndex; //... index to first item
} PROPERTYINSTTABLE;
typedef PROPERTYINSTTABLE *LPPROPERTYINSTTABLE;
const DWORD PROPERTYINSTTABLE_SIZE =sizeof(PROPERTYINSTTABLE);
cpp_quote("//=============================================================================")
cpp_quote("// Property table structure.")
cpp_quote("//=============================================================================")
// contains a structure that contains an unaligned pointer, so must cpp_quote
cpp_quote("typedef struct _PROPERTYTABLE")
cpp_quote("{")
cpp_quote(" LPVOID lpFormatBuffer; //... Opaque. (PRIVATE)")
cpp_quote(" DWORD FormatBufferLength; //... Opaque. (PRIVATE)")
cpp_quote(" DWORD nTotalPropertyInsts; //... total number of propertyinstances in array")
cpp_quote(" LPPROPERTYINST lpFirstPropertyInst; //... array of property instances")
cpp_quote(" BYTE nPropertyInstTables; //... total PropertyIndexTables following")
cpp_quote(" PROPERTYINSTTABLE PropertyInstTable[0]; //... array of propertyinstance index table structures")
cpp_quote("")
cpp_quote("} PROPERTYTABLE;")
cpp_quote("")
cpp_quote("typedef PROPERTYTABLE *LPPROPERTYTABLE;")
cpp_quote("")
cpp_quote("#define PROPERTYTABLE_SIZE sizeof(PROPERTYTABLE)")
cpp_quote("//=============================================================================")
cpp_quote("// Protocol entry points.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("typedef VOID (WINAPI *REGISTER)(HPROTOCOL);")
cpp_quote("")
cpp_quote("typedef VOID (WINAPI *DEREGISTER)(HPROTOCOL);")
cpp_quote("")
cpp_quote("typedef LPBYTE (WINAPI *RECOGNIZEFRAME)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, LPDWORD, LPHPROTOCOL, PDWORD_PTR);")
cpp_quote("")
cpp_quote("typedef LPBYTE (WINAPI *ATTACHPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, DWORD_PTR);")
cpp_quote("")
cpp_quote("typedef DWORD (WINAPI *FORMATPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, LPPROPERTYINST);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Protocol entry point structure.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("typedef struct _ENTRYPOINTS")
cpp_quote("{")
cpp_quote(" REGISTER Register; //... Protocol Register() entry point.")
cpp_quote(" DEREGISTER Deregister; //... Protocol Deregister() entry point.")
cpp_quote(" RECOGNIZEFRAME RecognizeFrame; //... Protocol RecognizeFrame() entry point.")
cpp_quote(" ATTACHPROPERTIES AttachProperties; //... Protocol AttachProperties() entry point.")
cpp_quote(" FORMATPROPERTIES FormatProperties; //... Protocol FormatProperties() entry point.")
cpp_quote("")
cpp_quote("} ENTRYPOINTS;")
cpp_quote("")
cpp_quote("typedef ENTRYPOINTS *LPENTRYPOINTS;")
cpp_quote("")
cpp_quote("#define ENTRYPOINTS_SIZE sizeof(ENTRYPOINTS)")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Property database structure.")
cpp_quote("//=============================================================================")
// structure contains zero length array, must cpp_quote
cpp_quote("typedef struct _PROPERTYDATABASE")
cpp_quote("{")
cpp_quote(" DWORD nProperties; //... Number of properties in database.")
cpp_quote(" LPPROPERTYINFO PropertyInfo[0]; //... Array of property info pointers.")
cpp_quote("")
cpp_quote("} PROPERTYDATABASE;")
cpp_quote("#define PROPERTYDATABASE_SIZE sizeof(PROPERTYDATABASE)")
cpp_quote("typedef PROPERTYDATABASE *LPPROPERTYDATABASE;")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Protocol info structure (PUBLIC portion of HPROTOCOL).")
cpp_quote("//=============================================================================")
// structure contains a structure with a zero length array, must cpp_quote
cpp_quote("typedef struct _PROTOCOLINFO")
cpp_quote("{")
cpp_quote(" DWORD ProtocolID; //... Prootocol ID of owning protocol.")
cpp_quote(" LPPROPERTYDATABASE PropertyDatabase; //... Property database.")
cpp_quote(" BYTE ProtocolName[16]; //... Protocol name.")
cpp_quote(" BYTE HelpFile[16]; //... Optional helpfile name.")
cpp_quote(" BYTE Comment[128]; //... Comment describing protocol.")
cpp_quote("} PROTOCOLINFO;")
cpp_quote("typedef PROTOCOLINFO *LPPROTOCOLINFO;")
cpp_quote("#define PROTOCOLINFO_SIZE sizeof(PROTOCOLINFO)")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Protocol Table.")
cpp_quote("//=============================================================================")
typedef struct _PROTOCOLTABLE
{
DWORD nProtocols;
HPROTOCOL hProtocol[1]; //... This must be the last member.
} PROTOCOLTABLE;
typedef PROTOCOLTABLE *LPPROTOCOLTABLE;
const DWORD PROTOCOLTABLE_SIZE =(sizeof(PROTOCOLTABLE) - sizeof(HPROTOCOL));
cpp_quote("#define PROTOCOLTABLE_ACTUAL_SIZE(p) GetTableSize(PROTOCOLTABLE_SIZE, (p)->nProtocols, sizeof(HPROTOCOL))")
cpp_quote("//=============================================================================")
cpp_quote("// AddressInfo structure")
cpp_quote("//=============================================================================")
const DWORD SORT_BYADDRESS =0;
const DWORD SORT_BYNAME =1;
const DWORD PERMANENT_NAME =0x00000100;
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("typedef struct _ADDRESSINFO2")
cpp_quote("{")
cpp_quote(" ADDRESS2 Address;")
cpp_quote(" WCHAR Name[MAX_NAME_SIZE];")
cpp_quote(" DWORD Flags;")
cpp_quote(" LPVOID lpAddressInstData;")
cpp_quote("")
cpp_quote("} ADDRESSINFO2;")
cpp_quote("typedef struct _ADDRESSINFO2 *LPADDRESSINFO2;")
cpp_quote("#define ADDRESSINFO2_SIZE sizeof(ADDRESSINFO2)")
cpp_quote("//=============================================================================")
cpp_quote("// AddressInfoTable")
cpp_quote("//=============================================================================")
// structure contains structures with bitfields, so must cpp_quote
// also contains zero length array, so must cpp_quote
cpp_quote("typedef struct _ADDRESSINFOTABLE2")
cpp_quote("{")
cpp_quote(" DWORD nAddressInfos;")
cpp_quote(" LPADDRESSINFO2 lpAddressInfo[0];")
cpp_quote("")
cpp_quote("} ADDRESSINFOTABLE2;")
cpp_quote("typedef ADDRESSINFOTABLE2 *LPADDRESSINFOTABLE2;")
cpp_quote("#define ADDRESSINFOTABLE2_SIZE sizeof(ADDRESSINFOTABLE2)")
cpp_quote("//=============================================================================")
cpp_quote("// callback procedures.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("typedef DWORD (WINAPI *FILTERPROC)(HCAPTURE, HFRAME, LPVOID);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMErr.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// The operation succeeded.")
const DWORD NMERR_SUCCESS = 0;
cpp_quote("// An error occured creating a memory-mapped file.")
const DWORD NMERR_MEMORY_MAPPED_FILE_ERROR = 1;
cpp_quote("// The handle to a filter is invalid.")
const DWORD NMERR_INVALID_HFILTER = 2;
cpp_quote("// Capturing has already been started.")
const DWORD NMERR_CAPTURING = 3;
cpp_quote("// Capturing has not been started.")
const DWORD NMERR_NOT_CAPTURING = 4;
cpp_quote("// The are no frames available.")
const DWORD NMERR_NO_MORE_FRAMES = 5;
cpp_quote("// The buffer is too small to complete the operation.")
const DWORD NMERR_BUFFER_TOO_SMALL = 6;
cpp_quote("// No protocol was able to recognize the frame.")
const DWORD NMERR_FRAME_NOT_RECOGNIZED = 7;
cpp_quote("// The file already exists.")
const DWORD NMERR_FILE_ALREADY_EXISTS = 8;
cpp_quote("// A needed device driver was not found or is not loaded.")
const DWORD NMERR_DRIVER_NOT_FOUND = 9;
cpp_quote("// This address aready exists in the database.")
const DWORD NMERR_ADDRESS_ALREADY_EXISTS = 10;
cpp_quote("// The frame handle is invalid.")
const DWORD NMERR_INVALID_HFRAME = 11;
cpp_quote("// The protocol handle is invalid.")
const DWORD NMERR_INVALID_HPROTOCOL = 12;
cpp_quote("// The property handle is invalid.")
const DWORD NMERR_INVALID_HPROPERTY = 13;
cpp_quote("// The the object has been locked. ")
const DWORD NMERR_LOCKED = 14;
cpp_quote("// A pop operation was attempted on an empty stack.")
const DWORD NMERR_STACK_EMPTY = 15;
cpp_quote("// A push operation was attempted on an full stack.")
const DWORD NMERR_STACK_OVERFLOW = 16;
cpp_quote("// There are too many protocols active.")
const DWORD NMERR_TOO_MANY_PROTOCOLS = 17;
cpp_quote("// The file was not found.")
const DWORD NMERR_FILE_NOT_FOUND = 18;
cpp_quote("// No memory was available. Shut down windows to free up resources.")
const DWORD NMERR_OUT_OF_MEMORY = 19;
cpp_quote("// The capture is already in the paused state.")
const DWORD NMERR_CAPTURE_PAUSED = 20;
cpp_quote("// There are no buffers available or present.")
const DWORD NMERR_NO_BUFFERS = 21;
cpp_quote("// There are already buffers present.")
const DWORD NMERR_BUFFERS_ALREADY_EXIST = 22;
cpp_quote("// The object is not locked.")
const DWORD NMERR_NOT_LOCKED = 23;
cpp_quote("// A integer type was out of range.")
const DWORD NMERR_OUT_OF_RANGE = 24;
cpp_quote("// An object was locked too many times.")
const DWORD NMERR_LOCK_NESTING_TOO_DEEP = 25;
cpp_quote("// A parser failed to load.")
const DWORD NMERR_LOAD_PARSER_FAILED = 26;
cpp_quote("// A parser failed to unload.")
const DWORD NMERR_UNLOAD_PARSER_FAILED = 27;
cpp_quote("// The address database handle is invalid.")
const DWORD NMERR_INVALID_HADDRESSDB = 28;
cpp_quote("// The MAC address was not found in the database.")
const DWORD NMERR_ADDRESS_NOT_FOUND = 29;
cpp_quote("// The network software was not found in the system.")
const DWORD NMERR_NETWORK_NOT_PRESENT = 30;
cpp_quote("// There is no property database for a protocol.")
const DWORD NMERR_NO_PROPERTY_DATABASE = 31;
cpp_quote("// A property was not found in the database.")
const DWORD NMERR_PROPERTY_NOT_FOUND = 32;
cpp_quote("// The property database handle is in valid.")
const DWORD NMERR_INVALID_HPROPERTYDB = 33;
cpp_quote("// The protocol has not been enabled.")
const DWORD NMERR_PROTOCOL_NOT_ENABLED = 34;
cpp_quote("// The protocol DLL could not be found.")
const DWORD NMERR_PROTOCOL_NOT_FOUND = 35;
cpp_quote("// The parser DLL is not valid.")
const DWORD NMERR_INVALID_PARSER_DLL = 36;
cpp_quote("// There are no properties attached.")
const DWORD NMERR_NO_ATTACHED_PROPERTIES = 37;
cpp_quote("// There are no frames in the buffer.")
const DWORD NMERR_NO_FRAMES = 38;
cpp_quote("// The capture file format is not valid.")
const DWORD NMERR_INVALID_FILE_FORMAT = 39;
cpp_quote("// The OS could not create a temporary file.")
const DWORD NMERR_COULD_NOT_CREATE_TEMPFILE = 40;
cpp_quote("// There is not enough MS-DOS memory available.")
const DWORD NMERR_OUT_OF_DOS_MEMORY = 41;
cpp_quote("// There are no protocols enabled.")
const DWORD NMERR_NO_PROTOCOLS_ENABLED = 42;
cpp_quote("// The MAC type is invalid or unsupported.")
const DWORD NMERR_UNKNOWN_MACTYPE = 46;
cpp_quote("// There is no routing information present in the MAC frame.")
const DWORD NMERR_ROUTING_INFO_NOT_PRESENT = 47;
cpp_quote("// The network handle is invalid.")
const DWORD NMERR_INVALID_HNETWORK = 48;
cpp_quote("// The network is already open.")
const DWORD NMERR_NETWORK_ALREADY_OPENED = 49;
cpp_quote("// The network is not open.")
const DWORD NMERR_NETWORK_NOT_OPENED = 50;
cpp_quote("// The frame was not found in the buffer.")
const DWORD NMERR_FRAME_NOT_FOUND = 51;
cpp_quote("// There are no handles available.")
const DWORD NMERR_NO_HANDLES = 53;
cpp_quote("// The network ID is invalid.")
const DWORD NMERR_INVALID_NETWORK_ID = 54;
cpp_quote("// The capture handle is invalid.")
const DWORD NMERR_INVALID_HCAPTURE = 55;
cpp_quote("// The protocol has already been enabled.")
const DWORD NMERR_PROTOCOL_ALREADY_ENABLED = 56;
cpp_quote("// The filter expression is invalid.")
const DWORD NMERR_FILTER_INVALID_EXPRESSION = 57;
cpp_quote("// A transmit error occured.")
const DWORD NMERR_TRANSMIT_ERROR = 58;
cpp_quote("// The buffer handle is invalid.")
const DWORD NMERR_INVALID_HBUFFER = 59;
cpp_quote("// The specified data is unknown or invalid.")
const DWORD NMERR_INVALID_DATA = 60;
cpp_quote("// The MS-DOS/NDIS 2.0 network driver is not loaded.")
const DWORD NMERR_MSDOS_DRIVER_NOT_LOADED = 61;
cpp_quote("// The Windows VxD/NDIS 3.0 network driver is not loaded.")
const DWORD NMERR_WINDOWS_DRIVER_NOT_LOADED = 62;
cpp_quote("// The MS-DOS/NDIS 2.0 driver had an init-time failure.")
const DWORD NMERR_MSDOS_DRIVER_INIT_FAILURE = 63;
cpp_quote("// The Windows/NDIS 3.0 driver had an init-time failure.")
const DWORD NMERR_WINDOWS_DRIVER_INIT_FAILURE = 64;
cpp_quote("// The network driver is busy and cannot handle requests.")
const DWORD NMERR_NETWORK_BUSY = 65;
cpp_quote("// The capture is not paused.")
const DWORD NMERR_CAPTURE_NOT_PAUSED = 66;
cpp_quote("// The frame/packet length is not valid.")
const DWORD NMERR_INVALID_PACKET_LENGTH = 67;
cpp_quote("// An internal exception occured.")
const DWORD NMERR_INTERNAL_EXCEPTION = 69;
cpp_quote("// The MAC driver does not support promiscious mode.")
const DWORD NMERR_PROMISCUOUS_MODE_NOT_SUPPORTED= 70;
cpp_quote("// The MAC driver failed to open.")
const DWORD NMERR_MAC_DRIVER_OPEN_FAILURE = 71;
cpp_quote("// The protocol went off the end of the frame.")
const DWORD NMERR_RUNAWAY_PROTOCOL = 72;
cpp_quote("// An asynchronous operation is still pending.")
const DWORD NMERR_PENDING = 73;
cpp_quote("// Access is denied.")
const DWORD NMERR_ACCESS_DENIED = 74;
cpp_quote("// The password handle is invalid.")
const DWORD NMERR_INVALID_HPASSWORD = 75;
cpp_quote("// A bad parameter was detected.")
const DWORD NMERR_INVALID_PARAMETER = 76;
cpp_quote("// An error occured reading the file.")
const DWORD NMERR_FILE_READ_ERROR = 77;
cpp_quote("// An error occured writing to the file.")
const DWORD NMERR_FILE_WRITE_ERROR = 78;
cpp_quote("// The protocol has not been registered")
const DWORD NMERR_PROTOCOL_NOT_REGISTERED = 79;
cpp_quote("// The frame does not contain an IP address.")
const DWORD NMERR_IP_ADDRESS_NOT_FOUND = 80;
cpp_quote("// The transmit request was cancelled.")
const DWORD NMERR_TRANSMIT_CANCELLED = 81;
cpp_quote("// The operation cannot be performed on a capture with 1 or more locked frames.")
const DWORD NMERR_LOCKED_FRAMES = 82;
cpp_quote("// A cancel transmit request was submitted but there were no transmits pending.")
const DWORD NMERR_NO_TRANSMITS_PENDING = 83;
cpp_quote("// Path not found.")
const DWORD NMERR_PATH_NOT_FOUND = 84;
cpp_quote("// A windows error has occured.")
const DWORD NMERR_WINDOWS_ERROR = 85;
cpp_quote("// The handle to the frame has no frame number.")
const DWORD NMERR_NO_FRAME_NUMBER = 86;
cpp_quote("// The frame is not associated with any capture.")
const DWORD NMERR_FRAME_HAS_NO_CAPTURE = 87;
cpp_quote("// The frame is already associated with a capture.")
const DWORD NMERR_FRAME_ALREADY_HAS_CAPTURE = 88;
cpp_quote("// The NAL is not remotable.")
const DWORD NMERR_NAL_IS_NOT_REMOTE = 89;
cpp_quote("// The API is not supported")
const DWORD NMERR_NOT_SUPPORTED = 90;
cpp_quote("// Network Monitor should discard the current frame. ")
cpp_quote("// This error code is only used during a filtered SaveCapture() API call.")
const DWORD NMERR_DISCARD_FRAME = 91;
cpp_quote("// Network Monitor should cancel the current save. ")
cpp_quote("// This error code is only used during a filtered SaveCapture() API call.")
const DWORD NMERR_CANCEL_SAVE_CAPTURE = 92;
cpp_quote("// The connection to the remote machine has been lost")
const DWORD NMERR_LOST_CONNECTION = 93;
cpp_quote("// The media/mac type is not valid.")
const DWORD NMERR_INVALID_MEDIA_TYPE = 94;
cpp_quote("// The Remote Agent is currently in use")
const DWORD NMERR_AGENT_IN_USE = 95;
cpp_quote("// The request has timed out")
const DWORD NMERR_TIMEOUT = 96;
cpp_quote("// The remote agent has been disconnected")
const DWORD NMERR_DISCONNECTED = 97;
cpp_quote("// A timer required for operation failed creation")
const DWORD NMERR_SETTIMER_FAILED = 98;
cpp_quote("// A network error occured.")
const DWORD NMERR_NETWORK_ERROR = 99;
cpp_quote("// Frame callback procedure is not valid")
const DWORD NMERR_INVALID_FRAMESPROC = 100;
cpp_quote("// Capture type specified is unknown")
const DWORD NMERR_UNKNOWN_CAPTURETYPE = 101;
cpp_quote("// The NPP is not connected to a network.")
const DWORD NMERR_NOT_CONNECTED = 102;
cpp_quote("// The NPP is already connected to a network.")
const DWORD NMERR_ALREADY_CONNECTED = 103;
cpp_quote("// The registry tag does not indicate a known configuration.")
const DWORD NMERR_INVALID_REGISTRY_CONFIGURATION= 104;
cpp_quote("// The NPP is currently configured for delayed capturing.")
const DWORD NMERR_DELAYED = 105;
cpp_quote("// The NPP is not currently configured for delayed capturing.")
const DWORD NMERR_NOT_DELAYED = 106;
cpp_quote("// The NPP is currently configured for real time capturing.")
const DWORD NMERR_REALTIME = 107;
cpp_quote("// The NPP is not currently configured for real time capturing.")
const DWORD NMERR_NOT_REALTIME = 108;
cpp_quote("// The NPP is currently configured for stats only capturing.")
const DWORD NMERR_STATS_ONLY = 109;
cpp_quote("// The NPP is not currently configured for stats only capturing.")
const DWORD NMERR_NOT_STATS_ONLY = 110;
cpp_quote("// The NPP is currently configured for transmitting.")
const DWORD NMERR_TRANSMIT = 111;
cpp_quote("// The NPP is not currently configured for transmitting.")
const DWORD NMERR_NOT_TRANSMIT = 112;
cpp_quote("// The NPP is currently transmitting")
const DWORD NMERR_TRANSMITTING = 113;
cpp_quote("// The specified capture file hard disk is not local")
const DWORD NMERR_DISK_NOT_LOCAL_FIXED = 114;
cpp_quote("// Could not create the default capture directory on the given disk")
const DWORD NMERR_COULD_NOT_CREATE_DIRECTORY = 115;
cpp_quote("// The default capture directory was not set in the registry:")
cpp_quote("// HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\nm\\Parameters\\CapturePath")
const DWORD NMERR_NO_DEFAULT_CAPTURE_DIRECTORY = 116;
cpp_quote("// The capture file is an uplevel version that this netmon does not understand")
const DWORD NMERR_UPLEVEL_CAPTURE_FILE = 117;
cpp_quote("// An expert failed to load.")
const DWORD NMERR_LOAD_EXPERT_FAILED = 118;
cpp_quote("// An expert failed to report its EXPERT_INFO structs.")
const DWORD NMERR_EXPERT_REPORT_FAILED = 119;
cpp_quote("// Registry API call failed.")
const DWORD NMERR_REG_OPERATION_FAILED = 120;
cpp_quote("// Registry API call failed.")
const DWORD NMERR_NO_DLLS_FOUND = 121;
cpp_quote("// There are no conversation stats, they were not asked for.")
const DWORD NMERR_NO_CONVERSATION_STATS = 122;
cpp_quote("// We have received a security response packet from a security monitor.")
const DWORD NMERR_SECURITY_BREACH_CAPTURE_DELETED = 123;
cpp_quote("// The given frame failed the display filter.")
const DWORD NMERR_FRAME_FAILED_FILTER = 124;
cpp_quote("// Netmon wants the Expert to stop running.")
const DWORD NMERR_EXPERT_TERMINATE = 125;
cpp_quote("// Netmon needs the remote machine to be a server.")
const DWORD NMERR_REMOTE_NOT_A_SERVER = 126;
cpp_quote("// Netmon needs the remote machine to be a server.")
const DWORD NMERR_REMOTE_VERSION_OUTOFSYNC = 127;
cpp_quote("// The supplied group is an invalid handle")
const DWORD NMERR_INVALID_EXPERT_GROUP = 128;
cpp_quote("// The supplied expert name cannot be found")
const DWORD NMERR_INVALID_EXPERT_NAME = 129;
cpp_quote("// The supplied expert name cannot be found")
const DWORD NMERR_INVALID_EXPERT_HANDLE= 130;
cpp_quote("// The supplied group name already exists")
const DWORD NMERR_GROUP_NAME_ALREADY_EXISTS = 131;
cpp_quote("// The supplied group name is invalid")
const DWORD NMERR_INVALID_GROUP_NAME = 132;
cpp_quote("// The supplied Expert is already in the group. ")
const DWORD NMERR_EXPERT_ALREADY_IN_GROUP = 133;
cpp_quote("// The Expert cannot be deleted from the group because it is not in the group")
const DWORD NMERR_EXPERT_NOT_IN_GROUP = 134;
cpp_quote("// The COM object has not been initialized")
const DWORD NMERR_NOT_INITIALIZED = 135;
cpp_quote("// Cannot perform function to Root group")
const DWORD NMERR_INVALID_GROUP_ROOT = 136;
cpp_quote("// Potential data structure mismatch between NdisNpp and Driver.")
const DWORD NMERR_BAD_VERSION = 137;
cpp_quote("// The NPP is currently configured for ESP capturing.")
const DWORD NMERR_ESP = 138;
cpp_quote("// The NPP is not currently configured for ESP capturing.")
const DWORD NMERR_NOT_ESP = 139;
cpp_quote("//=============================================================================")
cpp_quote("// Blob Errors")
cpp_quote("//=============================================================================")
const DWORD NMERR_BLOB_NOT_INITIALIZED =1000;
const DWORD NMERR_INVALID_BLOB =1001;
const DWORD NMERR_UPLEVEL_BLOB =1002;
const DWORD NMERR_BLOB_ENTRY_ALREADY_EXISTS =1003;
const DWORD NMERR_BLOB_ENTRY_DOES_NOT_EXIST =1004;
const DWORD NMERR_AMBIGUOUS_SPECIFIER =1005;
const DWORD NMERR_BLOB_OWNER_NOT_FOUND =1006;
const DWORD NMERR_BLOB_CATEGORY_NOT_FOUND =1007;
const DWORD NMERR_UNKNOWN_CATEGORY =1008;
const DWORD NMERR_UNKNOWN_TAG =1009;
const DWORD NMERR_BLOB_CONVERSION_ERROR =1010;
const DWORD NMERR_ILLEGAL_TRIGGER =1011;
const DWORD NMERR_BLOB_STRING_INVALID =1012;
cpp_quote("//=============================================================================")
cpp_quote("// FINDER errors")
cpp_quote("//=============================================================================")
const DWORD NMERR_UNABLE_TO_LOAD_LIBRARY =1013;
const DWORD NMERR_UNABLE_TO_GET_PROCADDR =1014;
const DWORD NMERR_CLASS_NOT_REGISTERED =1015;
const DWORD NMERR_INVALID_REMOTE_COMPUTERNAME =1016;
const DWORD NMERR_RPC_REMOTE_FAILURE =1017;
const DWORD NMERR_NO_NPPS =3016;
const DWORD NMERR_NO_MATCHING_NPPS =3017;
const DWORD NMERR_NO_NPP_SELECTED =3018;
const DWORD NMERR_NO_INPUT_BLOBS =3019;
const DWORD NMERR_NO_NPP_DLLS =3020;
const DWORD NMERR_NO_VALID_NPP_DLLS =3021;
cpp_quote("//=============================================================================")
cpp_quote("// Error Macros")
cpp_quote("//=============================================================================")
cpp_quote("#ifndef INLINE")
cpp_quote("#define INLINE __inline")
cpp_quote("#endif // INLINE")
#ifndef HRESULT
typedef LONG HRESULT; // From wtypes.h
#endif // HRESULT
cpp_quote("// normal Network Monitor errors will be put into the code portion of an hresult")
cpp_quote("// for return from OLE objects:")
cpp_quote("// these two macros will help to create and crack the scode")
cpp_quote("INLINE HRESULT NMERR_TO_HRESULT( DWORD nmerror )")
cpp_quote("{")
cpp_quote(" HRESULT hResult;")
cpp_quote(" if (nmerror == NMERR_SUCCESS)")
cpp_quote(" hResult = NOERROR;")
cpp_quote(" else")
cpp_quote(" hResult = MAKE_HRESULT( SEVERITY_ERROR,FACILITY_ITF, (WORD)nmerror) ;")
cpp_quote("")
cpp_quote(" return hResult;")
cpp_quote("}")
cpp_quote("//We use to decide whether the first bit was set to 1 or 0, not regarding ")
cpp_quote("//whether the result passed with a warning set in the low word. Now we ")
cpp_quote("//disregard the first bit and pass back the warning.")
cpp_quote("INLINE DWORD HRESULT_TO_NMERR( HRESULT hResult )")
cpp_quote("{")
cpp_quote(" return HRESULT_CODE(hResult);")
cpp_quote("}")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (BHFilter.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//============================================================================")
cpp_quote("// types")
cpp_quote("//============================================================================")
typedef HFILTER * LPHFILTER;
typedef DWORD FILTERACTIONTYPE;
typedef DWORD VALUETYPE;
cpp_quote("// check for protocols existing in the frame.")
cpp_quote("")
cpp_quote("// ProtocolPart")
cpp_quote("// this is the raw data for a Protocol based expression")
cpp_quote("//")
cpp_quote("// WHAT FIELD DESCRIPTION EXAMPLE")
cpp_quote("// ---- ----- ----------- -------")
cpp_quote("// Count of Protocol(nPropertyDBs) Number of protocols to pass 5")
cpp_quote("// PropertyDB Table (PropertyDB) Table of HPROTOCOL SMB, LLC, MAC")
cpp_quote("//")
cpp_quote("// NOTE: the nPropertyDBs field may also be the following, which implies that")
cpp_quote("// all are selected but that none have actually been put into the structure")
const DWORD PROTOCOL_NUM_ANY =(-1);
typedef PROTOCOLTABLE PROTOCOLTABLETYPE;
typedef PROTOCOLTABLETYPE *LPPROTOCOLTABLETYPE;
cpp_quote("// filter bits stores who passed what filter per frame to speed up")
cpp_quote("// the filter process... This is actually an array.")
typedef DWORD FILTERBITS;
typedef FILTERBITS *LPFILTERBITS;
typedef SYSTEMTIME *LPTIME;
cpp_quote("typedef SYSTEMTIME UNALIGNED * ULPTIME;")
cpp_quote("// The Filter Object is the basic unit of the postfix stack.")
cpp_quote("// I need to restart the convert property to value if the comparison does not match.")
cpp_quote("// To do this, I need the original pointer to the property. Pull the hProperty out of")
cpp_quote("// the union so that the pointer to the property is saved.")
// contains an unaligned pointer, so must cpp_quote
cpp_quote("typedef struct _FILTEROBJECT2")
cpp_quote("{")
cpp_quote(" FILTERACTIONTYPE Action; // Object action, see codes below")
cpp_quote(" HPROPERTY hProperty; // property key")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" VALUETYPE Value; // value of the object.")
cpp_quote(" HPROTOCOL hProtocol; // protocol key.")
cpp_quote(" LPVOID lpArray; // if array, length is ItemCount below.")
cpp_quote(" LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.")
cpp_quote(" LPADDRESS2 lpAddress; // kernel type address, mac or ip")
cpp_quote(" ULPLARGEINT lpLargeInt; // Double DWORD used by NT")
cpp_quote(" ULPTIME lpTime; // pointer to SYSTEMTIME")
cpp_quote(" LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER")
cpp_quote("")
cpp_quote(" };")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" WORD ByteCount; // Number of BYTES!")
cpp_quote(" WORD ByteOffset; // offset for array compare")
cpp_quote(" };")
cpp_quote("")
cpp_quote(" struct _FILTEROBJECT2 * pNext; // reserved")
cpp_quote("")
cpp_quote("} FILTEROBJECT2;")
cpp_quote("")
cpp_quote("typedef FILTEROBJECT2 * LPFILTEROBJECT2;")
cpp_quote("")
cpp_quote("#define FILTERINFO_SIZE (sizeof(FILTEROBJECT2) )")
cpp_quote("")
cpp_quote("")
cpp_quote("")
cpp_quote("typedef struct _FILTERDESC2")
cpp_quote("{")
cpp_quote(" WORD NumEntries;")
cpp_quote(" WORD Flags; // private")
cpp_quote(" LPFILTEROBJECT2 lpStack;")
cpp_quote(" LPFILTEROBJECT2 lpKeepLast;")
cpp_quote(" LPVOID UIInstanceData; // UI specific information.")
cpp_quote(" LPFILTERBITS lpFilterBits; // cache who passed")
cpp_quote(" LPFILTERBITS lpCheckBits; // have we looked at it yet?")
cpp_quote(" ")
cpp_quote("} FILTERDESC2;")
cpp_quote("")
cpp_quote("typedef FILTERDESC2 * LPFILTERDESC2;")
cpp_quote("")
cpp_quote("#define FILTERDESC2_SIZE sizeof(FILTERDESC2)")
cpp_quote("// Obsolete, FILTEROBJECT2 should be used")
cpp_quote("typedef struct _FILTEROBJECT")
cpp_quote("{")
cpp_quote(" FILTERACTIONTYPE Action; // Object action, see codes below")
cpp_quote(" HPROPERTY hProperty; // property key")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" VALUETYPE Value; // value of the object.")
cpp_quote(" HPROTOCOL hProtocol; // protocol key.")
cpp_quote(" LPVOID lpArray; // if array, length is ItemCount below.")
cpp_quote(" LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.")
cpp_quote(" LPADDRESS lpAddress; // kernel type address, mac or ip")
cpp_quote(" ULPLARGEINT lpLargeInt; // Double DWORD used by NT")
cpp_quote(" ULPTIME lpTime; // pointer to SYSTEMTIME")
cpp_quote(" LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER")
cpp_quote("")
cpp_quote(" };")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" WORD ByteCount; // Number of BYTES!")
cpp_quote(" WORD ByteOffset; // offset for array compare")
cpp_quote(" };")
cpp_quote("")
cpp_quote(" struct _FILTEROBJECT * pNext; // reserved")
cpp_quote("")
cpp_quote("} FILTEROBJECT;")
cpp_quote("typedef FILTEROBJECT * LPFILTEROBJECT;")
cpp_quote("// Obsolete, FILTERDESC2 should be used")
cpp_quote("typedef struct _FILTERDESC")
cpp_quote("{")
cpp_quote(" WORD NumEntries;")
cpp_quote(" WORD Flags; // private")
cpp_quote(" LPFILTEROBJECT lpStack;")
cpp_quote(" LPFILTEROBJECT lpKeepLast;")
cpp_quote(" LPVOID UIInstanceData; // UI specific information.")
cpp_quote(" LPFILTERBITS lpFilterBits; // cache who passed")
cpp_quote(" LPFILTERBITS lpCheckBits; // have we looked at it yet?")
cpp_quote(" ")
cpp_quote("} FILTERDESC;")
cpp_quote("typedef FILTERDESC * LPFILTERDESC;")
cpp_quote("#define FILTERDESC_SIZE sizeof(FILTERDESC)")
cpp_quote("//============================================================================")
cpp_quote("// Macros.")
cpp_quote("//============================================================================")
cpp_quote("#define FilterGetUIInstanceData(hfilt) (((LPFILTERDESC2)hfilt)->UIInstanceData)")
cpp_quote("#define FilterSetUIInstanceData(hfilt,inst) (((LPFILTERDESC2)hfilt)->UIInstanceData = (LPVOID)inst)")
cpp_quote("//============================================================================")
cpp_quote("// defines")
cpp_quote("//============================================================================")
const DWORD FILTERFREEPOOLSTART =20;
const DWORD INVALIDELEMENT =-1;
const DWORD INVALIDVALUE =((VALUETYPE) -9999);
cpp_quote("// use filter failed to check the return code on FilterFrame.")
const DWORD FILTER_FAIL_WITH_ERROR =-1;
const DWORD FILTER_PASSED =TRUE;
const DWORD FILTER_FAILED =FALSE;
// NOTE NOTE NOTE If you change the values of the following constants, you
// MUST modify the TableEval table in filtloc.h.
const DWORD FILTERACTION_INVALID = 0;
const DWORD FILTERACTION_PROPERTY = 1;
const DWORD FILTERACTION_VALUE = 2;
const DWORD FILTERACTION_STRING = 3;
const DWORD FILTERACTION_ARRAY = 4;
const DWORD FILTERACTION_AND = 5;
const DWORD FILTERACTION_OR = 6;
const DWORD FILTERACTION_XOR = 7;
const DWORD FILTERACTION_PROPERTYEXIST = 8;
const DWORD FILTERACTION_CONTAINSNC = 9;
const DWORD FILTERACTION_CONTAINS =10;
const DWORD FILTERACTION_NOT =11;
const DWORD FILTERACTION_EQUALNC =12;
const DWORD FILTERACTION_EQUAL =13;
const DWORD FILTERACTION_NOTEQUALNC =14;
const DWORD FILTERACTION_NOTEQUAL =15;
const DWORD FILTERACTION_GREATERNC =16;
const DWORD FILTERACTION_GREATER =17;
const DWORD FILTERACTION_LESSNC =18;
const DWORD FILTERACTION_LESS =19;
const DWORD FILTERACTION_GREATEREQUALNC =20;
const DWORD FILTERACTION_GREATEREQUAL =21;
const DWORD FILTERACTION_LESSEQUALNC =22;
const DWORD FILTERACTION_LESSEQUAL =23;
const DWORD FILTERACTION_PLUS =24;
const DWORD FILTERACTION_MINUS =25;
const DWORD FILTERACTION_ADDRESS =26;
const DWORD FILTERACTION_ADDRESSANY =27;
const DWORD FILTERACTION_FROM =28;
const DWORD FILTERACTION_TO =29;
const DWORD FILTERACTION_FROMTO =30;
const DWORD FILTERACTION_AREBITSON =31;
const DWORD FILTERACTION_AREBITSOFF =32;
const DWORD FILTERACTION_PROTOCOLSEXIST =33;
const DWORD FILTERACTION_PROTOCOLEXIST =34;
const DWORD FILTERACTION_ARRAYEQUAL =35;
const DWORD FILTERACTION_DEREFPROPERTY =36;
const DWORD FILTERACTION_LARGEINT =37;
const DWORD FILTERACTION_TIME =38;
const DWORD FILTERACTION_ADDR_ETHER =39;
const DWORD FILTERACTION_ADDR_TOKEN =40;
const DWORD FILTERACTION_ADDR_FDDI =41;
const DWORD FILTERACTION_ADDR_IPX =42;
const DWORD FILTERACTION_ADDR_IP =43;
const DWORD FILTERACTION_OID =44;
const DWORD FILTERACTION_OID_CONTAINS =45;
const DWORD FILTERACTION_OID_BEGINS_WITH =46;
const DWORD FILTERACTION_OID_ENDS_WITH =47;
const DWORD FILTERACTION_ADDR_VINES =48;
const DWORD FILTERACTION_ADDR_IP6 =49;
const DWORD FILTERACTION_EXPRESSION =97;
const DWORD FILTERACTION_BOOL =98;
const DWORD FILTERACTION_NOEVAL =99;
const DWORD FILTER_NO_MORE_FRAMES =0xFFFFFFFF;
const DWORD FILTER_CANCELED =0xFFFFFFFE;
const DWORD FILTER_DIRECTION_NEXT =TRUE;
const DWORD FILTER_DIRECTION_PREV =FALSE;
cpp_quote("//============================================================================")
cpp_quote("// Helper functions.")
cpp_quote("//============================================================================")
cpp_quote("typedef BOOL (WINAPI *STATUSPROC)(DWORD, HCAPTURE, HFILTER, LPVOID);")
// callback to show filter status:
// DWORD nFrame
// HCAPTURE
// HFILTER
// LPVOID UI Instance data (hwnd)
cpp_quote("//=============================================================================")
cpp_quote("// FILTER API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("HFILTER WINAPI CreateFilter(VOID);")
cpp_quote("")
cpp_quote("DWORD WINAPI DestroyFilter(HFILTER hFilter);")
cpp_quote("")
cpp_quote("HFILTER WINAPI FilterDuplicate(HFILTER hFilter);")
cpp_quote("")
cpp_quote("DWORD WINAPI DisableParserFilter(HFILTER hFilter, HPARSER hParser);")
cpp_quote("")
cpp_quote("DWORD WINAPI EnableParserFilter(HFILTER hFilter, HPARSER hParser);")
cpp_quote("")
cpp_quote("DWORD WINAPI FilterAddObject(HFILTER hFilter, LPFILTEROBJECT2 lpFilterObject );")
cpp_quote("")
cpp_quote("VOID WINAPI FilterFlushBits(HFILTER hFilter);")
cpp_quote("")
cpp_quote("DWORD WINAPI FilterFrame(HFRAME hFrame, HFILTER hFilter, HCAPTURE hCapture);")
cpp_quote(" // returns -1 == check BH set last error")
cpp_quote(" // 0 == FALSE")
cpp_quote(" // 1 == TRUE")
cpp_quote("")
cpp_quote("BOOL WINAPI FilterAttachesProperties(HFILTER hFilter);")
cpp_quote("")
cpp_quote("DWORD WINAPI FilterFindFrame ( HFILTER hFilter,")
cpp_quote(" HCAPTURE hCapture,")
cpp_quote(" DWORD nFrame,")
cpp_quote(" STATUSPROC StatusProc,")
cpp_quote(" LPVOID UIInstance,")
cpp_quote(" DWORD TimeDelta,")
cpp_quote(" BOOL FilterDirection );")
cpp_quote("")
cpp_quote("HFRAME FilterFindPropertyInstance ( HFRAME hFrame, ")
cpp_quote(" HFILTER hMasterFilter, ")
cpp_quote(" HCAPTURE hCapture,")
cpp_quote(" HFILTER hInstanceFilter,")
cpp_quote(" LPPROPERTYINST *lpPropRestartKey,")
cpp_quote(" STATUSPROC StatusProc,")
cpp_quote(" LPVOID UIInstance,")
cpp_quote(" DWORD TimeDelta,")
cpp_quote(" BOOL FilterForward );")
cpp_quote("")
cpp_quote("")
cpp_quote("VOID WINAPI SetCurrentFilter(HFILTER);")
cpp_quote("HFILTER WINAPI GetCurrentFilter(VOID);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (Frame.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// 802.3 and ETHERNET MAC structure.")
cpp_quote("//=============================================================================")
// structure contains zero length array, must cpp_quote
cpp_quote("typedef struct _ETHERNET")
cpp_quote("{")
cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.")
cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" WORD Length; //... 802.3 length field.")
cpp_quote(" WORD Type; //... Ethernet type field.")
cpp_quote(" };")
cpp_quote(" BYTE Info[0]; //... information field.")
cpp_quote("")
cpp_quote("} ETHERNET;")
cpp_quote("typedef ETHERNET *LPETHERNET;")
cpp_quote("typedef ETHERNET UNALIGNED *ULPETHERNET;")
cpp_quote("#define ETHERNET_SIZE sizeof(ETHERNET)")
const DWORD ETHERNET_HEADER_LENGTH =14;
const DWORD ETHERNET_DATA_LENGTH =0x05DC;
const DWORD ETHERNET_FRAME_LENGTH =0x05EA;
const DWORD ETHERNET_FRAME_TYPE =0x0600;
cpp_quote("//=============================================================================")
cpp_quote("// Header for NM_ATM Packets.")
cpp_quote("//=============================================================================")
cpp_quote("")
//=============================================================================
// Header for NM_ATM Packets. -- change this & you must change netmon.idl
//=============================================================================
typedef struct _NM_ATM
{
UCHAR DstAddr[6];
UCHAR SrcAddr[6];
ULONG Vpi; // Network order
ULONG Vci; // Network order
} NM_ATM;
typedef NM_ATM* PNM_ATM;
typedef NM_ATM* UPNM_ATM;
cpp_quote("#define NM_ATM_HEADER_LENGTH sizeof(NM_ATM)")
//=============================================================================
// Header for NM_1394 Packets. -- change this & you must change netmon.idl
//=============================================================================
#pragma pack(push, 1)
typedef struct _NM_1394
{
UCHAR DstAddr[6];
UCHAR SrcAddr[6];
ULONGLONG VcId;
} NM_1394;
typedef NM_1394* PNM_1394;
typedef NM_1394* UPNM_1394;
cpp_quote("#define NM_1394_HEADER_LENGTH sizeof(NM_1394)")
cpp_quote("//=============================================================================")
cpp_quote("// 802.5 (TOKENRING) MAC structure.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// This structure is used to decode network data and so needs to be packed")
// structure contains bitfields, so must cpp_quote
// also contains zero length array, so must cpp_quote
cpp_quote("typedef struct _TOKENRING")
cpp_quote("{")
cpp_quote(" BYTE AccessCtrl; //... access control field.")
cpp_quote(" BYTE FrameCtrl; //... frame control field.")
cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.")
cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" BYTE Info[0]; //... information field.")
cpp_quote(" WORD RoutingInfo[0]; //... routing information field.")
cpp_quote(" };")
cpp_quote("} TOKENRING;")
cpp_quote("")
cpp_quote("typedef TOKENRING *LPTOKENRING;")
cpp_quote("typedef TOKENRING UNALIGNED *ULPTOKENRING;")
cpp_quote("#define TOKENRING_SIZE sizeof(TOKENRING)")
const DWORD TOKENRING_HEADER_LENGTH =14;
const WORD TOKENRING_SA_ROUTING_INFO =0x0080;
const WORD TOKENRING_SA_LOCAL =0x0040;
const WORD TOKENRING_DA_LOCAL =0x0040;
const WORD TOKENRING_DA_GROUP =0x0080;
const WORD TOKENRING_RC_LENGTHMASK =0x001F;
const WORD TOKENRING_BC_MASK =0x00E0;
const WORD TOKENRING_TYPE_MAC =0x0000;
const WORD TOKENRING_TYPE_LLC =0x0040;
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// FDDI MAC structure.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// This structure is used to decode network data and so needs to be packed")
#pragma pack(push, 1)
// This structure contains a zero length array, must be cpp_quoted
cpp_quote("typedef struct _FDDI")
cpp_quote("{")
cpp_quote(" BYTE FrameCtrl; //... frame control field.")
cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.")
cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.")
cpp_quote(" BYTE Info[0]; //... information field.")
cpp_quote("")
cpp_quote("} FDDI;")
cpp_quote("#define FDDI_SIZE sizeof(FDDI)")
cpp_quote("typedef FDDI *LPFDDI;")
cpp_quote("typedef FDDI UNALIGNED *ULPFDDI;")
const DWORD FDDI_HEADER_LENGTH =13;
const DWORD FDDI_TYPE_MAC =0x00;
const DWORD FDDI_TYPE_LLC =0x10;
const DWORD FDDI_TYPE_LONG_ADDRESS =0x40;
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// LLC (802.2)")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// This structure is used to decode network data and so needs to be packed")
#pragma pack(push, 1)
typedef struct _LLC
{
BYTE dsap;
BYTE ssap;
struct
{
union
{
BYTE Command;
BYTE NextSend;
};
union
{
BYTE NextRecv;
BYTE Data[1];
};
} ControlField;
} LLC;
typedef LLC *LPLLC;
cpp_quote("typedef LLC UNALIGNED *ULPLLC;")
const DWORD LLC_SIZE =sizeof(LLC);
#pragma pack(pop)
cpp_quote("//=============================================================================")
cpp_quote("// Helper macros.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("#define IsRoutingInfoPresent(f) ((((ULPTOKENRING) (f))->SrcAddr[0] & TOKENRING_SA_ROUTING_INFO) ? TRUE : FALSE)")
cpp_quote("")
cpp_quote("#define GetRoutingInfoLength(f) (IsRoutingInfoPresent(f) \\")
cpp_quote(" ? (((ULPTOKENRING) (f))->RoutingInfo[0] & TOKENRING_RC_LENGTHMASK) : 0)")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (Parser.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Format Procedure Type.")
cpp_quote("//")
cpp_quote("// NOTE: All format functions *must* be declared as WINAPIV not WINAPI!")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("typedef VOID (WINAPIV *FORMAT)(LPPROPERTYINST, ...);")
cpp_quote("")
cpp_quote("// The protocol recognized the frame and moved the pointer to end of its")
cpp_quote("// protocol header. Network Monitor uses the protocols follow set to continue")
cpp_quote("// parsing.")
const DWORD PROTOCOL_STATUS_RECOGNIZED = 0;
cpp_quote("// The protocol did not recognized the frame and did not move the pointer")
cpp_quote("// (i.e. the start data pointer which was passed in). Network Monitor uses the")
cpp_quote("// protocols follow set to continue parsing.")
const DWORD PROTOCOL_STATUS_NOT_RECOGNIZED = 1;
cpp_quote("// The protocol recognized the frame and claimed it all for itself,")
cpp_quote("// and parsing terminates.")
const DWORD PROTOCOL_STATUS_CLAIMED = 2;
cpp_quote("// The protocol recognized the frame and moved the pointer to end of its")
cpp_quote("// protocol header. The current protocol requests that Network Monitor ")
cpp_quote("// continue parsing at a known next protocol by returning the next protocols")
cpp_quote("// handle back to Network Monitor. In this case, the follow of the current ")
cpp_quote("// protocol, if any, is not used.")
const DWORD PROTOCOL_STATUS_NEXT_PROTOCOL = 3;
cpp_quote("//=============================================================================")
cpp_quote("// Macros.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("extern BYTE HexTable[];")
cpp_quote("")
cpp_quote("#define XCHG(x) MAKEWORD( HIBYTE(x), LOBYTE(x) )")
cpp_quote("")
cpp_quote("#define DXCHG(x) MAKELONG( XCHG(HIWORD(x)), XCHG(LOWORD(x)) )")
cpp_quote("")
cpp_quote("#define LONIBBLE(b) ((BYTE) ((b) & 0x0F))")
cpp_quote("")
cpp_quote("#define HINIBBLE(b) ((BYTE) ((b) >> 4))")
cpp_quote("")
cpp_quote("#define HEX(b) (HexTable[LONIBBLE(b)])")
cpp_quote("")
cpp_quote("#define SWAPBYTES(w) ((w) = XCHG(w))")
cpp_quote("")
cpp_quote("#define SWAPWORDS(d) ((d) = DXCHG(d))")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// All the MAC frame types combined.")
cpp_quote("//=============================================================================")
// structure contains structures with bitfields, so must cpp_quote
cpp_quote("typedef union _MACFRAME")
cpp_quote("{")
cpp_quote(" LPBYTE MacHeader; //... generic pointer.")
cpp_quote(" LPETHERNET Ethernet; //... ethernet pointer.")
cpp_quote(" LPTOKENRING Tokenring; //... tokenring pointer.")
cpp_quote(" LPFDDI Fddi; //... FDDI pointer.")
cpp_quote("")
cpp_quote("} MACFRAME;")
cpp_quote("typedef MACFRAME *LPMACFRAME;")
cpp_quote("")
cpp_quote("#define HOT_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'T', '$')")
cpp_quote("#define HOE_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'E', '$')")
typedef struct _HANDOFFENTRY
{
DWORD hoe_sig; //... 'HOE$'
DWORD hoe_ProtIdentNumber; //Port/Socket number used to determine who to handoff to
HPROTOCOL hoe_ProtocolHandle; //Handle of Protocol to hand off to
DWORD hoe_ProtocolData; //Additional Data to pass to protocol when handed off
} HANDOFFENTRY;
typedef HANDOFFENTRY * LPHANDOFFENTRY;
typedef struct _HANDOFFTABLE
{
DWORD hot_sig; //... 'HOT$'
DWORD hot_NumEntries;
LPHANDOFFENTRY hot_Entries;
} HANDOFFTABLE, *LPHANDOFFTABLE;
cpp_quote("//=============================================================================")
cpp_quote("// Parser helper macros.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("INLINE LPVOID GetPropertyInstanceData(LPPROPERTYINST PropertyInst)")
cpp_quote("{")
cpp_quote(" if ( PropertyInst->DataLength != (WORD) -1 )")
cpp_quote(" {")
cpp_quote(" return PropertyInst->lpData;")
cpp_quote(" }")
cpp_quote("")
cpp_quote(" return (LPVOID) PropertyInst->lpPropertyInstEx->Byte;")
cpp_quote("}")
cpp_quote("")
cpp_quote("#define GetPropertyInstanceDataValue(p, type) ((type *) GetPropertyInstanceData(p))[0]")
cpp_quote("")
cpp_quote("INLINE DWORD GetPropertyInstanceFrameDataLength(LPPROPERTYINST PropertyInst)")
cpp_quote("{")
cpp_quote(" if ( PropertyInst->DataLength != (WORD) -1 )")
cpp_quote(" {")
cpp_quote(" return PropertyInst->DataLength;")
cpp_quote(" }")
cpp_quote("")
cpp_quote(" return PropertyInst->lpPropertyInstEx->Length;")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE DWORD GetPropertyInstanceExDataLength(LPPROPERTYINST PropertyInst)")
cpp_quote("{")
cpp_quote(" if ( PropertyInst->DataLength == (WORD) -1 )")
cpp_quote(" {")
cpp_quote(" PropertyInst->lpPropertyInstEx->Length;")
cpp_quote(" }")
cpp_quote("")
cpp_quote(" return (WORD) -1;")
cpp_quote("}")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Parser helper functions.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("LPLABELED_WORD WINAPI GetProtocolDescriptionTable(LPDWORD TableSize);")
cpp_quote("")
cpp_quote("LPLABELED_WORD WINAPI GetProtocolDescription(DWORD ProtocolID);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetMacHeaderLength(LPVOID MacHeader, DWORD MacType);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetLLCHeaderLength(LPLLC Frame);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetEtype(LPVOID MacHeader, DWORD MacType);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetSaps(LPVOID MacHeader, DWORD MacType);")
cpp_quote("")
cpp_quote("BOOL WINAPI IsLLCPresent(LPVOID MacHeader, DWORD MacType);")
cpp_quote("")
cpp_quote("VOID WINAPI CanonicalizeHexString(LPSTR hex, LPSTR dest, DWORD len);")
cpp_quote("")
cpp_quote("void WINAPI CanonHex(UCHAR * pDest, UCHAR * pSource, int iLen, BOOL fOx );")
cpp_quote("")
cpp_quote("DWORD WINAPI ByteToBinary(LPSTR string, DWORD ByteValue);")
cpp_quote("")
cpp_quote("DWORD WINAPI WordToBinary(LPSTR string, DWORD WordValue);")
cpp_quote("")
cpp_quote("DWORD WINAPI DwordToBinary(LPSTR string, DWORD DwordValue);")
cpp_quote("")
cpp_quote("LPSTR WINAPI AddressToString(LPSTR string, BYTE *lpAddress);")
cpp_quote("")
cpp_quote("LPBYTE WINAPI StringToAddress(BYTE *lpAddress, LPSTR string);")
cpp_quote("")
cpp_quote("LPDWORD WINAPI VarLenSmallIntToDword( LPBYTE pValue, ")
cpp_quote(" WORD ValueLen, ")
cpp_quote(" BOOL fIsByteswapped,")
cpp_quote(" LPDWORD lpDword );")
cpp_quote("")
cpp_quote("LPBYTE WINAPI LookupByteSetString (LPSET lpSet, BYTE Value);")
cpp_quote("")
cpp_quote("LPBYTE WINAPI LookupWordSetString (LPSET lpSet, WORD Value);")
cpp_quote("")
cpp_quote("LPBYTE WINAPI LookupDwordSetString (LPSET lpSet, DWORD Value);")
cpp_quote("")
cpp_quote("DWORD WINAPIV FormatByteFlags(LPSTR string, DWORD ByteValue, DWORD BitMask);")
cpp_quote("")
cpp_quote("DWORD WINAPIV FormatWordFlags(LPSTR string, DWORD WordValue, DWORD BitMask);")
cpp_quote("")
cpp_quote("DWORD WINAPIV FormatDwordFlags(LPSTR string, DWORD DwordValue, DWORD BitMask);")
cpp_quote("")
cpp_quote("LPSTR WINAPIV FormatTimeAsString(SYSTEMTIME *time, LPSTR string);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatLabeledByteSetAsFlags(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatLabeledWordSetAsFlags(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatLabeledDwordSetAsFlags(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsByte(LPPROPERTYINST lpPropertyInst, DWORD Base);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsWord(LPPROPERTYINST lpPropertyInst, DWORD Base);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsDword(LPPROPERTYINST lpPropertyInst, DWORD Base);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatLabeledByteSet(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatLabeledWordSet(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatLabeledDwordSet(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsInt64(LPPROPERTYINST lpPropertyInst, DWORD Base);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsTime(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsString(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("VOID WINAPIV FormatPropertyDataAsHexString(LPPROPERTYINST lpPropertyInst);")
cpp_quote("")
cpp_quote("// Parsers should NOT call LockFrame(). If a parser takes a lock and then gets")
cpp_quote("// faulted or returns without unlocking, it leaves the system in a state where")
cpp_quote("// it cannot change protocols or cut/copy frames. Parsers should use ParserTemporaryLockFrame")
cpp_quote("// which grants a lock ONLY during the context of the api entry into the parser. The ")
cpp_quote("// lock is released on exit from the parser for that frame.")
cpp_quote("ULPBYTE WINAPI ParserTemporaryLockFrame(HFRAME hFrame);")
cpp_quote("")
cpp_quote("LPVOID WINAPI GetCCInstPtr(VOID);")
cpp_quote("VOID WINAPI SetCCInstPtr(LPVOID lpCurCaptureInst);")
cpp_quote("LPVOID WINAPI CCHeapAlloc(DWORD dwBytes, BOOL bZeroInit);")
cpp_quote("LPVOID WINAPI CCHeapReAlloc(LPVOID lpMem, DWORD dwBytes, BOOL bZeroInit);")
cpp_quote("BOOL WINAPI CCHeapFree(LPVOID lpMem);")
cpp_quote("SIZE_T WINAPI CCHeapSize(LPVOID lpMem);")
cpp_quote("")
cpp_quote("BOOL _cdecl BERGetInteger( ULPBYTE pCurrentPointer,")
cpp_quote(" ULPBYTE *ppValuePointer,")
cpp_quote(" LPDWORD pHeaderLength,")
cpp_quote(" LPDWORD pDataLength,")
cpp_quote(" ULPBYTE *ppNext);")
cpp_quote("BOOL _cdecl BERGetString( ULPBYTE pCurrentPointer,")
cpp_quote(" ULPBYTE *ppValuePointer,")
cpp_quote(" LPDWORD pHeaderLength,")
cpp_quote(" LPDWORD pDataLength,")
cpp_quote(" ULPBYTE *ppNext);")
cpp_quote("BOOL _cdecl BERGetHeader( ULPBYTE pCurrentPointer,")
cpp_quote(" ULPBYTE pTag,")
cpp_quote(" LPDWORD pHeaderLength,")
cpp_quote(" LPDWORD pDataLength,")
cpp_quote(" ULPBYTE *ppNext);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Parser Finder Structures.")
cpp_quote("//=============================================================================")
const DWORD MAX_PROTOCOL_COMMENT_LEN =256;
const DWORD NETMON_MAX_PROTOCOL_NAME_LEN =16;
cpp_quote("// the constant MAX_PROTOCOL_NAME_LEN conflicts with one of the same name")
cpp_quote("// but different size in rtutils.h.")
cpp_quote("// So if both headers are included, we do not define MAX_PROTOCOL_NAME_LEN.")
cpp_quote("#ifndef MAX_PROTOCOL_NAME_LEN")
const DWORD MAX_PROTOCOL_NAME_LEN =NETMON_MAX_PROTOCOL_NAME_LEN;
cpp_quote("#else")
cpp_quote("#undef MAX_PROTOCOL_NAME_LEN")
cpp_quote("#endif")
cpp_quote("// Handoff Value Format Base")
typedef enum
{
HANDOFF_VALUE_FORMAT_BASE_UNKNOWN = 0,
HANDOFF_VALUE_FORMAT_BASE_DECIMAL = 10,
HANDOFF_VALUE_FORMAT_BASE_HEX = 16
} PF_HANDOFFVALUEFORMATBASE;
cpp_quote("// PF_HANDOFFENTRY")
typedef struct _PF_HANDOFFENTRY
{
char szIniFile[MAX_PATH];
char szIniSection[MAX_PATH];
char szProtocol[NETMON_MAX_PROTOCOL_NAME_LEN];
DWORD dwHandOffValue;
PF_HANDOFFVALUEFORMATBASE ValueFormatBase;
} PF_HANDOFFENTRY;
typedef PF_HANDOFFENTRY* PPF_HANDOFFENTRY;
cpp_quote("// PF_HANDOFFSET")
// Structure contains zero length array, must cpp_quote
cpp_quote("typedef struct _PF_HANDOFFSET")
cpp_quote("{")
cpp_quote(" DWORD nEntries;")
cpp_quote(" PF_HANDOFFENTRY Entry[0];")
cpp_quote("")
cpp_quote("} PF_HANDOFFSET;")
cpp_quote("typedef PF_HANDOFFSET* PPF_HANDOFFSET;")
cpp_quote("// FOLLOWENTRY")
typedef struct _PF_FOLLOWENTRY
{
char szProtocol[NETMON_MAX_PROTOCOL_NAME_LEN];
} PF_FOLLOWENTRY;
typedef PF_FOLLOWENTRY* PPF_FOLLOWENTRY;
cpp_quote("// PF_FOLLOWSET")
// Structure contains zero length array, must cpp_quote
cpp_quote("typedef struct _PF_FOLLOWSET")
cpp_quote("{")
cpp_quote(" DWORD nEntries;")
cpp_quote(" PF_FOLLOWENTRY Entry[0];")
cpp_quote("")
cpp_quote("} PF_FOLLOWSET;")
cpp_quote("typedef PF_FOLLOWSET* PPF_FOLLOWSET;")
cpp_quote("")
cpp_quote("// PARSERINFO - contains information about a single parser")
// Structure contains structures with zero length arrays, must cpp_quote
cpp_quote("typedef struct _PF_PARSERINFO")
cpp_quote("{")
cpp_quote(" char szProtocolName[NETMON_MAX_PROTOCOL_NAME_LEN];")
cpp_quote(" char szComment[MAX_PROTOCOL_COMMENT_LEN];")
cpp_quote(" char szHelpFile[MAX_PATH];")
cpp_quote("")
cpp_quote(" PPF_FOLLOWSET pWhoCanPrecedeMe;")
cpp_quote(" PPF_FOLLOWSET pWhoCanFollowMe;")
cpp_quote("")
cpp_quote(" PPF_HANDOFFSET pWhoHandsOffToMe;")
cpp_quote(" PPF_HANDOFFSET pWhoDoIHandOffTo;")
cpp_quote("")
cpp_quote("} PF_PARSERINFO;")
cpp_quote("typedef PF_PARSERINFO* PPF_PARSERINFO;")
cpp_quote("")
cpp_quote("// PF_PARSERDLLINFO - contains information about a single parser DLL")
// Structure contains zero length array, must cpp_quote
cpp_quote("typedef struct _PF_PARSERDLLINFO")
cpp_quote("{ ")
cpp_quote("// char szDLLName[MAX_PATH];")
cpp_quote(" DWORD nParsers;")
cpp_quote(" PF_PARSERINFO ParserInfo[0];")
cpp_quote("")
cpp_quote("} PF_PARSERDLLINFO;")
cpp_quote("typedef PF_PARSERDLLINFO* PPF_PARSERDLLINFO;")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (IniLib.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
const DWORD INI_PATH_LENGTH =256;
const DWORD MAX_HANDOFF_ENTRY_LENGTH =80;
const DWORD MAX_PROTOCOL_NAME =40;
const DWORD NUMALLOCENTRIES =10;
const DWORD RAW_INI_STR_LEN =200;
cpp_quote("#define PARSERS_SUBDIR \"PARSERS\"")
cpp_quote("#define INI_EXTENSION \"INI\"")
cpp_quote("#define BASE10_FORMAT_STR \"%ld=%s %ld\"")
cpp_quote("#define BASE16_FORMAT_STR \"%lx=%s %lx\"")
cpp_quote("// Given \"XNS\" or \"TCP\" or whatever BuildINIPath will return fully qual. path to \"XNS.INI\" or \"TCP.INI\"")
cpp_quote("LPSTR _cdecl BuildINIPath( char *FullPath,")
cpp_quote(" char *IniFileName );")
cpp_quote("")
cpp_quote("// Builds Handoff Set")
cpp_quote("DWORD WINAPI CreateHandoffTable(LPSTR secName,")
cpp_quote(" LPSTR iniFile,")
cpp_quote(" LPHANDOFFTABLE * hTable,")
cpp_quote(" DWORD nMaxProtocolEntries,")
cpp_quote(" DWORD base);")
cpp_quote("")
cpp_quote("HPROTOCOL WINAPI GetProtocolFromTable(LPHANDOFFTABLE hTable, // lp to Handoff Table...")
cpp_quote(" DWORD ItemToFind, // port number etc...")
cpp_quote(" PDWORD_PTR lpInstData ); // inst data to give to next protocol")
cpp_quote("")
cpp_quote("VOID WINAPI DestroyHandoffTable( LPHANDOFFTABLE hTable );")
cpp_quote("")
cpp_quote("BOOLEAN WINAPI IsRawIPXEnabled(LPSTR secName,")
cpp_quote(" LPSTR iniFile,")
cpp_quote(" LPSTR CurProtocol );")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMExpert.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
const DWORD EXPERTSTRINGLENGTH =MAX_PATH;
const DWORD EXPERTGROUPNAMELENGTH =25;
cpp_quote("// HEXPERTKEY tracks running experts. It is only used by experts for ")
cpp_quote("// self reference. It refers to a RUNNINGEXPERT (an internal only structure)..")
typedef LPVOID HEXPERTKEY;
typedef HEXPERTKEY * PHEXPERTKEY;
cpp_quote("// HEXPERT tracks loaded experts. It refers to an EXPERTENUMINFO.")
typedef LPVOID HEXPERT;
typedef HEXPERT * PHEXPERT;
cpp_quote("// HRUNNINGEXPERT tracks a currently running expert.")
cpp_quote("// It refers to a RUNNINGEXPERT (an internal only structure).")
typedef LPVOID HRUNNINGEXPERT;
typedef HRUNNINGEXPERT * PHRUNNINGEXPERT;
// forward ref
cpp_quote("typedef struct _EXPERTENUMINFO * PEXPERTENUMINFO;")
cpp_quote("typedef struct _EXPERTCONFIG * PEXPERTCONFIG;")
cpp_quote("typedef struct _EXPERTSTARTUPINFO * PEXPERTSTARTUPINFO;")
cpp_quote("// Definitions needed to call experts")
cpp_quote("#define EXPERTENTRY_REGISTER \"Register\"")
cpp_quote("#define EXPERTENTRY_CONFIGURE \"Configure\"")
cpp_quote("#define EXPERTENTRY_RUN \"Run\"")
cpp_quote("typedef BOOL (WINAPI * PEXPERTREGISTERPROC)( PEXPERTENUMINFO );")
cpp_quote("typedef BOOL (WINAPI * PEXPERTCONFIGPROC) ( HEXPERTKEY, PEXPERTCONFIG*, PEXPERTSTARTUPINFO, DWORD, HWND );")
cpp_quote("typedef BOOL (WINAPI * PEXPERTRUNPROC) ( HEXPERTKEY, PEXPERTCONFIG, PEXPERTSTARTUPINFO, DWORD, HWND);")
cpp_quote("// EXPERTENUMINFO describes an expert that NetMon has loaded from disk. ")
cpp_quote("// It does not include any configuration or runtime information.")
cpp_quote("typedef struct _EXPERTENUMINFO")
cpp_quote("{")
cpp_quote(" char szName[EXPERTSTRINGLENGTH];")
cpp_quote(" char szVendor[EXPERTSTRINGLENGTH];")
cpp_quote(" char szDescription[EXPERTSTRINGLENGTH];")
cpp_quote(" DWORD Version; ")
cpp_quote(" DWORD Flags;")
cpp_quote(" char szDllName[MAX_PATH]; // private, dont' touch")
cpp_quote(" HEXPERT hExpert; // private, don't touch")
cpp_quote(" HINSTANCE hModule; // private, don't touch")
cpp_quote(" PEXPERTREGISTERPROC pRegisterProc; // private, don't touch")
cpp_quote(" PEXPERTCONFIGPROC pConfigProc; // private, don't touch")
cpp_quote(" PEXPERTRUNPROC pRunProc; // private, don't touch")
cpp_quote("")
cpp_quote("} EXPERTENUMINFO;")
cpp_quote("typedef EXPERTENUMINFO * PEXPERTENUMINFO;")
const DWORD EXPERT_ENUM_FLAG_CONFIGURABLE =0x0001;
const DWORD EXPERT_ENUM_FLAG_VIEWER_PRIVATE =0x0002;
const DWORD EXPERT_ENUM_FLAG_NO_VIEWER =0x0004;
const DWORD EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_SUMMARY =0x0010;
const DWORD EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_DETAIL =0x0020;
// contains a structure that contains an unaligned pointer, so must cpp_quote
cpp_quote("// EXPERTSTARTUPINFO")
cpp_quote("// This gives the Expert an indication of where he came from.")
cpp_quote("// Note: if the lpPropertyInst->PropertyInfo->DataQualifier == PROP_QUAL_FLAGS")
cpp_quote("// then the sBitField structure is filled in")
cpp_quote("typedef struct _EXPERTSTARTUPINFO")
cpp_quote("{")
cpp_quote(" DWORD Flags;")
cpp_quote(" HCAPTURE hCapture;")
cpp_quote(" char szCaptureFile[MAX_PATH];")
cpp_quote(" DWORD dwFrameNumber;")
cpp_quote(" HPROTOCOL hProtocol;")
cpp_quote("")
cpp_quote(" LPPROPERTYINST lpPropertyInst;")
cpp_quote("")
cpp_quote(" struct")
cpp_quote(" {")
cpp_quote(" BYTE BitNumber;")
cpp_quote(" BOOL bOn;")
cpp_quote(" } sBitfield;")
cpp_quote("")
cpp_quote("} EXPERTSTARTUPINFO;")
cpp_quote("// EXPERTCONFIG")
cpp_quote("// This is a generic holder for an Expert's config data.")
// structure contains a zero length array, must be cpp_quoted
cpp_quote("typedef struct _EXPERTCONFIG")
cpp_quote("{")
cpp_quote(" DWORD RawConfigLength;")
cpp_quote(" BYTE RawConfigData[0];")
cpp_quote("")
cpp_quote("} EXPERTCONFIG;")
cpp_quote("typedef EXPERTCONFIG * PEXPERTCONFIG;")
cpp_quote("// CONFIGUREDEXPERT")
cpp_quote("// This structure associates a loaded expert with its configuration data.")
// structure contains a zero length array, must be cpp_quoted
cpp_quote("typedef struct")
cpp_quote("{")
cpp_quote(" HEXPERT hExpert;")
cpp_quote(" DWORD StartupFlags;")
cpp_quote(" PEXPERTCONFIG pConfig;")
cpp_quote("} CONFIGUREDEXPERT;")
cpp_quote("typedef CONFIGUREDEXPERT * PCONFIGUREDEXPERT;")
cpp_quote("// EXPERTFRAMEDESCRIPTOR - passed back to the expert to fulfil the request for a frame")
// contains an unaligned pointer, so must cpp_quote
cpp_quote("typedef struct")
cpp_quote("{")
cpp_quote(" DWORD FrameNumber; // Frame Number.")
cpp_quote(" HFRAME hFrame; // Handle to the frame.")
cpp_quote(" ULPFRAME pFrame; // pointer to frame.")
cpp_quote(" LPRECOGNIZEDATATABLE lpRecognizeDataTable;// pointer to table of RECOGNIZEDATA structures.")
cpp_quote(" LPPROPERTYTABLE lpPropertyTable; // pointer to property table.")
cpp_quote("")
cpp_quote("} EXPERTFRAMEDESCRIPTOR;")
cpp_quote("typedef EXPERTFRAMEDESCRIPTOR * LPEXPERTFRAMEDESCRIPTOR;")
// other definitions
const DWORD GET_SPECIFIED_FRAME = 0;
const DWORD GET_FRAME_NEXT_FORWARD = 1;
const DWORD GET_FRAME_NEXT_BACKWARD = 2;
const DWORD FLAGS_DEFER_TO_UI_FILTER =0x1;
const DWORD FLAGS_ATTACH_PROPERTIES =0x2;
cpp_quote("// EXPERTSTATUSENUM")
cpp_quote("// gives the possible values for the status field in the EXPERTSTATUS structure")
typedef enum
{
EXPERTSTATUS_INACTIVE = 0,
EXPERTSTATUS_STARTING,
EXPERTSTATUS_RUNNING,
EXPERTSTATUS_PROBLEM,
EXPERTSTATUS_ABORTED,
EXPERTSTATUS_DONE,
} EXPERTSTATUSENUMERATION;
cpp_quote("// EXPERTSUBSTATUS bitfield ")
cpp_quote("// gives the possible values for the substatus field in the EXPERTSTATUS structure")
const WORD EXPERTSUBSTATUS_ABORTED_USER =0x0001;
const WORD EXPERTSUBSTATUS_ABORTED_LOAD_FAIL =0x0002;
const WORD EXPERTSUBSTATUS_ABORTED_THREAD_FAIL =0x0004;
const WORD EXPERTSUBSTATUS_ABORTED_BAD_ENTRY =0x0008;
cpp_quote("// EXPERTSTATUS")
cpp_quote("// Indicates the current status of a running expert.")
typedef struct
{
EXPERTSTATUSENUMERATION Status;
DWORD SubStatus;
DWORD PercentDone;
DWORD Frame;
char szStatusText[EXPERTSTRINGLENGTH];
} EXPERTSTATUS;
typedef EXPERTSTATUS * PEXPERTSTATUS;
cpp_quote("// EXPERT STARTUP FLAGS")
const DWORD EXPERT_STARTUP_FLAG_USE_STARTUP_DATA_OVER_CONFIG_DATA =0x00000001;
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NetMon.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// A frame with no number contains this value as its frame number.")
const DWORD INVALID_FRAME_NUMBER =((DWORD) -1);
cpp_quote("//=============================================================================")
cpp_quote("// Capture file flags.")
cpp_quote("//=============================================================================")
cpp_quote("#define CAPTUREFILE_OPEN OPEN_EXISTING")
cpp_quote("#define CAPTUREFILE_CREATE CREATE_NEW")
cpp_quote("//=============================================================================")
cpp_quote("// CAPTURE CONTEXT API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("LPSYSTEMTIME WINAPI GetCaptureTimeStamp(HCAPTURE hCapture);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetCaptureMacType(HCAPTURE hCapture);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetCaptureTotalFrames(HCAPTURE hCapture);")
cpp_quote("")
cpp_quote("LPSTR WINAPI GetCaptureComment(HCAPTURE hCapture);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// FRAME HELP API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("DWORD WINAPI MacTypeToAddressType(DWORD MacType);")
cpp_quote("")
cpp_quote("DWORD WINAPI AddressTypeToMacType(DWORD AddressType);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameDstAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameSrcAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);")
cpp_quote("")
cpp_quote("HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME hFrame);")
cpp_quote("")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameDestAddress(HFRAME hFrame,")
cpp_quote(" LPADDRESS2 lpAddress,")
cpp_quote(" DWORD AddressType,")
cpp_quote(" DWORD Flags);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameSourceAddress(HFRAME hFrame,")
cpp_quote(" LPADDRESS2 lpAddress,")
cpp_quote(" DWORD AddressType,")
cpp_quote(" DWORD Flags);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);")
cpp_quote("")
cpp_quote("BOOL WINAPI CompareFrameDestAddress(HFRAME hFrame, LPADDRESS2 lpAddress);")
cpp_quote("")
cpp_quote("BOOL WINAPI CompareFrameSourceAddress(HFRAME hFrame, LPADDRESS2 lpAddress);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameLength(HFRAME hFrame);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameStoredLength(HFRAME hFrame);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameMacType(HFRAME hFrame);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetFrameNumber(HFRAME hFrame);")
cpp_quote("")
cpp_quote("__int64 WINAPI GetFrameTimeStamp(HFRAME hFrame);")
cpp_quote("")
cpp_quote("ULPFRAME WINAPI GetFrameFromFrameHandle(HFRAME hFrame);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// FRAME API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("HFRAME WINAPI ModifyFrame(HCAPTURE hCapture,")
cpp_quote(" DWORD FrameNumber,")
cpp_quote(" LPBYTE FrameData,")
cpp_quote(" DWORD FrameLength,")
cpp_quote(" __int64 TimeStamp);")
cpp_quote("")
cpp_quote("HFRAME WINAPI FindNextFrame(HFRAME hCurrentFrame,")
cpp_quote(" LPSTR ProtocolName,")
cpp_quote(" LPADDRESS2 lpDestAddress,")
cpp_quote(" LPADDRESS2 lpSrcAddress,")
cpp_quote(" LPWORD ProtocolOffset,")
cpp_quote(" DWORD OriginalFrameNumber,")
cpp_quote(" DWORD nHighestFrame);")
cpp_quote("")
cpp_quote("HFRAME WINAPI FindPreviousFrame(HFRAME hCurrentFrame,")
cpp_quote(" LPSTR ProtocolName,")
cpp_quote(" LPADDRESS2 lpDstAddress,")
cpp_quote(" LPADDRESS2 lpSrcAddress,")
cpp_quote(" LPWORD ProtocolOffset,")
cpp_quote(" DWORD OriginalFrameNumber,")
cpp_quote(" DWORD nLowestFrame );")
cpp_quote("")
cpp_quote("HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME);")
cpp_quote("")
cpp_quote("HFRAME WINAPI GetFrame(HCAPTURE hCapture, DWORD FrameNumber);")
cpp_quote("")
cpp_quote("LPRECOGNIZEDATATABLE WINAPI GetFrameRecognizeData(HFRAME hFrame);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Protocol API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("HPROTOCOL WINAPI CreateProtocol(LPSTR ProtocolName,")
cpp_quote(" LPENTRYPOINTS lpEntryPoints,")
cpp_quote(" DWORD cbEntryPoints);")
cpp_quote("")
cpp_quote("VOID WINAPI DestroyProtocol(HPROTOCOL hProtocol);")
cpp_quote("")
cpp_quote("LPPROTOCOLINFO WINAPI GetProtocolInfo(HPROTOCOL hProtocol);")
cpp_quote("")
cpp_quote("HPROPERTY WINAPI GetProperty(HPROTOCOL hProtocol, LPSTR PropertyName);")
cpp_quote("")
cpp_quote("HPROTOCOL WINAPI GetProtocolFromName(LPSTR ProtocolName);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetProtocolStartOffset(HFRAME hFrame, LPSTR ProtocolName);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetProtocolStartOffsetHandle(HFRAME hFrame, HPROTOCOL hProtocol);")
cpp_quote("")
cpp_quote("DWORD WINAPI GetPreviousProtocolOffsetByName(HFRAME hFrame,")
cpp_quote(" DWORD dwStartOffset,")
cpp_quote(" LPSTR szProtocolName,")
cpp_quote(" DWORD* pdwPreviousOffset);")
cpp_quote("")
cpp_quote("LPPROTOCOLTABLE WINAPI GetEnabledProtocols(HCAPTURE hCapture);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Property API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("DWORD WINAPI CreatePropertyDatabase(HPROTOCOL hProtocol, DWORD nProperties);")
cpp_quote("")
cpp_quote("DWORD WINAPI DestroyPropertyDatabase(HPROTOCOL hProtocol);")
cpp_quote("")
cpp_quote("HPROPERTY WINAPI AddProperty(HPROTOCOL hProtocol, LPPROPERTYINFO PropertyInfo);")
cpp_quote("")
cpp_quote("BOOL WINAPI AttachPropertyInstance(HFRAME hFrame,")
cpp_quote(" HPROPERTY hProperty,")
cpp_quote(" DWORD Length,")
cpp_quote(" ULPVOID lpData,")
cpp_quote(" DWORD HelpID,")
cpp_quote(" DWORD Level,")
cpp_quote(" DWORD IFlags);")
cpp_quote("")
cpp_quote("BOOL WINAPI AttachPropertyInstanceEx(HFRAME hFrame,")
cpp_quote(" HPROPERTY hProperty,")
cpp_quote(" DWORD Length,")
cpp_quote(" ULPVOID lpData,")
cpp_quote(" DWORD ExLength,")
cpp_quote(" ULPVOID lpExData,")
cpp_quote(" DWORD HelpID,")
cpp_quote(" DWORD Level,")
cpp_quote(" DWORD IFlags);")
cpp_quote("")
cpp_quote("LPPROPERTYINST WINAPI FindPropertyInstance(HFRAME hFrame, HPROPERTY hProperty);")
cpp_quote("")
cpp_quote("LPPROPERTYINST WINAPI FindPropertyInstanceRestart (HFRAME hFrame, ")
cpp_quote(" HPROPERTY hProperty, ")
cpp_quote(" LPPROPERTYINST *lpRestartKey, ")
cpp_quote(" BOOL DirForward );")
cpp_quote("")
cpp_quote("LPPROPERTYINFO WINAPI GetPropertyInfo(HPROPERTY hProperty);")
cpp_quote("")
cpp_quote("LPSTR WINAPI GetPropertyText(HFRAME hFrame, LPPROPERTYINST lpPI, LPSTR szBuffer, DWORD BufferSize);")
cpp_quote("")
cpp_quote("DWORD WINAPI ResetPropertyInstanceLength( LPPROPERTYINST lpProp, ")
cpp_quote(" WORD nOrgLen, ")
cpp_quote(" WORD nNewLen );")
cpp_quote("//=============================================================================")
cpp_quote("// MISC. API's.")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("DWORD WINAPI GetCaptureCommentFromFilename(LPSTR lpFilename, LPSTR lpComment, DWORD BufferSize);")
cpp_quote("")
cpp_quote("int WINAPI CompareAddresses(LPADDRESS2 lpAddress1, LPADDRESS2 lpAddress2);")
cpp_quote("")
cpp_quote("DWORD WINAPIV FormatPropertyInstance(LPPROPERTYINST lpPropertyInst, ...);")
cpp_quote("")
cpp_quote("SYSTEMTIME * WINAPI AdjustSystemTime(SYSTEMTIME *SystemTime, __int64 TimeDelta);")
cpp_quote("")
cpp_quote("LPSTR WINAPI NMRtlIpv6AddressToStringA(const BYTE IP6Addr[],LPSTR S);")
cpp_quote("")
cpp_quote("LPWSTR WINAPI NMRtlIpv6AddressToStringW(const BYTE IP6Addr[], LPWSTR S);")
cpp_quote("")
cpp_quote("ULONG WINAPI NMRtlIpv6StringToAddressA(LPCSTR S, LPCSTR *Terminator, BYTE IP6Addr[]);")
cpp_quote("")
cpp_quote("ULONG WINAPI NMRtlIpv6StringToAddressW(LPCWSTR S, LPCWSTR *Terminator, BYTE IP6Addr[]);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// EXPERT API's for use by Experts")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("DWORD WINAPI ExpertGetFrame( IN HEXPERTKEY hExpertKey,")
cpp_quote(" IN DWORD Direction,")
cpp_quote(" IN DWORD RequestFlags,")
cpp_quote(" IN DWORD RequestedFrameNumber,")
cpp_quote(" IN HFILTER hFilter,")
cpp_quote(" OUT LPEXPERTFRAMEDESCRIPTOR pEFrameDescriptor);")
cpp_quote("")
cpp_quote("LPVOID WINAPI ExpertAllocMemory( IN HEXPERTKEY hExpertKey,")
cpp_quote(" IN SIZE_T nBytes,")
cpp_quote(" OUT DWORD* pError);")
cpp_quote("")
cpp_quote("LPVOID WINAPI ExpertReallocMemory( IN HEXPERTKEY hExpertKey,")
cpp_quote(" IN LPVOID pOriginalMemory,")
cpp_quote(" IN SIZE_T nBytes,")
cpp_quote(" OUT DWORD* pError);")
cpp_quote("")
cpp_quote("DWORD WINAPI ExpertFreeMemory( IN HEXPERTKEY hExpertKey,")
cpp_quote(" IN LPVOID pOriginalMemory);")
cpp_quote("")
cpp_quote("SIZE_T WINAPI ExpertMemorySize( IN HEXPERTKEY hExpertKey,")
cpp_quote(" IN LPVOID pOriginalMemory);")
cpp_quote("")
cpp_quote("DWORD WINAPI ExpertIndicateStatus( IN HEXPERTKEY hExpertKey, ")
cpp_quote(" IN EXPERTSTATUSENUMERATION Status,")
cpp_quote(" IN DWORD SubStatus,")
cpp_quote(" IN const char * szText,")
cpp_quote(" IN LONG PercentDone);")
cpp_quote("")
cpp_quote("DWORD WINAPI ExpertSubmitEvent( IN HEXPERTKEY hExpertKey,")
cpp_quote(" IN PNMEVENTDATA pExpertEvent);")
cpp_quote("")
cpp_quote("DWORD WINAPI ExpertGetStartupInfo( IN HEXPERTKEY hExpertKey,")
cpp_quote(" OUT PEXPERTSTARTUPINFO pExpertStartupInfo);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// DEBUG API's.")
cpp_quote("//=============================================================================")
cpp_quote("#ifdef DEBUG")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// BreakPoint() macro.")
cpp_quote("//=============================================================================")
cpp_quote("// We do not want breakpoints in our code any more...")
cpp_quote("// so we are defining DebugBreak(), usually a system call, to be")
cpp_quote("// just a dprintf. BreakPoint() is still defined as DebugBreak().")
cpp_quote("")
cpp_quote("#ifdef DebugBreak")
cpp_quote("#undef DebugBreak")
cpp_quote("#endif // DebugBreak")
cpp_quote("")
cpp_quote("#define DebugBreak() dprintf(\"DebugBreak Called at %s:%s\", __FILE__, __LINE__);")
cpp_quote("#define BreakPoint() DebugBreak()")
cpp_quote("")
cpp_quote("#endif // DEBUG")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMBlob.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// Blob Constants")
cpp_quote("//=============================================================================")
const DWORD INITIAL_RESTART_KEY =0xFFFFFFFF;
cpp_quote("//=============================================================================")
cpp_quote("// Blob Core Helper Routines ")
cpp_quote("//=============================================================================")
cpp_quote("DWORD _cdecl CreateBlob(HBLOB * phBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl DestroyBlob(HBLOB hBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetStringInBlob(HBLOB hBlob, ")
cpp_quote(" const char * pOwnerName, ")
cpp_quote(" const char * pCategoryName, ")
cpp_quote(" const char * pTagName, ")
cpp_quote(" const char * pString); ")
cpp_quote("")
cpp_quote("DWORD _cdecl SetWStringInBlob(HBLOB hBlob, ")
cpp_quote(" const char * pOwnerName, ")
cpp_quote(" const char * pCategoryName, ")
cpp_quote(" const char * pTagName, ")
cpp_quote(" const WCHAR * pwString); ")
cpp_quote("")
cpp_quote("DWORD _cdecl ConvertWStringToHexString(const WCHAR *pwsz,")
cpp_quote(" char ** ppsz);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetStringFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" const char ** ppString);")
cpp_quote("")
cpp_quote("DWORD _cdecl ConvertHexStringToWString(CHAR *psz,")
cpp_quote(" WCHAR **ppwsz);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetWStringFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" WCHAR ** ppwString);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetStringsFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pRequestedOwnerName,")
cpp_quote(" const char * pRequestedCategoryName,")
cpp_quote(" const char * pRequestedTagName,")
cpp_quote(" const char ** ppReturnedOwnerName,")
cpp_quote(" const char ** ppReturnedCategoryName,")
cpp_quote(" const char ** ppReturnedTagName,")
cpp_quote(" const char ** ppReturnedString,")
cpp_quote(" DWORD * pRestartKey);")
cpp_quote("")
cpp_quote("DWORD _cdecl RemoveFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName);")
cpp_quote("")
cpp_quote("DWORD _cdecl LockBlob(HBLOB hBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl UnlockBlob(HBLOB hBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl FindUnknownBlobCategories( HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pKnownCategoriesTable[],")
cpp_quote(" HBLOB hUnknownCategoriesBlob);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Blob Helper Routines ")
cpp_quote("//=============================================================================")
cpp_quote("DWORD _cdecl MergeBlob(HBLOB hDstBlob,")
cpp_quote(" HBLOB hSrcBlob); ")
cpp_quote("")
cpp_quote("DWORD _cdecl DuplicateBlob (HBLOB hSrcBlob,")
cpp_quote(" HBLOB *hBlobThatWillBeCreated ); ")
cpp_quote("")
cpp_quote("DWORD _cdecl WriteBlobToFile(HBLOB hBlob,")
cpp_quote(" const char * pFileName);")
cpp_quote("")
cpp_quote("DWORD _cdecl ReadBlobFromFile(HBLOB* phBlob,")
cpp_quote(" const char * pFileName);")
cpp_quote("")
cpp_quote("DWORD _cdecl RegCreateBlobKey(HKEY hkey, const char* szBlobName, HBLOB hBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl RegOpenBlobKey(HKEY hkey, const char* szBlobName, HBLOB* phBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl MarshalBlob(HBLOB hBlob, DWORD* pSize, BYTE** ppBytes);")
cpp_quote("")
cpp_quote("DWORD _cdecl UnMarshalBlob(HBLOB* phBlob, DWORD Size, BYTE* pBytes);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetDwordInBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" DWORD Dword);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetDwordFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" DWORD * pDword);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetBoolInBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" BOOL Bool);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetBoolFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" BOOL * pBool);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetMacAddressFromBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" BYTE * pMacAddress);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetMacAddressInBlob(HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pTagName,")
cpp_quote(" const BYTE * pMacAddress);")
cpp_quote("")
cpp_quote("DWORD _cdecl FindUnknownBlobTags( HBLOB hBlob,")
cpp_quote(" const char * pOwnerName,")
cpp_quote(" const char * pCategoryName,")
cpp_quote(" const char * pKnownTagsTable[],")
cpp_quote(" HBLOB hUnknownTagsBlob);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// Blob NPP Helper Routines")
cpp_quote("//=============================================================================")
cpp_quote("DWORD _cdecl SetNetworkInfoInBlob(HBLOB hBlob, ")
cpp_quote(" LPNETWORKINFO lpNetworkInfo);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNetworkInfoFromBlob(HBLOB hBlob, ")
cpp_quote(" LPNETWORKINFO lpNetworkInfo);")
cpp_quote("")
cpp_quote("DWORD _cdecl CreateNPPInterface ( HBLOB hBlob,")
cpp_quote(" REFIID iid,")
cpp_quote(" void ** ppvObject);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetClassIDInBlob(HBLOB hBlob,")
cpp_quote(" const char* pOwnerName,")
cpp_quote(" const char* pCategoryName,")
cpp_quote(" const char* pTagName,")
cpp_quote(" const CLSID* pClsID);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetClassIDFromBlob(HBLOB hBlob,")
cpp_quote(" const char* pOwnerName,")
cpp_quote(" const char* pCategoryName,")
cpp_quote(" const char* pTagName,")
cpp_quote(" CLSID * pClsID);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetNPPPatternFilterInBlob( HBLOB hBlob,")
cpp_quote(" LPEXPRESSION pExpression,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNPPPatternFilterFromBlob( HBLOB hBlob,")
cpp_quote(" LPEXPRESSION pExpression,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetNPPAddress2FilterInBlob( HBLOB hBlob,")
cpp_quote(" LPADDRESSTABLE2 pAddressTable);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNPPAddress2FilterFromBlob( HBLOB hBlob,")
cpp_quote(" LPADDRESSTABLE2 pAddressTable,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetNPPTriggerInBlob( HBLOB hBlob,")
cpp_quote(" LPTRIGGER pTrigger,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNPPTriggerFromBlob( HBLOB hBlob,")
cpp_quote(" LPTRIGGER pTrigger,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl SetNPPEtypeSapFilter(HBLOB hBlob, ")
cpp_quote(" WORD nSaps,")
cpp_quote(" WORD nEtypes,")
cpp_quote(" LPBYTE lpSapTable,")
cpp_quote(" LPWORD lpEtypeTable,")
cpp_quote(" DWORD FilterFlags,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("DWORD _cdecl GetNPPEtypeSapFilter(HBLOB hBlob, ")
cpp_quote(" WORD *pnSaps,")
cpp_quote(" WORD *pnEtypes,")
cpp_quote(" LPBYTE *ppSapTable,")
cpp_quote(" LPWORD *ppEtypeTable,")
cpp_quote(" DWORD *pFilterFlags,")
cpp_quote(" HBLOB hErrorBlob);")
cpp_quote("")
cpp_quote("// GetNPPMacTypeAsNumber maps the tag NPP:NetworkInfo:MacType to the MAC_TYPE_*")
cpp_quote("// defined in the NPPTYPES.h. If the tag is unavailable, the API returns MAC_TYPE_UNKNOWN.")
cpp_quote("DWORD _cdecl GetNPPMacTypeAsNumber(HBLOB hBlob, ")
cpp_quote(" LPDWORD lpMacType);")
cpp_quote("")
cpp_quote("// See if a remote catagory exists... and make sure that the remote computername")
cpp_quote("// isn't the same as the local computername.")
cpp_quote("BOOL _cdecl IsRemoteNPP ( HBLOB hBLOB);")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// npp tag definitions")
cpp_quote("//=============================================================================")
cpp_quote("#define OWNER_NPP \"NPP\"")
cpp_quote("")
cpp_quote("#define CATEGORY_NETWORKINFO \"NetworkInfo\"")
cpp_quote("#define TAG_MACTYPE \"MacType\"")
cpp_quote("#define TAG_CURRENTADDRESS \"CurrentAddress\"")
cpp_quote("#define TAG_LINKSPEED \"LinkSpeed\"")
cpp_quote("#define TAG_MAXFRAMESIZE \"MaxFrameSize\"")
cpp_quote("#define TAG_FLAGS \"Flags\"")
cpp_quote("#define TAG_TIMESTAMPSCALEFACTOR \"TimeStampScaleFactor\"")
cpp_quote("#define TAG_COMMENT \"Comment\"")
cpp_quote("#define TAG_NODENAME \"NodeName\"")
cpp_quote("#define TAG_NAME \"Name\"")
cpp_quote("#define TAG_FAKENPP \"Fake\"")
cpp_quote("#define TAG_PROMISCUOUS_MODE \"PMode\"")
cpp_quote("")
cpp_quote("#define CATEGORY_LOCATION \"Location\"")
cpp_quote("#define TAG_RAS \"Dial-up Connection\"")
cpp_quote("#define TAG_MACADDRESS \"MacAddress\"")
cpp_quote("#define TAG_CLASSID \"ClassID\"")
cpp_quote("#define TAG_NAME \"Name\"")
cpp_quote("#define TAG_CONNECTIONNAME \"Connection Name\"")
cpp_quote("#define TAG_FRIENDLYNAME \"Friendly Name\"")
cpp_quote("")
cpp_quote("#define CATEGORY_CONFIG \"Config\"")
cpp_quote("#define TAG_FRAME_SIZE \"FrameSize\"")
cpp_quote("#define TAG_UPDATE_FREQUENCY \"UpdateFreq\"")
cpp_quote("#define TAG_BUFFER_SIZE \"BufferSize\"")
cpp_quote("#define TAG_PATTERN_DESIGNATOR \"PatternMatch\"")
cpp_quote("#define TAG_PATTERN \"Pattern\"")
cpp_quote("#define TAG_ADDRESS_PAIR \"AddressPair\"")
cpp_quote("#define TAG_CONNECTIONFLAGS \"ConnectionFlags\"")
cpp_quote("#define TAG_ETYPES \"Etypes\"")
cpp_quote("#define TAG_SAPS \"Saps\"")
cpp_quote("#define TAG_NO_CONVERSATION_STATS \"NoConversationStats\"")
cpp_quote("#define TAG_NO_STATS_FRAME \"NoStatsFrame\"")
cpp_quote("#define TAG_DONT_DELETE_EMPTY_CAPTURE \"DontDeleteEmptyCapture\"")
cpp_quote("#define TAG_WANT_PROTOCOL_INFO \"WantProtocolInfo\"")
cpp_quote("#define TAG_INTERFACE_DELAYED_CAPTURE \"IDdC\"")
cpp_quote("#define TAG_INTERFACE_REALTIME_CAPTURE \"IRTC\"")
cpp_quote("#define TAG_INTERFACE_STATS \"ISts\"")
cpp_quote("#define TAG_INTERFACE_TRANSMIT \"IXmt\"")
cpp_quote("#define TAG_LOCAL_ONLY \"LocalOnly\"")
cpp_quote("// Is_Remote is set to TRUE by NPPs that go remote. Note that when you")
cpp_quote("// are looking for a remote NPP, you probably also need to ask for")
cpp_quote("// blobs that have the TAG_GET_SPECIAL_BLOBS bool set")
cpp_quote("#define TAG_IS_REMOTE \"IsRemote\"")
cpp_quote("")
cpp_quote("")
cpp_quote("#define CATEGORY_TRIGGER \"Trigger\"")
cpp_quote("#define TAG_TRIGGER \"Trigger\"")
cpp_quote("")
cpp_quote("#define CATEGORY_FINDER \"Finder\"")
cpp_quote("#define TAG_ROOT \"Root\"")
cpp_quote("#define TAG_PROCNAME \"ProcName\"")
cpp_quote("#define TAG_DISP_STRING \"Display\"")
cpp_quote("#define TAG_DLL_FILENAME \"DLLName\"")
cpp_quote("#define TAG_GET_SPECIAL_BLOBS \"Specials\"")
cpp_quote("")
cpp_quote("#define CATEGORY_REMOTE \"Remote\"")
cpp_quote("#define TAG_REMOTECOMPUTER \"RemoteComputer\"")
cpp_quote("#define TAG_REMOTECLASSID \"ClassID\"")
cpp_quote("")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("// npp value definitions")
cpp_quote("//=============================================================================")
cpp_quote("// Mac types")
cpp_quote("#define PROTOCOL_STRING_ETHERNET_TXT \"ETHERNET\"")
cpp_quote("#define PROTOCOL_STRING_TOKENRING_TXT \"TOKENRING\"")
cpp_quote("#define PROTOCOL_STRING_FDDI_TXT \"FDDI\"")
cpp_quote("#define PROTOCOL_STRING_ATM_TXT \"ATM\"")
cpp_quote("#define PROTOCOL_STRING_1394_TXT \"IP/1394\"")
cpp_quote("")
cpp_quote("// lower protocols")
cpp_quote("#define PROTOCOL_STRING_IP_TXT \"IP\"")
cpp_quote("#define PROTOCOL_STRING_IP6_TXT \"IP6\"")
cpp_quote("#define PROTOCOL_STRING_IPX_TXT \"IPX\"")
cpp_quote("#define PROTOCOL_STRING_XNS_TXT \"XNS\"")
cpp_quote("#define PROTOCOL_STRING_VINES_IP_TXT \"VINES IP\"")
cpp_quote("")
cpp_quote("// upper protocols")
cpp_quote("#define PROTOCOL_STRING_ICMP_TXT \"ICMP\"")
cpp_quote("#define PROTOCOL_STRING_TCP_TXT \"TCP\"")
cpp_quote("#define PROTOCOL_STRING_UDP_TXT \"UDP\"")
cpp_quote("#define PROTOCOL_STRING_SPX_TXT \"SPX\"")
cpp_quote("#define PROTOCOL_STRING_NCP_TXT \"NCP\"")
cpp_quote("")
cpp_quote("// pseudo protocols")
cpp_quote("#define PROTOCOL_STRING_ANY_TXT \"ANY\"")
cpp_quote("#define PROTOCOL_STRING_ANY_GROUP_TXT \"ANY GROUP\"")
cpp_quote("#define PROTOCOL_STRING_HIGHEST_TXT \"HIGHEST\"")
cpp_quote("#define PROTOCOL_STRING_LOCAL_ONLY_TXT \"LOCAL ONLY\"")
cpp_quote("#define PROTOCOL_STRING_UNKNOWN_TXT \"UNKNOWN\"")
cpp_quote("#define PROTOCOL_STRING_DATA_TXT \"DATA\"")
cpp_quote("#define PROTOCOL_STRING_FRAME_TXT \"FRAME\"")
cpp_quote("#define PROTOCOL_STRING_NONE_TXT \"NONE\"")
cpp_quote("#define PROTOCOL_STRING_EFFECTIVE_TXT \"EFFECTIVE\"")
cpp_quote("")
cpp_quote("#define ADDRESS_PAIR_INCLUDE_TXT \"INCLUDE\"")
cpp_quote("#define ADDRESS_PAIR_EXCLUDE_TXT \"EXCLUDE\"")
cpp_quote("")
cpp_quote("#define INCLUDE_ALL_EXCEPT_TXT \"INCLUDE ALL EXCEPT\"")
cpp_quote("#define EXCLUDE_ALL_EXCEPT_TXT \"EXCLUDE ALL EXCEPT\"")
cpp_quote("")
cpp_quote("#define PATTERN_MATCH_OR_TXT \"OR(\"")
cpp_quote("#define PATTERN_MATCH_AND_TXT \"AND(\"")
cpp_quote("")
cpp_quote("#define TRIGGER_PATTERN_TXT \"PATTERN MATCH\"")
cpp_quote("#define TRIGGER_BUFFER_TXT \"BUFFER CONTENT\"")
cpp_quote("")
cpp_quote("#define TRIGGER_NOTIFY_TXT \"NOTIFY\"")
cpp_quote("#define TRIGGER_STOP_TXT \"STOP\"")
cpp_quote("#define TRIGGER_PAUSE_TXT \"PAUSE\"")
cpp_quote("")
cpp_quote("#define TRIGGER_25_PERCENT_TXT \"25 PERCENT\"")
cpp_quote("#define TRIGGER_50_PERCENT_TXT \"50 PERCENT\"")
cpp_quote("#define TRIGGER_75_PERCENT_TXT \"75 PERCENT\"")
cpp_quote("#define TRIGGER_100_PERCENT_TXT \"100 PERCENT\"")
cpp_quote("")
cpp_quote("#define PATTERN_MATCH_NOT_TXT \"NOT\"")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMRegHelp.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// Registry helpers")
cpp_quote("LPCSTR _cdecl FindOneOf(LPCSTR p1, LPCSTR p2);")
cpp_quote("")
cpp_quote("LONG _cdecl recursiveDeleteKey(HKEY hKeyParent, // Parent of key to delete.")
cpp_quote(" const char* lpszKeyChild); // Key to delete.")
cpp_quote("")
cpp_quote("BOOL _cdecl SubkeyExists(const char* pszPath, // Path of key to check")
cpp_quote(" const char* szSubkey); // Key to check")
cpp_quote("")
cpp_quote("BOOL _cdecl setKeyAndValue(const char* szKey, ")
cpp_quote(" const char* szSubkey, ")
cpp_quote(" const char* szValue,")
cpp_quote(" const char* szName) ;")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMIpStructs.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("// These structures are used to decode network data and so need to be packed")
#pragma pack(push, 1)
cpp_quote("//")
cpp_quote("// IP Packet Structure")
cpp_quote("//")
// contains a zero length array, so must cpp_quote
cpp_quote("typedef struct _IP ")
cpp_quote("{")
cpp_quote(" union ")
cpp_quote(" {")
cpp_quote(" BYTE Version;")
cpp_quote(" BYTE HdrLen;")
cpp_quote(" };")
cpp_quote(" BYTE ServiceType;")
cpp_quote(" WORD TotalLen;")
cpp_quote(" WORD ID;")
cpp_quote(" union ")
cpp_quote(" {")
cpp_quote(" WORD Flags;")
cpp_quote(" WORD FragOff;")
cpp_quote(" };")
cpp_quote(" BYTE TimeToLive;")
cpp_quote(" BYTE Protocol;")
cpp_quote(" WORD HdrChksum;")
cpp_quote(" DWORD SrcAddr;")
cpp_quote(" DWORD DstAddr;")
cpp_quote(" BYTE Options[0];")
cpp_quote("} IP;")
cpp_quote("")
cpp_quote("typedef IP * LPIP;")
cpp_quote("typedef IP UNALIGNED * ULPIP;")
cpp_quote("// Psuedo Header used for CheckSum Calculations")
typedef struct _PSUHDR
{
DWORD ph_SrcIP;
DWORD ph_DstIP;
UCHAR ph_Zero;
UCHAR ph_Proto;
WORD ph_ProtLen;
} PSUHDR;
cpp_quote("typedef PSUHDR UNALIGNED * LPPSUHDR;")
cpp_quote("//")
cpp_quote("// IP Bitmasks that are useful")
cpp_quote("// (and the appropriate bit shifts, as well)")
cpp_quote("//")
cpp_quote("")
cpp_quote("#define IP_VERSION_MASK ((BYTE) 0xf0)")
cpp_quote("#define IP_VERSION_SHIFT (4)")
cpp_quote("#define IP_HDRLEN_MASK ((BYTE) 0x0f)")
cpp_quote("#define IP_HDRLEN_SHIFT (0)")
cpp_quote("#define IP_PRECEDENCE_MASK ((BYTE) 0xE0)")
cpp_quote("#define IP_PRECEDENCE_SHIFT (5)")
cpp_quote("#define IP_TOS_MASK ((BYTE) 0x1E)")
cpp_quote("#define IP_TOS_SHIFT (1)")
cpp_quote("#define IP_DELAY_MASK ((BYTE) 0x10)")
cpp_quote("#define IP_THROUGHPUT_MASK ((BYTE) 0x08)")
cpp_quote("#define IP_RELIABILITY_MASK ((BYTE) 0x04)")
cpp_quote("#define IP_FLAGS_MASK ((BYTE) 0xE0)")
cpp_quote("#define IP_FLAGS_SHIFT (13)")
cpp_quote("#define IP_DF_MASK ((BYTE) 0x40)")
cpp_quote("#define IP_MF_MASK ((BYTE) 0x20)")
cpp_quote("#define IP_MF_SHIFT (5)")
cpp_quote("#define IP_FRAGOFF_MASK ((WORD) 0x1FFF)")
cpp_quote("#define IP_FRAGOFF_SHIFT (3)")
cpp_quote("#define IP_TCC_MASK ((DWORD) 0xFFFFFF00)")
cpp_quote("#define IP_TIME_OPTS_MASK ((BYTE) 0x0F)")
cpp_quote("#define IP_MISS_STNS_MASK ((BYTE) 0xF0)")
cpp_quote("")
cpp_quote("#define IP_TIME_OPTS_SHIFT (0)")
cpp_quote("#define IP_MISS_STNS_SHIFT (4)")
cpp_quote("")
cpp_quote("//")
cpp_quote("// Offset to checksum field in ip header")
cpp_quote("//")
cpp_quote("#define IP_CHKSUM_OFF 10")
cpp_quote("")
cpp_quote("INLINE BYTE IP_Version(ULPIP pIP)")
cpp_quote("{")
cpp_quote(" return (pIP->Version & IP_VERSION_MASK) >> IP_VERSION_SHIFT;")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE DWORD IP_HdrLen(ULPIP pIP)")
cpp_quote("{")
cpp_quote(" return ((pIP->HdrLen & IP_HDRLEN_MASK) >> IP_HDRLEN_SHIFT) << 2;")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE WORD IP_FragOff(ULPIP pIP)")
cpp_quote("{")
cpp_quote(" return (XCHG(pIP->FragOff) & IP_FRAGOFF_MASK) << IP_FRAGOFF_SHIFT;")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE DWORD IP_TotalLen(ULPIP pIP)")
cpp_quote("{")
cpp_quote(" return XCHG(pIP->TotalLen);")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE DWORD IP_MoreFragments(ULPIP pIP)")
cpp_quote("{")
cpp_quote(" return (pIP->Flags & IP_MF_MASK) >> IP_MF_SHIFT;")
cpp_quote("}")
cpp_quote("//")
cpp_quote("// Well known ports in the TCP/IP protocol (See RFC 1060)")
cpp_quote("//")
cpp_quote("#define PORT_TCPMUX 1 // TCP Port Service Multiplexer")
cpp_quote("#define PORT_RJE 5 // Remote Job Entry")
cpp_quote("#define PORT_ECHO 7 // Echo")
cpp_quote("#define PORT_DISCARD 9 // Discard")
cpp_quote("#define PORT_USERS 11 // Active users")
cpp_quote("#define PORT_DAYTIME 13 // Daytime")
cpp_quote("#define PORT_NETSTAT 15 // Netstat")
cpp_quote("#define PORT_QUOTE 17 // Quote of the day")
cpp_quote("#define PORT_CHARGEN 19 // Character Generator")
cpp_quote("#define PORT_FTPDATA 20 // File transfer [default data]")
cpp_quote("#define PORT_FTP 21 // File transfer [Control]")
cpp_quote("#define PORT_TELNET 23 // Telnet")
cpp_quote("#define PORT_SMTP 25 // Simple Mail Transfer")
cpp_quote("#define PORT_NSWFE 27 // NSW User System FE")
cpp_quote("#define PORT_MSGICP 29 // MSG ICP")
cpp_quote("#define PORT_MSGAUTH 31 // MSG Authentication")
cpp_quote("#define PORT_DSP 33 // Display Support")
cpp_quote("#define PORT_PRTSERVER 35 // any private printer server")
cpp_quote("#define PORT_TIME 37 // Time")
cpp_quote("#define PORT_RLP 39 // Resource Location Protocol")
cpp_quote("#define PORT_GRAPHICS 41 // Graphics")
cpp_quote("#define PORT_NAMESERVER 42 // Host Name Server")
cpp_quote("#define PORT_NICNAME 43 // Who is")
cpp_quote("#define PORT_MPMFLAGS 44 // MPM Flags ")
cpp_quote("#define PORT_MPM 45 // Message Processing Module [recv]")
cpp_quote("#define PORT_MPMSND 46 // MPM [default send]")
cpp_quote("#define PORT_NIFTP 47 // NI FTP")
cpp_quote("#define PORT_LOGIN 49 // Login Host Protocol")
cpp_quote("#define PORT_LAMAINT 51 // IMP Logical Address Maintenance")
cpp_quote("#define PORT_DOMAIN 53 // Domain Name Server")
cpp_quote("#define PORT_ISIGL 55 // ISI Graphics Language")
cpp_quote("#define PORT_ANYTERMACC 57 // any private terminal access")
cpp_quote("#define PORT_ANYFILESYS 59 // any private file service")
cpp_quote("#define PORT_NIMAIL 61 // NI Mail")
cpp_quote("#define PORT_VIAFTP 63 // VIA Systems - FTP")
cpp_quote("#define PORT_TACACSDS 65 // TACACS - Database Service")
cpp_quote("#define PORT_BOOTPS 67 // Bootstrap Protocol server")
cpp_quote("#define PORT_BOOTPC 68 // Bootstrap Protocol client")
cpp_quote("#define PORT_TFTP 69 // Trivial File Transfer")
cpp_quote("#define PORT_NETRJS1 71 // Remote Job service")
cpp_quote("#define PORT_NETRJS2 72 // Remote Job service")
cpp_quote("#define PORT_NETRJS3 73 // Remote Job service")
cpp_quote("#define PORT_NETRJS4 74 // Remote Job service")
cpp_quote("#define PORT_ANYDIALOUT 75 // any private dial out service")
cpp_quote("#define PORT_ANYRJE 77 // any private RJE service")
cpp_quote("#define PORT_FINGER 79 // Finger")
cpp_quote("#define PORT_HTTP 80 // HTTP (www)")
cpp_quote("#define PORT_HOSTS2NS 81 // Hosts2 Name Server")
cpp_quote("#define PORT_MITMLDEV1 83 // MIT ML Device")
cpp_quote("#define PORT_MITMLDEV2 85 // MIT ML Device")
cpp_quote("#define PORT_ANYTERMLINK 87 // any private terminal link")
cpp_quote("#define PORT_SUMITTG 89 // SU/MIT Telnet Gateway")
cpp_quote("#define PORT_MITDOV 91 // MIT Dover Spooler")
cpp_quote("#define PORT_DCP 93 // Device Control Protocol")
cpp_quote("#define PORT_SUPDUP 95 // SUPDUP")
cpp_quote("#define PORT_SWIFTRVF 97 // Swift Remote Vitural File Protocol")
cpp_quote("#define PORT_TACNEWS 98 // TAC News")
cpp_quote("#define PORT_METAGRAM 99 // Metagram Relay")
cpp_quote("#define PORT_NEWACCT 100 // [Unauthorized use]")
cpp_quote("#define PORT_HOSTNAME 101 // NIC Host Name Server")
cpp_quote("#define PORT_ISOTSAP 102 // ISO-TSAP")
cpp_quote("#define PORT_X400 103 // X400")
cpp_quote("#define PORT_X400SND 104 // X400 - SND")
cpp_quote("#define PORT_CSNETNS 105 // Mailbox Name Nameserver")
cpp_quote("#define PORT_RTELNET 107 // Remote Telnet Service")
cpp_quote("#define PORT_POP2 109 // Post Office Protocol - version 2")
cpp_quote("#define PORT_POP3 110 // Post Office Protocol - version 3")
cpp_quote("#define PORT_SUNRPC 111 // SUN Remote Procedure Call")
cpp_quote("#define PORT_AUTH 113 // Authentication")
cpp_quote("#define PORT_SFTP 115 // Simple File Transfer Protocol")
cpp_quote("#define PORT_UUCPPATH 117 // UUCP Path Service")
cpp_quote("#define PORT_NNTP 119 // Network News Transfer Protocol")
cpp_quote("#define PORT_ERPC 121 // Encore Expedited Remote Proc. Call")
cpp_quote("#define PORT_NTP 123 // Network Time Protocol")
cpp_quote("#define PORT_LOCUSMAP 125 // Locus PC-Interface Net Map Sesrver")
cpp_quote("#define PORT_LOCUSCON 127 // Locus PC-Interface Conn Server")
cpp_quote("#define PORT_PWDGEN 129 // Password Generator Protocol")
cpp_quote("#define PORT_CISCOFNA 130 // CISCO FNATIVE")
cpp_quote("#define PORT_CISCOTNA 131 // CISCO TNATIVE")
cpp_quote("#define PORT_CISCOSYS 132 // CISCO SYSMAINT")
cpp_quote("#define PORT_STATSRV 133 // Statistics Service")
cpp_quote("#define PORT_INGRESNET 134 // Ingres net service")
cpp_quote("#define PORT_LOCSRV 135 // Location Service")
cpp_quote("#define PORT_PROFILE 136 // PROFILE Naming System")
cpp_quote("#define PORT_NETBIOSNS 137 // NETBIOS Name Service")
cpp_quote("#define PORT_NETBIOSDGM 138 // NETBIOS Datagram Service")
cpp_quote("#define PORT_NETBIOSSSN 139 // NETBIOS Session Service")
cpp_quote("#define PORT_EMFISDATA 140 // EMFIS Data Service")
cpp_quote("#define PORT_EMFISCNTL 141 // EMFIS Control Service")
cpp_quote("#define PORT_BLIDM 142 // Britton-Lee IDM")
cpp_quote("#define PORT_IMAP2 143 // Interim Mail Access Protocol v2")
cpp_quote("#define PORT_NEWS 144 // NewS")
cpp_quote("#define PORT_UAAC 145 // UAAC protocol")
cpp_quote("#define PORT_ISOTP0 146 // ISO-IP0")
cpp_quote("#define PORT_ISOIP 147 // ISO-IP")
cpp_quote("#define PORT_CRONUS 148 // CRONUS-Support")
cpp_quote("#define PORT_AED512 149 // AED 512 Emulation Service")
cpp_quote("#define PORT_SQLNET 150 // SQL-NET")
cpp_quote("#define PORT_HEMS 151 // HEMS")
cpp_quote("#define PORT_BFTP 152 // Background File Transfer Protocol")
cpp_quote("#define PORT_SGMP 153 // SGMP")
cpp_quote("#define PORT_NETSCPROD 154 // NETSC")
cpp_quote("#define PORT_NETSCDEV 155 // NETSC")
cpp_quote("#define PORT_SQLSRV 156 // SQL service")
cpp_quote("#define PORT_KNETCMP 157 // KNET/VM Command/Message Protocol")
cpp_quote("#define PORT_PCMAILSRV 158 // PCMail server")
cpp_quote("#define PORT_NSSROUTING 159 // NSS routing")
cpp_quote("#define PORT_SGMPTRAPS 160 // SGMP-TRAPS")
cpp_quote("#define PORT_SNMP 161 // SNMP")
cpp_quote("#define PORT_SNMPTRAP 162 // SNMPTRAP")
cpp_quote("#define PORT_CMIPMANAGE 163 // CMIP/TCP Manager")
cpp_quote("#define PORT_CMIPAGENT 164 // CMIP/TCP Agent")
cpp_quote("#define PORT_XNSCOURIER 165 // Xerox")
cpp_quote("#define PORT_SNET 166 // Sirius Systems")
cpp_quote("#define PORT_NAMP 167 // NAMP")
cpp_quote("#define PORT_RSVD 168 // RSVC")
cpp_quote("#define PORT_SEND 169 // SEND")
cpp_quote("#define PORT_PRINTSRV 170 // Network Postscript")
cpp_quote("#define PORT_MULTIPLEX 171 // Network Innovations Multiples")
cpp_quote("#define PORT_CL1 172 // Network Innovations CL/1")
cpp_quote("#define PORT_XYPLEXMUX 173 // Xyplex")
cpp_quote("#define PORT_MAILQ 174 // MAILQ")
cpp_quote("#define PORT_VMNET 175 // VMNET")
cpp_quote("#define PORT_GENRADMUX 176 // GENRAD-MUX")
cpp_quote("#define PORT_XDMCP 177 // X Display Manager Control Protocol")
cpp_quote("#define PORT_NEXTSTEP 178 // NextStep Window Server")
cpp_quote("#define PORT_BGP 179 // Border Gateway Protocol")
cpp_quote("#define PORT_RIS 180 // Intergraph")
cpp_quote("#define PORT_UNIFY 181 // Unify")
cpp_quote("#define PORT_UNISYSCAM 182 // Unisys-Cam")
cpp_quote("#define PORT_OCBINDER 183 // OCBinder")
cpp_quote("#define PORT_OCSERVER 184 // OCServer")
cpp_quote("#define PORT_REMOTEKIS 185 // Remote-KIS")
cpp_quote("#define PORT_KIS 186 // KIS protocol")
cpp_quote("#define PORT_ACI 187 // Application Communication Interface")
cpp_quote("#define PORT_MUMPS 188 // MUMPS")
cpp_quote("#define PORT_QFT 189 // Queued File Transport")
cpp_quote("#define PORT_GACP 190 // Gateway Access Control Protocol")
cpp_quote("#define PORT_PROSPERO 191 // Prospero")
cpp_quote("#define PORT_OSUNMS 192 // OSU Network Monitoring System")
cpp_quote("#define PORT_SRMP 193 // Spider Remote Monitoring Protocol")
cpp_quote("#define PORT_IRC 194 // Internet Relay Chat Protocol")
cpp_quote("#define PORT_DN6NLMAUD 195 // DNSIX Network Level Module Audit")
cpp_quote("#define PORT_DN6SMMRED 196 // DSNIX Session Mgt Module Audit Redirector")
cpp_quote("#define PORT_DLS 197 // Directory Location Service")
cpp_quote("#define PORT_DLSMON 198 // Directory Location Service Monitor")
cpp_quote("#define PORT_ATRMTP 201 // AppleTalk Routing Maintenance")
cpp_quote("#define PORT_ATNBP 202 // AppleTalk Name Binding")
cpp_quote("#define PORT_AT3 203 // AppleTalk Unused")
cpp_quote("#define PORT_ATECHO 204 // AppleTalk Echo")
cpp_quote("#define PORT_AT5 205 // AppleTalk Unused")
cpp_quote("#define PORT_ATZIS 206 // AppleTalk Zone Information")
cpp_quote("#define PORT_AT7 207 // AppleTalk Unused")
cpp_quote("#define PORT_AT8 208 // AppleTalk Unused")
cpp_quote("#define PORT_SURMEAS 243 // Survey Measurement")
cpp_quote("#define PORT_LINK 245 // LINK")
cpp_quote("#define PORT_DSP3270 246 // Display Systems Protocol")
cpp_quote("#define PORT_LDAP1 389 // LDAP")
cpp_quote("#define PORT_ISAKMP 500 // ISAKMP")
cpp_quote("#define PORT_REXEC 512 // Remote Process Execution")
cpp_quote("#define PORT_RLOGIN 513 // Remote login a la telnet")
cpp_quote("#define PORT_RSH 514 // Remote command")
cpp_quote("#define PORT_LPD 515 // Line printer spooler - LPD")
cpp_quote("#define PORT_RIP 520 // TCP=? / UDP=RIP")
cpp_quote("#define PORT_TEMPO 526 // Newdate")
cpp_quote("#define PORT_COURIER 530 // rpc")
cpp_quote("#define PORT_NETNEWS 532 // READNEWS")
cpp_quote("#define PORT_UUCPD 540 // UUCPD")
cpp_quote("#define PORT_KLOGIN 543 //")
cpp_quote("#define PORT_KSHELL 544 // krcmd")
cpp_quote("#define PORT_DSF 555 //")
cpp_quote("#define PORT_REMOTEEFS 556 // RFS server")
cpp_quote("#define PORT_CHSHELL 562 // chmod")
cpp_quote("#define PORT_METER 570 // METER")
cpp_quote("#define PORT_PCSERVER 600 // SUN IPC Server")
cpp_quote("#define PORT_NQS 607 // NQS")
cpp_quote("#define PORT_HMMP_INDICATION 612 // ")
cpp_quote("#define PORT_HMMP_OPERATION 613 // ")
cpp_quote("#define PORT_MDQS 666 // MDQS")
cpp_quote("#define PORT_LPD721 721 // LPD Client (lpd client ports 721 - 731)")
cpp_quote("#define PORT_LPD722 722 // LPD Client (see RFC 1179)")
cpp_quote("#define PORT_LPD723 723 // LPD Client")
cpp_quote("#define PORT_LPD724 724 // LPD Client")
cpp_quote("#define PORT_LPD725 725 // LPD Client")
cpp_quote("#define PORT_LPD726 726 // LPD Client")
cpp_quote("#define PORT_LPD727 727 // LPD Client")
cpp_quote("#define PORT_LPD728 728 // LPD Client")
cpp_quote("#define PORT_LPD729 729 // LPD Client")
cpp_quote("#define PORT_LPD730 730 // LPD Client")
cpp_quote("#define PORT_LPD731 731 // LPD Client")
cpp_quote("#define PORT_RFILE 750 // RFILE")
cpp_quote("#define PORT_PUMP 751 // PUMP")
cpp_quote("#define PORT_QRH 752 // QRH")
cpp_quote("#define PORT_RRH 753 // RRH")
cpp_quote("#define PORT_TELL 754 // TELL")
cpp_quote("#define PORT_NLOGIN 758 // NLOGIN")
cpp_quote("#define PORT_CON 759 // CON")
cpp_quote("#define PORT_NS 760 // NS")
cpp_quote("#define PORT_RXE 761 // RXE")
cpp_quote("#define PORT_QUOTAD 762 // QUOTAD")
cpp_quote("#define PORT_CYCLESERV 763 // CYCLESERV")
cpp_quote("#define PORT_OMSERV 764 // OMSERV")
cpp_quote("#define PORT_WEBSTER 765 // WEBSTER")
cpp_quote("#define PORT_PHONEBOOK 767 // PHONE")
cpp_quote("#define PORT_VID 769 // VID")
cpp_quote("#define PORT_RTIP 771 // RTIP")
cpp_quote("#define PORT_CYCLESERV2 772 // CYCLESERV-2")
cpp_quote("#define PORT_SUBMIT 773 // submit")
cpp_quote("#define PORT_RPASSWD 774 // RPASSWD")
cpp_quote("#define PORT_ENTOMB 775 // ENTOMB")
cpp_quote("#define PORT_WPAGES 776 // WPAGES")
cpp_quote("#define PORT_WPGS 780 // wpgs")
cpp_quote("#define PORT_MDBSDAEMON 800 // MDBS DAEMON")
cpp_quote("#define PORT_DEVICE 801 // DEVICE")
cpp_quote("#define PORT_MAITRD 997 // MAITRD")
cpp_quote("#define PORT_BUSBOY 998 // BUSBOY")
cpp_quote("#define PORT_GARCON 999 // GARCON")
cpp_quote("#define PORT_NFS 2049 // NFS")
cpp_quote("#define PORT_LDAP2 3268 // LDAP")
cpp_quote("#define PORT_PPTP 5678 // PPTP")
cpp_quote("")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMIcmpStructs.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("")
cpp_quote("//")
cpp_quote("// ICMP Frame Structure")
cpp_quote("//")
typedef struct _RequestReplyFields
{
WORD ID;
WORD SeqNo;
} ReqReply;
typedef struct _ParameterProblemFields
{
BYTE Pointer;
BYTE junk[3];
} ParmProb;
typedef struct _TimestampFields
{
DWORD tsOrig;
DWORD tsRecv;
DWORD tsXmit;
} TS;
typedef struct _RouterAnnounceHeaderFields
{
BYTE NumAddrs;
BYTE AddrEntrySize;
WORD Lifetime;
} RouterAH;
typedef struct _RouterAnnounceEntry
{
DWORD Address;
DWORD PreferenceLevel;
} RouterAE;
// contains a zero length array, so must cpp_quote
cpp_quote("typedef struct _ICMP ")
cpp_quote("{")
cpp_quote(" BYTE Type;")
cpp_quote(" BYTE Code;")
cpp_quote(" WORD Checksum;")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" DWORD Unused;")
cpp_quote(" DWORD Address;")
cpp_quote(" ReqReply RR;")
cpp_quote(" ParmProb PP;")
cpp_quote(" RouterAH RAH; ")
cpp_quote(" };")
cpp_quote("")
cpp_quote(" union")
cpp_quote(" {")
cpp_quote(" TS Time;")
cpp_quote(" IP IP;")
cpp_quote(" RouterAE RAE[0];")
cpp_quote(" };")
cpp_quote("} ICMP;")
cpp_quote("")
cpp_quote("typedef ICMP * LPICMP;")
cpp_quote("typedef ICMP UNALIGNED * ULPICMP;")
const DWORD ICMP_HEADER_LENGTH =8;
cpp_quote("// # of *BYTES* of IP data to attach to")
cpp_quote("// datagram in addition to IP header")
const DWORD ICMP_IP_DATA_LENGTH =8;
cpp_quote("//")
cpp_quote("// ICMP Packet Types")
cpp_quote("//")
const BYTE ECHO_REPLY = 0;
const BYTE DESTINATION_UNREACHABLE = 3;
const BYTE SOURCE_QUENCH = 4;
const BYTE REDIRECT = 5;
const BYTE ECHO = 8;
const BYTE ROUTER_ADVERTISEMENT = 9;
const BYTE ROUTER_SOLICITATION =10;
const BYTE TIME_EXCEEDED =11;
const BYTE PARAMETER_PROBLEM =12;
const BYTE TIMESTAMP =13;
const BYTE TIMESTAMP_REPLY =14;
const BYTE INFORMATION_REQUEST =15;
const BYTE INFORMATION_REPLY =16;
const BYTE ADDRESS_MASK_REQUEST =17;
const BYTE ADDRESS_MASK_REPLY =18;
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMIpxStructs.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// IPX")
typedef struct
{
UCHAR ha_address[6];
} HOST_ADDRESS;
typedef struct _IPXADDRESS
{
ULONG ipx_NetNumber;
HOST_ADDRESS ipx_HostAddr;
} IPXADDRESS;
cpp_quote("typedef IPXADDRESS UNALIGNED * PIPXADDRESS;")
typedef struct _NET_ADDRESS
{
IPXADDRESS na_IPXAddr;
USHORT na_socket;
} NET_ADDRESS;
cpp_quote("typedef NET_ADDRESS UNALIGNED * UPNET_ADDRESS;")
cpp_quote("// IPX Internetwork Packet eXchange Protocol Header.")
typedef struct
{
USHORT ipx_checksum;
USHORT ipx_length;
UCHAR ipx_xport_control; // nee ipx_hopcnt
UCHAR ipx_packet_type; // nee ipx_pkttyp
NET_ADDRESS ipx_dest;
NET_ADDRESS ipx_source;
} IPX_HDR;
cpp_quote("typedef IPX_HDR UNALIGNED * ULPIPX_HDR;")
cpp_quote("// SPX - Sequenced Packet Protocol")
typedef struct _SPX_HDR
{
IPX_HDR spx_idp_hdr;
UCHAR spx_conn_ctrl; // bits 0-3 defined (SPX_CTRL_xxx)
UCHAR spx_data_type; // 0 (defined to be used by higher layers)
USHORT spx_src_conn_id; // b.e.
USHORT spx_dest_conn_id; // b.e.
USHORT spx_sequence_num; // sequence number (b.e.).
USHORT spx_ack_num; // acknowledge number (b.e.)
USHORT spx_alloc_num; // allocation (b.e.)
} SPX_HDR;
cpp_quote("typedef SPX_HDR UNALIGNED *PSPX_HDR;")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("// (NMTcpStructs.h)")
cpp_quote("//=============================================================================")
cpp_quote("//=============================================================================")
cpp_quote("//")
cpp_quote("// TCP Packet Structure")
cpp_quote("//")
typedef struct _TCP
{
WORD SrcPort;
WORD DstPort;
DWORD SeqNum;
DWORD AckNum;
BYTE DataOff;
BYTE Flags;
WORD Window;
WORD Chksum;
WORD UrgPtr;
} TCP;
typedef TCP * LPTCP;
cpp_quote("typedef TCP UNALIGNED * ULPTCP;")
cpp_quote("INLINE DWORD TCP_HdrLen(ULPTCP pTCP)")
cpp_quote("{")
cpp_quote(" return (pTCP->DataOff & 0xf0) >> 2;")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE DWORD TCP_SrcPort(ULPTCP pTCP)")
cpp_quote("{")
cpp_quote(" return XCHG(pTCP->SrcPort);")
cpp_quote("}")
cpp_quote("")
cpp_quote("INLINE DWORD TCP_DstPort(ULPTCP pTCP)")
cpp_quote("{")
cpp_quote(" return XCHG(pTCP->DstPort);")
cpp_quote("}")
cpp_quote("//")
cpp_quote("// TCP Option Opcodes")
cpp_quote("//")
const DWORD TCP_OPTION_ENDOFOPTIONS = 0;
const DWORD TCP_OPTION_NOP = 1;
const DWORD TCP_OPTION_MAXSEGSIZE = 2;
const DWORD TCP_OPTION_WSCALE = 3;
const DWORD TCP_OPTION_SACK_PERMITTED= 4;
const DWORD TCP_OPTION_SACK = 5;
const DWORD TCP_OPTION_TIMESTAMPS = 8;
cpp_quote("//")
cpp_quote("// TCP Flags")
cpp_quote("//")
const BYTE TCP_FLAG_URGENT =0x20;
const BYTE TCP_FLAG_ACK =0x10;
const BYTE TCP_FLAG_PUSH =0x08;
const BYTE TCP_FLAG_RESET =0x04;
const BYTE TCP_FLAG_SYN =0x02;
const BYTE TCP_FLAG_FIN =0x01;
cpp_quote("//")
cpp_quote("// TCP Field Masks")
cpp_quote("//")
const DWORD TCP_RESERVED_MASK =0x0FC0;
#pragma pack(pop)
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
cpp_quote("// IDelaydC - used by a consumer to get frames after a capture has completed.")
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
const DWORD DEFAULT_DELAYED_BUFFER_SIZE =1; // 1 meg
const char USE_DEFAULT_DRIVE_LETTER =0; // "read from registry"
const DWORD RTC_FRAME_SIZE_FULL =0; // keep all
// GUID association
[
object,
uuid(BFF9C030-B58F-11ce-B5B0-00AA006CB37D),
pointer_default(unique)
]
// Interface Definition
[local]interface IDelaydC : IUnknown
{
import "unknwn.idl";
///////////////////////////////////////////////
// Connection Methods
///////////////////////////////////////////////
// Connect, this is where you actually connect to a network
HRESULT Connect( [in] HBLOB hInputBlob,
[in] LPVOID StatusCallbackProc,
[in] LPVOID UserContext,
[out] HBLOB hErrorBlob);
// Disconnect, Connect's logical opposite
HRESULT Disconnect( void );
// Get the status of the current capture
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
///////////////////////////////////////////////
// Configuration Methods
///////////////////////////////////////////////
HRESULT Configure( [in] HBLOB hConfigurationBlob,
[out] HBLOB hErrorBlob);
///////////////////////////////////////////////
// Control Methods
///////////////////////////////////////////////
// Start, begin capturing
HRESULT Start( [out] char *pFileName);
// Pause, take a break (out of p-mode we hope)
HRESULT Pause( void);
// Resume, sort of an 'un-pause'
HRESULT Resume( void);
// Stop, sort of an 'un-start'
HRESULT Stop( [out] LPSTATISTICS lpStats );
// Get two status flags:
// IsRunning, Are we capturing (regardless of paused state)
// IsPaused , Are we paused
HRESULT GetControlState( [out] BOOL * IsRunnning,
[out] BOOL * IsPaused );
///////////////////////////////////////////////
// Statistics Methods
///////////////////////////////////////////////
// GetTotalStatistics, fills in stats structure
HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats,
[in] BOOL fClearAfterReading);
// GetSessionStatistics, fills in Session and Station structures
HRESULT GetConversationStatistics([out] DWORD *nSessions,
[out, size_is(100)] LPSESSIONSTATS lpSessionStats,
[out] DWORD *nStations,
[out, size_is(100)] LPSTATIONSTATS lpStationStats,
[in] BOOL fClearAfterReading);
///////////////////////////////////////////////
// Special Methods
///////////////////////////////////////////////
// add a comment frame to ALL current captures
HRESULT InsertSpecialFrame( [in] DWORD FrameType,
[in] DWORD Flags,
[in] BYTE* pUserData,
[in] DWORD UserDataLength);
// QueryStations, get a list of machines running Network Monitor
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
}
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
cpp_quote("// IRTC - used by a consumer to get an interface to local entry points")
cpp_quote("// necessary to do real time capture processing. It includes a method")
cpp_quote("// for handing a callback to the NPP.")
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
// Constants
const DWORD DEFAULT_RTC_BUFFER_SIZE =0x100000; /* 1 meg */
// GUID association
[
object,
uuid(4811EA40-B582-11ce-B5AF-00AA006CB37D),
pointer_default(unique)
]
// Interface Definition
[local]interface IRTC : IUnknown
{
import "unknwn.idl";
///////////////////////////////////////////////
// Connection Methods
///////////////////////////////////////////////
// Connect, this is where you actually connect to a network
HRESULT Connect( [in] HBLOB hInputBlob,
[in] LPVOID StatusCallbackProc,
[in] LPVOID FramesCallbackProc,
[in] LPVOID UserContext,
[out] HBLOB hErrorBlob);
// Disconnect, Connect's logical opposite
HRESULT Disconnect( void );
// Get the status of the current capture
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
///////////////////////////////////////////////
// Configuration Methods
///////////////////////////////////////////////
HRESULT Configure( [in] HBLOB hConfigurationBlob,
[out] HBLOB hErrorBlob);
///////////////////////////////////////////////
// Control Methods
///////////////////////////////////////////////
// Start, begin capturing
HRESULT Start( void);
// Pause, take a break (out of p-mode we hope)
HRESULT Pause( void);
// Resume, sort of an 'un-pause'
HRESULT Resume( void);
// Stop, sort of an 'un-start'
HRESULT Stop( void);
// Get two status flags:
// IsRunning, Are we capturing (regardless of paused state)
// IsPaused , Are we paused
HRESULT GetControlState( [out] BOOL * IsRunnning,
[out] BOOL * IsPaused );
///////////////////////////////////////////////
// Statistics Methods
///////////////////////////////////////////////
// GetTotalStatistics, fills in stats structure
HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats,
[in] BOOL fClearAfterReading);
// GetSessionStatistics, fills in Session and Station structures
HRESULT GetConversationStatistics([out] DWORD *nSessions,
[out, size_is(100)] LPSESSIONSTATS lpSessionStats,
[out] DWORD *nStations,
[out, size_is(100)] LPSTATIONSTATS lpStationStats,
[in] BOOL fClearAfterReading);
///////////////////////////////////////////////
// Special Methods
///////////////////////////////////////////////
// add a comment frame to ALL current captures
HRESULT InsertSpecialFrame( [in] DWORD FrameType,
[in] DWORD Flags,
[in] BYTE* pUserData,
[in] DWORD UserDataLength);
// QueryStations, get a list of machines running Network Monitor
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
}
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
cpp_quote("// IStats - used by a consumer to get just statistics, no frames.")
cpp_quote("//****************************************************************************")
cpp_quote("//****************************************************************************")
// GUID association
[
object,
uuid(944AD530-B09D-11ce-B59C-00AA006CB37D),
pointer_default(unique)
]
// Interface Definition
[local]interface IStats : IUnknown
{
import "unknwn.idl";
///////////////////////////////////////////////
// Connection Methods
///////////////////////////////////////////////
// Connect, this is where you actually connect to a network
HRESULT Connect( [in] HBLOB hInputBlob,
[in] LPVOID StatusCallbackProc,
[in] LPVOID UserContext,
[out] HBLOB hErrorBlob);
// Disconnect, Connect's logical opposite
HRESULT Disconnect( void );
// Get the status of the current capture
HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus);
///////////////////////////////////////////////
// Configuration Methods
///////////////////////////////////////////////
HRESULT Configure( [in] HBLOB hConfigurationBlob,
[out] HBLOB hErrorBlob);
///////////////////////////////////////////////
// Control Methods
///////////////////////////////////////////////
// Start, begin capturing
HRESULT Start( void);
// Pause, take a break (out of p-mode we hope)
HRESULT Pause( void);
// Resume, sort of an 'un-pause'
HRESULT Resume( void);
// Stop, sort of an 'un-start'
HRESULT Stop( void);
// Get two status flags:
// IsRunning, Are we capturing (regardless of paused state)
// IsPaused , Are we paused
HRESULT GetControlState( [out] BOOL * IsRunnning,
[out] BOOL * IsPaused );
///////////////////////////////////////////////
// Statistics Methods
///////////////////////////////////////////////
// GetTotalStatistics, fills in stats structure
HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats,
[in] BOOL fClearAfterReading);
// GetSessionStatistics, fills in Session and Station structures
HRESULT GetConversationStatistics([out] DWORD *nSessions,
[out, size_is(100)] LPSESSIONSTATS lpSessionStats,
[out] DWORD *nStations,
[out, size_is(100)] LPSTATIONSTATS lpStationStats,
[in] BOOL fClearAfterReading);
///////////////////////////////////////////////
// Special Methods
///////////////////////////////////////////////
// add a comment frame to ALL current captures
HRESULT InsertSpecialFrame( [in] DWORD FrameType,
[in] DWORD Flags,
[in] BYTE* pUserData,
[in] DWORD UserDataLength);
// QueryStations, get a list of machines running Network Monitor
HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable );
}
#pragma warning(default:4200)
#pragma pack()