cpp_quote("//=============================================================================") cpp_quote("// Microsoft (R) Network Monitor (tm). ") cpp_quote("// Copyright (C) Microsoft Corporation. All rights reserved.") cpp_quote("//") cpp_quote("// MODULE: netmon.h") cpp_quote("//") cpp_quote("// This is the consolidated include file for all Network Monitor components.") cpp_quote("//") cpp_quote("// It contains the contents of these files from previous SDKs:") cpp_quote("//") cpp_quote("// NPPTypes.h") cpp_quote("// NMEvent.h (previously Event.h)") cpp_quote("// NMmcs.h (previously mcs.h)") cpp_quote("// NMmonitor.h (previously monitor.h)") cpp_quote("// Finder.h") cpp_quote("// NMSupp.h") cpp_quote("// BHTypes.h") cpp_quote("// NMErr.h") cpp_quote("// BHFilter.h") cpp_quote("// Frame.h") cpp_quote("// Parser.h") cpp_quote("// IniLib.h") cpp_quote("// NMExpert.h (previously Expert.h)") cpp_quote("// Netmon.h (previously bh.h)") cpp_quote("// NMBlob.h (previously blob.h)") cpp_quote("// NMRegHelp.h (previously reghelp.h)") cpp_quote("// NMIpStructs.h (previously IpStructs.h)") cpp_quote("// NMIcmpStructs.h (previously IcmpStructs.h)") cpp_quote("// NMIpxStructs.h (previously IpxStructs.h)") cpp_quote("// NMTcpStructs.h (previously TcpStructs.h)") cpp_quote("//") cpp_quote("// IDelaydC.idl") cpp_quote("// IESP.idl") cpp_quote("// IRTC.idl") cpp_quote("// IStats.idl") cpp_quote("//") cpp_quote("//=============================================================================") import "unknwn.idl"; cpp_quote("#include ") //cpp_quote("#include ") // this first part is so that the idl file gets the proper packing #ifdef _X86_ #pragma pack(1) #else #pragma pack() #endif cpp_quote("// For backward compatability with old SDK versions, all structures within this header") cpp_quote("// file will be byte packed on x86 platforms. All other platforms will only have those") cpp_quote("// structures that will be used to decode network data packed.") // this next part is so that the resultant header file will be correct regardless of // which platform the idl file was compiled for cpp_quote("#ifdef _X86_") cpp_quote("#pragma pack(1)") cpp_quote("#else") cpp_quote("#pragma pack()") cpp_quote("#endif") cpp_quote("") cpp_quote("// yes we know that many of our structures have:") cpp_quote("// warning C4200: nonstandard extension used : zero-sized array in struct/union") cpp_quote("// this is OK and intended") #pragma warning(disable:4200) cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NPPTypes.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") // normally MAX_PATH is not defined for our MIDL builds #ifndef MAX_PATH #define MAX_PATH 260 #endif #ifndef LPBYTE typedef BYTE *LPBYTE; #endif //LPBYTE typedef const void * HBLOB; cpp_quote("//=============================================================================") cpp_quote("// General constants.") cpp_quote("//=============================================================================") const DWORD MAC_TYPE_UNKNOWN = 0; const DWORD MAC_TYPE_ETHERNET = 1; const DWORD MAC_TYPE_TOKENRING = 2; const DWORD MAC_TYPE_FDDI = 3; const DWORD MAC_TYPE_ATM = 4; const DWORD MAC_TYPE_1394 = 5; const DWORD MACHINE_NAME_LENGTH = 16 ; const DWORD USER_NAME_LENGTH = 32 ; const DWORD ADAPTER_COMMENT_LENGTH = 32 ; const DWORD CONNECTION_FLAGS_WANT_CONVERSATION_STATS =0x00000001; cpp_quote("//=============================================================================") cpp_quote("// Transmit statistics structure.") cpp_quote("//=============================================================================") typedef struct _TRANSMITSTATS { DWORD TotalFramesSent; DWORD TotalBytesSent; DWORD TotalTransmitErrors; } TRANSMITSTATS; typedef TRANSMITSTATS *LPTRANSMITSTATS; const DWORD TRANSMITSTATS_SIZE =sizeof(TRANSMITSTATS); cpp_quote("//=============================================================================") cpp_quote("// Statistics structure.") cpp_quote("//=============================================================================") typedef struct _STATISTICS { __int64 TimeElapsed; // in millionths of a second //...Buffer statistics DWORD TotalFramesCaptured; DWORD TotalBytesCaptured; //...Filtered statistics DWORD TotalFramesFiltered; DWORD TotalBytesFiltered; DWORD TotalMulticastsFiltered; DWORD TotalBroadcastsFiltered; //...Overall statistics. DWORD TotalFramesSeen; DWORD TotalBytesSeen; DWORD TotalMulticastsReceived; DWORD TotalBroadcastsReceived; DWORD TotalFramesDropped; DWORD TotalFramesDroppedFromBuffer; //... Statistics kept by MAC driver. DWORD MacFramesReceived; DWORD MacCRCErrors; __int64 MacBytesReceivedEx; DWORD MacFramesDropped_NoBuffers; DWORD MacMulticastsReceived; DWORD MacBroadcastsReceived; DWORD MacFramesDropped_HwError; } STATISTICS; typedef STATISTICS *LPSTATISTICS; const DWORD STATISTICS_SIZE =sizeof(STATISTICS); cpp_quote("//=============================================================================") cpp_quote("// Address structures") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// These structures are used to decode network data and so need to be packed") #pragma pack(push, 1) const DWORD MAX_NAME_SIZE =32; const DWORD IP_ADDRESS_SIZE =4; const DWORD MAC_ADDRESS_SIZE =6; cpp_quote("// Q: What is the maximum address size that we could have to copy?") cpp_quote("// A: IPX == DWORD + 6 bytes == 10") const DWORD MAX_ADDRESS_SIZE =10; const DWORD ADDRESS_TYPE_ETHERNET =0; const DWORD ADDRESS_TYPE_IP =1; const DWORD ADDRESS_TYPE_IPX =2; const DWORD ADDRESS_TYPE_TOKENRING =3; const DWORD ADDRESS_TYPE_FDDI =4; const DWORD ADDRESS_TYPE_XNS =5; const DWORD ADDRESS_TYPE_ANY =6; const DWORD ADDRESS_TYPE_ANY_GROUP =7; const DWORD ADDRESS_TYPE_FIND_HIGHEST =8; const DWORD ADDRESS_TYPE_VINES_IP =9; const DWORD ADDRESS_TYPE_LOCAL_ONLY =10; const DWORD ADDRESS_TYPE_ATM =11; const DWORD ADDRESS_TYPE_1394 =12; const DWORD ADDRESSTYPE_FLAGS_NORMALIZE =0x0001 ; const DWORD ADDRESSTYPE_FLAGS_BIT_REVERSE =0x0002 ; cpp_quote("// Vines IP Address Structure") typedef struct _VINES_IP_ADDRESS { DWORD NetID; WORD SubnetID; } VINES_IP_ADDRESS; typedef VINES_IP_ADDRESS *LPVINES_IP_ADDRESS; const DWORD VINES_IP_ADDRESS_SIZE =sizeof(VINES_IP_ADDRESS); cpp_quote("// IPX Address Structure") typedef struct _IPX_ADDR { BYTE Subnet[4]; BYTE Address[6]; } IPX_ADDR; typedef IPX_ADDR *LPIPX_ADDR; const DWORD IPX_ADDR_SIZE =sizeof(IPX_ADDR); cpp_quote("// XNS Address Structure") typedef IPX_ADDR XNS_ADDRESS; typedef IPX_ADDR *LPXNS_ADDRESS; // structure contains a bitfield, so must cpp_quote cpp_quote("// ETHERNET SOURCE ADDRESS") cpp_quote("typedef struct _ETHERNET_SRC_ADDRESS") cpp_quote("{") cpp_quote(" BYTE RoutingBit: 1;") cpp_quote(" BYTE LocalBit: 1;") cpp_quote(" BYTE Byte0: 6;") cpp_quote(" BYTE Reserved[5];") cpp_quote("") cpp_quote("} ETHERNET_SRC_ADDRESS;") cpp_quote("typedef ETHERNET_SRC_ADDRESS *LPETHERNET_SRC_ADDRESS;") // structure contains a bitfield, so must cpp_quote cpp_quote("// ETHERNET DESTINATION ADDRESS") cpp_quote("typedef struct _ETHERNET_DST_ADDRESS") cpp_quote("{") cpp_quote(" BYTE GroupBit: 1;") cpp_quote(" BYTE AdminBit: 1;") cpp_quote(" BYTE Byte0: 6;") cpp_quote(" BYTE Reserved[5];") cpp_quote("} ETHERNET_DST_ADDRESS;") cpp_quote("typedef ETHERNET_DST_ADDRESS *LPETHERNET_DST_ADDRESS;") cpp_quote("") cpp_quote("// FDDI addresses") cpp_quote("typedef ETHERNET_SRC_ADDRESS FDDI_SRC_ADDRESS;") cpp_quote("typedef ETHERNET_DST_ADDRESS FDDI_DST_ADDRESS;") cpp_quote("") cpp_quote("typedef FDDI_SRC_ADDRESS *LPFDDI_SRC_ADDRESS;") cpp_quote("typedef FDDI_DST_ADDRESS *LPFDDI_DST_ADDRESS;") cpp_quote("") // structure contains a bitfield, so must cpp_quote cpp_quote("// TOKENRING Source Address") cpp_quote("typedef struct _TOKENRING_SRC_ADDRESS") cpp_quote("{") cpp_quote(" BYTE Byte0: 6;") cpp_quote(" BYTE LocalBit: 1;") cpp_quote(" BYTE RoutingBit: 1;") cpp_quote(" BYTE Byte1;") cpp_quote(" BYTE Byte2: 7;") cpp_quote(" BYTE Functional: 1;") cpp_quote(" BYTE Reserved[3];") cpp_quote("} TOKENRING_SRC_ADDRESS;") cpp_quote("typedef TOKENRING_SRC_ADDRESS *LPTOKENRING_SRC_ADDRESS;") cpp_quote("") // structure contains a bitfield, so must cpp_quote cpp_quote("// TOKENRING Destination Address") cpp_quote("typedef struct _TOKENRING_DST_ADDRESS") cpp_quote("{") cpp_quote(" BYTE Byte0: 6;") cpp_quote(" BYTE AdminBit: 1;") cpp_quote(" BYTE GroupBit: 1;") cpp_quote(" BYTE Reserved[5];") cpp_quote("} TOKENRING_DST_ADDRESS;") cpp_quote("typedef TOKENRING_DST_ADDRESS *LPTOKENRING_DST_ADDRESS;") // structure contains structures with bitfields, so must cpp_quote cpp_quote("// Address Structure") cpp_quote("typedef struct _ADDRESS") cpp_quote("{") cpp_quote(" DWORD Type;") cpp_quote("") cpp_quote(" union") cpp_quote(" {") cpp_quote(" // ADDRESS_TYPE_ETHERNET") cpp_quote(" // ADDRESS_TYPE_TOKENRING") cpp_quote(" // ADDRESS_TYPE_FDDI") cpp_quote(" BYTE MACAddress[MAC_ADDRESS_SIZE];") cpp_quote("") cpp_quote(" // IP") cpp_quote(" BYTE IPAddress[IP_ADDRESS_SIZE];") cpp_quote("") cpp_quote(" // raw IPX") cpp_quote(" BYTE IPXRawAddress[IPX_ADDR_SIZE];") cpp_quote("") cpp_quote(" // real IPX") cpp_quote(" IPX_ADDR IPXAddress;") cpp_quote("") cpp_quote(" // raw Vines IP") cpp_quote(" BYTE VinesIPRawAddress[VINES_IP_ADDRESS_SIZE];") cpp_quote("") cpp_quote(" // real Vines IP") cpp_quote(" VINES_IP_ADDRESS VinesIPAddress;") cpp_quote("") cpp_quote(" // ethernet with bits defined") cpp_quote(" ETHERNET_SRC_ADDRESS EthernetSrcAddress;") cpp_quote("") cpp_quote(" // ethernet with bits defined") cpp_quote(" ETHERNET_DST_ADDRESS EthernetDstAddress;") cpp_quote("") cpp_quote(" // tokenring with bits defined") cpp_quote(" TOKENRING_SRC_ADDRESS TokenringSrcAddress;") cpp_quote("") cpp_quote(" // tokenring with bits defined") cpp_quote(" TOKENRING_DST_ADDRESS TokenringDstAddress;") cpp_quote("") cpp_quote(" // fddi with bits defined") cpp_quote(" FDDI_SRC_ADDRESS FddiSrcAddress;") cpp_quote("") cpp_quote(" // fddi with bits defined") cpp_quote(" FDDI_DST_ADDRESS FddiDstAddress;") cpp_quote(" };") cpp_quote(" ") cpp_quote(" WORD Flags;") cpp_quote("} ADDRESS;") cpp_quote("typedef ADDRESS *LPADDRESS;") cpp_quote("#define ADDRESS_SIZE sizeof(ADDRESS)") cpp_quote("") #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// Address Pair Structure") cpp_quote("//=============================================================================") const DWORD ADDRESS_FLAGS_MATCH_DST =0x0001; const DWORD ADDRESS_FLAGS_MATCH_SRC =0x0002; const DWORD ADDRESS_FLAGS_EXCLUDE =0x0004; const DWORD ADDRESS_FLAGS_DST_GROUP_ADDR =0x0008; const DWORD ADDRESS_FLAGS_MATCH_BOTH =0x0003; // structure contains structures with bitfields, so must cpp_quote cpp_quote("typedef struct _ADDRESSPAIR") cpp_quote("{") cpp_quote(" WORD AddressFlags;") cpp_quote(" WORD NalReserved;") cpp_quote(" ADDRESS DstAddress;") cpp_quote(" ADDRESS SrcAddress;") cpp_quote("") cpp_quote("} ADDRESSPAIR;") cpp_quote("typedef ADDRESSPAIR *LPADDRESSPAIR;") cpp_quote("#define ADDRESSPAIR_SIZE sizeof(ADDRESSPAIR)") cpp_quote("//=============================================================================") cpp_quote("// Address table.") cpp_quote("//=============================================================================") const DWORD MAX_ADDRESS_PAIRS =8; // structure contains structures with bitfields, so must cpp_quote cpp_quote("typedef struct _ADDRESSTABLE") cpp_quote("{") cpp_quote(" DWORD nAddressPairs;") cpp_quote(" DWORD nNonMacAddressPairs;") cpp_quote(" ADDRESSPAIR AddressPair[MAX_ADDRESS_PAIRS];") cpp_quote("") cpp_quote("} ADDRESSTABLE;") cpp_quote("") cpp_quote("typedef ADDRESSTABLE *LPADDRESSTABLE;") cpp_quote("#define ADDRESSTABLE_SIZE sizeof(ADDRESSTABLE)") cpp_quote("//=============================================================================") cpp_quote("// Network information.") cpp_quote("//=============================================================================") const DWORD NETWORKINFO_FLAGS_PMODE_NOT_SUPPORTED =0x00000001; const DWORD NETWORKINFO_FLAGS_REMOTE_NAL =0x00000004; const DWORD NETWORKINFO_FLAGS_REMOTE_NAL_CONNECTED =0x00000008; const DWORD NETWORKINFO_FLAGS_REMOTE_CARD =0x00000010; const DWORD NETWORKINFO_FLAGS_RAS =0x00000020; // structure contains structures with bitfields, so must cpp_quote cpp_quote("typedef struct _NETWORKINFO") cpp_quote("{") cpp_quote(" BYTE PermanentAddr[6]; //... Permanent MAC address") cpp_quote(" BYTE CurrentAddr[6]; //... Current MAC address") cpp_quote(" ADDRESS OtherAddress; //... Other address supported (IP, IPX, etc...)") cpp_quote(" DWORD LinkSpeed; //... Link speed in Mbits.") cpp_quote(" DWORD MacType; //... Media type.") cpp_quote(" DWORD MaxFrameSize; //... Max frame size allowed.") cpp_quote(" DWORD Flags; //... Informational flags.") cpp_quote(" DWORD TimestampScaleFactor; //... 1 = 1/1 ms, 10 = 1/10 ms, 100 = 1/100 ms, etc.") cpp_quote(" BYTE NodeName[32]; //... Name of remote workstation.") cpp_quote(" BOOL PModeSupported; //... Card claims to support P-Mode") cpp_quote(" BYTE Comment[ADAPTER_COMMENT_LENGTH]; // Adapter comment field.") cpp_quote("") cpp_quote("} NETWORKINFO;") cpp_quote("typedef NETWORKINFO *LPNETWORKINFO;") cpp_quote("#define NETWORKINFO_SIZE sizeof(NETWORKINFO)") const DWORD MINIMUM_FRAME_SIZE =32; cpp_quote("//=============================================================================") cpp_quote("// Pattern structure.") cpp_quote("//=============================================================================") const DWORD MAX_PATTERN_LENGTH =16 ; cpp_quote("// When set this flag will cause those frames which do NOT have the specified pattern") cpp_quote("// in the proper stop to be kept.") const DWORD PATTERN_MATCH_FLAGS_NOT =0x00000001; // This flag was used in previous versions of Network Monitor and its value is therefore // reserved for compatability reasons const DWORD PATTERN_MATCH_FLAGS_RESERVED_1 =0x00000002; cpp_quote("// When set this flag indicates that the user is not interested in a pattern match within ") cpp_quote("// IP or IPX, but in the protocol that follows. The driver will ensure that the protocol") cpp_quote("// given in OffsetBasis is there and then that the port in the fram matches the port given.") cpp_quote("// It will then calculate the offset from the beginning of the protocol that follows IP or IPX.") cpp_quote("// NOTE: This flag is ignored if it is used with any OffsetBasis other than ") cpp_quote("// OFFSET_BASIS_RELATIVE_TO_IPX or OFFSET_BASIS_RELATIVE_TO_IP") const DWORD PATTERN_MATCH_FLAGS_PORT_SPECIFIED =0x00000008; cpp_quote("// The offset given is relative to the beginning of the frame. The ") cpp_quote("// PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.") const DWORD OFFSET_BASIS_RELATIVE_TO_FRAME =0; cpp_quote("// The offset given is relative to the beginning of the Effective Protocol.") cpp_quote("// The Effective Protocol is defined as the protocol that follows") cpp_quote("// the last protocol that determines Etype/SAP. In normal terms this means ") cpp_quote("// that the Effective Protocol will be IP, IPX, XNS, or any of their ilk.") cpp_quote("// The PATTERN_MATCH_FLAGS_PORT_SPECIFIED flag is ignored.") const DWORD OFFSET_BASIS_RELATIVE_TO_EFFECTIVE_PROTOCOL =1; cpp_quote("// The offset given is relative to the beginning of IPX. If IPX is not present") cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED") cpp_quote("// flag is set then the offset is relative to the beginning of the protocol") cpp_quote("// which follows IPX.") const DWORD OFFSET_BASIS_RELATIVE_TO_IPX =2; cpp_quote("// The offset given is relative to the beginning of IP. If IP is not present") cpp_quote("// then the frame does not match. If the PATTERN_MATCH_FLAGS_PORT_SPECIFIED") cpp_quote("// flag is set then the offset is relative to the beginning of the protocol") cpp_quote("// which follows IP.") const DWORD OFFSET_BASIS_RELATIVE_TO_IP =3; typedef union { BYTE IPPort; WORD ByteSwappedIPXPort; } GENERIC_PORT; typedef struct _PATTERNMATCH { DWORD Flags; BYTE OffsetBasis; GENERIC_PORT Port; WORD Offset; WORD Length; BYTE PatternToMatch[MAX_PATTERN_LENGTH]; } PATTERNMATCH; typedef PATTERNMATCH *LPPATTERNMATCH; const DWORD PATTERNMATCH_SIZE =sizeof(PATTERNMATCH); cpp_quote("//=============================================================================") cpp_quote("// Expression structure.") cpp_quote("//=============================================================================") const DWORD MAX_PATTERNS =4; typedef struct _ANDEXP { DWORD nPatternMatches; PATTERNMATCH PatternMatch[MAX_PATTERNS]; } ANDEXP; typedef ANDEXP *LPANDEXP; const DWORD ANDEXP_SIZE =sizeof(ANDEXP); typedef struct _EXPRESSION { DWORD nAndExps; ANDEXP AndExp[MAX_PATTERNS]; } EXPRESSION; typedef EXPRESSION *LPEXPRESSION; const DWORD EXPRESSION_SIZE =sizeof(EXPRESSION); cpp_quote("//=============================================================================") cpp_quote("// Trigger.") cpp_quote("//=============================================================================") const BYTE TRIGGER_TYPE_PATTERN_MATCH =1; const BYTE TRIGGER_TYPE_BUFFER_CONTENT =2; const BYTE TRIGGER_TYPE_PATTERN_MATCH_THEN_BUFFER_CONTENT =3; const BYTE TRIGGER_TYPE_BUFFER_CONTENT_THEN_PATTERN_MATCH =4; const DWORD TRIGGER_FLAGS_FRAME_RELATIVE =0x00000000 ; const DWORD TRIGGER_FLAGS_DATA_RELATIVE =0x00000001 ; const BYTE TRIGGER_ACTION_NOTIFY =0x00 ; const BYTE TRIGGER_ACTION_STOP =0x02 ; const BYTE TRIGGER_ACTION_PAUSE =0x03 ; const DWORD TRIGGER_BUFFER_FULL_25_PERCENT =0 ; const DWORD TRIGGER_BUFFER_FULL_50_PERCENT =1 ; const DWORD TRIGGER_BUFFER_FULL_75_PERCENT =2 ; const DWORD TRIGGER_BUFFER_FULL_100_PERCENT =3 ; typedef struct _TRIGGER { BOOL TriggerActive; //... Whether trigger is running BYTE TriggerType; //... Opcode of trigger BYTE TriggerAction; //... Action to take when trigger occurs. DWORD TriggerFlags; //... Trigger flags. PATTERNMATCH TriggerPatternMatch; //... Trigger pattern match. DWORD TriggerBufferSize; //... Trigger buffer size. DWORD TriggerReserved; //... Set to all zeros - do not use char TriggerCommandLine[MAX_PATH]; } TRIGGER; typedef TRIGGER *LPTRIGGER; const DWORD TRIGGER_SIZE =sizeof(TRIGGER); cpp_quote("//=============================================================================") cpp_quote("// Capture filter.") cpp_quote("//=============================================================================") cpp_quote("// Capture filter flags. By default all frames are rejected and") cpp_quote("// Network Monitor enables them based on the CAPTUREFILTER flags") cpp_quote("// defined below.") const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS =0x0001; const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES =0x0002; const DWORD CAPTUREFILTER_FLAGS_TRIGGER =0x0004; const DWORD CAPTUREFILTER_FLAGS_LOCAL_ONLY =0x0008; cpp_quote("// throw away our internal comment frames") const DWORD CAPTUREFILTER_FLAGS_DISCARD_COMMENTS =0x0010; cpp_quote("// Keep SMT and Token Ring MAC frames") const DWORD CAPTUREFILTER_FLAGS_KEEP_RAW =0x0020; const DWORD CAPTUREFILTER_FLAGS_INCLUDE_ALL =0x0003; const DWORD BUFFER_FULL_25_PERCENT =0; const DWORD BUFFER_FULL_50_PERCENT =1; const DWORD BUFFER_FULL_75_PERCENT =2; const DWORD BUFFER_FULL_100_PERCENT =3; // structure contains structures with bitfields, so must cpp_quote cpp_quote("typedef struct _CAPTUREFILTER") cpp_quote("{") cpp_quote(" DWORD FilterFlags; ") cpp_quote(" LPBYTE lpSapTable; ") cpp_quote(" LPWORD lpEtypeTable; ") cpp_quote(" WORD nSaps; ") cpp_quote(" WORD nEtypes; ") cpp_quote(" LPADDRESSTABLE AddressTable; ") cpp_quote(" EXPRESSION FilterExpression; ") cpp_quote(" TRIGGER Trigger; ") cpp_quote(" DWORD nFrameBytesToCopy;") cpp_quote(" DWORD Reserved;") cpp_quote("") cpp_quote("} CAPTUREFILTER;") cpp_quote("typedef CAPTUREFILTER *LPCAPTUREFILTER;") cpp_quote("#define CAPTUREFILTER_SIZE sizeof(CAPTUREFILTER)") cpp_quote("//=============================================================================") cpp_quote("// Frame type.") cpp_quote("//=============================================================================") // this structure may not be cpp_quoted as it is used in itransmt.idl // (However its length used to be 0). cpp_quote("// TimeStamp is in 1/1,000,000th seconds.") typedef struct _FRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; [size_is(nBytesAvail)] BYTE MacFrame[*]; } FRAME; typedef FRAME *LPFRAME; cpp_quote("typedef FRAME UNALIGNED *ULPFRAME;") const DWORD FRAME_SIZE =sizeof(FRAME); cpp_quote("//=============================================================================") cpp_quote("// Frame descriptor type.") cpp_quote("//=============================================================================") const BYTE LOW_PROTOCOL_IPX =OFFSET_BASIS_RELATIVE_TO_IPX; const BYTE LOW_PROTOCOL_IP =OFFSET_BASIS_RELATIVE_TO_IP; const BYTE LOW_PROTOCOL_UNKNOWN =((BYTE)-1); typedef struct _FRAME_DESCRIPTOR { [size_is(FrameLength)] LPBYTE FramePointer; __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; WORD Etype; BYTE Sap; BYTE LowProtocol; WORD LowProtocolOffset; [switch_is(LowProtocol)] union { [default] WORD Reserved; [case(LOW_PROTOCOL_IP)] BYTE IPPort; [case(LOW_PROTOCOL_IPX)] WORD ByteSwappedIPXPort; } HighPort; WORD HighProtocolOffset; } FRAME_DESCRIPTOR; typedef FRAME_DESCRIPTOR *LPFRAME_DESCRIPTOR; const DWORD FRAME_DESCRIPTOR_SIZE =sizeof(FRAME_DESCRIPTOR); cpp_quote("//=============================================================================") cpp_quote("// Frame descriptor table.") cpp_quote("//=============================================================================") // this structure may not be cpp_quoted as it is used in UPDATE_EVENT // (Besides, the array's length has always been 1) typedef struct _FRAMETABLE { DWORD FrameTableLength; DWORD StartIndex; DWORD EndIndex; DWORD FrameCount; [size_is(FrameTableLength)] FRAME_DESCRIPTOR Frames[*]; } FRAMETABLE; typedef FRAMETABLE *LPFRAMETABLE; cpp_quote("//=============================================================================") cpp_quote("// Station statistics.") cpp_quote("//=============================================================================") const WORD STATIONSTATS_FLAGS_INITIALIZED =0x0001; const WORD STATIONSTATS_FLAGS_EVENTPOSTED =0x0002; const DWORD STATIONSTATS_POOL_SIZE =100; typedef struct _STATIONSTATS { DWORD NextStationStats; DWORD SessionPartnerList; DWORD Flags; BYTE StationAddress[6]; WORD Pad; DWORD TotalPacketsReceived; DWORD TotalDirectedPacketsSent; DWORD TotalBroadcastPacketsSent; DWORD TotalMulticastPacketsSent; DWORD TotalBytesReceived; DWORD TotalBytesSent; } STATIONSTATS; typedef STATIONSTATS * LPSTATIONSTATS; const DWORD STATIONSTATS_SIZE =sizeof(STATIONSTATS); cpp_quote("//=============================================================================") cpp_quote("// Session statistics.") cpp_quote("//=============================================================================") const WORD SESSION_FLAGS_INITIALIZED =0x0001; const WORD SESSION_FLAGS_EVENTPOSTED =0x0002; const DWORD SESSION_POOL_SIZE =100; typedef struct _SESSIONSTATS { DWORD NextSession; DWORD StationOwner; DWORD StationPartner; DWORD Flags; DWORD TotalPacketsSent; } SESSIONSTATS; typedef SESSIONSTATS * LPSESSIONSTATS; const DWORD SESSIONSTATS_SIZE =sizeof(SESSIONSTATS); cpp_quote("//=============================================================================") cpp_quote("// Station Query") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// These structures are used to decode network data and so need to be packed") #pragma pack(push, 1) const DWORD STATIONQUERY_FLAGS_LOADED =0x0001; const DWORD STATIONQUERY_FLAGS_RUNNING =0x0002; const DWORD STATIONQUERY_FLAGS_CAPTURING =0x0004; const DWORD STATIONQUERY_FLAGS_TRANSMITTING =0x0008; const BYTE STATIONQUERY_VERSION_MINOR =0x01; const BYTE STATIONQUERY_VERSION_MAJOR =0x02; typedef struct _OLDSTATIONQUERY { DWORD Flags; BYTE BCDVerMinor; BYTE BCDVerMajor; DWORD LicenseNumber; BYTE MachineName[MACHINE_NAME_LENGTH]; BYTE UserName[USER_NAME_LENGTH]; BYTE Reserved[32]; BYTE AdapterAddress[6]; } OLDSTATIONQUERY; typedef OLDSTATIONQUERY *LPOLDSTATIONQUERY; const DWORD OLDSTATIONQUERY_SIZE =sizeof(OLDSTATIONQUERY); typedef struct _STATIONQUERY { DWORD Flags; BYTE BCDVerMinor; BYTE BCDVerMajor; DWORD LicenseNumber; BYTE MachineName[MACHINE_NAME_LENGTH]; BYTE UserName[USER_NAME_LENGTH]; BYTE Reserved[32]; BYTE AdapterAddress[6]; WCHAR WMachineName[MACHINE_NAME_LENGTH]; WCHAR WUserName[USER_NAME_LENGTH]; } STATIONQUERY; typedef STATIONQUERY *LPSTATIONQUERY; const DWORD STATIONQUERY_SIZE =sizeof(STATIONQUERY); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// structure.") cpp_quote("//=============================================================================") // this structure may not be cpp_quoted as it is used in the QueryStations methods in // each interface below. // (Besides, the array's length has always been 1) typedef struct _QUERYTABLE { DWORD nStationQueries; [size_is(nStationQueries)] STATIONQUERY StationQuery[*]; } QUERYTABLE; typedef QUERYTABLE *LPQUERYTABLE; const DWORD QUERYTABLE_SIZE =sizeof(QUERYTABLE); cpp_quote("//=============================================================================") cpp_quote("// The LINK structure is used to chain structures together into a list.") cpp_quote("//=============================================================================") #ifndef _LINK_ #define _LINK_ typedef struct _LINK *LPLINK; typedef struct _LINK { LPLINK PrevLink; LPLINK NextLink; } LINK; #endif //_LINK_ cpp_quote("//=============================================================================") cpp_quote("// Security Request packet") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) typedef struct _SECURITY_PERMISSION_CHECK { UINT Version; DWORD RandomNumber; BYTE MachineName[MACHINE_NAME_LENGTH]; BYTE UserName[USER_NAME_LENGTH]; UINT MacType; BYTE PermanentAdapterAddress[MAC_ADDRESS_SIZE]; BYTE CurrentAdapterAddress[MAC_ADDRESS_SIZE]; WCHAR WMachineName[MACHINE_NAME_LENGTH]; WCHAR WUserName[USER_NAME_LENGTH]; } SECURITY_PERMISSION_CHECK; typedef SECURITY_PERMISSION_CHECK * LPSECURITY_PERMISSION_CHECK; cpp_quote("typedef SECURITY_PERMISSION_CHECK UNALIGNED * ULPSECURITY_PERMISSION_CHECK;") const DWORD SECURITY_PERMISSION_CHECK_SIZE =sizeof(SECURITY_PERMISSION_CHECK); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// Security Response packet") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) const DWORD MAX_SECURITY_BREACH_REASON_SIZE =100; const DWORD MAX_SIGNATURE_LENGTH =128; const DWORD MAX_USER_NAME_LENGTH =256; typedef struct _SECURITY_PERMISSION_RESPONSE { UINT Version; DWORD RandomNumber; BYTE MachineName[MACHINE_NAME_LENGTH]; BYTE Address[MAC_ADDRESS_SIZE]; BYTE UserName[MAX_USER_NAME_LENGTH]; BYTE Reason[MAX_SECURITY_BREACH_REASON_SIZE]; DWORD SignatureLength; BYTE Signature[MAX_SIGNATURE_LENGTH]; } SECURITY_PERMISSION_RESPONSE; typedef SECURITY_PERMISSION_RESPONSE * LPSECURITY_PERMISSION_RESPONSE; cpp_quote("typedef SECURITY_PERMISSION_RESPONSE UNALIGNED * ULPSECURITY_PERMISSION_RESPONSE;") const DWORD SECURITY_PERMISSION_RESPONSE_SIZE =sizeof(SECURITY_PERMISSION_RESPONSE); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// Callback type") cpp_quote("//=============================================================================") cpp_quote("// generic events") const DWORD UPDATE_EVENT_TERMINATE_THREAD =0x00000000; const DWORD UPDATE_EVENT_NETWORK_STATUS =0x00000001; cpp_quote("// rtc events") const DWORD UPDATE_EVENT_RTC_INTERVAL_ELAPSED =0x00000002; const DWORD UPDATE_EVENT_RTC_FRAME_TABLE_FULL =0x00000003; const DWORD UPDATE_EVENT_RTC_BUFFER_FULL =0x00000004; cpp_quote("// delayed events") const DWORD UPDATE_EVENT_TRIGGER_BUFFER_CONTENT =0x00000005; const DWORD UPDATE_EVENT_TRIGGER_PATTERN_MATCH =0x00000006; const DWORD UPDATE_EVENT_TRIGGER_BUFFER_PATTERN =0x00000007; const DWORD UPDATE_EVENT_TRIGGER_PATTERN_BUFFER =0x00000008; cpp_quote("// transmit events") const DWORD UPDATE_EVENT_TRANSMIT_STATUS =0x00000009; cpp_quote("// Security events") const DWORD UPDATE_EVENT_SECURITY_BREACH =0x0000000A; cpp_quote("// Remote failure event") const DWORD UPDATE_EVENT_REMOTE_FAILURE =0x0000000B; cpp_quote("// actions") const DWORD UPDATE_ACTION_TERMINATE_THREAD =0x00000000; const DWORD UPDATE_ACTION_NOTIFY =0x00000001; const DWORD UPDATE_ACTION_STOP_CAPTURE =0x00000002; const DWORD UPDATE_ACTION_PAUSE_CAPTURE =0x00000003; const DWORD UPDATE_ACTION_RTC_BUFFER_SWITCH =0x00000004; typedef struct _UPDATE_EVENT { USHORT Event; DWORD Action; DWORD Status; DWORD Value; __int64 TimeStamp; DWORD_PTR lpUserContext; DWORD_PTR lpReserved; UINT FramesDropped; [switch_is(Event)] union { [default] DWORD Reserved; [case(2,3,4)] LPFRAMETABLE lpFrameTable; [case(9)] DWORD_PTR lpPacketQueue; [case(10)] SECURITY_PERMISSION_RESPONSE SecurityResponse; }; LPSTATISTICS lpFinalStats; } UPDATE_EVENT; typedef UPDATE_EVENT *PUPDATE_EVENT; cpp_quote("// note for c++ users:") cpp_quote("// the declaration for this callback should be in the public part of the header file:") cpp_quote("// static WINAPI DWORD NetworkCallback( UPDATE_EVENT events);") cpp_quote("// and the implementation should be, in the protected section of the cpp file:") cpp_quote("// DWORD WINAPI ClassName::NetworkCallback( UPDATE_EVENT events) {};") cpp_quote("//typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);") cpp_quote("typedef DWORD (WINAPI *LPNETWORKCALLBACKPROC)( UPDATE_EVENT);") cpp_quote("//=============================================================================") cpp_quote("// NETWORKSTATUS data structure.") cpp_quote("//=============================================================================") typedef struct _NETWORKSTATUS { DWORD State; DWORD Flags; } NETWORKSTATUS; typedef NETWORKSTATUS *LPNETWORKSTATUS; const DWORD NETWORKSTATUS_SIZE =sizeof(NETWORKSTATUS); const DWORD NETWORKSTATUS_STATE_VOID =0; const DWORD NETWORKSTATUS_STATE_INIT =1; const DWORD NETWORKSTATUS_STATE_CAPTURING =2; const DWORD NETWORKSTATUS_STATE_PAUSED =3; const DWORD NETWORKSTATUS_FLAGS_TRIGGER_PENDING =0x00000001; cpp_quote("//=============================================================================") cpp_quote("// BONEPACKET structure.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) const BYTE BONE_COMMAND_STATION_QUERY_REQUEST =0; const BYTE BONE_COMMAND_STATION_QUERY_RESPONSE =1; const BYTE BONE_COMMAND_ALERT =2; const BYTE BONE_COMMAND_PERMISSION_CHECK =3; const BYTE BONE_COMMAND_PERMISSION_RESPONSE =4; const BYTE BONE_COMMAND_SECURITY_MONITOR_EVENT =5; typedef struct _BONEPACKET { DWORD Signature; BYTE Command; BYTE Flags; DWORD Reserved; WORD Length; } BONEPACKET; typedef BONEPACKET *LPBONEPACKET; cpp_quote("typedef BONEPACKET UNALIGNED* ULPBONEPACKET;") const DWORD BONEPACKET_SIZE =sizeof(BONEPACKET); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// BONE alert packet.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) const DWORD ALERT_CODE_BEGIN_TRANSMIT =0; typedef struct _ALERT { DWORD AlertCode; WCHAR WMachineName[MACHINE_NAME_LENGTH]; WCHAR WUserName[USER_NAME_LENGTH]; union { BYTE Pad[32]; DWORD nFramesToSend; }; } ALERT; typedef ALERT *LPALERT; const DWORD ALERT_SIZE =sizeof(ALERT); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// BONEPACKET signature.") cpp_quote("//=============================================================================") cpp_quote("#define MAKE_WORD(l, h) (((WORD) (l)) | (((WORD) (h)) << 8))") cpp_quote("#define MAKE_LONG(l, h) (((DWORD) (l)) | (((DWORD) (h)) << 16L))") cpp_quote("#define MAKE_SIG(a, b, c, d) MAKE_LONG(MAKE_WORD(a, b), MAKE_WORD(c, d))") cpp_quote("#define BONE_PACKET_SIGNATURE MAKE_SIG('R', 'T', 'S', 'S')") cpp_quote("//=============================================================================") cpp_quote("// STATISTICS parameter structure.") cpp_quote("//=============================================================================") const DWORD MAX_SESSIONS =100; const DWORD MAX_STATIONS =100; typedef struct _STATISTICSPARAM { DWORD StatisticsSize; STATISTICS Statistics; DWORD StatisticsTableEntries; STATIONSTATS StatisticsTable[MAX_STATIONS]; DWORD SessionTableEntries; SESSIONSTATS SessionTable[MAX_SESSIONS]; } STATISTICSPARAM; typedef STATISTICSPARAM *LPSTATISTICSPARAM; const DWORD STATISTICSPARAM_SIZE =sizeof(STATISTICSPARAM); cpp_quote("//=============================================================================") cpp_quote("// Capture file header.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode file data and so needs to be packed") #pragma pack(push, 1) const DWORD CAPTUREFILE_VERSION_MAJOR =2; const DWORD CAPTUREFILE_VERSION_MINOR =0; cpp_quote("#define MakeVersion(Major, Minor) ((DWORD) MAKEWORD(Minor, Major))") cpp_quote("#define GetCurrentVersion() MakeVersion(CAPTUREFILE_VERSION_MAJOR, CAPTUREFILE_VERSION_MINOR)") cpp_quote("#define NETMON_1_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('R', 'T', 'S', 'S')") cpp_quote("#define NETMON_2_0_CAPTUREFILE_SIGNATURE MAKE_IDENTIFIER('G', 'M', 'B', 'U')") typedef struct _CAPTUREFILE_HEADER_VALUES { DWORD Signature; //... Unique identifier: 'RTSS'. BYTE BCDVerMinor; //... Binary coded decimal (minor). BYTE BCDVerMajor; //... Binary coded decimal (major). WORD MacType; //... Topology type. SYSTEMTIME TimeStamp; //... time of capture. DWORD FrameTableOffset; //... Frame index table. DWORD FrameTableLength; //... Frame index table size. DWORD UserDataOffset; //... User data offset. DWORD UserDataLength; //... User data length. DWORD CommentDataOffset; //... Comment Data offset DWORD CommentDataLength; //... Length of comment data. DWORD StatisticsOffset; //....offset to STATISTICS STRUCTURE DWORD StatisticsLength; //....length of stats struct DWORD NetworkInfoOffset; //....offset to network info structure DWORD NetworkInfoLength; //....length of network info structure DWORD ConversationStatsOffset; //....offset of conv stats structure DWORD ConversationStatsLength; //....length of conv stats structure } CAPTUREFILE_HEADER_VALUES; typedef CAPTUREFILE_HEADER_VALUES *LPCAPTUREFILE_HEADER_VALUES; const DWORD CAPTUREFILE_HEADER_VALUES_SIZE =sizeof(CAPTUREFILE_HEADER_VALUES); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// Capture file.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode file data and so needs to be packed") #pragma pack(push, 1) typedef struct _CAPTUREFILE_HEADER { union { CAPTUREFILE_HEADER_VALUES ActualHeader; BYTE Buffer[CAPTUREFILE_HEADER_VALUES_SIZE]; }; BYTE Reserved[128 - CAPTUREFILE_HEADER_VALUES_SIZE]; } CAPTUREFILE_HEADER; typedef CAPTUREFILE_HEADER *LPCAPTUREFILE_HEADER; const DWORD CAPTUREFILE_HEADER_SIZE =sizeof(CAPTUREFILE_HEADER); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// Stats Frame definitions.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// These structures are used to create network data and so need to be packed") #pragma pack(push, 1) typedef struct _EFRAMEHDR { BYTE SrcAddress[6]; BYTE DstAddress[6]; WORD Length; BYTE DSAP; BYTE SSAP; BYTE Control; BYTE ProtocolID[3]; WORD EtherType; } EFRAMEHDR; typedef struct _TRFRAMEHDR { BYTE AC; BYTE FC; BYTE SrcAddress[6]; BYTE DstAddress[6]; BYTE DSAP; BYTE SSAP; BYTE Control; BYTE ProtocolID[3]; WORD EtherType; } TRFRAMEHDR; const BYTE DEFAULT_TR_AC =0x00; const BYTE DEFAULT_TR_FC =0x40; const BYTE DEFAULT_SAP =0xAA; const BYTE DEFAULT_CONTROL =0x03; const WORD DEFAULT_ETHERTYPE =0x8419; typedef struct _FDDIFRAMEHDR { BYTE FC; BYTE SrcAddress[6]; BYTE DstAddress[6]; BYTE DSAP; BYTE SSAP; BYTE Control; BYTE ProtocolID[3]; WORD EtherType; } FDDIFRAMEHDR; const BYTE DEFAULT_FDDI_FC =0x10; typedef struct _FDDISTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; FDDIFRAMEHDR FrameHeader; BYTE FrameID[4]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } FDDISTATFRAME; typedef FDDISTATFRAME *LPFDDISTATFRAME; cpp_quote("typedef FDDISTATFRAME UNALIGNED *ULPFDDISTATFRAME;") const DWORD FDDISTATFRAME_SIZE =sizeof(FDDISTATFRAME); typedef struct _ATMFRAMEHDR { BYTE SrcAddress[6]; BYTE DstAddress[6]; WORD Vpi; WORD Vci; } ATMFRAMEHDR; typedef struct _ATMSTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; ATMFRAMEHDR FrameHeader; BYTE FrameID[4]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } ATMSTATFRAME; typedef ATMSTATFRAME *LPATMSTATFRAME; cpp_quote("typedef ATMSTATFRAME UNALIGNED *ULPATMSTATFRAME;") const DWORD ATMSTATFRAME_SIZE =sizeof(ATMSTATFRAME); typedef struct _TRSTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; TRFRAMEHDR FrameHeader; BYTE FrameID[4]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } TRSTATFRAME; typedef TRSTATFRAME *LPTRSTATFRAME; cpp_quote("typedef TRSTATFRAME UNALIGNED *ULPTRSTATFRAME;") const DWORD TRSTATFRAME_SIZE =sizeof(TRSTATFRAME); typedef struct _ESTATFRAME { __int64 TimeStamp; DWORD FrameLength; DWORD nBytesAvail; EFRAMEHDR FrameHeader; BYTE FrameID[4]; DWORD Flags; DWORD FrameType; WORD StatsDataLen; DWORD StatsVersion; STATISTICS Statistics; } ESTATFRAME; typedef ESTATFRAME *LPESTATFRAME; cpp_quote("typedef ESTATFRAME UNALIGNED *ULPESTATFRAME;") const DWORD ESTATFRAME_SIZE =sizeof(ESTATFRAME); const DWORD STATISTICS_VERSION_1_0 =0x00000000; const DWORD STATISTICS_VERSION_2_0 =0x00000020; // this variable could change if any of the above sizes changed const DWORD MAX_STATSFRAME_SIZE =sizeof(TRSTATFRAME); const DWORD STATS_FRAME_TYPE =103; #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMEvent.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// NMCOLUMNTYPE") typedef enum { NMCOLUMNTYPE_UINT8 = 0, NMCOLUMNTYPE_SINT8, NMCOLUMNTYPE_UINT16, NMCOLUMNTYPE_SINT16, NMCOLUMNTYPE_UINT32, NMCOLUMNTYPE_SINT32, NMCOLUMNTYPE_FLOAT64, NMCOLUMNTYPE_FRAME, NMCOLUMNTYPE_YESNO, NMCOLUMNTYPE_ONOFF, NMCOLUMNTYPE_TRUEFALSE, NMCOLUMNTYPE_MACADDR, NMCOLUMNTYPE_IPXADDR, NMCOLUMNTYPE_IPADDR, NMCOLUMNTYPE_VARTIME, NMCOLUMNTYPE_STRING } NMCOLUMNTYPE; cpp_quote("// NMCOLUMNVARIANT") typedef struct _NMCOLUMNVARIANT { NMCOLUMNTYPE Type; union { BYTE Uint8Val; // 8 bit unsigned value char Sint8Val; // 8 bit signed value WORD Uint16Val; // 16 bit unsigned value short Sint16Val; // 16 bit signed value DWORD Uint32Val; // 32 bit unsigned value long Sint32Val; // 32 bit signed value DOUBLE Float64Val; // 64 bit floating point value DWORD FrameVal; // 32 bit unsigned frame value BOOL YesNoVal; // 32 bit boolean: zero maps to 'NO', nonzero maps to 'YES' BOOL OnOffVal; // 32 bit boolean: zero maps to 'OFF', nonzero maps to 'ON' BOOL TrueFalseVal;// 32 bit boolean: zero maps to 'False', nonzero maps to 'True' BYTE MACAddrVal[MAC_ADDRESS_SIZE];// 48 bit MAC address (6 bytes) IPX_ADDR IPXAddrVal;// 10 byte ipx address (4 byte subnet. 6 byte address) DWORD IPAddrVal; // 32 bit IP Address: ddd.ddd.ddd.ddd DOUBLE VarTimeVal; // Double representation of time value (use VariantTimeToSystemTime to convert) LPCSTR pStringVal; // pointer to a string value } Value; } NMCOLUMNVARIANT; cpp_quote("// COLUMNINFO") typedef struct _NMCOLUMNINFO { LPSTR szColumnName;// Name of column NMCOLUMNVARIANT VariantData; // Value for column } NMCOLUMNINFO; typedef NMCOLUMNINFO* PNMCOLUMNINFO; cpp_quote("// JTYPE") typedef LPSTR JTYPE; // (structure placeholder) // this structure contains may not be cpp_quoted as it is used in IEventq.idl // (However, the array's length used to be 0) cpp_quote("// EVENTDATA") typedef struct _NMEVENTDATA { LPSTR pszReserved; // Reserved BYTE Version; // Version for this structure (must be 0) DWORD EventIdent; // ID for this event DWORD Flags; // Flags for Expert generated or Monitor generated and others DWORD Severity; // Severity level BYTE NumColumns; // Number of optional columns for this event LPSTR szSourceName; // Name of Monitor or Expert LPSTR szEventName; // Name of event LPSTR szDescription;// Description of event LPSTR szMachine; // Name (or IPADDRESS?) of the machine supplying the event (NULL for Experts usually) JTYPE Justification;// Justification pane info (currently a string, but possible structure) LPSTR szUrl; // URL to Book of Knowledge (NULL for default for ID?) SYSTEMTIME SysTime; // Systemtime of the event [size_is(NumColumns)] NMCOLUMNINFO Column[*]; } NMEVENTDATA; typedef NMEVENTDATA* PNMEVENTDATA; cpp_quote("// EVENT FLAGS") const DWORD NMEVENTFLAG_MONITOR =0x00000000; const DWORD NMEVENTFLAG_EXPERT =0x00000001; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY =0x80000000; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE =0x40000000; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME =0x20000000; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION =0x10000000; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE =0x08000000; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_TIME =0x04000000; const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_DATE =0x02000000; cpp_quote("//#define NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS (NMEVENTFLAG_DO_NOT_DISPLAY_SEVERITY | \\") cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_SOURCE | \\") cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_EVENT_NAME | \\") cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_DESCRIPTION| \\") cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_MACHINE | \\") cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_TIME | \\") cpp_quote("// NMEVENTFLAG_DO_NOT_DISPLAY_DATE )") const DWORD NMEVENTFLAG_DO_NOT_DISPLAY_FIXED_COLUMNS =0xFE000000; enum _NMEVENT_SEVERITIES { NMEVENT_SEVERITY_INFORMATIONAL = 0, NMEVENT_SEVERITY_WARNING, NMEVENT_SEVERITY_STRONG_WARNING, NMEVENT_SEVERITY_ERROR, NMEVENT_SEVERITY_SEVERE_ERROR, NMEVENT_SEVERITY_CRITICAL_ERROR }; cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMmcs.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// Monitor status values returned from call to GetMonitorStatus") cpp_quote("//=============================================================================") const DWORD MONITOR_STATUS_ERROR =-1; const DWORD MONITOR_STATUS_ENABLED =4; const DWORD MONITOR_STATUS_CONFIGURED =5; const DWORD MONITOR_STATUS_RUNNING =6; const DWORD MONITOR_STATUS_RUNNING_FAULTED =9; const DWORD MONITOR_STATUS_DELETED =10; const DWORD MCS_COMMAND_ENABLE =13; const DWORD MCS_COMMAND_DISABLE =14; const DWORD MCS_COMMAND_SET_CONFIG =15; const DWORD MCS_COMMAND_GET_CONFIG =16; const DWORD MCS_COMMAND_START =17; const DWORD MCS_COMMAND_STOP =18; const DWORD MCS_COMMAND_CONNECT =19; const DWORD MCS_COMMAND_RENAME =20; const DWORD MCS_COMMAND_REFRESH_STATUS =21; cpp_quote("//=============================================================================") cpp_quote("// Monitor Creation Flags") cpp_quote("//=============================================================================") const DWORD MCS_CREATE_ONE_PER_NETCARD =0x00000001; const DWORD MCS_CREATE_CONFIGS_BY_DEFAULT =0x00000010; const DWORD MCS_CREATE_PMODE_NOT_REQUIRED =0x00000100; typedef __int64 HNMMONITOR; cpp_quote("//=============================================================================") cpp_quote("// NPP_INFO") cpp_quote("//=============================================================================") typedef struct { DWORD ListIndex; [string] char* ShortName; [string] char* LongName; } NPP_INFO; typedef NPP_INFO* PNPP_INFO; cpp_quote("//=============================================================================") cpp_quote("// MONITOR_INFO") cpp_quote("//=============================================================================") typedef struct _MONITOR_INFO { // Our opaque pointer HNMMONITOR MonitorInstance; HNMMONITOR MonitorClass; DWORD CreateFlags; DWORD Status; DWORD ListIndex; [string] char* pDescription; [string] char* pScript; [string] char* pConfiguration; [string] char* pName; } MONITOR_INFO; typedef MONITOR_INFO* PMONITOR_INFO; cpp_quote("//=============================================================================") cpp_quote("// MONITOR_MESSAGE") cpp_quote("//=============================================================================") typedef struct { HNMMONITOR Monitor; DWORD ListIndex; [string] char* pszMessage; } MONITOR_MESSAGE; typedef MONITOR_MESSAGE* PMONITOR_MESSAGE; cpp_quote("//=============================================================================") cpp_quote("// COMMAND_FAILED_EVENT") cpp_quote("//=============================================================================") typedef struct { HNMMONITOR Monitor; DWORD Command; DWORD FailureCode; DWORD ListIndex; DWORD Status; } COMMAND_FAILED_EVENT; typedef COMMAND_FAILED_EVENT* PCOMMAND_FAILED_EVENT; cpp_quote("//=============================================================================") cpp_quote("// MONITOR_STATUS_EVENT") cpp_quote("//=============================================================================") typedef struct { HNMMONITOR Monitor; DWORD LastCommand; DWORD ListIndex; DWORD Status; DWORD FramesProcessed; } MONITOR_STATUS_EVENT; typedef MONITOR_STATUS_EVENT* PMONITOR_STATUS_EVENT; cpp_quote("//=============================================================================") cpp_quote("// MCS_CLIENT") cpp_quote("//=============================================================================") typedef struct { [string] OLECHAR* pwszName; FILETIME FileTime; DWORD pXMCS; BOOL bCurrent; } MCS_CLIENT; typedef MCS_CLIENT* PMCS_CLIENT; cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (Finder.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// Structures use by NPPs, the Finder, and monitors") cpp_quote("//=============================================================================") // these structures may not be cpp_quoted as they are used in IRemoteagent.idl // (However, the array's length used to be 0) typedef struct { DWORD dwNumBlobs; [size_is(dwNumBlobs)] HBLOB hBlobs[*]; } BLOB_TABLE; typedef BLOB_TABLE* PBLOB_TABLE; typedef struct { DWORD size; [size_is(size)] BYTE* pBytes; } MBLOB; typedef struct { DWORD dwNumBlobs; [size_is(dwNumBlobs)] MBLOB mBlobs[*]; } MBLOB_TABLE; typedef MBLOB_TABLE* PMBLOB_TABLE; cpp_quote("//=============================================================================") cpp_quote("// Functions called by monitors, tools, netmon") cpp_quote("//=============================================================================") cpp_quote("DWORD _cdecl GetNPPBlobTable(HBLOB hFilterBlob, ") cpp_quote(" PBLOB_TABLE* ppBlobTable);") cpp_quote("") cpp_quote("DWORD _cdecl GetNPPBlobFromUI(HWND hwnd,") cpp_quote(" HBLOB hFilterBlob,") cpp_quote(" HBLOB* phBlob); ") cpp_quote("") cpp_quote("DWORD _cdecl GetNPPBlobFromUIExU(HWND hwnd,") cpp_quote(" HBLOB hFilterBlob,") cpp_quote(" HBLOB* phBlob,") cpp_quote(" char* szHelpFileName); ") cpp_quote("") cpp_quote("DWORD _cdecl SelectNPPBlobFromTable( HWND hwnd,") cpp_quote(" PBLOB_TABLE pBlobTable,") cpp_quote(" HBLOB* hBlob);") cpp_quote("") cpp_quote("DWORD _cdecl SelectNPPBlobFromTableExU( HWND hwnd,") cpp_quote(" PBLOB_TABLE pBlobTable,") cpp_quote(" HBLOB* hBlob,") cpp_quote(" char* szHelpFileName);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Helper functions provided by the Finder") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("__inline DWORD BLOB_TABLE_SIZE(DWORD dwNumBlobs)") cpp_quote("{") cpp_quote(" return (DWORD) (sizeof(BLOB_TABLE)+dwNumBlobs*sizeof(HBLOB));") cpp_quote("}") cpp_quote("") cpp_quote("__inline PBLOB_TABLE AllocBlobTable(DWORD dwNumBlobs)") cpp_quote("{") cpp_quote(" DWORD size = BLOB_TABLE_SIZE(dwNumBlobs);") cpp_quote("") cpp_quote(" return (PBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);") cpp_quote("}") cpp_quote("") cpp_quote("__inline DWORD MBLOB_TABLE_SIZE(DWORD dwNumBlobs)") cpp_quote("{") cpp_quote(" return (DWORD) (sizeof(MBLOB_TABLE)+dwNumBlobs*sizeof(MBLOB));") cpp_quote("}") cpp_quote("") cpp_quote("__inline PMBLOB_TABLE AllocMBlobTable(DWORD dwNumBlobs)") cpp_quote("{") cpp_quote(" DWORD size = MBLOB_TABLE_SIZE(dwNumBlobs);") cpp_quote("") cpp_quote(" return (PMBLOB_TABLE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);") cpp_quote("}") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Functions provided by NPPs, called by the Finder") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// For NPP's that can return a Blob table without additional configuration.") cpp_quote("DWORD _cdecl GetNPPBlobs(PBLOB_TABLE* ppBlobTable);") cpp_quote("typedef DWORD (_cdecl FAR* BLOBSPROC) (PBLOB_TABLE* ppBlobTable);") cpp_quote("") cpp_quote("// For NPP's that need additional information to return a Blob table.") cpp_quote("DWORD _cdecl GetConfigBlob(HBLOB* phBlob);") cpp_quote("typedef DWORD (_cdecl FAR* GETCFGBLOB) (HBLOB, HBLOB*);") cpp_quote("typedef DWORD (_cdecl FAR* CFGPROC) (HWND hwnd,") cpp_quote(" HBLOB SpecialBlob,") cpp_quote(" PBLOB_TABLE* ppBlobTable);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Handy functions") cpp_quote("//=============================================================================") cpp_quote("BOOL _cdecl FilterNPPBlob(HBLOB hBlob, HBLOB FilterBlob);") cpp_quote("") cpp_quote("BOOL _cdecl RaiseNMEvent(HINSTANCE hInstance,") cpp_quote(" WORD EventType, ") cpp_quote(" DWORD EventID,") cpp_quote(" WORD nStrings, ") cpp_quote(" const char** aInsertStrs,") cpp_quote(" LPVOID lpvData,") cpp_quote(" DWORD dwDataSize);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMmonitor.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("#ifdef __cplusplus") // Forward reference cpp_quote("struct MONITOR;") cpp_quote("typedef MONITOR* PMONITOR;") cpp_quote("") cpp_quote("typedef void (WINAPI* MCSALERTPROC) (PMONITOR pMonitor, TCHAR* alert);") cpp_quote("") cpp_quote("//****************************************************************************") cpp_quote("// Our exported Monitor functions, that must be supported by ALL monitors ") cpp_quote("//****************************************************************************") cpp_quote("// Create the Monitor, function called \"CreateMonitor\". The") cpp_quote("// argument is a potential configuration structure") cpp_quote("typedef DWORD (WINAPI* CREATEMONITOR)(PMONITOR* ppMonitor, ") cpp_quote(" HBLOB hInputNPPBlob,") cpp_quote(" char* pConfiguration,") cpp_quote(" MCSALERTPROC McsAlertProc);") cpp_quote("") cpp_quote("// Destroy the Monitor, function called \"DestroyMonitor\"") cpp_quote("typedef DWORD (WINAPI* DESTROYMONITOR)(PMONITOR);") cpp_quote("") cpp_quote("// We need the monitor's NPP filter blob: \"GetMonitorFilter\"") cpp_quote("typedef DWORD (WINAPI* GETMONITORFILTER) (HBLOB* pFilterBlob);") cpp_quote("") cpp_quote("// Get the monitor configuration \"GetMonitorConfig\"") cpp_quote("// The pMonitor argument can not be null") cpp_quote("typedef DWORD (WINAPI* GETMONITORCONFIG) (PMONITOR pMonitor,") cpp_quote(" char** ppScript,") cpp_quote(" char** ppConfiguration);") cpp_quote("") cpp_quote("// Set the monitor configuration \"SetMonitorConfig\"") cpp_quote("// The pMonitor argument can not be null") cpp_quote("typedef DWORD (WINAPI* SETMONITORCONFIG) (PMONITOR pMonitor, ") cpp_quote(" char* pConfiguration);") cpp_quote("") cpp_quote("// The monitor's connect function: \"ConnectMonitor\"") cpp_quote("typedef DWORD (WINAPI* CONNECTMONITOR) (PMONITOR pMonitor);") cpp_quote("") cpp_quote("// The monitor's start function: \"StartMonitor\"") cpp_quote("typedef DWORD (WINAPI* STARTMONITOR) (PMONITOR pMonitor, char** ppResponse);") cpp_quote("") cpp_quote("// The monitor's stop function: \"StopMonitor\"") cpp_quote("typedef DWORD (WINAPI* STOPMONITOR) (PMONITOR pMonitor);") cpp_quote("") cpp_quote("// Get the monitor status: \"GetMonitorStatus\"") cpp_quote("typedef DWORD (WINAPI* GETMONITORSTATUS) (PMONITOR pMonitor, DWORD* pStatus);") cpp_quote("") cpp_quote("//****************************************************************************") cpp_quote("// Optional function that allows the monitor dll to do specific functions") cpp_quote("// prior to the creation of any monitors. \"OneTimeSetup\"") cpp_quote("typedef DWORD (WINAPI* ONETIMESETUP) (void);") cpp_quote("//****************************************************************************") cpp_quote("") cpp_quote("//****************************************************************************") cpp_quote("// Optional function that provides a description of the monitor") cpp_quote("//****************************************************************************") cpp_quote("// For current display porpoises, we could use this: \"DescribeSelf\"") cpp_quote("typedef DWORD (WINAPI* DESCRIBESELF) (const char** ppName,") cpp_quote(" const char** ppDescription);") cpp_quote("") cpp_quote("#endif // __cplusplus") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMSupp.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("#ifndef __cplusplus") cpp_quote("#ifndef try") cpp_quote("#define try __try") cpp_quote("#endif // try") cpp_quote("") cpp_quote("#ifndef except") cpp_quote("#define except __except") cpp_quote("#endif // except") cpp_quote("#endif // __cplusplus") cpp_quote("//=============================================================================") cpp_quote("// Windows version constants.") cpp_quote("//=============================================================================") const DWORD WINDOWS_VERSION_UNKNOWN =0; const DWORD WINDOWS_VERSION_WIN32S =1; const DWORD WINDOWS_VERSION_WIN32C =2; const DWORD WINDOWS_VERSION_WIN32 =3; cpp_quote("//=============================================================================") cpp_quote("// Frame masks.") cpp_quote("//=============================================================================") const BYTE FRAME_MASK_ETHERNET =((BYTE) ~0x01); const BYTE FRAME_MASK_TOKENRING =((BYTE) ~0x80); const BYTE FRAME_MASK_FDDI =((BYTE) ~0x01); cpp_quote("//=============================================================================") cpp_quote("// ACCESSRIGHTS") cpp_quote("//=============================================================================") typedef enum _ACCESSRIGHTS { AccessRightsNoAccess, //... Access denied, invalid password. AccessRightsMonitoring, //... Monitoring mode only. AccessRightsUserAccess, //... User-level access rights. AccessRightsAllAccess //... All access. } ACCESSRIGHTS; typedef ACCESSRIGHTS *PACCESSRIGHTS; typedef LPVOID HPASSWORD; cpp_quote("#define HANDLE_TYPE_PASSWORD MAKE_IDENTIFIER('P', 'W', 'D', '$')") cpp_quote("//=============================================================================") cpp_quote("// Object heap type.") cpp_quote("//=============================================================================") typedef LPVOID HOBJECTHEAP; cpp_quote("//=============================================================================") cpp_quote("// Object cleanup procedure.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("typedef VOID (WINAPI *OBJECTPROC)(HOBJECTHEAP, LPVOID);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Network Monitor timers.") cpp_quote("//=============================================================================") typedef struct _TIMER *HTIMER; cpp_quote("typedef VOID (WINAPI *BHTIMERPROC)(LPVOID);") cpp_quote("") cpp_quote("HTIMER WINAPI BhSetTimer(BHTIMERPROC TimerProc, LPVOID InstData, DWORD TimeOut);") cpp_quote("") cpp_quote("VOID WINAPI BhKillTimer(HTIMER hTimer);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Network Monitor global error API.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("DWORD WINAPI BhGetLastError(VOID);") cpp_quote("") cpp_quote("DWORD WINAPI BhSetLastError(DWORD Error);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Object manager function prototypes.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("HOBJECTHEAP WINAPI CreateObjectHeap(DWORD ObjectSize, OBJECTPROC ObjectProc);") cpp_quote("") cpp_quote("HOBJECTHEAP WINAPI DestroyObjectHeap(HOBJECTHEAP hObjectHeap);") cpp_quote("") cpp_quote("LPVOID WINAPI AllocObject(HOBJECTHEAP hObjectHeap);") cpp_quote("") cpp_quote("LPVOID WINAPI FreeObject(HOBJECTHEAP hObjectHeap, LPVOID ObjectMemory);") cpp_quote("") cpp_quote("DWORD WINAPI GrowObjectHeap(HOBJECTHEAP hObjectHeap, DWORD nObjects);") cpp_quote("") cpp_quote("DWORD WINAPI GetObjectHeapSize(HOBJECTHEAP hObjectHeap);") cpp_quote("") cpp_quote("VOID WINAPI PurgeObjectHeap(HOBJECTHEAP hObjectHeap);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Memory functions.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("LPVOID WINAPI AllocMemory(SIZE_T size);") cpp_quote("") cpp_quote("LPVOID WINAPI ReallocMemory(LPVOID ptr, SIZE_T NewSize);") cpp_quote("") cpp_quote("VOID WINAPI FreeMemory(LPVOID ptr);") cpp_quote("") cpp_quote("VOID WINAPI TestMemory(LPVOID ptr);") cpp_quote("") cpp_quote("SIZE_T WINAPI MemorySize(LPVOID ptr);") cpp_quote("") cpp_quote("HANDLE WINAPI MemoryHandle(LPBYTE ptr);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Password API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("HPASSWORD WINAPI CreatePassword(LPSTR password);") cpp_quote("") cpp_quote("VOID WINAPI DestroyPassword(HPASSWORD hPassword);") cpp_quote("") cpp_quote("ACCESSRIGHTS WINAPI ValidatePassword(HPASSWORD hPassword);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// EXPRESSION API's") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("LPEXPRESSION WINAPI InitializeExpression(LPEXPRESSION Expression);") cpp_quote("") cpp_quote("LPPATTERNMATCH WINAPI InitializePattern(LPPATTERNMATCH Pattern, LPVOID ptr, DWORD offset, DWORD length);") cpp_quote("") cpp_quote("LPEXPRESSION WINAPI AndExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);") cpp_quote("") cpp_quote("LPEXPRESSION WINAPI OrExpression(LPEXPRESSION Expression, LPPATTERNMATCH Pattern);") cpp_quote("") cpp_quote("LPPATTERNMATCH WINAPI NegatePattern(LPPATTERNMATCH Pattern);") cpp_quote("") cpp_quote("LPADDRESSTABLE WINAPI AdjustOperatorPrecedence(LPADDRESSTABLE AddressTable);") cpp_quote("") cpp_quote("LPADDRESS WINAPI NormalizeAddress(LPADDRESS Address);") cpp_quote("") cpp_quote("LPADDRESSTABLE WINAPI NormalizeAddressTable(LPADDRESSTABLE AddressTable);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// MISC. API's") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("DWORD WINAPI BhGetWindowsVersion(VOID);") cpp_quote("") cpp_quote("BOOL WINAPI IsDaytona(VOID);") cpp_quote("") cpp_quote("VOID _cdecl dprintf(LPSTR format, ...);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (BHTypes.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// Unaligned base type definitions.") cpp_quote("//=============================================================================") cpp_quote("typedef VOID UNALIGNED *ULPVOID;") cpp_quote("typedef BYTE UNALIGNED *ULPBYTE;") cpp_quote("typedef WORD UNALIGNED *ULPWORD;") cpp_quote("typedef DWORD UNALIGNED *ULPDWORD;") cpp_quote("typedef CHAR UNALIGNED *ULPSTR;") cpp_quote("typedef SYSTEMTIME UNALIGNED *ULPSYSTEMTIME;") cpp_quote("//=============================================================================") cpp_quote("// Handle definitions.") cpp_quote("//=============================================================================") typedef struct _PARSER *HPARSER; typedef struct _CAPFRAMEDESC *HFRAME; typedef struct _CAPTURE *HCAPTURE; typedef struct _FILTER *HFILTER; typedef struct _ADDRESSDB *HADDRESSDB; typedef struct _PROTOCOL *HPROTOCOL; typedef DWORD_PTR HPROPERTY; typedef HPROTOCOL *LPHPROTOCOL; cpp_quote("//=============================================================================") cpp_quote("// GetTableSize() -- The following macro is used to calculate the actual") cpp_quote("// length of Network Monitor variable-length table structures.") cpp_quote("//") cpp_quote("// EXAMPLE:") cpp_quote("//") cpp_quote("// GetTableSize(PROTOCOLTABLESIZE, ") cpp_quote("// ProtocolTable->nProtocols, ") cpp_quote("// sizeof(HPROTOCOL))") cpp_quote("//=============================================================================") cpp_quote("#define GetTableSize(TableBaseSize, nElements, ElementSize) ((TableBaseSize) + ((nElements) * (ElementSize)))") cpp_quote("//=============================================================================") cpp_quote("// Object type identifiers.") cpp_quote("//=============================================================================") typedef DWORD OBJECTTYPE; cpp_quote("#ifndef MAKE_IDENTIFIER") cpp_quote("#define MAKE_IDENTIFIER(a, b, c, d) ((DWORD) MAKELONG(MAKEWORD(a, b), MAKEWORD(c, d)))") cpp_quote("#endif // MAKE_IDENTIFIER") cpp_quote("#define HANDLE_TYPE_INVALID MAKE_IDENTIFIER(-1, -1, -1, -1)") cpp_quote("#define HANDLE_TYPE_CAPTURE MAKE_IDENTIFIER('C', 'A', 'P', '$')") cpp_quote("#define HANDLE_TYPE_PARSER MAKE_IDENTIFIER('P', 'S', 'R', '$')") cpp_quote("#define HANDLE_TYPE_ADDRESSDB MAKE_IDENTIFIER('A', 'D', 'R', '$')") cpp_quote("#define HANDLE_TYPE_PROTOCOL MAKE_IDENTIFIER('P', 'R', 'T', '$')") cpp_quote("#define HANDLE_TYPE_BUFFER MAKE_IDENTIFIER('B', 'U', 'F', '$')") cpp_quote("//=============================================================================") cpp_quote("// Network Monitor constant definitions.") cpp_quote("//=============================================================================") cpp_quote("#define INLINE __inline") cpp_quote("#define BHAPI WINAPI") const DWORD MAX_NAME_LENGTH =16; const DWORD MAX_ADDR_LENGTH =6; cpp_quote("//=============================================================================") cpp_quote("// Ethernet type (ETYPE) constant definitions.") cpp_quote("//=============================================================================") const WORD ETYPE_LOOP =0x9000; const WORD ETYPE_3COM_NETMAP1 =0x9001; const WORD ETYPE_3COM_NETMAP2 =0x9002; const WORD ETYPE_IBM_RT =0x80D5; const WORD ETYPE_NETWARE =0x8137; const WORD ETYPE_XNS1 =0x0600; const WORD ETYPE_XNS2 =0x0807; const WORD ETYPE_3COM_NBP0 =0x3C00; const WORD ETYPE_3COM_NBP1 =0x3C01; const WORD ETYPE_3COM_NBP2 =0x3C02; const WORD ETYPE_3COM_NBP3 =0x3C03; const WORD ETYPE_3COM_NBP4 =0x3C04; const WORD ETYPE_3COM_NBP5 =0x3C05; const WORD ETYPE_3COM_NBP6 =0x3C06; const WORD ETYPE_3COM_NBP7 =0x3C07; const WORD ETYPE_3COM_NBP8 =0x3C08; const WORD ETYPE_3COM_NBP9 =0x3C09; const WORD ETYPE_3COM_NBP10 =0x3C0A; const WORD ETYPE_IP =0x0800; const WORD ETYPE_ARP1 =0x0806; const WORD ETYPE_ARP2 =0x0807; const WORD ETYPE_RARP =0x8035; const WORD ETYPE_TRLR0 =0x1000; const WORD ETYPE_TRLR1 =0x1001; const WORD ETYPE_TRLR2 =0x1002; const WORD ETYPE_TRLR3 =0x1003; const WORD ETYPE_TRLR4 =0x1004; const WORD ETYPE_TRLR5 =0x1005; const WORD ETYPE_PUP =0x0200; const WORD ETYPE_PUP_ARP =0x0201; const WORD ETYPE_APPLETALK_ARP =0x80F3; const WORD ETYPE_APPLETALK_LAP =0x809B; const WORD ETYPE_SNMP =0x814C; cpp_quote("//=============================================================================") cpp_quote("// LLC (802.2) SAP constant definitions.") cpp_quote("//=============================================================================") const BYTE SAP_SNAP = 0xAA; const BYTE SAP_BPDU = 0x42; const BYTE SAP_IBM_NM = 0xF4; const BYTE SAP_IBM_NETBIOS = 0xF0; const BYTE SAP_SNA1 = 0x04; const BYTE SAP_SNA2 = 0x05; const BYTE SAP_SNA3 = 0x08; const BYTE SAP_SNA4 = 0x0C; const BYTE SAP_NETWARE1 = 0x10; const BYTE SAP_NETWARE2 = 0xE0; const BYTE SAP_NETWARE3 = 0xFE; const BYTE SAP_IP = 0x06; const BYTE SAP_X25 = 0x7E; const BYTE SAP_RPL1 = 0xF8; const BYTE SAP_RPL2 = 0xFC; const BYTE SAP_UB = 0xFA; const BYTE SAP_XNS = 0x80; cpp_quote("//=============================================================================") cpp_quote("// Property constants") cpp_quote("//=============================================================================") cpp_quote("// data types") const BYTE PROP_TYPE_VOID =0x00; const BYTE PROP_TYPE_SUMMARY =0x01; const BYTE PROP_TYPE_BYTE =0x02; const BYTE PROP_TYPE_WORD =0x03; const BYTE PROP_TYPE_DWORD =0x04; const BYTE PROP_TYPE_LARGEINT =0x05; const BYTE PROP_TYPE_ADDR =0x06; const BYTE PROP_TYPE_TIME =0x07; const BYTE PROP_TYPE_STRING =0x08; const BYTE PROP_TYPE_IP_ADDRESS =0x09; const BYTE PROP_TYPE_IPX_ADDRESS =0x0A; const BYTE PROP_TYPE_BYTESWAPPED_WORD =0x0B; const BYTE PROP_TYPE_BYTESWAPPED_DWORD =0x0C; const BYTE PROP_TYPE_TYPED_STRING =0x0D; const BYTE PROP_TYPE_RAW_DATA =0x0E; const BYTE PROP_TYPE_COMMENT =0x0F; const BYTE PROP_TYPE_SRCFRIENDLYNAME =0x10; const BYTE PROP_TYPE_DSTFRIENDLYNAME =0x11; const BYTE PROP_TYPE_TOKENRING_ADDRESS =0x12; const BYTE PROP_TYPE_FDDI_ADDRESS =0x13; const BYTE PROP_TYPE_ETHERNET_ADDRESS =0x14; const BYTE PROP_TYPE_OBJECT_IDENTIFIER =0x15; const BYTE PROP_TYPE_VINES_IP_ADDRESS =0x16; const BYTE PROP_TYPE_VAR_LEN_SMALL_INT =0x17; const BYTE PROP_TYPE_ATM_ADDRESS =0x18; const BYTE PROP_TYPE_1394_ADDRESS =0x19; cpp_quote("// data qualifiers") const BYTE PROP_QUAL_NONE =0x00; const BYTE PROP_QUAL_RANGE =0x01; const BYTE PROP_QUAL_SET =0x02; const BYTE PROP_QUAL_BITFIELD =0x03; const BYTE PROP_QUAL_LABELED_SET =0x04; const BYTE PROP_QUAL_LABELED_BITFIELD =0x08; const BYTE PROP_QUAL_CONST =0x09; const BYTE PROP_QUAL_FLAGS =0x0A; const BYTE PROP_QUAL_ARRAY =0x0B; cpp_quote("//=============================================================================") cpp_quote("// LARGEINT structure defined in winnt.h") cpp_quote("//=============================================================================") typedef LARGE_INTEGER *LPLARGEINT; cpp_quote("typedef LARGE_INTEGER UNALIGNED *ULPLARGEINT;") cpp_quote("//=============================================================================") cpp_quote("// Range structure.") cpp_quote("//=============================================================================") typedef struct _RANGE { DWORD MinValue; DWORD MaxValue; } RANGE; typedef RANGE *LPRANGE; cpp_quote("//=============================================================================") cpp_quote("// LABELED_BYTE structure") cpp_quote("//=============================================================================") typedef struct _LABELED_BYTE { BYTE Value; LPSTR Label; } LABELED_BYTE; typedef LABELED_BYTE *LPLABELED_BYTE; cpp_quote("//=============================================================================") cpp_quote("// LABELED_WORD structure") cpp_quote("//=============================================================================") typedef struct _LABELED_WORD { WORD Value; LPSTR Label; } LABELED_WORD; typedef LABELED_WORD *LPLABELED_WORD; cpp_quote("//=============================================================================") cpp_quote("// LABELED_DWORD structure") cpp_quote("//=============================================================================") typedef struct _LABELED_DWORD { DWORD Value; LPSTR Label; } LABELED_DWORD; typedef LABELED_DWORD *LPLABELED_DWORD; cpp_quote("//=============================================================================") cpp_quote("// LABELED_LARGEINT structure") cpp_quote("//=============================================================================") typedef struct _LABELED_LARGEINT { LARGE_INTEGER Value; LPSTR Label; } LABELED_LARGEINT; typedef LABELED_LARGEINT *LPLABELED_LARGEINT; cpp_quote("//=============================================================================") cpp_quote("// LABELED_SYSTEMTIME structure") cpp_quote("//=============================================================================") typedef struct _LABELED_SYSTEMTIME { SYSTEMTIME Value; LPSTR Label; } LABELED_SYSTEMTIME; typedef LABELED_SYSTEMTIME *LPLABELED_SYSTEMTIME; cpp_quote("//=============================================================================") cpp_quote("// LABELED_BIT structure") cpp_quote("//=============================================================================") cpp_quote("// BitNumber starts at 0, up to 256 bits.") typedef struct _LABELED_BIT { BYTE BitNumber; LPSTR LabelOff; LPSTR LabelOn; } LABELED_BIT; typedef LABELED_BIT *LPLABELED_BIT; cpp_quote("//=============================================================================") cpp_quote("// TYPED_STRING structure") cpp_quote("//=============================================================================") const DWORD TYPED_STRING_NORMAL = 1; const DWORD TYPED_STRING_UNICODE = 2; const DWORD TYPED_STRING_EXFLAG = 1; // structure contains bitfields, so must cpp_quote cpp_quote("// Typed Strings are always Ex, so to actually Ex we set fStringEx and put the Ex data in Byte") cpp_quote("typedef struct _TYPED_STRING") cpp_quote("{") cpp_quote(" BYTE StringType:7;") cpp_quote(" BYTE fStringEx:1;") cpp_quote(" LPSTR lpString;") cpp_quote(" BYTE Byte[0];") cpp_quote("} TYPED_STRING;") cpp_quote("") cpp_quote("typedef TYPED_STRING *LPTYPED_STRING;") cpp_quote("//=============================================================================") cpp_quote("// OBJECT_IDENTIFIER structure") cpp_quote("//=============================================================================") typedef struct _OBJECT_IDENTIFIER { DWORD Length; LPDWORD lpIdentifier; } OBJECT_IDENTIFIER; typedef OBJECT_IDENTIFIER *LPOBJECT_IDENTIFIER; cpp_quote("//=============================================================================") cpp_quote("// Set structure.") cpp_quote("//=============================================================================") typedef struct _SET { DWORD nEntries; union { //... set of values LPVOID lpVoidTable; // set of anything. LPBYTE lpByteTable; // set of bytes LPWORD lpWordTable; // set of words LPDWORD lpDwordTable; // set of dwords LPLARGEINT lpLargeIntTable; // set of LARGEINT structures LPSYSTEMTIME lpSystemTimeTable; // set of SYSTEMTIME structures //... set of labeled values LPLABELED_BYTE lpLabeledByteTable; // set of labeled_byte structs LPLABELED_WORD lpLabeledWordTable; // set of labeled_word structs LPLABELED_DWORD lpLabeledDwordTable; // set of labeled_dword structs LPLABELED_LARGEINT lpLabeledLargeIntTable; // set of Labeled_LARGEINT structs LPLABELED_SYSTEMTIME lpLabeledSystemTimeTable; // set of labeled_systemtime structs LPLABELED_BIT lpLabeledBit; // set of labeled_bit structs. }; } SET; typedef SET *LPSET; cpp_quote("//=============================================================================") cpp_quote("// String table.") cpp_quote("//=============================================================================") // needs to be cpp_quoted because of the zero length array cpp_quote("typedef struct _STRINGTABLE") cpp_quote("{") cpp_quote(" DWORD nStrings;") cpp_quote(" LPSTR String[0];") cpp_quote("") cpp_quote("} STRINGTABLE;") cpp_quote("") cpp_quote("typedef STRINGTABLE *LPSTRINGTABLE;") cpp_quote("#define STRINGTABLE_SIZE sizeof(STRINGTABLE)") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// RECOGNIZEDATA structure.") cpp_quote("//") cpp_quote("// This structure to keep track of the start of each recognized protocol.") cpp_quote("//=============================================================================") typedef struct _RECOGNIZEDATA { WORD ProtocolID; //... Protocol which was recognized WORD nProtocolOffset; //... Offset from the start of the frame of the start of this protocol. LPVOID InstData; //... Opaque, for protocol only. } RECOGNIZEDATA; typedef RECOGNIZEDATA * LPRECOGNIZEDATA; cpp_quote("//=============================================================================") cpp_quote("// RECOGNIZEDATATABLE structure.") cpp_quote("//") cpp_quote("// This structure to keep track of the start of each RECOGNIZEDATA structure") cpp_quote("//=============================================================================") // needs to be cpp_quoted because of the zero length array cpp_quote("typedef struct _RECOGNIZEDATATABLE") cpp_quote("{") cpp_quote(" WORD nRecognizeDatas; //... number of RECOGNIZEDATA structures") cpp_quote(" RECOGNIZEDATA RecognizeData[0]; //... array of RECOGNIZEDATA structures follows") cpp_quote("") cpp_quote("} RECOGNIZEDATATABLE;") cpp_quote("") cpp_quote("typedef RECOGNIZEDATATABLE * LPRECOGNIZEDATATABLE;") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Property information structure.") cpp_quote("//=============================================================================") typedef struct _PROPERTYINFO { HPROPERTY hProperty; //... Handle to the property. DWORD Version; //... Version of property. LPSTR Label; //... name of property LPSTR Comment; //... description of property BYTE DataType; //... data type of property BYTE DataQualifier; //... data qualifier of property union { LPVOID lpExtendedInfo; //... generic pointer. LPRANGE lpRange; //... pointer to range LPSET lpSet; //... pointer to set DWORD Bitmask; //... bitmask to apply DWORD Value; //... constant value. }; WORD FormatStringSize; //... max size to reserve for text description LPVOID InstanceData; //... property-specific instance data. } PROPERTYINFO; typedef PROPERTYINFO *LPPROPERTYINFO; const DWORD PROPERTYINFO_SIZE =sizeof(PROPERTYINFO); cpp_quote("//=============================================================================") cpp_quote("// Property instance Extended structure.") cpp_quote("//=============================================================================") // contains unaligned pointer, so must cpp_quote cpp_quote("typedef struct _PROPERTYINSTEX") cpp_quote("{") cpp_quote(" WORD Length; //... length of raw data in frame") cpp_quote(" WORD LengthEx; //... number of bytes following") cpp_quote(" ULPVOID lpData; //... pointer to raw data in frame") cpp_quote("") cpp_quote(" union") cpp_quote(" {") cpp_quote(" BYTE Byte[]; //... table of bytes follows") cpp_quote(" WORD Word[]; //... table of words follows") cpp_quote(" DWORD Dword[]; //... table of Dwords follows") cpp_quote(" LARGE_INTEGER LargeInt[]; //... table of LARGEINT structures to follow") cpp_quote(" SYSTEMTIME SysTime[]; //... table of SYSTEMTIME structures follows") cpp_quote(" TYPED_STRING TypedString;//... a typed_string that may have extended data") cpp_quote(" };") cpp_quote("} PROPERTYINSTEX;") cpp_quote("typedef PROPERTYINSTEX *LPPROPERTYINSTEX;") cpp_quote("typedef PROPERTYINSTEX UNALIGNED *ULPPROPERTYINSTEX;") cpp_quote("#define PROPERTYINSTEX_SIZE sizeof(PROPERTYINSTEX)") cpp_quote("//=============================================================================") cpp_quote("// Property instance structure.") cpp_quote("//=============================================================================") // contains unaligned pointer, so must cpp_quote cpp_quote("typedef struct _PROPERTYINST") cpp_quote("{") cpp_quote(" LPPROPERTYINFO lpPropertyInfo; // pointer to property info") cpp_quote(" LPSTR szPropertyText; // pointer to string description") cpp_quote("") cpp_quote(" union") cpp_quote(" {") cpp_quote(" LPVOID lpData; // pointer to data") cpp_quote(" ULPBYTE lpByte; // bytes") cpp_quote(" ULPWORD lpWord; // words") cpp_quote(" ULPDWORD lpDword; // dwords") cpp_quote("") cpp_quote(" ULPLARGEINT lpLargeInt; // LargeInt") cpp_quote(" ULPSYSTEMTIME lpSysTime; // pointer to SYSTEMTIME structures") cpp_quote(" LPPROPERTYINSTEX lpPropertyInstEx; // pointer to propertyinstex (if DataLength = -1)") cpp_quote(" };") cpp_quote("") cpp_quote(" WORD DataLength; // length of data, or flag for propertyinstex struct") cpp_quote(" WORD Level : 4 ; // level information ............1111") cpp_quote(" WORD HelpID : 12 ; // context ID for helpfile 111111111111....") cpp_quote(" // ---------------") cpp_quote(" // total of 16 bits == 1 WORD == DWORD ALIGNED structure") cpp_quote(" // Interpretation Flags: Flags that define attach time information to the") cpp_quote(" // interpretation of the property. For example, in RPC, the client can be") cpp_quote(" // Intel format and the server can be non-Intel format... thus the property") cpp_quote(" // database cannot describe the property at database creation time.") cpp_quote(" DWORD IFlags;") cpp_quote("") cpp_quote("} PROPERTYINST;") cpp_quote("typedef PROPERTYINST *LPPROPERTYINST;") cpp_quote("#define PROPERTYINST_SIZE sizeof(PROPERTYINST)") cpp_quote("") cpp_quote("// Flags passed at AttachPropertyInstance and AttachPropertyInstanceEx time in the IFlags field:") cpp_quote("// flag for error condition ...............1") const DWORD IFLAG_ERROR =0x00000001; cpp_quote("// is the WORD or DWORD byte non-Intel format at attach time?") const DWORD IFLAG_SWAPPED =0x00000002; cpp_quote("// is the STRING UNICODE at attach time?") const DWORD IFLAG_UNICODE =0x00000004; cpp_quote("//=============================================================================") cpp_quote("// Property instance table structure.") cpp_quote("//=============================================================================") typedef struct _PROPERTYINSTTABLE { WORD nPropertyInsts; //... number of items WORD nPropertyInstIndex; //... index to first item } PROPERTYINSTTABLE; typedef PROPERTYINSTTABLE *LPPROPERTYINSTTABLE; const DWORD PROPERTYINSTTABLE_SIZE =sizeof(PROPERTYINSTTABLE); cpp_quote("//=============================================================================") cpp_quote("// Property table structure.") cpp_quote("//=============================================================================") // contains a structure that contains an unaligned pointer, so must cpp_quote cpp_quote("typedef struct _PROPERTYTABLE") cpp_quote("{") cpp_quote(" LPVOID lpFormatBuffer; //... Opaque. (PRIVATE)") cpp_quote(" DWORD FormatBufferLength; //... Opaque. (PRIVATE)") cpp_quote(" DWORD nTotalPropertyInsts; //... total number of propertyinstances in array") cpp_quote(" LPPROPERTYINST lpFirstPropertyInst; //... array of property instances") cpp_quote(" BYTE nPropertyInstTables; //... total PropertyIndexTables following") cpp_quote(" PROPERTYINSTTABLE PropertyInstTable[0]; //... array of propertyinstance index table structures") cpp_quote("") cpp_quote("} PROPERTYTABLE;") cpp_quote("") cpp_quote("typedef PROPERTYTABLE *LPPROPERTYTABLE;") cpp_quote("") cpp_quote("#define PROPERTYTABLE_SIZE sizeof(PROPERTYTABLE)") cpp_quote("//=============================================================================") cpp_quote("// Protocol entry points.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("typedef VOID (WINAPI *REGISTER)(HPROTOCOL);") cpp_quote("") cpp_quote("typedef VOID (WINAPI *DEREGISTER)(HPROTOCOL);") cpp_quote("") cpp_quote("typedef LPBYTE (WINAPI *RECOGNIZEFRAME)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, LPDWORD, LPHPROTOCOL, PDWORD_PTR);") cpp_quote("") cpp_quote("typedef LPBYTE (WINAPI *ATTACHPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, DWORD, HPROTOCOL, DWORD, DWORD_PTR);") cpp_quote("") cpp_quote("typedef DWORD (WINAPI *FORMATPROPERTIES)(HFRAME, ULPBYTE, ULPBYTE, DWORD, LPPROPERTYINST);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Protocol entry point structure.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("typedef struct _ENTRYPOINTS") cpp_quote("{") cpp_quote(" REGISTER Register; //... Protocol Register() entry point.") cpp_quote(" DEREGISTER Deregister; //... Protocol Deregister() entry point.") cpp_quote(" RECOGNIZEFRAME RecognizeFrame; //... Protocol RecognizeFrame() entry point.") cpp_quote(" ATTACHPROPERTIES AttachProperties; //... Protocol AttachProperties() entry point.") cpp_quote(" FORMATPROPERTIES FormatProperties; //... Protocol FormatProperties() entry point.") cpp_quote("") cpp_quote("} ENTRYPOINTS;") cpp_quote("") cpp_quote("typedef ENTRYPOINTS *LPENTRYPOINTS;") cpp_quote("") cpp_quote("#define ENTRYPOINTS_SIZE sizeof(ENTRYPOINTS)") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Property database structure.") cpp_quote("//=============================================================================") // structure contains zero length array, must cpp_quote cpp_quote("typedef struct _PROPERTYDATABASE") cpp_quote("{") cpp_quote(" DWORD nProperties; //... Number of properties in database.") cpp_quote(" LPPROPERTYINFO PropertyInfo[0]; //... Array of property info pointers.") cpp_quote("") cpp_quote("} PROPERTYDATABASE;") cpp_quote("#define PROPERTYDATABASE_SIZE sizeof(PROPERTYDATABASE)") cpp_quote("typedef PROPERTYDATABASE *LPPROPERTYDATABASE;") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Protocol info structure (PUBLIC portion of HPROTOCOL).") cpp_quote("//=============================================================================") // structure contains a structure with a zero length array, must cpp_quote cpp_quote("typedef struct _PROTOCOLINFO") cpp_quote("{") cpp_quote(" DWORD ProtocolID; //... Prootocol ID of owning protocol.") cpp_quote(" LPPROPERTYDATABASE PropertyDatabase; //... Property database.") cpp_quote(" BYTE ProtocolName[16]; //... Protocol name.") cpp_quote(" BYTE HelpFile[16]; //... Optional helpfile name.") cpp_quote(" BYTE Comment[128]; //... Comment describing protocol.") cpp_quote("} PROTOCOLINFO;") cpp_quote("typedef PROTOCOLINFO *LPPROTOCOLINFO;") cpp_quote("#define PROTOCOLINFO_SIZE sizeof(PROTOCOLINFO)") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Protocol Table.") cpp_quote("//=============================================================================") typedef struct _PROTOCOLTABLE { DWORD nProtocols; HPROTOCOL hProtocol[1]; //... This must be the last member. } PROTOCOLTABLE; typedef PROTOCOLTABLE *LPPROTOCOLTABLE; const DWORD PROTOCOLTABLE_SIZE =(sizeof(PROTOCOLTABLE) - sizeof(HPROTOCOL)); cpp_quote("#define PROTOCOLTABLE_ACTUAL_SIZE(p) GetTableSize(PROTOCOLTABLE_SIZE, (p)->nProtocols, sizeof(HPROTOCOL))") cpp_quote("//=============================================================================") cpp_quote("// AddressInfo structure") cpp_quote("//=============================================================================") const DWORD SORT_BYADDRESS =0; const DWORD SORT_BYNAME =1; const DWORD PERMANENT_NAME =0x00000100; // structure contains structures with bitfields, so must cpp_quote cpp_quote("typedef struct _ADDRESSINFO") cpp_quote("{") cpp_quote(" ADDRESS Address;") cpp_quote(" WCHAR Name[MAX_NAME_SIZE];") cpp_quote(" DWORD Flags;") cpp_quote(" LPVOID lpAddressInstData;") cpp_quote("") cpp_quote("} ADDRESSINFO;") cpp_quote("typedef struct _ADDRESSINFO *LPADDRESSINFO;") cpp_quote("#define ADDRESSINFO_SIZE sizeof(ADDRESSINFO)") cpp_quote("//=============================================================================") cpp_quote("// AddressInfoTable") cpp_quote("//=============================================================================") // structure contains structures with bitfields, so must cpp_quote // also contains zero length array, so must cpp_quote cpp_quote("typedef struct _ADDRESSINFOTABLE") cpp_quote("{") cpp_quote(" DWORD nAddressInfos;") cpp_quote(" LPADDRESSINFO lpAddressInfo[0];") cpp_quote("") cpp_quote("} ADDRESSINFOTABLE;") cpp_quote("typedef ADDRESSINFOTABLE *LPADDRESSINFOTABLE;") cpp_quote("#define ADDRESSINFOTABLE_SIZE sizeof(ADDRESSINFOTABLE)") cpp_quote("//=============================================================================") cpp_quote("// callback procedures.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("typedef DWORD (WINAPI *FILTERPROC)(HCAPTURE, HFRAME, LPVOID);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMErr.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// The operation succeeded.") const DWORD NMERR_SUCCESS = 0; cpp_quote("// An error occured creating a memory-mapped file.") const DWORD NMERR_MEMORY_MAPPED_FILE_ERROR = 1; cpp_quote("// The handle to a filter is invalid.") const DWORD NMERR_INVALID_HFILTER = 2; cpp_quote("// Capturing has already been started.") const DWORD NMERR_CAPTURING = 3; cpp_quote("// Capturing has not been started.") const DWORD NMERR_NOT_CAPTURING = 4; cpp_quote("// The are no frames available.") const DWORD NMERR_NO_MORE_FRAMES = 5; cpp_quote("// The buffer is too small to complete the operation.") const DWORD NMERR_BUFFER_TOO_SMALL = 6; cpp_quote("// No protocol was able to recognize the frame.") const DWORD NMERR_FRAME_NOT_RECOGNIZED = 7; cpp_quote("// The file already exists.") const DWORD NMERR_FILE_ALREADY_EXISTS = 8; cpp_quote("// A needed device driver was not found or is not loaded.") const DWORD NMERR_DRIVER_NOT_FOUND = 9; cpp_quote("// This address aready exists in the database.") const DWORD NMERR_ADDRESS_ALREADY_EXISTS = 10; cpp_quote("// The frame handle is invalid.") const DWORD NMERR_INVALID_HFRAME = 11; cpp_quote("// The protocol handle is invalid.") const DWORD NMERR_INVALID_HPROTOCOL = 12; cpp_quote("// The property handle is invalid.") const DWORD NMERR_INVALID_HPROPERTY = 13; cpp_quote("// The the object has been locked. ") const DWORD NMERR_LOCKED = 14; cpp_quote("// A pop operation was attempted on an empty stack.") const DWORD NMERR_STACK_EMPTY = 15; cpp_quote("// A push operation was attempted on an full stack.") const DWORD NMERR_STACK_OVERFLOW = 16; cpp_quote("// There are too many protocols active.") const DWORD NMERR_TOO_MANY_PROTOCOLS = 17; cpp_quote("// The file was not found.") const DWORD NMERR_FILE_NOT_FOUND = 18; cpp_quote("// No memory was available. Shut down windows to free up resources.") const DWORD NMERR_OUT_OF_MEMORY = 19; cpp_quote("// The capture is already in the paused state.") const DWORD NMERR_CAPTURE_PAUSED = 20; cpp_quote("// There are no buffers available or present.") const DWORD NMERR_NO_BUFFERS = 21; cpp_quote("// There are already buffers present.") const DWORD NMERR_BUFFERS_ALREADY_EXIST = 22; cpp_quote("// The object is not locked.") const DWORD NMERR_NOT_LOCKED = 23; cpp_quote("// A integer type was out of range.") const DWORD NMERR_OUT_OF_RANGE = 24; cpp_quote("// An object was locked too many times.") const DWORD NMERR_LOCK_NESTING_TOO_DEEP = 25; cpp_quote("// A parser failed to load.") const DWORD NMERR_LOAD_PARSER_FAILED = 26; cpp_quote("// A parser failed to unload.") const DWORD NMERR_UNLOAD_PARSER_FAILED = 27; cpp_quote("// The address database handle is invalid.") const DWORD NMERR_INVALID_HADDRESSDB = 28; cpp_quote("// The MAC address was not found in the database.") const DWORD NMERR_ADDRESS_NOT_FOUND = 29; cpp_quote("// The network software was not found in the system.") const DWORD NMERR_NETWORK_NOT_PRESENT = 30; cpp_quote("// There is no property database for a protocol.") const DWORD NMERR_NO_PROPERTY_DATABASE = 31; cpp_quote("// A property was not found in the database.") const DWORD NMERR_PROPERTY_NOT_FOUND = 32; cpp_quote("// The property database handle is in valid.") const DWORD NMERR_INVALID_HPROPERTYDB = 33; cpp_quote("// The protocol has not been enabled.") const DWORD NMERR_PROTOCOL_NOT_ENABLED = 34; cpp_quote("// The protocol DLL could not be found.") const DWORD NMERR_PROTOCOL_NOT_FOUND = 35; cpp_quote("// The parser DLL is not valid.") const DWORD NMERR_INVALID_PARSER_DLL = 36; cpp_quote("// There are no properties attached.") const DWORD NMERR_NO_ATTACHED_PROPERTIES = 37; cpp_quote("// There are no frames in the buffer.") const DWORD NMERR_NO_FRAMES = 38; cpp_quote("// The capture file format is not valid.") const DWORD NMERR_INVALID_FILE_FORMAT = 39; cpp_quote("// The OS could not create a temporary file.") const DWORD NMERR_COULD_NOT_CREATE_TEMPFILE = 40; cpp_quote("// There is not enough MS-DOS memory available.") const DWORD NMERR_OUT_OF_DOS_MEMORY = 41; cpp_quote("// There are no protocols enabled.") const DWORD NMERR_NO_PROTOCOLS_ENABLED = 42; cpp_quote("// The MAC type is invalid or unsupported.") const DWORD NMERR_UNKNOWN_MACTYPE = 46; cpp_quote("// There is no routing information present in the MAC frame.") const DWORD NMERR_ROUTING_INFO_NOT_PRESENT = 47; cpp_quote("// The network handle is invalid.") const DWORD NMERR_INVALID_HNETWORK = 48; cpp_quote("// The network is already open.") const DWORD NMERR_NETWORK_ALREADY_OPENED = 49; cpp_quote("// The network is not open.") const DWORD NMERR_NETWORK_NOT_OPENED = 50; cpp_quote("// The frame was not found in the buffer.") const DWORD NMERR_FRAME_NOT_FOUND = 51; cpp_quote("// There are no handles available.") const DWORD NMERR_NO_HANDLES = 53; cpp_quote("// The network ID is invalid.") const DWORD NMERR_INVALID_NETWORK_ID = 54; cpp_quote("// The capture handle is invalid.") const DWORD NMERR_INVALID_HCAPTURE = 55; cpp_quote("// The protocol has already been enabled.") const DWORD NMERR_PROTOCOL_ALREADY_ENABLED = 56; cpp_quote("// The filter expression is invalid.") const DWORD NMERR_FILTER_INVALID_EXPRESSION = 57; cpp_quote("// A transmit error occured.") const DWORD NMERR_TRANSMIT_ERROR = 58; cpp_quote("// The buffer handle is invalid.") const DWORD NMERR_INVALID_HBUFFER = 59; cpp_quote("// The specified data is unknown or invalid.") const DWORD NMERR_INVALID_DATA = 60; cpp_quote("// The MS-DOS/NDIS 2.0 network driver is not loaded.") const DWORD NMERR_MSDOS_DRIVER_NOT_LOADED = 61; cpp_quote("// The Windows VxD/NDIS 3.0 network driver is not loaded.") const DWORD NMERR_WINDOWS_DRIVER_NOT_LOADED = 62; cpp_quote("// The MS-DOS/NDIS 2.0 driver had an init-time failure.") const DWORD NMERR_MSDOS_DRIVER_INIT_FAILURE = 63; cpp_quote("// The Windows/NDIS 3.0 driver had an init-time failure.") const DWORD NMERR_WINDOWS_DRIVER_INIT_FAILURE = 64; cpp_quote("// The network driver is busy and cannot handle requests.") const DWORD NMERR_NETWORK_BUSY = 65; cpp_quote("// The capture is not paused.") const DWORD NMERR_CAPTURE_NOT_PAUSED = 66; cpp_quote("// The frame/packet length is not valid.") const DWORD NMERR_INVALID_PACKET_LENGTH = 67; cpp_quote("// An internal exception occured.") const DWORD NMERR_INTERNAL_EXCEPTION = 69; cpp_quote("// The MAC driver does not support promiscious mode.") const DWORD NMERR_PROMISCUOUS_MODE_NOT_SUPPORTED= 70; cpp_quote("// The MAC driver failed to open.") const DWORD NMERR_MAC_DRIVER_OPEN_FAILURE = 71; cpp_quote("// The protocol went off the end of the frame.") const DWORD NMERR_RUNAWAY_PROTOCOL = 72; cpp_quote("// An asynchronous operation is still pending.") const DWORD NMERR_PENDING = 73; cpp_quote("// Access is denied.") const DWORD NMERR_ACCESS_DENIED = 74; cpp_quote("// The password handle is invalid.") const DWORD NMERR_INVALID_HPASSWORD = 75; cpp_quote("// A bad parameter was detected.") const DWORD NMERR_INVALID_PARAMETER = 76; cpp_quote("// An error occured reading the file.") const DWORD NMERR_FILE_READ_ERROR = 77; cpp_quote("// An error occured writing to the file.") const DWORD NMERR_FILE_WRITE_ERROR = 78; cpp_quote("// The protocol has not been registered") const DWORD NMERR_PROTOCOL_NOT_REGISTERED = 79; cpp_quote("// The frame does not contain an IP address.") const DWORD NMERR_IP_ADDRESS_NOT_FOUND = 80; cpp_quote("// The transmit request was cancelled.") const DWORD NMERR_TRANSMIT_CANCELLED = 81; cpp_quote("// The operation cannot be performed on a capture with 1 or more locked frames.") const DWORD NMERR_LOCKED_FRAMES = 82; cpp_quote("// A cancel transmit request was submitted but there were no transmits pending.") const DWORD NMERR_NO_TRANSMITS_PENDING = 83; cpp_quote("// Path not found.") const DWORD NMERR_PATH_NOT_FOUND = 84; cpp_quote("// A windows error has occured.") const DWORD NMERR_WINDOWS_ERROR = 85; cpp_quote("// The handle to the frame has no frame number.") const DWORD NMERR_NO_FRAME_NUMBER = 86; cpp_quote("// The frame is not associated with any capture.") const DWORD NMERR_FRAME_HAS_NO_CAPTURE = 87; cpp_quote("// The frame is already associated with a capture.") const DWORD NMERR_FRAME_ALREADY_HAS_CAPTURE = 88; cpp_quote("// The NAL is not remotable.") const DWORD NMERR_NAL_IS_NOT_REMOTE = 89; cpp_quote("// The API is not supported") const DWORD NMERR_NOT_SUPPORTED = 90; cpp_quote("// Network Monitor should discard the current frame. ") cpp_quote("// This error code is only used during a filtered SaveCapture() API call.") const DWORD NMERR_DISCARD_FRAME = 91; cpp_quote("// Network Monitor should cancel the current save. ") cpp_quote("// This error code is only used during a filtered SaveCapture() API call.") const DWORD NMERR_CANCEL_SAVE_CAPTURE = 92; cpp_quote("// The connection to the remote machine has been lost") const DWORD NMERR_LOST_CONNECTION = 93; cpp_quote("// The media/mac type is not valid.") const DWORD NMERR_INVALID_MEDIA_TYPE = 94; cpp_quote("// The Remote Agent is currently in use") const DWORD NMERR_AGENT_IN_USE = 95; cpp_quote("// The request has timed out") const DWORD NMERR_TIMEOUT = 96; cpp_quote("// The remote agent has been disconnected") const DWORD NMERR_DISCONNECTED = 97; cpp_quote("// A timer required for operation failed creation") const DWORD NMERR_SETTIMER_FAILED = 98; cpp_quote("// A network error occured.") const DWORD NMERR_NETWORK_ERROR = 99; cpp_quote("// Frame callback procedure is not valid") const DWORD NMERR_INVALID_FRAMESPROC = 100; cpp_quote("// Capture type specified is unknown") const DWORD NMERR_UNKNOWN_CAPTURETYPE = 101; cpp_quote("// The NPP is not connected to a network.") const DWORD NMERR_NOT_CONNECTED = 102; cpp_quote("// The NPP is already connected to a network.") const DWORD NMERR_ALREADY_CONNECTED = 103; cpp_quote("// The registry tag does not indicate a known configuration.") const DWORD NMERR_INVALID_REGISTRY_CONFIGURATION= 104; cpp_quote("// The NPP is currently configured for delayed capturing.") const DWORD NMERR_DELAYED = 105; cpp_quote("// The NPP is not currently configured for delayed capturing.") const DWORD NMERR_NOT_DELAYED = 106; cpp_quote("// The NPP is currently configured for real time capturing.") const DWORD NMERR_REALTIME = 107; cpp_quote("// The NPP is not currently configured for real time capturing.") const DWORD NMERR_NOT_REALTIME = 108; cpp_quote("// The NPP is currently configured for stats only capturing.") const DWORD NMERR_STATS_ONLY = 109; cpp_quote("// The NPP is not currently configured for stats only capturing.") const DWORD NMERR_NOT_STATS_ONLY = 110; cpp_quote("// The NPP is currently configured for transmitting.") const DWORD NMERR_TRANSMIT = 111; cpp_quote("// The NPP is not currently configured for transmitting.") const DWORD NMERR_NOT_TRANSMIT = 112; cpp_quote("// The NPP is currently transmitting") const DWORD NMERR_TRANSMITTING = 113; cpp_quote("// The specified capture file hard disk is not local") const DWORD NMERR_DISK_NOT_LOCAL_FIXED = 114; cpp_quote("// Could not create the default capture directory on the given disk") const DWORD NMERR_COULD_NOT_CREATE_DIRECTORY = 115; cpp_quote("// The default capture directory was not set in the registry:") cpp_quote("// HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\nm\\Parameters\\CapturePath") const DWORD NMERR_NO_DEFAULT_CAPTURE_DIRECTORY = 116; cpp_quote("// The capture file is an uplevel version that this netmon does not understand") const DWORD NMERR_UPLEVEL_CAPTURE_FILE = 117; cpp_quote("// An expert failed to load.") const DWORD NMERR_LOAD_EXPERT_FAILED = 118; cpp_quote("// An expert failed to report its EXPERT_INFO structs.") const DWORD NMERR_EXPERT_REPORT_FAILED = 119; cpp_quote("// Registry API call failed.") const DWORD NMERR_REG_OPERATION_FAILED = 120; cpp_quote("// Registry API call failed.") const DWORD NMERR_NO_DLLS_FOUND = 121; cpp_quote("// There are no conversation stats, they were not asked for.") const DWORD NMERR_NO_CONVERSATION_STATS = 122; cpp_quote("// We have received a security response packet from a security monitor.") const DWORD NMERR_SECURITY_BREACH_CAPTURE_DELETED = 123; cpp_quote("// The given frame failed the display filter.") const DWORD NMERR_FRAME_FAILED_FILTER = 124; cpp_quote("// Netmon wants the Expert to stop running.") const DWORD NMERR_EXPERT_TERMINATE = 125; cpp_quote("// Netmon needs the remote machine to be a server.") const DWORD NMERR_REMOTE_NOT_A_SERVER = 126; cpp_quote("// Netmon needs the remote machine to be a server.") const DWORD NMERR_REMOTE_VERSION_OUTOFSYNC = 127; cpp_quote("// The supplied group is an invalid handle") const DWORD NMERR_INVALID_EXPERT_GROUP = 128; cpp_quote("// The supplied expert name cannot be found") const DWORD NMERR_INVALID_EXPERT_NAME = 129; cpp_quote("// The supplied expert name cannot be found") const DWORD NMERR_INVALID_EXPERT_HANDLE= 130; cpp_quote("// The supplied group name already exists") const DWORD NMERR_GROUP_NAME_ALREADY_EXISTS = 131; cpp_quote("// The supplied group name is invalid") const DWORD NMERR_INVALID_GROUP_NAME = 132; cpp_quote("// The supplied Expert is already in the group. ") const DWORD NMERR_EXPERT_ALREADY_IN_GROUP = 133; cpp_quote("// The Expert cannot be deleted from the group because it is not in the group") const DWORD NMERR_EXPERT_NOT_IN_GROUP = 134; cpp_quote("// The COM object has not been initialized") const DWORD NMERR_NOT_INITIALIZED = 135; cpp_quote("// Cannot perform function to Root group") const DWORD NMERR_INVALID_GROUP_ROOT = 136; cpp_quote("// Potential data structure mismatch between NdisNpp and Driver.") const DWORD NMERR_BAD_VERSION = 137; cpp_quote("// The NPP is currently configured for ESP capturing.") const DWORD NMERR_ESP = 138; cpp_quote("// The NPP is not currently configured for ESP capturing.") const DWORD NMERR_NOT_ESP = 139; cpp_quote("//=============================================================================") cpp_quote("// Blob Errors") cpp_quote("//=============================================================================") const DWORD NMERR_BLOB_NOT_INITIALIZED =1000; const DWORD NMERR_INVALID_BLOB =1001; const DWORD NMERR_UPLEVEL_BLOB =1002; const DWORD NMERR_BLOB_ENTRY_ALREADY_EXISTS =1003; const DWORD NMERR_BLOB_ENTRY_DOES_NOT_EXIST =1004; const DWORD NMERR_AMBIGUOUS_SPECIFIER =1005; const DWORD NMERR_BLOB_OWNER_NOT_FOUND =1006; const DWORD NMERR_BLOB_CATEGORY_NOT_FOUND =1007; const DWORD NMERR_UNKNOWN_CATEGORY =1008; const DWORD NMERR_UNKNOWN_TAG =1009; const DWORD NMERR_BLOB_CONVERSION_ERROR =1010; const DWORD NMERR_ILLEGAL_TRIGGER =1011; const DWORD NMERR_BLOB_STRING_INVALID =1012; cpp_quote("//=============================================================================") cpp_quote("// FINDER errors") cpp_quote("//=============================================================================") const DWORD NMERR_UNABLE_TO_LOAD_LIBRARY =1013; const DWORD NMERR_UNABLE_TO_GET_PROCADDR =1014; const DWORD NMERR_CLASS_NOT_REGISTERED =1015; const DWORD NMERR_INVALID_REMOTE_COMPUTERNAME =1016; const DWORD NMERR_RPC_REMOTE_FAILURE =1017; const DWORD NMERR_NO_NPPS =3016; const DWORD NMERR_NO_MATCHING_NPPS =3017; const DWORD NMERR_NO_NPP_SELECTED =3018; const DWORD NMERR_NO_INPUT_BLOBS =3019; const DWORD NMERR_NO_NPP_DLLS =3020; const DWORD NMERR_NO_VALID_NPP_DLLS =3021; cpp_quote("//=============================================================================") cpp_quote("// Monitor errors") cpp_quote("//=============================================================================") const DWORD NMERR_INVALID_LIST_INDEX =2000; const DWORD NMERR_INVALID_MONITOR =2001; const DWORD NMERR_INVALID_MONITOR_DLL =2002; const DWORD NMERR_UNABLE_TO_CREATE_MONITOR =2003; const DWORD NMERR_INVALID_MONITOR_CONFIG =2005; const DWORD NMERR_INVALID_INDEX =2006; const DWORD NMERR_MONITOR_ENABLED =2007; const DWORD NMERR_MONITOR_NOT_RUNNING =2008; const DWORD NMERR_MONITOR_IS_BUSY =2009; const DWORD NMERR_MCS_IS_BUSY =2010; const DWORD NMERR_NO_MONITORS =2011; const DWORD NMERR_ONE_MONITOR_PER_NETCARD =2012; const DWORD NMERR_CONFIGURATION_REQUIRED =2013; const DWORD NMERR_MONITOR_NOT_CONNECTED =2014; const DWORD NMERR_MONITOR_NOT_CONFIGURED =2015; const DWORD NMERR_MONITOR_CONFIG_FAILED =2016; const DWORD NMERR_MONITOR_INIT_FAILED =2017; const DWORD NMERR_MONITOR_FAULTED =2018; const DWORD NMERR_SAVE_ALL_FAILED =2019; const DWORD NMERR_SAVE_MONITOR_FAILED =2029; const DWORD NMERR_MONITOR_CONNECT_FAILED =2021; const DWORD NMERR_MONITOR_START_FAILED =2022; const DWORD NMERR_MONITOR_STOP_FAILED =2023; cpp_quote("//=============================================================================") cpp_quote("// Error Macros") cpp_quote("//=============================================================================") cpp_quote("#ifndef INLINE") cpp_quote("#define INLINE __inline") cpp_quote("#endif // INLINE") #ifndef HRESULT typedef LONG HRESULT; // From wtypes.h #endif // HRESULT cpp_quote("// normal Network Monitor errors will be put into the code portion of an hresult") cpp_quote("// for return from OLE objects:") cpp_quote("// these two macros will help to create and crack the scode") cpp_quote("INLINE HRESULT NMERR_TO_HRESULT( DWORD nmerror )") cpp_quote("{") cpp_quote(" HRESULT hResult;") cpp_quote(" if (nmerror == NMERR_SUCCESS)") cpp_quote(" hResult = NOERROR;") cpp_quote(" else") cpp_quote(" hResult = MAKE_HRESULT( SEVERITY_ERROR,FACILITY_ITF, (WORD)nmerror) ;") cpp_quote("") cpp_quote(" return hResult;") cpp_quote("}") cpp_quote("//We use to decide whether the first bit was set to 1 or 0, not regarding ") cpp_quote("//whether the result passed with a warning set in the low word. Now we ") cpp_quote("//disregard the first bit and pass back the warning.") cpp_quote("INLINE DWORD HRESULT_TO_NMERR( HRESULT hResult )") cpp_quote("{") cpp_quote(" return HRESULT_CODE(hResult);") cpp_quote("}") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (BHFilter.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//============================================================================") cpp_quote("// types") cpp_quote("//============================================================================") typedef HFILTER * LPHFILTER; typedef DWORD FILTERACTIONTYPE; typedef DWORD VALUETYPE; cpp_quote("// check for protocols existing in the frame.") cpp_quote("") cpp_quote("// ProtocolPart") cpp_quote("// this is the raw data for a Protocol based expression") cpp_quote("//") cpp_quote("// WHAT FIELD DESCRIPTION EXAMPLE") cpp_quote("// ---- ----- ----------- -------") cpp_quote("// Count of Protocol(nPropertyDBs) Number of protocols to pass 5") cpp_quote("// PropertyDB Table (PropertyDB) Table of HPROTOCOL SMB, LLC, MAC") cpp_quote("//") cpp_quote("// NOTE: the nPropertyDBs field may also be the following, which implies that") cpp_quote("// all are selected but that none have actually been put into the structure") const DWORD PROTOCOL_NUM_ANY =(-1); typedef PROTOCOLTABLE PROTOCOLTABLETYPE; typedef PROTOCOLTABLETYPE *LPPROTOCOLTABLETYPE; cpp_quote("// filter bits stores who passed what filter per frame to speed up") cpp_quote("// the filter process... This is actually an array.") typedef DWORD FILTERBITS; typedef FILTERBITS *LPFILTERBITS; typedef SYSTEMTIME *LPTIME; cpp_quote("typedef SYSTEMTIME UNALIGNED * ULPTIME;") cpp_quote("// The Filter Object is the basic unit of the postfix stack.") cpp_quote("// I need to restart the convert property to value if the comparison does not match.") cpp_quote("// To do this, I need the original pointer to the property. Pull the hProperty out of") cpp_quote("// the union so that the pointer to the property is saved.") // contains an unaligned pointer, so must cpp_quote cpp_quote("typedef struct _FILTEROBJECT") cpp_quote("{") cpp_quote(" FILTERACTIONTYPE Action; // Object action, see codes below") cpp_quote(" HPROPERTY hProperty; // property key") cpp_quote(" union") cpp_quote(" {") cpp_quote(" VALUETYPE Value; // value of the object.") cpp_quote(" HPROTOCOL hProtocol; // protocol key.") cpp_quote(" LPVOID lpArray; // if array, length is ItemCount below.") cpp_quote(" LPPROTOCOLTABLETYPE lpProtocolTable; // list of protocols to see if exist in frame.") cpp_quote(" LPADDRESS lpAddress; // kernel type address, mac or ip") cpp_quote(" ULPLARGEINT lpLargeInt; // Double DWORD used by NT") cpp_quote(" ULPTIME lpTime; // pointer to SYSTEMTIME") cpp_quote(" LPOBJECT_IDENTIFIER lpOID; // pointer to OBJECT_IDENTIFIER") cpp_quote("") cpp_quote(" };") cpp_quote(" union") cpp_quote(" {") cpp_quote(" WORD ByteCount; // Number of BYTES!") cpp_quote(" WORD ByteOffset; // offset for array compare") cpp_quote(" };") cpp_quote("") cpp_quote(" struct _FILTEROBJECT * pNext; // reserved") cpp_quote("") cpp_quote("} FILTEROBJECT;") cpp_quote("") cpp_quote("typedef FILTEROBJECT * LPFILTEROBJECT;") cpp_quote("") cpp_quote("#define FILTERINFO_SIZE (sizeof(FILTEROBJECT) )") cpp_quote("") cpp_quote("") cpp_quote("") cpp_quote("typedef struct _FILTERDESC") cpp_quote("{") cpp_quote(" WORD NumEntries;") cpp_quote(" WORD Flags; // private") cpp_quote(" LPFILTEROBJECT lpStack;") cpp_quote(" LPFILTEROBJECT lpKeepLast;") cpp_quote(" LPVOID UIInstanceData; // UI specific information.") cpp_quote(" LPFILTERBITS lpFilterBits; // cache who passed") cpp_quote(" LPFILTERBITS lpCheckBits; // have we looked at it yet?") cpp_quote(" ") cpp_quote("} FILTERDESC;") cpp_quote("") cpp_quote("typedef FILTERDESC * LPFILTERDESC;") cpp_quote("") cpp_quote("#define FILTERDESC_SIZE sizeof(FILTERDESC)") cpp_quote("//============================================================================") cpp_quote("// Macros.") cpp_quote("//============================================================================") cpp_quote("#define FilterGetUIInstanceData(hfilt) (((LPFILTERDESC)hfilt)->UIInstanceData)") cpp_quote("#define FilterSetUIInstanceData(hfilt,inst) (((LPFILTERDESC)hfilt)->UIInstanceData = (LPVOID)inst)") cpp_quote("//============================================================================") cpp_quote("// defines") cpp_quote("//============================================================================") const DWORD FILTERFREEPOOLSTART =20; const DWORD INVALIDELEMENT =-1; const DWORD INVALIDVALUE =((VALUETYPE) -9999); cpp_quote("// use filter failed to check the return code on FilterFrame.") const DWORD FILTER_FAIL_WITH_ERROR =-1; const DWORD FILTER_PASSED =TRUE; const DWORD FILTER_FAILED =FALSE; // NOTE NOTE NOTE If you change the values of the following constants, you // MUST modify the TableEval table in filtloc.h. const DWORD FILTERACTION_INVALID = 0; const DWORD FILTERACTION_PROPERTY = 1; const DWORD FILTERACTION_VALUE = 2; const DWORD FILTERACTION_STRING = 3; const DWORD FILTERACTION_ARRAY = 4; const DWORD FILTERACTION_AND = 5; const DWORD FILTERACTION_OR = 6; const DWORD FILTERACTION_XOR = 7; const DWORD FILTERACTION_PROPERTYEXIST = 8; const DWORD FILTERACTION_CONTAINSNC = 9; const DWORD FILTERACTION_CONTAINS =10; const DWORD FILTERACTION_NOT =11; const DWORD FILTERACTION_EQUALNC =12; const DWORD FILTERACTION_EQUAL =13; const DWORD FILTERACTION_NOTEQUALNC =14; const DWORD FILTERACTION_NOTEQUAL =15; const DWORD FILTERACTION_GREATERNC =16; const DWORD FILTERACTION_GREATER =17; const DWORD FILTERACTION_LESSNC =18; const DWORD FILTERACTION_LESS =19; const DWORD FILTERACTION_GREATEREQUALNC =20; const DWORD FILTERACTION_GREATEREQUAL =21; const DWORD FILTERACTION_LESSEQUALNC =22; const DWORD FILTERACTION_LESSEQUAL =23; const DWORD FILTERACTION_PLUS =24; const DWORD FILTERACTION_MINUS =25; const DWORD FILTERACTION_ADDRESS =26; const DWORD FILTERACTION_ADDRESSANY =27; const DWORD FILTERACTION_FROM =28; const DWORD FILTERACTION_TO =29; const DWORD FILTERACTION_FROMTO =30; const DWORD FILTERACTION_AREBITSON =31; const DWORD FILTERACTION_AREBITSOFF =32; const DWORD FILTERACTION_PROTOCOLSEXIST =33; const DWORD FILTERACTION_PROTOCOLEXIST =34; const DWORD FILTERACTION_ARRAYEQUAL =35; const DWORD FILTERACTION_DEREFPROPERTY =36; const DWORD FILTERACTION_LARGEINT =37; const DWORD FILTERACTION_TIME =38; const DWORD FILTERACTION_ADDR_ETHER =39; const DWORD FILTERACTION_ADDR_TOKEN =40; const DWORD FILTERACTION_ADDR_FDDI =41; const DWORD FILTERACTION_ADDR_IPX =42; const DWORD FILTERACTION_ADDR_IP =43; const DWORD FILTERACTION_OID =44; const DWORD FILTERACTION_OID_CONTAINS =45; const DWORD FILTERACTION_OID_BEGINS_WITH =46; const DWORD FILTERACTION_OID_ENDS_WITH =47; const DWORD FILTERACTION_ADDR_VINES =48; const DWORD FILTERACTION_EXPRESSION =97; const DWORD FILTERACTION_BOOL =98; const DWORD FILTERACTION_NOEVAL =99; const DWORD FILTER_NO_MORE_FRAMES =0xFFFFFFFF; const DWORD FILTER_CANCELED =0xFFFFFFFE; const DWORD FILTER_DIRECTION_NEXT =TRUE; const DWORD FILTER_DIRECTION_PREV =FALSE; cpp_quote("//============================================================================") cpp_quote("// Helper functions.") cpp_quote("//============================================================================") cpp_quote("typedef BOOL (WINAPI *STATUSPROC)(DWORD, HCAPTURE, HFILTER, LPVOID);") // callback to show filter status: // DWORD nFrame // HCAPTURE // HFILTER // LPVOID UI Instance data (hwnd) cpp_quote("//=============================================================================") cpp_quote("// FILTER API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("HFILTER WINAPI CreateFilter(VOID);") cpp_quote("") cpp_quote("DWORD WINAPI DestroyFilter(HFILTER hFilter);") cpp_quote("") cpp_quote("HFILTER WINAPI FilterDuplicate(HFILTER hFilter);") cpp_quote("") cpp_quote("DWORD WINAPI DisableParserFilter(HFILTER hFilter, HPARSER hParser);") cpp_quote("") cpp_quote("DWORD WINAPI EnableParserFilter(HFILTER hFilter, HPARSER hParser);") cpp_quote("") cpp_quote("DWORD WINAPI FilterAddObject(HFILTER hFilter, LPFILTEROBJECT lpFilterObject );") cpp_quote("") cpp_quote("VOID WINAPI FilterFlushBits(HFILTER hFilter);") cpp_quote("") cpp_quote("DWORD WINAPI FilterFrame(HFRAME hFrame, HFILTER hFilter, HCAPTURE hCapture);") cpp_quote(" // returns -1 == check BH set last error") cpp_quote(" // 0 == FALSE") cpp_quote(" // 1 == TRUE") cpp_quote("") cpp_quote("BOOL WINAPI FilterAttachesProperties(HFILTER hFilter);") cpp_quote("") cpp_quote("DWORD WINAPI FilterFindFrame ( HFILTER hFilter,") cpp_quote(" HCAPTURE hCapture,") cpp_quote(" DWORD nFrame,") cpp_quote(" STATUSPROC StatusProc,") cpp_quote(" LPVOID UIInstance,") cpp_quote(" DWORD TimeDelta,") cpp_quote(" BOOL FilterDirection );") cpp_quote("") cpp_quote("HFRAME FilterFindPropertyInstance ( HFRAME hFrame, ") cpp_quote(" HFILTER hMasterFilter, ") cpp_quote(" HCAPTURE hCapture,") cpp_quote(" HFILTER hInstanceFilter,") cpp_quote(" LPPROPERTYINST *lpPropRestartKey,") cpp_quote(" STATUSPROC StatusProc,") cpp_quote(" LPVOID UIInstance,") cpp_quote(" DWORD TimeDelta,") cpp_quote(" BOOL FilterForward );") cpp_quote("") cpp_quote("") cpp_quote("VOID WINAPI SetCurrentFilter(HFILTER);") cpp_quote("HFILTER WINAPI GetCurrentFilter(VOID);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (Frame.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// 802.3 and ETHERNET MAC structure.") cpp_quote("//=============================================================================") // structure contains zero length array, must cpp_quote cpp_quote("typedef struct _ETHERNET") cpp_quote("{") cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.") cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.") cpp_quote(" union") cpp_quote(" {") cpp_quote(" WORD Length; //... 802.3 length field.") cpp_quote(" WORD Type; //... Ethernet type field.") cpp_quote(" };") cpp_quote(" BYTE Info[0]; //... information field.") cpp_quote("") cpp_quote("} ETHERNET;") cpp_quote("typedef ETHERNET *LPETHERNET;") cpp_quote("typedef ETHERNET UNALIGNED *ULPETHERNET;") cpp_quote("#define ETHERNET_SIZE sizeof(ETHERNET)") const DWORD ETHERNET_HEADER_LENGTH =14; const DWORD ETHERNET_DATA_LENGTH =0x05DC; const DWORD ETHERNET_FRAME_LENGTH =0x05EA; const DWORD ETHERNET_FRAME_TYPE =0x0600; cpp_quote("//=============================================================================") cpp_quote("// Header for NM_ATM Packets.") cpp_quote("//=============================================================================") cpp_quote("") //============================================================================= // Header for NM_ATM Packets. -- change this & you must change netmon.idl //============================================================================= typedef struct _NM_ATM { UCHAR DstAddr[6]; UCHAR SrcAddr[6]; ULONG Vpi; // Network order ULONG Vci; // Network order } NM_ATM; typedef NM_ATM* PNM_ATM; typedef NM_ATM* UPNM_ATM; cpp_quote("#define NM_ATM_HEADER_LENGTH sizeof(NM_ATM)") //============================================================================= // Header for NM_1394 Packets. -- change this & you must change netmon.idl //============================================================================= typedef struct _NM_1394 { UCHAR DstAddr[6]; UCHAR SrcAddr[6]; ULONGLONG VcId; } NM_1394; typedef NM_1394* PNM_1394; typedef NM_1394* UPNM_1394; cpp_quote("#define NM_1394_HEADER_LENGTH sizeof(NM_1394)") cpp_quote("//=============================================================================") cpp_quote("// 802.5 (TOKENRING) MAC structure.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) // structure contains bitfields, so must cpp_quote // also contains zero length array, so must cpp_quote cpp_quote("typedef struct _TOKENRING") cpp_quote("{") cpp_quote(" BYTE AccessCtrl; //... access control field.") cpp_quote(" BYTE FrameCtrl; //... frame control field.") cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.") cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.") cpp_quote(" union") cpp_quote(" {") cpp_quote(" BYTE Info[0]; //... information field.") cpp_quote(" WORD RoutingInfo[0]; //... routing information field.") cpp_quote(" };") cpp_quote("} TOKENRING;") cpp_quote("") cpp_quote("typedef TOKENRING *LPTOKENRING;") cpp_quote("typedef TOKENRING UNALIGNED *ULPTOKENRING;") cpp_quote("#define TOKENRING_SIZE sizeof(TOKENRING)") const DWORD TOKENRING_HEADER_LENGTH =14; const WORD TOKENRING_SA_ROUTING_INFO =0x0080; const WORD TOKENRING_SA_LOCAL =0x0040; const WORD TOKENRING_DA_LOCAL =0x0040; const WORD TOKENRING_DA_GROUP =0x0080; const WORD TOKENRING_RC_LENGTHMASK =0x001F; const WORD TOKENRING_BC_MASK =0x00E0; const WORD TOKENRING_TYPE_MAC =0x0000; const WORD TOKENRING_TYPE_LLC =0x0040; #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// FDDI MAC structure.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) // This structure contains a zero length array, must be cpp_quoted cpp_quote("typedef struct _FDDI") cpp_quote("{") cpp_quote(" BYTE FrameCtrl; //... frame control field.") cpp_quote(" BYTE DstAddr[MAX_ADDR_LENGTH]; //... destination address.") cpp_quote(" BYTE SrcAddr[MAX_ADDR_LENGTH]; //... source address.") cpp_quote(" BYTE Info[0]; //... information field.") cpp_quote("") cpp_quote("} FDDI;") cpp_quote("#define FDDI_SIZE sizeof(FDDI)") cpp_quote("typedef FDDI *LPFDDI;") cpp_quote("typedef FDDI UNALIGNED *ULPFDDI;") const DWORD FDDI_HEADER_LENGTH =13; const DWORD FDDI_TYPE_MAC =0x00; const DWORD FDDI_TYPE_LLC =0x10; const DWORD FDDI_TYPE_LONG_ADDRESS =0x40; #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// LLC (802.2)") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// This structure is used to decode network data and so needs to be packed") #pragma pack(push, 1) typedef struct _LLC { BYTE dsap; BYTE ssap; struct { union { BYTE Command; BYTE NextSend; }; union { BYTE NextRecv; BYTE Data[1]; }; } ControlField; } LLC; typedef LLC *LPLLC; cpp_quote("typedef LLC UNALIGNED *ULPLLC;") const DWORD LLC_SIZE =sizeof(LLC); #pragma pack(pop) cpp_quote("//=============================================================================") cpp_quote("// Helper macros.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("#define IsRoutingInfoPresent(f) ((((ULPTOKENRING) (f))->SrcAddr[0] & TOKENRING_SA_ROUTING_INFO) ? TRUE : FALSE)") cpp_quote("") cpp_quote("#define GetRoutingInfoLength(f) (IsRoutingInfoPresent(f) \\") cpp_quote(" ? (((ULPTOKENRING) (f))->RoutingInfo[0] & TOKENRING_RC_LENGTHMASK) : 0)") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (Parser.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Format Procedure Type.") cpp_quote("//") cpp_quote("// NOTE: All format functions *must* be declared as WINAPIV not WINAPI!") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("typedef VOID (WINAPIV *FORMAT)(LPPROPERTYINST, ...);") cpp_quote("") cpp_quote("// The protocol recognized the frame and moved the pointer to end of its") cpp_quote("// protocol header. Network Monitor uses the protocols follow set to continue") cpp_quote("// parsing.") const DWORD PROTOCOL_STATUS_RECOGNIZED = 0; cpp_quote("// The protocol did not recognized the frame and did not move the pointer") cpp_quote("// (i.e. the start data pointer which was passed in). Network Monitor uses the") cpp_quote("// protocols follow set to continue parsing.") const DWORD PROTOCOL_STATUS_NOT_RECOGNIZED = 1; cpp_quote("// The protocol recognized the frame and claimed it all for itself,") cpp_quote("// and parsing terminates.") const DWORD PROTOCOL_STATUS_CLAIMED = 2; cpp_quote("// The protocol recognized the frame and moved the pointer to end of its") cpp_quote("// protocol header. The current protocol requests that Network Monitor ") cpp_quote("// continue parsing at a known next protocol by returning the next protocols") cpp_quote("// handle back to Network Monitor. In this case, the follow of the current ") cpp_quote("// protocol, if any, is not used.") const DWORD PROTOCOL_STATUS_NEXT_PROTOCOL = 3; cpp_quote("//=============================================================================") cpp_quote("// Macros.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("extern BYTE HexTable[];") cpp_quote("") cpp_quote("#define XCHG(x) MAKEWORD( HIBYTE(x), LOBYTE(x) )") cpp_quote("") cpp_quote("#define DXCHG(x) MAKELONG( XCHG(HIWORD(x)), XCHG(LOWORD(x)) )") cpp_quote("") cpp_quote("#define LONIBBLE(b) ((BYTE) ((b) & 0x0F))") cpp_quote("") cpp_quote("#define HINIBBLE(b) ((BYTE) ((b) >> 4))") cpp_quote("") cpp_quote("#define HEX(b) (HexTable[LONIBBLE(b)])") cpp_quote("") cpp_quote("#define SWAPBYTES(w) ((w) = XCHG(w))") cpp_quote("") cpp_quote("#define SWAPWORDS(d) ((d) = DXCHG(d))") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// All the MAC frame types combined.") cpp_quote("//=============================================================================") // structure contains structures with bitfields, so must cpp_quote cpp_quote("typedef union _MACFRAME") cpp_quote("{") cpp_quote(" LPBYTE MacHeader; //... generic pointer.") cpp_quote(" LPETHERNET Ethernet; //... ethernet pointer.") cpp_quote(" LPTOKENRING Tokenring; //... tokenring pointer.") cpp_quote(" LPFDDI Fddi; //... FDDI pointer.") cpp_quote("") cpp_quote("} MACFRAME;") cpp_quote("typedef MACFRAME *LPMACFRAME;") cpp_quote("") cpp_quote("#define HOT_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'T', '$')") cpp_quote("#define HOE_SIGNATURE MAKE_IDENTIFIER('H', 'O', 'E', '$')") typedef struct _HANDOFFENTRY { DWORD hoe_sig; //... 'HOE$' DWORD hoe_ProtIdentNumber; //Port/Socket number used to determine who to handoff to HPROTOCOL hoe_ProtocolHandle; //Handle of Protocol to hand off to DWORD hoe_ProtocolData; //Additional Data to pass to protocol when handed off } HANDOFFENTRY; typedef HANDOFFENTRY * LPHANDOFFENTRY; typedef struct _HANDOFFTABLE { DWORD hot_sig; //... 'HOT$' DWORD hot_NumEntries; LPHANDOFFENTRY hot_Entries; } HANDOFFTABLE, *LPHANDOFFTABLE; cpp_quote("//=============================================================================") cpp_quote("// Parser helper macros.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("INLINE LPVOID GetPropertyInstanceData(LPPROPERTYINST PropertyInst)") cpp_quote("{") cpp_quote(" if ( PropertyInst->DataLength != (WORD) -1 )") cpp_quote(" {") cpp_quote(" return PropertyInst->lpData;") cpp_quote(" }") cpp_quote("") cpp_quote(" return (LPVOID) PropertyInst->lpPropertyInstEx->Byte;") cpp_quote("}") cpp_quote("") cpp_quote("#define GetPropertyInstanceDataValue(p, type) ((type *) GetPropertyInstanceData(p))[0]") cpp_quote("") cpp_quote("INLINE DWORD GetPropertyInstanceFrameDataLength(LPPROPERTYINST PropertyInst)") cpp_quote("{") cpp_quote(" if ( PropertyInst->DataLength != (WORD) -1 )") cpp_quote(" {") cpp_quote(" return PropertyInst->DataLength;") cpp_quote(" }") cpp_quote("") cpp_quote(" return PropertyInst->lpPropertyInstEx->Length;") cpp_quote("}") cpp_quote("") cpp_quote("INLINE DWORD GetPropertyInstanceExDataLength(LPPROPERTYINST PropertyInst)") cpp_quote("{") cpp_quote(" if ( PropertyInst->DataLength == (WORD) -1 )") cpp_quote(" {") cpp_quote(" PropertyInst->lpPropertyInstEx->Length;") cpp_quote(" }") cpp_quote("") cpp_quote(" return (WORD) -1;") cpp_quote("}") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Parser helper functions.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("LPLABELED_WORD WINAPI GetProtocolDescriptionTable(LPDWORD TableSize);") cpp_quote("") cpp_quote("LPLABELED_WORD WINAPI GetProtocolDescription(DWORD ProtocolID);") cpp_quote("") cpp_quote("DWORD WINAPI GetMacHeaderLength(LPVOID MacHeader, DWORD MacType);") cpp_quote("") cpp_quote("DWORD WINAPI GetLLCHeaderLength(LPLLC Frame);") cpp_quote("") cpp_quote("DWORD WINAPI GetEtype(LPVOID MacHeader, DWORD MacType);") cpp_quote("") cpp_quote("DWORD WINAPI GetSaps(LPVOID MacHeader, DWORD MacType);") cpp_quote("") cpp_quote("BOOL WINAPI IsLLCPresent(LPVOID MacHeader, DWORD MacType);") cpp_quote("") cpp_quote("VOID WINAPI CanonicalizeHexString(LPSTR hex, LPSTR dest, DWORD len);") cpp_quote("") cpp_quote("void WINAPI CanonHex(UCHAR * pDest, UCHAR * pSource, int iLen, BOOL fOx );") cpp_quote("") cpp_quote("DWORD WINAPI ByteToBinary(LPSTR string, DWORD ByteValue);") cpp_quote("") cpp_quote("DWORD WINAPI WordToBinary(LPSTR string, DWORD WordValue);") cpp_quote("") cpp_quote("DWORD WINAPI DwordToBinary(LPSTR string, DWORD DwordValue);") cpp_quote("") cpp_quote("LPSTR WINAPI AddressToString(LPSTR string, BYTE *lpAddress);") cpp_quote("") cpp_quote("LPBYTE WINAPI StringToAddress(BYTE *lpAddress, LPSTR string);") cpp_quote("") cpp_quote("LPDWORD WINAPI VarLenSmallIntToDword( LPBYTE pValue, ") cpp_quote(" WORD ValueLen, ") cpp_quote(" BOOL fIsByteswapped,") cpp_quote(" LPDWORD lpDword );") cpp_quote("") cpp_quote("LPBYTE WINAPI LookupByteSetString (LPSET lpSet, BYTE Value);") cpp_quote("") cpp_quote("LPBYTE WINAPI LookupWordSetString (LPSET lpSet, WORD Value);") cpp_quote("") cpp_quote("LPBYTE WINAPI LookupDwordSetString (LPSET lpSet, DWORD Value);") cpp_quote("") cpp_quote("DWORD WINAPIV FormatByteFlags(LPSTR string, DWORD ByteValue, DWORD BitMask);") cpp_quote("") cpp_quote("DWORD WINAPIV FormatWordFlags(LPSTR string, DWORD WordValue, DWORD BitMask);") cpp_quote("") cpp_quote("DWORD WINAPIV FormatDwordFlags(LPSTR string, DWORD DwordValue, DWORD BitMask);") cpp_quote("") cpp_quote("LPSTR WINAPIV FormatTimeAsString(SYSTEMTIME *time, LPSTR string);") cpp_quote("") cpp_quote("VOID WINAPIV FormatLabeledByteSetAsFlags(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatLabeledWordSetAsFlags(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatLabeledDwordSetAsFlags(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsByte(LPPROPERTYINST lpPropertyInst, DWORD Base);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsWord(LPPROPERTYINST lpPropertyInst, DWORD Base);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsDword(LPPROPERTYINST lpPropertyInst, DWORD Base);") cpp_quote("") cpp_quote("VOID WINAPIV FormatLabeledByteSet(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatLabeledWordSet(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatLabeledDwordSet(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsInt64(LPPROPERTYINST lpPropertyInst, DWORD Base);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsTime(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsString(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("VOID WINAPIV FormatPropertyDataAsHexString(LPPROPERTYINST lpPropertyInst);") cpp_quote("") cpp_quote("// Parsers should NOT call LockFrame(). If a parser takes a lock and then gets") cpp_quote("// faulted or returns without unlocking, it leaves the system in a state where") cpp_quote("// it cannot change protocols or cut/copy frames. Parsers should use ParserTemporaryLockFrame") cpp_quote("// which grants a lock ONLY during the context of the api entry into the parser. The ") cpp_quote("// lock is released on exit from the parser for that frame.") cpp_quote("ULPBYTE WINAPI ParserTemporaryLockFrame(HFRAME hFrame);") cpp_quote("") cpp_quote("LPVOID WINAPI GetCCInstPtr(VOID);") cpp_quote("VOID WINAPI SetCCInstPtr(LPVOID lpCurCaptureInst);") cpp_quote("LPVOID WINAPI CCHeapAlloc(DWORD dwBytes, BOOL bZeroInit);") cpp_quote("LPVOID WINAPI CCHeapReAlloc(LPVOID lpMem, DWORD dwBytes, BOOL bZeroInit);") cpp_quote("BOOL WINAPI CCHeapFree(LPVOID lpMem);") cpp_quote("SIZE_T WINAPI CCHeapSize(LPVOID lpMem);") cpp_quote("") cpp_quote("BOOL _cdecl BERGetInteger( ULPBYTE pCurrentPointer,") cpp_quote(" ULPBYTE *ppValuePointer,") cpp_quote(" LPDWORD pHeaderLength,") cpp_quote(" LPDWORD pDataLength,") cpp_quote(" ULPBYTE *ppNext);") cpp_quote("BOOL _cdecl BERGetString( ULPBYTE pCurrentPointer,") cpp_quote(" ULPBYTE *ppValuePointer,") cpp_quote(" LPDWORD pHeaderLength,") cpp_quote(" LPDWORD pDataLength,") cpp_quote(" ULPBYTE *ppNext);") cpp_quote("BOOL _cdecl BERGetHeader( ULPBYTE pCurrentPointer,") cpp_quote(" ULPBYTE pTag,") cpp_quote(" LPDWORD pHeaderLength,") cpp_quote(" LPDWORD pDataLength,") cpp_quote(" ULPBYTE *ppNext);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Parser Finder Structures.") cpp_quote("//=============================================================================") const DWORD MAX_PROTOCOL_COMMENT_LEN =256; const DWORD NETMON_MAX_PROTOCOL_NAME_LEN =16; cpp_quote("// the constant MAX_PROTOCOL_NAME_LEN conflicts with one of the same name") cpp_quote("// but different size in rtutils.h.") cpp_quote("// So if both headers are included, we do not define MAX_PROTOCOL_NAME_LEN.") cpp_quote("#ifndef MAX_PROTOCOL_NAME_LEN") const DWORD MAX_PROTOCOL_NAME_LEN =NETMON_MAX_PROTOCOL_NAME_LEN; cpp_quote("#else") cpp_quote("#undef MAX_PROTOCOL_NAME_LEN") cpp_quote("#endif") cpp_quote("// Handoff Value Format Base") typedef enum { HANDOFF_VALUE_FORMAT_BASE_UNKNOWN = 0, HANDOFF_VALUE_FORMAT_BASE_DECIMAL = 10, HANDOFF_VALUE_FORMAT_BASE_HEX = 16 } PF_HANDOFFVALUEFORMATBASE; cpp_quote("// PF_HANDOFFENTRY") typedef struct _PF_HANDOFFENTRY { char szIniFile[MAX_PATH]; char szIniSection[MAX_PATH]; char szProtocol[NETMON_MAX_PROTOCOL_NAME_LEN]; DWORD dwHandOffValue; PF_HANDOFFVALUEFORMATBASE ValueFormatBase; } PF_HANDOFFENTRY; typedef PF_HANDOFFENTRY* PPF_HANDOFFENTRY; cpp_quote("// PF_HANDOFFSET") // Structure contains zero length array, must cpp_quote cpp_quote("typedef struct _PF_HANDOFFSET") cpp_quote("{") cpp_quote(" DWORD nEntries;") cpp_quote(" PF_HANDOFFENTRY Entry[0];") cpp_quote("") cpp_quote("} PF_HANDOFFSET;") cpp_quote("typedef PF_HANDOFFSET* PPF_HANDOFFSET;") cpp_quote("// FOLLOWENTRY") typedef struct _PF_FOLLOWENTRY { char szProtocol[NETMON_MAX_PROTOCOL_NAME_LEN]; } PF_FOLLOWENTRY; typedef PF_FOLLOWENTRY* PPF_FOLLOWENTRY; cpp_quote("// PF_FOLLOWSET") // Structure contains zero length array, must cpp_quote cpp_quote("typedef struct _PF_FOLLOWSET") cpp_quote("{") cpp_quote(" DWORD nEntries;") cpp_quote(" PF_FOLLOWENTRY Entry[0];") cpp_quote("") cpp_quote("} PF_FOLLOWSET;") cpp_quote("typedef PF_FOLLOWSET* PPF_FOLLOWSET;") cpp_quote("") cpp_quote("// PARSERINFO - contains information about a single parser") // Structure contains structures with zero length arrays, must cpp_quote cpp_quote("typedef struct _PF_PARSERINFO") cpp_quote("{") cpp_quote(" char szProtocolName[NETMON_MAX_PROTOCOL_NAME_LEN];") cpp_quote(" char szComment[MAX_PROTOCOL_COMMENT_LEN];") cpp_quote(" char szHelpFile[MAX_PATH];") cpp_quote("") cpp_quote(" PPF_FOLLOWSET pWhoCanPrecedeMe;") cpp_quote(" PPF_FOLLOWSET pWhoCanFollowMe;") cpp_quote("") cpp_quote(" PPF_HANDOFFSET pWhoHandsOffToMe;") cpp_quote(" PPF_HANDOFFSET pWhoDoIHandOffTo;") cpp_quote("") cpp_quote("} PF_PARSERINFO;") cpp_quote("typedef PF_PARSERINFO* PPF_PARSERINFO;") cpp_quote("") cpp_quote("// PF_PARSERDLLINFO - contains information about a single parser DLL") // Structure contains zero length array, must cpp_quote cpp_quote("typedef struct _PF_PARSERDLLINFO") cpp_quote("{ ") cpp_quote("// char szDLLName[MAX_PATH];") cpp_quote(" DWORD nParsers;") cpp_quote(" PF_PARSERINFO ParserInfo[0];") cpp_quote("") cpp_quote("} PF_PARSERDLLINFO;") cpp_quote("typedef PF_PARSERDLLINFO* PPF_PARSERDLLINFO;") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (IniLib.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") const DWORD INI_PATH_LENGTH =256; const DWORD MAX_HANDOFF_ENTRY_LENGTH =80; const DWORD MAX_PROTOCOL_NAME =40; const DWORD NUMALLOCENTRIES =10; const DWORD RAW_INI_STR_LEN =200; cpp_quote("#define PARSERS_SUBDIR \"PARSERS\"") cpp_quote("#define INI_EXTENSION \"INI\"") cpp_quote("#define BASE10_FORMAT_STR \"%ld=%s %ld\"") cpp_quote("#define BASE16_FORMAT_STR \"%lx=%s %lx\"") cpp_quote("// Given \"XNS\" or \"TCP\" or whatever BuildINIPath will return fully qual. path to \"XNS.INI\" or \"TCP.INI\"") cpp_quote("LPSTR _cdecl BuildINIPath( char *FullPath,") cpp_quote(" char *IniFileName );") cpp_quote("") cpp_quote("// Builds Handoff Set") cpp_quote("DWORD WINAPI CreateHandoffTable(LPSTR secName,") cpp_quote(" LPSTR iniFile,") cpp_quote(" LPHANDOFFTABLE * hTable,") cpp_quote(" DWORD nMaxProtocolEntries,") cpp_quote(" DWORD base);") cpp_quote("") cpp_quote("HPROTOCOL WINAPI GetProtocolFromTable(LPHANDOFFTABLE hTable, // lp to Handoff Table...") cpp_quote(" DWORD ItemToFind, // port number etc...") cpp_quote(" PDWORD_PTR lpInstData ); // inst data to give to next protocol") cpp_quote("") cpp_quote("VOID WINAPI DestroyHandoffTable( LPHANDOFFTABLE hTable );") cpp_quote("") cpp_quote("BOOLEAN WINAPI IsRawIPXEnabled(LPSTR secName,") cpp_quote(" LPSTR iniFile,") cpp_quote(" LPSTR CurProtocol );") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMExpert.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") const DWORD EXPERTSTRINGLENGTH =MAX_PATH; const DWORD EXPERTGROUPNAMELENGTH =25; cpp_quote("// HEXPERTKEY tracks running experts. It is only used by experts for ") cpp_quote("// self reference. It refers to a RUNNINGEXPERT (an internal only structure)..") typedef LPVOID HEXPERTKEY; typedef HEXPERTKEY * PHEXPERTKEY; cpp_quote("// HEXPERT tracks loaded experts. It refers to an EXPERTENUMINFO.") typedef LPVOID HEXPERT; typedef HEXPERT * PHEXPERT; cpp_quote("// HRUNNINGEXPERT tracks a currently running expert.") cpp_quote("// It refers to a RUNNINGEXPERT (an internal only structure).") typedef LPVOID HRUNNINGEXPERT; typedef HRUNNINGEXPERT * PHRUNNINGEXPERT; // forward ref cpp_quote("typedef struct _EXPERTENUMINFO * PEXPERTENUMINFO;") cpp_quote("typedef struct _EXPERTCONFIG * PEXPERTCONFIG;") cpp_quote("typedef struct _EXPERTSTARTUPINFO * PEXPERTSTARTUPINFO;") cpp_quote("// Definitions needed to call experts") cpp_quote("#define EXPERTENTRY_REGISTER \"Register\"") cpp_quote("#define EXPERTENTRY_CONFIGURE \"Configure\"") cpp_quote("#define EXPERTENTRY_RUN \"Run\"") cpp_quote("typedef BOOL (WINAPI * PEXPERTREGISTERPROC)( PEXPERTENUMINFO );") cpp_quote("typedef BOOL (WINAPI * PEXPERTCONFIGPROC) ( HEXPERTKEY, PEXPERTCONFIG*, PEXPERTSTARTUPINFO, DWORD, HWND );") cpp_quote("typedef BOOL (WINAPI * PEXPERTRUNPROC) ( HEXPERTKEY, PEXPERTCONFIG, PEXPERTSTARTUPINFO, DWORD, HWND);") cpp_quote("// EXPERTENUMINFO describes an expert that NetMon has loaded from disk. ") cpp_quote("// It does not include any configuration or runtime information.") cpp_quote("typedef struct _EXPERTENUMINFO") cpp_quote("{") cpp_quote(" char szName[EXPERTSTRINGLENGTH];") cpp_quote(" char szVendor[EXPERTSTRINGLENGTH];") cpp_quote(" char szDescription[EXPERTSTRINGLENGTH];") cpp_quote(" DWORD Version; ") cpp_quote(" DWORD Flags;") cpp_quote(" char szDllName[MAX_PATH]; // private, dont' touch") cpp_quote(" HEXPERT hExpert; // private, don't touch") cpp_quote(" HINSTANCE hModule; // private, don't touch") cpp_quote(" PEXPERTREGISTERPROC pRegisterProc; // private, don't touch") cpp_quote(" PEXPERTCONFIGPROC pConfigProc; // private, don't touch") cpp_quote(" PEXPERTRUNPROC pRunProc; // private, don't touch") cpp_quote("") cpp_quote("} EXPERTENUMINFO;") cpp_quote("typedef EXPERTENUMINFO * PEXPERTENUMINFO;") const DWORD EXPERT_ENUM_FLAG_CONFIGURABLE =0x0001; const DWORD EXPERT_ENUM_FLAG_VIEWER_PRIVATE =0x0002; const DWORD EXPERT_ENUM_FLAG_NO_VIEWER =0x0004; const DWORD EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_SUMMARY =0x0010; const DWORD EXPERT_ENUM_FLAG_ADD_ME_TO_RMC_IN_DETAIL =0x0020; // contains a structure that contains an unaligned pointer, so must cpp_quote cpp_quote("// EXPERTSTARTUPINFO") cpp_quote("// This gives the Expert an indication of where he came from.") cpp_quote("// Note: if the lpPropertyInst->PropertyInfo->DataQualifier == PROP_QUAL_FLAGS") cpp_quote("// then the sBitField structure is filled in") cpp_quote("typedef struct _EXPERTSTARTUPINFO") cpp_quote("{") cpp_quote(" DWORD Flags;") cpp_quote(" HCAPTURE hCapture;") cpp_quote(" char szCaptureFile[MAX_PATH];") cpp_quote(" DWORD dwFrameNumber;") cpp_quote(" HPROTOCOL hProtocol;") cpp_quote("") cpp_quote(" LPPROPERTYINST lpPropertyInst;") cpp_quote("") cpp_quote(" struct") cpp_quote(" {") cpp_quote(" BYTE BitNumber;") cpp_quote(" BOOL bOn;") cpp_quote(" } sBitfield;") cpp_quote("") cpp_quote("} EXPERTSTARTUPINFO;") cpp_quote("// EXPERTCONFIG") cpp_quote("// This is a generic holder for an Expert's config data.") // structure contains a zero length array, must be cpp_quoted cpp_quote("typedef struct _EXPERTCONFIG") cpp_quote("{") cpp_quote(" DWORD RawConfigLength;") cpp_quote(" BYTE RawConfigData[0];") cpp_quote("") cpp_quote("} EXPERTCONFIG;") cpp_quote("typedef EXPERTCONFIG * PEXPERTCONFIG;") cpp_quote("// CONFIGUREDEXPERT") cpp_quote("// This structure associates a loaded expert with its configuration data.") // structure contains a zero length array, must be cpp_quoted cpp_quote("typedef struct") cpp_quote("{") cpp_quote(" HEXPERT hExpert;") cpp_quote(" DWORD StartupFlags;") cpp_quote(" PEXPERTCONFIG pConfig;") cpp_quote("} CONFIGUREDEXPERT;") cpp_quote("typedef CONFIGUREDEXPERT * PCONFIGUREDEXPERT;") cpp_quote("// EXPERTFRAMEDESCRIPTOR - passed back to the expert to fulfil the request for a frame") // contains an unaligned pointer, so must cpp_quote cpp_quote("typedef struct") cpp_quote("{") cpp_quote(" DWORD FrameNumber; // Frame Number.") cpp_quote(" HFRAME hFrame; // Handle to the frame.") cpp_quote(" ULPFRAME pFrame; // pointer to frame.") cpp_quote(" LPRECOGNIZEDATATABLE lpRecognizeDataTable;// pointer to table of RECOGNIZEDATA structures.") cpp_quote(" LPPROPERTYTABLE lpPropertyTable; // pointer to property table.") cpp_quote("") cpp_quote("} EXPERTFRAMEDESCRIPTOR;") cpp_quote("typedef EXPERTFRAMEDESCRIPTOR * LPEXPERTFRAMEDESCRIPTOR;") // other definitions const DWORD GET_SPECIFIED_FRAME = 0; const DWORD GET_FRAME_NEXT_FORWARD = 1; const DWORD GET_FRAME_NEXT_BACKWARD = 2; const DWORD FLAGS_DEFER_TO_UI_FILTER =0x1; const DWORD FLAGS_ATTACH_PROPERTIES =0x2; cpp_quote("// EXPERTSTATUSENUM") cpp_quote("// gives the possible values for the status field in the EXPERTSTATUS structure") typedef enum { EXPERTSTATUS_INACTIVE = 0, EXPERTSTATUS_STARTING, EXPERTSTATUS_RUNNING, EXPERTSTATUS_PROBLEM, EXPERTSTATUS_ABORTED, EXPERTSTATUS_DONE, } EXPERTSTATUSENUMERATION; cpp_quote("// EXPERTSUBSTATUS bitfield ") cpp_quote("// gives the possible values for the substatus field in the EXPERTSTATUS structure") const WORD EXPERTSUBSTATUS_ABORTED_USER =0x0001; const WORD EXPERTSUBSTATUS_ABORTED_LOAD_FAIL =0x0002; const WORD EXPERTSUBSTATUS_ABORTED_THREAD_FAIL =0x0004; const WORD EXPERTSUBSTATUS_ABORTED_BAD_ENTRY =0x0008; cpp_quote("// EXPERTSTATUS") cpp_quote("// Indicates the current status of a running expert.") typedef struct { EXPERTSTATUSENUMERATION Status; DWORD SubStatus; DWORD PercentDone; DWORD Frame; char szStatusText[EXPERTSTRINGLENGTH]; } EXPERTSTATUS; typedef EXPERTSTATUS * PEXPERTSTATUS; cpp_quote("// EXPERT STARTUP FLAGS") const DWORD EXPERT_STARTUP_FLAG_USE_STARTUP_DATA_OVER_CONFIG_DATA =0x00000001; cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NetMon.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// A frame with no number contains this value as its frame number.") const DWORD INVALID_FRAME_NUMBER =((DWORD) -1); cpp_quote("//=============================================================================") cpp_quote("// Capture file flags.") cpp_quote("//=============================================================================") cpp_quote("#define CAPTUREFILE_OPEN OPEN_EXISTING") cpp_quote("#define CAPTUREFILE_CREATE CREATE_NEW") cpp_quote("//=============================================================================") cpp_quote("// CAPTURE CONTEXT API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("LPSYSTEMTIME WINAPI GetCaptureTimeStamp(HCAPTURE hCapture);") cpp_quote("") cpp_quote("DWORD WINAPI GetCaptureMacType(HCAPTURE hCapture);") cpp_quote("") cpp_quote("DWORD WINAPI GetCaptureTotalFrames(HCAPTURE hCapture);") cpp_quote("") cpp_quote("LPSTR WINAPI GetCaptureComment(HCAPTURE hCapture);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// FRAME HELP API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("DWORD WINAPI MacTypeToAddressType(DWORD MacType);") cpp_quote("") cpp_quote("DWORD WINAPI AddressTypeToMacType(DWORD AddressType);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameDstAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameSrcAddressOffset(HFRAME hFrame, DWORD AddressType, LPDWORD AddressLength);") cpp_quote("") cpp_quote("HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME hFrame);") cpp_quote("") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameDestAddress(HFRAME hFrame,") cpp_quote(" LPADDRESS lpAddress,") cpp_quote(" DWORD AddressType,") cpp_quote(" DWORD Flags);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameSourceAddress(HFRAME hFrame,") cpp_quote(" LPADDRESS lpAddress,") cpp_quote(" DWORD AddressType,") cpp_quote(" DWORD Flags);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);") cpp_quote("") cpp_quote("BOOL WINAPI CompareFrameDestAddress(HFRAME hFrame, LPADDRESS lpAddress);") cpp_quote("") cpp_quote("BOOL WINAPI CompareFrameSourceAddress(HFRAME hFrame, LPADDRESS lpAddress);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameLength(HFRAME hFrame);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameStoredLength(HFRAME hFrame);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameMacType(HFRAME hFrame);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameMacHeaderLength(HFRAME hFrame);") cpp_quote("") cpp_quote("DWORD WINAPI GetFrameNumber(HFRAME hFrame);") cpp_quote("") cpp_quote("__int64 WINAPI GetFrameTimeStamp(HFRAME hFrame);") cpp_quote("") cpp_quote("ULPFRAME WINAPI GetFrameFromFrameHandle(HFRAME hFrame);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// FRAME API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("HFRAME WINAPI ModifyFrame(HCAPTURE hCapture,") cpp_quote(" DWORD FrameNumber,") cpp_quote(" LPBYTE FrameData,") cpp_quote(" DWORD FrameLength,") cpp_quote(" __int64 TimeStamp);") cpp_quote("") cpp_quote("HFRAME WINAPI FindNextFrame(HFRAME hCurrentFrame,") cpp_quote(" LPSTR ProtocolName,") cpp_quote(" LPADDRESS lpDesstAddress,") cpp_quote(" LPADDRESS lpSrcAddress,") cpp_quote(" LPWORD ProtocolOffset,") cpp_quote(" DWORD OriginalFrameNumber,") cpp_quote(" DWORD nHighestFrame);") cpp_quote("") cpp_quote("HFRAME WINAPI FindPreviousFrame(HFRAME hCurrentFrame,") cpp_quote(" LPSTR ProtocolName,") cpp_quote(" LPADDRESS lpDstAddress,") cpp_quote(" LPADDRESS lpSrcAddress,") cpp_quote(" LPWORD ProtocolOffset,") cpp_quote(" DWORD OriginalFrameNumber,") cpp_quote(" DWORD nLowestFrame );") cpp_quote("") cpp_quote("HCAPTURE WINAPI GetFrameCaptureHandle(HFRAME);") cpp_quote("") cpp_quote("HFRAME WINAPI GetFrame(HCAPTURE hCapture, DWORD FrameNumber);") cpp_quote("") cpp_quote("LPRECOGNIZEDATATABLE WINAPI GetFrameRecognizeData(HFRAME hFrame);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Protocol API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("HPROTOCOL WINAPI CreateProtocol(LPSTR ProtocolName,") cpp_quote(" LPENTRYPOINTS lpEntryPoints,") cpp_quote(" DWORD cbEntryPoints);") cpp_quote("") cpp_quote("VOID WINAPI DestroyProtocol(HPROTOCOL hProtocol);") cpp_quote("") cpp_quote("LPPROTOCOLINFO WINAPI GetProtocolInfo(HPROTOCOL hProtocol);") cpp_quote("") cpp_quote("HPROPERTY WINAPI GetProperty(HPROTOCOL hProtocol, LPSTR PropertyName);") cpp_quote("") cpp_quote("HPROTOCOL WINAPI GetProtocolFromName(LPSTR ProtocolName);") cpp_quote("") cpp_quote("DWORD WINAPI GetProtocolStartOffset(HFRAME hFrame, LPSTR ProtocolName);") cpp_quote("") cpp_quote("DWORD WINAPI GetProtocolStartOffsetHandle(HFRAME hFrame, HPROTOCOL hProtocol);") cpp_quote("") cpp_quote("DWORD WINAPI GetPreviousProtocolOffsetByName(HFRAME hFrame,") cpp_quote(" DWORD dwStartOffset,") cpp_quote(" LPSTR szProtocolName,") cpp_quote(" DWORD* pdwPreviousOffset);") cpp_quote("") cpp_quote("LPPROTOCOLTABLE WINAPI GetEnabledProtocols(HCAPTURE hCapture);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Property API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("DWORD WINAPI CreatePropertyDatabase(HPROTOCOL hProtocol, DWORD nProperties);") cpp_quote("") cpp_quote("DWORD WINAPI DestroyPropertyDatabase(HPROTOCOL hProtocol);") cpp_quote("") cpp_quote("HPROPERTY WINAPI AddProperty(HPROTOCOL hProtocol, LPPROPERTYINFO PropertyInfo);") cpp_quote("") cpp_quote("BOOL WINAPI AttachPropertyInstance(HFRAME hFrame,") cpp_quote(" HPROPERTY hProperty,") cpp_quote(" DWORD Length,") cpp_quote(" ULPVOID lpData,") cpp_quote(" DWORD HelpID,") cpp_quote(" DWORD Level,") cpp_quote(" DWORD IFlags);") cpp_quote("") cpp_quote("BOOL WINAPI AttachPropertyInstanceEx(HFRAME hFrame,") cpp_quote(" HPROPERTY hProperty,") cpp_quote(" DWORD Length,") cpp_quote(" ULPVOID lpData,") cpp_quote(" DWORD ExLength,") cpp_quote(" ULPVOID lpExData,") cpp_quote(" DWORD HelpID,") cpp_quote(" DWORD Level,") cpp_quote(" DWORD IFlags);") cpp_quote("") cpp_quote("LPPROPERTYINST WINAPI FindPropertyInstance(HFRAME hFrame, HPROPERTY hProperty);") cpp_quote("") cpp_quote("LPPROPERTYINST WINAPI FindPropertyInstanceRestart (HFRAME hFrame, ") cpp_quote(" HPROPERTY hProperty, ") cpp_quote(" LPPROPERTYINST *lpRestartKey, ") cpp_quote(" BOOL DirForward );") cpp_quote("") cpp_quote("LPPROPERTYINFO WINAPI GetPropertyInfo(HPROPERTY hProperty);") cpp_quote("") cpp_quote("LPSTR WINAPI GetPropertyText(HFRAME hFrame, LPPROPERTYINST lpPI, LPSTR szBuffer, DWORD BufferSize);") cpp_quote("") cpp_quote("DWORD WINAPI ResetPropertyInstanceLength( LPPROPERTYINST lpProp, ") cpp_quote(" WORD nOrgLen, ") cpp_quote(" WORD nNewLen );") cpp_quote("//=============================================================================") cpp_quote("// MISC. API's.") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("DWORD WINAPI GetCaptureCommentFromFilename(LPSTR lpFilename, LPSTR lpComment, DWORD BufferSize);") cpp_quote("") cpp_quote("int WINAPI CompareAddresses(LPADDRESS lpAddress1, LPADDRESS lpAddress2);") cpp_quote("") cpp_quote("DWORD WINAPIV FormatPropertyInstance(LPPROPERTYINST lpPropertyInst, ...);") cpp_quote("") cpp_quote("SYSTEMTIME * WINAPI AdjustSystemTime(SYSTEMTIME *SystemTime, __int64 TimeDelta);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// EXPERT API's for use by Experts") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("DWORD WINAPI ExpertGetFrame( IN HEXPERTKEY hExpertKey,") cpp_quote(" IN DWORD Direction,") cpp_quote(" IN DWORD RequestFlags,") cpp_quote(" IN DWORD RequestedFrameNumber,") cpp_quote(" IN HFILTER hFilter,") cpp_quote(" OUT LPEXPERTFRAMEDESCRIPTOR pEFrameDescriptor);") cpp_quote("") cpp_quote("LPVOID WINAPI ExpertAllocMemory( IN HEXPERTKEY hExpertKey,") cpp_quote(" IN SIZE_T nBytes,") cpp_quote(" OUT DWORD* pError);") cpp_quote("") cpp_quote("LPVOID WINAPI ExpertReallocMemory( IN HEXPERTKEY hExpertKey,") cpp_quote(" IN LPVOID pOriginalMemory,") cpp_quote(" IN SIZE_T nBytes,") cpp_quote(" OUT DWORD* pError);") cpp_quote("") cpp_quote("DWORD WINAPI ExpertFreeMemory( IN HEXPERTKEY hExpertKey,") cpp_quote(" IN LPVOID pOriginalMemory);") cpp_quote("") cpp_quote("SIZE_T WINAPI ExpertMemorySize( IN HEXPERTKEY hExpertKey,") cpp_quote(" IN LPVOID pOriginalMemory);") cpp_quote("") cpp_quote("DWORD WINAPI ExpertIndicateStatus( IN HEXPERTKEY hExpertKey, ") cpp_quote(" IN EXPERTSTATUSENUMERATION Status,") cpp_quote(" IN DWORD SubStatus,") cpp_quote(" IN const char * szText,") cpp_quote(" IN LONG PercentDone);") cpp_quote("") cpp_quote("DWORD WINAPI ExpertSubmitEvent( IN HEXPERTKEY hExpertKey,") cpp_quote(" IN PNMEVENTDATA pExpertEvent);") cpp_quote("") cpp_quote("DWORD WINAPI ExpertGetStartupInfo( IN HEXPERTKEY hExpertKey,") cpp_quote(" OUT PEXPERTSTARTUPINFO pExpertStartupInfo);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// DEBUG API's.") cpp_quote("//=============================================================================") cpp_quote("#ifdef DEBUG") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// BreakPoint() macro.") cpp_quote("//=============================================================================") cpp_quote("// We do not want breakpoints in our code any more...") cpp_quote("// so we are defining DebugBreak(), usually a system call, to be") cpp_quote("// just a dprintf. BreakPoint() is still defined as DebugBreak().") cpp_quote("") cpp_quote("#ifdef DebugBreak") cpp_quote("#undef DebugBreak") cpp_quote("#endif // DebugBreak") cpp_quote("") cpp_quote("#define DebugBreak() dprintf(\"DebugBreak Called at %s:%s\", __FILE__, __LINE__);") cpp_quote("#define BreakPoint() DebugBreak()") cpp_quote("") cpp_quote("#endif // DEBUG") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMBlob.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// Blob Constants") cpp_quote("//=============================================================================") const DWORD INITIAL_RESTART_KEY =0xFFFFFFFF; cpp_quote("//=============================================================================") cpp_quote("// Blob Core Helper Routines ") cpp_quote("//=============================================================================") cpp_quote("DWORD _cdecl CreateBlob(HBLOB * phBlob);") cpp_quote("") cpp_quote("DWORD _cdecl DestroyBlob(HBLOB hBlob);") cpp_quote("") cpp_quote("DWORD _cdecl SetStringInBlob(HBLOB hBlob, ") cpp_quote(" const char * pOwnerName, ") cpp_quote(" const char * pCategoryName, ") cpp_quote(" const char * pTagName, ") cpp_quote(" const char * pString); ") cpp_quote("") cpp_quote("DWORD _cdecl GetStringFromBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" const char ** ppString);") cpp_quote("") cpp_quote("DWORD _cdecl GetStringsFromBlob(HBLOB hBlob,") cpp_quote(" const char * pRequestedOwnerName,") cpp_quote(" const char * pRequestedCategoryName,") cpp_quote(" const char * pRequestedTagName,") cpp_quote(" const char ** ppReturnedOwnerName,") cpp_quote(" const char ** ppReturnedCategoryName,") cpp_quote(" const char ** ppReturnedTagName,") cpp_quote(" const char ** ppReturnedString,") cpp_quote(" DWORD * pRestartKey);") cpp_quote("") cpp_quote("DWORD _cdecl RemoveFromBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName);") cpp_quote("") cpp_quote("DWORD _cdecl LockBlob(HBLOB hBlob);") cpp_quote("") cpp_quote("DWORD _cdecl UnlockBlob(HBLOB hBlob);") cpp_quote("") cpp_quote("DWORD _cdecl FindUnknownBlobCategories( HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pKnownCategoriesTable[],") cpp_quote(" HBLOB hUnknownCategoriesBlob);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Blob Helper Routines ") cpp_quote("//=============================================================================") cpp_quote("DWORD _cdecl MergeBlob(HBLOB hDstBlob,") cpp_quote(" HBLOB hSrcBlob); ") cpp_quote("") cpp_quote("DWORD _cdecl DuplicateBlob (HBLOB hSrcBlob,") cpp_quote(" HBLOB *hBlobThatWillBeCreated ); ") cpp_quote("") cpp_quote("DWORD _cdecl WriteBlobToFile(HBLOB hBlob,") cpp_quote(" const char * pFileName);") cpp_quote("") cpp_quote("DWORD _cdecl ReadBlobFromFile(HBLOB* phBlob,") cpp_quote(" const char * pFileName);") cpp_quote("") cpp_quote("DWORD _cdecl RegCreateBlobKey(HKEY hkey, const char* szBlobName, HBLOB hBlob);") cpp_quote("") cpp_quote("DWORD _cdecl RegOpenBlobKey(HKEY hkey, const char* szBlobName, HBLOB* phBlob);") cpp_quote("") cpp_quote("DWORD _cdecl MarshalBlob(HBLOB hBlob, DWORD* pSize, BYTE** ppBytes);") cpp_quote("") cpp_quote("DWORD _cdecl UnMarshalBlob(HBLOB* phBlob, DWORD Size, BYTE* pBytes);") cpp_quote("") cpp_quote("DWORD _cdecl SetDwordInBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" DWORD Dword);") cpp_quote("") cpp_quote("DWORD _cdecl GetDwordFromBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" DWORD * pDword);") cpp_quote("") cpp_quote("DWORD _cdecl SetBoolInBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" BOOL Bool);") cpp_quote("") cpp_quote("DWORD _cdecl GetBoolFromBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" BOOL * pBool);") cpp_quote("") cpp_quote("DWORD _cdecl GetMacAddressFromBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" BYTE * pMacAddress);") cpp_quote("") cpp_quote("DWORD _cdecl SetMacAddressInBlob(HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pTagName,") cpp_quote(" const BYTE * pMacAddress);") cpp_quote("") cpp_quote("DWORD _cdecl FindUnknownBlobTags( HBLOB hBlob,") cpp_quote(" const char * pOwnerName,") cpp_quote(" const char * pCategoryName,") cpp_quote(" const char * pKnownTagsTable[],") cpp_quote(" HBLOB hUnknownTagsBlob);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// Blob NPP Helper Routines") cpp_quote("//=============================================================================") cpp_quote("DWORD _cdecl SetNetworkInfoInBlob(HBLOB hBlob, ") cpp_quote(" LPNETWORKINFO lpNetworkInfo);") cpp_quote("") cpp_quote("DWORD _cdecl GetNetworkInfoFromBlob(HBLOB hBlob, ") cpp_quote(" LPNETWORKINFO lpNetworkInfo);") cpp_quote("") cpp_quote("DWORD _cdecl CreateNPPInterface ( HBLOB hBlob,") cpp_quote(" REFIID iid,") cpp_quote(" void ** ppvObject);") cpp_quote("") cpp_quote("DWORD _cdecl SetClassIDInBlob(HBLOB hBlob,") cpp_quote(" const char* pOwnerName,") cpp_quote(" const char* pCategoryName,") cpp_quote(" const char* pTagName,") cpp_quote(" const CLSID* pClsID);") cpp_quote("") cpp_quote("DWORD _cdecl GetClassIDFromBlob(HBLOB hBlob,") cpp_quote(" const char* pOwnerName,") cpp_quote(" const char* pCategoryName,") cpp_quote(" const char* pTagName,") cpp_quote(" CLSID * pClsID);") cpp_quote("") cpp_quote("DWORD _cdecl SetNPPPatternFilterInBlob( HBLOB hBlob,") cpp_quote(" LPEXPRESSION pExpression,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("DWORD _cdecl GetNPPPatternFilterFromBlob( HBLOB hBlob,") cpp_quote(" LPEXPRESSION pExpression,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("DWORD _cdecl SetNPPAddressFilterInBlob( HBLOB hBlob,") cpp_quote(" LPADDRESSTABLE pAddressTable);") cpp_quote("") cpp_quote("DWORD _cdecl GetNPPAddressFilterFromBlob( HBLOB hBlob,") cpp_quote(" LPADDRESSTABLE pAddressTable,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("DWORD _cdecl SetNPPTriggerInBlob( HBLOB hBlob,") cpp_quote(" LPTRIGGER pTrigger,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("DWORD _cdecl GetNPPTriggerFromBlob( HBLOB hBlob,") cpp_quote(" LPTRIGGER pTrigger,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("DWORD _cdecl SetNPPEtypeSapFilter(HBLOB hBlob, ") cpp_quote(" WORD nSaps,") cpp_quote(" WORD nEtypes,") cpp_quote(" LPBYTE lpSapTable,") cpp_quote(" LPWORD lpEtypeTable,") cpp_quote(" DWORD FilterFlags,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("DWORD _cdecl GetNPPEtypeSapFilter(HBLOB hBlob, ") cpp_quote(" WORD *pnSaps,") cpp_quote(" WORD *pnEtypes,") cpp_quote(" LPBYTE *ppSapTable,") cpp_quote(" LPWORD *ppEtypeTable,") cpp_quote(" DWORD *pFilterFlags,") cpp_quote(" HBLOB hErrorBlob);") cpp_quote("") cpp_quote("// GetNPPMacTypeAsNumber maps the tag NPP:NetworkInfo:MacType to the MAC_TYPE_*") cpp_quote("// defined in the NPPTYPES.h. If the tag is unavailable, the API returns MAC_TYPE_UNKNOWN.") cpp_quote("DWORD _cdecl GetNPPMacTypeAsNumber(HBLOB hBlob, ") cpp_quote(" LPDWORD lpMacType);") cpp_quote("") cpp_quote("// See if a remote catagory exists... and make sure that the remote computername") cpp_quote("// isn't the same as the local computername.") cpp_quote("BOOL _cdecl IsRemoteNPP ( HBLOB hBLOB);") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// npp tag definitions") cpp_quote("//=============================================================================") cpp_quote("#define OWNER_NPP \"NPP\"") cpp_quote("") cpp_quote("#define CATEGORY_NETWORKINFO \"NetworkInfo\"") cpp_quote("#define TAG_MACTYPE \"MacType\"") cpp_quote("#define TAG_CURRENTADDRESS \"CurrentAddress\"") cpp_quote("#define TAG_LINKSPEED \"LinkSpeed\"") cpp_quote("#define TAG_MAXFRAMESIZE \"MaxFrameSize\"") cpp_quote("#define TAG_FLAGS \"Flags\"") cpp_quote("#define TAG_TIMESTAMPSCALEFACTOR \"TimeStampScaleFactor\"") cpp_quote("#define TAG_COMMENT \"Comment\"") cpp_quote("#define TAG_NODENAME \"NodeName\"") cpp_quote("#define TAG_NAME \"Name\"") cpp_quote("#define TAG_FAKENPP \"Fake\"") cpp_quote("#define TAG_PROMISCUOUS_MODE \"PMode\"") cpp_quote("") cpp_quote("#define CATEGORY_LOCATION \"Location\"") cpp_quote("#define TAG_RAS \"Dial-up Connection\"") cpp_quote("#define TAG_MACADDRESS \"MacAddress\"") cpp_quote("#define TAG_CLASSID \"ClassID\"") cpp_quote("#define TAG_NAME \"Name\"") cpp_quote("") cpp_quote("#define CATEGORY_CONFIG \"Config\"") cpp_quote("#define TAG_FRAME_SIZE \"FrameSize\"") cpp_quote("#define TAG_UPDATE_FREQUENCY \"UpdateFreq\"") cpp_quote("#define TAG_BUFFER_SIZE \"BufferSize\"") cpp_quote("#define TAG_DRIVE_LETTER \"DriveLetter\"") cpp_quote("#define TAG_PATTERN_DESIGNATOR \"PatternMatch\"") cpp_quote("#define TAG_PATTERN \"Pattern\"") cpp_quote("#define TAG_ADDRESS_PAIR \"AddressPair\"") cpp_quote("#define TAG_CONNECTIONFLAGS \"ConnectionFlags\"") cpp_quote("#define TAG_ETYPES \"Etypes\"") cpp_quote("#define TAG_SAPS \"Saps\"") cpp_quote("#define TAG_NO_CONVERSATION_STATS \"NoConversationStats\"") cpp_quote("#define TAG_NO_STATS_FRAME \"NoStatsFrame\"") cpp_quote("#define TAG_DONT_DELETE_EMPTY_CAPTURE \"DontDeleteEmptyCapture\"") cpp_quote("#define TAG_WANT_PROTOCOL_INFO \"WantProtocolInfo\"") cpp_quote("#define TAG_INTERFACE_DELAYED_CAPTURE \"IDdC\"") cpp_quote("#define TAG_INTERFACE_REALTIME_CAPTURE \"IRTC\"") cpp_quote("#define TAG_INTERFACE_STATS \"ISts\"") cpp_quote("#define TAG_INTERFACE_TRANSMIT \"IXmt\"") cpp_quote("#define TAG_INTERFACE_EXPERT_STATS \"IESP\"") cpp_quote("#define TAG_LOCAL_ONLY \"LocalOnly\"") cpp_quote("// Is_Remote is set to TRUE by NPPs that go remote. Note that when you") cpp_quote("// are looking for a remote NPP, you probably also need to ask for") cpp_quote("// blobs that have the TAG_GET_SPECIAL_BLOBS bool set") cpp_quote("#define TAG_IS_REMOTE \"IsRemote\"") cpp_quote("") cpp_quote("") cpp_quote("#define CATEGORY_TRIGGER \"Trigger\"") cpp_quote("#define TAG_TRIGGER \"Trigger\"") cpp_quote("") cpp_quote("#define CATEGORY_FINDER \"Finder\"") cpp_quote("#define TAG_ROOT \"Root\"") cpp_quote("#define TAG_PROCNAME \"ProcName\"") cpp_quote("#define TAG_DISP_STRING \"Display\"") cpp_quote("#define TAG_DLL_FILENAME \"DLLName\"") cpp_quote("#define TAG_GET_SPECIAL_BLOBS \"Specials\"") cpp_quote("") cpp_quote("#define CATEGORY_REMOTE \"Remote\"") cpp_quote("#define TAG_REMOTECOMPUTER \"RemoteComputer\"") cpp_quote("#define TAG_REMOTECLASSID \"ClassID\"") cpp_quote("") cpp_quote("#define CATEGORY_ESP \"ESP\"") cpp_quote("#define TAG_ESP_GENERAL_ACTIVE \"ESPGeneralActive\"") cpp_quote("#define TAG_ESP_PROTOCOL_ACTIVE \"ESPProtocolActive\"") cpp_quote("#define TAG_ESP_MAC_ACTIVE \"ESPMacActive\"") cpp_quote("#define TAG_ESP_MAC2MAC_ACTIVE \"ESPMac2MacActive\"") cpp_quote("#define TAG_ESP_IP_ACTIVE \"ESPIpActive\"") cpp_quote("#define TAG_ESP_IP2IP_ACTIVE \"ESPIp2IpActive\"") cpp_quote("#define TAG_ESP_IP_APP_ACTIVE \"ESPIpAppActive\"") cpp_quote("#define TAG_ESP_IPX_ACTIVE \"ESPIpxActive\"") cpp_quote("#define TAG_ESP_IPX2IPX_ACTIVE \"ESPIpx2IpxActive\"") cpp_quote("#define TAG_ESP_IPX_APP_ACTIVE \"ESPIpxAppActive\"") cpp_quote("#define TAG_ESP_DEC_ACTIVE \"ESPDecActive\"") cpp_quote("#define TAG_ESP_DEC2DEC_ACTIVE \"ESPDec2DecActive\"") cpp_quote("#define TAG_ESP_DEC_APP_ACTIVE \"ESPDecAppActive\"") cpp_quote("#define TAG_ESP_APPLE_ACTIVE \"ESPAppleActive\"") cpp_quote("#define TAG_ESP_APPLE2APPLE_ACTIVE \"ESPApple2AppleActive\"") cpp_quote("#define TAG_ESP_APPLE_APP_ACTIVE \"ESPAppleAppActive\"") cpp_quote("") cpp_quote("#define TAG_ESP_UTIL_SIZE \"ESPUtilSize\"") cpp_quote("#define TAG_ESP_TIME_SIZE \"ESPTimeSize\"") cpp_quote("#define TAG_ESP_BPS_SIZE \"ESPBpsSize\"") cpp_quote("#define TAG_ESP_BPS_THRESH \"ESPBpsThresh\"") cpp_quote("#define TAG_ESP_FPS_THRESH \"ESPFpsThresh\"") cpp_quote("") cpp_quote("#define TAG_ESP_MAC \"ESPMac\"") cpp_quote("#define TAG_ESP_IPX \"ESPIpx\"") cpp_quote("#define TAG_ESP_IPXSPX \"ESPIpxSpx\"") cpp_quote("#define TAG_ESP_NCP \"ESPNcp\"") cpp_quote("#define TAG_ESP_IP \"ESPIp\"") cpp_quote("#define TAG_ESP_UDP \"ESPUdp\"") cpp_quote("#define TAG_ESP_TCP \"ESPTcp\"") cpp_quote("#define TAG_ESP_ICMP \"ESPIcmp\"") cpp_quote("#define TAG_ESP_ARP \"ESPArp\"") cpp_quote("#define TAG_ESP_RARP \"ESPRarp\"") cpp_quote("#define TAG_ESP_APPLE \"ESPApple\"") cpp_quote("#define TAG_ESP_AARP \"ESPAarp\"") cpp_quote("#define TAG_ESP_DEC \"ESPDec\"") cpp_quote("#define TAG_ESP_NETBIOS \"ESPNetbios\"") cpp_quote("#define TAG_ESP_SNA \"ESPSna\"") cpp_quote("#define TAG_ESP_BPDU \"ESPBpdu\"") cpp_quote("#define TAG_ESP_LLC \"ESPLlc\"") cpp_quote("#define TAG_ESP_RPL \"ESPRpl\"") cpp_quote("#define TAG_ESP_BANYAN \"ESPBanyan\"") cpp_quote("#define TAG_ESP_LANMAN \"ESPLanMan\"") cpp_quote("#define TAG_ESP_SNMP \"ESPSnmp\"") cpp_quote("#define TAG_ESP_X25 \"ESPX25\"") cpp_quote("#define TAG_ESP_XNS \"ESPXns\"") cpp_quote("#define TAG_ESP_ISO \"ESPIso\"") cpp_quote("#define TAG_ESP_UNKNOWN \"ESPUnknown\"") cpp_quote("#define TAG_ESP_ATP \"ESPAtp\"") cpp_quote("#define TAG_ESP_ADSP \"ESPAdsp\"") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("// npp value definitions") cpp_quote("//=============================================================================") cpp_quote("// Mac types") cpp_quote("#define PROTOCOL_STRING_ETHERNET_TXT \"ETHERNET\"") cpp_quote("#define PROTOCOL_STRING_TOKENRING_TXT \"TOKENRING\"") cpp_quote("#define PROTOCOL_STRING_FDDI_TXT \"FDDI\"") cpp_quote("#define PROTOCOL_STRING_ATM_TXT \"ATM\"") cpp_quote("#define PROTOCOL_STRING_1394_TXT \"IP/1394\"") cpp_quote("") cpp_quote("// lower protocols") cpp_quote("#define PROTOCOL_STRING_IP_TXT \"IP\"") cpp_quote("#define PROTOCOL_STRING_IPX_TXT \"IPX\"") cpp_quote("#define PROTOCOL_STRING_XNS_TXT \"XNS\"") cpp_quote("#define PROTOCOL_STRING_VINES_IP_TXT \"VINES IP\"") cpp_quote("") cpp_quote("// upper protocols") cpp_quote("#define PROTOCOL_STRING_ICMP_TXT \"ICMP\"") cpp_quote("#define PROTOCOL_STRING_TCP_TXT \"TCP\"") cpp_quote("#define PROTOCOL_STRING_UDP_TXT \"UDP\"") cpp_quote("#define PROTOCOL_STRING_SPX_TXT \"SPX\"") cpp_quote("#define PROTOCOL_STRING_NCP_TXT \"NCP\"") cpp_quote("") cpp_quote("// pseudo protocols") cpp_quote("#define PROTOCOL_STRING_ANY_TXT \"ANY\"") cpp_quote("#define PROTOCOL_STRING_ANY_GROUP_TXT \"ANY GROUP\"") cpp_quote("#define PROTOCOL_STRING_HIGHEST_TXT \"HIGHEST\"") cpp_quote("#define PROTOCOL_STRING_LOCAL_ONLY_TXT \"LOCAL ONLY\"") cpp_quote("#define PROTOCOL_STRING_UNKNOWN_TXT \"UNKNOWN\"") cpp_quote("#define PROTOCOL_STRING_DATA_TXT \"DATA\"") cpp_quote("#define PROTOCOL_STRING_FRAME_TXT \"FRAME\"") cpp_quote("#define PROTOCOL_STRING_NONE_TXT \"NONE\"") cpp_quote("#define PROTOCOL_STRING_EFFECTIVE_TXT \"EFFECTIVE\"") cpp_quote("") cpp_quote("#define ADDRESS_PAIR_INCLUDE_TXT \"INCLUDE\"") cpp_quote("#define ADDRESS_PAIR_EXCLUDE_TXT \"EXCLUDE\"") cpp_quote("") cpp_quote("#define INCLUDE_ALL_EXCEPT_TXT \"INCLUDE ALL EXCEPT\"") cpp_quote("#define EXCLUDE_ALL_EXCEPT_TXT \"EXCLUDE ALL EXCEPT\"") cpp_quote("") cpp_quote("#define PATTERN_MATCH_OR_TXT \"OR(\"") cpp_quote("#define PATTERN_MATCH_AND_TXT \"AND(\"") cpp_quote("") cpp_quote("#define TRIGGER_PATTERN_TXT \"PATTERN MATCH\"") cpp_quote("#define TRIGGER_BUFFER_TXT \"BUFFER CONTENT\"") cpp_quote("") cpp_quote("#define TRIGGER_NOTIFY_TXT \"NOTIFY\"") cpp_quote("#define TRIGGER_STOP_TXT \"STOP\"") cpp_quote("#define TRIGGER_PAUSE_TXT \"PAUSE\"") cpp_quote("") cpp_quote("#define TRIGGER_25_PERCENT_TXT \"25 PERCENT\"") cpp_quote("#define TRIGGER_50_PERCENT_TXT \"50 PERCENT\"") cpp_quote("#define TRIGGER_75_PERCENT_TXT \"75 PERCENT\"") cpp_quote("#define TRIGGER_100_PERCENT_TXT \"100 PERCENT\"") cpp_quote("") cpp_quote("#define PATTERN_MATCH_NOT_TXT \"NOT\"") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMRegHelp.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// Registry helpers") cpp_quote("LPCSTR _cdecl FindOneOf(LPCSTR p1, LPCSTR p2);") cpp_quote("") cpp_quote("LONG _cdecl recursiveDeleteKey(HKEY hKeyParent, // Parent of key to delete.") cpp_quote(" const char* lpszKeyChild); // Key to delete.") cpp_quote("") cpp_quote("BOOL _cdecl SubkeyExists(const char* pszPath, // Path of key to check") cpp_quote(" const char* szSubkey); // Key to check") cpp_quote("") cpp_quote("BOOL _cdecl setKeyAndValue(const char* szKey, ") cpp_quote(" const char* szSubkey, ") cpp_quote(" const char* szValue,") cpp_quote(" const char* szName) ;") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMIpStructs.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("// These structures are used to decode network data and so need to be packed") #pragma pack(push, 1) cpp_quote("//") cpp_quote("// IP Packet Structure") cpp_quote("//") // contains a zero length array, so must cpp_quote cpp_quote("typedef struct _IP ") cpp_quote("{") cpp_quote(" union ") cpp_quote(" {") cpp_quote(" BYTE Version;") cpp_quote(" BYTE HdrLen;") cpp_quote(" };") cpp_quote(" BYTE ServiceType;") cpp_quote(" WORD TotalLen;") cpp_quote(" WORD ID;") cpp_quote(" union ") cpp_quote(" {") cpp_quote(" WORD Flags;") cpp_quote(" WORD FragOff;") cpp_quote(" };") cpp_quote(" BYTE TimeToLive;") cpp_quote(" BYTE Protocol;") cpp_quote(" WORD HdrChksum;") cpp_quote(" DWORD SrcAddr;") cpp_quote(" DWORD DstAddr;") cpp_quote(" BYTE Options[0];") cpp_quote("} IP;") cpp_quote("") cpp_quote("typedef IP * LPIP;") cpp_quote("typedef IP UNALIGNED * ULPIP;") cpp_quote("// Psuedo Header used for CheckSum Calculations") typedef struct _PSUHDR { DWORD ph_SrcIP; DWORD ph_DstIP; UCHAR ph_Zero; UCHAR ph_Proto; WORD ph_ProtLen; } PSUHDR; cpp_quote("typedef PSUHDR UNALIGNED * LPPSUHDR;") cpp_quote("//") cpp_quote("// IP Bitmasks that are useful") cpp_quote("// (and the appropriate bit shifts, as well)") cpp_quote("//") cpp_quote("") cpp_quote("#define IP_VERSION_MASK ((BYTE) 0xf0)") cpp_quote("#define IP_VERSION_SHIFT (4)") cpp_quote("#define IP_HDRLEN_MASK ((BYTE) 0x0f)") cpp_quote("#define IP_HDRLEN_SHIFT (0)") cpp_quote("#define IP_PRECEDENCE_MASK ((BYTE) 0xE0)") cpp_quote("#define IP_PRECEDENCE_SHIFT (5)") cpp_quote("#define IP_TOS_MASK ((BYTE) 0x1E)") cpp_quote("#define IP_TOS_SHIFT (1)") cpp_quote("#define IP_DELAY_MASK ((BYTE) 0x10)") cpp_quote("#define IP_THROUGHPUT_MASK ((BYTE) 0x08)") cpp_quote("#define IP_RELIABILITY_MASK ((BYTE) 0x04)") cpp_quote("#define IP_FLAGS_MASK ((BYTE) 0xE0)") cpp_quote("#define IP_FLAGS_SHIFT (13)") cpp_quote("#define IP_DF_MASK ((BYTE) 0x40)") cpp_quote("#define IP_MF_MASK ((BYTE) 0x20)") cpp_quote("#define IP_MF_SHIFT (5)") cpp_quote("#define IP_FRAGOFF_MASK ((WORD) 0x1FFF)") cpp_quote("#define IP_FRAGOFF_SHIFT (3)") cpp_quote("#define IP_TCC_MASK ((DWORD) 0xFFFFFF00)") cpp_quote("#define IP_TIME_OPTS_MASK ((BYTE) 0x0F)") cpp_quote("#define IP_MISS_STNS_MASK ((BYTE) 0xF0)") cpp_quote("") cpp_quote("#define IP_TIME_OPTS_SHIFT (0)") cpp_quote("#define IP_MISS_STNS_SHIFT (4)") cpp_quote("") cpp_quote("//") cpp_quote("// Offset to checksum field in ip header") cpp_quote("//") cpp_quote("#define IP_CHKSUM_OFF 10") cpp_quote("") cpp_quote("INLINE BYTE IP_Version(ULPIP pIP)") cpp_quote("{") cpp_quote(" return (pIP->Version & IP_VERSION_MASK) >> IP_VERSION_SHIFT;") cpp_quote("}") cpp_quote("") cpp_quote("INLINE DWORD IP_HdrLen(ULPIP pIP)") cpp_quote("{") cpp_quote(" return ((pIP->HdrLen & IP_HDRLEN_MASK) >> IP_HDRLEN_SHIFT) << 2;") cpp_quote("}") cpp_quote("") cpp_quote("INLINE WORD IP_FragOff(ULPIP pIP)") cpp_quote("{") cpp_quote(" return (XCHG(pIP->FragOff) & IP_FRAGOFF_MASK) << IP_FRAGOFF_SHIFT;") cpp_quote("}") cpp_quote("") cpp_quote("INLINE DWORD IP_TotalLen(ULPIP pIP)") cpp_quote("{") cpp_quote(" return XCHG(pIP->TotalLen);") cpp_quote("}") cpp_quote("") cpp_quote("INLINE DWORD IP_MoreFragments(ULPIP pIP)") cpp_quote("{") cpp_quote(" return (pIP->Flags & IP_MF_MASK) >> IP_MF_SHIFT;") cpp_quote("}") cpp_quote("//") cpp_quote("// Well known ports in the TCP/IP protocol (See RFC 1060)") cpp_quote("//") cpp_quote("#define PORT_TCPMUX 1 // TCP Port Service Multiplexer") cpp_quote("#define PORT_RJE 5 // Remote Job Entry") cpp_quote("#define PORT_ECHO 7 // Echo") cpp_quote("#define PORT_DISCARD 9 // Discard") cpp_quote("#define PORT_USERS 11 // Active users") cpp_quote("#define PORT_DAYTIME 13 // Daytime") cpp_quote("#define PORT_NETSTAT 15 // Netstat") cpp_quote("#define PORT_QUOTE 17 // Quote of the day") cpp_quote("#define PORT_CHARGEN 19 // Character Generator") cpp_quote("#define PORT_FTPDATA 20 // File transfer [default data]") cpp_quote("#define PORT_FTP 21 // File transfer [Control]") cpp_quote("#define PORT_TELNET 23 // Telnet") cpp_quote("#define PORT_SMTP 25 // Simple Mail Transfer") cpp_quote("#define PORT_NSWFE 27 // NSW User System FE") cpp_quote("#define PORT_MSGICP 29 // MSG ICP") cpp_quote("#define PORT_MSGAUTH 31 // MSG Authentication") cpp_quote("#define PORT_DSP 33 // Display Support") cpp_quote("#define PORT_PRTSERVER 35 // any private printer server") cpp_quote("#define PORT_TIME 37 // Time") cpp_quote("#define PORT_RLP 39 // Resource Location Protocol") cpp_quote("#define PORT_GRAPHICS 41 // Graphics") cpp_quote("#define PORT_NAMESERVER 42 // Host Name Server") cpp_quote("#define PORT_NICNAME 43 // Who is") cpp_quote("#define PORT_MPMFLAGS 44 // MPM Flags ") cpp_quote("#define PORT_MPM 45 // Message Processing Module [recv]") cpp_quote("#define PORT_MPMSND 46 // MPM [default send]") cpp_quote("#define PORT_NIFTP 47 // NI FTP") cpp_quote("#define PORT_LOGIN 49 // Login Host Protocol") cpp_quote("#define PORT_LAMAINT 51 // IMP Logical Address Maintenance") cpp_quote("#define PORT_DOMAIN 53 // Domain Name Server") cpp_quote("#define PORT_ISIGL 55 // ISI Graphics Language") cpp_quote("#define PORT_ANYTERMACC 57 // any private terminal access") cpp_quote("#define PORT_ANYFILESYS 59 // any private file service") cpp_quote("#define PORT_NIMAIL 61 // NI Mail") cpp_quote("#define PORT_VIAFTP 63 // VIA Systems - FTP") cpp_quote("#define PORT_TACACSDS 65 // TACACS - Database Service") cpp_quote("#define PORT_BOOTPS 67 // Bootstrap Protocol server") cpp_quote("#define PORT_BOOTPC 68 // Bootstrap Protocol client") cpp_quote("#define PORT_TFTP 69 // Trivial File Transfer") cpp_quote("#define PORT_NETRJS1 71 // Remote Job service") cpp_quote("#define PORT_NETRJS2 72 // Remote Job service") cpp_quote("#define PORT_NETRJS3 73 // Remote Job service") cpp_quote("#define PORT_NETRJS4 74 // Remote Job service") cpp_quote("#define PORT_ANYDIALOUT 75 // any private dial out service") cpp_quote("#define PORT_ANYRJE 77 // any private RJE service") cpp_quote("#define PORT_FINGER 79 // Finger") cpp_quote("#define PORT_HTTP 80 // HTTP (www)") cpp_quote("#define PORT_HOSTS2NS 81 // Hosts2 Name Server") cpp_quote("#define PORT_MITMLDEV1 83 // MIT ML Device") cpp_quote("#define PORT_MITMLDEV2 85 // MIT ML Device") cpp_quote("#define PORT_ANYTERMLINK 87 // any private terminal link") cpp_quote("#define PORT_SUMITTG 89 // SU/MIT Telnet Gateway") cpp_quote("#define PORT_MITDOV 91 // MIT Dover Spooler") cpp_quote("#define PORT_DCP 93 // Device Control Protocol") cpp_quote("#define PORT_SUPDUP 95 // SUPDUP") cpp_quote("#define PORT_SWIFTRVF 97 // Swift Remote Vitural File Protocol") cpp_quote("#define PORT_TACNEWS 98 // TAC News") cpp_quote("#define PORT_METAGRAM 99 // Metagram Relay") cpp_quote("#define PORT_NEWACCT 100 // [Unauthorized use]") cpp_quote("#define PORT_HOSTNAME 101 // NIC Host Name Server") cpp_quote("#define PORT_ISOTSAP 102 // ISO-TSAP") cpp_quote("#define PORT_X400 103 // X400") cpp_quote("#define PORT_X400SND 104 // X400 - SND") cpp_quote("#define PORT_CSNETNS 105 // Mailbox Name Nameserver") cpp_quote("#define PORT_RTELNET 107 // Remote Telnet Service") cpp_quote("#define PORT_POP2 109 // Post Office Protocol - version 2") cpp_quote("#define PORT_POP3 110 // Post Office Protocol - version 3") cpp_quote("#define PORT_SUNRPC 111 // SUN Remote Procedure Call") cpp_quote("#define PORT_AUTH 113 // Authentication") cpp_quote("#define PORT_SFTP 115 // Simple File Transfer Protocol") cpp_quote("#define PORT_UUCPPATH 117 // UUCP Path Service") cpp_quote("#define PORT_NNTP 119 // Network News Transfer Protocol") cpp_quote("#define PORT_ERPC 121 // Encore Expedited Remote Proc. Call") cpp_quote("#define PORT_NTP 123 // Network Time Protocol") cpp_quote("#define PORT_LOCUSMAP 125 // Locus PC-Interface Net Map Sesrver") cpp_quote("#define PORT_LOCUSCON 127 // Locus PC-Interface Conn Server") cpp_quote("#define PORT_PWDGEN 129 // Password Generator Protocol") cpp_quote("#define PORT_CISCOFNA 130 // CISCO FNATIVE") cpp_quote("#define PORT_CISCOTNA 131 // CISCO TNATIVE") cpp_quote("#define PORT_CISCOSYS 132 // CISCO SYSMAINT") cpp_quote("#define PORT_STATSRV 133 // Statistics Service") cpp_quote("#define PORT_INGRESNET 134 // Ingres net service") cpp_quote("#define PORT_LOCSRV 135 // Location Service") cpp_quote("#define PORT_PROFILE 136 // PROFILE Naming System") cpp_quote("#define PORT_NETBIOSNS 137 // NETBIOS Name Service") cpp_quote("#define PORT_NETBIOSDGM 138 // NETBIOS Datagram Service") cpp_quote("#define PORT_NETBIOSSSN 139 // NETBIOS Session Service") cpp_quote("#define PORT_EMFISDATA 140 // EMFIS Data Service") cpp_quote("#define PORT_EMFISCNTL 141 // EMFIS Control Service") cpp_quote("#define PORT_BLIDM 142 // Britton-Lee IDM") cpp_quote("#define PORT_IMAP2 143 // Interim Mail Access Protocol v2") cpp_quote("#define PORT_NEWS 144 // NewS") cpp_quote("#define PORT_UAAC 145 // UAAC protocol") cpp_quote("#define PORT_ISOTP0 146 // ISO-IP0") cpp_quote("#define PORT_ISOIP 147 // ISO-IP") cpp_quote("#define PORT_CRONUS 148 // CRONUS-Support") cpp_quote("#define PORT_AED512 149 // AED 512 Emulation Service") cpp_quote("#define PORT_SQLNET 150 // SQL-NET") cpp_quote("#define PORT_HEMS 151 // HEMS") cpp_quote("#define PORT_BFTP 152 // Background File Transfer Protocol") cpp_quote("#define PORT_SGMP 153 // SGMP") cpp_quote("#define PORT_NETSCPROD 154 // NETSC") cpp_quote("#define PORT_NETSCDEV 155 // NETSC") cpp_quote("#define PORT_SQLSRV 156 // SQL service") cpp_quote("#define PORT_KNETCMP 157 // KNET/VM Command/Message Protocol") cpp_quote("#define PORT_PCMAILSRV 158 // PCMail server") cpp_quote("#define PORT_NSSROUTING 159 // NSS routing") cpp_quote("#define PORT_SGMPTRAPS 160 // SGMP-TRAPS") cpp_quote("#define PORT_SNMP 161 // SNMP") cpp_quote("#define PORT_SNMPTRAP 162 // SNMPTRAP") cpp_quote("#define PORT_CMIPMANAGE 163 // CMIP/TCP Manager") cpp_quote("#define PORT_CMIPAGENT 164 // CMIP/TCP Agent") cpp_quote("#define PORT_XNSCOURIER 165 // Xerox") cpp_quote("#define PORT_SNET 166 // Sirius Systems") cpp_quote("#define PORT_NAMP 167 // NAMP") cpp_quote("#define PORT_RSVD 168 // RSVC") cpp_quote("#define PORT_SEND 169 // SEND") cpp_quote("#define PORT_PRINTSRV 170 // Network Postscript") cpp_quote("#define PORT_MULTIPLEX 171 // Network Innovations Multiples") cpp_quote("#define PORT_CL1 172 // Network Innovations CL/1") cpp_quote("#define PORT_XYPLEXMUX 173 // Xyplex") cpp_quote("#define PORT_MAILQ 174 // MAILQ") cpp_quote("#define PORT_VMNET 175 // VMNET") cpp_quote("#define PORT_GENRADMUX 176 // GENRAD-MUX") cpp_quote("#define PORT_XDMCP 177 // X Display Manager Control Protocol") cpp_quote("#define PORT_NEXTSTEP 178 // NextStep Window Server") cpp_quote("#define PORT_BGP 179 // Border Gateway Protocol") cpp_quote("#define PORT_RIS 180 // Intergraph") cpp_quote("#define PORT_UNIFY 181 // Unify") cpp_quote("#define PORT_UNISYSCAM 182 // Unisys-Cam") cpp_quote("#define PORT_OCBINDER 183 // OCBinder") cpp_quote("#define PORT_OCSERVER 184 // OCServer") cpp_quote("#define PORT_REMOTEKIS 185 // Remote-KIS") cpp_quote("#define PORT_KIS 186 // KIS protocol") cpp_quote("#define PORT_ACI 187 // Application Communication Interface") cpp_quote("#define PORT_MUMPS 188 // MUMPS") cpp_quote("#define PORT_QFT 189 // Queued File Transport") cpp_quote("#define PORT_GACP 190 // Gateway Access Control Protocol") cpp_quote("#define PORT_PROSPERO 191 // Prospero") cpp_quote("#define PORT_OSUNMS 192 // OSU Network Monitoring System") cpp_quote("#define PORT_SRMP 193 // Spider Remote Monitoring Protocol") cpp_quote("#define PORT_IRC 194 // Internet Relay Chat Protocol") cpp_quote("#define PORT_DN6NLMAUD 195 // DNSIX Network Level Module Audit") cpp_quote("#define PORT_DN6SMMRED 196 // DSNIX Session Mgt Module Audit Redirector") cpp_quote("#define PORT_DLS 197 // Directory Location Service") cpp_quote("#define PORT_DLSMON 198 // Directory Location Service Monitor") cpp_quote("#define PORT_ATRMTP 201 // AppleTalk Routing Maintenance") cpp_quote("#define PORT_ATNBP 202 // AppleTalk Name Binding") cpp_quote("#define PORT_AT3 203 // AppleTalk Unused") cpp_quote("#define PORT_ATECHO 204 // AppleTalk Echo") cpp_quote("#define PORT_AT5 205 // AppleTalk Unused") cpp_quote("#define PORT_ATZIS 206 // AppleTalk Zone Information") cpp_quote("#define PORT_AT7 207 // AppleTalk Unused") cpp_quote("#define PORT_AT8 208 // AppleTalk Unused") cpp_quote("#define PORT_SURMEAS 243 // Survey Measurement") cpp_quote("#define PORT_LINK 245 // LINK") cpp_quote("#define PORT_DSP3270 246 // Display Systems Protocol") cpp_quote("#define PORT_LDAP1 389 // LDAP") cpp_quote("#define PORT_ISAKMP 500 // ISAKMP") cpp_quote("#define PORT_REXEC 512 // Remote Process Execution") cpp_quote("#define PORT_RLOGIN 513 // Remote login a la telnet") cpp_quote("#define PORT_RSH 514 // Remote command") cpp_quote("#define PORT_LPD 515 // Line printer spooler - LPD") cpp_quote("#define PORT_RIP 520 // TCP=? / UDP=RIP") cpp_quote("#define PORT_TEMPO 526 // Newdate") cpp_quote("#define PORT_COURIER 530 // rpc") cpp_quote("#define PORT_NETNEWS 532 // READNEWS") cpp_quote("#define PORT_UUCPD 540 // UUCPD") cpp_quote("#define PORT_KLOGIN 543 //") cpp_quote("#define PORT_KSHELL 544 // krcmd") cpp_quote("#define PORT_DSF 555 //") cpp_quote("#define PORT_REMOTEEFS 556 // RFS server") cpp_quote("#define PORT_CHSHELL 562 // chmod") cpp_quote("#define PORT_METER 570 // METER") cpp_quote("#define PORT_PCSERVER 600 // SUN IPC Server") cpp_quote("#define PORT_NQS 607 // NQS") cpp_quote("#define PORT_HMMP_INDICATION 612 // ") cpp_quote("#define PORT_HMMP_OPERATION 613 // ") cpp_quote("#define PORT_MDQS 666 // MDQS") cpp_quote("#define PORT_LPD721 721 // LPD Client (lpd client ports 721 - 731)") cpp_quote("#define PORT_LPD722 722 // LPD Client (see RFC 1179)") cpp_quote("#define PORT_LPD723 723 // LPD Client") cpp_quote("#define PORT_LPD724 724 // LPD Client") cpp_quote("#define PORT_LPD725 725 // LPD Client") cpp_quote("#define PORT_LPD726 726 // LPD Client") cpp_quote("#define PORT_LPD727 727 // LPD Client") cpp_quote("#define PORT_LPD728 728 // LPD Client") cpp_quote("#define PORT_LPD729 729 // LPD Client") cpp_quote("#define PORT_LPD730 730 // LPD Client") cpp_quote("#define PORT_LPD731 731 // LPD Client") cpp_quote("#define PORT_RFILE 750 // RFILE") cpp_quote("#define PORT_PUMP 751 // PUMP") cpp_quote("#define PORT_QRH 752 // QRH") cpp_quote("#define PORT_RRH 753 // RRH") cpp_quote("#define PORT_TELL 754 // TELL") cpp_quote("#define PORT_NLOGIN 758 // NLOGIN") cpp_quote("#define PORT_CON 759 // CON") cpp_quote("#define PORT_NS 760 // NS") cpp_quote("#define PORT_RXE 761 // RXE") cpp_quote("#define PORT_QUOTAD 762 // QUOTAD") cpp_quote("#define PORT_CYCLESERV 763 // CYCLESERV") cpp_quote("#define PORT_OMSERV 764 // OMSERV") cpp_quote("#define PORT_WEBSTER 765 // WEBSTER") cpp_quote("#define PORT_PHONEBOOK 767 // PHONE") cpp_quote("#define PORT_VID 769 // VID") cpp_quote("#define PORT_RTIP 771 // RTIP") cpp_quote("#define PORT_CYCLESERV2 772 // CYCLESERV-2") cpp_quote("#define PORT_SUBMIT 773 // submit") cpp_quote("#define PORT_RPASSWD 774 // RPASSWD") cpp_quote("#define PORT_ENTOMB 775 // ENTOMB") cpp_quote("#define PORT_WPAGES 776 // WPAGES") cpp_quote("#define PORT_WPGS 780 // wpgs") cpp_quote("#define PORT_MDBSDAEMON 800 // MDBS DAEMON") cpp_quote("#define PORT_DEVICE 801 // DEVICE") cpp_quote("#define PORT_MAITRD 997 // MAITRD") cpp_quote("#define PORT_BUSBOY 998 // BUSBOY") cpp_quote("#define PORT_GARCON 999 // GARCON") cpp_quote("#define PORT_NFS 2049 // NFS") cpp_quote("#define PORT_LDAP2 3268 // LDAP") cpp_quote("#define PORT_PPTP 5678 // PPTP") cpp_quote("") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMIcmpStructs.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("") cpp_quote("//") cpp_quote("// ICMP Frame Structure") cpp_quote("//") typedef struct _RequestReplyFields { WORD ID; WORD SeqNo; } ReqReply; typedef struct _ParameterProblemFields { BYTE Pointer; BYTE junk[3]; } ParmProb; typedef struct _TimestampFields { DWORD tsOrig; DWORD tsRecv; DWORD tsXmit; } TS; typedef struct _RouterAnnounceHeaderFields { BYTE NumAddrs; BYTE AddrEntrySize; WORD Lifetime; } RouterAH; typedef struct _RouterAnnounceEntry { DWORD Address; DWORD PreferenceLevel; } RouterAE; // contains a zero length array, so must cpp_quote cpp_quote("typedef struct _ICMP ") cpp_quote("{") cpp_quote(" BYTE Type;") cpp_quote(" BYTE Code;") cpp_quote(" WORD Checksum;") cpp_quote(" union") cpp_quote(" {") cpp_quote(" DWORD Unused;") cpp_quote(" DWORD Address;") cpp_quote(" ReqReply RR;") cpp_quote(" ParmProb PP;") cpp_quote(" RouterAH RAH; ") cpp_quote(" };") cpp_quote("") cpp_quote(" union") cpp_quote(" {") cpp_quote(" TS Time;") cpp_quote(" IP IP;") cpp_quote(" RouterAE RAE[0];") cpp_quote(" };") cpp_quote("} ICMP;") cpp_quote("") cpp_quote("typedef ICMP * LPICMP;") cpp_quote("typedef ICMP UNALIGNED * ULPICMP;") const DWORD ICMP_HEADER_LENGTH =8; cpp_quote("// # of *BYTES* of IP data to attach to") cpp_quote("// datagram in addition to IP header") const DWORD ICMP_IP_DATA_LENGTH =8; cpp_quote("//") cpp_quote("// ICMP Packet Types") cpp_quote("//") const BYTE ECHO_REPLY = 0; const BYTE DESTINATION_UNREACHABLE = 3; const BYTE SOURCE_QUENCH = 4; const BYTE REDIRECT = 5; const BYTE ECHO = 8; const BYTE ROUTER_ADVERTISEMENT = 9; const BYTE ROUTER_SOLICITATION =10; const BYTE TIME_EXCEEDED =11; const BYTE PARAMETER_PROBLEM =12; const BYTE TIMESTAMP =13; const BYTE TIMESTAMP_REPLY =14; const BYTE INFORMATION_REQUEST =15; const BYTE INFORMATION_REPLY =16; const BYTE ADDRESS_MASK_REQUEST =17; const BYTE ADDRESS_MASK_REPLY =18; cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMIpxStructs.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// IPX") typedef struct { UCHAR ha_address[6]; } HOST_ADDRESS; typedef struct _IPXADDRESS { ULONG ipx_NetNumber; HOST_ADDRESS ipx_HostAddr; } IPXADDRESS; cpp_quote("typedef IPXADDRESS UNALIGNED * PIPXADDRESS;") typedef struct _NET_ADDRESS { IPXADDRESS na_IPXAddr; USHORT na_socket; } NET_ADDRESS; cpp_quote("typedef NET_ADDRESS UNALIGNED * UPNET_ADDRESS;") cpp_quote("// IPX Internetwork Packet eXchange Protocol Header.") typedef struct { USHORT ipx_checksum; USHORT ipx_length; UCHAR ipx_xport_control; // nee ipx_hopcnt UCHAR ipx_packet_type; // nee ipx_pkttyp NET_ADDRESS ipx_dest; NET_ADDRESS ipx_source; } IPX_HDR; cpp_quote("typedef IPX_HDR UNALIGNED * ULPIPX_HDR;") cpp_quote("// SPX - Sequenced Packet Protocol") typedef struct _SPX_HDR { IPX_HDR spx_idp_hdr; UCHAR spx_conn_ctrl; // bits 0-3 defined (SPX_CTRL_xxx) UCHAR spx_data_type; // 0 (defined to be used by higher layers) USHORT spx_src_conn_id; // b.e. USHORT spx_dest_conn_id; // b.e. USHORT spx_sequence_num; // sequence number (b.e.). USHORT spx_ack_num; // acknowledge number (b.e.) USHORT spx_alloc_num; // allocation (b.e.) } SPX_HDR; cpp_quote("typedef SPX_HDR UNALIGNED *PSPX_HDR;") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("// (NMTcpStructs.h)") cpp_quote("//=============================================================================") cpp_quote("//=============================================================================") cpp_quote("//") cpp_quote("// TCP Packet Structure") cpp_quote("//") typedef struct _TCP { WORD SrcPort; WORD DstPort; DWORD SeqNum; DWORD AckNum; BYTE DataOff; BYTE Flags; WORD Window; WORD Chksum; WORD UrgPtr; } TCP; typedef TCP * LPTCP; cpp_quote("typedef TCP UNALIGNED * ULPTCP;") cpp_quote("INLINE DWORD TCP_HdrLen(ULPTCP pTCP)") cpp_quote("{") cpp_quote(" return (pTCP->DataOff & 0xf0) >> 2;") cpp_quote("}") cpp_quote("") cpp_quote("INLINE DWORD TCP_SrcPort(ULPTCP pTCP)") cpp_quote("{") cpp_quote(" return XCHG(pTCP->SrcPort);") cpp_quote("}") cpp_quote("") cpp_quote("INLINE DWORD TCP_DstPort(ULPTCP pTCP)") cpp_quote("{") cpp_quote(" return XCHG(pTCP->DstPort);") cpp_quote("}") cpp_quote("//") cpp_quote("// TCP Option Opcodes") cpp_quote("//") const DWORD TCP_OPTION_ENDOFOPTIONS = 0; const DWORD TCP_OPTION_NOP = 1; const DWORD TCP_OPTION_MAXSEGSIZE = 2; const DWORD TCP_OPTION_WSCALE = 3; const DWORD TCP_OPTION_SACK_PERMITTED= 4; const DWORD TCP_OPTION_SACK = 5; const DWORD TCP_OPTION_TIMESTAMPS = 8; cpp_quote("//") cpp_quote("// TCP Flags") cpp_quote("//") const BYTE TCP_FLAG_URGENT =0x20; const BYTE TCP_FLAG_ACK =0x10; const BYTE TCP_FLAG_PUSH =0x08; const BYTE TCP_FLAG_RESET =0x04; const BYTE TCP_FLAG_SYN =0x02; const BYTE TCP_FLAG_FIN =0x01; cpp_quote("//") cpp_quote("// TCP Field Masks") cpp_quote("//") const DWORD TCP_RESERVED_MASK =0x0FC0; #pragma pack(pop) cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") cpp_quote("// IDelaydC - used by a consumer to get frames after a capture has completed.") cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") const DWORD DEFAULT_DELAYED_BUFFER_SIZE =1; // 1 meg const char USE_DEFAULT_DRIVE_LETTER =0; // "read from registry" const DWORD RTC_FRAME_SIZE_FULL =0; // keep all // GUID association [ object, uuid(BFF9C030-B58F-11ce-B5B0-00AA006CB37D), pointer_default(unique) ] // Interface Definition [local]interface IDelaydC : IUnknown { import "unknwn.idl"; /////////////////////////////////////////////// // Connection Methods /////////////////////////////////////////////// // Connect, this is where you actually connect to a network HRESULT Connect( [in] HBLOB hInputBlob, [in] LPVOID StatusCallbackProc, [in] LPVOID UserContext, [out] HBLOB hErrorBlob); // Disconnect, Connect's logical opposite HRESULT Disconnect( void ); // Get the status of the current capture HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus); /////////////////////////////////////////////// // Configuration Methods /////////////////////////////////////////////// HRESULT Configure( [in] HBLOB hConfigurationBlob, [out] HBLOB hErrorBlob); /////////////////////////////////////////////// // Control Methods /////////////////////////////////////////////// // Start, begin capturing HRESULT Start( [out] char *pFileName); // Pause, take a break (out of p-mode we hope) HRESULT Pause( void); // Resume, sort of an 'un-pause' HRESULT Resume( void); // Stop, sort of an 'un-start' HRESULT Stop( [out] LPSTATISTICS lpStats ); // Get two status flags: // IsRunning, Are we capturing (regardless of paused state) // IsPaused , Are we paused HRESULT GetControlState( [out] BOOL * IsRunnning, [out] BOOL * IsPaused ); /////////////////////////////////////////////// // Statistics Methods /////////////////////////////////////////////// // GetTotalStatistics, fills in stats structure HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats, [in] BOOL fClearAfterReading); // GetSessionStatistics, fills in Session and Station structures HRESULT GetConversationStatistics([out] DWORD *nSessions, [out, size_is(100)] LPSESSIONSTATS lpSessionStats, [out] DWORD *nStations, [out, size_is(100)] LPSTATIONSTATS lpStationStats, [in] BOOL fClearAfterReading); /////////////////////////////////////////////// // Special Methods /////////////////////////////////////////////// // add a comment frame to ALL current captures HRESULT InsertSpecialFrame( [in] DWORD FrameType, [in] DWORD Flags, [in] BYTE* pUserData, [in] DWORD UserDataLength); // QueryStations, get a list of machines running Network Monitor HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable ); } cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") cpp_quote("// IESP - used by a consumer to get extended statistics, no frames.") cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") // GUID association [ object, uuid(E99A04AA-AB95-11d0-BE96-00A0C94989DE), pointer_default(unique) ] // Interface Definition [local]interface IESP : IUnknown { import "unknwn.idl"; /////////////////////////////////////////////// // Connection Methods /////////////////////////////////////////////// // Connect, this is where you actually connect to a network HRESULT Connect( [in] HBLOB hInputBlob, [in] LPVOID StatusCallbackProc, [in] LPVOID UserContext, [out] HBLOB hErrorBlob); // Disconnect, Connect's logical opposite HRESULT Disconnect( void ); // Get the status of the current capture HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus); /////////////////////////////////////////////// // Configuration Methods /////////////////////////////////////////////// HRESULT Configure( [in] HBLOB hConfigurationBlob, [out] HBLOB hErrorBlob); /////////////////////////////////////////////// // Control Methods /////////////////////////////////////////////// // Start, begin capturing HRESULT Start( [string, out] char *pFileName); // Pause, take a break (out of p-mode we hope) HRESULT Pause( [out] LPSTATISTICS lpStats); // Resume, sort of an 'un-pause' HRESULT Resume( void); // Stop, sort of an 'un-start' HRESULT Stop( [out] LPSTATISTICS lpStats); // Get two status flags: // IsRunning, Are we capturing (regardless of paused state) // IsPaused , Are we paused HRESULT GetControlState( [out] BOOL * IsRunnning, [out] BOOL * IsPaused ); // QueryStations, get a list of machines running Network Monitor HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable ); } cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") cpp_quote("// IRTC - used by a consumer to get an interface to local entry points") cpp_quote("// necessary to do real time capture processing. It includes a method") cpp_quote("// for handing a callback to the NPP.") cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") // Constants const DWORD DEFAULT_RTC_BUFFER_SIZE =0x100000; /* 1 meg */ // GUID association [ object, uuid(4811EA40-B582-11ce-B5AF-00AA006CB37D), pointer_default(unique) ] // Interface Definition [local]interface IRTC : IUnknown { import "unknwn.idl"; /////////////////////////////////////////////// // Connection Methods /////////////////////////////////////////////// // Connect, this is where you actually connect to a network HRESULT Connect( [in] HBLOB hInputBlob, [in] LPVOID StatusCallbackProc, [in] LPVOID FramesCallbackProc, [in] LPVOID UserContext, [out] HBLOB hErrorBlob); // Disconnect, Connect's logical opposite HRESULT Disconnect( void ); // Get the status of the current capture HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus); /////////////////////////////////////////////// // Configuration Methods /////////////////////////////////////////////// HRESULT Configure( [in] HBLOB hConfigurationBlob, [out] HBLOB hErrorBlob); /////////////////////////////////////////////// // Control Methods /////////////////////////////////////////////// // Start, begin capturing HRESULT Start( void); // Pause, take a break (out of p-mode we hope) HRESULT Pause( void); // Resume, sort of an 'un-pause' HRESULT Resume( void); // Stop, sort of an 'un-start' HRESULT Stop( void); // Get two status flags: // IsRunning, Are we capturing (regardless of paused state) // IsPaused , Are we paused HRESULT GetControlState( [out] BOOL * IsRunnning, [out] BOOL * IsPaused ); /////////////////////////////////////////////// // Statistics Methods /////////////////////////////////////////////// // GetTotalStatistics, fills in stats structure HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats, [in] BOOL fClearAfterReading); // GetSessionStatistics, fills in Session and Station structures HRESULT GetConversationStatistics([out] DWORD *nSessions, [out, size_is(100)] LPSESSIONSTATS lpSessionStats, [out] DWORD *nStations, [out, size_is(100)] LPSTATIONSTATS lpStationStats, [in] BOOL fClearAfterReading); /////////////////////////////////////////////// // Special Methods /////////////////////////////////////////////// // add a comment frame to ALL current captures HRESULT InsertSpecialFrame( [in] DWORD FrameType, [in] DWORD Flags, [in] BYTE* pUserData, [in] DWORD UserDataLength); // QueryStations, get a list of machines running Network Monitor HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable ); } cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") cpp_quote("// IStats - used by a consumer to get just statistics, no frames.") cpp_quote("//****************************************************************************") cpp_quote("//****************************************************************************") // GUID association [ object, uuid(944AD530-B09D-11ce-B59C-00AA006CB37D), pointer_default(unique) ] // Interface Definition [local]interface IStats : IUnknown { import "unknwn.idl"; /////////////////////////////////////////////// // Connection Methods /////////////////////////////////////////////// // Connect, this is where you actually connect to a network HRESULT Connect( [in] HBLOB hInputBlob, [in] LPVOID StatusCallbackProc, [in] LPVOID UserContext, [out] HBLOB hErrorBlob); // Disconnect, Connect's logical opposite HRESULT Disconnect( void ); // Get the status of the current capture HRESULT QueryStatus( [out] NETWORKSTATUS *pNetworkStatus); /////////////////////////////////////////////// // Configuration Methods /////////////////////////////////////////////// HRESULT Configure( [in] HBLOB hConfigurationBlob, [out] HBLOB hErrorBlob); /////////////////////////////////////////////// // Control Methods /////////////////////////////////////////////// // Start, begin capturing HRESULT Start( void); // Pause, take a break (out of p-mode we hope) HRESULT Pause( void); // Resume, sort of an 'un-pause' HRESULT Resume( void); // Stop, sort of an 'un-start' HRESULT Stop( void); // Get two status flags: // IsRunning, Are we capturing (regardless of paused state) // IsPaused , Are we paused HRESULT GetControlState( [out] BOOL * IsRunnning, [out] BOOL * IsPaused ); /////////////////////////////////////////////// // Statistics Methods /////////////////////////////////////////////// // GetTotalStatistics, fills in stats structure HRESULT GetTotalStatistics([out] LPSTATISTICS lpStats, [in] BOOL fClearAfterReading); // GetSessionStatistics, fills in Session and Station structures HRESULT GetConversationStatistics([out] DWORD *nSessions, [out, size_is(100)] LPSESSIONSTATS lpSessionStats, [out] DWORD *nStations, [out, size_is(100)] LPSTATIONSTATS lpStationStats, [in] BOOL fClearAfterReading); /////////////////////////////////////////////// // Special Methods /////////////////////////////////////////////// // add a comment frame to ALL current captures HRESULT InsertSpecialFrame( [in] DWORD FrameType, [in] DWORD Flags, [in] BYTE* pUserData, [in] DWORD UserDataLength); // QueryStations, get a list of machines running Network Monitor HRESULT QueryStations( [in, out] QUERYTABLE *lpQueryTable ); } #pragma warning(default:4200) #pragma pack()