1 /* capture_wpcap_packet.c
2 * WinPcap-specific interfaces for low-level information (packet.dll).
3 * We load WinPcap at run
4 * time, so that we only need one Wireshark binary and one TShark binary
5 * for Windows, regardless of whether WinPcap is installed or not.
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 2001 Gerald Combs
11 * SPDX-License-Identifier: GPL-2.0-or-later
16 #if defined HAVE_LIBPCAP && defined _WIN32
21 #include <wsutil/wspcap.h>
23 /* XXX - yes, I know, I should move cppmagic.h to a generic location. */
24 #include "tools/lemon/cppmagic.h"
26 #include <epan/value_string.h>
31 #include "caputils/capture_wpcap_packet.h"
32 #include <wsutil/file_util.h>
36 gboolean has_wpacket = FALSE;
38 /* This module will use the PacketRequest function in packet.dll (coming with WinPcap) to "directly" access
39 * the Win32 NDIS network driver(s) and ask for various values (status, statistics, ...).
41 * Unfortunately, the definitions required for this are not available through the usual windows header files,
42 * but require the Windows "Device Driver Kit" which is not available for free :-(
44 * Fortunately, the definitions needed to access the various NDIS values are available from various OSS projects:
45 * - WinPcap in Ntddndis.h
46 * - Ndiswrapper in driver/ndis.h and driver/iw_ndis.h
47 * - cygwin (MingW?) in usr/include/w32api/ddk/ndis.h and ntddndis.h
51 /* The MSDN description of the NDIS driver API is available at:
52 /* MSDN Home > MSDN Library > Win32 and COM Development > Driver Development Kit > Network Devices and Protocols > Reference */
54 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/network/hh/network/21oidovw_d55042e5-0b8a-4439-8ef2-be7331e98464.xml.asp */
56 /* Some more interesting links:
57 * http://sourceforge.net/projects/ndiswrapper/
58 * http://www.osronline.com/lists_archive/windbg/thread521.html
59 * http://cvs.sourceforge.net/viewcvs.py/mingw/w32api/include/ddk/ndis.h?view=markup
60 * http://cvs.sourceforge.net/viewcvs.py/mingw/w32api/include/ddk/ntddndis.h?view=markup
65 /******************************************************************************************************************************/
66 /* stuff to load WinPcap's packet.dll and the functions required from it */
68 static PCHAR (*p_PacketGetVersion) (void);
69 static LPADAPTER (*p_PacketOpenAdapter) (char *adaptername);
70 static void (*p_PacketCloseAdapter) (LPADAPTER);
71 static int (*p_PacketRequest) (LPADAPTER, int, void *);
79 #define SYM(x, y) { G_STRINGIFY(x) , (gpointer) &CONCAT(p_,x), y }
82 wpcap_packet_load(void)
85 /* These are the symbols I need or want from packet.dll */
86 static const symbol_table_t symbols[] = {
87 SYM(PacketGetVersion, FALSE),
88 SYM(PacketOpenAdapter, FALSE),
89 SYM(PacketCloseAdapter, FALSE),
90 SYM(PacketRequest, FALSE),
94 GModule *wh; /* wpcap handle */
95 const symbol_table_t *sym;
97 wh = ws_module_open("packet.dll", 0);
105 if (!g_module_symbol(wh, sym->name, sym->ptr)) {
108 * We don't care if it's missing; we just
114 * We require this symbol.
127 /******************************************************************************************************************************/
128 /* functions to access the NDIS driver values */
131 /* get dll version */
133 wpcap_packet_get_version(void)
138 return p_PacketGetVersion();
142 /* open the interface */
144 wpcap_packet_open(char *if_name)
148 g_assert(has_wpacket);
149 adapter = p_PacketOpenAdapter(if_name);
155 /* close the interface */
157 wpcap_packet_close(void *adapter)
160 g_assert(has_wpacket);
161 p_PacketCloseAdapter(adapter);
165 /* do a packet request call */
167 wpcap_packet_request(void *adapter, ULONG Oid, int set, char *value, unsigned int *length)
170 ULONG IoCtlBufferLength=(sizeof(PACKET_OID_DATA) + (*length) - 1);
171 PPACKET_OID_DATA OidData;
174 g_assert(has_wpacket);
176 if(p_PacketRequest == NULL) {
177 g_warning("packet_request not available\n");
181 /* get a buffer suitable for PacketRequest() */
182 OidData=GlobalAllocPtr(GMEM_MOVEABLE | GMEM_ZEROINIT,IoCtlBufferLength);
183 if (OidData == NULL) {
184 g_warning("GlobalAllocPtr failed for %u\n", IoCtlBufferLength);
189 OidData->Length = *length;
190 memcpy(OidData->Data, value, *length);
192 Status = p_PacketRequest(adapter, set, OidData);
195 if(OidData->Length <= *length) {
196 /* copy value from driver */
197 memcpy(value, OidData->Data, OidData->Length);
198 *length = OidData->Length;
200 /* the driver returned a value that is longer than expected (and longer than the given buffer) */
201 g_warning("returned oid too long, Oid: 0x%x OidLen:%u MaxLen:%u", Oid, OidData->Length, *length);
206 GlobalFreePtr (OidData);
216 /* get an UINT value using the packet request call */
218 wpcap_packet_request_uint(void *adapter, ULONG Oid, UINT *value)
221 int length = sizeof(UINT);
224 Status = wpcap_packet_request(adapter, Oid, FALSE /* !set */, (char *) value, &length);
225 if(Status && length == sizeof(UINT)) {
233 /* get an ULONG value using the NDIS packet request call */
235 wpcap_packet_request_ulong(void *adapter, ULONG Oid, ULONG *value)
238 int length = sizeof(ULONG);
241 Status = wpcap_packet_request(adapter, Oid, FALSE /* !set */, (char *) value, &length);
242 if(Status && length == sizeof(ULONG)) {
250 #else /* HAVE_LIBPCAP && _WIN32 */
253 wpcap_packet_load(void)
258 #endif /* HAVE_LIBPCAP */
261 * Editor modelines - http://www.wireshark.org/tools/modelines.html
266 * indent-tabs-mode: nil
269 * ex: set shiftwidth=4 tabstop=8 expandtab:
270 * :indentSize=4:tabSize=8:noTabs=true: