📄 packet32h.cs
字号:
using System;
using System.Runtime.InteropServices;
using System.Text;
using Microsoft.Win32;
using System.Collections;
namespace MyClasses
{
public class Packet32h
{
// Working modes
public static uint PACKET_MODE_CAPT = 0x0; ///< Capture mode
public static uint PACKET_MODE_STAT = 0x1; ///< Statistical mode
public static uint PACKET_MODE_DUMP = 0x10; ///< Dump mode
///< Statistical dump Mode
public static uint PACKET_MODE_STAT_DUMP = PACKET_MODE_DUMP | PACKET_MODE_STAT;
// ioctls
public static uint FILE_DEVICE_PROTOCOL = 0x8000;
public static uint IOCTL_PROTOCOL_QUERY_OID = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 0 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_PROTOCOL_SET_OID = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 1 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_PROTOCOL_STATISTICS = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 2 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_PROTOCOL_RESET = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 3 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_PROTOCOL_READ = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 4 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_PROTOCOL_WRITE = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 5 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_PROTOCOL_MACNAME = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 6 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_OPEN = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 7 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
public static uint IOCTL_CLOSE = DeviceIOCtlh.CTL_CODE(FILE_DEVICE_PROTOCOL, 8 , DeviceIOCtlh.METHOD_BUFFERED, DeviceIOCtlh.FILE_ANY_ACCESS);
///< IOCTL code: set kernel buffer size.
public static uint pBIOCSETBUFFERSIZE = 9592;
///< IOCTL code: set packet filtering program.
public static uint pBIOCSETF = 9030;
///< IOCTL code: get the capture stats.
public static uint pBIOCGSTATS = 9031;
///< IOCTL code: set the read timeout.
public static uint pBIOCSRTIMEOUT = 7416;
///< IOCTL code: set working mode.
public static uint pBIOCSMODE = 7412;
///< IOCTL code: set number of physical repetions of every packet written by the app.
public static uint pBIOCSWRITEREP = 7413;
///< IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call.
public static uint pBIOCSMINTOCOPY = 7414;
///< IOCTL code: set an OID value.
public static uint pBIOCSETOID = 2147483648;
///< IOCTL code: get an OID value.
public static uint pBIOCQUERYOID = 2147483652;
///< IOCTL code: attach a process to the driver. Used in Win9x only.
public static uint pATTACHPROCESS = 7117;
///< IOCTL code: detach a process from the driver. Used in Win9x only.
public static uint pDETACHPROCESS = 7118;
///< IOCTL code: set the name of a the file used by kernel dump mode.
public static uint pBIOCSETDUMPFILENAME = 9029;
///< IOCTL code: get the name of the event that the driver signals when some data is present in the buffer.
public static uint pBIOCEVNAME = 7415;
///< IOCTL code: Send a buffer containing multiple packets to the network, ignoring the timestamps associated with the packets.
public static uint pBIOCSENDPACKETSNOSYNC = 9032;
///< IOCTL code: Send a buffer containing multiple packets to the network, respecting the timestamps associated with the packets.
public static uint pBIOCSENDPACKETSSYNC = 9033;
///< IOCTL code: Set the dump file limits. See the PacketSetDumpLimits() function.
public static uint pBIOCSETDUMPLIMITS = 9034;
///< IOCTL code: Get the status of the kernel dump process. See the PacketIsDumpEnded() function.
public static uint pBIOCISDUMPENDED = 7411;
///< IOCTL code: set time zone. Used in Win9x only.
public static uint pBIOCSTIMEZONE = 7471;
public static uint GMEM_MOVEABLE = 0x2;
public static uint GMEM_ZEROINIT = 0x40;
public static uint GHND = (GMEM_MOVEABLE | GMEM_ZEROINIT);
public static uint GMEM_STANDARD = (GMEM_MOVEABLE | GMEM_ZEROINIT);
public static uint ERROR_ALREADY_EXISTS = 183;
public static uint INFINITE = 0xFFFF;
public static uint MOVEFILE_REPLACE_EXISTING = 0x1;
public static uint FILE_ATTRIBUTE_TEMPORARY = 0x100;
public static uint FILE_BEGIN = 0;
public static uint FILE_SHARE_READ = 0x1;
public static uint FILE_SHARE_WRITE = 0x2;
public static uint CREATE_NEW = 1;
public static uint OPEN_EXISTING = 3;
public static uint GENERIC_READ = 0x80000000;
public static uint GENERIC_WRITE = 0x40000000;
public const int NDIS_PACKET_TYPE_DIRECTED = 0x0001;
public const int NDIS_PACKET_TYPE_MULTICAST = 0x0002;
public const int NDIS_PACKET_TYPE_ALL_MULTICAST = 0x0004;
public const int NDIS_PACKET_TYPE_BROADCAST = 0x0008;
public const int NDIS_PACKET_TYPE_SOURCE_ROUTING = 0x0010;
public const int NDIS_PACKET_TYPE_PROMISCUOUS = 0x0020;
public const int NDIS_PACKET_TYPE_SMT = 0x0040;
public const int NDIS_PACKET_TYPE_ALL_LOCAL = 0x0080;
public const int NDIS_PACKET_TYPE_GROUP = 0x1000;
public const int NDIS_PACKET_TYPE_ALL_FUNCTIONAL = 0x2000;
public const int NDIS_PACKET_TYPE_FUNCTIONAL = 0x4000;
public const int NDIS_PACKET_TYPE_MAC_FRAME = 0x8000;
public static uint Packet_ALIGNMENT = 4; //sizeof(int);
public static uint AF_INET = 2; //internetwork: UDP, TCP, etc.
public struct LARGE_INTEGER
{
public long LowPart; // long
public long HighPart; // long
}
public struct ADAPTERINFO
{
public int SupportedList;
public int HardwareStatus;
public string HardwareStatusStr;
public int MediaSupported;
public int MediaInUse;
public string MediaInUseStr;
public int MaximumLookAhead;
public int MaximumFrameSize;
public int LinkSpeed;
public int TransmitBufferSpace;
public int ReceiveBufferSpace;
public int TransmitBlockSize;
public int ReceiveBlockSize;
public int VendorId;
public string VendorDescription;
public int CurrentPacketFilter;
public string CurrentPacketFilterStr;
public int CurrentLookAhead;
public int DriverVersion;
public int MaximumTotalSize;
public int ProtocolOptions;
public string ProtocolOptionsStr;
public int MacOptions;
public string MacOptionsStr;
public int MediaConnectStatus;
public string MediaConnectStatusStr;
public int MaximumSendPackets;
public int VendorDriverVersion;
public int XmitOk;
public int RcvOk;
public int XmitError;
public int RcvError;
public int RcvNoBuffer;
public int DirectedBytesXmit;
public int DirectedFramesXmit;
public int MulticastBytesXmit;
public int MulticastFramesXmit;
public int BroadcastBytesXmit;
public int BroadcastFramesXmit;
public int DirectedBytesRcv;
public int DirectedFramesRcv;
public int MulticastBytesRcv;
public int MulticastFramesRcv;
public int BroadcastBytesRcv;
public int BroadcastFramesRcv;
public int RcvCrcError;
public int TransmitQueueLength;
public int TimeCaps;
public string TimeCapsStr;
public int NetCardTime;
public int TransportHeaderOffset;
public int PhysicalMedium;
public int NetworkLayerAddress;
public int MediaSenseCount;
public int MediaCapabilities;
public int InitTimeMs;
public string FriendlyName;
public int SupportedGuids;
public int NetCardLoad;
public int DeviceProfile;
}
public struct ADAPTERINFO_STR
{
public string SupportedList;
public string HardwareStatus;
public string HardwareStatusStr;
public string MediaSupported;
public string MediaInUse;
public string MediaInUseStr;
public string MaximumLookAhead;
public string MaximumFrameSize;
public string LinkSpeed;
public string TransmitBufferSpace;
public string ReceiveBufferSpace;
public string TransmitBlockSize;
public string ReceiveBlockSize;
public string VendorId;
public string VendorDescription;
public string CurrentPacketFilter;
public string CurrentPacketFilterStr;
public string CurrentLookAhead;
public string DriverVersion;
public string MaximumTotalSize;
public string ProtocolOptions;
public string ProtocolOptionsStr;
public string MacOptions;
public string MacOptionsStr;
public string MediaConnectStatus;
public string MediaConnectStatusStr;
public string MaximumSendPackets;
public string VendorDriverVersion;
public string XmitOk;
public string RcvOk;
public string XmitError;
public string RcvError;
public string RcvNoBuffer;
public string DirectedBytesXmit;
public string DirectedFramesXmit;
public string MulticastBytesXmit;
public string MulticastFramesXmit;
public string BroadcastBytesXmit;
public string BroadcastFramesXmit;
public string DirectedBytesRcv;
public string DirectedFramesRcv;
public string MulticastBytesRcv;
public string MulticastFramesRcv;
public string BroadcastBytesRcv;
public string BroadcastFramesRcv;
public string RcvCrcError;
public string TransmitQueueLength;
public string TimeCaps;
public string TimeCapsStr;
public string NetCardTime;
public string TransportHeaderOffset;
public string PhysicalMedium;
public string NetworkLayerAddress;
public string MediaSenseCount;
public string MediaCapabilities;
public string InitTimeMs;
public string FriendlyName;
public string SupportedGuids;
public string NetCardLoad;
public string DeviceProfile;
}
public const int WSADESCRIPTION_LEN = 256;
public const int WSASYS_STATUS_LEN = 128;
public struct WSADATA
{
public int wVersion;
public int wHighVersion;
[MarshalAs(UnmanagedType.ByValArray, SizeConst=WSADESCRIPTION_LEN+1)] public char [] szDescription;
[MarshalAs(UnmanagedType.ByValArray, SizeConst=WSASYS_STATUS_LEN+1)] public char [] szSystemStatus;
public ushort iMaxSockets;
public ushort iMaxUdpDg;
public IntPtr lpVendorInfo;
}
public struct NETTYPE
{
///< The MAC of the current network adapter (see function PacketGetNetType() for more information)
public uint LinkType;
///< The speed of the network in bits per second
public uint LinkSpeed;
};
public struct PNETTYPE
{
public uint LinkType;
public uint LinkSpeed;
};
/*brief A BPF pseudo-assembly program.
The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet.*/
public struct PBPF_PROGRAM
{
///< Indicates the number of instructions of the program,
///i.e. the number of struct bpf_insn that will follow.
public uint bf_len;
///< A pointer to the first instruction of the program.
public int bf_insns;
};
public struct BPF_PROGRAM
{
public uint bf_len;
public int bf_insns;
};
public struct BPF_INSN
{
public ushort code; ///< Instruction type and addressing mode.
public byte jt; ///< Jump if true
public byte jf; ///< Jump if false
public int k; ///< Generic field used for various purposes.
};
public struct PBPF_INSN
{
public ushort code;
public byte jt;
public byte jf;
public int k;
};
public struct BPF_STAT
{
public uint bs_recv; ///< Number of packets that the driver received from the network adapter
///< from the beginning of the current capture. This value includes the packets
///< lost by the driver.
public uint bs_drop; ///< number of packets that the driver lost from the beginning of a capture.
///< Basically, a packet is lost when the the buffer of the driver is full.
///< In this situation the packet cannot be stored and the driver rejects it.
public uint ps_ifdrop; ///< drops by interface. XXX not yet supported
public uint bs_capt; ///< number of packets that pass the filter, find place in the kernel buffer and
///< thus reach the application.
};
public struct PBPF_STAT
{
public uint bs_recv; ///< Number of packets that the driver received from the network adapter
///< from the beginning of the current capture. This value includes the packets
///< lost by the driver.
public uint bs_drop; ///< number of packets that the driver lost from the beginning of a capture.
///< Basically, a packet is lost when the the buffer of the driver is full.
///< In this situation the packet cannot be stored and the driver rejects it.
public uint ps_ifdrop; ///< drops by interface. XXX not yet supported
public uint bs_capt; ///< number of packets that pass the filter, find place in the kernel buffer and
///< thus reach the application.
};
public struct BPF_HDR
{
public TIMEVAL bh_tstamp; ///< The timestamp associated with the captured packet.
///< It is stored in a TimeVal structure.
public uint bh_caplen;
///< Length of captured portion. The captured portion can be different
///< from the original packet, because it is possible (with a proper filter)
///< to instruct the driver to capture only a portion of the packets.
public uint bh_datalen; ///< Original length of packet
public ushort bh_hdrlen;
///< Length of bpf header (this struct plus alignment padding).
///In some cases, a padding could be added between the end of this
///structure and the packet data for performance reasons. This filed
///can be used to retrieve the actual data of the packet.
};
public struct DUMP_BPF_HDR
{
public TIMEVAL ts; ///< Time stamp of the packet
public uint caplen; ///< Length of captured portion. The captured portion can smaller than the
///< the original packet, because it is possible (with a proper filter) to
///< instruct the driver to capture only a portion of the packets.
public uint len; ///< Length of the original packet (off wire).
};
public static string DOSNAMEPREFIX = "Packet_"; ///< Prefix added to the adapters device names to create the WinPcap devices
public static uint MAX_LINK_NAME_LENGTH = 64; //< Maximum length of the devices symbolic links
public static uint NMAX_PACKET = 65535;
public struct OVERLAPPED
{
public ulong Internal;
public ulong InternalHigh;
public ulong Offset;
public ulong OffsetHigh;
public int hEvent;
};
public struct TIMEVAL
{
public uint tv_sec; // seconds
public uint tv_usec; // and microseconds
};
public struct ADAPTER
{
public int hFile;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -