packet32.c

tcp数据流重放工具

		dim=sizeof(UpperBindStr);
        Status=RegQueryValueEx(LinkageKey,L"UpperBind",NULL,NULL,(PUCHAR)UpperBindStr,&dim);
		
		ODSEx("UpperBind=%S ", UpperBindStr);

		dim=RegKeySize-k;
        Status=RegQueryValueEx(LinkageKey,L"Export",NULL,NULL,(LPBYTE)BpStr+k,&dim);
		if(Status!=ERROR_SUCCESS){
      RegCloseKey( OneAdapKey );
      RegCloseKey( LinkageKey );
			ODS("Name = SKIPPED (error reading the key)\n");
			continue;
		}

    RegCloseKey( OneAdapKey );
    RegCloseKey( LinkageKey );
		ODSEx("Name = %S\n", (LPBYTE)BpStr+k);

		k+=dim-2;
  } // while enum reg keys

	RegCloseKey(AdapKey);

#ifdef _DEBUG_TO_FILE
	//dump BpStr for debug purposes
	ODS("Dumping BpStr:");
	{
		FILE *f;
		f = fopen("winpcap_debug.txt", "a");
		for(i=0;i<k;i++){
			if(!(i%32))fprintf(f, "\n ");
			fprintf(f, "%c " , *((LPBYTE)BpStr+i));
		}
		fclose(f);
	}
	ODS("\n");
#endif

	
	if (k != 0)
  {
  	DescBuf=GlobalAllocPtr(GMEM_MOVEABLE | GMEM_ZEROINIT, 4096);

		if (DescBuf == NULL) {
			GlobalFreePtr (BpStr);
		  GlobalFreePtr(OidData);
			return FALSE;
		}
		DpStr=DescBuf;
				
		for(i=0,k=0;BpStr[i]!=0 || BpStr[i+1]!=0;)
    {
			
			if(k+wcslen(BpStr+i)+30 > *BufferSize){
				// Input buffer too small
			    GlobalFreePtr(OidData);
				GlobalFreePtr (BpStr);
				GlobalFreePtr (DescBuf);
				ODS("PacketGetAdapterNames: Input buffer too small!\n");
				return FALSE;
			}

			// Create the device name
			rewind=k;
			memcpy(pStr+k,BpStr+i,16);
			memcpy(pStr+k+8,TEXT("NPF_"),8);
			i+=8;
			k+=12;
			while(BpStr[i-1]!=0){
				pStr[k++]=BpStr[i++];
			}

			// Open the adapter
			adapter=PacketOpenAdapter(pStr+rewind);
			if(adapter==NULL){
				k=rewind;
				continue;
			}

			// Retrieve the description
			OidData->Oid = OID_GEN_VENDOR_DESCRIPTION;
			OidData->Length = 256;
			ZeroMemory(OidData->Data,256);
			Status = PacketRequest(adapter,FALSE,OidData);
			if(Status==0 || ((char*)OidData->Data)[0]==0){
				k=rewind;
				continue;
			}

			ODSEx("Adapter Description=%s\n\n",OidData->Data);

			// Copy the description
			TTpStr=(char*)(OidData->Data);
			while(*TTpStr!=0){
				*DpStr++=*TTpStr++;
			}
			*DpStr++=*TTpStr++;
			
			// Close the adapter
			PacketCloseAdapter(adapter);
			
    } // for end - parse through string
		*DpStr=0;

		pStr[k++]=0;
		pStr[k]=0;

		if((ULONG)(DpStr-DescBuf+k) < *BufferSize)
			memcpy(pStr+k,DescBuf,DpStr-DescBuf);
		else{
		  GlobalFreePtr(OidData);
			GlobalFreePtr (BpStr);
			GlobalFreePtr (DescBuf);
			ODS("\nPacketGetAdapterNames: ended with failure\n");
			return FALSE;
		}

	  GlobalFreePtr(OidData);
		GlobalFreePtr (BpStr);
		GlobalFreePtr (DescBuf);
		ODS("\nPacketGetAdapterNames: ended correctly\n");
		return TRUE;
  } // if k != 0
	else{
	  DWORD      RegType;

		ODS("Adapters not found under SYSTEM\\CurrentControlSet\\Control\\Class. Using the TCP/IP bindings.\n");

		GlobalFreePtr (BpStr);

		Status=RegOpenKeyEx(HKEY_LOCAL_MACHINE,TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Linkage"),0,KEY_READ,&LinkageKey);
		if (Status == ERROR_SUCCESS)
		{
			// Retrieve the length of the key
			Status=RegQueryValueEx(LinkageKey,TEXT("bind"),NULL,&RegType,NULL,&RegKeySize);
			// Allocate the buffer
			BpStr=GlobalAllocPtr(GMEM_MOVEABLE | GMEM_ZEROINIT,RegKeySize+2);
			if (BpStr == NULL || RegKeySize > *BufferSize) {
				GlobalFreePtr(OidData);
				return FALSE;
			}
			Status=RegQueryValueEx(LinkageKey,TEXT("bind"),NULL,&RegType,(LPBYTE)BpStr,&RegKeySize);
			RegCloseKey(LinkageKey);
		}
		
		if (Status==ERROR_SUCCESS){
			
			DescBuf=GlobalAllocPtr(GMEM_MOVEABLE | GMEM_ZEROINIT, 4096);
			if (DescBuf == NULL) {
				GlobalFreePtr (BpStr);
				GlobalFreePtr(OidData);
				return FALSE;
			}
			DpStr=DescBuf;
			
			for(i=0,k=0;BpStr[i]!=0 || BpStr[i+1]!=0;){
				
				if(k+wcslen(BpStr+i)+30 > *BufferSize){
					// Input buffer too small
					GlobalFreePtr(OidData);
					GlobalFreePtr (BpStr);
					GlobalFreePtr (DescBuf);
					return FALSE;
				}
				
				// Create the device name
				rewind=k;
				memcpy(pStr+k,BpStr+i,16);
				memcpy(pStr+k+8,TEXT("NPF_"),8);
				i+=8;
				k+=12;
				while(BpStr[i-1]!=0){
					pStr[k++]=BpStr[i++];
				}
				
				// Open the adapter
				adapter=PacketOpenAdapter(pStr+rewind);
				if(adapter==NULL){
					k=rewind;
					continue;
				}
				
				// Retrieve the description
				OidData->Oid = OID_GEN_VENDOR_DESCRIPTION;
				OidData->Length = 256;
				Status = PacketRequest(adapter,FALSE,OidData);
				if(Status==0 || ((char*)OidData->Data)[0]==0){
					k=rewind;
					continue;
				}
				
				// Copy the description
				TTpStr=(char*)(OidData->Data);
				while(*TTpStr!=0){
					*DpStr++=*TTpStr++;
				}
				*DpStr++=*TTpStr++;
				
				// Close the adapter
				PacketCloseAdapter(adapter);
				
      } // for end - parse string
			*DpStr=0;
			
			pStr[k++]=0;
			pStr[k]=0;
			
			if((ULONG)(DpStr-DescBuf+k) < *BufferSize)
				memcpy(pStr+k,DescBuf,DpStr-DescBuf);
			else{
				GlobalFreePtr(OidData);
				GlobalFreePtr (BpStr);
				GlobalFreePtr (DescBuf);
				return FALSE;
			}
			
			GlobalFreePtr(OidData);
			GlobalFreePtr (BpStr);
			GlobalFreePtr (DescBuf);
			return TRUE;
    } // if key 'bind' was successfully opened
		else{
			MessageBox(NULL,TEXT("Can not find TCP/IP bindings.\nIn order to run the packet capture driver you must install TCP/IP."),szWindowTitle,MB_OK);
			ODS("Cannot find the TCP/IP bindings");
			return FALSE;
		}
	}
}/*!
  \brief Returns comprehensive information the addresses of an adapter.
  \param AdapterName String that contain _ADAPTER structure.
  \param buffer A user allocated array of npf_if_addr that will be filled by the function.
  \param NEntries Size of the array (in npf_if_addr).
  \return If the function succeeds, the return value is nonzero.

  This function grabs from the registry information like the IP addresses, the netmasks 
  and the broadcast addresses of an interface. The buffer passed by the user is filled with 
  npf_if_addr structures, each of which contains the data for a single address. If the buffer
  is full, the reaming addresses are dropeed, therefore set its dimension to sizeof(npf_if_addr)
  if you want only the first address.
*/

BOOLEAN PacketGetNetInfoEx(LPTSTR AdapterName, npf_if_addr* buffer, PLONG NEntries)
{
	char	*AdapterNameA;
	WCHAR	*AdapterNameU;
	WCHAR	*ifname;
	HKEY	SystemKey;
	HKEY	InterfaceKey;
	HKEY	ParametersKey;
	HKEY	TcpIpKey;
	HKEY	UnderTcpKey;
	LONG	status;
	WCHAR	String[1024+1];
	DWORD	RegType;
	ULONG	BufLen;
	DWORD	DHCPEnabled;
	struct	sockaddr_in *TmpAddr, *TmpBroad;
	LONG	naddrs,nmasks,StringPos;
	DWORD	ZeroBroadcast;

	AdapterNameA = (char*)AdapterName;
	if(AdapterNameA[1] != 0) {	//ASCII
		AdapterNameU = SChar2WChar(AdapterNameA);
		AdapterName = AdapterNameU;
	} else {				//Unicode
		AdapterNameU = NULL;
	}
	ifname = wcsrchr(AdapterName, '\\');
	if (ifname == NULL)
		ifname = AdapterName;
	else
		ifname++;
	if (wcsncmp(ifname, L"NPF_", 4) == 0)
		ifname += 4;

	if(	RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces"), 0, KEY_READ, &UnderTcpKey) == ERROR_SUCCESS)
	{
		status = RegOpenKeyEx(UnderTcpKey,ifname,0,KEY_READ,&TcpIpKey);
		if (status != ERROR_SUCCESS) {
			RegCloseKey(UnderTcpKey);
			goto fail;
		}
	}
	else
	{
		
		// Query the registry key with the interface's adresses
		status = RegOpenKeyEx(HKEY_LOCAL_MACHINE,TEXT("SYSTEM\\CurrentControlSet\\Services"),0,KEY_READ,&SystemKey);
		if (status != ERROR_SUCCESS)
			goto fail;
		status = RegOpenKeyEx(SystemKey,ifname,0,KEY_READ,&InterfaceKey);
		if (status != ERROR_SUCCESS) {
			RegCloseKey(SystemKey);
			goto fail;
		}
		RegCloseKey(SystemKey);
		status = RegOpenKeyEx(InterfaceKey,TEXT("Parameters"),0,KEY_READ,&ParametersKey);
		if (status != ERROR_SUCCESS) {
			RegCloseKey(InterfaceKey);
			goto fail;
		}
		RegCloseKey(InterfaceKey);
		status = RegOpenKeyEx(ParametersKey,TEXT("TcpIp"),0,KEY_READ,&TcpIpKey);
		if (status != ERROR_SUCCESS) {
			RegCloseKey(ParametersKey);
			goto fail;
		}
		RegCloseKey(ParametersKey);
		BufLen = sizeof String;
	}

	BufLen = 4;
	/* Try to detect if the interface has a zero broadcast addr */
	status=RegQueryValueEx(TcpIpKey,TEXT("UseZeroBroadcast"),NULL,&RegType,(LPBYTE)&ZeroBroadcast,&BufLen);
	if (status != ERROR_SUCCESS)
		ZeroBroadcast=0;
	
	BufLen = 4;
	/* See if DHCP is used by this system */
	status=RegQueryValueEx(TcpIpKey,TEXT("EnableDHCP"),NULL,&RegType,(LPBYTE)&DHCPEnabled,&BufLen);
	if (status != ERROR_SUCCESS)
		DHCPEnabled=0;
	
	
	/* Retrieve the adrresses */
	if(DHCPEnabled){
		
		BufLen = sizeof String;
		// Open the key with the addresses
		status = RegQueryValueEx(TcpIpKey,TEXT("DhcpIPAddress"),NULL,&RegType,(LPBYTE)String,&BufLen);
		if (status != ERROR_SUCCESS) {
			RegCloseKey(TcpIpKey);
			goto fail;
		}

		// scan the key to obtain the addresses
		StringPos = 0;
		for(naddrs = 0;naddrs <* NEntries;naddrs++){
			TmpAddr = (struct sockaddr_in *) &(buffer[naddrs].IPAddress);
			
			if((TmpAddr->sin_addr.S_un.S_addr = inet_addrU(String + StringPos))!= -1){
				TmpAddr->sin_family = AF_INET;
				
				TmpBroad = (struct sockaddr_in *) &(buffer[naddrs].Broadcast);
				TmpBroad->sin_family = AF_INET;
				if(ZeroBroadcast==0)
					TmpBroad->sin_addr.S_un.S_addr = 0xffffffff; // 255.255.255.255
				else
					TmpBroad->sin_addr.S_un.S_addr = 0; // 0.0.0.0

				while(*(String + StringPos) != 0)StringPos++;
				StringPos++;
				
				if(*(String + StringPos) == 0 || (StringPos * sizeof (WCHAR)) >= BufLen)
					break;				
			}
			else break;
		}		
		
		BufLen = sizeof String;
		// Open the key with the netmasks
		status = RegQueryValueEx(TcpIpKey,TEXT("DhcpSubnetMask"),NULL,&RegType,(LPBYTE)String,&BufLen);
		if (status != ERROR_SUCCESS) {
			RegCloseK