group__npf__code.html

winpcap文档

</div>
</div><p>
<a class="anchor" name="g9a97dd25ae757da4bfed3723a4eb4bce"></a><!-- doxytag: member="Packet.h::NPF_BufferedWrite" ref="g9a97dd25ae757da4bfed3723a4eb4bce" args="(IN PIRP Irp, IN PCHAR UserBuff, IN ULONG UserBuffSize, BOOLEAN sync)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">INT NPF_BufferedWrite           </td>
          <td>(</td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PCHAR&nbsp;</td>
          <td class="paramname"> <em>UserBuff</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN ULONG&nbsp;</td>
          <td class="paramname"> <em>UserBuffSize</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">BOOLEAN&nbsp;</td>
          <td class="paramname"> <em>sync</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Writes a buffer of raw packets to the network. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>Irp</em>&nbsp;</td><td>Pointer to the IRP containing the user request. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>UserBuff</em>&nbsp;</td><td>Pointer to the buffer containing the packets to send. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>UserBuffSize</em>&nbsp;</td><td>Size of the buffer with the packets. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>sync</em>&nbsp;</td><td>If set to TRUE, the packets are transmitted respecting their timestamps. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The amount of bytes actually sent. If the return value is smaller than the Size parameter, an error occurred during the send. The error can be caused by an adapter problem or by an inconsistent/bogus user buffer.</dd></dl>
This function is called by the OS in consequence of a BIOCSENDPACKETSNOSYNC or a BIOCSENDPACKETSSYNC IOCTL. The buffer received as input parameter contains an arbitrary number of packets, each of which preceded by a <a class="el" href="structsf__pkthdr.html">sf_pkthdr</a> structure. <a class="el" href="group__NPF__code.html#g9a97dd25ae757da4bfed3723a4eb4bce">NPF_BufferedWrite()</a> scans the buffer and sends every packet via the NdisSend() function. When Sync is set to TRUE, the packets are synchronized with the KeQueryPerformanceCounter() function. This requires a remarkable amount of CPU, but allows to respect the timestamps associated with packets with a precision of some microseconds (depending on the precision of the performance counter of the machine). If Sync is false, the timestamps are ignored and the packets are sent as fat as possible. 
</div>
</div><p>
<a class="anchor" name="gfae94a0e7fda8de180cff6e596cc2803"></a><!-- doxytag: member="Packet.h::NPF_Cleanup" ref="gfae94a0e7fda8de180cff6e596cc2803" args="(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_Cleanup           </td>
          <td>(</td>
          <td class="paramtype">IN PDEVICE_OBJECT&nbsp;</td>
          <td class="paramname"> <em>DeviceObject</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Closes an instance of the driver. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>DeviceObject</em>&nbsp;</td><td>Pointer to the device object utilized by the user. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Irp</em>&nbsp;</td><td>Pointer to the IRP containing the user request. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK.</dd></dl>
This function is called when a running instance of the driver is closed by the user with a CloseHandle(). It stops the capture/monitoring/dump process, deallocates the memory and the objects associated with the instance and closing the files. The network adapter is then closed with a call to NdisCloseAdapter. 
</div>
</div><p>
<a class="anchor" name="gf8b70be389645c912cf09f1e9ea4b975"></a><!-- doxytag: member="Packet.h::NPF_Close" ref="gf8b70be389645c912cf09f1e9ea4b975" args="(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_Close           </td>
          <td>(</td>
          <td class="paramtype">IN PDEVICE_OBJECT&nbsp;</td>
          <td class="paramname"> <em>DeviceObject</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>

</div>
</div><p>
<a class="anchor" name="g300118a9a6cc28c2c880f6bb39d86b53"></a><!-- doxytag: member="Packet.h::NPF_CloseAdapterComplete" ref="g300118a9a6cc28c2c880f6bb39d86b53" args="(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_CloseAdapterComplete           </td>
          <td>(</td>
          <td class="paramtype">IN NDIS_HANDLE&nbsp;</td>
          <td class="paramname"> <em>ProtocolBindingContext</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN NDIS_STATUS&nbsp;</td>
          <td class="paramname"> <em>Status</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Ends the closing of an adapter. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>ProtocolBindingContext</em>&nbsp;</td><td>Context of the function. Contains a pointer to the OPEN_INSTANCE structure associated with the current instance. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Status</em>&nbsp;</td><td>Status of the close operation performed by NDIS.</td></tr>
  </table>
</dl>
Callback function associated with the NdisCloseAdapter() NDIS function. It is invoked by NDIS when the NIC driver has finished a close operation that was previously started by <a class="el" href="group__NPF__code.html#gf8b70be389645c912cf09f1e9ea4b975">NPF_Close()</a>. 
</div>
</div><p>
<a class="anchor" name="g76d4e48415cea8e0e65ba93d7355b89f"></a><!-- doxytag: member="Packet.h::NPF_CloseBinding" ref="g76d4e48415cea8e0e65ba93d7355b89f" args="(IN POPEN_INSTANCE pOpen)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_CloseBinding           </td>
          <td>(</td>
          <td class="paramtype">IN <a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>pOpen</em>          </td>
          <td>&nbsp;)&nbsp;</td>
          <td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>

</div>
</div><p>
<a class="anchor" name="gc911742b9f71c12c77452614db14c4a1"></a><!-- doxytag: member="Packet.h::NPF_CloseDumpFile" ref="gc911742b9f71c12c77452614db14c4a1" args="(POPEN_INSTANCE Open)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_CloseDumpFile           </td>
          <td>(</td>
          <td class="paramtype"><a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>Open</em>          </td>
          <td>&nbsp;)&nbsp;</td>
          <td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Closes the dump file associated with an instance of the driver. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>Open</em>&nbsp;</td><td>The NPF instance that closes the file. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK. </dd></dl>

</div>
</div><p>
<a class="anchor" name="gb282095d6b161cba67f29f5b59de06a6"></a><!-- doxytag: member="Packet.h::NPF_CloseOpenInstance" ref="gb282095d6b161cba67f29f5b59de06a6" args="(POPEN_INSTANCE pOpen)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_CloseOpenInstance           </td>
          <td>(</td>
          <td class="paramtype"><a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>pOpen</em>          </td>
          <td>&nbsp;)&nbsp;</td>
          <td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>

</div>
</div><p>
<a class="anchor" name="g1566082cef91cf79ba4a855e3f44ede9"></a><!-- doxytag: member="Packet.h::NPF_DumpThread" ref="g1566082cef91cf79ba4a855e3f44ede9" args="(PVOID Open)" -->
<div class="memitem">