group__npf__code.html

winpcap文档

<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_DumpThread           </td>
          <td>(</td>
          <td class="paramtype">PVOID&nbsp;</td>
          <td class="paramname"> <em>Open</em>          </td>
          <td>&nbsp;)&nbsp;</td>
          <td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
The dump thread. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>Open</em>&nbsp;</td><td>The NPF instance that creates the thread.</td></tr>
  </table>
</dl>
This function moves the content of the NPF kernel buffer to file. It runs in the user context, so at lower priority than the TAP. 
</div>
</div><p>
<a class="anchor" name="g8bad85679d2e8c57f7501052f9b07284"></a><!-- doxytag: member="Packet.h::NPF_GetDeviceMTU" ref="g8bad85679d2e8c57f7501052f9b07284" args="(IN POPEN_INSTANCE pOpen, IN PIRP pIrp, OUT PUINT pMtu)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_GetDeviceMTU           </td>
          <td>(</td>
          <td class="paramtype">IN <a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>pOpen</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>pIrp</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">OUT PUINT&nbsp;</td>
          <td class="paramname"> <em>pMtu</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>

</div>
</div><p>
<a class="anchor" name="gd8b208720b6e5149dabcd7fb058b16f7"></a><!-- doxytag: member="Packet.h::NPF_IoControl" ref="gd8b208720b6e5149dabcd7fb058b16f7" args="(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_IoControl           </td>
          <td>(</td>
          <td class="paramtype">IN PDEVICE_OBJECT&nbsp;</td>
          <td class="paramname"> <em>DeviceObject</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Handles the IOCTL calls. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>DeviceObject</em>&nbsp;</td><td>Pointer to the device object utilized by the user. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Irp</em>&nbsp;</td><td>Pointer to the IRP containing the user request. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK.</dd></dl>
Once the packet capture driver is opened it can be configured from user-level applications with IOCTL commands using the DeviceIoControl() system call. NPF_IoControl receives and serves all the IOCTL calls directed to NPF. The following commands are recognized:<ul>
<li><a class="el" href="group__NPF__include.html#g71817d3a52bf0ec819934a5f688a172c">BIOCSETBUFFERSIZE</a></li><li><a class="el" href="group__NPF__include.html#gf85f500f68404076ac60ffe6e08818da">BIOCSETF</a></li><li><a class="el" href="group__NPF__include.html#g8ae8be8faa281644d8be1cda38b826bd">BIOCGSTATS</a></li><li><a class="el" href="group__NPF__include.html#g327015c2b2e347212b571d1fa3aa2f54">BIOCSRTIMEOUT</a></li><li><a class="el" href="group__NPF__include.html#gd1012b82859d09864d246b1fa99d48d6">BIOCSMODE</a></li><li><a class="el" href="group__NPF__include.html#g1436997ce2947bbbe22b5400254438a1">BIOCSWRITEREP</a></li><li><a class="el" href="group__NPF__include.html#ga827e3441e3f84abc7df5e30fcee96d1">BIOCSMINTOCOPY</a></li><li><a class="el" href="group__NPF__include.html#gbf9a4779fd5281607510edc8b5d766dd">BIOCSETOID</a></li><li><a class="el" href="group__NPF__include.html#g5a0ab3231052ff323817e288dab2f127">BIOCQUERYOID</a></li><li><a class="el" href="group__NPF__include.html#gc8b51f8abae12f57a2ea8e8e4c0cd53c">BIOCSETDUMPFILENAME</a></li><li><a class="el" href="group__NPF__include.html#gdd9e03a96d297a33d7cee4d750c34eff">BIOCGEVNAME</a></li><li><a class="el" href="group__NPF__include.html#gb4d41e91e460bb101ef8ddb622a8e010">BIOCSENDPACKETSSYNC</a></li><li><a class="el" href="group__NPF__include.html#gc50830dc08762383dcb203a66e5c853d">BIOCSENDPACKETSNOSYNC</a> </li></ul>

</div>
</div><p>
<a class="anchor" name="g82e557625e52fe4395bbe2e494fe8c4a"></a><!-- doxytag: member="Packet.h::NPF_Open" ref="g82e557625e52fe4395bbe2e494fe8c4a" args="(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_Open           </td>
          <td>(</td>
          <td class="paramtype">IN PDEVICE_OBJECT&nbsp;</td>
          <td class="paramname"> <em>DeviceObject</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN PIRP&nbsp;</td>
          <td class="paramname"> <em>Irp</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Opens a new instance of the driver. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>DeviceObject</em>&nbsp;</td><td>Pointer to the device object utilized by the user. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Irp</em>&nbsp;</td><td>Pointer to the IRP containing the user request. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK.</dd></dl>
This function is called by the OS when a new instance of the driver is opened, i.e. when a user application performs a CreateFile on a device created by NPF. NPF_Open allocates and initializes variables, objects and buffers needed by the new instance, fills the OPEN_INSTANCE structure associated with it and opens the adapter with a call to NdisOpenAdapter. 
</div>
</div><p>
<a class="anchor" name="g155ae51be29c6d36f8109781b8f6e7b2"></a><!-- doxytag: member="Packet.h::NPF_OpenAdapterComplete" ref="g155ae51be29c6d36f8109781b8f6e7b2" args="(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">VOID NPF_OpenAdapterComplete           </td>
          <td>(</td>
          <td class="paramtype">IN NDIS_HANDLE&nbsp;</td>
          <td class="paramname"> <em>ProtocolBindingContext</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN NDIS_STATUS&nbsp;</td>
          <td class="paramname"> <em>Status</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">IN NDIS_STATUS&nbsp;</td>
          <td class="paramname"> <em>OpenErrorStatus</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Ends the opening of an adapter. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>ProtocolBindingContext</em>&nbsp;</td><td>Context of the function. Contains a pointer to the OPEN_INSTANCE structure associated with the current instance. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>Status</em>&nbsp;</td><td>Status of the opening operation performed by NDIS. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>OpenErrorStatus</em>&nbsp;</td><td>not used by NPF.</td></tr>
  </table>
</dl>
Callback function associated with the NdisOpenAdapter() NDIS function. It is invoked by NDIS when the NIC driver has finished an open operation that was previously started by <a class="el" href="group__NPF__code.html#g82e557625e52fe4395bbe2e494fe8c4a">NPF_Open()</a>. 
</div>
</div><p>
<a class="anchor" name="ge3d1118c72b474fe214517a65afdfe09"></a><!-- doxytag: member="Packet.h::NPF_OpenDumpFile" ref="ge3d1118c72b474fe214517a65afdfe09" args="(POPEN_INSTANCE Open, PUNICODE_STRING fileName, BOOLEAN append)" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">NTSTATUS NPF_OpenDumpFile           </td>
          <td>(</td>
          <td class="paramtype"><a class="el" href="struct__OPEN__INSTANCE.html">POPEN_INSTANCE</a>&nbsp;</td>
          <td class="paramname"> <em>Open</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">PUNICODE_STRING&nbsp;</td>
          <td class="paramname"> <em>fileName</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">BOOLEAN&nbsp;</td>
          <td class="paramname"> <em>append</em></td><td>&nbsp;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td><td width="100%"></td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
Creates the file that will receive the packets when the driver is in dump mode. 
<p>
<dl compact><dt><b>Parameters:</b></dt><dd>
  <table border="0" cellspacing="2" cellpadding="0">
    <tr><td valign="top"></td><td valign="top"><em>Open</em>&nbsp;</td><td>The NPF instance that opens the file. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>fileName</em>&nbsp;</td><td>Pointer to a UNICODE string containing the name of the file. </td></tr>
    <tr><td valign="top"></td><td valign="top"><em>append</em>&nbsp;</td><td>Boolean value that specifies if the data must be appended to the file. </td></tr>
  </table>
</dl>
<dl class="return" compact><dt><b>Returns:</b></dt><dd>The status of the operation. See ntstatus.h in the DDK. </dd></dl>

</div>
</div><p>
<a class="anchor" name="g8831b54dcd5361e81ddf0d3165f1fb8f"></a><!-- doxytag: member="Packet.h::NPF_QueryRegistryRoutine" ref="g8831b54dcd5361e81ddf0d3165f1fb8f" args="(IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)" -->