例程吐血提供 unsigned long _stdcall AdapterMonitor(void *Param) { char buffer[256000]; // buffer to hold the data coming from the driver char *AdapterName=(char *)Param; LogEvent(AdapterName); ADAPTER *lpAdapter = PacketOpenAdapter(AdapterName); if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE)) return GetLastError(); // set the network adapter in promiscuous mode PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_ALL_LOCAL);//NDIS_PACKET_TYPE_PROMISCUOUS);// // set a 512K buffer in the driver PacketSetBuff(lpAdapter,512000); // set a 1 second read timeout PacketSetReadTimeout(lpAdapter,1000); //allocate and initialize a packet structure that will be used to //receive the packets. PACKET *lpPacket; if((lpPacket = PacketAllocatePacket())==NULL) return (-1); PacketInitPacket(lpPacket,(char*)buffer,256000); lpAdapter->ReadEvent=CreateEvent(NULL,true,false,AdapterName); //main capture loop do { if(WaitForSingleObject(lpAdapter->ReadEvent,10)!=WAIT_TIMEOUT) if(PacketReceivePacket(lpAdapter,lpPacket,TRUE)!=FALSE) { EventStringGen((char *)lpPacket);//buffer); lpPacket->ulBytesReceived=0; } }while(WaitForSingleObject(hControl,50)==WAIT_TIMEOUT); CloseHandle(lpAdapter->ReadEvent); PacketFreePacket(lpPacket); PacketCloseAdapter(lpAdapter); return 0; } unsigned long __declspec(dllexport) _stdcall MonitorThread(void *Param) { long ErrorCode=0; char ErrorString[256]; ServiceParams *Parameter=(ServiceParams *)Param; ServiceThreadID=Parameter->ServiceThreadID; MonitorID=Parameter->MonitorID; // Parameter->BufferPtr=BufferPtr; // Parameter->BufferSize=BufferSize=MAX_STORE; //====================================================== PortMap.Add(1,"TCPMUX");// TCP Port Service Multiplexer PortMap.Add (5,"RJE");// Remote Job Entry PortMap.Add(7,"ECHO");//Echo PortMap.Add(9,"DISCARD");// Discard PortMap.Add(11,"USERS");// Active Users PortMap.Add(13,"DAYTIME");//Daytime PortMap.Add(17,"Quote");// Quote of the Day PortMap.Add(19,"CHARGEN");// Character Generator PortMap.Add(20,"FTP-DATA");// File Transfer (Data Channel) PortMap.Add(21,"FTP");// File Transfer (Control Channel) PortMap.Add(23,"TELNET");//TELNET PortMap.Add(25,"SMTP");// Simple Mail Transfer PortMap.Add(27,"NSW-FE");// NSW User System FE PortMap.Add(29,"MSG-ICP");// MSG-ICP PortMap.Add(31,"MSG-AUTH");// MSG Authentication PortMap.Add(33,"DSP");// Display Support Protocol PortMap.Add(35,"Printer");// Private Printer Server PortMap.Add(37,"TIME");// Time PortMap.Add(39,"RLP");// Resource Location Protocol PortMap.Add(41,"GRAPHICS");// Graphics PortMap.Add(42,"NAMESERVER");// Host Name Server PortMap.Add(43,"NICNAME");// Who Is PortMap.Add(49,"LOGIN");// Login Host Protocol PortMap.Add(53,"DOMAIN");// Domain Name Server PortMap.Add(67,"BOOTPS");// Bootstrap Protocol Server PortMap.Add(68,"BOOTPC");// Bootstrap Protocol Client PortMap.Add(69,"TFTP");// Trivial File Transfer Protocol PortMap.Add(79,"FINGER");// Finger PortMap.Add(101,"HOSTNAMENIC");// Host Name Server PortMap.Add(102,"ISO-TSAP");// ISO TSAP PortMap.Add(103,"X400");// X.400 PortMap.Add(104,"X400SND");// X.400 SND PortMap.Add(105,"CSNET-NSCSNET");//Mailbox Name Server PortMap.Add(109,"POP2");// Post Office Protocol v2 PortMap.Add(110,"POP3");// Post Office Protocol v3 PortMap.Add(111,"SUNRPC");// SUN RPC Portmap PortMap.Add(137,"NETBIOS-NS");// NETBIOS Name Service PortMap.Add(138,"NETBIOS-DGMNET");// BIOS Datagram Service PortMap.Add(139,"NETBIOS-SSNNET");// BIOS Session Service PortMap.Add(146,"ISO-TP0");//ISO TP0 PortMap.Add(147,"ISO-IP");// ISO IP PortMap.Add(150,"SQL-NET");// SQL-NET PortMap.Add(153,"SGMP");// SGMP PortMap.Add(156,"SQLSRV");//SQL Service PortMap.Add(160,"SGMP-TRAP5");// SGMP TRAPS PortMap.Add(161,"SNMP");// SNMP PortMap.Add(162,"SNMPTRAP");// SNMPTRAP PortMap.Add(163,"CMIP-MANAGE");// CMIP/TCP Manager PortMap.Add(164,"CMIP-AGENT");// CMIP/TCP Agent PortMap.Add(165,"XNS-COURIER");// Xerox Network PortMap.Add(179,"BGP");// Border Gateway Protocol PortMap.Add(80,"HTTP"); PortMap.Add(135,"MS_NetBEUI"); PortMap.Add(4000,"ICQ"); PortMap.Add(7000,"OICQ"); PortMap.Add(8000,"HTTP-Proxy"); //========================================================== hEvent=Parameter->hEvent; hControl=Parameter->hControl; LogEvent=Parameter->LogEvent; SetEvent(hEvent); LogEvent("NModule Starting"); try { IsNT = GetVersion() < 0x80000000; ResetEvent(hControl); //================================================================== char AdapterList[10][1024]; WCHAR AdapterName[512]; // string that contains a list of the network adapters //ascii strings (win95) char AdapterNamea[512]; // string that contains a list of the network adapters int AdapterNum=0; ULONG AdapterLength; AdapterLength=512; int i=0; if (IsNT) { // Windows NT PacketGetAdapterNames((char *)AdapterName,&AdapterLength); char *temp=(char *)AdapterName; char *temp1=(char *)AdapterName; while ((*temp!='\0')||(*(temp-1)!='\0')) { if (*temp=='\0') { memcpy(AdapterList[i],temp1,(temp-temp1)*2); temp1=temp+1; i++; } temp++; } } else //windows 95 { PacketGetAdapterNames(AdapterNamea,&AdapterLength); char *tempa=AdapterNamea; char *temp1a=AdapterNamea; while ((*tempa!='\0')||(*(tempa-1)!='\0')) { if (*tempa=='\0') { memcpy(AdapterList[i],temp1a,tempa-temp1a); temp1a=tempa+1; i++; } tempa++; } } LogEvent("GetAdapterNames"); AdapterNum=i; unsigned long MonitorThreadID; InitializeCriticalSection(&CriticalSection); LogEvent("InitializeCriticalSection"); HANDLE lpHandles[10]; for(i=0;i<AdapterNum&&i<10;i++) lpHandles[i]=CreateThread(NULL,0,AdapterMonitor,(void *)AdapterList[i],0,&MonitorThreadID); /*====================================================================*/ LogEvent("CreateAdapterMonitorThread"); while(WaitForSingleObject(hControl,100)==WAIT_TIMEOUT); SetEvent(hControl); WaitForMultipleObjects(AdapterNum,lpHandles,true,1000); } catch(...) { LogEvent(ErrorString); // Add PostThreadMessage to Service Thread to Declare Monitor Thread Terminated } /*====================================================================*/ SetEvent(hEvent); DeleteCriticalSection(&CriticalSection); return ErrorCode; }
unsigned long _stdcall AdapterMonitor(void *Param)
{
char buffer[256000]; // buffer to hold the data coming from the driver
char *AdapterName=(char *)Param;
LogEvent(AdapterName);
ADAPTER *lpAdapter = PacketOpenAdapter(AdapterName);
if (!lpAdapter || (lpAdapter->hFile == INVALID_HANDLE_VALUE))
return GetLastError();
// set the network adapter in promiscuous mode
PacketSetHwFilter(lpAdapter,NDIS_PACKET_TYPE_ALL_LOCAL);//NDIS_PACKET_TYPE_PROMISCUOUS);//
// set a 512K buffer in the driver
PacketSetBuff(lpAdapter,512000);
// set a 1 second read timeout
PacketSetReadTimeout(lpAdapter,1000);
//allocate and initialize a packet structure that will be used to
//receive the packets.
PACKET *lpPacket;
if((lpPacket = PacketAllocatePacket())==NULL)
return (-1);
PacketInitPacket(lpPacket,(char*)buffer,256000);
lpAdapter->ReadEvent=CreateEvent(NULL,true,false,AdapterName);
//main capture loop
do
{
if(WaitForSingleObject(lpAdapter->ReadEvent,10)!=WAIT_TIMEOUT)
if(PacketReceivePacket(lpAdapter,lpPacket,TRUE)!=FALSE)
{
EventStringGen((char *)lpPacket);//buffer);
lpPacket->ulBytesReceived=0;
}
}while(WaitForSingleObject(hControl,50)==WAIT_TIMEOUT);
CloseHandle(lpAdapter->ReadEvent);
PacketFreePacket(lpPacket);
PacketCloseAdapter(lpAdapter);
return 0;
}
unsigned long __declspec(dllexport) _stdcall MonitorThread(void *Param)
{
long ErrorCode=0;
char ErrorString[256];
ServiceParams *Parameter=(ServiceParams *)Param;
ServiceThreadID=Parameter->ServiceThreadID;
MonitorID=Parameter->MonitorID;
// Parameter->BufferPtr=BufferPtr;
// Parameter->BufferSize=BufferSize=MAX_STORE;
//======================================================
PortMap.Add(1,"TCPMUX");// TCP Port Service Multiplexer
PortMap.Add (5,"RJE");// Remote Job Entry
PortMap.Add(7,"ECHO");//Echo
PortMap.Add(9,"DISCARD");// Discard
PortMap.Add(11,"USERS");// Active Users
PortMap.Add(13,"DAYTIME");//Daytime
PortMap.Add(17,"Quote");// Quote of the Day
PortMap.Add(19,"CHARGEN");// Character Generator
PortMap.Add(20,"FTP-DATA");// File Transfer (Data Channel)
PortMap.Add(21,"FTP");// File Transfer (Control Channel)
PortMap.Add(23,"TELNET");//TELNET
PortMap.Add(25,"SMTP");// Simple Mail Transfer
PortMap.Add(27,"NSW-FE");// NSW User System FE
PortMap.Add(29,"MSG-ICP");// MSG-ICP
PortMap.Add(31,"MSG-AUTH");// MSG Authentication
PortMap.Add(33,"DSP");// Display Support Protocol
PortMap.Add(35,"Printer");// Private Printer Server
PortMap.Add(37,"TIME");// Time
PortMap.Add(39,"RLP");// Resource Location Protocol
PortMap.Add(41,"GRAPHICS");// Graphics
PortMap.Add(42,"NAMESERVER");// Host Name Server
PortMap.Add(43,"NICNAME");// Who Is
PortMap.Add(49,"LOGIN");// Login Host Protocol
PortMap.Add(53,"DOMAIN");// Domain Name Server
PortMap.Add(67,"BOOTPS");// Bootstrap Protocol Server
PortMap.Add(68,"BOOTPC");// Bootstrap Protocol Client
PortMap.Add(69,"TFTP");// Trivial File Transfer Protocol
PortMap.Add(79,"FINGER");// Finger
PortMap.Add(101,"HOSTNAMENIC");// Host Name Server
PortMap.Add(102,"ISO-TSAP");// ISO TSAP
PortMap.Add(103,"X400");// X.400
PortMap.Add(104,"X400SND");// X.400 SND
PortMap.Add(105,"CSNET-NSCSNET");//Mailbox Name Server
PortMap.Add(109,"POP2");// Post Office Protocol v2
PortMap.Add(110,"POP3");// Post Office Protocol v3
PortMap.Add(111,"SUNRPC");// SUN RPC Portmap
PortMap.Add(137,"NETBIOS-NS");// NETBIOS Name Service
PortMap.Add(138,"NETBIOS-DGMNET");// BIOS Datagram Service
PortMap.Add(139,"NETBIOS-SSNNET");// BIOS Session Service
PortMap.Add(146,"ISO-TP0");//ISO TP0
PortMap.Add(147,"ISO-IP");// ISO IP
PortMap.Add(150,"SQL-NET");// SQL-NET
PortMap.Add(153,"SGMP");// SGMP
PortMap.Add(156,"SQLSRV");//SQL Service
PortMap.Add(160,"SGMP-TRAP5");// SGMP TRAPS
PortMap.Add(161,"SNMP");// SNMP
PortMap.Add(162,"SNMPTRAP");// SNMPTRAP
PortMap.Add(163,"CMIP-MANAGE");// CMIP/TCP Manager
PortMap.Add(164,"CMIP-AGENT");// CMIP/TCP Agent
PortMap.Add(165,"XNS-COURIER");// Xerox Network
PortMap.Add(179,"BGP");// Border Gateway Protocol
PortMap.Add(80,"HTTP");
PortMap.Add(135,"MS_NetBEUI");
PortMap.Add(4000,"ICQ");
PortMap.Add(7000,"OICQ");
PortMap.Add(8000,"HTTP-Proxy");
//==========================================================
hEvent=Parameter->hEvent;
hControl=Parameter->hControl;
LogEvent=Parameter->LogEvent;
SetEvent(hEvent);
LogEvent("NModule Starting");
try
{
IsNT = GetVersion() < 0x80000000;
ResetEvent(hControl);
//==================================================================
char AdapterList[10][1024];
WCHAR AdapterName[512]; // string that contains a list of the network adapters
//ascii strings (win95)
char AdapterNamea[512]; // string that contains a list of the network adapters
int AdapterNum=0;
ULONG AdapterLength;
AdapterLength=512;
int i=0;
if (IsNT)
{ // Windows NT
PacketGetAdapterNames((char *)AdapterName,&AdapterLength);
char *temp=(char *)AdapterName;
char *temp1=(char *)AdapterName;
while ((*temp!='\0')||(*(temp-1)!='\0'))
{
if (*temp=='\0')
{
memcpy(AdapterList[i],temp1,(temp-temp1)*2);
temp1=temp+1;
i++;
}
temp++;
}
}
else //windows 95
{
PacketGetAdapterNames(AdapterNamea,&AdapterLength);
char *tempa=AdapterNamea;
char *temp1a=AdapterNamea;
while ((*tempa!='\0')||(*(tempa-1)!='\0'))
{
if (*tempa=='\0')
{
memcpy(AdapterList[i],temp1a,tempa-temp1a);
temp1a=tempa+1;
i++;
}
tempa++;
}
}
LogEvent("GetAdapterNames");
AdapterNum=i;
unsigned long MonitorThreadID;
InitializeCriticalSection(&CriticalSection);
LogEvent("InitializeCriticalSection");
HANDLE lpHandles[10];
for(i=0;i<AdapterNum&&i<10;i++)
lpHandles[i]=CreateThread(NULL,0,AdapterMonitor,(void *)AdapterList[i],0,&MonitorThreadID);
/*====================================================================*/
LogEvent("CreateAdapterMonitorThread");
while(WaitForSingleObject(hControl,100)==WAIT_TIMEOUT);
SetEvent(hControl);
WaitForMultipleObjects(AdapterNum,lpHandles,true,1000);
}
catch(...)
{
LogEvent(ErrorString);
// Add PostThreadMessage to Service Thread to Declare Monitor Thread Terminated
}
/*====================================================================*/
SetEvent(hEvent);
DeleteCriticalSection(&CriticalSection);
return ErrorCode;
}
大不了给分你就是了。
不过我给出的代码是我目前正在做的一个东西中的代码
不是Examples中的