|
5.6论坛监测的关键代码 http://www.paper51.com 接受线程 内容来自论文无忧网 www.paper51.com
DWORD WINAPI ReceiveProc( PHookAdapter pAdapter ) 内容来自www.paper51.com { 内容来自www.paper51.com DWORD nResult; http://www.paper51.com BOOL bSuccess; paper51.com
int i; http://www.paper51.com PReceivePackage pRxPackage, pRxPackage2; 内容来自论文无忧网 www.paper51.com
PSendPackage pTxPackage,pTxPackage2; paper51.com LPOVERLAPPED pCompletedOverlapped; paper51.com DWORD Key, NumberBytes; paper51.com NDIS_STATUS nNdisStatus; copyright paper51.com } paper51.com DWORD WINAPI ReceiveProc(PHookAdapter pAdapter ) 内容来自www.paper51.com { copyright paper51.com DWORD nResult; http://www.paper51.com BOOL bSuccess; 内容来自论文无忧网 www.paper51.com int i; 内容来自www.paper51.com PReceivePackage pRxPackage, pRxPackage2; copyright paper51.com PSendPackage pTxPackage,pTxPackage2; 内容来自论文无忧网 www.paper51.com LPOVERLAPPED pCompletedOverlapped; copyright paper51.com DWORD Key, NumberBytes; 内容来自www.paper51.com NDIS_STATUS nNdisStatus; copyright paper51.com printf( "Starting ReceiveThread\n" ); 内容来自论文无忧网 www.paper51.com // Use Send/Receive Key Instead OfpAdapter http://www.paper51.com
pAdapter->m_hReadPort =CreateIoCompletionPort( paper51.com INVALID_HANDLE_VALUE, //file handle to associate with I/O completionport 内容来自www.paper51.com
NULL, //optional handle to existing I/O completion port paper51.com
(DWORD ) pAdapter, //completion key 内容来自论文无忧网 www.paper51.com 2 //# of threads allowed to execute concurrently 内容来自论文无忧网 www.paper51.com
); copyright paper51.com
pAdapter->m_hReadPort =CreateIoCompletionPort(pAdapter->m_hDevice, //file handle to associate withI/O completion port copyright paper51.com
pAdapter->m_hReadPort,//optional handle to existing I/O completionport http://www.paper51.com (DWORD)pAdapter, //completion key http://www.paper51.com 2); //# of threads allowed to execute concurrently http://www.paper51.com } copyright paper51.com 数据链路层类型编码定义: copyright paper51.com #define DLT_NULL 0 /* no link-layerencapsulation */ http://www.paper51.com
#define DLT_EN10MB 1 /*Ethernet (10Mb) */ http://www.paper51.com #define DLT_EN3MB 2 /*Experimental Ethernet (3Mb) */ copyright paper51.com #define DLT_AX25 3 /* Amateur Radio AX.25*/ copyright paper51.com
#define DLT_PRONET 4 /* Proteon ProNET TokenRing */ http://www.paper51.com #define DLT_CHAOS 5 /*Chaos */ 内容来自论文无忧网 www.paper51.com #define DLT_IEEE802 6 /*IEEE 802 Networks */ paper51.com #define DLT_ARCNET 7 /* ARCNET */ copyright paper51.com
#define DLT_SLIP 8 /* Serial Line IP */ http://www.paper51.com #define DLT_PPP 9 /* Point-to-pointProtocol */ 内容来自www.paper51.com #define DLT_FDDI 10 /* FDDI */ 内容来自www.paper51.com #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm*/ copyright paper51.com #define DLT_RAW 12 /* raw IP */ http://www.paper51.com #define DLT_SLIP_BSDOS 13 /*BSD/OS Serial Line IP */ http://www.paper51.com #define DLT_PPP_BSDOS 14 /*BSD/OS Point-to-point Protocol */] http://www.paper51.com 其他编码定义: copyright paper51.com
#define BPF_CLASS (code)((code) & 0x07) paper51.com #define BPF_LD 0x00 paper51.com #define BPF_LDX 0x01 http://www.paper51.com
#define BPF_ST 0x02 paper51.com
#define BPF_STX 0x03 http://www.paper51.com
#define BPF_ALU 0x04 paper51.com #define BPF_JMP 0x05 内容来自论文无忧网 www.paper51.com #define BPF_RET 0x06 copyright paper51.com #define BPF_MISC 0x07 http://www.paper51.com #define BPF_SIZE (code) ((code) & 0x18) copyright paper51.com
#define BPF_W 0x00 内容来自www.paper51.com
#define BPF_H 0x08 paper51.com
#define BPF_B 0x10 http://www.paper51.com #define BPF_MODE (code) ((code) & 0xe0) 内容来自论文无忧网 www.paper51.com
#define BPF_IMM 0x00 paper51.com #define BPF_ABS 0x20 copyright paper51.com #define BPF_IND 0x40 http://www.paper51.com #define BPF_MEM 0x60 paper51.com #define BPF_LEN 0x80 内容来自www.paper51.com #define BPF_MSH 0xa0 内容来自www.paper51.com
#define BPF_OP(code) ((code)& 0xf0) http://www.paper51.com #define BPF_ADD 0x00 paper51.com
#define BPF_SUB 0x10 内容来自www.paper51.com #define BPF_MUL 0x20 http://www.paper51.com #define BPF_DIV 0x30 paper51.com
#define BPF_OR 0x40 内容来自论文无忧网 www.paper51.com #define BPF_AND 0x50 paper51.com #define BPF_LSH 0x60 paper51.com
#define BPF_RSH 0x70 内容来自www.paper51.com #define BPF_NEG 0x80 内容来自论文无忧网 www.paper51.com #define BPF_JA 0x00 内容来自论文无忧网 www.paper51.com #define BPF_JEQ 0x10 paper51.com #define BPF_JGT 0x20 内容来自www.paper51.com
#define BPF_JGE 0x30 内容来自论文无忧网 www.paper51.com
#define BPF_JSET 0x40 内容来自论文无忧网 www.paper51.com #define BPF_SRC(code) ((code)& 0x08) 内容来自www.paper51.com #define BPF_K 0x00 http://www.paper51.com #define BPF_X 0x08 copyright paper51.com 显示目的和源的MAC地址: 内容来自www.paper51.com
void HP_Display802_3Packet( PW32N_PACKET pW32NPacket ) http://www.paper51.com { 内容来自www.paper51.com USHORTnLengthOrType; copyright paper51.com // paper51.com // DisplayLink-Layer Addresses 内容来自www.paper51.com // copyright paper51.com printf("802.3 " ); 内容来自论文无忧网 www.paper51.com printf("Dest: %2.2X.%2.2X.%2.2X.%2.2X.%2.2X.%2.2X ", 内容来自论文无忧网 www.paper51.com (char * )pW32NPacket->PacketBuffer[ MDstAddr + 0 ], 内容来自论文无忧网 www.paper51.com (char * )pW32NPacket->PacketBuffer[ MDstAddr + 1 ], copyright paper51.com (char * )pW32NPacket->PacketBuffer[ MDstAddr + 2 ], copyright paper51.com
(char * )pW32NPacket->PacketBuffer[ MDstAddr + 3 ], 内容来自论文无忧网 www.paper51.com (char * )pW32NPacket->PacketBuffer[ MDstAddr + 4 ], paper51.com (char * )pW32NPacket->PacketBuffer[ MDstAddr + 5 ] paper51.com ); 内容来自论文无忧网 www.paper51.com printf("Src: %2.2X.%2.2X.%2.2X.%2.2X.%2.2X.%2.2X ", 内容来自论文无忧网 www.paper51.com (char * )pW32NPacket->PacketBuffer[ MSrcAddr + 0 ], paper51.com
(char * )pW32NPacket->PacketBuffer[ MSrcAddr + 1 ], copyright paper51.com (char * )pW32NPacket->PacketBuffer[ MSrcAddr + 2 ], 内容来自www.paper51.com (char * )pW32NPacket->PacketBuffer[ MSrcAddr + 3 ], 内容来自论文无忧网 www.paper51.com (char * )pW32NPacket->PacketBuffer[ MSrcAddr + 4 ], 内容来自www.paper51.com (char * )pW32NPacket->PacketBuffer[ MSrcAddr + 5 ] copyright paper51.com ); paper51.com 开始所有包的读取 内容来自www.paper51.com for( i = 0; i < pAdapter->m_nPackageCount; i++ ) 内容来自www.paper51.com { 内容来自论文无忧网 www.paper51.com
pRxPackage =&pAdapter->m_pRxPackageBase[ i ]; 内容来自论文无忧网 www.paper51.com
W32N_PacketRead( copyright paper51.com pAdapter->m_hDevice, 内容来自论文无忧网 www.paper51.com
&pRxPackage->UserPacketData, paper51.com &pRxPackage->nBytesReturned, paper51.com
&pRxPackage->OverLapped, copyright paper51.com FALSE ); 内容来自论文无忧网 www.paper51.com } 内容来自www.paper51.com 循环直到Shutdown 内容来自论文无忧网 www.paper51.com while( !g_bShutdown ) http://www.paper51.com { 内容来自www.paper51.com pCompletedOverlapped = NULL; copyright paper51.com bSuccess = GetQueuedCompletionStatus( http://www.paper51.com
pAdapter->m_hReadPort, 内容来自论文无忧网 www.paper51.com &NumberBytes, paper51.com &Key, 内容来自www.paper51.com &pCompletedOverlapped, 内容来自www.paper51.com (DWORD)-1 内容来自论文无忧网 www.paper51.com ); http://www.paper51.com If ( g_bShutdown ) 内容来自www.paper51.com { 内容来自www.paper51.com break; http://www.paper51.com } copyright paper51.com
If ( !bSuccess ) http://www.paper51.com { 内容来自www.paper51.com printf("GetQueuedCompletionStatus\n" ); 内容来自论文无忧网 www.paper51.com
break; paper51.com
} 内容来自www.paper51.com
If ( pAdapter != (PHookAdapter )Key ) 内容来自论文无忧网 www.paper51.com { http://www.paper51.com
printf( "Key Invalid\n" ); copyright paper51.com break; paper51.com
} http://www.paper51.com
If ( !pCompletedOverlapped ) paper51.com { paper51.com
continue; paper51.com } copyright paper51.com If (!pCompletedOverlapped->OffsetHigh ) http://www.paper51.com { copyright paper51.com continue; copyright paper51.com } 内容来自www.paper51.com } 内容来自www.paper51.com |