I want to create a connection table, but I dont understand the messages which came from your tdimon driver.
what event is necessary to create my connection table?
Message #=1
Request origination
LogInfo.m_ID = 1
LogInfo.m_EvtType = Create
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 127.0.0.1:2298
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 0
Message #=2
Request origination
LogInfo.m_ID = 2
LogInfo.m_EvtType = Create
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 0.0.0.0:0
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 0
Message #=3
Request origination
LogInfo.m_ID = 3
LogInfo.m_EvtType = Associate Address
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 127.0.0.1:2298
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 4
00 2B E2 86 .+..
Message #=4
Request origination
LogInfo.m_ID = 4
LogInfo.m_EvtType = Create
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 0.0.0.0:0
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 0
Message #=5
Request origination
LogInfo.m_ID = 5
LogInfo.m_EvtType = Associate Address
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 127.0.0.1:2298
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 4
00 2B E2 86 .+..
Message #=16
Request completion
LogInfo.m_ID = 16
LogInfo.m_EvtType = Incoming Connection
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 127.0.0.1:2298
LogInfo.m_RemoteAddress.m_Ip = 127.0.0.1:2299
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 16
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Message #=17
Request completion
LogInfo.m_ID = 17
LogInfo.m_EvtType = Accept
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 127.0.0.1:2298
LogInfo.m_RemoteAddress.m_Ip = 127.0.0.1:2299
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 16
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Message #=18
Request origination
LogInfo.m_ID = 18
LogInfo.m_EvtType = Incoming Connection
LogInfo.m_OperationStatus = TDI_MORE_PROCESSING
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 127.0.0.1:2298
LogInfo.m_RemoteAddress.m_Ip = 127.0.0.1:2299
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 16
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Message #=24
Request completion
LogInfo.m_ID = 24
LogInfo.m_EvtType = Close
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 0.0.0.0:0
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 0
Message #=25
Request origination
LogInfo.m_ID = 25
LogInfo.m_EvtType = Disassociate Address
LogInfo.m_OperationStatus = TDI_SUCCESS
LogInfo.m_Protocol = TCP
LogInfo.m_LocalAddress.m_Ip = 0.0.0.0:0
LogInfo.m_RemoteAddress.m_Ip = 0.0.0.0:0
LogInfo.m_szProcessName = thunderbird.exe:2180
LogInfo.m_DataOffset = 0
LogInfo.m_DataLength = 4
00 00 00 00 ....
what does it mean?
these messages are the same…but why were messages sent twice??
can you tell me which event type should me used to add the process, port and address to my connection table?
and which event should remove the entry in my connection table?
i hope you can help me……