The driver is not the miteded one. and the code is exactly the code from the package cbuilder
#include
#include
#include
#include
#include "includecommon.h"
#include "includelhmonapi.h"
//
#pragma hdrstop
//
#pragma argsused
int main(int argc, char* argv[])
{
LOG_INFO LogInfo;
FILTER_INFO FilterInfo;
memset (&LogInfo, 0, sizeof (LOG_INFO));
memset (&FilterInfo, 0, sizeof (FILTER_INFO));
CLhmonApi api;
if (!api.IsDriverLoaded())
return 0;
DWORD dwVersion = api.GetVersion();
api.SetLoggingState(1);
api.SetMaximumLogSize (100);
HANDLE hEvent = OpenEvent (EVENT_ALL_ACCESS, FALSE, "LhmonEvent");
FilterInfo.m_Address.m_Ip = 0x00000000; // 127.0.0.1
FilterInfo.m_Address.m_Mask = 0x00000000; // 255.0.0.0
FilterInfo.m_PortRange.m_StartRange = 0x0; // 0
FilterInfo.m_PortRange.m_EndRange = 0xFFFF; // 65535
FilterInfo.m_LocalPortRange.m_StartRange = 0x0;
FilterInfo.m_LocalPortRange.m_EndRange = 0xFFFF;
FilterInfo.m_Protocol = TCP;
api.AddFilter (&FilterInfo);
unsigned int k, m, i = 0;
while (i < 100)
{
memset (&LogInfo, 2 , sizeof (LOG_INFO));
if ( api.ReadLog ( &LogInfo ) )
{
++i;
printf ("i=%un", i);
printf ("LogInfo.m_ID = %dn", LogInfo.m_ID);
printf ("LogInfo.m_LocalAddress.m_Ip = 0x%Xn", LogInfo.m_LocalAddress.m_Ip);
printf ("LogInfo.m_LocalAddress.m_Port = %dn", LogInfo.m_LocalAddress.m_Port);
printf ("LogInfo.m_RemoteAddress.m_Ip = 0x%Xn", LogInfo.m_RemoteAddress.m_Ip);
printf ("LogInfo.m_RemoteAddress.m_Port = %dn", LogInfo.m_RemoteAddress.m_Port);
printf ("LogInfo.m_Protocol = %dn", LogInfo.m_Protocol);
printf ("LogInfo.m_Offset = %dn", LogInfo.m_Offset);
printf ("LogInfo.m_Flags = 0x%.8Xn", LogInfo.m_Flags);
printf ("LogInfo.m_DataLength = %dn", LogInfo.m_DataLength);
printf ("LogInfo.m_ProcessID = %dn", LogInfo.m_ProcessID);
printf ("nn");
}
else
{
if (hEvent && (hEvent != INVALID_HANDLE_VALUE))
{
WaitForSingleObject (hEvent, INFINITE);
ResetEvent (hEvent);
}
}
}
api.SetLoggingState(0);
api.PurgeLog();
api.RemoveAllFilters();
CloseHandle (hEvent);
return 0;
}