Filter Table will not load

Home Forums Discussions Support Portal Filter Table will not load

This topic contains 9 replies, has 2 voices, and was last updated by  couttsj 2 years, 10 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #5414

    couttsj
    Participant

    What should the total length of a STATIC_FILTER be?. I am upgrading to Version 3.2.3 from 3.0.7.1, and I have got everything working except the filter. SetPacketFilterTable returns zero.

    J.A. Coutts

    #7185

    Vadim Smirnov
    Moderator

    Filter related structures were updated, but it should be enough to recompile your code with latest header files to fix any possible incompatibilities.

    #7186

    couttsj
    Participant

    I am using Visual Basic, so I have to convert C++ code. Knowing what the correct length is will make it easier for me to figure out if I have converted correctly.

    J.A. Coutts

    #7187

    Vadim Smirnov
    Moderator

    sizeof(STATIC_FILTER) = 181 bytes

    #7188

    couttsj
    Participant

    Thanks SerpentFly. I had 184. Since all the other elements seemed to be adjusted on 4 byte boundaries, I assumed that TCPUDP_FILTER was as well. Unfortunately, after removing the 3 byte padding to get 181 bytes, the static filter will still not load. Here is what I have got.

    Code:
    Public Type STATIC_FILTER
    m_Adapter As ULARGE_INTEGER ‘(8)Adapter handle extended to 64 bit size for structure compatibility across x64 and x86
    m_dwDirectionFlags As Long ‘(4)PACKET_FLAG_ON_SEND or/and PACKET_FLAG_ON_RECEIVE
    m_FilterAction As Long ‘(4)FILTER_PACKET_XXX
    m_ValidFields As Long ‘(4)Specifies which of the fileds below contain valid values and should be matched against the packet

    ‘Statistics for the filter
    m_LastReset As Long ‘(4)Time of the last counters reset (in seconds passed since 1 Jan 1980)
    m_PacketsIn As ULARGE_INTEGER ‘(8)Incoming packets passed through this filter
    m_BytesIn As ULARGE_INTEGER ‘(8)Incoming bytes passed through this filter
    m_PacketsOut As ULARGE_INTEGER ‘(8)Outgoing packets passed through this filter
    m_BytesOut As ULARGE_INTEGER ‘(8)Outgoing bytes passed through this filter

    m_DataLinkFilter As DATA_LINK_LAYER_FILTER ‘(24)
    m_NetworkFilter As NETWORK_LAYER_FILTER ‘(84)
    m_TransportFilter As TRANSPORT_LAYER_FILTER ‘(17)
    End Type ‘(181)

    J.A. Coutts

    #7189

    Vadim Smirnov
    Moderator

    Do you use VB.NET for your project? I think I could create a CLS-compliant assembly wrapper for ndisapi.dll to resolve difficulties of this kind…

    #7190

    couttsj
    Participant

    Sorry for the delay in responding, but I have trying to resolve cryptography issues on Win 8.1 with Microsoft.

    I am using VB6. VB.net is not flexible enough for my purposes.

    J.A. Coutts

    #7191

    couttsj
    Participant

    So I did a memory dump on the Filter Table and mapped it out:
    Filter Table:
    02 00 00 00 – Table Size
    00 00 00 00 00 00 00 00 – m_Adapter
    03 00 00 00 – m_dwDirectionFlags
    03 00 00 00 – m_FilterAction
    06 00 00 00 – m_ValidFields
    00 00 00 00 – m_LastReset
    00 00 00 00 00 00 00 00 – m_PacketsIn
    00 00 00 00 00 00 00 00 – m_BytesIn
    00 00 00 00 00 00 00 00 – m_PacketsOut
    00 00 00 00 00 00 00 00 – m_BytesOut (56)
    DATA_LINK_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    ETH_802_3_FILTER
    00 00 00 00 – m_ValidFields
    00 00 00 00 00 00 – m_SrcAddress
    00 00 00 00 00 00 – m_DestAddress
    00 00 – m_Protocol
    00 00 – Padding (24)
    NETWORK_LAYER_FILTER
    01 00 00 00 – m_dwUnionSelector
    IP_V4_FILTER
    04 00 00 00 – m_ValidFields
    00 00 00 00 00 00 00 00
    00 00 00 00 – m_SrcAddress
    00 00 00 00 00 00 00 00
    00 00 00 00 – m_DestAddress
    11 – m_Protocol
    00 00 00 – Padding
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 – Padding (84)
    TRANSPORT_LAYER_FILTER
    01 00 00 00 – m_dwUnionSelector
    TCPUDP_FILTER
    02 00 00 00 – m_ValidFields
    00 00 – m_StartRange
    00 00 – m_EndRange
    35 00 – m_StartRange
    35 00 – m_EndRange
    00 – m_TCPFlags (17)
    ** 00 00 00 – ? **
    00 00 00 00 00 00 00 00 – m_Adapter
    03 00 00 00 – m_dwDirectionFlags
    01 00 00 00 – m_FilterAction
    00 00 00 00 – m_ValidFields
    00 00 00 00 – m_LastReset
    00 00 00 00 00 00 00 00 – m_PacketsIn
    00 00 00 00 00 00 00 00 – m_BytesIn
    00 00 00 00 00 00 00 00 – m_PacketsOut
    00 00 00 00 00 00 00 00 – m_BytesOut (56)
    DATA_LINK_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    ETH_802_3_FILTER
    00 00 00 00 – m_ValidFields
    00 00 00 00 00 00 – m_SrcAddress
    00 00 00 00 00 00 – m_DestAddress
    00 00 – m_Protocol
    00 00 – Padding (24)
    NETWORK_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    IP_V4_FILTER
    00 00 00 00 – m_ValidFields
    00 00 00 00 00 00 00
    00 00 00 00 – m_SrcAddress
    00 00 00 00 00 00 00
    00 00 00 00 – m_DestAddress
    00 – m_Protocol
    00 00 00 – Padding
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 – Padding (84)
    TRANSPORT_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    TCPUDP_FILTER
    00 00 00 00 – m_ValidFields
    00 00 – m_StartRange
    00 00 – m_EndRange
    00 00 – m_StartRange
    00 00 – m_EndRange
    00 – m_TCPFlags (17)
    00 00 00 – ?
    00 00 00 00 00 00 00 00 – m_Adapter
    00 00 00 00 – m_dwDirectionFlags
    00 00 00 00 – m_FilterAction
    00 00 00 00 – m_ValidFields
    00 00 00 00 – m_LastReset
    00 00 00 00 00 00 00 00 – m_PacketsIn
    00 00 00 00 00 00 00 00 – m_BytesIn
    00 00 00 00 00 00 00 00 – m_PacketsOut
    00 00 00 00 00 00 00 00 – m_BytesOut (56)
    DATA_LINK_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    ETH_802_3_FILTER
    00 00 00 00 – m_ValidFields
    00 00 00 00 00 00 – m_SrcAddress
    00 00 00 00 00 00 – m_DestAddress
    00 00 – m_Protocol
    00 00 – Padding (24)
    NETWORK_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    IP_V4_FILTER
    00 00 00 00 – m_ValidFields
    00 00 00 00 00 00 00 00
    00 00 00 00 – m_SrcAddress
    00 00 00 00 00 00 00 00
    00 00 00 00 – m_DestAddress
    00 – m_Protocol
    00 00 00 – Padding
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 – Padding (84)
    TRANSPORT_LAYER_FILTER
    00 00 00 00 – m_dwUnionSelector
    TCPUDP_FILTER
    00 00 00 00 – m_ValidFields
    00 00 – m_StartRange
    00 00 – m_EndRange
    00
    Total Bytes (547)
    The individual Static Filters each reported the correct length (181), and the table itself with space allocated for 3 Static Filters reported the correct length (547). But the second filter was installed on a word boundary leaving 3 extra bytes between the first and second static filters.

    Could this be causing the failure to install the filter table?

    J.A. Coutts

    #7192

    couttsj
    Participant

    Now I am completely baffled. I transferred the program to Win 8.1, and the filter table loads just fine. Don’t know if it works yet, but at least it loads. The only difference between the 2 machines is that the Vista machine is a 32 bit OS and the Win 8.1 is 64 bit.

    J.A. Coutts

    #7193

    couttsj
    Participant

    Problem solved. When I upgraded to 3.2.3, the helper file “ndisapi.dll” did not get upgraded.

    J.A. Coutts

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.