Page 2 – NT KERNEL

Forum Replies Created

Viewing 9 posts - 16 through 24 (of 24 total)

← 1 2

Author

Posts
June 5, 2006 at 1:19 pm in reply to: LHmon problems #6062
Anton
Participant
Hi,aureliuh

Please, provide the version of API that you are using. The code you’ve posted is not form the latest API package.

Thank you.
April 26, 2006 at 5:16 pm in reply to: Quession about Device Filter #6042
Anton
Participant
The current version doesn’t support request data saving. But you can copy-paste it from the “Request detailes” window.
April 5, 2006 at 3:48 pm in reply to: LHMonAPI #6015
Anton
Participant
Yes, you can use the handle returned from GetWaitEvent with your WaitForMultipeObjects calls. It’s just a handle to LHMonEvent.
March 24, 2006 at 11:58 am in reply to: Exluding local traffic using ‘Local Host Monitor API’ #6010
Anton
Participant
Current version doesn’t distinguish the “remote” incoming traffic and the “local” incoming traffic. The only thing you can do is to narrow your filter port range.
September 10, 2004 at 11:35 am in reply to: Create TDI enpoint connection error, please help? #5625
Anton
Participant
1. You should set EaValue to ULONG “Connetion context”

dwSize = FIELD_OFFSET( FILE_FULL_EA_INFORMATION, EaName[0] ) + TDI_CONNECTION_CONTEXT_LENGTH + 1 + sizeof(CONNECTION_CONTEXT);

eaInfo = (PFILE_FULL_EA_INFORMATION)ExAllocatePool(PagedPool, dwSize);

eaInfo->NextEntryOffset = 0;
eaInfo->Flags = 0;
eaInfo->EaNameLength = TDI_CONNECTION_CONTEXT_LENGTH;
eaInfo->EaValueLength = sizeof(CONNECTION_CONTEXT);

RtlCopyMemory(
eaInfo->EaName,
TdiConnectionContext,
TDI_CONNECTION_CONTEXT_LENGTH+1
);

RtlCopyMemory(
&eaInfo->EaName[TDI_CONNECTION_CONTEXT_LENGTH+1],
pConnectionContext,
sizeof(CONNECTION_CONTEXT)
);

2. It’s better to open “connection endpoint” with the following attributes:
ZwCreateFile(
Handle, // Handle
GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE, // Desired Access
&ObjectAttributes, // Object Attributes
&IoStatusBlock, // Final I/O status block
0, // Allocation Size
FILE_ATTRIBUTE_NORMAL, // Normal attributes
FILE_SHARE_READ, // Sharing attributes
FILE_OPEN_IF, // Create disposition
0, // CreateOptions
pConnectionContextEa, // EA Buffer
TransportEaBufferLength // EA length
);
July 15, 2004 at 9:34 am in reply to: How to list all current logon NT Domain users? #5589
Anton
Participant
I use LsaEnumLogonSessioN, but seems miss a lot

Really? As far as I can see LsaEnumerateLogonSessions doesn’t show anonimous logon session only. All other sessions are in the list…
January 6, 2004 at 8:57 am in reply to: local address/adapter #5436
Anton
Participant
The only way is to send IOCTL_TCP_QUERY_INFORMATION_EX request after address object was created.
December 24, 2003 at 1:57 pm in reply to: Can anyone give me example of Visual Basic ? #5431
Anton
Participant
This will help, I hope
```
Option Strict On

Imports LHMONAPILib

Module Module1



Sub Main()

Dim Lhmon As LhmonApi = New LhmonApi



If Not Lhmon.IsDriverLoaded Then

MsgBox("Delay value should be greater or equal to 0", MsgBoxStyle.Critical)

Return

End If



Dim FilterInfo As _FILTER_INFO = New _FILTER_INFO



Lhmon.Capture = False

Lhmon.PurgeLog()



FilterInfo.m_Address.m_Ip = Convert.ToUInt32(0)

FilterInfo.m_Address.m_Mask = Convert.ToUInt32(0)

FilterInfo.m_PortRange.m_StartRange = Convert.ToUInt16(0)

FilterInfo.m_PortRange.m_EndRange = Convert.ToUInt16(65535)

FilterInfo.m_LocalPortRange.m_StartRange = Convert.ToUInt16(0)

FilterInfo.m_LocalPortRange.m_EndRange = Convert.ToUInt16(65535)

FilterInfo.m_Protocol = _PROTOCOL.TCP

Lhmon.AddFilter(FilterInfo)



FilterInfo.m_Address.m_Ip = Convert.ToUInt32(0)

FilterInfo.m_Address.m_Mask = Convert.ToUInt32(0)

FilterInfo.m_PortRange.m_StartRange = Convert.ToUInt16(0)

FilterInfo.m_PortRange.m_EndRange = Convert.ToUInt16(65535)

FilterInfo.m_LocalPortRange.m_StartRange = Convert.ToUInt16(0)

FilterInfo.m_LocalPortRange.m_EndRange = Convert.ToUInt16(65535)

FilterInfo.m_Protocol = _PROTOCOL.UDP

Lhmon.AddFilter(FilterInfo)



Lhmon.Capture = True



Dim LogInfo As _LOG_INFO = New LHMONAPILib._LOG_INFO

Dim fbSuccess As Boolean

fbSuccess = True

While True



Do

fbSuccess = Lhmon.ReadLog(LogInfo)

If fbSuccess And Not LogInfo.m_Offset.Equals(0) Then

Console.WriteLine("Record" + LogInfo.m_ID.ToString())

Console.WriteLine("LogInfo.m_LocalAddress.m_Ip = " + LogInfo.m_LocalAddress.m_Ip.ToString())

Console.WriteLine("LogInfo.m_LocalAddress.m_Port = " + LogInfo.m_LocalAddress.m_Port.ToString())

Console.WriteLine("LogInfo.m_RemoteAddress.m_Ip = " + LogInfo.m_RemoteAddress.m_Ip.ToString())

Console.WriteLine("LogInfo.m_RemoteAddress.m_Port = " + LogInfo.m_RemoteAddress.m_Port.ToString())

Console.WriteLine("LogInfo.m_Protocol = " + LogInfo.m_Protocol.ToString())

Console.WriteLine("LogInfo.m_Offset = " + LogInfo.m_Offset.ToString())

Console.WriteLine("LogInfo.m_Flags = " + LogInfo.m_Flags.ToString())

Console.WriteLine("LogInfo.m_DataLength = " + LogInfo.m_DataLength.ToString())

Console.WriteLine("LogInfo.m_ProcessID = " + LogInfo.m_ProcessID.ToString())

Console.WriteLine("")



End If

Loop Until Not fbSuccess

System.Threading.Thread.Sleep(100)

End While



End Sub



End Module
```
December 11, 2003 at 12:14 pm in reply to: Enumerate all non-plug and play drivers #5430
Anton
Participant
Use setupapi functions. Something like this:
```
unsigned                 devIndex;

SP_DEVINFO_DATA devInfo;

ULONG                   ulStatus, ulProblemNumber;

CONFIGRET            crRet;



HDEVINFO devs;

devs = SetupDiGetClassDevsEx(NULL,NULL,NULL,DIGCF_ALLCLASSES,NULL,NULL,NULL);



devInfo.cbSize = sizeof(devInfo);

for(devIndex=0;SetupDiEnumDeviceInfo(devs,devIndex,&devInfo);devIndex++)

{

crRet=CM_Get_DevNode_Status(&ulStatus,&ulProblemNumber,devInfo.DevInst,0);

if ( ( crRet == CR_SUCCESS ) && (ulStatus & DN_LEGACY_DRIVER ) )

{

if ( SetupDiGetDeviceRegistryProperty(devs,&devInfo,SPDRP_DEVICEDESC,NULL,(PBYTE)Buffer,sizeof Buffer,ULL) )

_tprintf(TEXT("%sn"),Buffer );

}

}



SetupDiDestroyDeviceInfoList ( devs );
```
Author

Posts

Viewing 9 posts - 16 through 24 (of 24 total)

← 1 2