aureliuh

Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • in reply to: LHmon problems #6061
    aureliuh
    Participant

    The driver is not the miteded one. and the code is exactly the code from the package cbuilder


    #include
    #include
    #include
    #include
    #include "includecommon.h"
    #include "includelhmonapi.h"

    //

    #pragma hdrstop

    //

    #pragma argsused

    int main(int argc, char* argv[])
    {
    LOG_INFO LogInfo;
    FILTER_INFO FilterInfo;

    memset (&LogInfo, 0, sizeof (LOG_INFO));
    memset (&FilterInfo, 0, sizeof (FILTER_INFO));

    CLhmonApi api;

    if (!api.IsDriverLoaded())
    return 0;

    DWORD dwVersion = api.GetVersion();

    api.SetLoggingState(1);
    api.SetMaximumLogSize (100);

    HANDLE hEvent = OpenEvent (EVENT_ALL_ACCESS, FALSE, "LhmonEvent");

    FilterInfo.m_Address.m_Ip = 0x00000000; // 127.0.0.1
    FilterInfo.m_Address.m_Mask = 0x00000000; // 255.0.0.0
    FilterInfo.m_PortRange.m_StartRange = 0x0; // 0
    FilterInfo.m_PortRange.m_EndRange = 0xFFFF; // 65535
    FilterInfo.m_LocalPortRange.m_StartRange = 0x0;
    FilterInfo.m_LocalPortRange.m_EndRange = 0xFFFF;
    FilterInfo.m_Protocol = TCP;

    api.AddFilter (&FilterInfo);

    unsigned int k, m, i = 0;

    while (i < 100)
    {
    memset (&LogInfo, 2 , sizeof (LOG_INFO));
    if ( api.ReadLog ( &LogInfo ) )
    {
    ++i;
    printf ("i=%un", i);
    printf ("LogInfo.m_ID = %dn", LogInfo.m_ID);
    printf ("LogInfo.m_LocalAddress.m_Ip = 0x%Xn", LogInfo.m_LocalAddress.m_Ip);
    printf ("LogInfo.m_LocalAddress.m_Port = %dn", LogInfo.m_LocalAddress.m_Port);
    printf ("LogInfo.m_RemoteAddress.m_Ip = 0x%Xn", LogInfo.m_RemoteAddress.m_Ip);
    printf ("LogInfo.m_RemoteAddress.m_Port = %dn", LogInfo.m_RemoteAddress.m_Port);
    printf ("LogInfo.m_Protocol = %dn", LogInfo.m_Protocol);
    printf ("LogInfo.m_Offset = %dn", LogInfo.m_Offset);
    printf ("LogInfo.m_Flags = 0x%.8Xn", LogInfo.m_Flags);
    printf ("LogInfo.m_DataLength = %dn", LogInfo.m_DataLength);
    printf ("LogInfo.m_ProcessID = %dn", LogInfo.m_ProcessID);

    printf ("nn");
    }
    else
    {
    if (hEvent && (hEvent != INVALID_HANDLE_VALUE))
    {
    WaitForSingleObject (hEvent, INFINITE);
    ResetEvent (hEvent);
    }
    }
    }

    api.SetLoggingState(0);
    api.PurgeLog();
    api.RemoveAllFilters();

    CloseHandle (hEvent);

    return 0;
    }
    in reply to: Modify TTL of the packets #5994
    aureliuh
    Participant

    My problem is that the incoming packets have TTL=1 and beacause of this I can not get the packets behind a router.
    The only solution is to modify the packet’s ttl=5 so I can get the packets over the router

Viewing 2 posts - 1 through 2 (of 2 total)