aureliuh

Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • in reply to: LHmon problems #6061
    aureliuh
    Participant

      The driver is not the miteded one. and the code is exactly the code from the package cbuilder


      #include
      #include
      #include
      #include
      #include "includecommon.h"
      #include "includelhmonapi.h"

      //

      #pragma hdrstop

      //

      #pragma argsused

      int main(int argc, char* argv[])
      {
      LOG_INFO LogInfo;
      FILTER_INFO FilterInfo;

      memset (&LogInfo, 0, sizeof (LOG_INFO));
      memset (&FilterInfo, 0, sizeof (FILTER_INFO));

      CLhmonApi api;

      if (!api.IsDriverLoaded())
      return 0;

      DWORD dwVersion = api.GetVersion();

      api.SetLoggingState(1);
      api.SetMaximumLogSize (100);

      HANDLE hEvent = OpenEvent (EVENT_ALL_ACCESS, FALSE, "LhmonEvent");

      FilterInfo.m_Address.m_Ip = 0x00000000; // 127.0.0.1
      FilterInfo.m_Address.m_Mask = 0x00000000; // 255.0.0.0
      FilterInfo.m_PortRange.m_StartRange = 0x0; // 0
      FilterInfo.m_PortRange.m_EndRange = 0xFFFF; // 65535
      FilterInfo.m_LocalPortRange.m_StartRange = 0x0;
      FilterInfo.m_LocalPortRange.m_EndRange = 0xFFFF;
      FilterInfo.m_Protocol = TCP;

      api.AddFilter (&FilterInfo);

      unsigned int k, m, i = 0;

      while (i < 100)
      {
      memset (&LogInfo, 2 , sizeof (LOG_INFO));
      if ( api.ReadLog ( &LogInfo ) )
      {
      ++i;
      printf ("i=%un", i);
      printf ("LogInfo.m_ID = %dn", LogInfo.m_ID);
      printf ("LogInfo.m_LocalAddress.m_Ip = 0x%Xn", LogInfo.m_LocalAddress.m_Ip);
      printf ("LogInfo.m_LocalAddress.m_Port = %dn", LogInfo.m_LocalAddress.m_Port);
      printf ("LogInfo.m_RemoteAddress.m_Ip = 0x%Xn", LogInfo.m_RemoteAddress.m_Ip);
      printf ("LogInfo.m_RemoteAddress.m_Port = %dn", LogInfo.m_RemoteAddress.m_Port);
      printf ("LogInfo.m_Protocol = %dn", LogInfo.m_Protocol);
      printf ("LogInfo.m_Offset = %dn", LogInfo.m_Offset);
      printf ("LogInfo.m_Flags = 0x%.8Xn", LogInfo.m_Flags);
      printf ("LogInfo.m_DataLength = %dn", LogInfo.m_DataLength);
      printf ("LogInfo.m_ProcessID = %dn", LogInfo.m_ProcessID);

      printf ("nn");
      }
      else
      {
      if (hEvent && (hEvent != INVALID_HANDLE_VALUE))
      {
      WaitForSingleObject (hEvent, INFINITE);
      ResetEvent (hEvent);
      }
      }
      }

      api.SetLoggingState(0);
      api.PurgeLog();
      api.RemoveAllFilters();

      CloseHandle (hEvent);

      return 0;
      }
      in reply to: Modify TTL of the packets #5994
      aureliuh
      Participant

        My problem is that the incoming packets have TTL=1 and beacause of this I can not get the packets behind a router.
        The only solution is to modify the packet’s ttl=5 so I can get the packets over the router

      Viewing 2 posts - 1 through 2 (of 2 total)