Toxic

Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • September 1, 2007 at 9:24 pm in reply to: Network Monitor API synchronization #6426
    Toxic
    Participant

      I’ve sent email. Thanks in advance 🙂

      August 31, 2007 at 9:18 pm in reply to: Network Monitor API synchronization #6424
      Toxic
      Participant

        Ok, then another things…

        1. When I set event filter mask as follows

        FilterInfo.m_FilterMask = EVENT_MASK_RCV | EVENT_MASK_RCV_DGM | EVENT_MASK_SND | EVENT_MASK_SND_DGM;

        then remote IP in PLOG_INFO structure is always equal to local IP. When I set 

        FilterInfo.m_FilterMask = EVENT_MASK_FULL;

        remote IP is shown correctly.

        2. I’ve modified Monitor example to group events by app/localIP/remoteIP/protocol as follows (rest part of example is unchanged):

        //declared earlier
        
//typedef struct _STAT_ENTRY
        
//{
        
//	LONGLONG		totalSent;
        
//	LONGLONG		totalRecv;
        
//	char			szProcName[NT_PROCNAMELEN + 1];
        
//	unsigned long	localAddr;
        
//	unsigned long	remoteAddr;
        
//	unsigned long	protocol;
        
//} STAT_ENTRY;
        
//
        
//vector	g_Entries;
        

        
while(i < 20)
        
{
        
if (!api.ReadLog((PLOG_INFO)Buffer, BufferLength))
        
{
        
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
        
{
        
BufferLength += 0x1000;
        
if (!(Buffer = (PUCHAR)HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Buffer, BufferLength)))
        
{
        
_tprintf (TEXT("can't allocate %i bytes! abortn"), BufferLength);
        
break;
        
}
        
continue;
        
}
        
if (api.GetWaitEvent())
        
api.WaitForData(INFINITE);
        
else
        
Sleep(1000);
        

        
continue;
        
}
        

        
i++;
        
BytesProcessed = 0;
        
BytesRead = api.GetBytesReturned();
        

        
LogInfo = (PLOG_INFO)Buffer;
        
for (j = 0; BytesProcessed < BytesRead; j++)
        
{
        
if (!LogInfo->m_GroupID && !LogInfo->m_OperationStatus)
        
{
        
for (unsigned int l = 0; l < g_Entries.size(); l++)
        
{
        
if (g_Entries[l].remoteAddr == LogInfo->m_RemoteAddress.m_Ip && g_Entries[l].localAddr == LogInfo->m_LocalAddress.m_Ip && g_Entries[l].protocol == LogInfo->m_Protocol)
        
{
        
if(!_stricmp(g_Entries[l].szProcName, LogInfo->m_szProcessName))
        
{
        
if (LogInfo->m_EvtType == TDI_EVT_RCV) g_Entries[l].totalRecv += LogInfo->m_FullDataLength;
        
if (LogInfo->m_EvtType == TDI_EVT_SND) g_Entries[l].totalSent += LogInfo->m_FullDataLength;
        
break;
        
}
        
}
        
}
        

        
if (l >= g_Entries.size())
        
{
        
STAT_ENTRY se = {0L, 0L};
        
if (LogInfo->m_EvtType == TDI_EVT_RCV) se.totalRecv = LogInfo->m_FullDataLength;
        
if (LogInfo->m_EvtType == TDI_EVT_SND) se.totalSent = LogInfo->m_FullDataLength;
        
se.localAddr = LogInfo->m_LocalAddress.m_Ip;
        
se.remoteAddr = LogInfo->m_RemoteAddress.m_Ip;
        
se.protocol = LogInfo->m_Protocol;
        
strncpy(se.szProcName, LogInfo->m_szProcessName, sizeof(se.szProcName));
        
g_Entries.push_back(se);
        
}
        
}
        

        
BytesProcessed += sizeof(*LogInfo) + LogInfo->m_DataLength;
        
LogInfo += (PLOG_INFO)((PUCHAR)Buffer + BytesProcessed);
        
}
        
}

        After launching example I use browser to download some data. Strange thing that totalRecv field in each entry is always zero and totalSent contains received data size.

      • Author
        Posts
      Viewing 2 posts - 1 through 2 (of 2 total)