dcsimg
Results 1 to 21 of 21

Thread: Calling winPcap from vb6

  1. #1

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Calling winPcap from vb6

    I have an app that does some tracking of tcp connections and statistics about individual connections using extended tcp statistics. In order to enable eStats and gather the information I capture the packet flow and look for the 3 way handshake and the obviously the connection ending.

    I have a working version using raw sockets and also a version that uses a legacy activeX wrapper (packetX) around WinPcap. The raw sockets version works well. The packetX version is slow and by the time my app gets the packets the connection is already gone more than half the time.

    In order to get the best performance (best means least CPU) I want to try to call WinPcap directly. I have tried really hard but don't seem to be able to get it going. I think I have two issues. One is that I believe WinPcap is compiled _Cdecl and the second is that I just do not seem to be able to get the function declare statements correct.

    Does anyone have any ideas on how to do this or if it is possible at all?

    I know it should be but after googling a million different things and looking at all sorts of alternatives like nPcap, WinPktFilter etc I just dont seem to be able to get anything of this nature working in VB. I have some c++ but its super limited.

  2. #2
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    18,550

    Re: Calling winPcap from vb6

    To even move forward, you'll need the functions definitions. cDecl can be called from VB using thunks and/or DispCallFunc API, but you need to know what functions to call and how to call them.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  3. #3

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Thanks for your reply. Yes I get that. I will post the definitions from the winPcap documentation that I am trying to call.

  4. #4

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    BTW does the undocumented cDecl keyword in the prodecure declare statement actually do anything?

  5. #5
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    18,550

    Re: Calling winPcap from vb6

    Quote Originally Posted by vbwins View Post
    BTW does the undocumented cDecl keyword in the prodecure declare statement actually do anything?
    For the compiler -- yes. That keyword determines how the stack is cleaned up once the function is called and the callee returns. VB expects stdCall functions, so its stack clean-up is based on that expectation. Mixing the two without the knowledge of one or the other (caller, callee) results in stack corruption.

    The DispCallFunc API can call various calling conventions, but has a bit of a learning curve for its usage. Thunks are simply routines written to executable memory that are told which calling convention is expected by the caller and callee and its code adjusts the stack properly, as needed. A tad bit more complex than that, but that is the gist.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  6. #6

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Lets start with this one.

    BOOLEAN PacketGetAdapterNames ( PTSTR pStr,
    PULONG BufferSize
    )

    Retrieve the list of available network adapters and their description.

    Parameters:
    pStr User allocated string that will be filled with the names of the adapters.
    BufferSize Length of the buffer pointed by pStr. If the function fails, this variable contains the number of bytes that are needed to contain the adapter list.


    I would think I should pass a strptr value as a long for the pStr and a long by length for the buffer length? This is in packet.dll

    ftp://hacktic.nl/pub/security/packet...et32.html#ga87

  7. #7

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Lets start with this one.

    BOOLEAN PacketGetAdapterNames ( PTSTR pStr,
    PULONG BufferSize
    )

    Retrieve the list of available network adapters and their description.

    Parameters:
    pStr User allocated string that will be filled with the names of the adapters.
    BufferSize Length of the buffer pointed by pStr. If the function fails, this variable contains the number of bytes that are needed to contain the adapter list.


    I would think I should pass a strptr value as a long for the pStr and a long by length for the buffer length? This is in packet.dll

    ftp://hacktic.nl/pub/security/packet...et32.html#ga87

    But I either get the dreaded bad dll calling convention or the process gets blown away with an AV.

  8. #8
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    18,550

    Re: Calling winPcap from vb6

    Ask the question or find the answer, you'll want to know what each of the variable types mean, relative to VB. I don't know if this is the right source. https://docs.microsoft.com/en-us/win...ows-data-types

    Based on that link: BOOL is defined as a TYPEDEF, which I believe is just 1 byte, but not sure. PULONG is defined as a pointer to a unsigned long value. PTSTR is either a pointer to a Unicode or ANSI string, and depends on how the DLL is compiled -- either using the Unicode directive or not. In any case, if we are talking about pointers, typically the value is passed ByRef. Unicode strings passed ByRef are done as ByVal StrPtr().

    I am going to assume PTSTR is ANSI vs Unicode. You need to verify whether the DLL is written for ANSI or Unicode.

    Others will correct me if I am wrong
    Code:
    Declare Function PacketGetAdapterNames Lib "whatever.dll"(pStr As Any, ByRef BufferSize As Long) As Long
    - since not sure how many bytes BOOL uses, may want to test 1st byte of return value & expect other bytes to be junk?
    - String can be passed like: ByVal myString for ANSI or ByVal StrPtr(myString) for unicode

    Again, if cDecl, you can't safely call this directly from VB anyway. Hope the above link and attempted translation of the function is helpful. Others with far more experience in converting C to VB will likely chime in since that stuff is in their playground.
    Last edited by LaVolpe; Jun 18th, 2019 at 09:48 AM.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  9. #9

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Here is a link to the c++ header file for packet.dll if that helps.

    https://github.com/mscdex/cap/blob/m...ude/Packet32.h


    To even get started I need to be able to call

    BOOLEAN PacketGetAdapterNames(PTSTR pStr,PULONG BufferSize);

  10. #10

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Thanks LaVolpe. Will continue to try.

  11. #11

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    This gives bad dll calling convention.

    Removing the "as long" from the function definition results in vb ide getting blown away.

    Option Explicit
    Private Declare Function PacketGetAdapterNames Lib "packet.dll" (ByVal stringBuffer As Long, ByRef bufferLength As Long) As Long
    Private Sub Form_Load()
    Dim bufferLength As Long
    Dim strBuffer As String
    strBuffer = Space$(100)
    bufferLength = 100
    If PacketGetAdapterNames(StrPtr(strBuffer), bufferLength) Then
    End If
    End Sub

  12. #12
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    18,550

    Re: Calling winPcap from vb6

    If that function is cDecl calling convention, you already didn't heed my warnings -- don't call cDecl directly with a VB API declaration. Use DispCallFunc API or a Type Library with the cDecl functions declared in it (think you can find posts on that topic).

    FYI: When removing the "As Long", then you use "As Any" and pass parameter ByVal if needed. But above statement remains valid.

    And regarding the Bad calling convention -- most likely related to cDecl or having the return value or a parameter vartype declared wrong.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  13. #13
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    18,550

    Re: Calling winPcap from vb6

    Just FYI. Awhile back I wrote a wrapper for the DispCallFunc api. You can find it in the code bank
    http://www.vbforums.com/showthread.p...all-DLL-Calls)

    Edited: A sample call might look like this. Review the 1st two posts on that thread for more details. In a sense, that class becomes your adhoc API declarations via its function parameters.
    Code:
    Debug.Print myClass.CallFunction_DLL("packet.dll", "PacketGetAdapterNames", STR_NONE, _
           CR_LONG, CC_CDECL, StrPtr(strBuffer), VarPtr(bufferLength))
    FYI: When I used the above call, bufferLength was returned as zero, Err.LastDllError = 122 (ERROR_INSUFFICIENT_BUFFER). So the call worked and the DLL changed the value. From what I gather, bufferLength is set to zero when no adapters found. P.S. Looks as if the return value should be byte after reviewing the disassembled dll function -- only 8 bits of the eax register are being modified but Long is ok too, just look at the low byte

    I did not install winPcap, just downloaded packets.dll -- so return value probably expected.
    Last edited by LaVolpe; Jun 18th, 2019 at 12:46 PM.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  14. #14

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Thank you very much. I will continue and if I get a working example will post it in code bank.

  15. #15
    Junior Member
    Join Date
    Apr 2009
    Posts
    23

    Re: Calling winPcap from vb6

    Don't suppose there was ever a working example?

  16. #16

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    So yes there is. When I get some time I will pull the guts out of my code and post it up. Bottom line is that I needed to use LaVolpe's universal dll caller which I wrapped in my support dll for my code.

    Sorry but I am on a sprint and it will take me a few days to post it up.

  17. #17

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    So yes there is. When I get some time I will pull the guts out of my code and post it up. Bottom line is that I needed to use LaVolpe's universal dll caller which I wrapped in my support dll for my code.

    Sorry but I am on a sprint and it will take me a few days to post it up. In the mean time this may help you.

    There is a bunch of stuff you dont need and you will not find CacheFunction_DLL or callCachedFunction in LaVolpes class but you can substitute CallFunction_DLL for callCachedFunction and ignore the CacheFuncton_Dll

    Bottom line is that if you read this in conjunction with the wPcap documentation it should help.

    Steps

    1) Get a list of adapters
    2) Open the ones you want
    3) Set up your filters etc
    4) Loop forever calling pcap_next_ex

    There is also some threading functions in the code you can ignore. As I said pulling out a reusable version will take me a while.

    Hope this helps.

    PS. I am sorry my indentations never show up here.

    Code:
    Public Function tcpAgentInitialiseWPcapEx() As Boolean
    10        On Error GoTo errorHandler
              
              Dim Adapters() As String
              
              Dim goodAdapters() As String
              
              Dim caller As New OMATcpAgentUtilities.cUniversalDLLCalls
              
              Dim aCount As Long
              
              Dim aIdx As Long
              
              Dim aUpper As Long
              
              Dim hAdapt As Long
              
              Dim errorBuff As String
              
              Dim linkType As Long
              
              Dim goodCount As Long
              
              Dim pStatus As Long
              
    20        tcpAgentInitialiseWPcapEx = True
              
    30        goodCount = -1
              
    40        aCount = goodCount
              
    50        Const ETHERNET_LINK As Long = 1
              
    60        errorBuff = Space(8192)
              
    70        If tcpAgentGetNcapNames(Adapters) Then
                        
    80           aUpper = UBound(Adapters)
           
    90           For aIdx = 0 To aUpper
           
    100              writeAgentLog "INFORMATION - Found adapter " & StrConv(Adapters(aIdx), vbUnicode)
           
    110              hAdapt = caller.CallFunction_DLL("wpcap.dll", "pcap_open", STR_NONE, CR_LONG, CC_CDECL, StrPtr(Adapters(aIdx)), 60, 0, 1000, 0, StrPtr(errorBuff))
               
    120              If hAdapt = 0 Then
               
    130                 writeAgentLog "INFORMATION - Adapter " & StrConv(Adapters(aIdx), vbUnicode) & " CANNOT be opened for capture"
               
    140                 Adapters(aIdx) = ""
                  
    150              Else
               
    160                 linkType = caller.CallFunction_DLL("wpcap.dll", "pcap_datalink", STR_NONE, CR_LONG, CC_CDECL, hAdapt)
                  
    170                 If linkType <> ETHERNET_LINK Then
              
    180                    writeAgentLog "INFORMATION - Adapter " & StrConv(Adapters(aIdx), vbUnicode) & " is not an ethernet device. Closing adapter and exiting. Type is " & linkType
                 
    190                    Adapters(aIdx) = ""
                     
    200                 Else
                        
    210                    writeAgentLog "INFORMATION - Adapter " & StrConv(Adapters(aIdx), vbUnicode) & " CAN be opened for capture"
                           
    220                    tcpAgentInitialiseWPcapEx = True
                           
    230                    goodCount = goodCount + 1
                           
    240                 End If
                  
    250                 pStatus = caller.CallFunction_DLL("wpcap.dll", "pcap_close", STR_NONE, CR_LONG, CC_CDECL, hAdapt)
                 
    260             End If
    
    270          Next aIdx
              
    280       End If
              
    290       If goodCount <> -1 Then
              
    300          ReDim goodAdapters(goodCount)
                 
    310          For aIdx = 0 To aUpper
                 
    320              If Adapters(aIdx) <> "" Then
                        
    330                 aCount = aCount + 1
                        
    340                 goodAdapters(aCount) = Adapters(aIdx)
                                                     
    350                 If Not tcpAgentStartTcpThread(goodAdapters(aCount)) Then
    
    360                    writeAgentLog "ERROR - Failed to create a TCP thread. Agent stopping"
                                 
    370                    tcpAgentInitialiseWPcapEx = False
                           
    380                    Exit For
                           
    390                 End If
                        
    400                 If Not tcpAgentStartDnsIcmpThread(goodAdapters(aCount)) Then
    
    410                    writeAgentLog "ERROR - Failed to create DNS/Icmp thread. Agent stopping"
                           
    420                    tcpAgentInitialiseWPcapEx = False
    
    430                    Exit For
                           
    440                 End If
    
    450              End If
                     
    460          Next aIdx
                 
    470       Else
              
    480          tcpAgentInitialiseWPcapEx = False
                 
    490       End If
                     
    500       'heapSetLFHeap
              
    510       Exit Function
              
    errorHandler:
    
    520       errorDisplay Err.description, "tcpAgentInitialiseWPcapEx", Erl
        
    530       tcpAgentInitialiseWPcapEx = False
        
    540       Resume endofitall
    
    endofitall:
    End Function
    
    Public Function tcpAgentSetBpfFilter(caller As Object, hAdapt As Long, bpfFilter As String, snapLen As Long) As Boolean
    10        On Error GoTo errorHandler
        
    20        tcpAgentSetBpfFilter = False
              
              Dim bpf_string As String
              
              Dim status As Long
              
              Dim bpf_program As bpf_program_type
                
              Dim bpf_isn As bpf_insn_type
              
              Dim bpf_program_ptr As Long
            
    30        bpf_program.bpf_insn = VarPtr(bpf_isn)
              
    40        bpf_program_ptr = VarPtr(bpf_program.bpf_len)
              
    50        bpf_string = StrConv(bpfFilter, vbFromUnicode)
                   
    60        status = caller.CallFunction_DLL("wpcap.dll", "pcap_compile_nopcap", STR_NONE, CR_LONG, CC_CDECL, snapLen, 1, bpf_program_ptr, StrPtr(bpf_string), 1, 0&)
                              
    70        If status < 0 Then
                 
    80           writeAgentLog "ERROR - pcap_compile_nopcap fails. Last dll error is " & Err.lastDllError
                 
    90           Exit Function
                 
    100       End If
               
    110       status = caller.CallFunction_DLL("wpcap.dll", "pcap_setfilter", STR_NONE, CR_LONG, CC_CDECL, hAdapt, bpf_program_ptr)
    
    120       If status < 0 Then
               
    130          writeAgentLog "ERROR - pcap_setfilter fails. Last dll error is " & Err.lastDllError
               
    140          Exit Function
                  
    150       End If
               
    160       status = caller.CallFunction_DLL("wpcap.dll", "pcap_freecode", STR_NONE, CR_LONG, CC_CDECL, bpf_program_ptr)
               
    170       If status < 0 Then
               
    180          writeAgentLog "ERROR - pcap_freecode fails. Last dll error is " & Err.lastDllError
               
    190          Exit Function
                  
    200       End If
               
    210       status = caller.CallFunction_DLL("wpcap.dll", "pcap_setbuff", STR_NONE, CR_LONG, CC_CDECL, hAdapt, 2000000)
               
    220       If status < 0 Then
               
    230          writeAgentLog "ERROR - pcap_setbuff fails. Last dll error is " & Err.lastDllError
               
    240          Exit Function
                  
    250       End If
               
    260       status = caller.CallFunction_DLL("wpcap.dll", "pcap_setmintocopy", STR_NONE, CR_LONG, CC_CDECL, hAdapt, 60)
    
    270       If status < 0 Then
               
    280          writeAgentLog "ERROR - pcap_setmintocopy fails. Last dll error is " & Err.lastDllError
               
    290          Exit Function
                  
    300       End If
    
    310       tcpAgentSetBpfFilter = True
    
    320       Exit Function
        
    errorHandler:
    
    330       errorDisplay Err.description, "tcpAgentSetBpfFilter", Erl
        
    340       Resume endofitall
        
    endofitall:
    End Function
    Public Function winPcapStartCaptureTcp(device As String) As Long
    10        On Error GoTo errorHandler
              
              Dim caller As New OMATcpAgentUtilities.cUniversalDLLCalls
              
              Dim hAdapt As Long
              
              Dim errorBuff As String
              
              Dim pStatus As Long
              
              Dim farPtrPacketData As Long
        
              Dim farPtrPacketHeader As Long
              
              Dim farPktDataPointer As Long
        
              Dim farPktHeaderPointer As Long
              
              Dim packetHeader As packetHeaderType
              
              Dim bpfFilter As String
                        
              Dim peepCounter As Long
                        
              Dim pPacketData(8192) As Byte
              
              Dim inPacket As Boolean
                                  
              Dim snapLen As Integer
              
              Dim pcapTimeStamp As Double
                                  
              Dim thisThreadId As Long
              
              Dim secs As Long
              
              Dim lenTempStr2 As Long
                        
              Dim tempStr1 As String
                    
              Dim tempStr2 As String
              
              Dim ptrConUpDict As Long
              
              Dim ptrStatsSummary As Long
             
              Dim localConUp As Dictionary
              
              Dim localStatsSummary  As OMATcpAgentUtilities.cStatsSumaryClass
    
    20        ptrStatsSummary = ObjPtr(statsSummary)
              
    30        ptrConUpDict = ObjPtr(conUp)
                        
    40        Set localConUp = PtrObj(ptrConUpDict)
              
    50        vbaObjAddref localConUp
              
    60        Set localStatsSummary = PtrObj(ptrStatsSummary)
              
    70        vbaObjAddref localStatsSummary
              
    80        snapLen = 60
              
    90        thisThreadId = GetCurrentThreadId
              
              Const PCAP_OPENFLAG_MAXRESPONSIVENESS As Long = 16
              
              'Const PCAP_OPENFLAG_MAXRESPONSIVENESS As Long = 0
              
    100       farPtrPacketData = VarPtr(farPktDataPointer)
        
    110       farPtrPacketHeader = VarPtr(farPktHeaderPointer)
              
    120       errorBuff = Space(2048)
              
    130       hAdapt = caller.CallFunction_DLL("wpcap.dll", "pcap_open", STR_NONE, CR_LONG, CC_CDECL, StrPtr(device), snapLen, PCAP_OPENFLAG_MAXRESPONSIVENESS, 1000, 0, StrPtr(errorBuff))
                                                                                                        
    140       If hAdapt <> 0 Then
              
    150          InterlockedIncrement ptrHadaptersOpen
                 
    160       Else
              
    170          writeAgentLog "ERROR - Failed to open TCP adapter " & StrConv(device, vbUnicode) & " error is " & errorBuff & " thread will terminate"
                 
    180          Exit Function
                 
    190       End If
                                
    200       writeAgentLog "INFORMATION - TCP pcap opens adapter " & StrConv(device, vbUnicode) & " with handle " & hAdapt
    
    210       bpfFilter = "tcp and not icmp and not udp and !broadcast" ' and not port 445" 'and not port 3306"
                                  
    220       If Not tcpAgentSetBpfFilter(caller, hAdapt, bpfFilter, 50) Then
              
    230          writeAgentLog "ERROR - Error setting TCP adapter paramaters for interface " & StrConv(device, vbUnicode) & " Thread will terminate"
                 
    240          pStatus = caller.CallFunction_DLL("wpcap.dll", "pcap_close", STR_NONE, CR_LONG, CC_CDECL, hAdapt)
    
    250          InterlockedDecrement ptrHadaptersOpen
                 
    260          Exit Function
                 
    270       End If
                        
    280       DoEvents
    
    290       wPcapStopFlag = False
              
    300       pStatus = caller.CacheFunction_DLL("wpcap.dll", "pcap_next_ex", STR_NONE, CR_INTEGER, CC_CDECL, hAdapt, farPtrPacketHeader, farPtrPacketData)
    
    310       writeAgentLog "INFORMATION - Tcp thread allocated WinPCap library handle " & caller.getPcapHandle
    
    320       writeAgentLog "INFORMATION - TCP capture starts on interface " & StrConv(device, vbUnicode)
    
    330       Do Until wPcapStopFlag
              
    340          peepCounter = peepCounter + 1
                 
    350          If peepCounter = 10000 Then
                 
    360             If Not wPcapStopFlag Then
                    
    370                If Not eventNoEventsPending Then
                    
    380                   inPacket = lockPacketSection
                           
    390                   eventDoEvents
                 
    400                   inPacket = unlockPacketSection(inPacket)
                          
    410                   writeAgentLog "INFORMATION - Pumped tcp messages"
                          
    420                End If
                       
    430                peepCounter = 0
                       
    440             End If
                    
    450          End If
                           
    460          pStatus = caller.callCachedFunction
                                                     
    470          If pStatus = 1 Then
                    
    480             inPacket = lockPacketSection
                    
    490             CopyMemory packetHeader, farPktHeaderPointer, Len(packetHeader)
                        
    500             CopyMemory pPacketData(0), farPktDataPointer, packetHeader.capLen
                                    
    510             secs = packetHeader.timeStamp1 - 978307200
                                    
    520             tempStr1 = "000000"
                    
    530             tempStr2 = CStr(packetHeader.timeStamp2)
                                    
    540             lenTempStr2 = Len(tempStr2)
                    
    550             Mid$(tempStr1, (7 - lenTempStr2), lenTempStr2) = tempStr2
                                    
    560             pcapTimeStamp = (secs & DecimalSpecifier & tempStr1)
                    
    ' process your packet here however you want
                                    
    570             winPcap_OnPacket pPacketData, packetHeader.packetLength, pcapTimeStamp, thisThreadId, localConUp, localStatsSummary
                                                                                                                                                                              
    580             statsSummary.statsManagerCleanUpInThreadContext dictTalkTo
                                                                                                                                                                              
    590             inPacket = unlockPacketSection(inPacket)
                                                                                 
    600          Else
                 
    610             inPacket = lockPacketSection
                                    
    620             statsSummary.statsManagerCleanUpInThreadContext dictTalkTo
                                                                       
    630             inPacket = unlockPacketSection(inPacket)
                    
    640          End If
                                        
    650       Loop
              
    660       writeAgentLog "INFORMATION - Tcp(TcpCapture) thread receives stop command " & GetCurrentThreadId
              
    670       inPacket = lockPacketSection
                        
    680       statsSummary.statsManagerShutdownInThreadContext dictTalkTo, conUp
              
    690       inPacket = unlockPacketSection(inPacket)
                        
    700       pStatus = caller.CallFunction_DLL("wpcap.dll", "pcap_breakloop", STR_NONE, CR_LONG, CC_CDECL, hAdapt)
                        
    710       pStatus = caller.CallFunction_DLL("wpcap.dll", "pcap_setbuff", STR_NONE, CR_LONG, CC_CDECL, hAdapt, 0)
              
    720       pStatus = caller.CallFunction_DLL("wpcap.dll", "pcap_close", STR_NONE, CR_LONG, CC_CDECL, hAdapt)
                        
    730       InterlockedDecrement ptrHadaptersOpen
              
    740       writeAgentLog "INFORMATION - Tcp thread frees pCap handle " & caller.getPcapHandle
              
    750       caller.FreePcapHandle
              
    760       Set caller = Nothing
              
    770       Set localConUp = Nothing
              
    780       Set localStatsSummary = Nothing
              
    790       writeAgentLog "INFORMATION - Tcp thread closed adapter and terminates in thread " & GetCurrentThreadId
              
    800       Exit Function
              
    errorHandler:
    
    810       errorDisplay Err.description, "winPcapStartCaptureTcp", Erl
              
    820       If inPacket Then
              
    830          inPacket = unlockPacketSection(inPacket)
                 
    840       End If
              
    850       Resume endofitall
              
    endofitall:
    End Function
    Last edited by vbwins; Oct 25th, 2019 at 08:15 AM.

  18. #18
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    18,550

    Re: Calling winPcap from vb6

    When you get back, may want to wrap your previous reply in "code tags" so it is easier to follow?
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  19. #19

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Would like to do that. I am not sure how but I will figure it out.

  20. #20
    Sinecure devotee
    Join Date
    Aug 2013
    Location
    Southern Tier NY
    Posts
    5,622

    Re: Calling winPcap from vb6

    You can type in the tags manually, or you can click on the buttons above the reply window.

    The buttons are normally at the end of the row of buttons.
    One says "VB", but usually looks like "VE" because the B is clipped, and the other is the "#" button.

    If you select all the code, and then hit one of the buttons, it will add a beginning tag at the start of the selection, and an ending tag at the end.
    The "#" is the simplest, it just puts the code in a block as indented, and using a monospace typeface.
    The other tag, "VB", will prompt for "the option" for your tag, i.e. what programming language you want to be displayed perhaps.

    I usually just go with the simple [code] tag, i.e. the one inserted by the "#" button, but I just type
    [code]
    [/code]
    and then type or paste my code between the tags.

    The other tag is
    [HIGHLIGHT][/HIGHLIGHT] and if you enter something in the prompt, will start with [HIGHLIGHT=VB], if you entered VB.

    Of course, you can type the highlight tag in manually as well, but since it is longer, I usually don't use it for short code snippets. Perhaps with a longer code example, the color syntax highlighting may be of some aid.
    Last edited by passel; Oct 25th, 2019 at 07:58 AM.
    "Anyone can do any amount of work, provided it isn't the work he is supposed to be doing at that moment" Robert Benchley, 1930

  21. #21

    Thread Starter
    Lively Member
    Join Date
    Mar 2019
    Posts
    96

    Re: Calling winPcap from vb6

    Thanks. Got it and done it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width