Jump to content

WinPCap - Packet.dll UDF


JRSmile
 Share

Recommended Posts

@JRSmile

Sorry, but there is not COM interface to the MS Network Monitor.

I was thinking that you guys where having a lot a trouble getting the WinPCap to work.

So why not use MS Network Monitor, which has a lot a features.

I just recently discovered it myself so I don't know if it fulfills your need.

Regards,

ptrex

no problem, tested it extremely :)

just notify me if you see something similar on the net.

on the other hand its a nice tool and i will use it for some problems i have ;)

regards,

J.

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
Link to comment
Share on other sites

well, I'll send him an email and see if he has anything additional that he can send that deals specifically with packet.dll.

Has your contact already replied maqleod ?

regards,

J.

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
Link to comment
Share on other sites

Hi,

I have used a very very complete wrapper for winpcap for making some of my penetration test tools.

Its written in c# and contains almost all the functions you will ever need. I dont know if it will help you, but you can download it at:

http://www.codeproject.com/cs/internet/sharppcap.asp

Lots of examples are included.

I have the latest zip myself so if youre not a member and dont want to become one, i can send it to you.

PS: It uses wpcap.dll (which uses packet.dll)

Edited by Creator
Link to comment
Share on other sites

Hi,

I have used a very very complete wrapper for winpcap for making some of my penetration test tools.

Its written in c# and contains almost all the functions you will ever need. I dont know if it will help you, but you can download it at:

http://www.codeproject.com/cs/internet/sharppcap.asp

Lots of examples are included.

I have the latest zip myself so if youre not a member and dont want to become one, i can send it to you.

PS: It uses wpcap.dll (which uses packet.dll)

according to my brother in law, this should be what you need to find the examples of the dll calls you are looking for (would have posted it sooner but I got sent out of town and had no internet access).

[u]You can download my projects at:[/u] Pulsar Software
Link to comment
Share on other sites

Hi folks, thanks for the replies.

i already had a look at the source of sharppcap bevore and fond it very interesting but confusing.

i for my self won't be able to extract the correct syntax but maybe a friend of mine can, will try to get him into the team.

not sure if the types can be generated with autoit the function requres.

so long,

JR. ( the guy with the headache)

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
Link to comment
Share on other sites

  • 1 month later...
  • 4 months later...

Hope this topic isn't too old... Would it be a bad idea to just do this as a plugin? I really don't think there is enough in DllCall to make this project any kind of easy.

About the SharpPCap thing. Err.. I couldn't find my way out of a C# program if I had directions, but I think everything that the program does to use packet.dll is piggy-backing off of "Tamir.IPLib.SharpPcap.dll" another dll in the source.

using Tamir.IPLib;
using Tamir.IPLib.Packets;
// ...
string ver = Tamir.IPLib.Version.GetVersionString();
Good for them, bad for us.

BOOLEAN PacketGetAdapterNames ( PTSTR pStr,

PULONG BufferSize

)

When you replace the macros it really says...

BYTE PacketGetAdapterNames ( PWSTR pStr, // or PSTR

PULONG BufferSize

)

... or something similar. So instead of

DllCall($packet_dll, "bool", "PacketGetAdapte...

we needed

DllCall($packet_dll, "byte", "PacketGetAdapte...

I have no clue how to handle whether the string is wide or not. I do know that the arguments are pointers... I'm guessing AutoIt or whatever linking is going on there is deciding which version of the PacketGetAdapterNames to call for wide and.. skinny strings 'cause AutoIt crashed both times for me.

Has anyone done anything with the plugin SDK? I really don't think you would be able to define a callback function in autoitscript anyway (if the dll uses callbacks like the pcap API).

Link to comment
Share on other sites

  • 4 months later...

This was something I was looking at too, as it was going to solve a problem I had, but what gets returned isn't in the right type for a DllCall if I remember right, and I dropped the whole question of doing WinPcap calls shortly thereafter.

Link to comment
Share on other sites

maybe one of the developers could help with this stuff, cause there would be a lot of possebilities like autoit native dhcp dns tftp server and such.

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
Link to comment
Share on other sites

  • 1 month later...

pushed this a bit to kindly ask someone with knowledge to help with this stuff.

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
Link to comment
Share on other sites

  • 4 months later...

Hello,

It seems to be possible to do it by direct calls to wpcap.dll (no need for extra COM dll). See example below.

Hope that helps. Will post a more complete example with packet capture someday if I find time for...

$dll=DllOpen ( @SystemDir & "\wpcap.dll" )

$return_value = DllCall($dll, "str:cdecl", "pcap_lib_version")
if (@error = 0) Then 
    $version=$return_value[0]
Else
    MsgBox(0,"","Error calling pcap_lib_version !" & @error)
    Exit
EndIf

$errbuf = DLLStructCreate("char[256]")
$ptr = DLLStructCreate("ptr")
$return_value = DllCall($dll, "int:cdecl", "pcap_findalldevs", "ptr", DllStructGetPtr($ptr), "str", DllStructGetPtr($errbuf))
if (@error = 0) Then 
        $next=DllStructGetData($ptr,1)
        $list=""
        while ($next<>0)
            $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags",$next)
            $name = DllStructCreate("char[256]",DllStructGetData($pcap_if,2))
            $desc = DllStructCreate("char[256]",DllStructGetData($pcap_if,3))
            $list&=DllStructGetData($name,1)&" - "&DllStructGetData($desc,1)&@CRLF
            $next=DllStructGetData($pcap_if,1)
        Wend
        MsgBox(0,$version,$list)
Else
    MsgBox(0,"","Error calling pcap_findalldevs !" & @error)
    Exit
EndIf

DllClose($dll)
Exit
Link to comment
Share on other sites

  • 2 weeks later...

I finaly got some time to produce a decent winpcap UDF (does not use packetx !).

You'll find it here: http://opensource.grisambre.net/pcapau3/

with some documentation and examples.

Anyfeed back welcome: opensource (at) grisambre (dot) net

guy this is by far the best thing ever happeded to autoit, i now can write my dhcp server.

thank you sooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

oooooo much.

*thumbsup*

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
Link to comment
Share on other sites

This is awesome but my script crashes when it trys to get a list of devices on Vista x64. My same program worked on XP though. Any reasons? Any idea how to fix? It goes through and can find 6 devices okay on my vista machine but on the 7th device it gives me a sweet windows your program has crashed screen.

EDIT!:

it seems to be this line:

$list[$i][0]=DllStructGetData(DllStructCreate("char[256]",DllStructGetData($pcap_if,2)),1)

that gives me an error on Vista in the _PcapGetDeviceList() function. If I comment it out I get a list of all my interfaces but with no IP info and flags.

I don't think it likes my ms tunnel interface driver

EDIT2:

weird it works when I compile the script but I still don't receive IP address information. Also is it possible to get info about the mac address?

EDIT3:

Got this to work on my vista machine finally. For whatever reason the script has to be compiled and I changed the winpcap include. This is what I changed/added.

Func _PcapGetDeviceList() ; returns 2D array with pcap devices (name;desc;addr netmask broadaddr dstaddr;flags) or -1 if error
    Local $alldevs=DLLStructCreate("ptr")
    Local $r=DllCall($Pcap_dll, "int:cdecl", "pcap_findalldevs_ex", "str", "rpcap://", "ptr", 0, "ptr", DllStructGetPtr($alldevs), "ptr", DllStructGetPtr($Pcap_errbuf))
    if (@error > 0) Then return -1
    if $r[0]=-1 Then return -1
    Local $next=DllStructGetData($alldevs,1)
    if ($next=0) Then return -1
    Local $list[2][4]
    $list[0][0] = 0
    Local $i=1;
    while ($next<>0)
        Local $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags",$next)
        $list[$i][0]=DllStructGetData(DllStructCreate("char[256]",DllStructGetData($pcap_if,2)),1)
        $list[$i][1]=DllStructGetData(DllStructCreate("char[256]",DllStructGetData($pcap_if,3)),1)
        $list[$i][1]=StringMid($list[$i][1], StringInStr($list[$i][1], "'", 0, 1) + 1)
        $list[$i][1]=StringMid($list[$i][1], 1, StringInStr($list[$i][1], "'", 0, 1) - 1)
        $aInfo = _GetNetConNames(_NetConsFolderObject(), StringMid($list[$i][0], StringInStr($list[$i][0], "{", 0, 1), StringInStr($list[$i][0], "}", 0, 1)))
        If $aInfo <> 0 Then 
            $list[$i][2] = $aInfo[0]
            $list[$i][3] = $aInfo[1]
        EndIf
        $next=DllStructGetData($pcap_if,1)
        $i+=1
        if $next<>0 Then Redim $list[$i+1][4]
    Wend
    $list[0][0] = UBound($list) - 1
    DllCall($Pcap_dll, "none:cdecl", "pcap_freealldevs", "ptr", DllStructGetData($alldevs,1))
    return $list
EndFunc

; Find the folder containing the network connection objects
; ==============================================================================================
Func _NetConsFolderObject()
    Local $wbemFlagReturnImmediately = 0x10
    Local $wbemFlagForwardOnly = 0x20
    Local $strComputer = "localhost"
    $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
    $colNetwork = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
    Return $colNetwork
EndFunc   ;==>_NetConsFolderObject

; Find the network connection objects
; ==============================================================================================
Func _GetNetConNames($colNetwork, $sGUID)
    Dim $aInfo[2]
    If IsObj($colNetwork) Then
        For $clsConn In $colNetwork
            If StringCompare($sGUID, String($clsConn.SettingID)) = 0 Then 
                $aInfo[0] = String($clsConn.IPAddress(0))
                $aInfo[1] = String($clsConn.MacAddress)
                Return $aInfo
            EndIf
        Next
    Else
        MsgBox(0, "WMI Output", "No WMI Objects Found for class: " & "Win32_NetworkAdapter")
    EndIf
    Return 0
EndFunc   ;==>GetNetworkNames

EDIT: I don't know what it is but this goes from working to not working. It will get a list of the adapters but sometimes it will find one that isn't there or something and when it performs the DLL call on my Vista machine to get the address or GUID of the device the program crashes. Any help would be great.

If I let my machine sit for a while and then run the program it will work but if I try to run it right after I just did it won't work. Am I not freeing the resources what could be causing this?

Edited by SoulA
Link to comment
Share on other sites

I see the problem. With DllStructCreate("char[256]",DllStructGetData($pcap_if,2)),1)

In fact, we are not sure of the string length the winpcap library is sending back. So [256] ight be too much or not enough;

Unfortunately, for a string, autoit3 needs to know the length to allocate. But I don't know what to allocate before I can read it !

I had the same problem for the packet read function _PcapGetPacket(), fortunately, winpcap was returning the length of the data, so I could allocate it properly with dllstructcreate:

Local $pkthdr=DllStructCreate ( "int s;int us;int caplen;int len",DllStructGetData($Pcap_ptrhdr,1))

Local $packet=DLLStructCreate("ubyte["&DllStructGetData($pkthdr,3)&"]",DllStructGetData($Pcap_ptrpkt,1))

I will try to fix it today and give feedback.

Nicolas

Link to comment
Share on other sites

To read a string with unknown length from a pointer, you could use those funcs:

; #INTERNAL# ====================================================================================================================
; Name...........: _PtrStringLen
; Description ...: Retrieves the lenth of a string in a PTR.
; Syntax.........: _PtrStringLen($ptr, $IsUniCode = False)
; Parameters ....:  -    $ptr                   -  Pointer to the string
;               -  [Optional] $IsUniCode  -  True = Unicode, False (Default) = ANSI
; Return values .: Success   -   Returns length of string ( can be 0 as well )
;                  Failure   -   Returns -1 and sets @ERROR
;                           @error will be set to 1
; Author ........: Prog@ndy
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........;
; Example .......;
; ===============================================================================================================================
Func _PtrStringLen($ptr, $IsUniCode = False)
    Local $UniCodeFunc = ""
    If $IsUniCode Then $UniCodeFunc = "W" 
    Local $BASS_ret_ = DllCall("kernel32.dll", "int", "lstrlen" & $UniCodeFunc, "ptr", $ptr)
    If @error Then Return SetError(1, 0, -1)
    Return $BASS_ret_[0]
EndFunc   ;==>_BASS_PtrStringLen

; #INTERNAL# ====================================================================================================================
; Name...........: _PtrStringRead
; Description ...: Reads a string from a pointer
; Syntax.........: _PtrStringRead($ptr, $IsUniCode = False, $StringLen = -1)
; Parameters ....:  -    $ptr        -  Pointer to the string
;               -  $IsUniCode  -  [Optional] True = Unicode, False (Default) = ANSI
;               -  $StringLen  -  [Optional] Length of the String
; Return values .: Success  -  Returns the read string (can be empty)
;                  Failure  -  Returns "" (empty String) and sets @ERROR
;                           @error will be set to 1
; Author ........: Prog@ndy
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........;
; Example .......;
; ===============================================================================================================================
Func _PtrStringRead($ptr, $IsUniCode = False, $StringLen = -1)
    Local $UniCodeString = ""
    If $IsUniCode Then $UniCodeString = "W" 
    If $StringLen < 1 Then $StringLen = _BASS_PtrStringLen($ptr, $IsUniCode)
    If $StringLen < 1 Then Return SetError(1, 0, "")
    Local $struct = DllStructCreate($UniCodeString & "char[" & ($StringLen + 1) & "]", $ptr)
    Return DllStructGetData($struct, 1)
EndFunc   ;==>_BASS_PtrStringRead

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...