JRSmile Posted October 1, 2007 Author Share Posted October 1, 2007 @JRSmileSorry, but there is not COM interface to the MS Network Monitor.I was thinking that you guys where having a lot a trouble getting the WinPCap to work.So why not use MS Network Monitor, which has a lot a features.I just recently discovered it myself so I don't know if it fulfills your need.Regards,ptrexno problem, tested it extremely just notify me if you see something similar on the net.on the other hand its a nice tool and i will use it for some problems i have regards,J. $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
JRSmile Posted October 2, 2007 Author Share Posted October 2, 2007 well, I'll send him an email and see if he has anything additional that he can send that deals specifically with packet.dll.Has your contact already replied maqleod ?regards,J. $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
Creator Posted October 2, 2007 Share Posted October 2, 2007 (edited) Hi,I have used a very very complete wrapper for winpcap for making some of my penetration test tools.Its written in c# and contains almost all the functions you will ever need. I dont know if it will help you, but you can download it at:http://www.codeproject.com/cs/internet/sharppcap.aspLots of examples are included.I have the latest zip myself so if youre not a member and dont want to become one, i can send it to you.PS: It uses wpcap.dll (which uses packet.dll) Edited October 2, 2007 by Creator Link to comment Share on other sites More sharing options...
maqleod Posted October 3, 2007 Share Posted October 3, 2007 Hi,I have used a very very complete wrapper for winpcap for making some of my penetration test tools.Its written in c# and contains almost all the functions you will ever need. I dont know if it will help you, but you can download it at:http://www.codeproject.com/cs/internet/sharppcap.aspLots of examples are included.I have the latest zip myself so if youre not a member and dont want to become one, i can send it to you.PS: It uses wpcap.dll (which uses packet.dll)according to my brother in law, this should be what you need to find the examples of the dll calls you are looking for (would have posted it sooner but I got sent out of town and had no internet access). [u]You can download my projects at:[/u] Pulsar Software Link to comment Share on other sites More sharing options...
lordofthestrings Posted October 3, 2007 Share Posted October 3, 2007 nice one Magleod! I believe this can be real handy.. Link to comment Share on other sites More sharing options...
Creator Posted October 3, 2007 Share Posted October 3, 2007 nice one Magleod!I believe this can be real handy..Ur welcome ? Link to comment Share on other sites More sharing options...
JRSmile Posted October 3, 2007 Author Share Posted October 3, 2007 Hi folks, thanks for the replies. i already had a look at the source of sharppcap bevore and fond it very interesting but confusing. i for my self won't be able to extract the correct syntax but maybe a friend of mine can, will try to get him into the team. not sure if the types can be generated with autoit the function requres. so long, JR. ( the guy with the headache) $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
Bot Posted October 11, 2007 Share Posted October 11, 2007 AVector: []: Out of bounds. What does this error mean ? Link to comment Share on other sites More sharing options...
AzKay Posted November 21, 2007 Share Posted November 21, 2007 Did you figure out how to resend the packets to their connected socket yet? xD;; # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
gamerman2360 Posted April 20, 2008 Share Posted April 20, 2008 Hope this topic isn't too old... Would it be a bad idea to just do this as a plugin? I really don't think there is enough in DllCall to make this project any kind of easy. About the SharpPCap thing. Err.. I couldn't find my way out of a C# program if I had directions, but I think everything that the program does to use packet.dll is piggy-backing off of "Tamir.IPLib.SharpPcap.dll" another dll in the source. using Tamir.IPLib; using Tamir.IPLib.Packets; // ... string ver = Tamir.IPLib.Version.GetVersionString();Good for them, bad for us. BOOLEAN PacketGetAdapterNames ( PTSTR pStr, PULONG BufferSize ) When you replace the macros it really says... BYTE PacketGetAdapterNames ( PWSTR pStr, // or PSTR PULONG BufferSize ) ... or something similar. So instead of DllCall($packet_dll, "bool", "PacketGetAdapte... we needed DllCall($packet_dll, "byte", "PacketGetAdapte... I have no clue how to handle whether the string is wide or not. I do know that the arguments are pointers... I'm guessing AutoIt or whatever linking is going on there is deciding which version of the PacketGetAdapterNames to call for wide and.. skinny strings 'cause AutoIt crashed both times for me. Has anyone done anything with the plugin SDK? I really don't think you would be able to define a callback function in autoitscript anyway (if the dll uses callbacks like the pcap API). Link to comment Share on other sites More sharing options...
Yorn Posted September 18, 2008 Share Posted September 18, 2008 This was something I was looking at too, as it was going to solve a problem I had, but what gets returned isn't in the right type for a DllCall if I remember right, and I dropped the whole question of doing WinPcap calls shortly thereafter. Link to comment Share on other sites More sharing options...
JRSmile Posted September 21, 2008 Author Share Posted September 21, 2008 maybe one of the developers could help with this stuff, cause there would be a lot of possebilities like autoit native dhcp dns tftp server and such. $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
JRSmile Posted October 28, 2008 Author Share Posted October 28, 2008 pushed this a bit to kindly ask someone with knowledge to help with this stuff. $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
f1iqf Posted March 27, 2009 Share Posted March 27, 2009 Hello, It seems to be possible to do it by direct calls to wpcap.dll (no need for extra COM dll). See example below. Hope that helps. Will post a more complete example with packet capture someday if I find time for... $dll=DllOpen ( @SystemDir & "\wpcap.dll" ) $return_value = DllCall($dll, "str:cdecl", "pcap_lib_version") if (@error = 0) Then $version=$return_value[0] Else MsgBox(0,"","Error calling pcap_lib_version !" & @error) Exit EndIf $errbuf = DLLStructCreate("char[256]") $ptr = DLLStructCreate("ptr") $return_value = DllCall($dll, "int:cdecl", "pcap_findalldevs", "ptr", DllStructGetPtr($ptr), "str", DllStructGetPtr($errbuf)) if (@error = 0) Then $next=DllStructGetData($ptr,1) $list="" while ($next<>0) $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags",$next) $name = DllStructCreate("char[256]",DllStructGetData($pcap_if,2)) $desc = DllStructCreate("char[256]",DllStructGetData($pcap_if,3)) $list&=DllStructGetData($name,1)&" - "&DllStructGetData($desc,1)&@CRLF $next=DllStructGetData($pcap_if,1) Wend MsgBox(0,$version,$list) Else MsgBox(0,"","Error calling pcap_findalldevs !" & @error) Exit EndIf DllClose($dll) Exit Link to comment Share on other sites More sharing options...
f1iqf Posted April 8, 2009 Share Posted April 8, 2009 I finaly got some time to produce a decent winpcap UDF (does not use packetx !).You'll find it here: http://opensource.grisambre.net/pcapau3/with some documentation and examples.Anyfeed back welcome: opensource (at) grisambre (dot) net Link to comment Share on other sites More sharing options...
JRSmile Posted April 8, 2009 Author Share Posted April 8, 2009 I finaly got some time to produce a decent winpcap UDF (does not use packetx !).You'll find it here: http://opensource.grisambre.net/pcapau3/with some documentation and examples.Anyfeed back welcome: opensource (at) grisambre (dot) netguy this is by far the best thing ever happeded to autoit, i now can write my dhcp server.thank you sooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo much.*thumbsup* $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
SoulA Posted April 8, 2009 Share Posted April 8, 2009 (edited) This is awesome but my script crashes when it trys to get a list of devices on Vista x64. My same program worked on XP though. Any reasons? Any idea how to fix? It goes through and can find 6 devices okay on my vista machine but on the 7th device it gives me a sweet windows your program has crashed screen. EDIT!: it seems to be this line: $list[$i][0]=DllStructGetData(DllStructCreate("char[256]",DllStructGetData($pcap_if,2)),1) that gives me an error on Vista in the _PcapGetDeviceList() function. If I comment it out I get a list of all my interfaces but with no IP info and flags. I don't think it likes my ms tunnel interface driver EDIT2: weird it works when I compile the script but I still don't receive IP address information. Also is it possible to get info about the mac address? EDIT3: Got this to work on my vista machine finally. For whatever reason the script has to be compiled and I changed the winpcap include. This is what I changed/added. expandcollapse popupFunc _PcapGetDeviceList() ; returns 2D array with pcap devices (name;desc;addr netmask broadaddr dstaddr;flags) or -1 if error Local $alldevs=DLLStructCreate("ptr") Local $r=DllCall($Pcap_dll, "int:cdecl", "pcap_findalldevs_ex", "str", "rpcap://", "ptr", 0, "ptr", DllStructGetPtr($alldevs), "ptr", DllStructGetPtr($Pcap_errbuf)) if (@error > 0) Then return -1 if $r[0]=-1 Then return -1 Local $next=DllStructGetData($alldevs,1) if ($next=0) Then return -1 Local $list[2][4] $list[0][0] = 0 Local $i=1; while ($next<>0) Local $pcap_if = DllStructCreate("ptr next;ptr name;ptr desc;ptr addresses;uint flags",$next) $list[$i][0]=DllStructGetData(DllStructCreate("char[256]",DllStructGetData($pcap_if,2)),1) $list[$i][1]=DllStructGetData(DllStructCreate("char[256]",DllStructGetData($pcap_if,3)),1) $list[$i][1]=StringMid($list[$i][1], StringInStr($list[$i][1], "'", 0, 1) + 1) $list[$i][1]=StringMid($list[$i][1], 1, StringInStr($list[$i][1], "'", 0, 1) - 1) $aInfo = _GetNetConNames(_NetConsFolderObject(), StringMid($list[$i][0], StringInStr($list[$i][0], "{", 0, 1), StringInStr($list[$i][0], "}", 0, 1))) If $aInfo <> 0 Then $list[$i][2] = $aInfo[0] $list[$i][3] = $aInfo[1] EndIf $next=DllStructGetData($pcap_if,1) $i+=1 if $next<>0 Then Redim $list[$i+1][4] Wend $list[0][0] = UBound($list) - 1 DllCall($Pcap_dll, "none:cdecl", "pcap_freealldevs", "ptr", DllStructGetData($alldevs,1)) return $list EndFunc ; Find the folder containing the network connection objects ; ============================================================================================== Func _NetConsFolderObject() Local $wbemFlagReturnImmediately = 0x10 Local $wbemFlagForwardOnly = 0x20 Local $strComputer = "localhost" $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colNetwork = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) Return $colNetwork EndFunc ;==>_NetConsFolderObject ; Find the network connection objects ; ============================================================================================== Func _GetNetConNames($colNetwork, $sGUID) Dim $aInfo[2] If IsObj($colNetwork) Then For $clsConn In $colNetwork If StringCompare($sGUID, String($clsConn.SettingID)) = 0 Then $aInfo[0] = String($clsConn.IPAddress(0)) $aInfo[1] = String($clsConn.MacAddress) Return $aInfo EndIf Next Else MsgBox(0, "WMI Output", "No WMI Objects Found for class: " & "Win32_NetworkAdapter") EndIf Return 0 EndFunc ;==>GetNetworkNames EDIT: I don't know what it is but this goes from working to not working. It will get a list of the adapters but sometimes it will find one that isn't there or something and when it performs the DLL call on my Vista machine to get the address or GUID of the device the program crashes. Any help would be great. If I let my machine sit for a while and then run the program it will work but if I try to run it right after I just did it won't work. Am I not freeing the resources what could be causing this? Edited April 8, 2009 by SoulA Link to comment Share on other sites More sharing options...
f1iqf Posted April 9, 2009 Share Posted April 9, 2009 I see the problem. With DllStructCreate("char[256]",DllStructGetData($pcap_if,2)),1)In fact, we are not sure of the string length the winpcap library is sending back. So [256] ight be too much or not enough;Unfortunately, for a string, autoit3 needs to know the length to allocate. But I don't know what to allocate before I can read it !I had the same problem for the packet read function _PcapGetPacket(), fortunately, winpcap was returning the length of the data, so I could allocate it properly with dllstructcreate:Local $pkthdr=DllStructCreate ( "int s;int us;int caplen;int len",DllStructGetData($Pcap_ptrhdr,1))Local $packet=DLLStructCreate("ubyte["&DllStructGetData($pkthdr,3)&"]",DllStructGetData($Pcap_ptrpkt,1))I will try to fix it today and give feedback.Nicolas Link to comment Share on other sites More sharing options...
ProgAndy Posted April 9, 2009 Share Posted April 9, 2009 To read a string with unknown length from a pointer, you could use those funcs: expandcollapse popup; #INTERNAL# ==================================================================================================================== ; Name...........: _PtrStringLen ; Description ...: Retrieves the lenth of a string in a PTR. ; Syntax.........: _PtrStringLen($ptr, $IsUniCode = False) ; Parameters ....: - $ptr - Pointer to the string ; - [Optional] $IsUniCode - True = Unicode, False (Default) = ANSI ; Return values .: Success - Returns length of string ( can be 0 as well ) ; Failure - Returns -1 and sets @ERROR ; @error will be set to 1 ; Author ........: Prog@ndy ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; ; Example .......; ; =============================================================================================================================== Func _PtrStringLen($ptr, $IsUniCode = False) Local $UniCodeFunc = "" If $IsUniCode Then $UniCodeFunc = "W" Local $BASS_ret_ = DllCall("kernel32.dll", "int", "lstrlen" & $UniCodeFunc, "ptr", $ptr) If @error Then Return SetError(1, 0, -1) Return $BASS_ret_[0] EndFunc ;==>_BASS_PtrStringLen ; #INTERNAL# ==================================================================================================================== ; Name...........: _PtrStringRead ; Description ...: Reads a string from a pointer ; Syntax.........: _PtrStringRead($ptr, $IsUniCode = False, $StringLen = -1) ; Parameters ....: - $ptr - Pointer to the string ; - $IsUniCode - [Optional] True = Unicode, False (Default) = ANSI ; - $StringLen - [Optional] Length of the String ; Return values .: Success - Returns the read string (can be empty) ; Failure - Returns "" (empty String) and sets @ERROR ; @error will be set to 1 ; Author ........: Prog@ndy ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; ; Example .......; ; =============================================================================================================================== Func _PtrStringRead($ptr, $IsUniCode = False, $StringLen = -1) Local $UniCodeString = "" If $IsUniCode Then $UniCodeString = "W" If $StringLen < 1 Then $StringLen = _BASS_PtrStringLen($ptr, $IsUniCode) If $StringLen < 1 Then Return SetError(1, 0, "") Local $struct = DllStructCreate($UniCodeString & "char[" & ($StringLen + 1) & "]", $ptr) Return DllStructGetData($struct, 1) EndFunc ;==>_BASS_PtrStringRead *GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes Link to comment Share on other sites More sharing options...
Yorn Posted April 9, 2009 Share Posted April 9, 2009 Wow, yeah, words cannot express the level of awesome this is. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now