Mfc+winpcap writing a sniffer six (analysis module)

This section is the heart of the program and the most complex place

The first thing to understand is that generally for a program with an interface, often requires multi-threading. In this program, in addition to the interface thread, the capture needs to create another new thread. Before writing the packet capture function, the first two modules will be returned to the main dialog interface corresponding to the implementation of the class, in SnifferDlg.cpp, the modification of the two modules added before the trigger function is as follows:

1 void csnifferdlg::onadp () 2 {3     // TODO: Add Command handler code here 4     Cadpdlg Adpdlg; 5     if (Adpdlg. DoModal () = = IDOK)6    {7         m_pdevice = adpdlg.returnd (); 8     }9 }

1 voidCsnifferdlg::onfilter ()2 {3     //TODO: Add Command handler code here4 Cfilterdlg Filterdlg;5     if(Filterdlg. DoModal () = =IDOK)6     {7         intLen =widechartomultibyte (CP_ACP,0, Filterdlg. Getfiltername (),-1Null0, Null,null); 8WideCharToMultiByte (CP_ACP,0, Filterdlg. Getfiltername (),-1, m_filtername,len,null,null);9         Ten     } One}

The previous function is when the selection adapter window is opened, after the user selects the network card, the selected NIC is returned to the main interface of the class implementation; the latter function is to return the string of filtering rules to the class implementation of the main interface after opening the set filter rule. Perhaps you do not understand the second function of the two functions, this is a wide character conversion to a multi-character function, just need to understand the two parameters, the other copy and paste, the function is used. To get the return value of the first two modules, we can write the grab function, create a new thread, and grab the packet function code as follows:

1 DWORD WINAPI capturepacket (lpvoid lpparam)2 {3Csnifferdlg *pdlg = (CSNIFFERDLG *) Lpparam;4pcap_t *PCap;5     CharStrerrorbuf[pcap_errbuf_size];6     intRes;7     structPCAP_PKTHDR *Pkt_header;8     ConstU_char *Pkt_data;9 u_int netmask;Ten     structBpf_program FCode; One  A     if(Pcap=pcap_open_live (Pdlg->m_pdevice->name,65536, Pcap_openflag_promiscuous, +, strerrorbuf)) = =NULL) -     {         -         return-1; the     } -  -     if(Pdlg->m_pdevice->addresses! =NULL) -         /*get the mask for the first address of the interface*/ +Netmask= ((structsockaddr_in *) (Pdlg->m_pdevice->addresses->netmask))sin_addr. S_un. s_addr; -     Else +         /*if the interface does not have an address, then we assume that a class C mask*/ Anetmask=0xFFFFFF;  at         //Compiling Filters -         if(Pcap_compile (Pcap, &fcode,pdlg->m_filtername,1, netmask) <0 ) -         { -AfxMessageBox (_t ("Please set filter rules")); -             return-1; -         } in         //Set Filter -         if(Pcap_setfilter (Pcap, &fcode) <0) to             return-1; +  -      while(res = PCAP_NEXT_EX (pcap, &pkt_header, &pkt_data)) >=0) the     { *  $         if(res = =0)Panax Notoginseng             Continue; -         if(!pdlg->M_bflag) the              Break; +Csnifferdlg *pdlg = (Csnifferdlg *) AfxGetApp ()Getmainwnd (); APdlg->showpacketlist (pkt_header,pkt_data); thePdlg =NULL; +     } -  $ Pcap_close (pcap); $Pdlg =NULL; -     return 1;  -}

Explain two places, one is how to control the start to grab the packet and stop the clutch, here is a bool variable m_bflag, this variable initial value is False, when the click on the menu to start capturing the variable is true, click Stop Capture variable and turn false. Second, when a package is finished, the pointer is pointed to the handle of the main interface, and then the contents of the captured packet are displayed in the main interface.

In the main interface, there are three places that need to display the contents of the packet, one is the summary information of the packet, the Showpacketlist function is used, the other is the details of the packet is implemented by the Showpackettree function, and the third is the specific content and statistic information of the packet. These three parts are a lot of similar code, mainly related to the analysis of network protocols, the main use is to judge the sentence, put in the next section to talk about it.

Next section Mfc+winpcap writing a sniffer seven (protocol)

Mfc+winpcap writing a sniffer six (analysis module)