使用纯 Win32 API 编程实现Winpcap 封包捕获的第一个例子
先上代码;
/*------------------------------------------------------------
win32, Winpcap, by bobo, 2018-09-09
------------------------------------------------------------*/
//#include <windows.h>
#include <pcap.h>
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM);
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
static TCHAR szAppName[] = TEXT ("HelloWin") ;
HWND hwnd ;
MSG msg ;
WNDCLASS wndclass ;
wndclass.style = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = WndProc ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = 0 ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ;
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ;
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = szAppName ;
if (!RegisterClass (&wndclass))
{
MessageBox (NULL, TEXT ("This program requires Windows NT!"),
szAppName, MB_ICONERROR) ;
return 0 ;
}
hwnd = CreateWindow (szAppName, // window class name
TEXT ("The Hello Winpcap"), // window caption
WS_OVERLAPPEDWINDOW, // window style
CW_USEDEFAULT, // initial x position
CW_USEDEFAULT, // initial y position
800, // initial x size
600, // initial y size
NULL, // parent window handle
NULL, // window menu handle
hInstance, // program instance handle
NULL) ; // creation parameters
ShowWindow (hwnd, iCmdShow) ;
UpdateWindow (hwnd) ;
while (GetMessage (&msg, NULL, 0, 0))
{
TranslateMessage (&msg) ;
DispatchMessage (&msg) ;
}
return msg.wParam ;
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HDC hdc ;
PAINTSTRUCT ps ;
RECT rect ;
DWORD err;
pcap_if_t * allAdapters;
pcap_if_t * adapter;
char errorBuffer[PCAP_ERRBUF_SIZE];
int crtAdapter = 0;
switch (message)
{
case WM_CREATE:
return 0 ;
case WM_PAINT:
hdc = BeginPaint (hwnd, &ps) ;
GetClientRect (hwnd, &rect) ;
if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL, &allAdapters, errorBuffer ) == -1 )
{
DrawText (hdc, TEXT (errorBuffer), -1, &rect,DT_SINGLELINE | DT_CENTER | DT_VCENTER) ;
return -1;
}
if( allAdapters == NULL )//不存在任何适配器
{
DrawText (hdc, TEXT ("No adapters found!"), -1, &rect,DT_SINGLELINE | DT_CENTER | DT_VCENTER) ;
return 0;
}
rect.top=5;
for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)//遍历输入适配器信息(名称和描述信息)
{
DrawText (hdc, TEXT (adapter->name), -1, &rect,DT_SINGLELINE | DT_CENTER) ;
rect.top+=30;
DrawText (hdc, TEXT (adapter->description), -1, &rect,DT_SINGLELINE | DT_CENTER) ;
rect.top+=30; // 每输出一行,Y坐标增加30
}
EndPaint (hwnd, &ps) ;
return 0 ;
case WM_DESTROY:
pcap_freealldevs( allAdapters); //释放适配器列表
PostQuitMessage (0) ;
return 0 ;
}
return DefWindowProc (hwnd, message, wParam, lParam) ;
}
代码是用Winpcap获取本机网卡列表;
开发环境是Win10;VC++ 6.0;
先要安装Winpcap的驱动和DLL;如果安装了Wireshark封包捕获工具,则Winpcap已经安装好;没有的话单独下载安装;
再下载Winpcap开发包,解压至某个目录;
编译程序要把Windows.h 注释掉;否则系统自带的Winsock2.h 和 Winpcap的头文件中定义的宏有冲突;一堆错误;
第一次运行,没有发现网卡;需要开启NPF服务;
获取到本机有8个网卡;
打开Wireshark软件看一下;Wireshark也获取到本机有8个网卡;其中包含一个VMWare虚拟机上的;
后面几个图是,添加包含文件路径,库文件路径,lib文件也要加到lib文件列表;
为了使用Winpcap的远程访问,必须在预处理器中加入HAVE_REMOTE;