Home › Forums › Discussions › Support › Filter Table will not load
- This topic has 9 replies, 2 voices, and was last updated 10 years ago by couttsj.
-
AuthorPosts
-
November 2, 2014 at 1:24 am #5414
What should the total length of a STATIC_FILTER be?. I am upgrading to Version 3.2.3 from 3.0.7.1, and I have got everything working except the filter. SetPacketFilterTable returns zero.
J.A. Coutts
November 5, 2014 at 6:44 pm #7185Filter related structures were updated, but it should be enough to recompile your code with latest header files to fix any possible incompatibilities.
November 5, 2014 at 8:30 pm #7186I am using Visual Basic, so I have to convert C++ code. Knowing what the correct length is will make it easier for me to figure out if I have converted correctly.
J.A. Coutts
November 7, 2014 at 12:58 am #7187sizeof(STATIC_FILTER) = 181 bytes
November 8, 2014 at 5:04 am #7188Thanks SerpentFly. I had 184. Since all the other elements seemed to be adjusted on 4 byte boundaries, I assumed that TCPUDP_FILTER was as well. Unfortunately, after removing the 3 byte padding to get 181 bytes, the static filter will still not load. Here is what I have got.
Code:Public Type STATIC_FILTER
m_Adapter As ULARGE_INTEGER ‘(8)Adapter handle extended to 64 bit size for structure compatibility across x64 and x86
m_dwDirectionFlags As Long ‘(4)PACKET_FLAG_ON_SEND or/and PACKET_FLAG_ON_RECEIVE
m_FilterAction As Long ‘(4)FILTER_PACKET_XXX
m_ValidFields As Long ‘(4)Specifies which of the fileds below contain valid values and should be matched against the packet‘Statistics for the filter
m_LastReset As Long ‘(4)Time of the last counters reset (in seconds passed since 1 Jan 1980)
m_PacketsIn As ULARGE_INTEGER ‘(8)Incoming packets passed through this filter
m_BytesIn As ULARGE_INTEGER ‘(8)Incoming bytes passed through this filter
m_PacketsOut As ULARGE_INTEGER ‘(8)Outgoing packets passed through this filter
m_BytesOut As ULARGE_INTEGER ‘(8)Outgoing bytes passed through this filterm_DataLinkFilter As DATA_LINK_LAYER_FILTER ‘(24)
m_NetworkFilter As NETWORK_LAYER_FILTER ‘(84)
m_TransportFilter As TRANSPORT_LAYER_FILTER ‘(17)
End Type ‘(181)J.A. Coutts
November 12, 2014 at 4:25 pm #7189Do you use VB.NET for your project? I think I could create a CLS-compliant assembly wrapper for ndisapi.dll to resolve difficulties of this kind…
November 27, 2014 at 4:11 am #7190Sorry for the delay in responding, but I have trying to resolve cryptography issues on Win 8.1 with Microsoft.
I am using VB6. VB.net is not flexible enough for my purposes.
J.A. Coutts
December 1, 2014 at 7:30 pm #7191So I did a memory dump on the Filter Table and mapped it out:
Filter Table:
02 00 00 00 – Table Size
00 00 00 00 00 00 00 00 – m_Adapter
03 00 00 00 – m_dwDirectionFlags
03 00 00 00 – m_FilterAction
06 00 00 00 – m_ValidFields
00 00 00 00 – m_LastReset
00 00 00 00 00 00 00 00 – m_PacketsIn
00 00 00 00 00 00 00 00 – m_BytesIn
00 00 00 00 00 00 00 00 – m_PacketsOut
00 00 00 00 00 00 00 00 – m_BytesOut (56)
DATA_LINK_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
ETH_802_3_FILTER
00 00 00 00 – m_ValidFields
00 00 00 00 00 00 – m_SrcAddress
00 00 00 00 00 00 – m_DestAddress
00 00 – m_Protocol
00 00 – Padding (24)
NETWORK_LAYER_FILTER
01 00 00 00 – m_dwUnionSelector
IP_V4_FILTER
04 00 00 00 – m_ValidFields
00 00 00 00 00 00 00 00
00 00 00 00 – m_SrcAddress
00 00 00 00 00 00 00 00
00 00 00 00 – m_DestAddress
11 – m_Protocol
00 00 00 – Padding
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 – Padding (84)
TRANSPORT_LAYER_FILTER
01 00 00 00 – m_dwUnionSelector
TCPUDP_FILTER
02 00 00 00 – m_ValidFields
00 00 – m_StartRange
00 00 – m_EndRange
35 00 – m_StartRange
35 00 – m_EndRange
00 – m_TCPFlags (17)
** 00 00 00 – ? **
00 00 00 00 00 00 00 00 – m_Adapter
03 00 00 00 – m_dwDirectionFlags
01 00 00 00 – m_FilterAction
00 00 00 00 – m_ValidFields
00 00 00 00 – m_LastReset
00 00 00 00 00 00 00 00 – m_PacketsIn
00 00 00 00 00 00 00 00 – m_BytesIn
00 00 00 00 00 00 00 00 – m_PacketsOut
00 00 00 00 00 00 00 00 – m_BytesOut (56)
DATA_LINK_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
ETH_802_3_FILTER
00 00 00 00 – m_ValidFields
00 00 00 00 00 00 – m_SrcAddress
00 00 00 00 00 00 – m_DestAddress
00 00 – m_Protocol
00 00 – Padding (24)
NETWORK_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
IP_V4_FILTER
00 00 00 00 – m_ValidFields
00 00 00 00 00 00 00
00 00 00 00 – m_SrcAddress
00 00 00 00 00 00 00
00 00 00 00 – m_DestAddress
00 – m_Protocol
00 00 00 – Padding
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 – Padding (84)
TRANSPORT_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
TCPUDP_FILTER
00 00 00 00 – m_ValidFields
00 00 – m_StartRange
00 00 – m_EndRange
00 00 – m_StartRange
00 00 – m_EndRange
00 – m_TCPFlags (17)
00 00 00 – ?
00 00 00 00 00 00 00 00 – m_Adapter
00 00 00 00 – m_dwDirectionFlags
00 00 00 00 – m_FilterAction
00 00 00 00 – m_ValidFields
00 00 00 00 – m_LastReset
00 00 00 00 00 00 00 00 – m_PacketsIn
00 00 00 00 00 00 00 00 – m_BytesIn
00 00 00 00 00 00 00 00 – m_PacketsOut
00 00 00 00 00 00 00 00 – m_BytesOut (56)
DATA_LINK_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
ETH_802_3_FILTER
00 00 00 00 – m_ValidFields
00 00 00 00 00 00 – m_SrcAddress
00 00 00 00 00 00 – m_DestAddress
00 00 – m_Protocol
00 00 – Padding (24)
NETWORK_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
IP_V4_FILTER
00 00 00 00 – m_ValidFields
00 00 00 00 00 00 00 00
00 00 00 00 – m_SrcAddress
00 00 00 00 00 00 00 00
00 00 00 00 – m_DestAddress
00 – m_Protocol
00 00 00 – Padding
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 – Padding (84)
TRANSPORT_LAYER_FILTER
00 00 00 00 – m_dwUnionSelector
TCPUDP_FILTER
00 00 00 00 – m_ValidFields
00 00 – m_StartRange
00 00 – m_EndRange
00
Total Bytes (547)
The individual Static Filters each reported the correct length (181), and the table itself with space allocated for 3 Static Filters reported the correct length (547). But the second filter was installed on a word boundary leaving 3 extra bytes between the first and second static filters.Could this be causing the failure to install the filter table?
J.A. Coutts
December 7, 2014 at 9:31 pm #7192Now I am completely baffled. I transferred the program to Win 8.1, and the filter table loads just fine. Don’t know if it works yet, but at least it loads. The only difference between the 2 machines is that the Vista machine is a 32 bit OS and the Win 8.1 is 64 bit.
J.A. Coutts
December 7, 2014 at 9:55 pm #7193Problem solved. When I upgraded to 3.2.3, the helper file “ndisapi.dll” did not get upgraded.
J.A. Coutts
-
AuthorPosts
- You must be logged in to reply to this topic.