-
Notifications
You must be signed in to change notification settings - Fork 0
/
capture_win_ifnames.c
371 lines (329 loc) · 11.7 KB
/
capture_win_ifnames.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
/* capture_win_ifnames.c
* Routines supporting the use of Windows friendly interface names within Wireshark
* Copyright 2011-2012, Mike Garratt <[email protected]>
*
* $Id$
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <[email protected]>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "config.h"
#ifdef _WIN32
#include <winsock2.h>
#include <windows.h>
#include <iphlpapi.h>
#include <stdio.h>
#include <stdlib.h>
#include <wtap.h>
#include <libpcap.h>
#include <glib.h>
#include <ntddndis.h>
#ifndef NDIS_IF_MAX_STRING_SIZE
#define NDIS_IF_MAX_STRING_SIZE IF_MAX_STRING_SIZE /* =256 in <ifdef.h> */
#endif
#ifndef NETIO_STATUS
#define NETIO_STATUS DWORD
#endif
#include "log.h"
#include "capture_ifinfo.h"
#include "capture_win_ifnames.h"
#include "wsutil/file_util.h"
static int gethexdigit(const char *p)
{
if(*p >= '0' && *p <= '9'){
return *p - '0';
}else if(*p >= 'A' && *p <= 'F'){
return *p - 'A' + 0xA;
}else if(*p >= 'a' && *p <= 'f'){
return *p - 'a' + 0xa;
}else{
return -1; /* Not a hex digit */
}
}
static gboolean get8hexdigits(const char *p, DWORD *d)
{
int digit;
DWORD val;
int i;
val = 0;
for(i = 0; i < 8; i++){
digit = gethexdigit(p++);
if(digit == -1){
return FALSE; /* Not a hex digit */
}
val = (val << 4) | digit;
}
*d = val;
return TRUE;
}
static gboolean get4hexdigits(const char *p, WORD *w)
{
int digit;
WORD val;
int i;
val = 0;
for(i = 0; i < 4; i++){
digit = gethexdigit(p++);
if(digit == -1){
return FALSE; /* Not a hex digit */
}
val = (val << 4) | digit;
}
*w = val;
return TRUE;
}
/*
* If a string is a GUID in {}, fill in a GUID structure with the GUID
* value and return TRUE; otherwise, if the string is not a valid GUID
* in {}, return FALSE.
*/
gboolean
parse_as_guid(const char *guid_text, GUID *guid)
{
int i;
int digit1, digit2;
if(*guid_text != '{'){
return FALSE; /* Nope, not enclosed in {} */
}
guid_text++;
/* There must be 8 hex digits; if so, they go into guid->Data1 */
if(!get8hexdigits(guid_text, &guid->Data1)){
return FALSE; /* nope, not 8 hex digits */
}
guid_text += 8;
/* Now there must be a hyphen */
if(*guid_text != '-'){
return FALSE; /* Nope */
}
guid_text++;
/* There must be 4 hex digits; if so, they go into guid->Data2 */
if(!get4hexdigits(guid_text, &guid->Data2)){
return FALSE; /* nope, not 4 hex digits */
}
guid_text += 4;
/* Now there must be a hyphen */
if(*guid_text != '-'){
return FALSE; /* Nope */
}
guid_text++;
/* There must be 4 hex digits; if so, they go into guid->Data3 */
if(!get4hexdigits(guid_text, &guid->Data3)){
return FALSE; /* nope, not 4 hex digits */
}
guid_text += 4;
/* Now there must be a hyphen */
if(*guid_text != '-'){
return FALSE; /* Nope */
}
guid_text++;
/*
* There must be 4 hex digits; if so, they go into the first 2 bytes
* of guid->Data4.
*/
for(i = 0; i < 2; i++){
digit1 = gethexdigit(guid_text);
if(digit1 == -1){
return FALSE; /* Not a hex digit */
}
guid_text++;
digit2 = gethexdigit(guid_text);
if(digit2 == -1){
return FALSE; /* Not a hex digit */
}
guid_text++;
guid->Data4[i] = (digit1 << 4)|(digit2);
}
/* Now there must be a hyphen */
if(*guid_text != '-'){
return FALSE; /* Nope */
}
guid_text++;
/*
* There must be 12 hex digits; if so,t hey go into the next 6 bytes
* of guid->Data4.
*/
for(i = 0; i < 6; i++){
digit1 = gethexdigit(guid_text);
if(digit1 == -1){
return FALSE; /* Not a hex digit */
}
guid_text++;
digit2 = gethexdigit(guid_text);
if(digit2 == -1){
return FALSE; /* Not a hex digit */
}
guid_text++;
guid->Data4[i+2] = (digit1 << 4)|(digit2);
}
/* Now there must be a closing } */
if(*guid_text != '}'){
return FALSE; /* Nope */
}
guid_text++;
/* And that must be the end of the string */
if(*guid_text != '\0'){
return FALSE; /* Nope */
}
return TRUE;
}
/**********************************************************************************/
gboolean IsWindowsVistaOrLater()
{
#if (_MSC_VER >= 1800)
/*
* On VS2103, GetVersionEx is deprecated. Microsoft recommend to
* use VerifyVersionInfo instead
*/
OSVERSIONINFOEX osvi;
DWORDLONG dwlConditionMask = 0;
int op = VER_GREATER_EQUAL;
SecureZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
osvi.dwMajorVersion = 6;
VER_SET_CONDITION(dwlConditionMask, VER_MAJORVERSION, op);
return VerifyVersionInfo(&osvi, VER_MAJORVERSION, dwlConditionMask);
#else
OSVERSIONINFO osvi;
SecureZeroMemory(&osvi, sizeof(OSVERSIONINFO));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
if(GetVersionEx(&osvi)){
return osvi.dwMajorVersion >= 6;
}
return FALSE;
#endif
}
/**********************************************************************************/
/* Get the friendly name for the given GUID */
char *
get_interface_friendly_name_from_device_guid(__in GUID *guid)
{
HMODULE hIPHlpApi;
HRESULT status;
WCHAR wName[NDIS_IF_MAX_STRING_SIZE + 1];
HRESULT hr;
gboolean fallbackToUnpublishedApi=TRUE;
gboolean haveInterfaceFriendlyName=FALSE;
int size;
char *name;
/* Load the ip helper api DLL */
hIPHlpApi = LoadLibrary(TEXT("iphlpapi.dll"));
if (hIPHlpApi == NULL) {
/* Load failed - DLL should always be available in XP+*/
return NULL;
}
/* Need to convert an Interface GUID to the interface friendly name (e.g. "Local Area Connection")
* The functions required to do this all reside within iphlpapi.dll
* - The preferred approach is to use published API functions (Available since Windows Vista)
* - We do however fallback to trying undocumented API if the published API is not available (Windows XP/2k3 scenario)
*/
if(IsWindowsVistaOrLater()){
/* Published API function prototypes (for Windows Vista/Windows Server 2008+) */
typedef NETIO_STATUS (WINAPI *ProcAddr_CIG2L) (__in CONST GUID *InterfaceGuid, __out PNET_LUID InterfaceLuid);
typedef NETIO_STATUS (WINAPI *ProcAddr_CIL2A) ( __in CONST NET_LUID *InterfaceLuid,__out_ecount(Length) PWSTR InterfaceAlias, __in SIZE_T Length);
/* Attempt to do the conversion using Published API functions */
ProcAddr_CIG2L proc_ConvertInterfaceGuidToLuid=(ProcAddr_CIG2L) GetProcAddress(hIPHlpApi, "ConvertInterfaceGuidToLuid");
if(proc_ConvertInterfaceGuidToLuid!=NULL){
ProcAddr_CIL2A Proc_ConvertInterfaceLuidToAlias=(ProcAddr_CIL2A) GetProcAddress(hIPHlpApi, "ConvertInterfaceLuidToAlias");
if(Proc_ConvertInterfaceLuidToAlias!=NULL){
/* we have our functions ready to go, attempt to convert interface guid->luid->friendlyname */
NET_LUID InterfaceLuid;
hr = proc_ConvertInterfaceGuidToLuid(guid, &InterfaceLuid);
if(hr==NO_ERROR){
/* guid->luid success */
hr = Proc_ConvertInterfaceLuidToAlias(&InterfaceLuid, wName, NDIS_IF_MAX_STRING_SIZE+1);
if(hr==NO_ERROR){
/* luid->friendly name success */
haveInterfaceFriendlyName=TRUE; /* success */
}else{
/* luid->friendly name failed */
fallbackToUnpublishedApi=FALSE;
}
}else{
fallbackToUnpublishedApi=FALSE;
}
}
}
}
if(fallbackToUnpublishedApi && !haveInterfaceFriendlyName){
/* Didn't manage to get the friendly name using published api functions
* (most likely cause wireshark is running on Windows XP/Server 2003)
* Retry using nhGetInterfaceNameFromGuid (an older unpublished API function) */
typedef HRESULT (WINAPI *ProcAddr_nhGINFG) (__in GUID *InterfaceGuid, __out PCWSTR InterfaceAlias, __inout DWORD *LengthAddress, wchar_t *a4, wchar_t *a5);
ProcAddr_nhGINFG Proc_nhGetInterfaceNameFromGuid = NULL;
Proc_nhGetInterfaceNameFromGuid = (ProcAddr_nhGINFG) GetProcAddress(hIPHlpApi, "NhGetInterfaceNameFromGuid");
if (Proc_nhGetInterfaceNameFromGuid!= NULL) {
wchar_t *p4=NULL, *p5=NULL;
DWORD NameSize;
/* testing of nhGetInterfaceNameFromGuid indicates the unpublished API function expects the 3rd parameter
* to be the available space in bytes (as compared to wchar's) available in the second parameter buffer
* to receive the friendly name (in unicode format) including the space for the nul termination.*/
NameSize = sizeof(wName);
/* do the guid->friendlyname lookup */
status = Proc_nhGetInterfaceNameFromGuid(guid, wName, &NameSize, p4, p5);
if(status==0){
haveInterfaceFriendlyName=TRUE; /* success */
}
}
}
/* we have finished with iphlpapi.dll - release it */
FreeLibrary(hIPHlpApi);
if(!haveInterfaceFriendlyName){
/* failed to get the friendly name, nothing further to do */
return NULL;
}
/* Get the required buffer size, and then convert the string
* from UTF-16 to UTF-8. */
size=WideCharToMultiByte(CP_UTF8, 0, wName, -1, NULL, 0, NULL, NULL);
name=(char *) g_malloc(size);
if (name == NULL){
return NULL;
}
size=WideCharToMultiByte(CP_UTF8, 0, wName, -1, name, size, NULL, NULL);
if(size==0){
/* bytes written == 0, indicating some form of error*/
g_free(name);
return NULL;
}
return name;
}
/*
* Given an interface name, try to extract the GUID from it and parse it.
* If that fails, return NULL; if that succeeds, attempt to get the
* friendly name for the interface in question. If that fails, return
* NULL, otherwise return the friendly name, allocated with g_malloc()
* (so that it must be freed with g_free()).
*/
char *
get_windows_interface_friendly_name(const char *interface_devicename)
{
const char* guid_text;
GUID guid;
/* Extract the guid text from the interface device name */
if(strncmp("\\Device\\NPF_", interface_devicename, 12)==0){
guid_text=interface_devicename+12; /* skip over the '\Device\NPF_' prefix, assume the rest is the guid text */
}else{
guid_text=interface_devicename;
}
if (!parse_as_guid(guid_text, &guid)){
return NULL; /* not a GUID, so no friendly name */
}
/* guid okay, get the interface friendly name associated with the guid */
return get_interface_friendly_name_from_device_guid(&guid);
}
/**************************************************************************************/
#endif