#include "wiretap/wtap.h"
#include "ws_symbol_export.h"
#include "wiretap/wtap_module.h"
#include <glib.h>
#include <stdlib.h>
#include <windows.h>
#include <winsock2.h>
#include <tdh.h>
#include <guiddef.h>
Go to the source code of this file.
|
| struct | SUPER_EVENT_TRACE_PROPERTIES |
| | Extends EVENT_TRACE_PROPERTIES with padding to accommodate the session and log file name strings that must follow it in memory. More...
|
| |
| struct | _PROVIDER_FILTER |
| | Specifies the ETW provider filter criteria used to select which events are collected from a provider. More...
|
| |
| struct | _SCENARIO |
| | Pairs a named capture scenario with the ETW provider filter that defines what is collected for that scenario. More...
|
| |
|
|
#define | LOGGER_NAME L"wireshark etwdump" |
| |
|
#define | SCENARIO_KEY L"Scenario-" |
| | Registry or lookup key prefix used to identify scenario entries by name.
|
| |
|
|
typedef struct _PROVIDER_FILTER | PROVIDER_FILTER |
| | Specifies the ETW provider filter criteria used to select which events are collected from a provider.
|
| |
|
typedef struct _SCENARIO | SCENARIO |
| | Pairs a named capture scenario with the ETW provider filter that defines what is collected for that scenario.
|
| |
|
| wtap_open_return_val | etw_dump (const char *etl_filename, const char *pcapng_filename, const char *params, int *err, char **err_info) |
| | Dumps ETL data to a PCAPNG file.
|
| |
| void | wtap_etl_add_interface (int pkt_encap, const char *interface_name, unsigned short interface_name_length, const char *interface_desc, unsigned short interface_desc_length) |
| | Adds a new interface to the ETL (Extcap) dump.
|
| |
| void | wtap_etl_rec_dump (char *etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char *comment, unsigned short comment_length) |
| | Dumps an ETL record as a Wireshark packet.
|
| |
|
|
const struct _SCENARIO | g_scenarios [] |
| | Global array of all registered capture scenarios; terminated by a sentinel entry.
|
| |
Copyright 2020, Odysseus Yang
Wireshark - Network traffic analyzer By Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg Copyright 1998 Gerald Combs
SPDX-License-Identifier: GPL-2.0-or-later
◆ etw_dump()
| wtap_open_return_val etw_dump |
( |
const char * |
etl_filename, |
|
|
const char * |
pcapng_filename, |
|
|
const char * |
params, |
|
|
int * |
err, |
|
|
char ** |
err_info |
|
) |
| |
|
extern |
Dumps ETL data to a PCAPNG file.
- Parameters
-
| etl_filename | The filename of the ETL input file. |
| pcapng_filename | The filename of the PCAPNG output file. |
| params | Additional parameters for the dump process. |
| err | Pointer to an integer that will receive an error code if an error occurs. |
| err_info | Pointer to a string that will receive an error message if an error occurs. |
- Returns
- wtap_open_return_val The result of the dump operation.
◆ wtap_etl_add_interface()
| void wtap_etl_add_interface |
( |
int |
pkt_encap, |
|
|
const char * |
interface_name, |
|
|
unsigned short |
interface_name_length, |
|
|
const char * |
interface_desc, |
|
|
unsigned short |
interface_desc_length |
|
) |
| |
|
extern |
Adds a new interface to the ETL (Extcap) dump.
This function is used to add a new interface to the ETL dump with the specified parameters.
- Parameters
-
| pkt_encap | The packet encapsulation type for the interface. |
| interface_name | The name of the interface. |
| interface_name_length | The length of the interface name. |
| interface_desc | A description of the interface. |
| interface_desc_length | The length of the interface description. |
◆ wtap_etl_rec_dump()
| void wtap_etl_rec_dump |
( |
char * |
etl_record, |
|
|
ULONG |
total_packet_length, |
|
|
ULONG |
original_packet_length, |
|
|
unsigned int |
interface_id, |
|
|
BOOLEAN |
is_inbound, |
|
|
ULARGE_INTEGER |
timestamp, |
|
|
int |
pkt_encap, |
|
|
char * |
comment, |
|
|
unsigned short |
comment_length |
|
) |
| |
|
extern |
Dumps an ETL record as a Wireshark packet.
- Parameters
-
| etl_record | Pointer to the ETL record data. |
| total_packet_length | Total length of the packet in bytes. |
| original_packet_length | Original length of the packet in bytes. |
| interface_id | Interface ID for the packet. |
| is_inbound | Boolean indicating if the packet is inbound. |
| timestamp | Timestamp of the packet. |
| pkt_encap | Packet encapsulation type. |
| comment | Optional comment associated with the packet. |
| comment_length | Length of the comment in bytes. |
1.9.8