locked
ImportDLL wpcap RRS feed

  • Question

  • Helle guys,

    i would like to use function in winpcap. I try to import wpcap.dll but unfortunetely nothing append ....

    $MethodDefinition = @'
    
            [DllImport("wpcap.dll")]
            static extern IntPtr pcap_open(string source, int snaplen, int flags, int read_timeout, IntPtr auth, ref IntPtr errbuff);
    
    '@
    
    $wpcap = Add-Type -MemberDefinition $MethodDefinition -Name 'winpcap' -Namespace 'Win32' -PassThru

    Just got the following message :

    "WARNING: The generated type defines no public methods or properties"

    Have you got an issue ?

    Friday, July 20, 2018 1:45 AM

Answers

  • $code = @'
        [DllImport("wpcap.dll")]
        public static extern IntPtr pcap_open(string source, int snaplen, int flags, int read_timeout, IntPtr auth, ref IntPtr errbuff);
    '@
    
    Add-Type $code -Name winpcap -Namespace Win32
    PS D:\scripts> Add-Type $code -Name winpcap -Namespace Win32
    PS D:\scripts> [Win32.winpcap]::pcap_open
    
    OverloadDefinitions
    -------------------
    static System.IntPtr pcap_open(string source, int snaplen, int flags, int read_timeout, System.IntPtr auth, [ref] System.IntPtr errbuff)



    \_(ツ)_/

    • Marked as answer by Rostes Friday, July 20, 2018 3:29 AM
    Friday, July 20, 2018 2:08 AM

All replies

  • The warning is correct;.  You need to make the call "public".

    public static extern IntPtr pcap_open(string source, int snaplen, int flags, int read_timeout, IntPtr auth, ref IntPtr errbuff);


    \_(ツ)_/

    Friday, July 20, 2018 2:03 AM
  • $code = @'
        [DllImport("wpcap.dll")]
        public static extern IntPtr pcap_open(string source, int snaplen, int flags, int read_timeout, IntPtr auth, ref IntPtr errbuff);
    '@
    
    Add-Type $code -Name winpcap -Namespace Win32
    PS D:\scripts> Add-Type $code -Name winpcap -Namespace Win32
    PS D:\scripts> [Win32.winpcap]::pcap_open
    
    OverloadDefinitions
    -------------------
    static System.IntPtr pcap_open(string source, int snaplen, int flags, int read_timeout, System.IntPtr auth, [ref] System.IntPtr errbuff)



    \_(ツ)_/

    • Marked as answer by Rostes Friday, July 20, 2018 3:29 AM
    Friday, July 20, 2018 2:08 AM
  • You are so powerfull !

    Thx a lot

    Friday, July 20, 2018 3:30 AM
  • No.  Just old with an accumulation of stuff.


    \_(ツ)_/

    Friday, July 20, 2018 3:33 AM
  • Did you ever use winpcap with powershell ?

    Cause i'm reading winpcap documentation and some C script but i got some difficulties for translate and use function in PowerShell.

    For example for simply list network adapters i have to use the function pcap_findalldevs_ex but for the arguments in PowerShell i got some trouble...

    Friday, July 20, 2018 3:33 PM
  • I haven't used winpcap, but I've run tcpdump and parsed the output for switch and port info (cdp).

    • Edited by JS2010 Friday, July 20, 2018 5:35 PM
    Friday, July 20, 2018 5:34 PM
  • Nice, Have you got a git or some script ? That could help me for my script
    Friday, July 20, 2018 11:09 PM
  • Friday, July 20, 2018 11:55 PM
  • This is based on the Ldwin autoit script.  https://github.com/chall32/LDWin


    # Get-WmiObject -Class Win32_NetworkAdapter |
    # where { $_.speed -and $_.macaddress -and
    # $_.name -notmatch 'wireless|wi-fi|bluetooth|802\.11' }

    # index matches up
    # netconnectionstatus = 2 (connected)? what is 7 (media disconnected)?
    $adapter = Get-WmiObject win32_networkadapter |
    where { $_.netconnectionid -and $_.netconnectionstatus -eq 2 } |
    select netconnectionid,productname,macaddress,guid,index
    $guid = $adapter.guid

    # get-cimassociatedinstance?

    # $index = $adapter.index
    # get-wmiobject win32_networkadapterconfiguration | where index -eq $index |
    # select settingid,ipaddress,macaddress

    # Get-WmiObject win32_process | where name -match tcpdump | select commandline
    # -i \Device\{B95F9FFB-4A53-4EA5-956C-12455698E9B1}

    $
    result = tcpdump -i \Device\$guid -nn -v -s 1500 -c 1 '(ether[12:2]==0x88cc or ether[20:2]==0x2000)'
    $result > .\tcpdump.out

    $
    result | foreach {

    if
    ($_ -match 'Device-ID \(0x01\)') {
    $switchname = ($_ -split "'")[1]
    } elseif ($_ -match 'Port-ID \(0x03\)') {
    $switchport = ($_ -split "'")[1]
    } elseif ($_ -match 'VLAN ID \(0x0a\)') {
    $vlan = ($_ -split ':')[2].trim()
    } elseif ($_ -match 'port vlan id \(PVID\)') {
    $vlan = ($_ -split ':')[1].trim()
    } elseif ($_ -match 'System Name TLV \(5\)') {
    $switchname = ($_ -split ':')[1].trim()
    } elseif ($_ -match 'Subtype Interface Name \(5\)') {
    $switchport = ($_ -split ':')[1].trim()
    } elseif ($_ -match 'Port Description TLV \(4\)') {
    $switchport = ($_ -split ':')[1].trim()
    }
    }

    [
    pscustomobject]@{
    MacAddress = $adapter.macaddress
    SwitchPort = $switchport
    VLAN = $vlan
    SwitchName = $switchname
    }


    • Edited by JS2010 Monday, July 23, 2018 2:03 PM
    Saturday, July 21, 2018 1:11 PM