8B57 1C MOV EDX,DWORD PTR DS: Case 3 of switch Tcpview.40B41BĠ040B428 |. Here is the description, you can reference to.īy the way, MSNT_TcpIpInformation have no information about packets, so tcpview just increment sent and revd packets everytime.Ġ040B41B |. I found, tcpview use a WMI performance counter MSNT_TcpIpInformation.īut MSNT_TcpIpInformation is not supported in xp and 2003 officially. I want to implement this function also, so I reverse tcpview 3.0.2. Before vista, RAW Socket can't retrieve SEND packets, it's a pity. Such as GetPerTcpConnectionEStats, GetPerUdpConnectionEStats, you can get more details from MSDN.Īlso, from vista, you can use RAW Socket to finish the same work(more precise I think). Certainly you have to define all these structures by yourself.įrom vista, win provides some APIs for retrieving every connections statistic information. However you can call and use it in xp(guess from reverse) and 2003(My environment is 2003, no test on xp). According to the document, these structures are only supported from vista. Then you can retrieve network activity data from EventCallback, then parse it as TcpIp_TypeGroup1 and other structures.
Use the KERNEL_LOGGER_NAME and enable EVENT_TRACE_FLAG_NETWORK_TCPIP flags. The key APIs are StartTrace, OpenTrace, ProcessTrace. Tcpview use ETW for monitoring network activity. All, I have basically fully reverse tcpview 3.0.2 and implement the same feature as its according to what I have learnt.
0 kommentar(er)
