1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
|
/* capture_win_ifnames.c
* Routines supporting the use of Windows friendly interface names within Wireshark
* Copyright 2011-2012, Mike Garratt <wireshark@evn.co.nz>
*
* $Id$
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "config.h"
#ifdef _WIN32
#include <winsock2.h>
#include <windows.h>
#include <iphlpapi.h>
#include <stdio.h>
#include <stdlib.h>
#include <wtap.h>
#include <libpcap.h>
#include <glib.h>
#include <ntddndis.h>
#ifndef NDIS_IF_MAX_STRING_SIZE
#define NDIS_IF_MAX_STRING_SIZE IF_MAX_STRING_SIZE /* =256 in <ifdef.h> */
#endif
#ifndef NETIO_STATUS
#define NETIO_STATUS DWORD
#endif
#include "log.h"
#include "capture_ifinfo.h"
#include "capture_win_ifnames.h"
#include "wsutil/file_util.h"
/**********************************************************************************/
gboolean IsWindowsVistaOrLater()
{
OSVERSIONINFO osvi;
SecureZeroMemory(&osvi, sizeof(OSVERSIONINFO));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
if(GetVersionEx(&osvi)){
return osvi.dwMajorVersion >= 6;
}
return FALSE;
}
/**********************************************************************************/
/* Get the Connection Name for the given GUID */
static char *
GetInterfaceFriendlyNameFromDeviceGuid(__in GUID *guid)
{
HMODULE hIPHlpApi;
HRESULT status;
WCHAR wName[NDIS_IF_MAX_STRING_SIZE + 1];
HRESULT hr;
gboolean fallbackToUnpublishedApi=TRUE;
gboolean haveInterfaceFriendlyName=FALSE;
int size;
char *name;
/* Load the ip helper api DLL */
hIPHlpApi = LoadLibrary(TEXT("iphlpapi.dll"));
if (hIPHlpApi == NULL) {
/* Load failed - DLL should always be available in XP+*/
return NULL;
}
/* Need to convert an Interface GUID to the interface friendly name (e.g. "Local Area Connection")
* The functions required to do this all reside within iphlpapi.dll
* - The preferred approach is to use published API functions (Available since Windows Vista)
* - We do however fallback to trying undocumented API if the published API is not available (Windows XP/2k3 scenario)
*/
if(IsWindowsVistaOrLater()){
/* Published API function prototypes (for Windows Vista/Windows Server 2008+) */
typedef NETIO_STATUS (WINAPI *ProcAddr_CIG2L) (__in CONST GUID *InterfaceGuid, __out PNET_LUID InterfaceLuid);
typedef NETIO_STATUS (WINAPI *ProcAddr_CIL2A) ( __in CONST NET_LUID *InterfaceLuid,__out_ecount(Length) PWSTR InterfaceAlias, __in SIZE_T Length);
/* Attempt to do the conversion using Published API functions */
ProcAddr_CIG2L proc_ConvertInterfaceGuidToLuid=(ProcAddr_CIG2L) GetProcAddress(hIPHlpApi, "ConvertInterfaceGuidToLuid");
if(proc_ConvertInterfaceGuidToLuid!=NULL){
ProcAddr_CIL2A Proc_ConvertInterfaceLuidToAlias=(ProcAddr_CIL2A) GetProcAddress(hIPHlpApi, "ConvertInterfaceLuidToAlias");
if(Proc_ConvertInterfaceLuidToAlias!=NULL){
/* we have our functions ready to go, attempt to convert interface guid->luid->friendlyname */
NET_LUID InterfaceLuid;
hr = proc_ConvertInterfaceGuidToLuid(guid, &InterfaceLuid);
if(hr==NO_ERROR){
/* guid->luid success */
hr = Proc_ConvertInterfaceLuidToAlias(&InterfaceLuid, wName, NDIS_IF_MAX_STRING_SIZE+1);
if(hr==NO_ERROR){
/* luid->friendly name success */
haveInterfaceFriendlyName=TRUE; /* success */
}else{
/* luid->friendly name failed */
fallbackToUnpublishedApi=FALSE;
}
}else{
fallbackToUnpublishedApi=FALSE;
}
}
}
}
if(fallbackToUnpublishedApi && !haveInterfaceFriendlyName){
/* Didn't manage to get the friendly name using published api functions
* (most likely cause wireshark is running on Windows XP/Server 2003)
* Retry using nhGetInterfaceNameFromGuid (an older unpublished API function) */
typedef HRESULT (WINAPI *ProcAddr_nhGINFG) (__in GUID *InterfaceGuid, __out PCWSTR InterfaceAlias, __inout DWORD *LengthAddress, wchar_t *a4, wchar_t *a5);
ProcAddr_nhGINFG Proc_nhGetInterfaceNameFromGuid = NULL;
Proc_nhGetInterfaceNameFromGuid = (ProcAddr_nhGINFG) GetProcAddress(hIPHlpApi, "NhGetInterfaceNameFromGuid");
if (Proc_nhGetInterfaceNameFromGuid!= NULL) {
wchar_t *p4=NULL, *p5=NULL;
DWORD NameSize;
/* testing of nhGetInterfaceNameFromGuid indicates the unpublished API function expects the 3rd parameter
* to be the available space in bytes (as compared to wchar's) available in the second parameter buffer
* to receive the friendly name (in unicode format) including the space for the nul termination.*/
NameSize = sizeof(wName);
/* do the guid->friendlyname lookup */
status = Proc_nhGetInterfaceNameFromGuid(guid, wName, &NameSize, p4, p5);
if(status==0){
haveInterfaceFriendlyName=TRUE; /* success */
}
}
}
/* we have finished with iphlpapi.dll - release it */
FreeLibrary(hIPHlpApi);
if(!haveInterfaceFriendlyName){
/* failed to get the friendly name, nothing further to do */
return NULL;
}
/* Get the required buffer size, and then convert the string */
size=WideCharToMultiByte(CP_UTF8, 0, wName, -1, NULL, 0, NULL, NULL);
name=(char *) g_malloc(size);
if (name == NULL){
return NULL;
}
size=WideCharToMultiByte(CP_UTF8, 0, wName, -1, name, size, NULL, NULL);
if(size==0){
/* bytes written == 0, indicating some form of error*/
g_free(name);
return NULL;
}
return name;
}
static int gethexdigit(const char *p)
{
if(*p >= '0' && *p <= '9'){
return *p - '0';
}else if(*p >= 'A' && *p <= 'F'){
return *p - 'A' + 0xA;
}else if(*p >= 'a' && *p <= 'f'){
return *p - 'a' + 0xa;
}else{
return -1; /* Not a hex digit */
}
}
static gboolean get8hexdigits(const char *p, DWORD *d)
{
int digit;
DWORD val;
int i;
val = 0;
for(i = 0; i < 8; i++){
digit = gethexdigit(p++);
if(digit == -1){
return FALSE; /* Not a hex digit */
}
val = (val << 4) | digit;
}
*d = val;
return TRUE;
}
static gboolean get4hexdigits(const char *p, WORD *w)
{
int digit;
WORD val;
int i;
val = 0;
for(i = 0; i < 4; i++){
digit = gethexdigit(p++);
if(digit == -1){
return FALSE; /* Not a hex digit */
}
val = (val << 4) | digit;
}
*w = val;
return TRUE;
}
/**********************************************************************************/
/* returns the interface friendly name for a device name, if it is unable to
* resolve the name, "" is returned */
char *
get_windows_interface_friendly_name(/* IN */ const char *interface_devicename)
{
const char* guid_text;
GUID guid;
int i;
int digit1, digit2;
/* ensure we can return a result */
if(interface_friendlyname==NULL){
return NULL;
}
/* start on the basis we know nothing */
interface_friendlyname=NULL;
/* Extract the guid text from the interface device name */
if(strncmp("\\Device\\NPF_", interface_devicename, 12)==0){
guid_text=interface_devicename+12; /* skip over the '\Device\NPF_' prefix, assume the rest is the guid text */
}else{
guid_text=interface_devicename;
}
/*
* If what follows is a GUID in {}, then convert it to a GUID structure
* and use that to look up the interface to get its friendly name.
*/
if(*guid_text != '{'){
return NULL; /* Nope, not enclosed in {} */
}
guid_text++;
/* There must be 8 hex digits; if so, they go into guid.Data1 */
if(!get8hexdigits(guid_text, &guid.Data1)){
return NULL; /* nope, not 8 hex digits */
}
guid_text += 8;
/* Now there must be a hyphen */
if(*guid_text != '-'){
return NULL; /* Nope */
}
guid_text++;
/* There must be 4 hex digits; if so, they go into guid.Data2 */
if(!get4hexdigits(guid_text, &guid.Data2)){
return NULL; /* nope, not 4 hex digits */
}
guid_text += 4;
/* Now there must be a hyphen */
if(*guid_text != '-'){
return NULL; /* Nope */
}
guid_text++;
/* There must be 4 hex digits; if so, they go into guid.Data3 */
if(!get4hexdigits(guid_text, &guid.Data3)){
return NULL; /* nope, not 4 hex digits */
}
guid_text += 4;
/* Now there must be a hyphen */
if(*guid_text != '-'){
return NULL; /* Nope */
}
guid_text++;
/*
* There must be 4 hex digits; if so, they go into the first 2 bytes
* of guid.Data4.
*/
for(i = 0; i < 2; i++){
digit1 = gethexdigit(guid_text);
if(digit1 == -1){
return NULL; /* Not a hex digit */
}
guid_text++;
digit2 = gethexdigit(guid_text);
if(digit2 == -1){
return NULL; /* Not a hex digit */
}
guid_text++;
guid.Data4[i] = (digit1 << 4)|(digit2);
}
/* Now there must be a hyphen */
if(*guid_text != '-'){
return NULL; /* Nope */
}
guid_text++;
/*
* There must be 12 hex digits; if so,t hey go into the next 6 bytes
* of guid.Data4.
*/
for(i = 0; i < 6; i++){
digit1 = gethexdigit(guid_text);
if(digit1 == -1){
return NULL; /* Not a hex digit */
}
guid_text++;
digit2 = gethexdigit(guid_text);
if(digit2 == -1){
return NULL; /* Not a hex digit */
}
guid_text++;
guid.Data4[i+2] = (digit1 << 4)|(digit2);
}
/* Now there must be a closing } */
if(*guid_text != '}'){
return NULL; /* Nope */
}
guid_text++;
/* And that must be the end of the string */
if(*guid_text != '\0'){
return NULL; /* Nope */
}
/* guid okay, get the interface friendly name associated with the guid */
return GetInterfaceFriendlyNameFromDeviceGuid(&guid);
}
/**************************************************************************************/
#endif
|
