WinPCap in Visual Studio 2008

In my copious amount of free time I've been messing around with network analysis and security. I've always been generally interested in networking technology, but have never really had much practical exposure to it. Sometimes, however, it is nice to be able to analyze a network and see what kind of information is actually coming across the wire. In my last article I mentioned a tool called WireShark which is a free, open source network analyzer aka packet sniffer.

WireShark is a great tool and has its own set of extension points, but I wanted lower level access to the packets being captured. My understanding of the politics and genesis is lacking, but it seems like the WinPCap library is the Windows version of the libpcap packet capture library from the *NIX world. Naturally, WinPCap is coded in C and even though I have some background in it, the tool I am looking to develop requires a lot of UI work. Instead of stepping back into the land of MFC/Win32, I tried to locate a Managed version of WinPCap. The closest thing I could find was this Ancient Project on CodeProject.com. It hasn't been updated since 2003 and isn't a "fully" managed wrapper (also, the source code in the download is just to the example, not the wrapper).

I figured, "If this guy can do PInvoke, so can I". Thus, I downloaded the WinPCap developer pack and attempted to open the example solution in Visual Studio 2008. Visual Studio 2008 alerted me to the fact that I had to upgrade the project (which was actually a VS 6.0 .dsw file) and I happily agreed. The upgrade went smooth so I attempted to compile the solution, but received the following error:

"error C3163: '_vsnprintf': attributes inconsistent with previous declaration c:\program files\Microsoft visual studio 9.0\vc\include\stdio.h 358 savedump"

Crap. Apparently this is a common problem when compiling older C++ code with the Visual Studio 2008 C++ compiler. Now, I didn't find a solution for this on the net specific to WinPCap, but several forum posts across other projects lead me to the following solution.

First, find the pcap-stdinc.h file on your system. It should be located in: "...\WpdPack_4_0_2\WpdPack\Include"

Next, locate the following code near the bottom of your header:

#define snprintf _snprintf
#define vsnprintf _vsnprintf
#define inline __inline

The problem, as we can tell from the compiler error, is that the "#define vsnprintf _vsnprintf" causes some incompatibilities with what is already in stdio.h. Modify your code to the following and save the header:

#define snprintf _snprintf

#if !defined( __MINGW32__ )
# if _MSC_VER < 1500
    #define vsnprintf _vsnprintf
# endif
#endif

#define inline __inline

You should now be able to compile all the examples in the solution!

All that we've done is check the version of the compiler at compile time. If the version is prior to MSC++ 9.0 then we go ahead and do the #define. Otherwise, we don't do the #define and rely on what is in stdio.h.

This solution is general in nature, i.e. anything that defines _vsnprintf may exhibit this issue, but specific in the sense that the exact location of the code to modify will vary by project. In the case of WinPCap, everything is groovy at this point. Now I just need to learn everything I can about PInvoke : )

posted on Wednesday, January 30, 2008 10:52 AM

Feedback

# re: WinPCap in Visual Studio 2008 2/13/2008 5:57 PM Skot

Hi there.
I didn't have that problem but I was getting a failure in netioapi.h not being able to resolve NDIS_PHYSICAL_MEDIUM.

This only seems to be happening on VS2008 running on Vista and seems to be a compatibility problem between the utilised header file at "\program files\microsoft sdks\windows\v6.0a\include\netioapi.h" not being able to resolve NDIS_PHYSICAL_MEDIUM. Principally, this is because netioapi.h is including <ntddndis.h> and the VS2008 shipped version of this file does not have the definition for NDIS_PHYSICAL_MEDIUM.

I fixed this (short term) by amending "\program files\microsoft sdks\windows\v6.0a\include\netioapi.h" and changing;

#include <ntddndis.h>

to

#include "ntddndis.h"

This causes netioapi.h to read its local ntddndis.h file, rather than the VS2008 version.
This gets my code to compile but I'm going to keep a close eye on VS2008 patches as I'd want to be referring to the "master" asap.

Cheers
Scott

# re: WinPCap in Visual Studio 2008 2/16/2008 7:56 PM Blake

Thank you for this post!!!!
You really saved me some time here, now I can press on with my progie. Keep it up!

# re: WinPCap in Visual Studio 2008 2/28/2008 9:33 AM ZoliBoy

Thank you Skot very-very-very much!!! Thank's to you I don't need to go back to VS 6.0.

# re: WinPCap in Visual Studio 2008 3/26/2008 5:24 PM 97C5ENVY

Thanks Scott your tip helped me too.

# re: WinPCap in Visual Studio 2008 7/17/2008 8:28 AM l2noob

Thanks Skot. You're a lifesaver.

# re: WinPCap in Visual Studio 2008 9/29/2008 4:35 PM Joe

nice work. You should make a patch and send it to the Winpcap team. I'd do it myself but you should get credit :-).

# re: WinPCap in Visual Studio 2008 11/11/2008 8:01 AM isan

hello,please send me winpcap code with visual.

# re: WinPCap in Visual Studio 2008 3/2/2009 5:09 PM Takin

I worked around this by adding this line before including windows header files:

#define __IPHLPAPI_H__

This prevents inclusion of iphlpapi.h which includes the problematic ntddndis.h. This avoids having to mess around with library headers. Obviously, this solution won't work if you actually need iphpapi.h.

# re: WinPCap in Visual Studio 2008 4/24/2009 10:15 AM adnan

Hi,
thanks a lot, it really worked liek a charm. I was gettting crazy over this problem.

# re: WinPCap in Visual Studio 2008 9/28/2009 6:00 PM Nash

Thanks for the tips. I'm looking for a WinPcap coder who can deliver a desktop application and has experience with the library. do get in touch via my details at exceltasks ltd website.

# re: WinPCap in Visual Studio 2008 10/5/2009 5:20 PM pogo

thank a lot dude, you're really saved my life:)

.NET Nomad

News

Archives

Post Categories

Feedback