使用纯 Win32 API 编程实现Winpcap 封包捕获的第一个例子

先上代码；

/*------------------------------------------------------------win32, Winpcap, by bobo, -09-09------------------------------------------------------------*///#include <windows.h>#include <pcap.h>LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM);int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,PSTR szCmdLine, int iCmdShow){static TCHAR szAppName[] = TEXT ("HelloWin") ;HWND hwnd ;MSGmsg ;WNDCLASSwndclass ;wndclass.style = CS_HREDRAW | CS_VREDRAW ;wndclass.lpfnWndProc = WndProc ;wndclass.cbClsExtra = 0 ;wndclass.cbWndExtra = 0 ;wndclass.hInstance= hInstance ;wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ;wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ;wndclass.lpszMenuName = NULL ;wndclass.lpszClassName = szAppName ;if (!RegisterClass (&wndclass)){MessageBox (NULL, TEXT ("This program requires Windows NT!"), szAppName, MB_ICONERROR) ;return 0 ;}hwnd = CreateWindow (szAppName, // window class nameTEXT ("The Hello Winpcap"), // window captionWS_OVERLAPPEDWINDOW, // window styleCW_USEDEFAULT, // initial x positionCW_USEDEFAULT, // initial y position800, // initial x size600, // initial y sizeNULL, // parent window handleNULL, // window menu handlehInstance, // program instance handleNULL) ; // creation parametersShowWindow (hwnd, iCmdShow) ;UpdateWindow (hwnd) ;while (GetMessage (&msg, NULL, 0, 0)){TranslateMessage (&msg) ;DispatchMessage (&msg) ;}return msg.wParam ;}LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam){HDC hdc ;PAINTSTRUCT ps ;RECT rect ;DWORD err;pcap_if_t * allAdapters;pcap_if_t * adapter;char errorBuffer[PCAP_ERRBUF_SIZE];int crtAdapter = 0;switch (message){case WM_CREATE:return 0 ;case WM_PAINT:hdc = BeginPaint (hwnd, &ps) ;GetClientRect (hwnd, &rect) ;if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL, &allAdapters, errorBuffer ) == -1 ){DrawText (hdc, TEXT (errorBuffer), -1, &rect,DT_SINGLELINE | DT_CENTER | DT_VCENTER) ;return -1;}if( allAdapters == NULL )//不存在任何适配器{DrawText (hdc, TEXT ("No adapters found!"), -1, &rect,DT_SINGLELINE | DT_CENTER | DT_VCENTER) ;return 0;}rect.top=5;for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)//遍历输入适配器信息(名称和描述信息){DrawText (hdc, TEXT (adapter->name), -1, &rect,DT_SINGLELINE | DT_CENTER) ;rect.top+=30;DrawText (hdc, TEXT (adapter->description), -1, &rect,DT_SINGLELINE | DT_CENTER) ;rect.top+=30; // 每输出一行，Y坐标增加30}EndPaint (hwnd, &ps) ;return 0 ;case WM_DESTROY:pcap_freealldevs( allAdapters); //释放适配器列表PostQuitMessage (0) ;return 0 ;}return DefWindowProc (hwnd, message, wParam, lParam) ;}

代码是用Winpcap获取本机网卡列表；

开发环境是Win10；VC++ 6.0；

先要安装Winpcap的驱动和DLL；如果安装了Wireshark封包捕获工具，则Winpcap已经安装好；没有的话单独下载安装；

再下载Winpcap开发包，解压至某个目录；

编译程序要把Windows.h 注释掉；否则系统自带的Winsock2.h 和 Winpcap的头文件中定义的宏有冲突；一堆错误；

第一次运行，没有发现网卡；需要开启NPF服务；

获取到本机有8个网卡；

打开Wireshark软件看一下；Wireshark也获取到本机有8个网卡；其中包含一个VMWare虚拟机上的；

后面几个图是，添加包含文件路径，库文件路径，lib文件也要加到lib文件列表；

为了使用Winpcap的远程访问，必须在预处理器中加入HAVE_REMOTE；