Initial code

tksh164 · Sep 8, 2018 · b5a0995 · b5a0995
1 parent 440c38c
commit b5a0995
Show file tree

Hide file tree

Showing 13 changed files with 1,065 additions and 0 deletions.
diff --git a/src/NdisEtl2Pcap.sln b/src/NdisEtl2Pcap.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.28010.2019
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NdisEtl2Pcap", "NdisEtl2Pcap\NdisEtl2Pcap.csproj", "{E62E0034-A80B-4604-B803-F9DA3FCA7C73}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NdisEtl2PcapLib", "NdisEtl2PcapLib\NdisEtl2PcapLib.csproj", "{1861E72D-E4B7-43DF-BCC0-49E3FDD40DA2}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{E62E0034-A80B-4604-B803-F9DA3FCA7C73}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E62E0034-A80B-4604-B803-F9DA3FCA7C73}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E62E0034-A80B-4604-B803-F9DA3FCA7C73}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E62E0034-A80B-4604-B803-F9DA3FCA7C73}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1861E72D-E4B7-43DF-BCC0-49E3FDD40DA2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1861E72D-E4B7-43DF-BCC0-49E3FDD40DA2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1861E72D-E4B7-43DF-BCC0-49E3FDD40DA2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1861E72D-E4B7-43DF-BCC0-49E3FDD40DA2}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {07C12DCE-39C9-45B8-9165-EE2D8181E54D}
+	EndGlobalSection
+EndGlobal
diff --git a/src/NdisEtl2Pcap/App.config b/src/NdisEtl2Pcap/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.1" />
+    </startup>
+</configuration>
diff --git a/src/NdisEtl2Pcap/ExceptionTrapper.cs b/src/NdisEtl2Pcap/ExceptionTrapper.cs
@@ -0,0 +1,56 @@
+using System;
+using System.Text;
+
+namespace NdisEtl2Pcap
+{
+    internal static class ExceptionTrapper
+    {
+        public static void UnhandledExceptionTrapper(object sender, UnhandledExceptionEventArgs e)
+        {
+            var ex = (Exception)e.ExceptionObject;
+            var exceptionInfoText = BuildExceptionInformationText(ex);
+            Console.Error.WriteLine("**** EXCEPTION ****");
+            Console.Error.WriteLine(exceptionInfoText);
+        }
+
+        public static string BuildExceptionInformationText(Exception exception)
+        {
+            var builder = new StringBuilder();
+
+            var ex = exception;
+            while (true)
+            {
+                builder.AppendLine(string.Format("{0}: {1}", ex.GetType().FullName, ex.Message));
+
+                // Special handling for each exception type.
+                switch (ex)
+                {
+                    case System.ComponentModel.Win32Exception win32Exception:
+                        builder.AppendLine(string.Format("NativeErrorCode: {0}", win32Exception.NativeErrorCode));
+                        builder.AppendLine(string.Format("ErrorCode: 0x{0:x8}", win32Exception.ErrorCode));
+                        builder.AppendLine(string.Format("HResult: 0x{0:x8}", win32Exception.HResult));
+                        break;
+                }
+
+                if (ex.Data.Count != 0)
+                {
+                    builder.AppendLine("Data:");
+                    foreach (string key in ex.Data.Keys)
+                    {
+                        builder.AppendLine(string.Format("   {0}: {1}", key, ex.Data[key]));
+                    }
+                }
+
+                builder.AppendLine("Stack Trace:");
+                builder.AppendLine(ex.StackTrace);
+
+                if (ex.InnerException == null) break;
+
+                ex = ex.InnerException;
+                builder.AppendLine(@"--- Inner exception is below ---");
+            }
+
+            return builder.ToString();
+        }
+    }
+}
diff --git a/src/NdisEtl2Pcap/NdisEtl2Pcap.csproj b/src/NdisEtl2Pcap/NdisEtl2Pcap.csproj
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{E62E0034-A80B-4604-B803-F9DA3FCA7C73}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>NdisEtl2Pcap</RootNamespace>
+    <AssemblyName>NdisEtl2Pcap</AssemblyName>
+    <TargetFrameworkVersion>v4.7.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="ExceptionTrapper.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\NdisEtl2PcapLib\NdisEtl2PcapLib.csproj">
+      <Project>{1861e72d-e4b7-43df-bcc0-49e3fdd40da2}</Project>
+      <Name>NdisEtl2PcapLib</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>
diff --git a/src/NdisEtl2Pcap/Program.cs b/src/NdisEtl2Pcap/Program.cs
@@ -0,0 +1,79 @@
+using System;
+using System.IO;
+using System.Diagnostics;
+using System.Reflection;
+using NdisEtl2PcapLib;
+using NdisEtl2PcapLib.Pcap;
+
+namespace NdisEtl2Pcap
+{
+    internal class Program
+    {
+        private static ResultSummary ResultSummary { get; set; }
+
+        static void Main(string[] args)
+        {
+            AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(ExceptionTrapper.UnhandledExceptionTrapper);
+
+            if (args.Length < 2)
+            {
+                PrintUsage();
+                return;
+            }
+            var etlFilePath = args[0];
+            var pcapFilePath = args[1];
+
+            ResultSummary = new ResultSummary();
+
+            var stopwatch = new Stopwatch();
+            stopwatch.Start();
+
+            var packets = LoadNdisRecords(etlFilePath);
+            PcapFile.WritePcapFile(pcapFilePath, packets);
+
+            stopwatch.Stop();
+            ResultSummary.Elapsed = stopwatch.Elapsed;
+
+            PrintResultSummary();
+        }
+
+        private static void PrintUsage()
+        {
+            var exeName = Path.GetFileName(Assembly.GetEntryAssembly().Location);
+            Console.WriteLine("Usage: {0} <Input ETL File Path> <Output PCAP File Path>", exeName);
+        }
+
+        private static NdisEventRecord[] LoadNdisRecords(string etlFilePath)
+        {
+            NdisEventRecord[] records;
+            using (var ndisEtlFile = NdisEtlFile.Load(etlFilePath))
+            {
+                records = ndisEtlFile.Records;
+
+                ResultSummary.TotalEventRecordCount = ndisEtlFile.TotalEventRecordCount;
+                ResultSummary.TotalNdisEventRecordCount = ndisEtlFile.TotalNdisEventRecordCount;
+                ResultSummary.OldestNdisEventRecordTimestamp = ndisEtlFile.OldestNdisEventRecordTimestamp;
+                ResultSummary.NewestNdisEventRecordTimestamp = ndisEtlFile.NewestNdisEventRecordTimestamp;
+            }
+            return records;
+        }
+
+        private static void PrintResultSummary()
+        {
+            Console.WriteLine("TotalEventRecordCount: {0}", ResultSummary.TotalEventRecordCount);
+            Console.WriteLine("TotalNdisEventRecordCount: {0}", ResultSummary.TotalNdisEventRecordCount);
+            Console.WriteLine("OldestNdisEventRecordTimestamp: {0}", ResultSummary.OldestNdisEventRecordTimestamp);
+            Console.WriteLine("NewestNdisEventRecordTimestamp: {0}", ResultSummary.NewestNdisEventRecordTimestamp);
+            Console.WriteLine("Elapsed: {0}", ResultSummary.Elapsed);
+        }
+    }
+
+    internal class ResultSummary
+    {
+        public long TotalEventRecordCount { get; set; }
+        public long TotalNdisEventRecordCount { get; set; }
+        public DateTime OldestNdisEventRecordTimestamp { get; set; }
+        public DateTime NewestNdisEventRecordTimestamp { get; set; }
+        public TimeSpan Elapsed { get; set; }
+    }
+}
diff --git a/src/NdisEtl2Pcap/Properties/AssemblyInfo.cs b/src/NdisEtl2Pcap/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("NdisEtl2Pcap")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("NdisEtl2Pcap")]
+[assembly: AssemblyCopyright("Copyright ©  2018")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("e62e0034-a80b-4604-b803-f9da3fca7c73")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]