Artifact Content

Artifact 3ddbc51628bd3769b770322056894616f37c8227:


#! /usr/bin/env tclsh

package require starkit
starkit::startup

lappend auto_path [file join $::starkit::topdir twapi]

package require twapi

# http://blogs.msdn.com/b/david.wang/archive/2006/03/26/howto-detect-process-bitness.aspx
if {[info exists ::env(PROCESSOR_ARCHITEW6432)]} {
	set arch $::env(PROCESSOR_ARCHITEW6432)
} else {
	if {[info exists ::env(PROCESSOR_ARCHITECTURE)]} {
		set arch $::env(PROCESSOR_ARCHITECTURE)
	} else {
		set arch "x86"
	}
}
switch -- [string tolower $arch] {
	"x86" {
		set bits "32"
	}
	default {
		set bits "64"
	}
}

# Determine temp directory
if {[info exists ::env(TEMP)]} {
	set tmpdir $::env(TEMP)
} elseif {[info exists ::env(TMPDIR)]} {
	set tmpdir $::env(TMPDIR)
} else {
	if {$tcl_platform(platform) == "windows"} {
		set tmpdir {C:/TEMP}
	} else {
		set tmpdir /tmp
	}
}
set tmpdir "C:/TEMP"

# Determine interface to lookup
set dest_parm_idx [lsearch -exact $argv "-i"]
if {$dest_parm_idx != -1} {
	incr dest_parm_idx

	set dest_chk [lindex $argv $dest_parm_idx]
	if {[string match "*.*.*.*" $dest_chk] || [string match "*:*:*" $dest_chk]} {
		set dest $dest_chk

		## Determine the index to specified destination
		set iface_idx 1
		catch {
			set iface_idx [::twapi::get_outgoing_interface $dest]
		}
		if {$iface_idx == ""} {
			set iface_idx 1
		}

		## Determine the NPF name for the adapter found above
		set iface_adapter [lindex [::twapi::get_netif_info $iface_idx -adaptername] 1]
		set iface_npf "\\Device\\NPF_${iface_adapter}"

		set argv [lreplace $argv $dest_parm_idx $dest_parm_idx $iface_npf]
	}
}

# Copy files neeed to temporary directory
for {set i 0} {$i < 20} {incr i} {
	append random_bin [format %c [expr {int(rand() * 256)}]]
}
binary scan $random_bin H* random

set srcdir [file join $::starkit::topdir files]
set dstdir [file join $tmpdir tcpdmp-$random]

file delete -force -- $dstdir

# Run tcpdump
set exit 1
set start_npf_service 0
set npf_failed 0
if {[catch {
	set filesdir [file join $dstdir files]

	exec cmd /c mkdir [file nativename $dstdir]
	exec cmd /c mkdir [file nativename $filesdir]

	file copy -- {*}[glob -directory $srcdir *] $filesdir

	## Delete extraneous service
	if {[::twapi::service_exists npf]} {
		if {![catch {
			::twapi::stop_service npf
		}]} {
			set start_npf_service 1
		}
	}

	catch {
		::twapi::stop_service npf_tcpdump
	}

	catch {
		::twapi::delete_service npf_tcpdump
	}

	## Install driver and start service
	if {[catch {
		set driver [file join $filesdir npf${bits}.sys]
		set driver [file nativename $driver]
		::twapi::create_service npf_tcpdump $driver -displayname "NPF for TCPDUMP (ignore)" -servicetype kernel_driver -starttype demand_start -errorcontrol ignore

puts [exec net start npf_tcpdump]
		::twapi::start_service npf_tcpdump
puts [exec net start npf_tcpdump]
	} npf_err]} {
		set npf_failed 1
	}

	after 5000

	## Launch tcpdump with the apropriate parameters
	#puts [list exec -- [file join $filesdir tcpdump.exe] {*}$argv]
	exec -- [file join $filesdir tcpdump.exe] {*}$argv >&@ stdout

	set exit 0
} err]} {
	if {$npf_failed} {
		puts "NPF Failed: $npf_err"
	}

	puts "Failed: $::errorInfo"

	set exit 1
}

# Debug
puts [exec net stop npf_tcpdump]
puts [exec net start npf_tcpdump]

# Cleanup
catch {
	::twapi::stop_service npf_tcpdump
}
catch {
	::twapi::delete_service npf_tcpdump
}

if {$start_npf_service} {
	catch {
		::twapi::start_service npf
	}
}

catch {
	file delete -force -- $dstdir
}

# Terminate
exit $exit