capture network traffic on windows ce

When developing network applications, it's always necessary to capture network traffic. Windows ce has built-in sniffer tool, netlog for this purpose. It captures network traffics to a file that can be examined with wireshark or network monitor.
To enable it, we need to select NDIS Packet Capturing DLL and NDIS User-mode I/O Protocol Driver in visual studio, as shown below.

Then, we can capture network traffic with following commands.

1. set capture file lacation:

netlogctl file "\Storage Card\net"

2. start capture

netlogctl start

3. perform network activities
4. stop capture

netlogctl stop

5. copy \Storage Card\net.cap[i].cap to computer and open with wireshark



NetLogctl usage:
netlogctl start - start the loggging.
netlogctl load - start the loggging.
netlogctl stop - stops the loggging.
netlogctl unload - causes networking to unload the netlog component. (may destabilize system)
netlogctl pkt_size  XX - sets maximum packet size captured.
netlogctl cap_size  XX - sets maximum  size of half capture file.
netlogctl file  XXX - sets the name of the file to log.
netlogctl usb  XXX - 1 => log usb , 0 => stop logging usb.
netlogctl state  - print state.
netlogctl trace  - print trace message state for all modules.
netlogctl trace <module> - print trace message state for specified module.
netlogctl trace <module> <filter> - set trace message state for specified module.

why I prefer wireshark to network monitor

Personally, I prefer wireshark to network monitor for:

1. Wireshark runs on many platforms including windows, linux, mac os x, etc. I need to work both on linux and windows, and I'd like to keep my toolbox as compact as possible.
2. Wireshark uses a widely adopted syntax for capture filters and disply filters which dare I call them de facto. The same syntax is used in windump and tcpdump. I don't need to remember additional syntax even work in a GUI-less environment.
3. Filters in wireshark seems to be more powerful. For example, the filter "tcp.flags.syn==1" enables me to view tcp SYN messages only.  Based on my limited experience with network monitor, I'm not aware if it can filter at this granularity.

But network monitor has the advantage of being able to categorize network messages by processes. As shown in the image below:

It's a very convenient feature that helps me easily find out messages I'm interested in. Especially when I need to debug a process whose port numbers are picked at random or dynamically.

standalone windbg v6.12.0002.633

I read from Tomas's post that newer version windbg can't be downloaded from microsoft directly anymore. To get newer windbg, we have to download the huge 620 mb WDK iso and extract windbg installer from it manually. The newest windbg standalone installer is version 6.11.1.404, released on March 27, 2009.
I don't know if microsoft will listen to our customer's voice and release a standalone windbg. Before they will, for the convenience for developers like me, here is extracted windbg package:

windbg 6.12.0002.633 x86   http://rxwen-blog-stuff.googlecode.com/files/windbg_6.12.0002.633_x86.zip
md5sum:   abdad1a805f7d89d461b4569b216001d
sha1sum:  3715d726363524643a6df561bf9d27e7acb49307

windbg_6.12.0002.633_64_installer    http://rxwen-blog-stuff.googlecode.com/files/windbg_6.12.0002.633_64_installer.zip
md5sum:  62fc3d313081f96fea3f69c4d06700a1
sha1sum:  d79e6f40c08a95d5653c0eb0cc7d64c8bea8e391


A noticable change of this version is: ADPlus V7.0 is a total rewrite of ADPlus. ADPlus is now written in managed code which will allow us to add new features much easier. The old version is renamed to adplus_old.vbs. This page lists more changes of the new version.

Hope it helps.

Total Commander, what a weapon!

I've used freecommander for years. It greatly improves my efficiency. Unfortunately, for some unkonwn reasons, my freecommander configuration file get corrupted after my machine power down unexpectedly several days before. Rather than making these configurations from scrarch again, I decided to give Total Commander a shot.

After I tried TC, I found it's far more powerful. TC is fully customizable, I can define any shortcut key combinations for TC internal commands or external commands defined by me. In FC, only Ctrl+[Number] is allowed to be set as shortcut key for external commands.

The most promising feature for TC is its plugin system. There are so many wonderful plugins that make TC so powerful. With packer plugin, I don't need a stand alone zip/tar/bzip2 applicaitons. With some creative filesystem plugins, task manager, regedit, dependency walker are not necessary any more. By using plugins, I can perform a lot of totally different tasks in a consistent manner, just manipulate some (fake) files in TC. This is very similar to abstraction in linux, where everything can be examined and manipulated like normal files. Abstract thinking should always be a popular idea among programmers, so I'm totally fascinated by TC.

Suggestions for Total Commander

1. Add global shortcut key. It's more convient to active total commander application with global shortcut key than pressing ctrl+tab sereval times. Though this can be achieved with tools like autohotkey, it's better if TC natively support global shortcut.

2. Improvement on command line. In windows console and linux shell, we can use tab key to complete file/command name. It's fabulous if TC also support this feature.

change command prompt font

Having used consolas font for a period, I felt very comfortable with it. I've used it in putty, vim, visual studio. And I tried to use it in windows console (cmd.exe) by following scott's post, Using Consolas as the Windows Console Font. But consolas font didn't show in console's available font list. It seemed to have to do with my console code page setting, which is 936 chinese gbk. Consolas was shown after I changed the console's code page to 850 with chcp command. Thing was not perfect, I could not use chinese input method under this code page in console, and chinese characters are not displayed correctly.
As a matter of fact, there is another way to set consolas font for console through registry, which doesn't require us to change code page. Our preferences for default console are saved in HKCU\Console, including console's width, height and font. Subitems of this key save preperences for console with specified title. So we can modify the FaceName item to force a font get applied. As shown below.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Console]
"FaceName"="Consolas"

[HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe]
"FaceName"="Consolas"

Here is a snapshot of the font comparison:

BTW, consolas font is designed specifically for ClearType. It looks extremely poor if ClearType is not enabled. We can use ClearType Tuner PowerToy to fine tune ClearType under windows xp.

References:
Necessary criteria for fonts to be available in a command window
Give Your Eyes a Treat

Extensive usage of Make

Many guys have used make utility with makefile to compile source code. The official introduction of gnu make also introduces it as "Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files".
If we look inside how does make utility works, we'll find it can do much more than compiling code. It's so powerful to make our life much easier, and by our, i mean ordinary people, not just programmers.
The essential point is when combined with shell script, make can assist you doing a sequence of actions to perform automatically.

Typical scenario
Suppose we're writing a book "How to win lottery" which will surely be the best sell all around the world on amazon.com after it's available. Because everyone in different countries would like to have a copy of it, we also need to translate it into different languages.
And a generous, smart programmer provides us a super translation tool that is capable of translating all languages, at no cost.
The last thing is we need to share new chapters to our kind editor by placing documents at //ipaddress/book/(Sorry, I can't share the address with you since it's confidential). She will have some guys to proof reading them.

So, here is our typical working flow:
1. Write / update english version draft
2. Run the translation tool to generate a draft for a different language
3. Save the file according to its language
4. Upload the file to //ipaddress/book
5. Send a email to notify editor

A little bit boring, right ? We need to repeat this again and again when we have new chapter available or the editor asks us to correct errors. Can't we just focus on the writing the book itself ? We have two options, hire a guy to do steps two to five for us, or use make utility.

How to do?
We can define a makefile according to the steps above.

all: generateDraft translate upload sendMail

generateDraft:
draftGenerator.exe -o draft.pdf #this line generate a draft pdf file -o is the argument passed to draftGenerator

translate:
superTranslator.exe --lan $(lan) -o draft_$(lan).pdf #this line translate the draft to specified language and save it as a copy with language in filename

upload:
cp draft_$(lan).pdf //ipaddress/book

sendMail:
#send mail to editor

Then, each time after we update the draft, we can simply use "make lan=chinese"command to ask the compter do the rest for us.

The make utility is actually a parser that read the makefile and perform every actions defined there. So what we need to do is carefully design our makefile.

Summary
Well, to sum up, make utility if useful when we have:

1. A sequence of steps to perform
2. Frequent update

make will keep our working process consistent without forgetting to do several steps.

For example, we can define a make file to run all unit tests before comit new code to code respository.

References
Gnu make manual
Compile Apps Your Way With Custom Tasks For The Microsoft Build Engine