![]() (And if it's not more costly, it's probably the best mode on 64-bit Windows, given that RDTSC isn't being used.)įurthermore, given that there's now a pcap_set_tstamp_type() in libpcap, having the time stamp type be per- pcap_t, rather than system-wide, might be useful. If a mode were supported in which KeQuerySystemTimePrecise() were used, at least on Windows 8 (and its server variant) and later, that would provide a mode that 1) gives high-resolution time stamps and 2) doesn't drift from the system clock, although it might be more costly than using KeQueryPerformanceCounter(). On Npcap - the mis-indentation of the #endif makes it less clear that modes 0 and 2 are still supported. If (g_TimestampMode = TIMESTAMPMODE_QUERYSYSTEMTIME) If (g_TimestampMode = TIMESTAMPMODE_RDTSC) It looks as if, on 64-bit Windows, the RDTSC version isn't supported.įrom a quick look at the Npcap driver, it seems to behave similarly, although the NT GET_TIME() code went from There also appears to be a setting of 1, the symbol for which in time_calls.h is TIMESTAMPMODE_SYNCHRONIZATION_ON_CPU_WITH_FIXUP, and a setting of 99, the symbol for which is TIMESTAMPMODE_SYNCHRONIZATION_ON_CPU_NO_FIXUP. 3 -> Timestamps generated through the i386 instruction RDTSC, less reliable on SMP/HyperThreading/SpeedStep machines, precision = some microseconds. ![]() 2 -> Timestamps generated through KeQuerySystemTime, more reliable on SMP/HyperThreading machines, precision = scheduling quantum (10/15 ms).0 (default) -> Timestamps generated through KeQueryPerformanceCounter, less reliable on SMP/HyperThreading machines, precision = some microseconds.WinPcap has, at least on 32-bit Windows, a registry parameter HKLM\System\CurrentControlSet\Services\NPF\TimestampMode that controls how time stamps are generated: Somebody complained about packet time stamps drifting from system time with WinPcap on Windows 10. Forkers johncrash icaas ahmatjan ser0ja cscomic viciss caidongyun rootkitsmm-zz gbloice komosa jqk6 jerrychuangsc zhulianhai kimkucheol aslitsecurity loveproe wilsonkor slanterns-fork bygreencn nkzxw miauwuffmiau dmiller-nmap iqbee milantgh caineqt senyor exploitprotocol jaonlin devenlu wuyouzi funny-fury chickenlove wandec wyrover yiqideren xyz12810 kufan m69w songbei6 awesome-security samyoyo johnjohnsp1 vaginessa hello-earth differs mmann78 hectonpdomingos hmsh00d linhua55 hkingz beyonddoor leepoi yang123vc r00drallec houcy fadetrack brucewu16899 techtonik jiuzhuaxiong kukuqiu5 triplekill hurenhe2008 wuxinzhixin 1991919 paintmagazine michaeloed edsionl ju0632 peterkuria2000 sbilly gityf mys1120778835 tamares ljx0305 nugroho-s cybershieldconsulting dulerweil sgeto zbx91 arm-tech chennqqi xubingyue gonbike jackbro mrgoodman2014 12345fish minkione lif123 my-dev-space duzhanyuan xqhero tonnyfeng rlugojr nultek programming-art rinetd leifusheng overtec a-j-albert yiqifeiyang npcap's Issues Can Npcap use KeQuerySystemTimePrecise() if running on Windows 8 or later?
0 Comments
Leave a Reply. |