SEHException

**padfoot** · February 12th, 2009, 05:21 PM

SEHException : External component has thrown an exception.

I'm getting the above exception in the following part of the code when I run the program.

Code:

            IntPtr fcode = IntPtr.Zero;
            bpf_program bpf = new bpf_program();
            fcode = Marshal.AllocHGlobal(Marshal.SizeOf(bpf));
            Marshal.StructureToPtr(bpf,fcode,false);
            string fter = "ip and tcp";
            if (wpcap_wrap.pcap_compile(ref adhandle, ref fcode, fter, 1, nmask) < 0)
            {
                Console.WriteLine("Unable to compile filter");
            }
            if (wpcap_wrap.pcap_setfilter(ref adhandle, ref fcode) < 0)
                Console.WriteLine("Error setting filter");
            Marshal.FreeHGlobal(fcode);

The exception occurs at this line

Code:

 if (wpcap_wrap.pcap_setfilter(ref adhandle, ref fcode) < 0)

I declared the method as follows

Code:

[DllImport("wpcap.dll")]
public static extern int pcap_setfilter(ref IntPtr p,ref IntPtr fp);

I'm trying to write an app that filters packets.
Any help would be greatly appreciated.

**Mutant_Fruit** · February 12th, 2009, 07:09 PM

Isn't the signature for that method:

Code:

int pcap_setfilter(pcap_t *, struct bpf_program *);

If so, you're P/Invoke is incorrect. It should be:

Code:

public static extern int pcap_setfilter(IntPtr p,IntPtr fp);

Alternatively, it may be possible to use something like this:

Code:

public struct pcap_t
{
    // contents should mirror the native struct
}

public struct bpf_program
{
    // this should match the native version too
}

// Your P/Invoke can look like this now
public static extern int pcap_setfilter(ref pcap_t p, ref bpf_program fp);

Though not everything can be rewritten 'nicely' like this. It depends on the method signature you're trying to wrap. Also if you write the code like this, you *cannot* store the pointer in native code. If you want to store a copy of the data in native code, you'll have to use the IntPtr method like you originally did.

**padfoot** · February 13th, 2009, 10:36 AM

The reason I put ref before the parameters is because otherwise I get an AccessViolationException.
I managed to get rid of the SEHException by changing the method declaration as

Code:

public static extern int pcap_setfilter(IntPtr p,ref IntPtr fp);

If I remove the ref for both, I get AccessViolation and when I put for both I get the SEH one.

The problem I now have is that the packets are not getting filtered. Nothing is getting captured.
However, when I give an empty string at the place of the filtering string, the program captures all the packets.

Any thoughts on what could be the problem?

**padfoot** · February 14th, 2009, 10:24 AM

One more thing:

When I pass a random string as argument, the method returns an error.

Thread: SEHException

Thread Tools

Display

SEHException

Re: SEHException

Re: SEHException

Re: SEHException

Bookmarks

Bookmarks

Posting Permissions