This page contains API specification from Acrylic WiFi that allows reading WiFi packets in monitor mode on Windows.

You need to install Acrylic WiFi to use the traffic capture driver through your library capture. The following specifications, with the source code of the interface AcrylicWiFi.h, allow its integration into third-party software installed thanks to the library “TRLNDIS_Interface.dll” installed in the Libs folder on Acrylic WiFi.

tarlogic
[cpp]#ifndef __TLNDIS_INTERFACE_H__
#define __TLNDIS_INTERFACE_H__

#include "stdafx.h"

#include

#ifdef TLNDIS_INTERFACE_EXPORTS
#define TLEXPORT extern "C" __declspec(dllexport)
#else
#define TLEXPORT extern "C" __declspec(dllimport)
#endif

#define MAC_ADDR_LEN 6
#define MAX_PACKET_BUFFER_SIZE 8192

// Functions to interface with the driver.
// Functions that end with ByHandle need to be passed a HANDLE obtained from
// TLNDIS_GetDriverHandle()
// The handle can be closed with standard CloseHandle

TLEXPORT HANDLE TLNDIS_GetDriverHandle();

typedef struct {
TCHAR* friendlyName;
TCHAR* deviceID;
} ndisAttachedInterface;

// Use this to obtain a list of the interfaces attached, including the level in the ndis stack. Always choose the lowest level one (ends with -0000) if possible.
// The deviceID you choose is the one to include in any of the other calls as interfaceID.
// Free the list with TLNDIS_Helper_FreeNDISAttacherInterfaceList
TLEXPORT SHORT TLNDIS_GetAttachedInterfacesByHandle(HANDLE DeviceHandle, ndisAttachedInterface** outList);

TLEXPORT void TLNDIS_Helper_FreeNDISAttachedInterfaceList(ndisAttachedInterface* inList);

//////////////////////////////////////////
///////// Phys and channels //////////////
//////////////////////////////////////////

// As per msdn, "The operating system supports a maximum of 64 entries for the dot11PhyType array."
#define MAX_PHY_COUNT 64

#define INVALID_PHY_INDEX 0xff
#define INVALID_PHY_VALUE 0xffffffff
#define INVALID_CHANNEL 0xffffffff

// phy types are consistent with the enumeration on https://msdn.microsoft.com/en-us/library/windows/hardware/ff548741(v=vs.85).aspx
// For reference,

// dot11_phy_type_unknown = 0,
// dot11_phy_type_fhss = 1,
// dot11_phy_type_dsss = 2,
// dot11_phy_type_irbaseband = 3,
// dot11_phy_type_ofdm = 4, // dot11_phy_type_hrdsss = 5, // dot11_phy_type_erp = 6, // dot11_phy_type_ht = 7, // dot11_phy_type_vht = 8, rawDataBuffer) to access the data.
// Set context to the context received from TLNDIS_StartRawFilterCaptureByHandle and set radiotap to TRUE if you want radiotap header.
// If radiotap is FALSE or the context is NULL, the packet will be just a DOT11_EXTSTA_RECV_CONTEXT struct followed by a LONGLONG with the system time, then the frame data.
TLEXPORT BOOL TLNDIS_ReadRawPacketFromDriverByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, PUCHAR buffer, ULONG bufferSize, PVOID context, bool radiotap);

// Not much use, but nice.
TLEXPORT BOOL TLNDIS_GetMacAddressByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, UCHAR in_macbuffer[MAC_ADDR_LEN]);

// Data rates

#define MAX_DATARATE_COUNT 126

TLEXPORT LONG TLNDIS_GetDataRatesForCurrentPhyByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, TLNDIS_datarateEntry dataRateList[MAX_DATARATE_COUNT]);

// Operation modes.

TLEXPORT BOOL TLNDIS_GetCurrentOperationModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, ULONG* mode);
TLEXPORT BOOL TLNDIS_GetAutoPhyConfigEnabledByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, BOOL* enabled);

TLEXPORT BOOL TLNDIS_SetOperationModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, ULONG mode, BOOL enableAutoPhyConfig);

TLEXPORT BOOL TLNDIS_SetMonitorModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID);
TLEXPORT BOOL TLNDIS_SetExtensibleStationModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID);

TLEXPORT BOOL TLNDIS_GetFilterModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, ULONG* mode);
TLEXPORT BOOL TLNDIS_SetFilterModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID, ULONG mode);

TLEXPORT BOOL TLNDIS_SetNullFilterModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID);
TLEXPORT BOOL TLNDIS_SetRawFilterModeByHandle(HANDLE DeviceHandle, TCHAR* interfaceID);

#endif
[/cpp]

Acrylic WiFi driver and libraries separately distribution is not permitted, except through an official installer of Acrylic WiFi. Using of Acrylic WiFi functionalities in commercial software is prohibited, unless prior authorization from Tarlogic Security.