GetAdaptersInfo

From aldeid
Jump to navigation Jump to search

Description

Used to obtain information about the network adapters on the system.

On Windows XP and later: Use the GetAdaptersAddresses function instead of GetAdaptersInfo.

Note
Backdoors sometimes call GetAdaptersInfo as part of a survey to gather information about infected machines. In some cases, it's used to gather MAC addresses to check for VMware as part of anti-virtual machine techniques.

Syntax

DWORD GetAdaptersInfo(
  _Out_   PIP_ADAPTER_INFO pAdapterInfo,
  _Inout_ PULONG           pOutBufLen
);

Parameters

pAdapterInfo [out]
A pointer to a buffer that receives a linked list of IP_ADAPTER_INFO structures.
pOutBufLen [in, out]
A pointer to a ULONG variable that specifies the size of the buffer pointed to by the pAdapterInfo parameter. If this size is insufficient to hold the adapter information, GetAdaptersInfo fills in this variable with the required size, and returns an error code of ERROR_BUFFER_OVERFLOW.

Return value

If the function succeeds, the return value is ERROR_SUCCESS (defined to the same value as NO_ERROR).

If the function fails, the return value is one of the following error codes.

Return code Description
ERROR_BUFFER_OVERFLOW
0x6F 		The buffer to receive the adapter information is too small. This value is returned if the buffer size indicated by the pOutBufLen parameter is too small to hold the adapter information or the pAdapterInfo parameter was a NULL pointer. When this error code is returned, the pOutBufLen parameter points to the required buffer size.
ERROR_INVALID_DATA Invalid adapter information was retrieved.
ERROR_INVALID_PARAMETER One of the parameters is invalid. This error is returned if the pOutBufLen parameter is a NULL pointer, or the calling process does not have read/write access to the memory pointed to by pOutBufLen or the calling process does not have write access to the memory pointed to by the pAdapterInfo parameter.
ERROR_NO_DATA No adapter information exists for the local computer.
ERROR_NOT_SUPPORTED The GetAdaptersInfo function is not supported by the operating system running on the local computer.
(Other) If the function fails, use FormatMessage to obtain the message string for the returned error.
Retrieved from "https://www.aldeid.com/w/index.php?title=GetAdaptersInfo&oldid=28836"