LAN Analyzer and Protocol Decoder - CommView

Prev Page Next Page
About CommView
What's New
Using the Program
Selecting Network Interface for Monitoring
Latest IP Connections
Viewing Logs
Advanced Rules
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Using Remote Agent
Capturing Loopback Traffic
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Call Logging
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Capturing High Volume Traffic
Working with Multiple Instances
Running CommView in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
Sales and Support

Custom Decoding

CommView allows you to use two types of your own custom decoders.

Simple Decoder

If you implement this type of decoder, the output of your decoder will be displayed in the additional column in the Packets tab. Your decoder must be a 32-bit DLL file named "Custom.dll" that exports the only procedure named "Decode". The prototype of this procedure is shown below in C and Pascal:

extern "C" {

 void __stdcall Decode(unsigned char *PacketData, int PacketLen, char *Buffer, int BufferLen);


procedure Decode (PacketData: PChar; PacketLen: integer; Buffer: PChar; BufferLen: integer); stdcall;

The DLL must be located in the CommView application folder. When you launch CommView, it looks for "Custom.dll" in the application folder and loads it into memory. If the "Decode" entry point is found, CommView adds a new column named "Custom" to the packet list.

When a new packet is captured and is about to be displayed, CommView calls the "Decode" procedure and passes the packet contents to the DLL. The "Decode" procedure must process the packet data and copy the result to the supplied buffer. The first argument is the pointer to the packet data, the second argument is the data length, the third argument is the pointer to the buffer where the results of your decoding must be copied to, and the forth argument is the buffer size (currently always 1024 bytes). The buffer is allocated and freed by CommView, so don't attempt to reallocate or free it. The result that you copied to the buffer will be displayed as a string in the "Custom" column.

Your procedure must be fast enough to handle thousands of packets per second; otherwise it may slow down the application. Don't forget to use the STDCALL calling convention.

Two demo DLLs are available. They demonstrate a very simple operation: The output of the "Decode" function is the hex code of the packet's last byte. Your own decoder can be as complex as you wish.

· http://www.tamos.com/products/commview/cust_decoder_c.zip. This is a Visual Studio project with C++ source code.
· http://www.tamos.com/products/commview/cust_decoder_d.zip. This is a Delphi project with Pascal source code.

Complex Decoder

If you implement this type of decoder, the output of your decoder will be displayed as additional items in the packet decoder tree. For information on the implementation of this decoder, please download the following file:


This type of decoder can be written in Microsoft Visual C++ only, as it is built using C++ classes.

Technical Support

Technical support for custom decoders is provided on the "best effort" basis. We may not be able to answer your programming-related questions.