NotWinSock Microsoft's ICMP API

Table of Contents:


The standard Berkeley Sockets SOCK_RAW socket type, is normally used to create ping (echo request/reply), and sometimes traceroute applications (the original traceroute application from Van Jacobson used UDP, rather than ICMP). Microsoft's WinSock version 2 implementations for NT4 and Windows 95 support raw sockets and setsockopt(IP_TTL), but none of their WinSock version 1.1implementations (WFWG, NT3.x or standard Windows 95) did.

Microsoft has their own API for an ICMP.DLL that their ping and tracert applications use (which are both non-GUI text-based console applications). This is a proprietary API, and all function calls that involve network functions operate in blocking mode. They still include it with WinSock 2 implementations, and are documented for the Windows CE platform (though the DLL is not yet available).


See for documentation on the Microsoft ICMP APIs for Windows CE (NOTE: You may have to subscribe to access this premium website, but fortunately Microsoft does not charge for access). I have summarized the essentials in my header file in my sample ping application.

I first found the Microsoft ICMP API documented in the Win32 SDK in \MSTOOLS\ICMP, and then later on the MS Developers' Network CD-ROM, and most recently the Microsoft Visual C++ ICMP.LIB and ICMPAPI.H became available as part of the "Microsoft Platform SDK: Additional Components," which is downloadable from (NOTE: Microsoft rearranges their website frequently, in which case this URL may become invalid. If it does, please let me know. In the mean time, you can poke around the SDK developers' websites and maybe find what you need).

Microsoft used to disclaim this API about as strongly as possible. The README.TXT that once accompanied it said:


We have had requests in the past to expose the functions exported from icmp.dll. The files in this directory are provided for your convenience in building applications which make use of ICMPSendEcho(). Notice that the functions in icmp.dll are not considered part of the Win32 API and will not be supported in future releases. Once we have a more complete solution in the operating system, this DLL, and the functions it exports, will be dropped.


The ICMPSendEcho() function sends an ICMP echo request to the specified destination IP address and returns any replies received within the timeout specified. The API is synchronous, requiring the process to spawn a thread before calling the API to avoid blocking. An open IcmpHandle is required for the request to complete. IcmpCreateFile() and IcmpCloseHandle() functions are used to create and destroy the context handle.

Despite this frightening warning, seems Microsoft changed their mind. It doesn't look like the API going away any time soon, as it remains available in new platforms. Fortunately, we have an alternative with raw sockets and setsockopt(IP_TTL) support in WinSock 2 implementations.

Sample Application

I have written a console ping application that emulates the Microsoft ping program shipped with Windows 95 and NT. The source code module and header file are all you need. t loads the ICMP DLL explicitly).

With Microsoft Visual C++, you can compile and link by typing cl ms_icmp.c. To do this, you will need to enable the build environment in the console (the "DOS box") with the VCVARS32.BAT (located in the /bin directory, e.g. c:\msdev\bin or c:\Program Files\DevStudio\bin).


Updated 1/28/98 (c) Bob Quinn, 1995-1998

[Return to Home]