[讨论]只适用于XP的端口-进程关联程序

holybody 发表于 2004-6-15 17:23:00

只适用于XP的端口-进程关联程序

前段时间以及再前一段时间大家都在搞这个端口-进程关联。呵呵，我搞了这个来玩玩。 在WINXP中已经提供了进程和端口关联的，用netstat -noa就知道了。改进了嘛，这样的话，来写这个关联就太简单了， 所以只能是玩玩而已，为世界杯热热身。 用到几个未公开的API，然后模拟出netstat -noa命令。其实在2000里面也提供了这样的 AllocateAndGetTcpTableFromStack，不过这个东西没有个进程关联，所以，XP就是pAllocateAndGetTcpExTableFromStack， 有了EX就是扩展了。 很简单，不多说了。 //////////////////////////////////////////////////////////////////////////////// // // Port <-> Process (Netstat -noa) // // File : RFPortXP.cpp // Comment : Only For XP // // Create at : 2002.5.31 // Create by : Refdom // Email : refdom@263.net // Home Page : www.opengram.com // // If you modify the code, or add more functions, please email me a copy. // //////////////////////////////////////////////////////////////////////////////// #include <stdio.h> #include <windows.h> #include <iprtrmib.h> #include <tlhelp32.h> #include <iphlpapi.h> #pragma comment(lib, "ws2_32.lib") // Maximum string lengths for ASCII ip address and port names // #define HOSTNAMELEN 256 #define PORTNAMELEN 256 #define ADDRESSLEN HOSTNAMELEN+PORTNAMELEN // // Our option flags // #define FLAG_ALL_ENDPOINTS 1 #define FLAG_SHOW_NUMBERS 2 // // Undocumented extended information structures available // only on XP and higher // typedef struct tagMIB_TCPEXROW{ DWORD dwState; // state of the connection DWORD dwLocalAddr; // address on local computer DWORD dwLocalPort; // port number on local computer DWORD dwRemoteAddr; // address on remote computer DWORD dwRemotePort; // port number on remote computer DWORD dwProcessId; } MIB_TCPEXROW, *PMIB_TCPEXROW; typedef struct tagMIB_TCPEXTABLE{ DWORD dwNumEntries; MIB_TCPEXROW table; } MIB_TCPEXTABLE, *PMIB_TCPEXTABLE; typedef struct tagMIB_UDPEXROW{ DWORD dwLocalAddr; // address on local computer DWORD dwLocalPort; // port number on local computer DWORD dwProcessId; } MIB_UDPEXROW, *PMIB_UDPEXROW; typedef struct tagMIB_UDPEXTABLE{ DWORD dwNumEntries; MIB_UDPEXROW table; } MIB_UDPEXTABLE, *PMIB_UDPEXTABLE; typedef DWORD (WINAPI *PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK)( PMIB_TCPEXTABLE *pTcpTable, // buffer for the connection table BOOL bOrder, // sort the table? HANDLE heap, DWORD zero, DWORD flags ); typedef DWORD (WINAPI *PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK)( PMIB_UDPEXTABLE *pUdpTable, // buffer for the connection table BOOL bOrder, // sort the table? HANDLE heap, DWORD zero, DWORD flags ); typedef HANDLE (WINAPI *PCREATE_TOOL_HELP32_SNAPSHOT)( DWORD dwFlags, DWORD th32ProcessID );

holybody 发表于 2004-6-15 17:24:00

接上

typedef BOOL (WINAPI *PPROCESS32_FIRST)( HANDLE hSnapshot, LPPROCESSENTRY32 lppe ); typedef BOOL (WINAPI *PPROCESS32_NEXT)( HANDLE hSnapshot, LPPROCESSENTRY32 lppe ); static PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK pAllocateAndGetTcpExTableFromStack = NULL; static PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK pAllocateAndGetUdpExTableFromStack = NULL; static PCREATE_TOOL_HELP32_SNAPSHOT pCreateToolhelp32Snapshot = NULL; static PPROCESS32_FIRST pProcess32First = NULL; static PPROCESS32_NEXT pProcess32Next = NULL; // // Possible TCP endpoint states // static char TcpState[] = { "???", "CLOSED", "LISTENING", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "FIN_WAIT1", "FIN_WAIT2", "CLOSE_WAIT", "CLOSING", "LAST_ACK", "TIME_WAIT", "DELETE_TCB" }; /////////////////////////////////////////////////////////// PCHAR GetPort(unsigned int port, char* pPort) { sprintf(pPort, "%d", htons( (WORD) port)); return pPort; } PCHAR GetIp(unsigned int ipaddr, char* pIP) { unsigned int nipaddr; nipaddr = htonl(ipaddr); sprintf(pIP, "%d.%d.%d.%d", (nipaddr >> 24) & 0xFF, (nipaddr >> 16) & 0xFF, (nipaddr >> 8) & 0xFF, (nipaddr) & 0xFF); return pIP; } PCHAR ProcessPidToName( HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName) { PROCESSENTRY32 processEntry; strcpy( ProcessName, "???" ); if( !pProcess32First( hProcessSnap, &processEntry )) { return ProcessName; } do { if( processEntry.th32ProcessID == ProcessId ) { strcpy( ProcessName, processEntry.szExeFile ); return ProcessName; } } while( pProcess32Next( hProcessSnap, &processEntry )); return ProcessName; } BOOL LoadAPI() { pAllocateAndGetTcpExTableFromStack = (PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK) GetProcAddress( LoadLibrary( "iphlpapi.dll"), "AllocateAndGetTcpExTableFromStack" ); if( !pAllocateAndGetTcpExTableFromStack ) return FALSE; pAllocateAndGetUdpExTableFromStack = (PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK) GetProcAddress( LoadLibrary( "iphlpapi.dll"), "AllocateAndGetUdpExTableFromStack" ); if( !pAllocateAndGetUdpExTableFromStack ) return FALSE; pCreateToolhelp32Snapshot = (PCREATE_TOOL_HELP32_SNAPSHOT) GetProcAddress( GetModuleHandle( "kernel32.dll" ), "CreateToolhelp32Snapshot" ); if( !pCreateToolhelp32Snapshot ) return FALSE; pProcess32First = (PPROCESS32_FIRST) GetProcAddress( GetModuleHandle( "kernel32.dll" ), "Process32First" ); if( !pProcess32First ) return FALSE; pProcess32Next = (PPROCESS32_NEXT) GetProcAddress( GetModuleHandle( "kernel32.dll" ), "Process32Next" ); if( !pProcess32Next ) return FALSE; //quit return TRUE; } void Usage() { printf("*****************************************\n"); printf("\tRFPortXP\n\n"); printf("Written by Refdom.(refdom@263.net)\n"); printf("Homepage:www.opengram.com\n"); printf("Reference: www.sysinternals.com\n"); printf("Comment: This application only for WINXP!\n"); printf("*****************************************\n\n"); } int main(int argc, char* argv[]) { int nRetCode; DWORD i; WSADATA WSAData; HANDLE hProcessSnap; PMIB_TCPEXTABLE TCPExTable; PMIB_UDPEXTABLE UDPExTable; char szProcessName; char szLocalName, szRemoteName; char szRemotePort, szLocalPort; char szLocalAddress, szRemoteAddress; Usage(); nRetCode = LoadAPI(); if (nRetCode == FALSE) { printf("Loadlibrary error!\n"); return 0; } if( WSAStartup(MAKEWORD(1, 1), &WSAData )) { printf("WSAStartup error!\n"); return 0; } nRetCode = pAllocateAndGetTcpExTableFromStack(&TCPExTable, TRUE, GetProcessHeap(), 2, 2); if( nRetCode ) { printf("AllocateAndGetTcpExTableFromStack Error!\n"); return 0; } nRetCode = pAllocateAndGetUdpExTableFromStack(&UDPExTable, TRUE, GetProcessHeap(), 2, 2 ); if( nRetCode ) { printf("AllocateAndGetUdpExTableFromStack Error!.\n"); return -1; } hProcessSnap = pCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); if( hProcessSnap == INVALID_HANDLE_VALUE ) { printf("CreateToolhelp32Snapshot Error!\n"); } // Get TCP List printf("%-6s%-22s%-22s%-11s%s\n", "Proto", "Local Address", "Foreign Address", "State", "Process"); for( i = 0; i < TCPExTable->dwNumEntries; i++ ) { sprintf( szLocalAddress, "%s:%s", GetIp(TCPExTable->table.dwLocalAddr, szLocalName), GetPort(TCPExTable->table.dwLocalPort, szLocalPort)); sprintf( szRemoteAddress, "%s:%s", GetIp(TCPExTable->table.dwRemoteAddr, szRemoteName), GetPort(TCPExTable->table.dwRemotePort, szRemotePort)); printf("%-6s%-22s%-22s%-11s%s:%d\n", "TCP", szLocalAddress, szRemoteAddress, TcpState.dwState], ProcessPidToName( hProcessSnap, TCPExTable->table.dwProcessId, szProcessName), TCPExTable->table.dwProcessId ); } // Get UDP List for( i = 0; i < UDPExTable->dwNumEntries; i++ ) { sprintf( szLocalAddress, "%s:%s", GetIp(UDPExTable->table.dwLocalAddr, szLocalName), GetPort(UDPExTable->table.dwLocalPort, szLocalPort)); sprintf( szRemoteAddress, "%s", "*:*"); printf("%-6s%-22s%-33s%s:%d\n", "UDP", szLocalAddress, szRemoteAddress, ProcessPidToName( hProcessSnap, TCPExTable->table.dwProcessId, szProcessName), TCPExTable->table.dwProcessId ); } WSACleanup(); return 0; }

emily 发表于 2004-6-18 04:07:00

小子

什么呀！看不懂呢

页: [1]

心跳的回忆's Archiver

[讨论]只适用于XP的端口-进程关联程序