只适用于XP的端口-进程关联程序

/ns/wz/comp/data/20020819051925.htm

只适用于XP的端口-进程关联程序

Author： Refdom （refdom@263.net）
HomePage： www.opengram.com


前段时间以及再前一段时间大家都在搞这个端口-进程关联。呵呵，我搞了这个来玩玩。

在WINXP中已经提供了进程和端口关联的，用netstat -noa就知道了。改进了嘛，这样的话，来写这个关联就太简单了，
所以只能是玩玩而已，为世界杯热热身。

用到几个未公开的API，然后模拟出netstat -noa命令。其实在2000里面也提供了这样 的
AllocateAndGetTcpTableFromStack，不过这个东西没有个进程关联，所以，XP就是pAllocateAndGetTcpExTableFromStack，
有了EX就是扩展了。

很简单，不多说了。

////////////////////////////////////////////////////////////////////////////////
//
// Port <-> Process (Netstat -noa)
//
// File : RFPortXP.cpp
// Comment : Only For XP
//
// Create at : 2002.5.31
// Create by : Refdom
// Email : refdom@263.net
// Home Page : www.opengram.com
//
// If you modify the code, or add more functions, please email me a copy.
//
////////////////////////////////////////////////////////////////////////////////
#include <stdio.h>
#include <windows.h>
#include <iprtrmib.h>
#include <tlhelp32.h>
#include <iphlpapi.h>
#pragma comment(lib, "ws2_32.lib")
// Maximum string lengths for ASCII ip address and port names
//
#define HOSTNAMELEN 256
#define PORTNAMELEN 256
#define ADDRESSLEN HOSTNAMELEN+PORTNAMELEN
//
// Our option flags
//
#define FLAG_ALL_ENDPOINTS 1
#define FLAG_SHOW_NUMBERS 2
//
// Undocumented extended information structures available
// only on XP and higher
//
typedef struct tagMIB_TCPEXROW{
DWORD dwState; // state of the connection
DWORD dwLocalAddr; // address on local computer
DWORD dwLocalPort; // port number on local computer
DWORD dwRemoteAddr; // address on remote computer
DWORD dwRemotePort; // port number on remote computer
DWORD dwProcessId;
} MIB_TCPEXROW, *PMIB_TCPEXROW;

typedef struct tagMIB_TCPEXTABLE{
DWORD dwNumEntries;
MIB_TCPEXROW table[ANY_SIZE];
} MIB_TCPEXTABLE, *PMIB_TCPEXTABLE;

typedef struct tagMIB_UDPEXROW{
DWORD dwLocalAddr; // address on local computer
DWORD dwLocalPort; // port number on local computer
DWORD dwProcessId;
} MIB_UDPEXROW, *PMIB_UDPEXROW;

typedef struct tagMIB_UDPEXTABLE{
DWORD dwNumEntries;
MIB_UDPEXROW table[ANY_SIZE];
} MIB_UDPEXTABLE, *PMIB_UDPEXTABLE;

typedef DWORD (WINAPI *PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK)(
PMIB_TCPEXTABLE *pTcpTable, // buffer for the connection table
BOOL bOrder, // sort the table?
HANDLE heap,
DWORD zero,
DWORD flags
);
typedef DWORD (WINAPI *PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK)(
PMIB_UDPEXTABLE *pUdpTable, // buffer for the connection table
BOOL bOrder, // sort the table?
HANDLE heap,
DWORD zero,
DWORD flags
);
typedef HANDLE (WINAPI *PCREATE_TOOL_HELP32_SNAPSHOT)(
DWORD dwFlags,
DWORD th32ProcessID
);
typedef BOOL (WINAPI *PPROCESS32_FIRST)(
HANDLE hSnapshot,
LPPROCESSENTRY32 lppe
);
typedef BOOL (WINAPI *PPROCESS32_NEXT)(
HANDLE hSnapshot,
LPPROCESSENTRY32 lppe
);
static PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK pAllocateAndGetTcpExTableFromStack = NULL;
static PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK pAllocateAndGetUdpExTableFromStack = NULL;
static PCREATE_TOOL_HELP32_SNAPSHOT pCreateToolhelp32Snapshot = NULL;
static PPROCESS32_FIRST pProcess32First = NULL;
static PPROCESS32_NEXT pProcess32Next = NULL;
//
// Possible TCP endpoint states
//
static char TcpState[][32] = {
"???",
"CLOSED",
"LISTENING",
"SYN_SENT",
"SYN_RCVD",
"ESTABLISHED",
"FIN_WAIT1",
"FIN_WAIT2",
"CLOSE_WAIT",
"CLOSING",
"LAST_ACK",
"TIME_WAIT",
"DELETE_TCB"
};
///////////////////////////////////////////////////////////
PCHAR GetPort(unsigned int port, char* pPort)
{
sprintf(pPort, "%d", htons( (WORD) port));
return pPort;
}

PCHAR GetIp(unsigned int ipaddr, char* pIP)
{
unsigned int nipaddr;
nipaddr = htonl(ipaddr);
sprintf(pIP, "%d.%d.%d.%d",
(nipaddr >> 24) & 0xFF,
(nipaddr >> 16) & 0xFF,
(nipaddr >> 8) & 0xFF,
(nipaddr) & 0xFF);
return pIP;
}
PCHAR ProcessPidToName( HANDLE hProcessSnap,
DWORD ProcessId,
PCHAR ProcessName)
{
PROCESSENTRY32 processEntry;
strcpy( ProcessName, "???" );
if( !pProcess32First( hProcessSnap, &processEntry )) {
return ProcessName;
}
do {
if( processEntry.th32ProcessID == ProcessId )
{
strcpy( ProcessName, processEntry.szExeFile );
return ProcessName;
}
} while( pProcess32Next( hProcessSnap, &processEntry ));
return ProcessName;
}

BOOL LoadAPI()
{
pAllocateAndGetTcpExTableFromStack = (PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK) GetProcAddress( LoadLibrary( "iphlpapi.dll"),
"AllocateAndGetTcpExTableFromStack" );
if( !pAllocateAndGetTcpExTableFromStack )
return FALSE;
pAllocateAndGetUdpExTableFromStack = (PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK) GetProcAddress( LoadLibrary( "iphlpapi.dll"),
"AllocateAndGetUdpExTableFromStack" );
if( !pAllocateAndGetUdpExTableFromStack )
return FALSE;
pCreateToolhelp32Snapshot = (PCREATE_TOOL_HELP32_SNAPSHOT) GetProcAddress( GetModuleHandle( "kernel32.dll" ),
"CreateToolhelp32Snapshot" );
if( !pCreateToolhelp32Snapshot )
return FALSE;
pProcess32First = (PPROCESS32_FIRST) GetProcAddress( GetModuleHandle( "kernel32.dll" ),
"Process32First" );
if( !pProcess32First )
return FALSE;
pProcess32Next = (PPROCESS32_NEXT) GetProcAddress( GetModuleHandle( "kernel32.dll" ),
"Process32Next" );
if( !pProcess32Next )
return FALSE;
//quit
return TRUE;
}

void Usage()
{
printf("*****************************************\n");
printf("\tRFPortXP\n\n");
printf("Written by Refdom.(refdom@263.net)\n");
printf("Homepage:www.opengram.com\n");
printf("Reference: www.sysinternals.com\n");
printf("Comment: This application only for WINXP!\n");
printf("*****************************************\n\n");
}
int main(int argc, char* argv[])
{
int nRetCode;
DWORD i;
WSADATA WSAData;
HANDLE hProcessSnap;
PMIB_TCPEXTABLE TCPExTable;
PMIB_UDPEXTABLE UDPExTable;
char szProcessName[MAX_PATH];
char szLocalName[HOSTNAMELEN], szRemoteName[HOSTNAMELEN];
char szRemotePort[PORTNAMELEN], szLocalPort[PORTNAMELEN];
char szLocalAddress[ADDRESSLEN], szRemoteAddress[ADDRESSLEN];
Usage();
nRetCode = LoadAPI();
if (nRetCode == FALSE)
{
printf("Loadlibrary error!\n");
return 0;
}
if( WSAStartup(MAKEWORD(1, 1), &WSAData ))
{
printf("WSAStartup error!\n");
return 0;
}
nRetCode = pAllocateAndGetTcpExTableFromStack(&TCPExTable, TRUE, GetProcessHeap(), 2, 2);
if( nRetCode )
{
printf("AllocateAndGetTcpExTableFromStack Error!\n");
return 0;
}
nRetCode = pAllocateAndGetUdpExTableFromStack(&UDPExTable, TRUE, GetProcessHeap(), 2, 2 );
if( nRetCode )
{
printf("AllocateAndGetUdpExTableFromStack Error!.\n");
return -1;
}
hProcessSnap = pCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printf("CreateToolhelp32Snapshot Error!\n");
}
// Get TCP List
printf("%-6s%-22s%-22s%-11s%s\n",
"Proto",
"Local Address",
"Foreign Address",
"State",
"Process");
for( i = 0; i < TCPExTable->dwNumEntries; i++ )
{
sprintf( szLocalAddress, "%s:%s",
GetIp(TCPExTable->table[i].dwLocalAddr, szLocalName),
GetPort(TCPExTable->table[i].dwLocalPort, szLocalPort));
sprintf( szRemoteAddress, "%s:%s",
GetIp(TCPExTable->table[i].dwRemoteAddr, szRemoteName),
GetPort(TCPExTable->table[i].dwRemotePort, szRemotePort));

printf("%-6s%-22s%-22s%-11s%s:%d\n", "TCP",
szLocalAddress, szRemoteAddress,
TcpState[TCPExTable->table[i].dwState],
ProcessPidToName( hProcessSnap, TCPExTable->table[i].dwProcessId, szProcessName),
TCPExTable->table[i].dwProcessId
);
}
// Get UDP List
for( i = 0; i < UDPExTable->dwNumEntries; i++ )
{
sprintf( szLocalAddress, "%s:%s",
GetIp(UDPExTable->table[i].dwLocalAddr, szLocalName),
GetPort(UDPExTable->table[i].dwLocalPort, szLocalPort));
sprintf( szRemoteAddress, "%s", "*:*");
printf("%-6s%-22s%-33s%s:%d\n", "UDP",
szLocalAddress, szRemoteAddress,
ProcessPidToName( hProcessSnap, TCPExTable->table[i].dwProcessId, szProcessName),
TCPExTable->table[i].dwProcessId
);
}
WSACleanup();
return 0;
}