BCB-DG's Blog

...

日志

关于我

BCB-DG

old programer

文章分类

枚舉網絡連接信息

2010-05-24 09:54:31| 分类： Socket | 标签： |举报 |字号大中小订阅

下载LOFTER 我的照片书 |

作者：未知

用到 GetExtendedUdpTable 和 GetExtendedTCPTable 2个未公开的函数

使用的函数和结构体:

typedef struct _MIB_UDPROW_OWNER_MODULE {
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwOwningPid;
LARGE_INTEGER liCreateTimestamp;
union {
struct { int SpecificPortBind :1; };
int dwFlags; };
ULONGLONG OwningModuleInfo[TCPIP_OWNING_MODULE_SIZE];//还没有公布的数据
} MIB_UDPROW_OWNER_MODULE, *PMIB_UDPRPW_OWNER_MODULE;

typedef struct _MIB_UDPTABLE_OWNER_MODULE {
DWORD dwNumEntries; MIB_UDPROW_OWNER_MODULE 结构的个数
MIB_UDPROW_OWNER_MODULE table[ANY_SIZE];
} MIB_UDPTABLE_OWNER_MODULE, *PMIB_UDPTABLE_OWNER_MODULE;

typedef struct _MIB_TCPROW_OWNER_PID {
DWORD dwState; //连接状态
DWORD dwLocalAddr; //本地计算机地址
DWORD dwLocalPort; //本地计算机端口
DWORD dwRemoteAddr; //远程计算机地址
DWORD dwRemotePort; //远程计算机端口
DWORD dwOwningPid;//进程ID
} MIB_TCPROW_OWNER_PID, *PMIB_TCPROW_OWNER_PID;

typedef struct {
DWORD dwNumEntries;
MIB_TCPROW_OWNER_PID table[ANY_SIZE];
} MIB_TCPTABLE_OWNER_PID, *PMIB_TCPTABLE_OWNER_PID;

DWORD GetExtendedUdpTable(
__out         PVOID pUdpTable,//返回查询结构体指针
__in_out      PDWORD pdwSize,//估计结构体大小
__in          BOOL bOrder,//是否排序
__in          ULONG ulAf,//是AF_INET还是AF_INET6
__in          UDP_TABLE_CLASS TableClass,//返回结构体的种类
__in          ULONG Reserved//保留值
);

DWORD GetExtendedTcpTable(
__out         PVOID pTcpTable,
__in_out      PDWORD pdwSize,//大小
__in          BOOL bOrder,
__in          ULONG ulAf,
__in          TCP_TABLE_CLASS TableClass,
__in          ULONG Reserved
);

#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
#include <Iphlpapi.h>
#include<time.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib,"Iphlpapi.lib")
#define HOSTNAMELEN 256
#define PORTNAMELEN 256
#define ADDRESSLEN HOSTNAMELEN+PORTNAMELEN

#define FLAG_ALL_ENDPOINTS 1
#define FLAG_SHOW_NUMBERS 2

typedef struct {
DWORD dwNumEntries;
MIB_TCPROW_OWNER_MODULE table[100];
} D_MIB_TCPTABLE_OWNER_MODULE, *D_PMIB_TCPTABLE_OWNER_MODULE;

typedef struct {
DWORD dwNumEntries;
MIB_UDPROW_OWNER_MODULE table[100];
} D_MIB_UDPTABLE_OWNER_MODULE, *D_PMIB_UDPTABLE_OWNER_MODULE;

static char TcpState[][32] = {
"???",
"CLOSED",
"LISTENING",
"SYN_SENT",
"SYN_RCVD",
"ESTABLISHED",
"FIN_WAIT1",
"FIN_WAIT2",
"CLOSE_WAIT",
"CLOSING",
"LAST_ACK",
"TIME_WAIT",
"DELETE_TCB"
};

PCHAR GetPort(unsigned int port, char* pPort)
{
wsprintf(pPort, "%d", htons( (WORD) port));
return pPort;
}

PCHAR GetIp(unsigned int ipaddr, char* pIP)
{
in_addr nipaddr;
nipaddr.S_un.S_addr= ipaddr;
strcpy(pIP,inet_ntoa(nipaddr));
return pIP;
}

PCHAR ProcessPidToName( HANDLE hProcessSnap,DWORD ProcessId,PCHAR ProcessName)
{
PROCESSENTRY32 processEntry;
strcpy( ProcessName, ".." );
if( !Process32First( hProcessSnap, &processEntry )) {
return ProcessName;
}
do {
if( processEntry.th32ProcessID == ProcessId )
{
strcpy( ProcessName, processEntry.szExeFile );
return ProcessName;
}
} while( Process32Next( hProcessSnap, &processEntry ));
return ProcessName;
}

int main(int argc, char* argv[])
{
int nRetCode;
DWORD i;
WSADATA WSAData;
HANDLE hProcessSnap;
D_MIB_TCPTABLE_OWNER_MODULE TCPExTable;
D_MIB_UDPTABLE_OWNER_MODULE UDPExTable;
DWORD UdpCount=sizeof(D_MIB_TCPTABLE_OWNER_MODULE);
DWORD TcpCount=sizeof(D_MIB_UDPTABLE_OWNER_MODULE);
char szProcessName[MAX_PATH];
char szLocalName[HOSTNAMELEN], szRemoteName[HOSTNAMELEN];
char szRemotePort[PORTNAMELEN], szLocalPort[PORTNAMELEN];
char szLocalAddress[ADDRESSLEN], szRemoteAddress[ADDRESSLEN];
struct tm *Time;

if( WSAStartup(MAKEWORD(1, 1), &WSAData ))
{
printf("WSAStartup error!\n");
return 0;
}

nRetCode= GetExtendedTcpTable(&TCPExTable,&TcpCount, TRUE,AF_INET, TCP_TABLE_OWNER_MODULE_ALL, 0);
if( nRetCode )
{
printf("GetExtendedTcpTable!\n");
return 0;
}
nRetCode = GetExtendedUdpTable(&UDPExTable,&UdpCount,TRUE,AF_INET,UDP_TABLE_OWNER_MODULE,0);
if( nRetCode )
{
printf("GetExtendedUdpTable.\n");
return -1;
}
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printf("CreateToolhelp32Snapshot Error!\n");
}

printf("%-6s%-20s%-20s%-11s%s\n", "协议", "本地地址","外部地址", "连接状态","进程");
for( i = 0; i < TCPExTable.dwNumEntries; i++)
{
wsprintf( szLocalAddress, "%s:%s", GetIp(TCPExTable.table[i].dwLocalAddr, szLocalName),GetPort(TCPExTable.table[i].dwLocalPort, szLocalPort));
wsprintf( szRemoteAddress, "%s:%s", GetIp(TCPExTable.table[i].dwRemoteAddr, szRemoteName),GetPort(TCPExTable.table[i].dwRemotePort, szRemotePort));

printf("%-6s%-20s%-20s%-11s%s:%d\n", "TCP",
szLocalAddress, szRemoteAddress,TcpState[TCPExTable.table[i].dwState],ProcessPidToName( hProcessSnap, TCPExTable.table[i].dwOwningPid, szProcessName),
TCPExTable.table[i].dwOwningPid);

}
for( i = 0; i < UDPExTable.dwNumEntries; i++ )
{
sprintf( szLocalAddress, "%s:%s",
GetIp(UDPExTable.table[i].dwLocalAddr, szLocalName),
GetPort(UDPExTable.table[i].dwLocalPort, szLocalPort));
sprintf( szRemoteAddress, "%s", "*:*");
printf("%-6s%-20s%-33s%s:%d\n", "UDP",
szLocalAddress, szRemoteAddress,
ProcessPidToName( hProcessSnap, UDPExTable.table[i].dwOwningPid, szProcessName),
UDPExTable.table[i].dwOwningPid
);

}
WSACleanup();
getchar();
return 0;
}

评论这张

转发至微博

阅读(2250)| 评论(0)

历史上的今天

this.p={  m:2,
              b:2,
              loftPermalink:'',
              id:'fks_080068083084080068087087082095087094083065087084083068',
              blogTitle:'枚舉網絡連接信息',
              blogAbstract:'<div\>作者：未知<br\><br\>用到 GetExtendedUdpTable 和 GetExtendedTCPTable 2个未公开的函数<br\><p\>使用的函数和结构体:</p\>\n<p\>typedef struct _MIB_UDPROW_OWNER_MODULE { <br\>\nDWORD dwLocalAddr; <br\>\nDWORD dwLocalPort; <br\>\nDWORD dwOwningPid; <br\>\nLARGE_INTEGER liCreateTimestamp; <br\>\nunion {     <br\>\nstruct {       int SpecificPortBind :1;     };    <br\>\nint dwFlags; }; </p\></div\>',
              blogTag:'',
              blogUrl:'blog/static/38223257201042495431366',
              isPublished:1,
              istop:false,
              type:2,
              modifyTime:1387419103559,
              publishTime:1274666071366,
              permalink:'blog/static/38223257201042495431366',
              commentCount:0,
              mainCommentCount:0,
              recommendCount:0,
              bsrk:-100,
              publisherId:0,
              recomBlogHome:false,
              currentRecomBlog:false,
              attachmentsFileIds:[],
              vote:{},
              groupInfo:{},
              friendstatus:'none',
              followstatus:'unFollow',
              pubSucc:'',
              visitorProvince:'',
              visitorCity:'',
              visitorNewUser:false,
              postAddInfo:{},
              mset:'000',
              mcon:'',
              srk:-100,
              remindgoodnightblog:false,
              isBlackVisitor:false,
              isShowYodaoAd:false,
              hostIntro:'old programer',
              hmcon:'1',
              selfRecomBlogCount:'0',
              lofter_single:'<iframe width="140" height="560" style="overflow:hidden;" src="http://www.lofter.com/mailEntry.do?blogad=1&blog" frameBorder="0"></iframe>'
            }

{list a as x}
    {if !!x}
    <div class="iblock nbw-fce nbw-f40">
      <a class="fc03 noul" target="_blank" hidefocus="true" href="http://blog.163.com/${x.visitorName}/">
      {if x.visitorName==visitor.userName}
      <img alt="${x.visitorNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.visitorName)}&r=${visitor.imageUpdateTime}"/>
      {else}
      <img alt="${x.visitorNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.visitorName)}"/>
      {/if}
      </a>
      <div class="cwd vname thide">
        {if x.moveFrom=='wap'}
          <a class="noul pnt" target="_blank" href="http://blog.163.com/services/wapblog.html?frompersonalbloghome"><span title="来自网易手机博客" class="iblock wapIcon"> </span></a>
        {elseif x.moveFrom=='iphone'}
          <a class="noul pnt" target="_blank"><span title="来自iPhone客户端" class="iblock iphoneIcon"> </span></a>
        {elseif x.moveFrom=='android'}
          <a class="noul pnt" target="_blank"><span title="来自Android客户端" class="iblock androidIcon"> </span></a>
        {elseif x.moveFrom=='mobile'}
          <a class="noul pnt" target="_blank" href="http://blog.163.com/services/emsblog.html?frompersonalbloghome"><span title="来自网易短信写博" class="iblock wapIcon"> </span></a>
        {/if}
        <a class="fc03 m2a"  target="_blank" hidefocus="true" href="http://blog.163.com/${x.visitorName}/">
          ${fn(x.visitorNickname,8)|escape}
        </a>
      </div>
    </div>
    {/if}
    {/list}

<#--最新日志，群博日志--> <#--推荐日志-->

<p class="fc06">推荐过这篇日志的人：</p>
    <div>
      {list a as x}
      {if !!x}
      <div class="iblock nbw-fce nbw-f40">
        <a class="fc03 noul" target="_blank" hidefocus="true" href="http://blog.163.com/${x.recommenderName}/">
        <img alt="${x.recommenderNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.recommenderName)}"/>
        </a>
        <div class="cwd thide">
          <a class="fc03 m2a" target="_blank" hidefocus="true" href="http://blog.163.com/${x.recommenderName}/">
            ${fn(x.recommenderNickname,6)|escape}
          </a>
        </div>
      </div>
      {/if}
      {/list}
    </div>
    {if !!b&&b.length>0}
    <p  class="fc06">他们还推荐了：</p>
    <ul>
    {list b as y}
      {if !!y}
        <li class="rrb"><span class="iblock">·</span><a class="fc03 m2a" target="_blank" href="http://blog.163.com/${y.recommendBlogPermalink}/?from=blog/static/38223257201042495431366">${y.recommendBlogTitle|escape}</a></li>
      {/if}
    {/list}
    </ul>
    {/if}

<#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇，下一篇--> <#-- 热度 -->

{list a as x}
    {if !!x}
    <div class="hotItem iblock nbw-fce nbw-f40">
      <a class="fc03 noul" target="_blank" hidefocus="true" href="http://blog.163.com/${x.publisherUsername}/">
      {if x.publisherUsername==visitor.userName}
      <img alt="${x.publisherNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.publisherUsername)}&r=${visitor.imageUpdateTime}"/>
      {else}
      <img alt="${x.publisherNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.publisherUsername)}"/>
      {/if}
      </a>
      <div class="cwd vname thide">
        <a class="fc03 m2a"  target="_blank" hidefocus="true" href="http://blog.163.com/${x.publisherUsername}/">
          ${fn(x.publisherNickname,8)|escape}
        </a>
      </div>
      <a class="f-myLikeIcons hottype {if x.type==1} js-liketype{elseif x.type==2} js-reblogtype{elseif x.type==3} js-sharetype{else}{/if}" target="_blank" hidefocus="true" href="http://blog.163.com/${x.publisherUsername}/"> </a>
    </div>
    {/if}
    {/list}

<#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->

页脚

我的照片书 - 手机博客 - 下载LOFTER APP - 订阅此博客

BCB-DG's Blog

导航

日志

枚舉網絡連接信息

历史上的今天

最近读者

热度

评论

页脚