static DWORD GetExtendedTcpTableWithAlloc(PVOID *TcpTable, BOOL Order, DWORD Family, TCP_TABLE_CLASS Class)
{
DWORD ret;
DWORD Size = 0;
*TcpTable = NULL;
ret = GetExtendedTcpTable(*TcpTable, &Size, Order, Family, Class, 0);
if (ret == ERROR_INSUFFICIENT_BUFFER)
{
*TcpTable = HeapAlloc(GetProcessHeap(), 0, Size);
if (*TcpTable == NULL)
{
return ERROR_OUTOFMEMORY;
}
ret = GetExtendedTcpTable(*TcpTable, &Size, Order, Family, Class, 0);
if (ret != NO_ERROR)
{
HeapFree(GetProcessHeap(), 0, *TcpTable);
*TcpTable = NULL;
}
}
return ret;
}
void* WinSockets::allocateSocketTable(unsigned long protocol,
unsigned long family) {
unsigned long ret = 0;
unsigned long buffsize = 0;
void* pSockTable = nullptr;
/// Allocate the TCP Socket Tables
if (protocol == IPPROTO_TCP) {
ret = GetExtendedTcpTable(
pSockTable, &buffsize, true, family, TCP_TABLE_OWNER_PID_ALL, 0);
if (ret == ERROR_INSUFFICIENT_BUFFER) {
pSockTable = static_cast<void*>(malloc(buffsize));
if (pSockTable == nullptr) {
status_ = Status(
1, "Unable to allocate sufficient memory for the TCP socket table");
}
}
ret = GetExtendedTcpTable(pSockTable,
reinterpret_cast<PULONG>(&buffsize),
true,
family,
TCP_TABLE_OWNER_PID_ALL,
0);
if (ret != NO_ERROR) {
status_ = Status(1,
"Error retrieving the socket table: ( " +
std::to_string(GetLastError()) + " )");
}
}
/// Allocate the UDP Socket Tables
else {
ret = GetExtendedUdpTable(pSockTable,
reinterpret_cast<PULONG>(&buffsize),
true,
family,
UDP_TABLE_OWNER_PID,
0);
if (ret == ERROR_INSUFFICIENT_BUFFER) {
pSockTable = static_cast<void*>(malloc(buffsize));
if (pSockTable == nullptr) {
status_ = Status(
1, "Unable to allocate sufficient memory for the UDP socket table");
}
}
ret = GetExtendedUdpTable(pSockTable,
reinterpret_cast<PULONG>(&buffsize),
true,
family,
UDP_TABLE_OWNER_PID,
0);
if (ret != NO_ERROR) {
status_ = Status(1,
"Error retrieving the socket table: ( " +
std::to_string(GetLastError()) + " )");
}
}
return pSockTable;
}
list GetConns()
{
DWORD bufsize = 0;
list l;
std::vector<MIB_TCPROW_OWNER_PID> TCPtables;
std::vector<MIB_UDPROW_OWNER_PID> UDPtables;
DWORD ret= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
char *buf = new char[bufsize];
ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if(ret == NO_ERROR )
{
MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf;
TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries);
}
delete [] buf;
bufsize = 0;
ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
buf = new char[bufsize];
ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
if(ret == NO_ERROR )
{
MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf;
UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries);
}
delete [] buf;
for (DWORD a=0; a<TCPtables.size(); a++)
{
TCPConn Conn;
MIB_TCPROW_OWNER_PID & row = TCPtables[a];
Conn.dwLocalAddr = row.dwLocalAddr;
Conn.dwLocalPort = ntohs((u_short)row.dwLocalPort);
Conn.dwOwningPid = row.dwOwningPid;
Conn.dwRemoteAddr = row.dwRemoteAddr;
Conn.dwRemotePort = ntohs((u_short)row.dwRemotePort);
Conn.State =(TCPSTATE) row.dwState;
Conn.Type = L"tcp";
l.append( object(Conn) );
}
return l;
}
BOOL Utils::GetOpenedPort( std::vector<MIB_TCPROW_OWNER_PID> & TCPtables, std::vector<MIB_UDPROW_OWNER_PID> & UDPtables )
{
DWORD bufsize = UTILSBUF;
DWORD ret = 0;//= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
char *buf = g_buf;
ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if(ret == NO_ERROR )
{
MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf;
TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries);
}
return TRUE;
bufsize = 0;
ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
//ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
if(ret == NO_ERROR )
{
MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf;
//UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries);
}
return TRUE;
}
//原本的,由于ANY_SIZE在当前项目下默认为1,所以假设注释掉了
//#define ANY_SIZE 1024,那么此程序将无法正常获取活动过程
//中的网络进程信息,参照MSDN里GetTcpTable的用法改写了此函数,
//如下所示:
void PortCache::RebuildTcpTable()
{
// Clear the table
//RtlZeroMemory(_tcpPortTable, sizeof(_tcpPortTable));
_mapTcpPortTableEx.clear();
DWORD dwRetValue = NO_ERROR;
DWORD dwBufferSize = 0;
PMIB_TCPTABLE_OWNER_PID pTable = NULL;
//第一次获取,尝试获得pTable所需的内存大小,用dwBufferSize存放起来
dwRetValue = GetExtendedTcpTable(NULL, &dwBufferSize,
FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if (dwRetValue != ERROR_INSUFFICIENT_BUFFER)
{
printf("Failed to snapshot TCP endpoints.\n");
return;
}
//使用HeapAlloc在堆上分配一个dwBufferSize大小的内存空间给pTable变量
pTable = (PMIB_TCPTABLE_OWNER_PID)HeapAlloc(GetProcessHeap(), 0, dwBufferSize);
//第二次获取,将TCP相关的网络进程快照保存到pTable变量中
dwRetValue = GetExtendedTcpTable(pTable, &dwBufferSize,
FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if (dwRetValue != NO_ERROR)
{
printf("Failed to snapshot TCP endpoints.\n");
HeapFree(GetProcessHeap(), 0, pTable);
return;
}
// Rebuild the table
for (unsigned int i = 0; i < pTable->dwNumEntries; i++)
{
int nTemp = ntohs((unsigned short)pTable->table[i].dwLocalPort);
//_tcpPortTable[nTemp] =
// pTable->table[i].dwOwningPid;
_mapTcpPortTableEx[nTemp] = pTable->table[i];
}
HeapFree(GetProcessHeap(), 0, pTable);
}
PMIB_TCPTABLE_OWNER_MODULE WindowsPortInUseByAnotherApplication::getTCPTables()
{
PVOID tcpTable = NULL;
DWORD size = 0;
DWORD result = 0;
// Primer de tot, hem de trobar el tamany de la taula TCP i guardar-lo a size, un cop el tenim, podem fer el malloc i tornar
// a cridar la funció per recuperar de forma correcta la taula.
// El problema ve perqué la funció no retorna el tamany de forma acurada (sempre retorna un valor diferent),
// per tant, podem buscar-lo amb un while i quan es compleixi la variable pTCPTable estarà instanciada de forma correcta.
bool found = false;
while (!found)
{
// Buscar el tamany
GetExtendedTcpTable(NULL, &size, true, AF_INET, TCP_TABLE_OWNER_MODULE_ALL, 0);
// Es reserva l'espai per la taula TCP ara que sabem el tamany
tcpTable = malloc(size);
// S'obté la taula TCP
result = GetExtendedTcpTable(tcpTable, &size, true, AF_INET, TCP_TABLE_OWNER_MODULE_ALL, 0);
// Si ens dona error de tamany, ho tornem a probar
if (result == ERROR_INSUFFICIENT_BUFFER)
{
free(tcpTable);
}
else if (result == NO_ERROR)
{
// Si no dona cap error ja podem plegar
found = true;
}
else
{
// Si ens dona un error diferent, el loguem i retornem null
found = true;
ERROR_LOG(QString("Error al obtenir la taula TCP: %1").arg(GetLastError()));
free(tcpTable);
tcpTable = NULL;
}
}
return (PMIB_TCPTABLE_OWNER_MODULE)tcpTable;
}
void PortCache::RebuildTcpTable()
{
// Clear the table
RtlZeroMemory(_tcpPortTable, sizeof(_tcpPortTable));
// Rebuild the table
MIB_TCPTABLE_OWNER_PID table;
table.dwNumEntries = sizeof(table) / sizeof(table.table[0]);
DWORD tableSize = sizeof(table);
if( GetExtendedTcpTable((void *)&table, &tableSize,
FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0)== NO_ERROR )
{
for(unsigned int i = 0; i < table.dwNumEntries; i++)
{
_tcpPortTable[ntohs((unsigned short)table.table[i].dwLocalPort)] =
table.table[i].dwOwningPid;
}
}
}
//构建TCP进程字典
int ProcessMap::BuildTcpProcDict()
{
//清空processtcpdict
ClearTcpProcessDict();
portdict.clear();
//构建tcpportdict
MIB_TCPTABLE_OWNER_PID tcptable;
tcptable.dwNumEntries = sizeof(tcptable)/sizeof(tcptable.table[0]);
DWORD tcptablesize = sizeof(tcptable);
//if(GetExtendedTcpTable((void *)&tcptable, &tcptablesize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) == NO_ERROR)
int tcptableerror = GetExtendedTcpTable((void *)&tcptable, &tcptablesize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if(tcptableerror == NO_ERROR)
{
for(unsigned int i =0 ; i< tcptable.dwNumEntries; i++)
{
int port = ntohs((unsigned short)tcptable.table[i].dwLocalPort);
int pid = tcptable.table[i].dwOwningPid;
portdict.insert(pair<int ,int>(port,pid));
}
}
// Take a snapshot
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 p;
p.dwSize = sizeof(PROCESSENTRY32);
// Traverse Process List
for(BOOL ret = Process32First(hSnapShot, &p); ret != 0; ret = Process32Next(hSnapShot, &p))
{
// Get pid and file name
int pid = p.th32ProcessID;
for(portdictit = portdict.begin();portdictit!=portdict.end();portdictit++)
{
if(portdictit->second == pid)
{
ProcessNode *processnode = new ProcessNode;
processnode->pid = pid;
processnode->processname = TCHARTochar(p.szExeFile);
// Get full path (if possible)
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (hProcess == 0)
{
processnode->processpath = NULL;
}
else
{
TCHAR fullPath[MAX_PATH];
if (GetModuleFileNameEx(hProcess, 0, fullPath, MAX_PATH) > 0)// Success
{
processnode->processpath = TCHARTochar(fullPath);
}
else
processnode->processpath = NULL;
}
CloseHandle(hProcess);
tcpprocessdict.insert(pair<int,ProcessNode*>(portdictit->first,processnode));
}
}
}
CloseHandle(hSnapShot);
UpdateUnknowTcpportdict();
return 0;
}
struct CONNECTION* GetConnectionsTable()
{
// Declare and initialize variables
MIB_TCPTABLE_OWNER_PID *pTcpTable;
DWORD i, dwSize = 0, dwRetVal = 0;
struct in_addr IpAddr;
struct CONNECTION *connHead = NULL;
pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(sizeof (MIB_TCPTABLE_OWNER_PID));
if (pTcpTable == NULL) {
//printf("Error allocating memory!\n");
return NULL;
}
dwSize = sizeof (MIB_TCPTABLE_OWNER_PID);
// Make an initial call to GetTcpTable to
// get the necessary size into the dwSize variable
if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)) == ERROR_INSUFFICIENT_BUFFER) {
FREE(pTcpTable);
pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(dwSize);
if (pTcpTable == NULL) {
//printf("Error allocating memory\n");
return NULL;
}
}
// Make a second call to GetTcpTable to get
// the actual data we require
if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)) != NO_ERROR) {
//printf("\tGetTcpTable() failed with return value %d\n", dwRetVal);
FREE(pTcpTable);
return NULL;
}
//printf("\tLocal Addr\tLocal Port\tRemote Addr\tRemote Port\n");
//printf("Number of entries: %d\n", (int) pTcpTable->dwNumEntries);
for (i = 0; i < pTcpTable->dwNumEntries; i ++) {
struct CONNECTION* newConn = (struct CONNECTION*)mir_alloc(sizeof(struct CONNECTION));
memset(newConn, 0, sizeof(struct CONNECTION));
//pid2name(pTcpTable->table[i].dwOwningPid,&newConn->Pname);
if (pTcpTable->table[i].dwLocalAddr) {
IpAddr.S_un.S_addr = (ULONG) pTcpTable->table[i].dwLocalAddr;
//_snprintf(newConn->strIntIp,_countof(newConn->strIntIp),"%d.%d.%d.%d",IpAddr.S_un.S_un_b.s_b1,IpAddr.S_un.S_un_b.s_b2,IpAddr.S_un.S_un_b.s_b3,IpAddr.S_un.S_un_b.s_b4);
wcsncpy(newConn->strIntIp, mir_a2t(inet_ntoa(IpAddr)),_tcslen(mir_a2t(inet_ntoa(IpAddr))));
}
if (pTcpTable->table[i].dwRemoteAddr) {
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr;
wcsncpy(newConn->strExtIp, mir_a2t(inet_ntoa(IpAddr)),_tcslen(mir_a2t(inet_ntoa(IpAddr))));
}
newConn->state = pTcpTable->table[i].dwState;
newConn->intIntPort = ntohs((u_short)pTcpTable->table[i].dwLocalPort);
newConn->intExtPort = ntohs((u_short)pTcpTable->table[i].dwRemotePort);
newConn->Pid = pTcpTable->table[i].dwOwningPid;
switch (pTcpTable->table[i].dwState) {
case MIB_TCP_STATE_CLOSED:
//printf("CLOSED\n");
break;
case MIB_TCP_STATE_LISTEN:
//printf("LISTEN\n");
break;
case MIB_TCP_STATE_SYN_SENT:
//printf("SYN-SENT\n");
break;
case MIB_TCP_STATE_SYN_RCVD:
//printf("SYN-RECEIVED\n");
break;
case MIB_TCP_STATE_ESTAB:
//printf("ESTABLISHED\n");
break;
case MIB_TCP_STATE_FIN_WAIT1:
//printf("FIN-WAIT-1\n");
break;
case MIB_TCP_STATE_FIN_WAIT2:
//printf("FIN-WAIT-2 \n");
break;
case MIB_TCP_STATE_CLOSE_WAIT:
//printf("CLOSE-WAIT\n");
break;
case MIB_TCP_STATE_CLOSING:
//printf("CLOSING\n");
break;
case MIB_TCP_STATE_LAST_ACK:
//printf("LAST-ACK\n");
break;
case MIB_TCP_STATE_TIME_WAIT:
//printf("TIME-WAIT\n");
break;
case MIB_TCP_STATE_DELETE_TCB:
//printf("DELETE-TCB\n");
break;
default:
//printf("UNKNOWN dwState value\n");
break;
}
newConn->next = connHead;
connHead = newConn;
//printf("TCP[%d]:%s%15d%20s%15d\n", i, szLocalAddr,ntohs((u_short)pTcpTable->table[i].dwLocalPort), szRemoteAddr,ntohs((u_short)pTcpTable->table[i].dwRemotePort));
//printf("\tTCP[%d] Local Addr: %s\n", i, szLocalAddr);
// printf("\tTCP[%d] Local Port: %d \n", i, ntohs((u_short)pTcpTable->table[i].dwLocalPort));
//printf("\tTCP[%d] Remote Addr: %s\n", i, szRemoteAddr);
//printf("\tTCP[%d] Remote Port: %d\n", i, ntohs((u_short)pTcpTable->table[i].dwRemotePort));
}
FREE(pTcpTable);
return connHead;
}
TCPInfo GetIpTcp(int pidsearch)
{
PMIB_TCPTABLE_OWNER_PID pTcpTable;
DWORD dwSize = 0;
DWORD dwRetVal = 0;
struct in_addr IpAddr;
int i=0;
TCPInfo tcp;
pTcpTable = ( MIB_TCPTABLE_OWNER_PID *) MALLOC(sizeof ( PMIB_TCPTABLE_OWNER_PID ));
if (pTcpTable == NULL) {
printf("Error allocating memory\n");
return tcp;
}
dwSize = sizeof ( PMIB_TCPTABLE_OWNER_PID );
if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL,0)) ==
ERROR_INSUFFICIENT_BUFFER) {
FREE(pTcpTable);
pTcpTable = ( MIB_TCPTABLE_OWNER_PID *) MALLOC(dwSize);
if (pTcpTable == NULL) {
printf("Error allocating memory\n");
return tcp;
}
}
if ((dwRetVal =GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL,0)) == NO_ERROR)
{
while(pTcpTable->table[i].dwOwningPid != pidsearch && i<(int) pTcpTable->dwNumEntries)
i++;
switch (pTcpTable->table[i].dwState)
{
case MIB_TCP_STATE_CLOSED:
sprintf(tcp.state ,"CLOSED");
break;
case MIB_TCP_STATE_LISTEN:
sprintf(tcp.state ,"LISTEN");
break;
case MIB_TCP_STATE_SYN_SENT:
sprintf(tcp.state ,"SYN-SENT");
break;
case MIB_TCP_STATE_SYN_RCVD:
sprintf(tcp.state ,"SYN-RECEIVED");
break;
case MIB_TCP_STATE_ESTAB:
sprintf(tcp.state ,"ESTABLISHED");
break;
case MIB_TCP_STATE_FIN_WAIT1:
sprintf(tcp.state ,"FIN-WAIT-1");
break;
case MIB_TCP_STATE_FIN_WAIT2:
sprintf(tcp.state ,"FIN-WAIT-2");
break;
case MIB_TCP_STATE_CLOSE_WAIT:
sprintf(tcp.state ,"CLOSE-WAIT");
break;
case MIB_TCP_STATE_CLOSING:
sprintf(tcp.state ,"CLOSING");
break;
case MIB_TCP_STATE_LAST_ACK:
sprintf(tcp.state ,"LAST-ACK");
break;
case MIB_TCP_STATE_TIME_WAIT:
sprintf(tcp.state ,"TIME-WAIT");
break;
case MIB_TCP_STATE_DELETE_TCB:
sprintf(tcp.state ,"DELETE-TCB");
break;
default:
sprintf(tcp.state ,"UNKNOWN");
break;
}
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwLocalAddr;
strcpy(tcp.localip, inet_ntoa(IpAddr));
tcp.localport = ntohs((u_short)pTcpTable->table[i].dwLocalPort) ;
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr;
strcpy(tcp.distip, inet_ntoa(IpAddr));
tcp.distport = ntohs((u_short)pTcpTable->table[i].dwRemotePort);
}
return tcp;
}
