static DWORD GetExtendedUdpTableWithAlloc(PVOID *UdpTable, BOOL Order, DWORD Family, UDP_TABLE_CLASS Class) { DWORD ret; DWORD Size = 0; *UdpTable = NULL; ret = GetExtendedUdpTable(*UdpTable, &Size, Order, Family, Class, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { *UdpTable = HeapAlloc(GetProcessHeap(), 0, Size); if (*UdpTable == NULL) { return ERROR_OUTOFMEMORY; } ret = GetExtendedUdpTable(*UdpTable, &Size, Order, Family, Class, 0); if (ret != NO_ERROR) { HeapFree(GetProcessHeap(), 0, *UdpTable); *UdpTable = NULL; } } return ret; }
void* WinSockets::allocateSocketTable(unsigned long protocol, unsigned long family) { unsigned long ret = 0; unsigned long buffsize = 0; void* pSockTable = nullptr; /// Allocate the TCP Socket Tables if (protocol == IPPROTO_TCP) { ret = GetExtendedTcpTable( pSockTable, &buffsize, true, family, TCP_TABLE_OWNER_PID_ALL, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { pSockTable = static_cast<void*>(malloc(buffsize)); if (pSockTable == nullptr) { status_ = Status( 1, "Unable to allocate sufficient memory for the TCP socket table"); } } ret = GetExtendedTcpTable(pSockTable, reinterpret_cast<PULONG>(&buffsize), true, family, TCP_TABLE_OWNER_PID_ALL, 0); if (ret != NO_ERROR) { status_ = Status(1, "Error retrieving the socket table: ( " + std::to_string(GetLastError()) + " )"); } } /// Allocate the UDP Socket Tables else { ret = GetExtendedUdpTable(pSockTable, reinterpret_cast<PULONG>(&buffsize), true, family, UDP_TABLE_OWNER_PID, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { pSockTable = static_cast<void*>(malloc(buffsize)); if (pSockTable == nullptr) { status_ = Status( 1, "Unable to allocate sufficient memory for the UDP socket table"); } } ret = GetExtendedUdpTable(pSockTable, reinterpret_cast<PULONG>(&buffsize), true, family, UDP_TABLE_OWNER_PID, 0); if (ret != NO_ERROR) { status_ = Status(1, "Error retrieving the socket table: ( " + std::to_string(GetLastError()) + " )"); } } return pSockTable; }
list GetConns() { DWORD bufsize = 0; list l; std::vector<MIB_TCPROW_OWNER_PID> TCPtables; std::vector<MIB_UDPROW_OWNER_PID> UDPtables; DWORD ret= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); char *buf = new char[bufsize]; ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if(ret == NO_ERROR ) { MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf; TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries); } delete [] buf; bufsize = 0; ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); buf = new char[bufsize]; ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); if(ret == NO_ERROR ) { MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf; UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries); } delete [] buf; for (DWORD a=0; a<TCPtables.size(); a++) { TCPConn Conn; MIB_TCPROW_OWNER_PID & row = TCPtables[a]; Conn.dwLocalAddr = row.dwLocalAddr; Conn.dwLocalPort = ntohs((u_short)row.dwLocalPort); Conn.dwOwningPid = row.dwOwningPid; Conn.dwRemoteAddr = row.dwRemoteAddr; Conn.dwRemotePort = ntohs((u_short)row.dwRemotePort); Conn.State =(TCPSTATE) row.dwState; Conn.Type = L"tcp"; l.append( object(Conn) ); } return l; }
int ProcessMap::BuildUdpProcDict() { //清空processtcpdict ClearUdpProcessDict(); portdict.clear(); //构建tcpportdict MIB_UDPTABLE_OWNER_PID udptable; udptable.dwNumEntries = sizeof(udptable)/sizeof(udptable.table[0]); DWORD udptablesize = sizeof(udptable); if(GetExtendedUdpTable((void *)&udptable, &udptablesize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0) == NO_ERROR) { for(unsigned int i =0 ; i< udptable.dwNumEntries; i++) { int port = ntohs((unsigned short)udptable.table[i].dwLocalPort); int pid = udptable.table[i].dwOwningPid; portdict.insert(pair<int ,int>(port,pid)); } } //构建UdpProcessDict // Take a snapshot HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 p; p.dwSize = sizeof(PROCESSENTRY32); // Traverse Process List for(BOOL ret = Process32First(hSnapShot, &p); ret != 0; ret = Process32Next(hSnapShot, &p)) { // Get pid and file name int pid = p.th32ProcessID; for(portdictit=portdict.begin();portdictit!=portdict.end();portdictit++) { if(portdictit->second == pid) { ProcessNode *processnode = new ProcessNode; processnode->pid = pid; processnode->processname = TCHARTochar(p.szExeFile); // Get full path (if possible) HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (hProcess == 0) { processnode->processpath = NULL; } else { TCHAR fullPath[MAX_PATH]; if (GetModuleFileNameEx(hProcess, 0, fullPath, MAX_PATH) > 0) // Success { processnode->processpath = TCHARTochar(fullPath); } else processnode->processpath = NULL; } CloseHandle(hProcess); udpprocessdict.insert(pair<int,ProcessNode*>(portdictit->first,processnode)); } } } CloseHandle(hSnapShot); UpdateUnknowUdpportdict(); return 0; }
BOOL Utils::GetOpenedPort( std::vector<MIB_TCPROW_OWNER_PID> & TCPtables, std::vector<MIB_UDPROW_OWNER_PID> & UDPtables ) { DWORD bufsize = UTILSBUF; DWORD ret = 0;//= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); char *buf = g_buf; ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if(ret == NO_ERROR ) { MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf; TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries); } return TRUE; bufsize = 0; ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); //ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); if(ret == NO_ERROR ) { MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf; //UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries); } return TRUE; }
void PortCache::RebuildUdpTable() { // Clear the table //RtlZeroMemory(_udpPortTable, sizeof(_udpPortTable)); _mapUdpPortTableEx.clear(); DWORD dwRetValue = NO_ERROR; DWORD dwBufferSize = 0; //解释如同RebuildTcpTable PMIB_UDPTABLE_OWNER_PID pTable = NULL; dwRetValue = GetExtendedUdpTable(NULL, &dwBufferSize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); if (dwRetValue != ERROR_INSUFFICIENT_BUFFER) { printf("Failed to snapshot UDP endpoints.\n"); return; } //解释如同RebuildTcpTable pTable = (PMIB_UDPTABLE_OWNER_PID)HeapAlloc(GetProcessHeap(), 0, dwBufferSize); dwRetValue = GetExtendedUdpTable(pTable, &dwBufferSize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); if (dwRetValue != NO_ERROR) { printf("Failed to snapshot UDP endpoints.\n"); HeapFree(GetProcessHeap(), 0, pTable); return; } // Rebuild the table for (unsigned int i = 0; i < pTable->dwNumEntries; i++) { int nTemp = ntohs((unsigned short)pTable->table[i].dwLocalPort); //_udpPortTable[nTemp] = // pTable->table[i].dwOwningPid; _mapUdpPortTableEx[nTemp] = pTable->table[i]; } HeapFree(GetProcessHeap(), 0, pTable); }