static DWORD GetExtendedTcpTableWithAlloc(PVOID *TcpTable, BOOL Order, DWORD Family, TCP_TABLE_CLASS Class) { DWORD ret; DWORD Size = 0; *TcpTable = NULL; ret = GetExtendedTcpTable(*TcpTable, &Size, Order, Family, Class, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { *TcpTable = HeapAlloc(GetProcessHeap(), 0, Size); if (*TcpTable == NULL) { return ERROR_OUTOFMEMORY; } ret = GetExtendedTcpTable(*TcpTable, &Size, Order, Family, Class, 0); if (ret != NO_ERROR) { HeapFree(GetProcessHeap(), 0, *TcpTable); *TcpTable = NULL; } } return ret; }
void* WinSockets::allocateSocketTable(unsigned long protocol, unsigned long family) { unsigned long ret = 0; unsigned long buffsize = 0; void* pSockTable = nullptr; /// Allocate the TCP Socket Tables if (protocol == IPPROTO_TCP) { ret = GetExtendedTcpTable( pSockTable, &buffsize, true, family, TCP_TABLE_OWNER_PID_ALL, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { pSockTable = static_cast<void*>(malloc(buffsize)); if (pSockTable == nullptr) { status_ = Status( 1, "Unable to allocate sufficient memory for the TCP socket table"); } } ret = GetExtendedTcpTable(pSockTable, reinterpret_cast<PULONG>(&buffsize), true, family, TCP_TABLE_OWNER_PID_ALL, 0); if (ret != NO_ERROR) { status_ = Status(1, "Error retrieving the socket table: ( " + std::to_string(GetLastError()) + " )"); } } /// Allocate the UDP Socket Tables else { ret = GetExtendedUdpTable(pSockTable, reinterpret_cast<PULONG>(&buffsize), true, family, UDP_TABLE_OWNER_PID, 0); if (ret == ERROR_INSUFFICIENT_BUFFER) { pSockTable = static_cast<void*>(malloc(buffsize)); if (pSockTable == nullptr) { status_ = Status( 1, "Unable to allocate sufficient memory for the UDP socket table"); } } ret = GetExtendedUdpTable(pSockTable, reinterpret_cast<PULONG>(&buffsize), true, family, UDP_TABLE_OWNER_PID, 0); if (ret != NO_ERROR) { status_ = Status(1, "Error retrieving the socket table: ( " + std::to_string(GetLastError()) + " )"); } } return pSockTable; }
list GetConns() { DWORD bufsize = 0; list l; std::vector<MIB_TCPROW_OWNER_PID> TCPtables; std::vector<MIB_UDPROW_OWNER_PID> UDPtables; DWORD ret= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); char *buf = new char[bufsize]; ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if(ret == NO_ERROR ) { MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf; TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries); } delete [] buf; bufsize = 0; ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); buf = new char[bufsize]; ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); if(ret == NO_ERROR ) { MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf; UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries); } delete [] buf; for (DWORD a=0; a<TCPtables.size(); a++) { TCPConn Conn; MIB_TCPROW_OWNER_PID & row = TCPtables[a]; Conn.dwLocalAddr = row.dwLocalAddr; Conn.dwLocalPort = ntohs((u_short)row.dwLocalPort); Conn.dwOwningPid = row.dwOwningPid; Conn.dwRemoteAddr = row.dwRemoteAddr; Conn.dwRemotePort = ntohs((u_short)row.dwRemotePort); Conn.State =(TCPSTATE) row.dwState; Conn.Type = L"tcp"; l.append( object(Conn) ); } return l; }
BOOL Utils::GetOpenedPort( std::vector<MIB_TCPROW_OWNER_PID> & TCPtables, std::vector<MIB_UDPROW_OWNER_PID> & UDPtables ) { DWORD bufsize = UTILSBUF; DWORD ret = 0;//= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); char *buf = g_buf; ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if(ret == NO_ERROR ) { MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf; TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries); } return TRUE; bufsize = 0; ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); //ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0); if(ret == NO_ERROR ) { MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf; //UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries); } return TRUE; }
//原本的,由于ANY_SIZE在当前项目下默认为1,所以假设注释掉了 //#define ANY_SIZE 1024,那么此程序将无法正常获取活动过程 //中的网络进程信息,参照MSDN里GetTcpTable的用法改写了此函数, //如下所示: void PortCache::RebuildTcpTable() { // Clear the table //RtlZeroMemory(_tcpPortTable, sizeof(_tcpPortTable)); _mapTcpPortTableEx.clear(); DWORD dwRetValue = NO_ERROR; DWORD dwBufferSize = 0; PMIB_TCPTABLE_OWNER_PID pTable = NULL; //第一次获取,尝试获得pTable所需的内存大小,用dwBufferSize存放起来 dwRetValue = GetExtendedTcpTable(NULL, &dwBufferSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if (dwRetValue != ERROR_INSUFFICIENT_BUFFER) { printf("Failed to snapshot TCP endpoints.\n"); return; } //使用HeapAlloc在堆上分配一个dwBufferSize大小的内存空间给pTable变量 pTable = (PMIB_TCPTABLE_OWNER_PID)HeapAlloc(GetProcessHeap(), 0, dwBufferSize); //第二次获取,将TCP相关的网络进程快照保存到pTable变量中 dwRetValue = GetExtendedTcpTable(pTable, &dwBufferSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if (dwRetValue != NO_ERROR) { printf("Failed to snapshot TCP endpoints.\n"); HeapFree(GetProcessHeap(), 0, pTable); return; } // Rebuild the table for (unsigned int i = 0; i < pTable->dwNumEntries; i++) { int nTemp = ntohs((unsigned short)pTable->table[i].dwLocalPort); //_tcpPortTable[nTemp] = // pTable->table[i].dwOwningPid; _mapTcpPortTableEx[nTemp] = pTable->table[i]; } HeapFree(GetProcessHeap(), 0, pTable); }
PMIB_TCPTABLE_OWNER_MODULE WindowsPortInUseByAnotherApplication::getTCPTables() { PVOID tcpTable = NULL; DWORD size = 0; DWORD result = 0; // Primer de tot, hem de trobar el tamany de la taula TCP i guardar-lo a size, un cop el tenim, podem fer el malloc i tornar // a cridar la funció per recuperar de forma correcta la taula. // El problema ve perqué la funció no retorna el tamany de forma acurada (sempre retorna un valor diferent), // per tant, podem buscar-lo amb un while i quan es compleixi la variable pTCPTable estarà instanciada de forma correcta. bool found = false; while (!found) { // Buscar el tamany GetExtendedTcpTable(NULL, &size, true, AF_INET, TCP_TABLE_OWNER_MODULE_ALL, 0); // Es reserva l'espai per la taula TCP ara que sabem el tamany tcpTable = malloc(size); // S'obté la taula TCP result = GetExtendedTcpTable(tcpTable, &size, true, AF_INET, TCP_TABLE_OWNER_MODULE_ALL, 0); // Si ens dona error de tamany, ho tornem a probar if (result == ERROR_INSUFFICIENT_BUFFER) { free(tcpTable); } else if (result == NO_ERROR) { // Si no dona cap error ja podem plegar found = true; } else { // Si ens dona un error diferent, el loguem i retornem null found = true; ERROR_LOG(QString("Error al obtenir la taula TCP: %1").arg(GetLastError())); free(tcpTable); tcpTable = NULL; } } return (PMIB_TCPTABLE_OWNER_MODULE)tcpTable; }
void PortCache::RebuildTcpTable() { // Clear the table RtlZeroMemory(_tcpPortTable, sizeof(_tcpPortTable)); // Rebuild the table MIB_TCPTABLE_OWNER_PID table; table.dwNumEntries = sizeof(table) / sizeof(table.table[0]); DWORD tableSize = sizeof(table); if( GetExtendedTcpTable((void *)&table, &tableSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0)== NO_ERROR ) { for(unsigned int i = 0; i < table.dwNumEntries; i++) { _tcpPortTable[ntohs((unsigned short)table.table[i].dwLocalPort)] = table.table[i].dwOwningPid; } } }
//构建TCP进程字典 int ProcessMap::BuildTcpProcDict() { //清空processtcpdict ClearTcpProcessDict(); portdict.clear(); //构建tcpportdict MIB_TCPTABLE_OWNER_PID tcptable; tcptable.dwNumEntries = sizeof(tcptable)/sizeof(tcptable.table[0]); DWORD tcptablesize = sizeof(tcptable); //if(GetExtendedTcpTable((void *)&tcptable, &tcptablesize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) == NO_ERROR) int tcptableerror = GetExtendedTcpTable((void *)&tcptable, &tcptablesize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if(tcptableerror == NO_ERROR) { for(unsigned int i =0 ; i< tcptable.dwNumEntries; i++) { int port = ntohs((unsigned short)tcptable.table[i].dwLocalPort); int pid = tcptable.table[i].dwOwningPid; portdict.insert(pair<int ,int>(port,pid)); } } // Take a snapshot HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 p; p.dwSize = sizeof(PROCESSENTRY32); // Traverse Process List for(BOOL ret = Process32First(hSnapShot, &p); ret != 0; ret = Process32Next(hSnapShot, &p)) { // Get pid and file name int pid = p.th32ProcessID; for(portdictit = portdict.begin();portdictit!=portdict.end();portdictit++) { if(portdictit->second == pid) { ProcessNode *processnode = new ProcessNode; processnode->pid = pid; processnode->processname = TCHARTochar(p.szExeFile); // Get full path (if possible) HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (hProcess == 0) { processnode->processpath = NULL; } else { TCHAR fullPath[MAX_PATH]; if (GetModuleFileNameEx(hProcess, 0, fullPath, MAX_PATH) > 0)// Success { processnode->processpath = TCHARTochar(fullPath); } else processnode->processpath = NULL; } CloseHandle(hProcess); tcpprocessdict.insert(pair<int,ProcessNode*>(portdictit->first,processnode)); } } } CloseHandle(hSnapShot); UpdateUnknowTcpportdict(); return 0; }
struct CONNECTION* GetConnectionsTable() { // Declare and initialize variables MIB_TCPTABLE_OWNER_PID *pTcpTable; DWORD i, dwSize = 0, dwRetVal = 0; struct in_addr IpAddr; struct CONNECTION *connHead = NULL; pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(sizeof (MIB_TCPTABLE_OWNER_PID)); if (pTcpTable == NULL) { //printf("Error allocating memory!\n"); return NULL; } dwSize = sizeof (MIB_TCPTABLE_OWNER_PID); // Make an initial call to GetTcpTable to // get the necessary size into the dwSize variable if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)) == ERROR_INSUFFICIENT_BUFFER) { FREE(pTcpTable); pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(dwSize); if (pTcpTable == NULL) { //printf("Error allocating memory\n"); return NULL; } } // Make a second call to GetTcpTable to get // the actual data we require if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)) != NO_ERROR) { //printf("\tGetTcpTable() failed with return value %d\n", dwRetVal); FREE(pTcpTable); return NULL; } //printf("\tLocal Addr\tLocal Port\tRemote Addr\tRemote Port\n"); //printf("Number of entries: %d\n", (int) pTcpTable->dwNumEntries); for (i = 0; i < pTcpTable->dwNumEntries; i ++) { struct CONNECTION* newConn = (struct CONNECTION*)mir_alloc(sizeof(struct CONNECTION)); memset(newConn, 0, sizeof(struct CONNECTION)); //pid2name(pTcpTable->table[i].dwOwningPid,&newConn->Pname); if (pTcpTable->table[i].dwLocalAddr) { IpAddr.S_un.S_addr = (ULONG) pTcpTable->table[i].dwLocalAddr; //_snprintf(newConn->strIntIp,_countof(newConn->strIntIp),"%d.%d.%d.%d",IpAddr.S_un.S_un_b.s_b1,IpAddr.S_un.S_un_b.s_b2,IpAddr.S_un.S_un_b.s_b3,IpAddr.S_un.S_un_b.s_b4); wcsncpy(newConn->strIntIp, mir_a2t(inet_ntoa(IpAddr)),_tcslen(mir_a2t(inet_ntoa(IpAddr)))); } if (pTcpTable->table[i].dwRemoteAddr) { IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr; wcsncpy(newConn->strExtIp, mir_a2t(inet_ntoa(IpAddr)),_tcslen(mir_a2t(inet_ntoa(IpAddr)))); } newConn->state = pTcpTable->table[i].dwState; newConn->intIntPort = ntohs((u_short)pTcpTable->table[i].dwLocalPort); newConn->intExtPort = ntohs((u_short)pTcpTable->table[i].dwRemotePort); newConn->Pid = pTcpTable->table[i].dwOwningPid; switch (pTcpTable->table[i].dwState) { case MIB_TCP_STATE_CLOSED: //printf("CLOSED\n"); break; case MIB_TCP_STATE_LISTEN: //printf("LISTEN\n"); break; case MIB_TCP_STATE_SYN_SENT: //printf("SYN-SENT\n"); break; case MIB_TCP_STATE_SYN_RCVD: //printf("SYN-RECEIVED\n"); break; case MIB_TCP_STATE_ESTAB: //printf("ESTABLISHED\n"); break; case MIB_TCP_STATE_FIN_WAIT1: //printf("FIN-WAIT-1\n"); break; case MIB_TCP_STATE_FIN_WAIT2: //printf("FIN-WAIT-2 \n"); break; case MIB_TCP_STATE_CLOSE_WAIT: //printf("CLOSE-WAIT\n"); break; case MIB_TCP_STATE_CLOSING: //printf("CLOSING\n"); break; case MIB_TCP_STATE_LAST_ACK: //printf("LAST-ACK\n"); break; case MIB_TCP_STATE_TIME_WAIT: //printf("TIME-WAIT\n"); break; case MIB_TCP_STATE_DELETE_TCB: //printf("DELETE-TCB\n"); break; default: //printf("UNKNOWN dwState value\n"); break; } newConn->next = connHead; connHead = newConn; //printf("TCP[%d]:%s%15d%20s%15d\n", i, szLocalAddr,ntohs((u_short)pTcpTable->table[i].dwLocalPort), szRemoteAddr,ntohs((u_short)pTcpTable->table[i].dwRemotePort)); //printf("\tTCP[%d] Local Addr: %s\n", i, szLocalAddr); // printf("\tTCP[%d] Local Port: %d \n", i, ntohs((u_short)pTcpTable->table[i].dwLocalPort)); //printf("\tTCP[%d] Remote Addr: %s\n", i, szRemoteAddr); //printf("\tTCP[%d] Remote Port: %d\n", i, ntohs((u_short)pTcpTable->table[i].dwRemotePort)); } FREE(pTcpTable); return connHead; }
TCPInfo GetIpTcp(int pidsearch) { PMIB_TCPTABLE_OWNER_PID pTcpTable; DWORD dwSize = 0; DWORD dwRetVal = 0; struct in_addr IpAddr; int i=0; TCPInfo tcp; pTcpTable = ( MIB_TCPTABLE_OWNER_PID *) MALLOC(sizeof ( PMIB_TCPTABLE_OWNER_PID )); if (pTcpTable == NULL) { printf("Error allocating memory\n"); return tcp; } dwSize = sizeof ( PMIB_TCPTABLE_OWNER_PID ); if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL,0)) == ERROR_INSUFFICIENT_BUFFER) { FREE(pTcpTable); pTcpTable = ( MIB_TCPTABLE_OWNER_PID *) MALLOC(dwSize); if (pTcpTable == NULL) { printf("Error allocating memory\n"); return tcp; } } if ((dwRetVal =GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL,0)) == NO_ERROR) { while(pTcpTable->table[i].dwOwningPid != pidsearch && i<(int) pTcpTable->dwNumEntries) i++; switch (pTcpTable->table[i].dwState) { case MIB_TCP_STATE_CLOSED: sprintf(tcp.state ,"CLOSED"); break; case MIB_TCP_STATE_LISTEN: sprintf(tcp.state ,"LISTEN"); break; case MIB_TCP_STATE_SYN_SENT: sprintf(tcp.state ,"SYN-SENT"); break; case MIB_TCP_STATE_SYN_RCVD: sprintf(tcp.state ,"SYN-RECEIVED"); break; case MIB_TCP_STATE_ESTAB: sprintf(tcp.state ,"ESTABLISHED"); break; case MIB_TCP_STATE_FIN_WAIT1: sprintf(tcp.state ,"FIN-WAIT-1"); break; case MIB_TCP_STATE_FIN_WAIT2: sprintf(tcp.state ,"FIN-WAIT-2"); break; case MIB_TCP_STATE_CLOSE_WAIT: sprintf(tcp.state ,"CLOSE-WAIT"); break; case MIB_TCP_STATE_CLOSING: sprintf(tcp.state ,"CLOSING"); break; case MIB_TCP_STATE_LAST_ACK: sprintf(tcp.state ,"LAST-ACK"); break; case MIB_TCP_STATE_TIME_WAIT: sprintf(tcp.state ,"TIME-WAIT"); break; case MIB_TCP_STATE_DELETE_TCB: sprintf(tcp.state ,"DELETE-TCB"); break; default: sprintf(tcp.state ,"UNKNOWN"); break; } IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwLocalAddr; strcpy(tcp.localip, inet_ntoa(IpAddr)); tcp.localport = ntohs((u_short)pTcpTable->table[i].dwLocalPort) ; IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr; strcpy(tcp.distip, inet_ntoa(IpAddr)); tcp.distport = ntohs((u_short)pTcpTable->table[i].dwRemotePort); } return tcp; }