static DWORD GetExtendedUdpTableWithAlloc(PVOID *UdpTable, BOOL Order, DWORD Family, UDP_TABLE_CLASS Class)
{
DWORD ret;
DWORD Size = 0;
*UdpTable = NULL;
ret = GetExtendedUdpTable(*UdpTable, &Size, Order, Family, Class, 0);
if (ret == ERROR_INSUFFICIENT_BUFFER)
{
*UdpTable = HeapAlloc(GetProcessHeap(), 0, Size);
if (*UdpTable == NULL)
{
return ERROR_OUTOFMEMORY;
}
ret = GetExtendedUdpTable(*UdpTable, &Size, Order, Family, Class, 0);
if (ret != NO_ERROR)
{
HeapFree(GetProcessHeap(), 0, *UdpTable);
*UdpTable = NULL;
}
}
return ret;
}
void* WinSockets::allocateSocketTable(unsigned long protocol,
unsigned long family) {
unsigned long ret = 0;
unsigned long buffsize = 0;
void* pSockTable = nullptr;
/// Allocate the TCP Socket Tables
if (protocol == IPPROTO_TCP) {
ret = GetExtendedTcpTable(
pSockTable, &buffsize, true, family, TCP_TABLE_OWNER_PID_ALL, 0);
if (ret == ERROR_INSUFFICIENT_BUFFER) {
pSockTable = static_cast<void*>(malloc(buffsize));
if (pSockTable == nullptr) {
status_ = Status(
1, "Unable to allocate sufficient memory for the TCP socket table");
}
}
ret = GetExtendedTcpTable(pSockTable,
reinterpret_cast<PULONG>(&buffsize),
true,
family,
TCP_TABLE_OWNER_PID_ALL,
0);
if (ret != NO_ERROR) {
status_ = Status(1,
"Error retrieving the socket table: ( " +
std::to_string(GetLastError()) + " )");
}
}
/// Allocate the UDP Socket Tables
else {
ret = GetExtendedUdpTable(pSockTable,
reinterpret_cast<PULONG>(&buffsize),
true,
family,
UDP_TABLE_OWNER_PID,
0);
if (ret == ERROR_INSUFFICIENT_BUFFER) {
pSockTable = static_cast<void*>(malloc(buffsize));
if (pSockTable == nullptr) {
status_ = Status(
1, "Unable to allocate sufficient memory for the UDP socket table");
}
}
ret = GetExtendedUdpTable(pSockTable,
reinterpret_cast<PULONG>(&buffsize),
true,
family,
UDP_TABLE_OWNER_PID,
0);
if (ret != NO_ERROR) {
status_ = Status(1,
"Error retrieving the socket table: ( " +
std::to_string(GetLastError()) + " )");
}
}
return pSockTable;
}
list GetConns()
{
DWORD bufsize = 0;
list l;
std::vector<MIB_TCPROW_OWNER_PID> TCPtables;
std::vector<MIB_UDPROW_OWNER_PID> UDPtables;
DWORD ret= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
char *buf = new char[bufsize];
ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if(ret == NO_ERROR )
{
MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf;
TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries);
}
delete [] buf;
bufsize = 0;
ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
buf = new char[bufsize];
ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
if(ret == NO_ERROR )
{
MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf;
UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries);
}
delete [] buf;
for (DWORD a=0; a<TCPtables.size(); a++)
{
TCPConn Conn;
MIB_TCPROW_OWNER_PID & row = TCPtables[a];
Conn.dwLocalAddr = row.dwLocalAddr;
Conn.dwLocalPort = ntohs((u_short)row.dwLocalPort);
Conn.dwOwningPid = row.dwOwningPid;
Conn.dwRemoteAddr = row.dwRemoteAddr;
Conn.dwRemotePort = ntohs((u_short)row.dwRemotePort);
Conn.State =(TCPSTATE) row.dwState;
Conn.Type = L"tcp";
l.append( object(Conn) );
}
return l;
}
int ProcessMap::BuildUdpProcDict()
{
//清空processtcpdict
ClearUdpProcessDict();
portdict.clear();
//构建tcpportdict
MIB_UDPTABLE_OWNER_PID udptable;
udptable.dwNumEntries = sizeof(udptable)/sizeof(udptable.table[0]);
DWORD udptablesize = sizeof(udptable);
if(GetExtendedUdpTable((void *)&udptable, &udptablesize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0) == NO_ERROR)
{
for(unsigned int i =0 ; i< udptable.dwNumEntries; i++)
{
int port = ntohs((unsigned short)udptable.table[i].dwLocalPort);
int pid = udptable.table[i].dwOwningPid;
portdict.insert(pair<int ,int>(port,pid));
}
}
//构建UdpProcessDict
// Take a snapshot
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 p;
p.dwSize = sizeof(PROCESSENTRY32);
// Traverse Process List
for(BOOL ret = Process32First(hSnapShot, &p); ret != 0; ret = Process32Next(hSnapShot, &p))
{
// Get pid and file name
int pid = p.th32ProcessID;
for(portdictit=portdict.begin();portdictit!=portdict.end();portdictit++)
{
if(portdictit->second == pid)
{
ProcessNode *processnode = new ProcessNode;
processnode->pid = pid;
processnode->processname = TCHARTochar(p.szExeFile);
// Get full path (if possible)
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (hProcess == 0)
{
processnode->processpath = NULL;
}
else
{
TCHAR fullPath[MAX_PATH];
if (GetModuleFileNameEx(hProcess, 0, fullPath, MAX_PATH) > 0) // Success
{
processnode->processpath = TCHARTochar(fullPath);
}
else
processnode->processpath = NULL;
}
CloseHandle(hProcess);
udpprocessdict.insert(pair<int,ProcessNode*>(portdictit->first,processnode));
}
}
}
CloseHandle(hSnapShot);
UpdateUnknowUdpportdict();
return 0;
}
BOOL Utils::GetOpenedPort( std::vector<MIB_TCPROW_OWNER_PID> & TCPtables, std::vector<MIB_UDPROW_OWNER_PID> & UDPtables )
{
DWORD bufsize = UTILSBUF;
DWORD ret = 0;//= GetExtendedTcpTable(0, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
char *buf = g_buf;
ret = GetExtendedTcpTable(buf, &bufsize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if(ret == NO_ERROR )
{
MIB_TCPTABLE_OWNER_PID *pTCPTable = (MIB_TCPTABLE_OWNER_PID *)buf;
TCPtables.assign(pTCPTable->table, pTCPTable->table+pTCPTable->dwNumEntries);
}
return TRUE;
bufsize = 0;
ret= GetExtendedUdpTable(0, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
//ret = GetExtendedUdpTable(buf, &bufsize, FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
if(ret == NO_ERROR )
{
MIB_UDPTABLE_OWNER_PID *pUDPTable = (MIB_UDPTABLE_OWNER_PID *)buf;
//UDPtables.assign(pUDPTable->table, pUDPTable->table+pUDPTable->dwNumEntries);
}
return TRUE;
}
void PortCache::RebuildUdpTable()
{
// Clear the table
//RtlZeroMemory(_udpPortTable, sizeof(_udpPortTable));
_mapUdpPortTableEx.clear();
DWORD dwRetValue = NO_ERROR;
DWORD dwBufferSize = 0;
//解释如同RebuildTcpTable
PMIB_UDPTABLE_OWNER_PID pTable = NULL;
dwRetValue = GetExtendedUdpTable(NULL, &dwBufferSize,
FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
if (dwRetValue != ERROR_INSUFFICIENT_BUFFER)
{
printf("Failed to snapshot UDP endpoints.\n");
return;
}
//解释如同RebuildTcpTable
pTable = (PMIB_UDPTABLE_OWNER_PID)HeapAlloc(GetProcessHeap(), 0, dwBufferSize);
dwRetValue = GetExtendedUdpTable(pTable, &dwBufferSize,
FALSE, AF_INET, UDP_TABLE_OWNER_PID, 0);
if (dwRetValue != NO_ERROR)
{
printf("Failed to snapshot UDP endpoints.\n");
HeapFree(GetProcessHeap(), 0, pTable);
return;
}
// Rebuild the table
for (unsigned int i = 0; i < pTable->dwNumEntries; i++)
{
int nTemp = ntohs((unsigned short)pTable->table[i].dwLocalPort);
//_udpPortTable[nTemp] =
// pTable->table[i].dwOwningPid;
_mapUdpPortTableEx[nTemp] = pTable->table[i];
}
HeapFree(GetProcessHeap(), 0, pTable);
}
