📄 netstat_o.cpp
字号:
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL);
return (char *)(lpMsgBuf);
}
MIB_TCPTABLE *GetTcpTable(HANDLE hTcp)
{
PMIB_TCPTABLE RTcpTable=NULL;
TCP_REQUEST_QUERY_INFORMATION_EX req={0};
MIB_TCPROW *TcpTable=NULL;
MIB_TCPSTATS TcpStats={0};
IO_STATUS_BLOCK IoStatusBlockStats={0};
IO_STATUS_BLOCK IoStatusBlockTable={0};
NTSTATUS Status=0;
HINSTANCE hNtDll;
hNtDll = LoadLibrary("ntdll");
pRtlNtStatusToDosError = (P_RTL_Nt_STATUS_TO_DOS_ERROR)GetProcAddress(hNtDll,"RtlNtStatusToDosError");
pNtDeviceIoControlFile = (P_NT_DEVICE_IO_CONTROL_FILE)GetProcAddress(hNtDll,"NtDeviceIoControlFile");
DWORD arrayLen=0;
DWORD numconn=0;
HANDLE hEven2=NULL;
hEven2=CreateEventW(0,1,0,0);
//netstat
//http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; TCP
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x1; //TCP_STATS_ID;
Status = pNtDeviceIoControlFile(
hTcp,
hEven2,
NULL,
NULL,
&IoStatusBlockStats,
0x00120003,
&req,
sizeof(req),
&TcpStats,
sizeof(TcpStats));
if(!NT_SUCCESS(Status))
{
SetLastError(pRtlNtStatusToDosError(Status));
fprintf(stderr, "GetTcpStats, Erreur: %s", get_error());
return 0;
}
printf("第一次调用返回的连接数:%d\n",TcpStats.dwNumConns);
printf("建立的连接数:%d\n",TcpStats.dwCurrEstab);
RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
CloseHandle(hEven2);
arrayLen = TcpStats.dwNumConns * sizeof(MIB_TCPROW); //TCPAddrEntry
TcpTable = (struct _MIB_TCPROW *) VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
hEven2=CreateEventW(0,1,0,0);
req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; TCP
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x102; //TCP_MIB_ADDRTABLE_ENTRY_ID;
Status = pNtDeviceIoControlFile(
hTcp,
hEven2,
NULL,
NULL,
&IoStatusBlockTable,
0x00120003,
&req,
sizeof(req),
TcpTable,
arrayLen);
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(pRtlNtStatusToDosError(Status));
fprintf(stderr, "GetTcpTable, Erreur: %s", get_error());
return 0;
}
numconn = IoStatusBlockTable.Information/sizeof(MIB_TCPROW);
printf("第二次调用返回的连接数:%d\n",numconn);
RTcpTable= (struct _MIB_TCPTABLE *)VirtualAlloc(NULL,numconn*sizeof(MIB_TCPTABLE),MEM_COMMIT,PAGE_READWRITE);
RTcpTable->dwNumEntries=numconn;
RTcpTable->dwNumEntries=numconn;
memcpy(RTcpTable->table,TcpTable,arrayLen);
VirtualFree(TcpTable,0,MEM_RELEASE);
return RTcpTable;
}
HANDLE OpenDeviceTcpUdp(BOOL PROTO)
{
NTSTATUS Status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
IO_STATUS_BLOCK iosb;
HANDLE pDeviceHandle;
HINSTANCE hNtDll;
hNtDll = LoadLibrary("ntdll");
pZwOpenFile = (P_ZW_OPEN_FILE)GetProcAddress(hNtDll,"ZwOpenFile");
pRtlNtStatusToDosError = (P_RTL_Nt_STATUS_TO_DOS_ERROR)GetProcAddress(hNtDll,"RtlNtStatusToDosError");
pRtlInitUnicodeString = (P_RTL_INIT_UNICODE_STRING)GetProcAddress(hNtDll,"RtlInitUnicodeString");
pRtlInitUnicodeString(&physmemString, L"\\Device\\TCP");
attributes.Length = sizeof(OBJECT_ATTRIBUTES);
attributes.RootDirectory = NULL;
attributes.ObjectName = &physmemString;
attributes.Attributes = 0x40; //OBJ_CASE_INSENSITIVE
attributes.SecurityDescriptor = NULL;
attributes.SecurityQualityOfService = NULL;
Status = pZwOpenFile(&pDeviceHandle,0x100000, &attributes, &iosb, 3,0);
if(!NT_SUCCESS(Status))
{
SetLastError(pRtlNtStatusToDosError(Status));
fprintf(stderr, "ZwOpenFile, Erreur: %s", get_error());
return NULL;
}
return pDeviceHandle;
}
BOOL LoadPrivilege(const char * Privilege)
{
HANDLE hToken;
LUID SEDebugNameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
fprintf(stderr, "OpenProcessToken, Erreur: %s", get_error());
return FALSE;
}
if (!LookupPrivilegeValue(NULL, Privilege, &SEDebugNameValue))
{
fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
CloseHandle(hToken);
return FALSE;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = SEDebugNameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL))
{
fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
return TRUE;
}
int main()
{
PMIB_TCPTABLE TcpTable=NULL;
HANDLE Tcp=NULL;
DWORD i;
DWORD PortTcp=0;
if(!LoadPrivilege(SE_DEBUG_NAME))
{
fprintf(stderr,"Load Privilege Error...\n");
return -1;
}
Tcp=OpenDeviceTcpUdp(TRUE);
if(Tcp != NULL)
TcpTable=GetTcpTable(Tcp);
printf("Proto Local Address sPort\t Foreign Address\tdPort\t PID\n");
if( TcpTable != 0 )
{
for( i=0; i < TcpTable->dwNumEntries; i++)
{
fprintf(stdout,"TCP %-14s %i\t - ",
inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwLocalAddr),
ntohs((WORD)TcpTable->table[i].dwLocalPort));
fprintf(stdout,"%-14s %-10i",
inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwRemoteAddr),
TcpTable->table[i].dwRemoteAddr == 0? 0:ntohs((WORD)TcpTable->table[i].dwRemotePort));
fprintf(stdout," %d\n",
TcpTable->table[i].dwOwningPid);
}
}
if(TcpTable != NULL)
VirtualFree(TcpTable,0,MEM_RELEASE);
if(Tcp != NULL)
CloseHandle(Tcp);
system("pause");
return 0;
} ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -