// NPort.cpp : 显示端口及对应的文件名,相当于Netstat -noa命令.
// 适用于XP及较高级版本.
//
#include <windows.h>
#include <Tlhelp32.h>
#include <winsock.h>
#include <stdio.h>
#include <Iphlpapi.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "Iphlpapi.lib")
//---------------------------------------------------------------------------
// 以下为与TCP相关的结构.
typedef struct tagMIB_TCPEXROW{
DWORD dwState; // 连接状态.
DWORD dwLocalAddr; // 本地计算机地址.
DWORD dwLocalPort; // 本地计算机端口.
DWORD dwRemoteAddr; // 远程计算机地址.
DWORD dwRemotePort; // 远程计算机端口.
DWORD dwProcessId;
} MIB_TCPEXROW, *PMIB_TCPEXROW;
typedef struct tagMIB_TCPEXTABLE{
DWORD dwNumEntries;
MIB_TCPEXROW table[100]; // 任意大小数组变量.
} MIB_TCPEXTABLE, *PMIB_TCPEXTABLE;
//---------------------------------------------------------------------------
// 以下为与UDP相关的结构.
typedef struct tagMIB_UDPEXROW{
DWORD dwLocalAddr; // 本地计算机地址.
DWORD dwLocalPort; // 本地计算机端口.
DWORD dwProcessId;
} MIB_UDPEXROW, *PMIB_UDPEXROW;
typedef struct tagMIB_UDPEXTABLE{
DWORD dwNumEntries;
MIB_UDPEXROW table[100]; // 任意大小数组变量.
} MIB_UDPEXTABLE, *PMIB_UDPEXTABLE;
//---------------------------------------------------------------------------
// 所用的iphlpapi.dll中的函数原型定义.
typedef DWORD (WINAPI *PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK)(
PMIB_TCPEXTABLE *pTcpTable, // 连接表缓冲区.
BOOL bOrder,
HANDLE heap,
DWORD zero,
DWORD flags
);
typedef DWORD(WINAPI *PGet_Extended_TcpTable)(
_Out_ PVOID pTcpTable,
_Inout_ PDWORD pdwSize,
_In_ BOOL bOrder,
_In_ ULONG ulAf,
_In_ TCP_TABLE_CLASS TableClass,
_In_ ULONG Reserved
);
typedef DWORD (WINAPI *PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK)(
PMIB_UDPEXTABLE *pUdpTable, // 连接表缓冲区.
BOOL bOrder,
HANDLE heap,
DWORD zero,
DWORD flags
);
static PALLOCATE_AND_GET_TCPEXTABLE_FROM_STACK
pAllocateAndGetTcpExTableFromStack = NULL;
static PGet_Extended_TcpTable pGetExtendedTcpTable = NULL;
static PALLOCATE_AND_GET_UDPEXTABLE_FROM_STACK
pAllocateAndGetUdpExTableFromStack = NULL;
//---------------------------------------------------------------------------
//
// 可能的 TCP 端点状态.
//
static char TcpState[][32] = {
TEXT("???"),
TEXT("CLOSED"),
TEXT("LISTENING"),
TEXT("SYN_SENT"),
TEXT("SYN_RCVD"),
TEXT("ESTABLISHED"),
TEXT("FIN_WAIT1"),
TEXT("FIN_WAIT2"),
TEXT("CLOSE_WAIT"),
TEXT("CLOSING"),
TEXT("LAST_ACK"),
TEXT("TIME_WAIT"),
TEXT("DELETE_TCB")
};
//---------------------------------------------------------------------------
//
// 生成IP地址字符串.
//
PCHAR GetIP(unsigned int ipaddr)
{
static char pIP[20];
unsigned int nipaddr = htonl(ipaddr);
sprintf(pIP, "%d.%d.%d.%d",
(nipaddr >>24) &0xFF,
(nipaddr>>16) &0xFF,
(nipaddr>>8) &0xFF,
(nipaddr)&0xFF);
return pIP;
}
//---------------------------------------------------------------------------
//
// 由进程号获得全程文件名.
//
char* ProcessPidToName(DWORD ProcessId)
{
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 processEntry = { 0 };
processEntry.dwSize = sizeof(PROCESSENTRY32);
static char ProcessName[256] = {0};
lstrcpy(ProcessName, "Idle");
if (hProcessSnap == INVALID_HANDLE_VALUE)
return ProcessName;
BOOL bRet=Process32First(hProcessSnap, &processEntry);
while(bRet)
{
if (processEntry.th32ProcessID == ProcessId)
{
MODULEENTRY32 me32 = {0};
me32.dwSize = sizeof(MODULEENTRY32);
HANDLE hModuleSnap = CreateToolhelp32Snapshot
(TH32CS_SNAPMODULE, processEntry.th32ProcessID);
Module32First(hModuleSnap, &me32); // 获得全程路径.
//lstrcpy(ProcessName, me32.szExePath);
if (strlen(me32.szExePath))
lstrcpy(ProcessName, me32.szModule);
CloseHandle(hProcessSnap);
return ProcessName;
}
bRet=Process32Next(hProcessSnap, &processEntry);
}
CloseHandle(hProcessSnap);
return ProcessName;
}
//---------------------------------------------------------------------------
//
// 显示进程、端口和文件名之间的关联.
//
void DisplayPort()
{
DWORD i;
PMIB_TCPEXTABLE TCPExTable;
PMIB_UDPEXTABLE UDPExTable;
char szLocalAddress[256];
char szRemoteAddress[256];
//if(pAllocateAndGetTcpExTableFromStack(
// &TCPExTable, TRUE, GetProcessHeap(), 2, 2))
//{
// printf("AllocateAndGetTcpExTableFromStack Error!\n");
// return;
//}
if(pAllocateAndGetUdpExTableFromStack
(&UDPExTable, TRUE, GetProcessHeap(), 2, 2 ))
{
printf("AllocateAndGetUdpExTableFromStack Error!.\n");
return;
}
// 获得TCP列表.
printf("%-6s%-22s%-22s%-11s%s\n",
TEXT("Proto"),
TEXT("Local Address"),
TEXT("Foreign Address"),
TEXT("State"),
TEXT("Process"));
for( i = 0; i <TCPExTable->dwNumEntries; i++ )
{
sprintf( szLocalAddress, "%s:%d",
GetIP(TCPExTable->table[i].dwLocalAddr),
htons( (WORD) TCPExTable->table[i].dwLocalPort));
sprintf( szRemoteAddress, "%s:%d",
GetIP(TCPExTable->table[i].dwRemoteAddr),
htons((WORD)TCPExTable->table[i].dwRemotePort));
printf("%-6s%-22s%-22s%-12s%s:%d\n", TEXT("TCP"),
szLocalAddress, szRemoteAddress,
TcpState[TCPExTable->table[i].dwState],
ProcessPidToName(TCPExTable->table[i].dwProcessId),
TCPExTable->table[i].dwProcessId);
}
// 获得UDP列表.
for( i = 0; i < UDPExTable->dwNumEntries; i++ )
{
sprintf( szLocalAddress, "%s:%d",
GetIP(UDPExTable->table[i].dwLocalAddr),
htons((WORD)UDPExTable->table[i].dwLocalPort));
sprintf( szRemoteAddress, "%s","*:*");
printf("%-6s%-22s%-33s%s:%d\n", TEXT("UDP"),
szLocalAddress, szRemoteAddress,
ProcessPidToName(UDPExTable->table[i].dwProcessId),
UDPExTable->table[i].dwProcessId);
}
}
int GetTcpConnect()
{
char szLocalAddress[256];
char szRemoteAddress[256];
PMIB_TCPTABLE_OWNER_PID pTcpTable(NULL);
DWORD dwSize(0);
if(GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) == ERROR_INSUFFICIENT_BUFFER)
pTcpTable = (MIB_TCPTABLE_OWNER_PID *)new char[dwSize];//重新分配缓冲区
if (GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) != NO_ERROR)
{
delete pTcpTable;
return 0;
}
int nNum = (int)pTcpTable->dwNumEntries; //TCP连接的数目
for (int i = 0; i<nNum; i++)
{
sprintf(szLocalAddress, "%s:%d",
GetIP(pTcpTable->table[i].dwLocalAddr),
htons((WORD)pTcpTable->table[i].dwLocalPort));
sprintf(szRemoteAddress, "%s:%d",
GetIP(pTcpTable->table[i].dwRemoteAddr),
htons((WORD)pTcpTable->table[i].dwRemotePort));
printf("%-6s%-22s%-22s%-12s%s:%d\n", TEXT("TCP"),
szLocalAddress,
szRemoteAddress,
TcpState[pTcpTable->table[i].dwState], //状态
ProcessPidToName(pTcpTable->table[i].dwOwningPid),
pTcpTable->table[i].dwOwningPid); //所属进程PID
}
delete pTcpTable;
return nNum;
}
int GetUdpConnect()
{
char szLocalAddress[256];
char szRemoteAddress[256];
PMIB_UDPTABLE_OWNER_PID pUdpTable(NULL);
DWORD dwSize(0);
if (GetExtendedUdpTable(pUdpTable, &dwSize, TRUE, AF_INET, UDP_TABLE_OWNER_PID, 0) == ERROR_INSUFFICIENT_BUFFER)
pUdpTable = (PMIB_UDPTABLE_OWNER_PID)new char[dwSize];//重新分配缓冲区
if (GetExtendedUdpTable(pUdpTable, &dwSize, TRUE, AF_INET, UDP_TABLE_OWNER_PID, 0) != NO_ERROR)
{
delete pUdpTable;
return 0;
}
int nNum = (int)pUdpTable->dwNumEntries; //TCP连接的数目
for (int i = 0; i<nNum; i++)
{
sprintf(szLocalAddress, "%s:%d",
GetIP(pUdpTable->table[i].dwLocalAddr),
htons((WORD)pUdpTable->table[i].dwLocalPort));
sprintf(szRemoteAddress, "%s", "*:*");
printf("%-6s%-22s%-34s%s:%d\n", TEXT("UDP"),
szLocalAddress,
szRemoteAdd
评论0
最新资源