Accueil > > > NETSTAT (API NATIVE)
 NETSTAT (API NATIVE)
 Information sur la source
 Description
C'est pour montrer les entraille des api de windows pour faire bref jai recuperer lintérieur de la dll iphlp.dll ca donne ca...
 Source
- #include<windows.h>
- #include <stdio.h>
-
- #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
- #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
- #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
- #pragma comment (lib,"ws2_32.lib")
- #pragma comment (lib,"advapi32.lib")
- #pragma comment (lib,"ntdll.lib")
-
-
- //tiny
- #pragma optimize("gsy",on)
- #pragma comment(linker,"/RELEASE")
- #pragma comment(linker,"/merge:.rdata=.data")
- #pragma comment(linker,"/merge:.text=.data")
- #pragma comment(linker,"/merge:.reloc=.data")
- #pragma comment(linker,"/SECTION:.data,EWR")
- #pragma comment(linker,"/FILEALIGN:0x200")
- #pragma comment(linker,"/IGNORE:4078")
- #pragma comment(linker,"/OPT:NOWIN98")
-
-
- typedef LONG NTSTATUS;
-
- typedef struct _IO_STATUS_BLOCK
- {
- NTSTATUS Status;
- ULONG Information;
- } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
-
- typedef struct _UNICODE_STRING
- {
- USHORT Length;
- USHORT MaximumLength;
- PWSTR Buffer;
- } UNICODE_STRING, *PUNICODE_STRING;
-
-
- typedef struct _ANSI_STRING {
- USHORT Length;
- USHORT MaximumLength;
- PCHAR Buffer;
- }ANSI_STRING,*PANSI_STRING;
-
- typedef struct _OBJECT_ATTRIBUTES
- {
- ULONG Length;
- HANDLE RootDirectory;
- PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor;
- PVOID SecurityQualityOfService;
- } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
-
- typedef struct _MIB_TCPROW
- {
- DWORD dwState;
- DWORD dwLocalAddr;
- DWORD dwLocalPort;
- DWORD dwRemoteAddr;
- DWORD dwRemotePort;
- } MIB_TCPROW, *PMIB_TCPROW;
-
- typedef struct _MIB_UDPROW
- {
- DWORD dwLocalAddr;
- DWORD dwLocalPort;
- } MIB_UDPROW, *PMIB_UDPROW;
-
- typedef struct _MIB_UDPTABLE {
- DWORD dwNumEntries;
- MIB_UDPROW table[1];
- } MIB_UDPTABLE, *PMIB_UDPTABLE;
-
- typedef struct _MIB_TCPTABLE {
- DWORD dwNumEntries;
- MIB_TCPROW table[1];
- } MIB_TCPTABLE, *PMIB_TCPTABLE;
-
- //* Structure of an entity ID.
- typedef struct TDIEntityID {
- ULONG tei_entity;
- ULONG tei_instance;
- } TDIEntityID;
-
- //* Structure of an object ID.
- typedef struct TDIObjectID {
- TDIEntityID toi_entity;
- ULONG toi_class;
- ULONG toi_type;
- ULONG toi_id;
- } TDIObjectID;
-
- typedef struct _MIB_TCPSTATS
- {
- DWORD dwRtoAlgorithm;
- DWORD dwRtoMin;
- DWORD dwRtoMax;
- DWORD dwMaxConn;
- DWORD dwActiveOpens;
- DWORD dwPassiveOpens;
- DWORD dwAttemptFails;
- DWORD dwEstabResets;
- DWORD dwCurrEstab;
- DWORD dwInSegs;
- DWORD dwOutSegs;
- DWORD dwRetransSegs;
- DWORD dwInErrs;
- DWORD dwOutRsts;
- DWORD dwNumConns;
- } MIB_TCPSTATS, *PMIB_TCPSTATS;
-
- typedef struct _MIB_UDPSTATS
- {
- DWORD dwInDatagrams;
- DWORD dwNoPorts;
- DWORD dwInErrors;
- DWORD dwOutDatagrams;
- DWORD dwNumAddrs;
- } MIB_UDPSTATS,*PMIB_UDPSTATS;
-
- #define MIB_TCP_STATE_CLOSED 1
- #define MIB_TCP_STATE_LISTEN 2
- #define MIB_TCP_STATE_SYN_SENT 3
- #define MIB_TCP_STATE_SYN_RCVD 4
- #define MIB_TCP_STATE_ESTAB 5
- #define MIB_TCP_STATE_FIN_WAIT1 6
- #define MIB_TCP_STATE_FIN_WAIT2 7
- #define MIB_TCP_STATE_CLOSE_WAIT 8
- #define MIB_TCP_STATE_CLOSING 9
- #define MIB_TCP_STATE_LAST_ACK 10
- #define MIB_TCP_STATE_TIME_WAIT 11
- #define MIB_TCP_STATE_DELETE_TCB 12
-
- //
- // Possible TCP endpoint states
- //
- static char TcpState[][32] = {
- "???",
- "CLOSED",
- "LISTENING",
- "SYN_SENT",
- "SEN_RECEIVED",
- "ESTABLISHED",
- "FIN_WAIT",
- "FIN_WAIT2",
- "CLOSE_WAIT",
- "CLOSING",
- "LAST_ACK",
- "TIME_WAIT"
- };
-
-
- #define CONTEXT_SIZE 16
-
- //#define CO_TL_ENTITY 0x400
- //#define INFO_CLASS_PROTOCOL 0x200
- //#define INFO_TYPE_PROVIDER 0x100
-
- //#define TCP_MIB_ADDRTABLE_ENTRY_ID 0x101
- //#define INFO_TYPE_CONNECTION 0x300
- //#define CO_TL_TCP 0x404
- // QueryInformationEx IOCTL. The return buffer is passed as the OutputBuffer
- // in the DeviceIoControl request. This structure is passed as the
- // InputBuffer.
- //
- struct tcp_request_query_information_ex {
- TDIObjectID ID; // object ID to query.
- ULONG * Context[CONTEXT_SIZE/sizeof(ULONG *)]; // multi-request context. Zeroed
- // for the first request.
- };
-
- typedef struct tcp_request_query_information_ex
- TCP_REQUEST_QUERY_INFORMATION_EX,
- *PTCP_REQUEST_QUERY_INFORMATION_EX;
-
- typedef
- VOID
- (NTAPI *PIO_APC_ROUTINE) (
- IN PVOID ApcContext,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG Reserved
- );
-
- NTSYSAPI
- NTSTATUS
- NTAPI ZwOpenFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG ShareAccess,
- IN ULONG OpenOptions
- );
-
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtDeviceIoControlFile(
-
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength );
-
- NTSYSAPI
- ULONG
- NTAPI
- RtlNtStatusToDosError(
- IN NTSTATUS Status
- );
-
- NTSYSAPI
- VOID
- NTAPI
- RtlInitUnicodeString(
- PUNICODE_STRING DestinationString,
- PCWSTR SourceString
- );
-
-
- extern char *get_error(void)
- {
- LPVOID lpMsgBuf;
-
- FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
- GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL);
-
- return (lpMsgBuf);
- }
-
- MIB_TCPTABLE *GetTcpTable(HANDLE hTcpPort)
- {
- PMIB_TCPTABLE RTcpTable=NULL;
-
- TCP_REQUEST_QUERY_INFORMATION_EX req={0};
- MIB_TCPROW *TcpTable=NULL;
- MIB_TCPSTATS TcpStats={0};
-
- IO_STATUS_BLOCK IoStatusBlockStats={0};
- IO_STATUS_BLOCK IoStatusBlockTable={0};
-
- NTSTATUS Status=0;
-
- DWORD arrayLen=0;
- DWORD numconn=0;
-
- HANDLE hEven2=NULL;
-
- hEven2=CreateEventW(0,1,0,0);
-
- //netstat
- //http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
-
- req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp
- req.ID.toi_entity.tei_instance = 0;
- req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
- req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
- req.ID.toi_id = 0x1; //TCP_STATS_ID;
-
- Status = NtDeviceIoControlFile(
- hTcpPort,
- hEven2,
- NULL,
- NULL,
- &IoStatusBlockStats,
- 0x00120003,
- &req,
- sizeof(req),
- &TcpStats,
- sizeof(TcpStats));
-
- if(!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- fprintf(stderr, "GetTcpStats, Erreur: %s", get_error());
- return 0;
- }
-
- RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
- CloseHandle(hEven2);
-
- arrayLen = TcpStats.dwNumConns * sizeof(MIB_TCPROW); //TCPAddrEntry
- TcpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
- hEven2=CreateEventW(0,1,0,0);
-
- req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp
- req.ID.toi_entity.tei_instance = 0;
- req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
- req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
- req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID;
-
- Status = NtDeviceIoControlFile(
- hTcpPort,
- hEven2,
- NULL,
- NULL,
- &IoStatusBlockTable,
- 0x00120003,
- &req,
- sizeof(req),
- TcpTable,
- arrayLen);
-
- CloseHandle(hEven2);
-
-
- if(!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- fprintf(stderr, "GetTcpTable, Erreur: %s", get_error());
- return 0;
- }
-
- numconn = IoStatusBlockTable.Information/sizeof(MIB_TCPROW);
-
- RTcpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_TCPTABLE),MEM_COMMIT,PAGE_READWRITE);
- RTcpTable->dwNumEntries=numconn;
-
- memcpy(RTcpTable->table,TcpTable,arrayLen);
-
- VirtualFree(TcpTable,0,MEM_RELEASE);
-
- return RTcpTable;
-
- }
-
- MIB_UDPTABLE *GetUdpTable(HANDLE hUdpPort)
- {
- PMIB_UDPTABLE RUdpTable=NULL;
-
- TCP_REQUEST_QUERY_INFORMATION_EX req={0};
-
- MIB_UDPROW *UdpTable=NULL;
- MIB_UDPSTATS UdpStats={0};
-
- IO_STATUS_BLOCK IoStatusBlockStats={0};
- IO_STATUS_BLOCK IoStatusBlockTable={0};
-
- NTSTATUS Status=0;
- //DWORD i;
-
- DWORD arrayLen=0;
- DWORD numconn=0;
-
- HANDLE hEven2=NULL;
-
- hEven2=CreateEventW(0,1,0,0);
-
- //netstat
- //http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
-
- req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp
- req.ID.toi_entity.tei_instance = 0;
- req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
- req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
- req.ID.toi_id = 0x1; //TCP_STATS_ID;
-
- Status = NtDeviceIoControlFile(
- hUdpPort,
- hEven2,
- NULL,
- NULL,
- &IoStatusBlockStats,
- 0x00120003,
- &req,
- sizeof(req),
- &UdpStats,
- sizeof(UdpStats));
-
- CloseHandle(hEven2);
-
- if(!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- fprintf(stderr, "GetUdpStat, Erreur: %s", get_error());
- return NULL;
- }
-
- RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
-
- arrayLen = UdpStats.dwNumAddrs * sizeof(MIB_UDPROW); //TCPAddrEntry
- UdpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
-
- hEven2=CreateEventW(0,1,0,0);
-
- req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp
- req.ID.toi_entity.tei_instance = 0;
- req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
- req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
- req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID;
-
- Status = NtDeviceIoControlFile(
- hUdpPort,
- hEven2,
- NULL,
- NULL,
- &IoStatusBlockTable,
- 0x00120003,
- &req,
- sizeof(req),
- UdpTable,
- arrayLen);
-
- CloseHandle(hEven2);
-
- if(!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- fprintf(stderr, "GetUdpTable, Erreur: %s", get_error());
- return NULL;
- }
-
-
- numconn = IoStatusBlockTable.Information/sizeof(MIB_UDPROW);
-
- RUdpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_UDPTABLE),MEM_COMMIT,PAGE_READWRITE);
- RUdpTable->dwNumEntries=numconn;
- memcpy(RUdpTable->table,UdpTable,arrayLen);
-
- VirtualFree(UdpTable,0,MEM_RELEASE);
- return RUdpTable;
- }
-
- HANDLE OpenDeviceTcpUdp(BOOL PROTO)
- {
- NTSTATUS Status;
- UNICODE_STRING physmemString;
- OBJECT_ATTRIBUTES attributes;
- IO_STATUS_BLOCK iosb;
- HANDLE pDeviceHandle;
-
- if(PROTO)
- RtlInitUnicodeString(&physmemString, L"\\Device\\TCP");
- else
- RtlInitUnicodeString(&physmemString, L"\\Device\\UDP");
-
- attributes.Length = sizeof(OBJECT_ATTRIBUTES);
- attributes.RootDirectory = NULL;
- attributes.ObjectName = &physmemString;
- attributes.Attributes = 0x40; //OBJ_CASE_INSENSITIVE
- attributes.SecurityDescriptor = NULL;
- attributes.SecurityQualityOfService = NULL;
-
- Status = ZwOpenFile ( &pDeviceHandle,0x100000, &attributes, &iosb, 3,0);
-
- if(!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- fprintf(stderr, "ZwOpenFile, Erreur: %s", get_error());
- return NULL;
- }
-
- return pDeviceHandle;
- }
-
-
- BOOL LoadPrivilege(const char * Privilege)
- {
- HANDLE hToken;
- LUID SEDebugNameValue;
- TOKEN_PRIVILEGES tkp;
-
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
- {
- fprintf(stderr, "OpenProcessToken, Erreur: %s", get_error());
- return FALSE;
- }
-
- if (!LookupPrivilegeValue(NULL, Privilege, &SEDebugNameValue))
- {
- fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
- CloseHandle(hToken);
- return FALSE;
- }
-
- tkp.PrivilegeCount = 1;
- tkp.Privileges[0].Luid = SEDebugNameValue;
- tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL))
- {
- fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
- CloseHandle(hToken);
- return FALSE;
- }
-
- CloseHandle(hToken);
-
- return TRUE;
- }
-
- void main()
- {
- PMIB_TCPTABLE TcpTable=NULL;
- PMIB_UDPTABLE UdpTable=NULL;
-
- HANDLE Tcp=NULL;
- HANDLE Udp=NULL;
-
- DWORD i;
-
- DWORD PortTcp=0;
- DWORD PortUdp=0;
-
- if(!LoadPrivilege(SE_DEBUG_NAME))
- {
- fprintf(stderr,"Load Privilege Error...\n");
- return;
- }
-
-
- Tcp=OpenDeviceTcpUdp(TRUE);
- Udp=OpenDeviceTcpUdp(FALSE);
-
- if(Tcp != NULL)
- TcpTable=GetTcpTable(Tcp);
-
- if(Udp != NULL)
- UdpTable=GetUdpTable(Udp);
-
- if( (UdpTable != 0 && TcpTable != 0) )
- {
- for(i=0; i < TcpTable->dwNumEntries; i++)
- {
- fprintf(stdout,"TCP %-16s %i\t - ",
- inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwLocalAddr),
- ntohs((WORD)TcpTable->table[i].dwLocalPort));
- fprintf(stdout,"%-16s %i\n",
- inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwRemoteAddr),
- TcpTable->table[i].dwRemoteAddr == 0? 0:ntohs((WORD)TcpTable->table[i].dwRemotePort));
- }
-
- for(i=0; i < UdpTable->dwNumEntries; i++)
- fprintf(stdout,"UDP %-16s %i \t - *:* \n",
- TcpTable->table[i].dwLocalAddr == 0? "0.0.0.0" :inet_ntoa(*(struct in_addr *)&UdpTable->table[i].dwLocalAddr),
- UdpTable->table[i].dwLocalPort == 0? 0: ntohs((WORD)UdpTable->table[i].dwLocalPort)
- );
-
- }
-
- if(TcpTable != NULL)
- VirtualFree(TcpTable,0,MEM_RELEASE);
- if(UdpTable != NULL)
- VirtualFree(UdpTable,0,MEM_RELEASE);
- if(Tcp != NULL)
- CloseHandle(Tcp);
- if(Udp != NULL)
- CloseHandle(Udp);
-
- return;
- }
#include<windows.h>
#include <stdio.h>
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
#pragma comment (lib,"ws2_32.lib")
#pragma comment (lib,"advapi32.lib")
#pragma comment (lib,"ntdll.lib")
//tiny
#pragma optimize("gsy",on)
#pragma comment(linker,"/RELEASE")
#pragma comment(linker,"/merge:.rdata=.data")
#pragma comment(linker,"/merge:.text=.data")
#pragma comment(linker,"/merge:.reloc=.data")
#pragma comment(linker,"/SECTION:.data,EWR")
#pragma comment(linker,"/FILEALIGN:0x200")
#pragma comment(linker,"/IGNORE:4078")
#pragma comment(linker,"/OPT:NOWIN98")
typedef LONG NTSTATUS;
typedef struct _IO_STATUS_BLOCK
{
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _ANSI_STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
}ANSI_STRING,*PANSI_STRING;
typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef struct _MIB_TCPROW
{
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;
typedef struct _MIB_UDPROW
{
DWORD dwLocalAddr;
DWORD dwLocalPort;
} MIB_UDPROW, *PMIB_UDPROW;
typedef struct _MIB_UDPTABLE {
DWORD dwNumEntries;
MIB_UDPROW table[1];
} MIB_UDPTABLE, *PMIB_UDPTABLE;
typedef struct _MIB_TCPTABLE {
DWORD dwNumEntries;
MIB_TCPROW table[1];
} MIB_TCPTABLE, *PMIB_TCPTABLE;
//* Structure of an entity ID.
typedef struct TDIEntityID {
ULONG tei_entity;
ULONG tei_instance;
} TDIEntityID;
//* Structure of an object ID.
typedef struct TDIObjectID {
TDIEntityID toi_entity;
ULONG toi_class;
ULONG toi_type;
ULONG toi_id;
} TDIObjectID;
typedef struct _MIB_TCPSTATS
{
DWORD dwRtoAlgorithm;
DWORD dwRtoMin;
DWORD dwRtoMax;
DWORD dwMaxConn;
DWORD dwActiveOpens;
DWORD dwPassiveOpens;
DWORD dwAttemptFails;
DWORD dwEstabResets;
DWORD dwCurrEstab;
DWORD dwInSegs;
DWORD dwOutSegs;
DWORD dwRetransSegs;
DWORD dwInErrs;
DWORD dwOutRsts;
DWORD dwNumConns;
} MIB_TCPSTATS, *PMIB_TCPSTATS;
typedef struct _MIB_UDPSTATS
{
DWORD dwInDatagrams;
DWORD dwNoPorts;
DWORD dwInErrors;
DWORD dwOutDatagrams;
DWORD dwNumAddrs;
} MIB_UDPSTATS,*PMIB_UDPSTATS;
#define MIB_TCP_STATE_CLOSED 1
#define MIB_TCP_STATE_LISTEN 2
#define MIB_TCP_STATE_SYN_SENT 3
#define MIB_TCP_STATE_SYN_RCVD 4
#define MIB_TCP_STATE_ESTAB 5
#define MIB_TCP_STATE_FIN_WAIT1 6
#define MIB_TCP_STATE_FIN_WAIT2 7
#define MIB_TCP_STATE_CLOSE_WAIT 8
#define MIB_TCP_STATE_CLOSING 9
#define MIB_TCP_STATE_LAST_ACK 10
#define MIB_TCP_STATE_TIME_WAIT 11
#define MIB_TCP_STATE_DELETE_TCB 12
//
// Possible TCP endpoint states
//
static char TcpState[][32] = {
"???",
"CLOSED",
"LISTENING",
"SYN_SENT",
"SEN_RECEIVED",
"ESTABLISHED",
"FIN_WAIT",
"FIN_WAIT2",
"CLOSE_WAIT",
"CLOSING",
"LAST_ACK",
"TIME_WAIT"
};
#define CONTEXT_SIZE 16
//#define CO_TL_ENTITY 0x400
//#define INFO_CLASS_PROTOCOL 0x200
//#define INFO_TYPE_PROVIDER 0x100
//#define TCP_MIB_ADDRTABLE_ENTRY_ID 0x101
//#define INFO_TYPE_CONNECTION 0x300
//#define CO_TL_TCP 0x404
// QueryInformationEx IOCTL. The return buffer is passed as the OutputBuffer
// in the DeviceIoControl request. This structure is passed as the
// InputBuffer.
//
struct tcp_request_query_information_ex {
TDIObjectID ID; // object ID to query.
ULONG * Context[CONTEXT_SIZE/sizeof(ULONG *)]; // multi-request context. Zeroed
// for the first request.
};
typedef struct tcp_request_query_information_ex
TCP_REQUEST_QUERY_INFORMATION_EX,
*PTCP_REQUEST_QUERY_INFORMATION_EX;
typedef
VOID
(NTAPI *PIO_APC_ROUTINE) (
IN PVOID ApcContext,
IN PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG Reserved
);
NTSYSAPI
NTSTATUS
NTAPI ZwOpenFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeviceIoControlFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength );
NTSYSAPI
ULONG
NTAPI
RtlNtStatusToDosError(
IN NTSTATUS Status
);
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
extern char *get_error(void)
{
LPVOID lpMsgBuf;
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL);
return (lpMsgBuf);
}
MIB_TCPTABLE *GetTcpTable(HANDLE hTcpPort)
{
PMIB_TCPTABLE RTcpTable=NULL;
TCP_REQUEST_QUERY_INFORMATION_EX req={0};
MIB_TCPROW *TcpTable=NULL;
MIB_TCPSTATS TcpStats={0};
IO_STATUS_BLOCK IoStatusBlockStats={0};
IO_STATUS_BLOCK IoStatusBlockTable={0};
NTSTATUS Status=0;
DWORD arrayLen=0;
DWORD numconn=0;
HANDLE hEven2=NULL;
hEven2=CreateEventW(0,1,0,0);
//netstat
//http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x1; //TCP_STATS_ID;
Status = NtDeviceIoControlFile(
hTcpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockStats,
0x00120003,
&req,
sizeof(req),
&TcpStats,
sizeof(TcpStats));
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetTcpStats, Erreur: %s", get_error());
return 0;
}
RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
CloseHandle(hEven2);
arrayLen = TcpStats.dwNumConns * sizeof(MIB_TCPROW); //TCPAddrEntry
TcpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
hEven2=CreateEventW(0,1,0,0);
req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID;
Status = NtDeviceIoControlFile(
hTcpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockTable,
0x00120003,
&req,
sizeof(req),
TcpTable,
arrayLen);
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetTcpTable, Erreur: %s", get_error());
return 0;
}
numconn = IoStatusBlockTable.Information/sizeof(MIB_TCPROW);
RTcpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_TCPTABLE),MEM_COMMIT,PAGE_READWRITE);
RTcpTable->dwNumEntries=numconn;
memcpy(RTcpTable->table,TcpTable,arrayLen);
VirtualFree(TcpTable,0,MEM_RELEASE);
return RTcpTable;
}
MIB_UDPTABLE *GetUdpTable(HANDLE hUdpPort)
{
PMIB_UDPTABLE RUdpTable=NULL;
TCP_REQUEST_QUERY_INFORMATION_EX req={0};
MIB_UDPROW *UdpTable=NULL;
MIB_UDPSTATS UdpStats={0};
IO_STATUS_BLOCK IoStatusBlockStats={0};
IO_STATUS_BLOCK IoStatusBlockTable={0};
NTSTATUS Status=0;
//DWORD i;
DWORD arrayLen=0;
DWORD numconn=0;
HANDLE hEven2=NULL;
hEven2=CreateEventW(0,1,0,0);
//netstat
//http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x1; //TCP_STATS_ID;
Status = NtDeviceIoControlFile(
hUdpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockStats,
0x00120003,
&req,
sizeof(req),
&UdpStats,
sizeof(UdpStats));
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetUdpStat, Erreur: %s", get_error());
return NULL;
}
RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
arrayLen = UdpStats.dwNumAddrs * sizeof(MIB_UDPROW); //TCPAddrEntry
UdpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
hEven2=CreateEventW(0,1,0,0);
req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID;
Status = NtDeviceIoControlFile(
hUdpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockTable,
0x00120003,
&req,
sizeof(req),
UdpTable,
arrayLen);
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetUdpTable, Erreur: %s", get_error());
return NULL;
}
numconn = IoStatusBlockTable.Information/sizeof(MIB_UDPROW);
RUdpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_UDPTABLE),MEM_COMMIT,PAGE_READWRITE);
RUdpTable->dwNumEntries=numconn;
memcpy(RUdpTable->table,UdpTable,arrayLen);
VirtualFree(UdpTable,0,MEM_RELEASE);
return RUdpTable;
}
HANDLE OpenDeviceTcpUdp(BOOL PROTO)
{
NTSTATUS Status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
IO_STATUS_BLOCK iosb;
HANDLE pDeviceHandle;
if(PROTO)
RtlInitUnicodeString(&physmemString, L"\\Device\\TCP");
else
RtlInitUnicodeString(&physmemString, L"\\Device\\UDP");
attributes.Length = sizeof(OBJECT_ATTRIBUTES);
attributes.RootDirectory = NULL;
attributes.ObjectName = &physmemString;
attributes.Attributes = 0x40; //OBJ_CASE_INSENSITIVE
attributes.SecurityDescriptor = NULL;
attributes.SecurityQualityOfService = NULL;
Status = ZwOpenFile ( &pDeviceHandle,0x100000, &attributes, &iosb, 3,0);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "ZwOpenFile, Erreur: %s", get_error());
return NULL;
}
return pDeviceHandle;
}
BOOL LoadPrivilege(const char * Privilege)
{
HANDLE hToken;
LUID SEDebugNameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
fprintf(stderr, "OpenProcessToken, Erreur: %s", get_error());
return FALSE;
}
if (!LookupPrivilegeValue(NULL, Privilege, &SEDebugNameValue))
{
fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
CloseHandle(hToken);
return FALSE;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = SEDebugNameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL))
{
fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
return TRUE;
}
void main()
{
PMIB_TCPTABLE TcpTable=NULL;
PMIB_UDPTABLE UdpTable=NULL;
HANDLE Tcp=NULL;
HANDLE Udp=NULL;
DWORD i;
DWORD PortTcp=0;
DWORD PortUdp=0;
if(!LoadPrivilege(SE_DEBUG_NAME))
{
fprintf(stderr,"Load Privilege Error...\n");
return;
}
Tcp=OpenDeviceTcpUdp(TRUE);
Udp=OpenDeviceTcpUdp(FALSE);
if(Tcp != NULL)
TcpTable=GetTcpTable(Tcp);
if(Udp != NULL)
UdpTable=GetUdpTable(Udp);
if( (UdpTable != 0 && TcpTable != 0) )
{
for(i=0; i < TcpTable->dwNumEntries; i++)
{
fprintf(stdout,"TCP %-16s %i\t - ",
inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwLocalAddr),
ntohs((WORD)TcpTable->table[i].dwLocalPort));
fprintf(stdout,"%-16s %i\n",
inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwRemoteAddr),
TcpTable->table[i].dwRemoteAddr == 0? 0:ntohs((WORD)TcpTable->table[i].dwRemotePort));
}
for(i=0; i < UdpTable->dwNumEntries; i++)
fprintf(stdout,"UDP %-16s %i \t - *:* \n",
TcpTable->table[i].dwLocalAddr == 0? "0.0.0.0" :inet_ntoa(*(struct in_addr *)&UdpTable->table[i].dwLocalAddr),
UdpTable->table[i].dwLocalPort == 0? 0: ntohs((WORD)UdpTable->table[i].dwLocalPort)
);
}
if(TcpTable != NULL)
VirtualFree(TcpTable,0,MEM_RELEASE);
if(UdpTable != NULL)
VirtualFree(UdpTable,0,MEM_RELEASE);
if(Tcp != NULL)
CloseHandle(Tcp);
if(Udp != NULL)
CloseHandle(Udp);
return;
}
 Conclusion
laisser vos messages si ca intéess quelqun
a++
 Sources du même auteur
 Sources de la même categorie
 Commentaires et avis
|
Derniers Blogs
 SESSION SILVERLIGHT 5 3D : SLIDES ET DEMOSSESSION SILVERLIGHT 5 3D : SLIDES ET DEMOS par Groc
Durant les techdays, j'ai eu le plaisir d'animer une session sur Silverlight 5 et la 3D avec Simon Ferquel. Comme promis, voici nos slides et mes démos (celles avec le viper BSG) ici et là. Pour mémoire, les démos utilisent toutes le viper BSG...
Cliquez pour lire la suite de l'article par Groc [TECHDAYS 2012] SESSION WEBMATRIX 2 : LE COUTEAU SUISSE GRATUIT POUR VOS DéVELOPPEMENTS WEB - SLIDES[TECHDAYS 2012] SESSION WEBMATRIX 2 : LE COUTEAU SUISSE GRATUIT POUR VOS DéVELOPPEMENTS WEB - SLIDES par gpommier
Suite à la session que j'ai présenté sur WebMatrix 2, vous pouvez trouver les slides ici, ainsi que les démos en packages nuget : démos1 et démos2 J'en profite pour remercier chaleureusement tous ceux qui sont venus très nombreux à cette sess...
Cliquez pour lire la suite de l'article par gpommier [SHAREPOINT] LES SESSIONS TECHDAYS 2012.[SHAREPOINT] LES SESSIONS TECHDAYS 2012. par Patrick Guimonet
Voici donc pour ceux qui n'ont pas pu venir, ou ceux qui n'ont pas pu toutes les suivre la liste des sessions SharePoint aux TechDays 2012, que je mettrais à jour dès que les liens des vidéo seront disponibles. Ou ici : http...
Cliquez pour lire la suite de l'article par Patrick Guimonet TECHDAYS PARIS 2012 : SESSION PLEINIèRE JOUR 3TECHDAYS PARIS 2012 : SESSION PLEINIèRE JOUR 3 par ROMELARD Fabrice
Speaker: Bernard Ourghanlian Cette session est comme chaque jour transmise en live par BrainSonic, et j'ai donc suivi cette troisième pleinière par ce moyen sur mon iPad . Elle est dédiée comme chaque année à la mise en perspective de l'é...
Cliquez pour lire la suite de l'article par ROMELARD Fabrice MISHRA READER : UN LECTEUR RSS TRèS ZUNE STYLE EN OPEN SOURCE !MISHRA READER : UN LECTEUR RSS TRèS ZUNE STYLE EN OPEN SOURCE ! par Vko
Hier durant une session dédiée aux Techdays 2012, j'ai eu le plaisir d'annoncer la sortie de la Béta 2 de Mishra Reader. C'est quoi ? Pour les utilisateurs, c'est une vraie expérience de lecture de flux RSS sur Windows. Rien à voir avec les produit...
Cliquez pour lire la suite de l'article par Vko
Forum
 ALGORITHMESALGORITHMES par whayoub
Cliquez pour lire la suite par whayoub
Logiciels
 Tribler (2012)TRIBLER (2012)Tribler est un client pair à pair (P2P/Peer-to-Peer) open source avec la capacité de regarder des... Cliquez pour télécharger Tribler OneSwarm (2012)ONESWARM (2012)Le peer-to-peer qui protège votre vie privée, c'est OneSwarm.
Ce logiciel de peer-to-peer crypté... Cliquez pour télécharger OneSwarm PONAMEDIA PREMIUM - HELLLOOO FLASH DEMO (V8.4)PONAMEDIA PREMIUM - HELLLOOO FLASH DEMO (V8.4)PONAMEDIA TV DEVIENS HELLLOOO FLASH
LA TV SUR VOTRE ORDINATEUR.
Toute une plateforme Multi... Cliquez pour télécharger PONAMEDIA PREMIUM - HELLLOOO FLASH DEMO Academy System (17.2.1.0)ACADEMY SYSTEM (17.2.1.0)Logiciel de gestion des établissements.
- élèves/étudiants (inscription, dossier, absence...)
-... Cliquez pour télécharger Academy System Easy-Planning (1.0.0.1)EASY-PLANNING (1.0.0.1)Basé sur les mêmes principes que MyPlanning, Easy-Planning permet de créer des plannings sous la ... Cliquez pour télécharger Easy-Planning
|