1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
Option Explicit
'
' O O O
' \__/ \__/
' /=||=||=\ oouuuunnnnnnnnmmmmmmmmmmmmmm\
' // ||_|| Undocumented iphlpapi \
' \\ /\ #\ oouuuunnnnnnnnmmmmmmmmmmmmmmmm\
' /=( \ )==> Coded by EBArtSoft@ \
'// \O_\/ Copyright © 2004 \
'\\ || || email ebartsoft@hotmail.com \
' \==||=||==/ oouuuunnnnnnnnmmmmmmmmmmmmmmmmmmmm\
' ===========
'==== E.B ====
'
' ALL RIGHTS RESERVED ::..
' Permission to use, copy, modify, and distribute this software for
' any purpose and without fee is hereby granted, provided that the
' above copyright notice appear in all copies and that both the copyright
' notice and this permission notice appear in supporting documentation.
'
' THE MATERIAL EMBODIED ON THIS SOFTWARE IS PROVIDED TO YOU "AS-IS"
' AND WITHOUT WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR OTHERWISE,
' INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR
' FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL WE BE LIABLE
' TO YOU OR ANYONE ELSE FOR ANY DIRECT, SPECIAL, INCIDENTAL, INDIRECT
' OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER,
' INCLUDING WITHOUT LIMITATION, LOSS OF PROFIT, LOSS OF USE, SAVINGS
' OR REVENUE, OR THE CLAIMS OF THIRD PARTIES, WHETHER OR NOT WE HAS BEEN
' ADVISED OF THE POSSIBILITY OF SUCH LOSS, HOWEVER CAUSED AND ON
' ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE
' POSSESSION, USE OR PERFORMANCE OF THIS SOFTWARE.
'
Private Const PROCESS_VM_READ As Long = &H10
Private Const PROCESS_QUERY_INFORMATION As Long = &H400
Private Const MIB_TCP_STATE_CLOSED As Long = 1
Private Const MIB_TCP_STATE_LISTEN As Long = 2
Private Const MIB_TCP_STATE_SYN_SENT As Long = 3
Private Const MIB_TCP_STATE_SYN_RCVD As Long = 4
Private Const MIB_TCP_STATE_ESTAB As Long = 5
Private Const MIB_TCP_STATE_FIN_WAIT1 As Long = 6
Private Const MIB_TCP_STATE_FIN_WAIT2 As Long = 7
Private Const MIB_TCP_STATE_CLOSE_WAIT As Long = 8
Private Const MIB_TCP_STATE_CLOSING As Long = 9
Private Const MIB_TCP_STATE_LAST_ACK As Long = 10
Private Const MIB_TCP_STATE_TIME_WAIT As Long = 11
Private Const MIB_TCP_STATE_DELETE_TCB As Long = 12
Private Type PMIB_UDPEXROW
dwLocalAddr As Long
dwLocalPort As Long
dwProcessId As Long
End Type
Private Type PMIB_TCPEXROW
dwStats As Long
dwLocalAddr As Long
dwLocalPort As Long
dwRemoteAddr As Long
dwRemotePort As Long
dwProcessId As Long
End Type
Private Declare Function AllocateAndGetTcpExTableFromStack Lib "iphlpapi.dll" (ByRef pTcpTable As Any, ByRef bOrder As Boolean, ByVal heap As Long, ByVal zero As Long, ByVal flags As Long) As Long
Private Declare Function AllocateAndGetUdpExTableFromStack Lib "iphlpapi.dll" (ByRef pTcpTable As Any, ByRef bOrder As Boolean, ByVal heap As Long, ByVal zero As Long, ByVal flags As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Declare Function HeapFree Lib "kernel32" (ByVal hHeap As Long, ByVal dwFlags As Long, lpMem As Any) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetProcessHeap Lib "kernel32.dll" () As Long
Private Declare Function EnumProcesses Lib "PSAPI.DLL" (lpidProcess As Long, ByVal cb As Long, cbNeeded As Long) As Long
Private Declare Function GetModuleBaseName Lib "PSAPI.DLL" Alias "GetModuleBaseNameA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Private Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, lphModule As Long, ByVal cb As Long, lpcbNeeded As Long) As Long
Private Declare Function GetModuleFileNameEx Lib "PSAPI.DLL" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Private mHeap As Long
Private Sub Form_Load()
ListView1.ColumnHeaders.Add , , "Proto", 52
ListView1.ColumnHeaders.Add , , "Process", 128
ListView1.ColumnHeaders.Add , , "Distant", 128
ListView1.ColumnHeaders.Add , , "Local", 128
ListView1.ColumnHeaders.Add , , "Status", 96
mHeap = GetProcessHeap()
OnRefresh
End Sub
Private Sub Command1_Click(Index As Integer)
Select Case Index
Case 0: OnRefresh
Case 1: Unload Me
End Select
End Sub
Private Sub OnRefresh()
Dim TcpExTable() As PMIB_TCPEXROW
Dim UdpExTable() As PMIB_UDPEXROW
Dim Distant As String
Dim Pointer As Long
Dim Number As Long
Dim Size As Long
Dim i As Long
ListView1.ListItems.Clear
If AllocateAndGetTcpExTableFromStack(Pointer, True, mHeap, 2, 2) = 0 Then
CopyMemory Number, ByVal Pointer, 4
If Number Then
ReDim TcpExTable(Number - 1)
Size = Number * Len(TcpExTable(0))
CopyMemory TcpExTable(0), ByVal Pointer + 4, Size
For i = 0 To UBound(TcpExTable)
With ListView1.ListItems.Add
.Text = "TCP"
.SubItems(1) = GetProcessName(TcpExTable(i).dwProcessId)
Distant = GetIpString(TcpExTable(i).dwRemoteAddr)
If Distant = "0.0.0.0" Then
.SubItems(2) = "*:*"
Else
.SubItems(2) = Distant & ":" & GetPortNumber(TcpExTable(i).dwRemotePort)
End If
.SubItems(3) = GetIpString(TcpExTable(i).dwLocalAddr) & ":" & GetPortNumber(TcpExTable(i).dwLocalPort)
.SubItems(4) = GetState(TcpExTable(i).dwStats)
End With
Next
End If
HeapFree mHeap, 0, ByVal Pointer
Else
MsgBox "Can't get TCP table", vbExclamation
End If
If AllocateAndGetUdpExTableFromStack(Pointer, True, mHeap, 2, 2) = 0 Then
CopyMemory Number, ByVal Pointer, 4
If Number Then
ReDim UdpExTable(Number - 1)
Size = Number * Len(UdpExTable(0))
CopyMemory UdpExTable(0), ByVal Pointer + 4, Size
For i = 0 To UBound(UdpExTable)
With ListView1.ListItems.Add
.Text = "UDP"
.SubItems(1) = GetProcessName(UdpExTable(i).dwProcessId)
.SubItems(2) = "*:*"
.SubItems(3) = GetIpString(UdpExTable(i).dwLocalAddr) & ":" & GetPortNumber(UdpExTable(i).dwLocalPort)
.SubItems(4) = " "
End With
Next
End If
HeapFree mHeap, 0, ByVal Pointer
Else
MsgBox "Can't get UDP table", vbExclamation
End If
End Sub
Private Function GetProcessName(ByVal ProcessID As Long) As String
Dim strName As String * 1024
Dim hProcess As Long
Dim cbNeeded As Long
Dim hMod As Long
Select Case ProcessID
Case 0: GetProcessName = "Processus inactif"
Case 4: GetProcessName = "System"
Case Else: GetProcessName = "Unknown"
End Select
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, ProcessID)
If hProcess Then
If EnumProcessModules(hProcess, hMod, Len(hMod), cbNeeded) Then
GetModuleBaseName hProcess, hMod, strName, Len(strName)
GetProcessName = Left$(strName, lstrlen(strName))
End If
CloseHandle hProcess
End If
End Function
Private Function GetIpString(ByVal Value As Long) As String
Dim Table(3) As Byte
CopyMemory Table(0), Value, 4
GetIpString = Table(0) & "." & Table(1) & "." & Table(2) & "." & Table(3)
End Function
Private Function GetPortNumber(ByVal Value As Long) As Long
GetPortNumber = (Value / 256) + (Value Mod 256) * 256
End Function
Private Function GetState(ByVal Value As Long) As String
Select Case Value
Case MIB_TCP_STATE_ESTAB: GetState = "ESTAB"
Case MIB_TCP_STATE_CLOSED: GetState = "CLOSED"
Case MIB_TCP_STATE_LISTEN: GetState = "LISTEN"
Case MIB_TCP_STATE_CLOSING: GetState = "CLOSING"
Case MIB_TCP_STATE_LAST_ACK: GetState = "LAST_ACK"
Case MIB_TCP_STATE_SYN_SENT: GetState = "SYN_SENT"
Case MIB_TCP_STATE_SYN_RCVD: GetState = "SYN_RCVD"
Case MIB_TCP_STATE_FIN_WAIT1: GetState = "FIN_WAIT1"
Case MIB_TCP_STATE_FIN_WAIT2: GetState = "FIN_WAIT2"
Case MIB_TCP_STATE_TIME_WAIT: GetState = "TIME_WAIT"
Case MIB_TCP_STATE_CLOSE_WAIT: GetState = "CLOSE_WAIT"
Case MIB_TCP_STATE_DELETE_TCB: GetState = "DELETE_TCB"
End Select
End Function |
utiliser netstat par api
)
Répondre avec citation
Partager