[转载]Getting TCP-UDP Tables for Pre-XP SP2 Systems(附件提供ntdll.lib)
文章作者:Akin Ocal[size=5][b]The Problem[/b][/size]
In recent times , i needed code to make a small application just like Sysinternal's TCPView for Pre-XP SP2 Windows OSs. Microsoft supplies some WinAPI functions for that purpose :
[url=http://msdn2.microsoft.com/en-us/library/aa366026.aspx]http://msdn2.microsoft.com/en-us/library/aa366026.aspx[/url]
DWORD WINAPI GetTcpTable ( PMIB_TCPTABLE pTcpTable, PDWORD pdwSize, BOOL bOrder ); [/pre][url=http://msdn2.microsoft.com/en-us/library/aa366917.aspx]http://msdn2.microsoft.com/en-us/library/aa366917.aspx[/url]
typedef struct _MIB_TCPTABLE {DWORD dwNumEntries;MIB_TCPROW table[ANY_SIZE]; } MIB_TCPTABLE, *PMIB_TCPTABLE; [/pre][size=3][b][url=http://msdn2.microsoft.com/en-us/library/aa366909.aspx]http://msdn2.microsoft.com/en-us/library/aa366909.aspx[/url] [/b][/size]
typedef struct _MIB_TCPROW {DWORD dwState;DWORD dwLocalAddr;DWORD dwLocalPort;DWORD dwRemoteAddr;DWORD dwRemotePort; } MIB_TCPROW, *PMIB_TCPROW; So latest structure retrieved by GetTcpTable is MIB_TCPROW and it doesn't give us process IDs per entry. [/pre][url=http://msdn2.microsoft.com/EN-US/library/aa365928.aspx]http://msdn2.microsoft.com/EN-US/library/aa365928.aspx[/url]
DWORD GetExtentedTcpTable( PVOID pTcpTable, PDWORD pdwSize, BOOL bOrder, ULONG ulAf, TCP_TABLE_CLASS TableClass, ULONG Reserved ); [/pre][url=http://msdn2.microsoft.com/EN-US/library/aa366386.aspx]http://msdn2.microsoft.com/EN-US/library/aa366386.aspx[/url]
typedef enum { TCP_TABLE_BASIC_LISTENER, TCP_TABLE_BASIC_CONNECTIONS, TCP_TABLE_BASIC_ALL, TCP_TABLE_OWNER_PID_LISTENER, TCP_TABLE_OWNER_PID_CONNECTIONS, TCP_TABLE_OWNER_PID_ALL, TCP_TABLE_OWNER_MODULE_LISTENER, TCP_TABLE_OWNER_MODULE_CONNECTIONS, TCP_TABLE_OWNER_MODULE_ALL }TCP_TABLE_CLASS, *PTCP_TABLE_CLASS; [/pre][url=http://msdn2.microsoft.com/EN-US/library/aa366921.aspx]http://msdn2.microsoft.com/EN-US/library/aa366921.aspx[/url]
typedef struct {DWORD dwNumEntries;MIB_TCPROW_OWNER_PID table[ANY_SIZE]; } MIB_TCPTABLE_OWNER_PID, *PMIB_TCPTABLE_OWNER_PID; [/pre][url=http://msdn2.microsoft.com/EN-US/library/aa366913.aspx]http://msdn2.microsoft.com/EN-US/library/aa366913.aspx[/url]
typedef struct _MIB_TCPROW_OWNER_PID {DWORD dwState;DWORD dwLocalAddr;DWORD dwLocalPort;DWORD dwRemoteAddr;DWORD dwRemotePort;DWORD dwOwningPid; } MIB_TCPROW_OWNER_PID, *PMIB_TCPROW_OWNER_PID; [/pre]We can get process IDs too with GetExtentedTcpTable function. But it works for only XP SP2 ,
Vista , Windows Server2003 SP1. So it seems MS doesnt supply a function for pre XPSP2 systems on client side.
[size=5][b]Solution[/b][/size]
All my searchs guided me to a source code called "portuser.cpp" written by Gary Nebbet. He is the writer of the book Windows NT/2000 Native API Reference (Paperback). You can see the book here : [url=http://www.amazon.com/Windows-2000-Native-API-Reference/dp/1578701996]http://www.amazon.com/Windows-2000-Native-API-Reference/dp/1578701996[/url]
But it was still a problem for me because i had many problems during building the code. I supply a project for VS7.0 which is ready to build. So i think this will be a solution to people who seeks for this code days and days like me. Here is my build solution :
[b][i]1. Libs : [/i][/b]
ntdll.lib DDK for XP SP1. ( You can find it in solution.)
ws2_32.lib any PSDK
psapi.lib any PSDK
[b][i]2. Header files. [/i][/b]
tdikrnl.h DDK for XP SP1 ( C:\WINDDK\2600.1106\inc\ddk\wxp )
ddk/ntddk.h DDK2000 ( The default path is C:\NTDDK\inc )
#include <windows.h> any PSDK
#include <psapi.h> any PSDK
#include <winsock2.h> any PSDK
[b][i]3. Extra Project settings : [/i][/b]
You must set code generation style as Multi-Threaded DLL .
[attach]6403[/attach]
[b]Inside Native Code[/b]1. We get handles of transport layer drivers by ZwOpenFile.
[url=http://msdn2.microsoft.com/en-us/library/ms804370.aspx][color=#2f5fa1]http://msdn2.microsoft.com/en-us/library/ms804370.aspx[/color][/url]
2. Portuser mainly uses ZwQuerySystemInformation to get handles in the system. [url=http://msdn2.microsoft.com/en-us/library/ms725506.aspx][color=#2f5fa1]http://msdn2.microsoft.com/en-us/library/ms725506.aspx[/color][/url]
3. We select handles related with TCP and UDP drivers.
4. After getting handles , we use DeviceIOContol with IOCTL IOCTL_TDI_QUERY_INFORMATION.
[url=http://msdn2.microsoft.com/En-US/library/aa363216.aspx][color=#2f5fa1]http://msdn2.microsoft.com/En-US/library/aa363216.aspx[/color][/url]
[size=5][b]Akin Ocal[/b][/size]
[table][tr][td]
[/td][td]Click [url=http://www.codeproject.com/script/profile/whos_who.asp?vt=arts&id=2251342][color=#2f5fa1]here[/color][/url] to view Akin Ocal's online profile.
[/td][/tr][/table]
[table=100%][tr][td=1,1,100%][size=5][b]Other popular Internet & Network articles:[/b][/size]
[list][li][url=http://www.codeproject.com/internet/ndk.asp][color=#2f5fa1]Network Development Kit 2.0[/color][/url] Network Development Kit is a set of simple classes for a client-server architecture.[/li][li][url=http://www.codeproject.com/internet/drvfltip.asp][color=#2f5fa1]Developing Firewalls for Windows 2000/XP[/color][/url] An article about developing Firewalls for Windows 2000/XP.[/li][li][url=http://www.codeproject.com/internet/csmtpconn.asp][color=#2f5fa1]CSMTPConnection v1.36[/color][/url] An MFC class to encapsulate the SMTP protocol.[/li][li][url=http://www.codeproject.com/internet/serversocket.asp][color=#2f5fa1]Multi-threaded Client/Server Socket class[/color][/url] A multi-threaded based Client/Server Socket Communication class.[/li][/list][/td][/tr][/table]
页:
[1]