Getting TCP-UDP Tables for Pre-XP SP2 Systems(附件提供ntdll.lib)
文章作者:Akin Ocal[size=2][b]The Problem[/b][/size]
In recent times , i needed code to make a small application just like Sysinternal's TCPView for Pre-XP SP2 Windows OSs. Microsoft supplies some WinAPI functions for that purpose :
[url=http://msdn2.microsoft.com/en-us/library/aa366026.aspx]http://msdn2.microsoft.com/en-us/library/aa366026.aspx[/url]
DWORD WINAPI GetTcpTable ( PMIB_TCPTABLE pTcpTable, PDWORD pdwSize, BOOL bOrder ); [/pre]http://msdn2.microsoft.com/en-us/library/aa366917.aspx
typedef struct _MIB_TCPTABLE {DWORD dwNumEntries;MIB_TCPROW table[ANY_SIZE]; } MIB_TCPTABLE, *PMIB_TCPTABLE; [/pre]http://msdn2.microsoft.com/en-us/library/aa366909.aspx
typedef struct _MIB_TCPROW {DWORD dwState;DWORD dwLocalAddr;DWORD dwLocalPort;DWORD dwRemoteAddr;DWORD dwRemotePort; } MIB_TCPROW, *PMIB_TCPROW; So latest structure retrieved by GetTcpTable is MIB_TCPROW and it doesn't give us process IDs per entry. [/pre]http://msdn2.microsoft.com/EN-US/library/aa365928.aspx
DWORD GetExtentedTcpTable( PVOID pTcpTable, PDWORD pdwSize, BOOL bOrder, ULONG ulAf, TCP_TABLE_CLASS TableClass, ULONG Reserved ); [/pre]http://msdn2.microsoft.com/EN-US/library/aa366386.aspx
typedef enum { TCP_TABLE_BASIC_LISTENER, TCP_TABLE_BASIC_CONNECTIONS, TCP_TABLE_BASIC_ALL, TCP_TABLE_OWNER_PID_LISTENER, TCP_TABLE_OWNER_PID_CONNECTIONS, TCP_TABLE_OWNER_PID_ALL, TCP_TABLE_OWNER_MODULE_LISTENER, TCP_TABLE_OWNER_MODULE_CONNECTIONS, TCP_TABLE_OWNER_MODULE_ALL }TCP_TABLE_CLASS, *PTCP_TABLE_CLASS; [/pre]http://msdn2.microsoft.com/EN-US/library/aa366921.aspx
typedef struct {DWORD dwNumEntries;MIB_TCPROW_OWNER_PID table[ANY_SIZE]; } MIB_TCPTABLE_OWNER_PID, *PMIB_TCPTABLE_OWNER_PID; [/pre]http://msdn2.microsoft.com/EN-US/library/aa366913.aspx
typedef struct _MIB_TCPROW_OWNER_PID {DWORD dwState;DWORD dwLocalAddr;DWORD dwLocalPort;DWORD dwRemoteAddr;DWORD dwRemotePort;DWORD dwOwningPid; } MIB_TCPROW_OWNER_PID, *PMIB_TCPROW_OWNER_PID; [/pre]We can get process IDs too with GetExtentedTcpTable function. But it works for only XP SP2 ,
Vista , Windows Server2003 SP1. So it seems MS doesnt supply a function for pre XPSP2 systems on client side.
[size=2][b]Solution[/b][/size]
All my searchs guided me to a source code called "portuser.cpp" written by Gary Nebbet. He is the writer of the book Windows NT/2000 Native API Reference (Paperback). You can see the book here : [url=http://www.amazon.com/Windows-2000-Native-API-Reference/dp/1578701996]http://www.amazon.com/Windows-20 ... rence/dp/1578701996[/url]
But it was still a problem for me because i had many problems during building the code. I supply a project for VS7.0 which is ready to build. So i think this will be a solution to people who seeks for this code days and days like me. Here is my build solution :
[b][i]1. Libs : [/i][/b]
ntdll.lib DDK for XP SP1. ( You can find it in solution.)
ws2_32.lib any PSDK
psapi.lib any PSDK
[b][i]2. Header files. [/i][/b]
tdikrnl.h DDK for XP SP1 ( C:\WINDDK\2600.1106\inc\ddk\wxp )
ddk/ntddk.h DDK2000 ( The default path is C:\NTDDK\inc )
#include <windows.h> any PSDK
#include <psapi.h> any PSDK
#include <winsock2.h> any PSDK
[b][i]3. Extra Project settings : [/i][/b]
You must set code generation style as Multi-Threaded DLL .
[attach]4604[/attach]
[b]Inside Native Code[/b]1. We get handles of transport layer drivers by ZwOpenFile.
[url=http://msdn2.microsoft.com/en-us/library/ms804370.aspx]http://msdn2.microsoft.com/en-us/library/ms804370.aspx[/url]
2. Portuser mainly uses ZwQuerySystemInformation to get handles in the system. [url=http://msdn2.microsoft.com/en-us/library/ms725506.aspx]http://msdn2.microsoft.com/en-us/library/ms725506.aspx[/url]
3. We select handles related with TCP and UDP drivers.
4. After getting handles , we use DeviceIOContol with IOCTL IOCTL_TDI_QUERY_INFORMATION.
[url=http://msdn2.microsoft.com/En-US/library/aa363216.aspx]http://msdn2.microsoft.com/En-US/library/aa363216.aspx[/url]
[size=2][b]Akin Ocal[/b][/size]
[quote]Click here to view Akin Ocal's online profile.[/quote]
[quote]
Other popular Internet & Network articles:
[list][*]Network Development Kit 2.0 Network Development Kit is a set of simple classes for a client-server architecture.[*]Developing Firewalls for Windows 2000/XP An article about developing Firewalls for Windows 2000/XP.[*]CSMTPConnection v1.36 An MFC class to encapsulate the SMTP protocol.[*]Multi-threaded Client/Server Socket class A multi-threaded based Client/Server Socket Communication class.[/list][/quote] 看不懂` 可不可以翻译过来哟。。
就只认识 TCP 过了什么都不认识了哟 报到,支持,谢谢!
页:
[1]