不使用工具在WINDOWS下获得端口对应的进程名,
2005-01-14 22:03
323 查看
这问题都老生常谈了,大家对于技术动向的跟踪并不紧密呀,呵呵……
贴段我自己的代码,是用来枚举机器中所有的winsock对象及其相关进程的,供参考。稍做修改可满足各种需要。
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
typedef struct _HandleInfo
{
USHORT wPid;
USHORT wCreatorBackTraceIndex;
BYTE objType;
BYTE handleAttibs;
USHORT handleOffset;
DWORD dwKeObject;
ULONG dwGrantedAccess;
}HANDLEINFO, *PHANDLEINFO;
int main(int argc, char* argv[])
{
WSADATA wd;
unsigned int ret = WSAStartup(0x0202, &wd);
typedef DWORD (WINAPI *PQuerySystemInformation)(DWORD, PBYTE, DWORD, PDWORD);
PQuerySystemInformation pQuerySystemInformation = (PQuerySystemInformation)GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwQuerySystemInformation");
if(pQuerySystemInformation == NULL)
{
MessageBox(NULL, "Can't find NtQuerySystemInformation int Ntdll.dll!", "Failed", 0);
return 1;
}
BYTE *buf = new BYTE[20];
PHANDLEINFO phandleinfo = NULL;
DWORD dwRetSize = 0;
DWORD dwNum = 0;
unsigned int i;
ret = pQuerySystemInformation(16, buf,20,&dwRetSize);
if(0 != ret)
{
if(dwRetSize > 0)
{
//dwNum = dwRetSize/sizeof(HANDLEINFO);
delete [] buf;
buf = new BYTE[dwRetSize];
ret = pQuerySystemInformation(16, buf, dwRetSize, &dwRetSize);
if(0 != ret)
{
printf("Can't get any handles!/n");
goto end;
}
}
else
{
goto end;
}
}
dwNum = *(DWORD*)buf;
phandleinfo = (PHANDLEINFO)(buf+4);
for(i=0;i<dwNum;i++)
{
//static int iCount = 0;
//static WORD wPid = -1;
HANDLEINFO *pSeek = phandleinfo + i;
if((pSeek->objType==0x1a) && (pSeek->wPid))
{
//iCount++;
//wPid = pSeek->wPid;
HANDLE hSrcProcess;
hSrcProcess = OpenProcess(PROCESS_ALL_ACCESS,TRUE, pSeek->wPid);
if(hSrcProcess == NULL)
continue;
__try
{
SOCKET hSock;
ret = DuplicateHandle(hSrcProcess, (HANDLE)(pSeek->handleOffset), GetCurrentProcess(), (HANDLE *)&hSock, STANDARD_RIGHTS_REQUIRED,TRUE,0);
if(ret == 0)
{
int errcode = GetLastError();
continue;
}
sockaddr_in in = {0};
in.sin_family = AF_INET;
int dwSize = sizeof(in);
if(SOCKET_ERROR != getsockname(hSock, (sockaddr *)&in, &dwSize))
{
char name[0x100] = {0};
HMODULE hDll = LoadLibrary("psapi.dll");
typedef DWORD (WINAPI *PGETMODULEFILENAMEEX)(HANDLE, HMODULE, LPTSTR, DWORD);
//typedef BOOL (WINAPI *PENUMPROCESSMODULES)(HANDLE, HMODULE*, DWORD, LPDWORD);
PGETMODULEFILENAMEEX pfunc = (PGETMODULEFILENAMEEX)GetProcAddress(hDll, "GetModuleFileNameExA");
//PENUMPROCESSMODULES penum = (PENUMPROCESSMODULES)GetProcAddress(hDll, "EnumProcessModules");
//DWORD dwCb, dwRet;
//HMODULE module[1000];
//ret = penum(hSrcProcess
pfunc(hSrcProcess, NULL, name, 0x100);
FreeLibrary(hDll);
printf("socket:%4d port:%4d PID:%4d(%s)/n", pSeek->handleOffset, ntohs(in.sin_port), pSeek->wPid, name);
}
}
__finally
{
CloseHandle(hSrcProcess);
}
}
}
getchar();
end:
delete [] buf;
return 0;
}
贴段我自己的代码,是用来枚举机器中所有的winsock对象及其相关进程的,供参考。稍做修改可满足各种需要。
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
typedef struct _HandleInfo
{
USHORT wPid;
USHORT wCreatorBackTraceIndex;
BYTE objType;
BYTE handleAttibs;
USHORT handleOffset;
DWORD dwKeObject;
ULONG dwGrantedAccess;
}HANDLEINFO, *PHANDLEINFO;
int main(int argc, char* argv[])
{
WSADATA wd;
unsigned int ret = WSAStartup(0x0202, &wd);
typedef DWORD (WINAPI *PQuerySystemInformation)(DWORD, PBYTE, DWORD, PDWORD);
PQuerySystemInformation pQuerySystemInformation = (PQuerySystemInformation)GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwQuerySystemInformation");
if(pQuerySystemInformation == NULL)
{
MessageBox(NULL, "Can't find NtQuerySystemInformation int Ntdll.dll!", "Failed", 0);
return 1;
}
BYTE *buf = new BYTE[20];
PHANDLEINFO phandleinfo = NULL;
DWORD dwRetSize = 0;
DWORD dwNum = 0;
unsigned int i;
ret = pQuerySystemInformation(16, buf,20,&dwRetSize);
if(0 != ret)
{
if(dwRetSize > 0)
{
//dwNum = dwRetSize/sizeof(HANDLEINFO);
delete [] buf;
buf = new BYTE[dwRetSize];
ret = pQuerySystemInformation(16, buf, dwRetSize, &dwRetSize);
if(0 != ret)
{
printf("Can't get any handles!/n");
goto end;
}
}
else
{
goto end;
}
}
dwNum = *(DWORD*)buf;
phandleinfo = (PHANDLEINFO)(buf+4);
for(i=0;i<dwNum;i++)
{
//static int iCount = 0;
//static WORD wPid = -1;
HANDLEINFO *pSeek = phandleinfo + i;
if((pSeek->objType==0x1a) && (pSeek->wPid))
{
//iCount++;
//wPid = pSeek->wPid;
HANDLE hSrcProcess;
hSrcProcess = OpenProcess(PROCESS_ALL_ACCESS,TRUE, pSeek->wPid);
if(hSrcProcess == NULL)
continue;
__try
{
SOCKET hSock;
ret = DuplicateHandle(hSrcProcess, (HANDLE)(pSeek->handleOffset), GetCurrentProcess(), (HANDLE *)&hSock, STANDARD_RIGHTS_REQUIRED,TRUE,0);
if(ret == 0)
{
int errcode = GetLastError();
continue;
}
sockaddr_in in = {0};
in.sin_family = AF_INET;
int dwSize = sizeof(in);
if(SOCKET_ERROR != getsockname(hSock, (sockaddr *)&in, &dwSize))
{
char name[0x100] = {0};
HMODULE hDll = LoadLibrary("psapi.dll");
typedef DWORD (WINAPI *PGETMODULEFILENAMEEX)(HANDLE, HMODULE, LPTSTR, DWORD);
//typedef BOOL (WINAPI *PENUMPROCESSMODULES)(HANDLE, HMODULE*, DWORD, LPDWORD);
PGETMODULEFILENAMEEX pfunc = (PGETMODULEFILENAMEEX)GetProcAddress(hDll, "GetModuleFileNameExA");
//PENUMPROCESSMODULES penum = (PENUMPROCESSMODULES)GetProcAddress(hDll, "EnumProcessModules");
//DWORD dwCb, dwRet;
//HMODULE module[1000];
//ret = penum(hSrcProcess
pfunc(hSrcProcess, NULL, name, 0x100);
FreeLibrary(hDll);
printf("socket:%4d port:%4d PID:%4d(%s)/n", pSeek->handleOffset, ntohs(in.sin_port), pSeek->wPid, name);
}
}
__finally
{
CloseHandle(hSrcProcess);
}
}
}
getchar();
end:
delete [] buf;
return 0;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- WINDOWS下获得端口对应的进程名1
- windows和linux下使用命令查找端口对应的进程pid并杀死进程
- Windows自带的端口转发工具netsh使用方法
- windows查看端口被什么进程使用并设置该端口可用
- windows下查看端口对应的进程和进程号
- [转]windows下查询端口对应应用进程的命令
- windows 8 查询端口,使用pid杀掉进程命令
- 用windows自带命令和工具查看端口使用情况
- windows自带命令和工具查看端口使用情况
- Windows自带的端口转发工具netsh使用方法
- 用windows自带命令和工具查看端口使用情况
- windows下使用远程工具登录虚拟机上的Linux、访问虚拟机上的服务 、端口转发、win7 telnet登陆虚拟机
- 如何在windows和linux下查看进程使用的端口或通过端口查看进程
- cmd netstat 查看某监听端口 对应的Process ID 及使用taskkill 中止某进程
- Windows--查看使用某端口的进程
- [Windows 监控]使用windows自带的工具去对某一进程实现监控,并取得这一进程对系统的资源使用情况
- windows中,端口查看&关闭进程及Kill使用
- 对"查看进程使用的端口"工具小析
- windows查询占用端口的pid以及查询对应的进程名称
- Windows自带的端口转发工具netsh使用方法