[Процессы] Определить процесс, который "слушает" определенный порт
- Автор темы Redline
- Дата начала
Автор
Redline
AutoIT Гуру
- Сообщения
- 506
- Репутация
- 375
Подсократил код из файла во вложении (первый пост):
Но все равно грамоздко =( , может есть решение покороче?
Код:
#include <array.au3>
Global Const $hKERNEL32 = DllOpen("kernel32.dll")
Global Const $hIPHLPAPI = DllOpen("iphlpapi.dll")
Global $a
Global $iIsAdmin = IsAdmin()
$a=_GetExtendedTcpTable()
_ArrayDisplay($a)
Func _GetExtendedTcpTable()
Local $aCall = DllCall($hIPHLPAPI, "dword", "GetExtendedTcpTable", _
"ptr*", 0, _
"dword*", 0, _
"int", 1, _ ; 1, sort in ascending order
"dword", 2, _ ; AF_INET4
"dword", 5, _ ; TCP_TABLE_OWNER_PID_ALL
"dword", 0)
If @error Then
Return SetError(1, 0, 0)
EndIf
If $aCall[0] <> 122 Then ; ERROR_INSUFFICIENT_BUFFER
Return SetError(2, 0, 0)
EndIf
Local $iSize = $aCall[2]
Local $tByteStructure = DllStructCreate("byte[" & $iSize & "]")
$aCall = DllCall($hIPHLPAPI, "dword", "GetExtendedTcpTable", _
"ptr", DllStructGetPtr($tByteStructure), _
"dword*", $iSize, _
"int", 1, _ ; 1, sort in ascending order
"dword", 2, _ ; AF_INET4
"dword", 5, _ ; TCP_TABLE_OWNER_PID_ALL
"dword", 0)
If @error Or $aCall[0] Then
Return SetError(3, 0, 0)
EndIf
Local $tMIB_TCPTABLE_OWNER_PID_DWORDS = DllStructCreate("dword[" & Ceiling($iSize / 4) & "]", DllStructGetPtr($tByteStructure))
Local $iTCPentries = DllStructGetData($tMIB_TCPTABLE_OWNER_PID_DWORDS, 1)
#cs
$tMIB_TCPROW_OWNER_PID = DllStructCreate("dword State;" & _
"dword LocalAddr;" & _
"dword LocalPort;" & _
"dword RemoteAddr;" & _
"dword RemotePort;" & _
"dword OwningPid")
#ce
Local $aTCPTable[$iTCPentries + 1][7]
$aTCPTable[0][0] = "Connection state"
$aTCPTable[0][1] = "Local IP"
$aTCPTable[0][2] = "Local Port"
$aTCPTable[0][3] = "Remote IP"
$aTCPTable[0][4] = "Remote port"
$aTCPTable[0][5] = "PID"
$aTCPTable[0][6] = "Process Name"
Local $aProcesses = ProcessList()
Local $iOffset
TCPStartup()
For $i = 1 To $iTCPentries
$iOffset = ($i - 1) * 6 + 1 ; going thru array of dwords
$aTCPTable[$i][2] = Dec(Hex(BinaryMid(DllStructGetData($tMIB_TCPTABLE_OWNER_PID_DWORDS, 1, $iOffset + 3), 1, 2)))
$aTCPTable[$i][5] = DllStructGetData($tMIB_TCPTABLE_OWNER_PID_DWORDS, 1, $iOffset + 6)
If Not $aTCPTable[$i][5] Then
$aTCPTable[$i][6] = "System Idle Process"
Else
For $j = 1 To $aProcesses[0][0]
If $aProcesses[$j][1] = $aTCPTable[$i][5] Then
$aTCPTable[$i][6] = $aProcesses[$j][0]
If Not $aTCPTable[$i][6] Then $aTCPTable[$i][6] = $aProcesses[$j][0]
ExitLoop
EndIf
Next
EndIf
Next
TCPShutdown()
Return $aTCPTable
EndFunc ;==>_GetExtendedTcpTable
Func _GetExtendedUdpTable()
Local $aCall = DllCall($hIPHLPAPI, "dword", "GetExtendedUdpTable", _
"ptr*", 0, _
"dword*", 0, _
"int", 1, _ ; 1, sort in ascending order
"dword", 2, _ ; AF_INET4
"dword", 1, _ ; UDP_TABLE_OWNER_PID
"dword", 0)
If @error Then
Return SetError(1, 0, 0)
EndIf
If $aCall[0] <> 122 Then ; ERROR_INSUFFICIENT_BUFFER
Return SetError(2, 0, 0)
EndIf
Local $iSize = $aCall[2]
Local $tByteStructure = DllStructCreate("byte[" & $iSize & "]")
$aCall = DllCall($hIPHLPAPI, "dword", "GetExtendedUdpTable", _
"ptr", DllStructGetPtr($tByteStructure), _
"dword*", $iSize, _
"int", 1, _ ; 1, sort in ascending order
"dword", 2, _ ; AF_INET4
"dword", 1, _ ; UDP_TABLE_OWNER_PID
"dword", 0)
If @error Or $aCall[0] Then
Return SetError(3, 0, 0)
EndIf
Local $tMIB_UDPTABLE_OWNER_PID_DWORDS = DllStructCreate("dword[" & Ceiling($iSize / 4) & "]", DllStructGetPtr($tByteStructure))
Local $iUDPentries = DllStructGetData($tMIB_UDPTABLE_OWNER_PID_DWORDS, 1)
Local $aUDPTable[$iUDPentries + 1][4]
$aUDPTable[0][0] = "Local IP "
$aUDPTable[0][1] = "Local Port"
$aUDPTable[0][2] = "PID"
$aUDPTable[0][3] = "Process Name"
Local $aProcesses = ProcessList()
Local $iOffset
UDPStartup()
For $i = 1 To $iUDPentries
$iOffset = ($i - 1) * 3 + 1 ; going thru array of dwords
$aUDPTable[$i][1] = Dec(Hex(BinaryMid(DllStructGetData($tMIB_UDPTABLE_OWNER_PID_DWORDS, 1, $iOffset + 2), 1, 2)))
$aUDPTable[$i][2] = DllStructGetData($tMIB_UDPTABLE_OWNER_PID_DWORDS, 1, $iOffset + 3)
If Not $aUDPTable[$i][2] Then
$aUDPTable[$i][3] = "System Idle Process"
Else
For $j = 1 To $aProcesses[0][0]
If $aProcesses[$j][1] = $aUDPTable[$i][2] Then
$aUDPTable[$i][3] = $aProcesses[$j][0]
If Not $aUDPTable[$i][3] Then $aUDPTable[$i][3] = $aProcesses[$j][0]
ExitLoop
EndIf
Next
EndIf
Next
UDPShutdown()
Return $aUDPTable
EndFunc ;==>_GetExtendedUdpTable
Func _PtrStringLenW($pString)
Local $aCall = DllCall($hKERNEL32, "dword", "lstrlenW", "ptr", $pString)
If @error Then
Return SetError(1, 0, 0)
EndIf
Return $aCall[0]
EndFunc ;==>_PtrStringLenW
Func _PtrStringLen($pString)
Local $aCall = DllCall($hKERNEL32, "dword", "lstrlen", "ptr", $pString)
If @error Then
Return SetError(1, 0, 0)
EndIf
Return $aCall[0]
EndFunc ;==>_PtrStringLenНо все равно грамоздко =( , может есть решение покороче?
Автор
Redline
AutoIT Гуру
- Сообщения
- 506
- Репутация
- 375
Конечный вариант: вводим локальный TCP порт, и получаем PID, имя процесса и файл, из которого запущен процесс(если это не служба 8))
Код:
While 1
$in = InputBox('Searching process by local TCP port', 'Enter number of the port', '', '', 250, 80)
If @error = 1 Then ExitLoop
$result = _findProcessByTCPPort($in)
If @error Then
MsgBox(0, 'Error', 'DLL error: ' & @error)
EndIf
MsgBox(0, 'Result', 'Local port: ' & $in & @CRLF & 'PID: ' & $result[0] & @CRLF & 'Porcess name: '& $result[1] & @CRLF & 'Process file name: ' & $result[2])
WEnd
Func _findProcessByTCPPort($port)
Const $hIPHLPAPI = DllOpen('iphlpapi.dll')
Global $hKERNEL32 = DllOpen("kernel32.dll")
Global $hPSAPI = DllOpen("psapi.dll")
Local $aCall = DllCall($hIPHLPAPI, 'dword', 'GetExtendedTcpTable', _
'ptr*', 0, _
'dword*', 0, _
'int', 1, _ ; 1, sort in ascending order
'dword', 2, _ ; AF_INET4
'dword', 5, _ ; TCP_TABLE_OWNER_PID_ALL
'dword', 0)
If @error Then
Return SetError(1)
EndIf
If $aCall[0] <> 122 Then ; ERROR_INSUFFICIENT_BUFFER
Return SetError(2)
EndIf
Local $iSize = $aCall[2]
Local $tByteStructure = DllStructCreate('byte[' & $iSize & ']')
$aCall = DllCall($hIPHLPAPI, 'dword', 'GetExtendedTcpTable', _
'ptr', DllStructGetPtr($tByteStructure), _
'dword*', $iSize, _
'int', 1, _ ; 1, sort in ascending order
'dword', 2, _ ; AF_INET4
'dword', 5, _ ; TCP_TABLE_OWNER_PID_ALL
'dword', 0)
If @error Or $aCall[0] Then
Return SetError(3)
EndIf
Local $tMIB_TCPTABLE_OWNER_PID_DWORDS = DllStructCreate('dword[' & Ceiling($iSize / 4) & ']', DllStructGetPtr($tByteStructure))
Local $iTCPentries = DllStructGetData($tMIB_TCPTABLE_OWNER_PID_DWORDS, 1)
Local $aTCPTable[$iTCPentries + 1][3]
Local $iOffset
Local $aResult[3] = [0,0,' - ']
TCPStartup()
For $i = 1 To $iTCPentries
$iOffset = ($i - 1) * 6 + 1
$aTCPTable[$i][0] = DllStructGetData($tMIB_TCPTABLE_OWNER_PID_DWORDS, 1, $iOffset + 6) ; PID
$aTCPTable[$i][1] = Dec(Hex(BinaryMid(DllStructGetData($tMIB_TCPTABLE_OWNER_PID_DWORDS, 1, $iOffset + 3), 1, 2))) ; local port
If $aTCPTable[$i][1] = $port Then
$aResult[0] = $aTCPTable[$i][0]
ExitLoop
EndIf
Next
TCPShutdown()
If $aResult[0] = 0 Then Return $aResult
Local $aProcesses = ProcessList()
For $i = 1 To $aProcesses[0][0]
If $aProcesses[$i][1] = $aResult[0] Then
$aResult[1] = $aProcesses[$i][0] ; process name
ExitLoop
EndIf
Next
Local $aCall = DllCall($hKERNEL32, "ptr", "OpenProcess", _
"dword", 1040, _ ; PROCESS_QUERY_INFORMATION|PROCESS_VM_READ
"int", 0, _
"dword", $aResult[0])
If @error Or Not $aCall[0] Then
Return $aResult
EndIf
Local $hProcess = $aCall[0]
$aCall = DllCall($hPSAPI, "dword", "GetModuleFileNameExW", _
"ptr", $hProcess, _
"ptr", 0, _
"wstr", "", _
"dword", 32767)
If @error Or Not $aCall[0] Then
DllCall($hKERNEL32, "int", "CloseHandle", "ptr", $hProcess)
Return $aResult
EndIf
Local $sFilename = $aCall[3]
DllCall($hKERNEL32, "int", "CloseHandle", "ptr", $hProcess)
$aResult[2] = $sFilename
Return $aResult
EndFunc
