C'est pour montrer les entraille des api de windows
pour faire bref jai recuperer lintérieur de la dll iphlp.dll
ca donne ca...
Source / Exemple :
#include<windows.h>
#include <stdio.h>
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
#pragma comment (lib,"ws2_32.lib")
#pragma comment (lib,"advapi32.lib")
#pragma comment (lib,"ntdll.lib")
//tiny
#pragma optimize("gsy",on)
#pragma comment(linker,"/RELEASE")
#pragma comment(linker,"/merge:.rdata=.data")
#pragma comment(linker,"/merge:.text=.data")
#pragma comment(linker,"/merge:.reloc=.data")
#pragma comment(linker,"/SECTION:.data,EWR")
#pragma comment(linker,"/FILEALIGN:0x200")
#pragma comment(linker,"/IGNORE:4078")
#pragma comment(linker,"/OPT:NOWIN98")
typedef LONG NTSTATUS;
typedef struct _IO_STATUS_BLOCK
{
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _ANSI_STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
}ANSI_STRING,*PANSI_STRING;
typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef struct _MIB_TCPROW
{
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;
typedef struct _MIB_UDPROW
{
DWORD dwLocalAddr;
DWORD dwLocalPort;
} MIB_UDPROW, *PMIB_UDPROW;
typedef struct _MIB_UDPTABLE {
DWORD dwNumEntries;
MIB_UDPROW table[1];
} MIB_UDPTABLE, *PMIB_UDPTABLE;
typedef struct _MIB_TCPTABLE {
DWORD dwNumEntries;
MIB_TCPROW table[1];
} MIB_TCPTABLE, *PMIB_TCPTABLE;
//* Structure of an entity ID.
typedef struct TDIEntityID {
ULONG tei_entity;
ULONG tei_instance;
} TDIEntityID;
//* Structure of an object ID.
typedef struct TDIObjectID {
TDIEntityID toi_entity;
ULONG toi_class;
ULONG toi_type;
ULONG toi_id;
} TDIObjectID;
typedef struct _MIB_TCPSTATS
{
DWORD dwRtoAlgorithm;
DWORD dwRtoMin;
DWORD dwRtoMax;
DWORD dwMaxConn;
DWORD dwActiveOpens;
DWORD dwPassiveOpens;
DWORD dwAttemptFails;
DWORD dwEstabResets;
DWORD dwCurrEstab;
DWORD dwInSegs;
DWORD dwOutSegs;
DWORD dwRetransSegs;
DWORD dwInErrs;
DWORD dwOutRsts;
DWORD dwNumConns;
} MIB_TCPSTATS, *PMIB_TCPSTATS;
typedef struct _MIB_UDPSTATS
{
DWORD dwInDatagrams;
DWORD dwNoPorts;
DWORD dwInErrors;
DWORD dwOutDatagrams;
DWORD dwNumAddrs;
} MIB_UDPSTATS,*PMIB_UDPSTATS;
#define MIB_TCP_STATE_CLOSED 1
#define MIB_TCP_STATE_LISTEN 2
#define MIB_TCP_STATE_SYN_SENT 3
#define MIB_TCP_STATE_SYN_RCVD 4
#define MIB_TCP_STATE_ESTAB 5
#define MIB_TCP_STATE_FIN_WAIT1 6
#define MIB_TCP_STATE_FIN_WAIT2 7
#define MIB_TCP_STATE_CLOSE_WAIT 8
#define MIB_TCP_STATE_CLOSING 9
#define MIB_TCP_STATE_LAST_ACK 10
#define MIB_TCP_STATE_TIME_WAIT 11
#define MIB_TCP_STATE_DELETE_TCB 12
//
// Possible TCP endpoint states
//
static char TcpState[][32] = {
"???",
"CLOSED",
"LISTENING",
"SYN_SENT",
"SEN_RECEIVED",
"ESTABLISHED",
"FIN_WAIT",
"FIN_WAIT2",
"CLOSE_WAIT",
"CLOSING",
"LAST_ACK",
"TIME_WAIT"
};
#define CONTEXT_SIZE 16
//#define CO_TL_ENTITY 0x400
//#define INFO_CLASS_PROTOCOL 0x200
//#define INFO_TYPE_PROVIDER 0x100
//#define TCP_MIB_ADDRTABLE_ENTRY_ID 0x101
//#define INFO_TYPE_CONNECTION 0x300
//#define CO_TL_TCP 0x404
// QueryInformationEx IOCTL. The return buffer is passed as the OutputBuffer
// in the DeviceIoControl request. This structure is passed as the
// InputBuffer.
//
struct tcp_request_query_information_ex {
TDIObjectID ID; // object ID to query.
ULONG * Context[CONTEXT_SIZE/sizeof(ULONG *)]; // multi-request context. Zeroed
// for the first request.
};
typedef struct tcp_request_query_information_ex
TCP_REQUEST_QUERY_INFORMATION_EX,
- PTCP_REQUEST_QUERY_INFORMATION_EX;
typedef
VOID
(NTAPI *PIO_APC_ROUTINE) (
IN PVOID ApcContext,
IN PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG Reserved
);
NTSYSAPI
NTSTATUS
NTAPI ZwOpenFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
);
NTSYSAPI
NTSTATUS
NTAPI
NtDeviceIoControlFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength );
NTSYSAPI
ULONG
NTAPI
RtlNtStatusToDosError(
IN NTSTATUS Status
);
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
extern char *get_error(void)
{
LPVOID lpMsgBuf;
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL);
return (lpMsgBuf);
}
MIB_TCPTABLE *GetTcpTable(HANDLE hTcpPort)
{
PMIB_TCPTABLE RTcpTable=NULL;
TCP_REQUEST_QUERY_INFORMATION_EX req={0};
MIB_TCPROW *TcpTable=NULL;
MIB_TCPSTATS TcpStats={0};
IO_STATUS_BLOCK IoStatusBlockStats={0};
IO_STATUS_BLOCK IoStatusBlockTable={0};
NTSTATUS Status=0;
DWORD arrayLen=0;
DWORD numconn=0;
HANDLE hEven2=NULL;
hEven2=CreateEventW(0,1,0,0);
//netstat
//
http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x1; //TCP_STATS_ID;
Status = NtDeviceIoControlFile(
hTcpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockStats,
0x00120003,
&req,
sizeof(req),
&TcpStats,
sizeof(TcpStats));
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetTcpStats, Erreur: %s", get_error());
return 0;
}
RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
CloseHandle(hEven2);
arrayLen = TcpStats.dwNumConns * sizeof(MIB_TCPROW); //TCPAddrEntry
TcpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
hEven2=CreateEventW(0,1,0,0);
req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID;
Status = NtDeviceIoControlFile(
hTcpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockTable,
0x00120003,
&req,
sizeof(req),
TcpTable,
arrayLen);
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetTcpTable, Erreur: %s", get_error());
return 0;
}
numconn = IoStatusBlockTable.Information/sizeof(MIB_TCPROW);
RTcpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_TCPTABLE),MEM_COMMIT,PAGE_READWRITE);
RTcpTable->dwNumEntries=numconn;
memcpy(RTcpTable->table,TcpTable,arrayLen);
VirtualFree(TcpTable,0,MEM_RELEASE);
return RTcpTable;
}
MIB_UDPTABLE *GetUdpTable(HANDLE hUdpPort)
{
PMIB_UDPTABLE RUdpTable=NULL;
TCP_REQUEST_QUERY_INFORMATION_EX req={0};
MIB_UDPROW *UdpTable=NULL;
MIB_UDPSTATS UdpStats={0};
IO_STATUS_BLOCK IoStatusBlockStats={0};
IO_STATUS_BLOCK IoStatusBlockTable={0};
NTSTATUS Status=0;
//DWORD i;
DWORD arrayLen=0;
DWORD numconn=0;
HANDLE hEven2=NULL;
hEven2=CreateEventW(0,1,0,0);
//netstat
//
http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp
req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x1; //TCP_STATS_ID;
Status = NtDeviceIoControlFile(
hUdpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockStats,
0x00120003,
&req,
sizeof(req),
&UdpStats,
sizeof(UdpStats));
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetUdpStat, Erreur: %s", get_error());
return NULL;
}
RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
arrayLen = UdpStats.dwNumAddrs * sizeof(MIB_UDPROW); //TCPAddrEntry
UdpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE);
hEven2=CreateEventW(0,1,0,0);
req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp
req.ID.toi_entity.tei_instance = 0;
req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL;
req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER;
req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID;
Status = NtDeviceIoControlFile(
hUdpPort,
hEven2,
NULL,
NULL,
&IoStatusBlockTable,
0x00120003,
&req,
sizeof(req),
UdpTable,
arrayLen);
CloseHandle(hEven2);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "GetUdpTable, Erreur: %s", get_error());
return NULL;
}
numconn = IoStatusBlockTable.Information/sizeof(MIB_UDPROW);
RUdpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_UDPTABLE),MEM_COMMIT,PAGE_READWRITE);
RUdpTable->dwNumEntries=numconn;
memcpy(RUdpTable->table,UdpTable,arrayLen);
VirtualFree(UdpTable,0,MEM_RELEASE);
return RUdpTable;
}
HANDLE OpenDeviceTcpUdp(BOOL PROTO)
{
NTSTATUS Status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
IO_STATUS_BLOCK iosb;
HANDLE pDeviceHandle;
if(PROTO)
RtlInitUnicodeString(&physmemString, L"\\Device\\TCP");
else
RtlInitUnicodeString(&physmemString, L"\\Device\\UDP");
attributes.Length = sizeof(OBJECT_ATTRIBUTES);
attributes.RootDirectory = NULL;
attributes.ObjectName = &physmemString;
attributes.Attributes = 0x40; //OBJ_CASE_INSENSITIVE
attributes.SecurityDescriptor = NULL;
attributes.SecurityQualityOfService = NULL;
Status = ZwOpenFile ( &pDeviceHandle,0x100000, &attributes, &iosb, 3,0);
if(!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
fprintf(stderr, "ZwOpenFile, Erreur: %s", get_error());
return NULL;
}
return pDeviceHandle;
}
BOOL LoadPrivilege(const char * Privilege)
{
HANDLE hToken;
LUID SEDebugNameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
fprintf(stderr, "OpenProcessToken, Erreur: %s", get_error());
return FALSE;
}
if (!LookupPrivilegeValue(NULL, Privilege, &SEDebugNameValue))
{
fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
CloseHandle(hToken);
return FALSE;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = SEDebugNameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL))
{
fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error());
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
return TRUE;
}
void main()
{
PMIB_TCPTABLE TcpTable=NULL;
PMIB_UDPTABLE UdpTable=NULL;
HANDLE Tcp=NULL;
HANDLE Udp=NULL;
DWORD i;
DWORD PortTcp=0;
DWORD PortUdp=0;
if(!LoadPrivilege(SE_DEBUG_NAME))
{
fprintf(stderr,"Load Privilege Error...\n");
return;
}
Tcp=OpenDeviceTcpUdp(TRUE);
Udp=OpenDeviceTcpUdp(FALSE);
if(Tcp != NULL)
TcpTable=GetTcpTable(Tcp);
if(Udp != NULL)
UdpTable=GetUdpTable(Udp);
if( (UdpTable != 0 && TcpTable != 0) )
{
for(i=0; i < TcpTable->dwNumEntries; i++)
{
fprintf(stdout,"TCP %-16s %i\t - ",
inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwLocalAddr),
ntohs((WORD)TcpTable->table[i].dwLocalPort));
fprintf(stdout,"%-16s %i\n",
inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwRemoteAddr),
TcpTable->table[i].dwRemoteAddr == 0? 0:ntohs((WORD)TcpTable->table[i].dwRemotePort));
}
for(i=0; i < UdpTable->dwNumEntries; i++)
fprintf(stdout,"UDP %-16s %i \t - *:* \n",
TcpTable->table[i].dwLocalAddr == 0? "0.0.0.0" :inet_ntoa(*(struct in_addr *)&UdpTable->table[i].dwLocalAddr),
UdpTable->table[i].dwLocalPort == 0? 0: ntohs((WORD)UdpTable->table[i].dwLocalPort)
);
}
if(TcpTable != NULL)
VirtualFree(TcpTable,0,MEM_RELEASE);
if(UdpTable != NULL)
VirtualFree(UdpTable,0,MEM_RELEASE);
if(Tcp != NULL)
CloseHandle(Tcp);
if(Udp != NULL)
CloseHandle(Udp);
return;
}
Conclusion :
laisser vos messages si ca intéess quelqun
a++
Vous n'êtes pas encore membre ?
inscrivez-vous, c'est gratuit et ça prend moins d'une minute !
Les membres obtiennent plus de réponses que les utilisateurs anonymes.
Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes et codes sources.
Le fait d'être membre vous permet d'avoir des options supplémentaires.