Netstat (api native)

Soyez le premier à donner votre avis sur cette source.

Vue 8 013 fois - Téléchargée 514 fois

Description

C'est pour montrer les entraille des api de windows
pour faire bref jai recuperer lintérieur de la dll iphlp.dll
ca donne ca...

Source / Exemple :


#include<windows.h>
#include <stdio.h>

#define NT_SUCCESS(Status)				((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH		((NTSTATUS)0xC0000004L)
#define STATUS_BUFFER_TOO_SMALL         ((NTSTATUS)0xC0000023L)
#pragma comment (lib,"ws2_32.lib") 
#pragma comment (lib,"advapi32.lib") 
#pragma comment (lib,"ntdll.lib")

//tiny
#pragma optimize("gsy",on)
#pragma comment(linker,"/RELEASE")
#pragma comment(linker,"/merge:.rdata=.data")
#pragma comment(linker,"/merge:.text=.data")
#pragma comment(linker,"/merge:.reloc=.data")
#pragma comment(linker,"/SECTION:.data,EWR")
#pragma comment(linker,"/FILEALIGN:0x200")
#pragma comment(linker,"/IGNORE:4078")  
#pragma comment(linker,"/OPT:NOWIN98")

typedef LONG  NTSTATUS;

typedef struct _IO_STATUS_BLOCK 
{
    NTSTATUS    Status;
    ULONG        Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

typedef struct _UNICODE_STRING 
{
    USHORT        Length;
    USHORT        MaximumLength;
    PWSTR        Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef struct _ANSI_STRING {
  USHORT Length;
  USHORT MaximumLength;
  PCHAR Buffer;
}ANSI_STRING,*PANSI_STRING;

typedef struct _OBJECT_ATTRIBUTES 
{
    ULONG        Length;
    HANDLE        RootDirectory;
    PUNICODE_STRING ObjectName;
    ULONG        Attributes;
    PVOID        SecurityDescriptor;
    PVOID        SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;  

typedef struct _MIB_TCPROW
{
    DWORD       dwState;
    DWORD       dwLocalAddr;
    DWORD       dwLocalPort;
    DWORD       dwRemoteAddr;
    DWORD       dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;

typedef struct _MIB_UDPROW
{
    DWORD       dwLocalAddr;
    DWORD       dwLocalPort;
} MIB_UDPROW, *PMIB_UDPROW;

typedef struct _MIB_UDPTABLE {  
	DWORD dwNumEntries;  
	MIB_UDPROW table[1];
} MIB_UDPTABLE, *PMIB_UDPTABLE;

typedef struct _MIB_TCPTABLE {  
	DWORD dwNumEntries;  
	MIB_TCPROW table[1];
} MIB_TCPTABLE, *PMIB_TCPTABLE;

//* Structure of an entity ID.
typedef struct TDIEntityID {
	ULONG		tei_entity;
	ULONG		tei_instance;
} TDIEntityID;

//* Structure of an object ID.
typedef struct TDIObjectID {
	TDIEntityID	toi_entity;
	ULONG		toi_class;
	ULONG		toi_type;
	ULONG		toi_id;
} TDIObjectID;

typedef struct _MIB_TCPSTATS
{
    DWORD       dwRtoAlgorithm;
    DWORD       dwRtoMin;
    DWORD       dwRtoMax;
    DWORD       dwMaxConn;
    DWORD       dwActiveOpens;
    DWORD       dwPassiveOpens;
    DWORD       dwAttemptFails;
    DWORD       dwEstabResets;
    DWORD       dwCurrEstab;
    DWORD       dwInSegs;
    DWORD       dwOutSegs;
    DWORD       dwRetransSegs;
    DWORD       dwInErrs;
    DWORD       dwOutRsts;
    DWORD       dwNumConns;
} MIB_TCPSTATS, *PMIB_TCPSTATS;

typedef struct _MIB_UDPSTATS
{
    DWORD       dwInDatagrams;
    DWORD       dwNoPorts;
    DWORD       dwInErrors;
    DWORD       dwOutDatagrams;
    DWORD       dwNumAddrs;
} MIB_UDPSTATS,*PMIB_UDPSTATS;

#define MIB_TCP_STATE_CLOSED            1
#define MIB_TCP_STATE_LISTEN            2
#define MIB_TCP_STATE_SYN_SENT          3
#define MIB_TCP_STATE_SYN_RCVD          4
#define MIB_TCP_STATE_ESTAB             5
#define MIB_TCP_STATE_FIN_WAIT1         6
#define MIB_TCP_STATE_FIN_WAIT2         7
#define MIB_TCP_STATE_CLOSE_WAIT        8
#define MIB_TCP_STATE_CLOSING           9
#define MIB_TCP_STATE_LAST_ACK         10
#define MIB_TCP_STATE_TIME_WAIT        11
#define MIB_TCP_STATE_DELETE_TCB       12

//
// Possible TCP endpoint states
//
static char TcpState[][32] = {
	"???",
	"CLOSED",
	"LISTENING",
	"SYN_SENT",
	"SEN_RECEIVED",
	"ESTABLISHED",
	"FIN_WAIT",
	"FIN_WAIT2",
	"CLOSE_WAIT",
	"CLOSING",
	"LAST_ACK",
	"TIME_WAIT"
};

#define	CONTEXT_SIZE				16

//#define	CO_TL_ENTITY				0x400
//#define	INFO_CLASS_PROTOCOL			0x200
//#define	INFO_TYPE_PROVIDER			0x100

//#define TCP_MIB_ADDRTABLE_ENTRY_ID    0x101
//#define	INFO_TYPE_CONNECTION		0x300
//#define	CO_TL_TCP					0x404
// QueryInformationEx IOCTL. The return buffer is passed as the OutputBuffer
// in the DeviceIoControl request. This structure is passed as the
// InputBuffer.
//
struct tcp_request_query_information_ex {
	TDIObjectID   ID;                     // object ID to query.
    ULONG *     Context[CONTEXT_SIZE/sizeof(ULONG *)];  // multi-request context. Zeroed
	                                      // for the first request.
};

typedef struct tcp_request_query_information_ex
        TCP_REQUEST_QUERY_INFORMATION_EX,

  • PTCP_REQUEST_QUERY_INFORMATION_EX;
typedef VOID (NTAPI *PIO_APC_ROUTINE) ( IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved ); NTSYSAPI NTSTATUS NTAPI ZwOpenFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions ); NTSYSAPI NTSTATUS NTAPI NtDeviceIoControlFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength ); NTSYSAPI ULONG NTAPI RtlNtStatusToDosError( IN NTSTATUS Status ); NTSYSAPI VOID NTAPI RtlInitUnicodeString( PUNICODE_STRING DestinationString, PCWSTR SourceString ); extern char *get_error(void) { LPVOID lpMsgBuf; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL); return (lpMsgBuf); } MIB_TCPTABLE *GetTcpTable(HANDLE hTcpPort) { PMIB_TCPTABLE RTcpTable=NULL; TCP_REQUEST_QUERY_INFORMATION_EX req={0}; MIB_TCPROW *TcpTable=NULL; MIB_TCPSTATS TcpStats={0}; IO_STATUS_BLOCK IoStatusBlockStats={0}; IO_STATUS_BLOCK IoStatusBlockTable={0}; NTSTATUS Status=0; DWORD arrayLen=0; DWORD numconn=0; HANDLE hEven2=NULL; hEven2=CreateEventW(0,1,0,0); //netstat //http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp req.ID.toi_entity.tei_instance = 0; req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL; req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER; req.ID.toi_id = 0x1; //TCP_STATS_ID; Status = NtDeviceIoControlFile( hTcpPort, hEven2, NULL, NULL, &IoStatusBlockStats, 0x00120003, &req, sizeof(req), &TcpStats, sizeof(TcpStats)); if(!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); fprintf(stderr, "GetTcpStats, Erreur: %s", get_error()); return 0; } RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX)); CloseHandle(hEven2); arrayLen = TcpStats.dwNumConns * sizeof(MIB_TCPROW); //TCPAddrEntry TcpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE); hEven2=CreateEventW(0,1,0,0); req.ID.toi_entity.tei_entity = 0x400; //CO_TL_ENTITY; tcp req.ID.toi_entity.tei_instance = 0; req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL; req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER; req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID; Status = NtDeviceIoControlFile( hTcpPort, hEven2, NULL, NULL, &IoStatusBlockTable, 0x00120003, &req, sizeof(req), TcpTable, arrayLen); CloseHandle(hEven2); if(!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); fprintf(stderr, "GetTcpTable, Erreur: %s", get_error()); return 0; } numconn = IoStatusBlockTable.Information/sizeof(MIB_TCPROW); RTcpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_TCPTABLE),MEM_COMMIT,PAGE_READWRITE); RTcpTable->dwNumEntries=numconn; memcpy(RTcpTable->table,TcpTable,arrayLen); VirtualFree(TcpTable,0,MEM_RELEASE); return RTcpTable; } MIB_UDPTABLE *GetUdpTable(HANDLE hUdpPort) { PMIB_UDPTABLE RUdpTable=NULL; TCP_REQUEST_QUERY_INFORMATION_EX req={0}; MIB_UDPROW *UdpTable=NULL; MIB_UDPSTATS UdpStats={0}; IO_STATUS_BLOCK IoStatusBlockStats={0}; IO_STATUS_BLOCK IoStatusBlockTable={0}; NTSTATUS Status=0; //DWORD i; DWORD arrayLen=0; DWORD numconn=0; HANDLE hEven2=NULL; hEven2=CreateEventW(0,1,0,0); //netstat //http://msdn.microsoft.com/library/en-us/devnotes/winprog/ioctl_tcp_query_information_ex.asp req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp req.ID.toi_entity.tei_instance = 0; req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL; req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER; req.ID.toi_id = 0x1; //TCP_STATS_ID; Status = NtDeviceIoControlFile( hUdpPort, hEven2, NULL, NULL, &IoStatusBlockStats, 0x00120003, &req, sizeof(req), &UdpStats, sizeof(UdpStats)); CloseHandle(hEven2); if(!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); fprintf(stderr, "GetUdpStat, Erreur: %s", get_error()); return NULL; } RtlZeroMemory(&req,sizeof(TCP_REQUEST_QUERY_INFORMATION_EX)); arrayLen = UdpStats.dwNumAddrs * sizeof(MIB_UDPROW); //TCPAddrEntry UdpTable = VirtualAlloc(NULL,arrayLen,MEM_COMMIT,PAGE_READWRITE); hEven2=CreateEventW(0,1,0,0); req.ID.toi_entity.tei_entity = 0x401; //CO_TL_ENTITY; udp req.ID.toi_entity.tei_instance = 0; req.ID.toi_class = 0x200; //INFO_CLASS_PROTOCOL; req.ID.toi_type = 0x100; //INFO_TYPE_PROVIDER; req.ID.toi_id = 0x101; //TCP_MIB_ADDRTABLE_ENTRY_ID; Status = NtDeviceIoControlFile( hUdpPort, hEven2, NULL, NULL, &IoStatusBlockTable, 0x00120003, &req, sizeof(req), UdpTable, arrayLen); CloseHandle(hEven2); if(!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); fprintf(stderr, "GetUdpTable, Erreur: %s", get_error()); return NULL; } numconn = IoStatusBlockTable.Information/sizeof(MIB_UDPROW); RUdpTable=VirtualAlloc(NULL,numconn*sizeof(MIB_UDPTABLE),MEM_COMMIT,PAGE_READWRITE); RUdpTable->dwNumEntries=numconn; memcpy(RUdpTable->table,UdpTable,arrayLen); VirtualFree(UdpTable,0,MEM_RELEASE); return RUdpTable; } HANDLE OpenDeviceTcpUdp(BOOL PROTO) { NTSTATUS Status; UNICODE_STRING physmemString; OBJECT_ATTRIBUTES attributes; IO_STATUS_BLOCK iosb; HANDLE pDeviceHandle; if(PROTO) RtlInitUnicodeString(&physmemString, L"\\Device\\TCP"); else RtlInitUnicodeString(&physmemString, L"\\Device\\UDP"); attributes.Length = sizeof(OBJECT_ATTRIBUTES); attributes.RootDirectory = NULL; attributes.ObjectName = &physmemString; attributes.Attributes = 0x40; //OBJ_CASE_INSENSITIVE attributes.SecurityDescriptor = NULL; attributes.SecurityQualityOfService = NULL; Status = ZwOpenFile ( &pDeviceHandle,0x100000, &attributes, &iosb, 3,0); if(!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); fprintf(stderr, "ZwOpenFile, Erreur: %s", get_error()); return NULL; } return pDeviceHandle; } BOOL LoadPrivilege(const char * Privilege) { HANDLE hToken; LUID SEDebugNameValue; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { fprintf(stderr, "OpenProcessToken, Erreur: %s", get_error()); return FALSE; } if (!LookupPrivilegeValue(NULL, Privilege, &SEDebugNameValue)) { fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error()); CloseHandle(hToken); return FALSE; } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = SEDebugNameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL)) { fprintf(stderr, "LookupPrivilegeValue, Erreur: %s", get_error()); CloseHandle(hToken); return FALSE; } CloseHandle(hToken); return TRUE; } void main() { PMIB_TCPTABLE TcpTable=NULL; PMIB_UDPTABLE UdpTable=NULL; HANDLE Tcp=NULL; HANDLE Udp=NULL; DWORD i; DWORD PortTcp=0; DWORD PortUdp=0; if(!LoadPrivilege(SE_DEBUG_NAME)) { fprintf(stderr,"Load Privilege Error...\n"); return; } Tcp=OpenDeviceTcpUdp(TRUE); Udp=OpenDeviceTcpUdp(FALSE); if(Tcp != NULL) TcpTable=GetTcpTable(Tcp); if(Udp != NULL) UdpTable=GetUdpTable(Udp); if( (UdpTable != 0 && TcpTable != 0) ) { for(i=0; i < TcpTable->dwNumEntries; i++) { fprintf(stdout,"TCP %-16s %i\t - ", inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwLocalAddr), ntohs((WORD)TcpTable->table[i].dwLocalPort)); fprintf(stdout,"%-16s %i\n", inet_ntoa(*(struct in_addr *)&TcpTable->table[i].dwRemoteAddr), TcpTable->table[i].dwRemoteAddr == 0? 0:ntohs((WORD)TcpTable->table[i].dwRemotePort)); } for(i=0; i < UdpTable->dwNumEntries; i++) fprintf(stdout,"UDP %-16s %i \t - *:* \n", TcpTable->table[i].dwLocalAddr == 0? "0.0.0.0" :inet_ntoa(*(struct in_addr *)&UdpTable->table[i].dwLocalAddr), UdpTable->table[i].dwLocalPort == 0? 0: ntohs((WORD)UdpTable->table[i].dwLocalPort) ); } if(TcpTable != NULL) VirtualFree(TcpTable,0,MEM_RELEASE); if(UdpTable != NULL) VirtualFree(UdpTable,0,MEM_RELEASE); if(Tcp != NULL) CloseHandle(Tcp); if(Udp != NULL) CloseHandle(Udp); return; }

Conclusion :


laisser vos messages si ca intéess quelqun
a++

Codes Sources

A voir également

Ajouter un commentaire

Commentaires

psyjc
Messages postés
182
Date d'inscription
dimanche 29 juin 2003
Statut
Membre
Dernière intervention
18 avril 2008

Ta source m'interresse.
serait il possible d'avoir une description plus detaillé de ce qu'elle fait (element par element) ?!
Merci.
cs_Nebula
Messages postés
790
Date d'inscription
samedi 8 juin 2002
Statut
Membre
Dernière intervention
7 juin 2007
1
Très intéressante source... Il me semble avoir vu des counters correspondant à ces informations dans la perflib, il faudra que je regarde un de ces quatre : c'est plus "portable" que l'utilisation directe de l'api native ;)
mofo_77
Messages postés
14
Date d'inscription
vendredi 23 juillet 2004
Statut
Membre
Dernière intervention
2 juillet 2005
1
Tu l'as trouvé ou ce code?

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes et codes sources.

Le fait d'être membre vous permet d'avoir des options supplémentaires.