public static List<Proc> getProcessTree(PacketStatistic statistic)
{
var relations = new Dictionary<int, List<int>>();
var procs = new Dictionary<int, Proc>();
var searcher = new ManagementObjectSearcher("select * from win32_process");
foreach(var res in searcher.Get())
{
// res info at https://msdn.microsoft.com/en-us/library/aa394372(v=vs.85).aspx
int pid = Convert.ToInt32(res["ProcessId"].ToString());
int ppid = Convert.ToInt32(res["ParentProcessId"].ToString());
string name = res["Name"].ToString();
procs[pid] = new Proc() { processId = pid, parentId = ppid, processName = name };
}
var dataCount = statistic.refreshData();
var pc = new ProcessConnection();
foreach(var con in pc.connections)
{
if (con.pid != 0 && procs.ContainsKey(con.pid)) {
procs[con.pid].connections.Add(con);
if (dataCount.ContainsKey(con))
{
procs[con.pid].speed += dataCount[con];
}
}
}
var children = new HashSet<int>();
foreach(var res in procs)
{
int pid = res.Value.processId;
int ppid = res.Value.parentId;
if (ppid != 0 && procs.ContainsKey(ppid))
{
procs[ppid].children.Add(procs[pid]);
children.Add(pid);
}
}
var result = new List<Proc>();
foreach (var res in procs)
{
if(!children.Contains(res.Key))
{
result.Add(res.Value);
}
}
return result;
}
private void updateView(object sender, System.Timers.ElapsedEventArgs e)
{
rawCaptures = new List<RawCapture>();
var connectsions = new ProcessConnection().getConnectionByPID(pid);
var packets = new List<RawCapture>();
foreach (var con in connectsions)
{
if (statistic.packets.ContainsKey(con))
packets.AddRange(statistic.packets[con]);
}
var newData = new List<List<string>>();
foreach (var rawPacket in packets.OrderBy((p) => p.Timeval))
{
var packet = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data);
var ipV4Packet = (IPv4Packet)packet.Extract(typeof(IPv4Packet));
if (ipV4Packet != null)
{
var data = new List<string>();
var time = rawPacket.Timeval;
var tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket));
var udpPacket = (UdpPacket)packet.Extract(typeof(UdpPacket));
if (tcpPacket != null)
{
rawCaptures.Add(rawPacket);
data.Add(string.Format("{0}.{1}", time.Seconds, time.MicroSeconds));
data.Add(rawPacket.Data.Length.ToString());
data.Add("TCP");
data.Add(ipV4Packet.SourceAddress.ToString());
data.Add(tcpPacket.SourcePort.ToString());
data.Add(ipV4Packet.DestinationAddress.ToString());
data.Add(tcpPacket.DestinationPort.ToString());
}
else if (udpPacket != null)
{
rawCaptures.Add(rawPacket);
data.Add(string.Format("{0}.{1}", time.Seconds, time.MicroSeconds));
data.Add(rawPacket.Data.Length.ToString());
data.Add("UDP");
data.Add(ipV4Packet.SourceAddress.ToString());
data.Add(udpPacket.SourcePort.ToString());
data.Add(ipV4Packet.DestinationAddress.ToString());
data.Add(udpPacket.DestinationPort.ToString());
}
newData.Add(data);
}
}
if (IsDisposed)
return;
this.Invoke(new Action(
()=>{
listView1.BeginUpdate();
listView1.Items.Clear();
foreach (var data in newData)
{
listView1.Items.Add(new ListViewItem(data.ToArray()));
}
listView1.Columns[0].Width = -1;
listView1.Columns[3].Width = -1;
listView1.Columns[5].Width = -1;
listView1.EndUpdate();
if(listView1.Items.Count > 1)
listView1.Items[listView1.Items.Count - 1].EnsureVisible(); //scroll to end;
label1.Text = string.Format("{0} packets", listView1.Items.Count);
}
));
}