/// <summary>
/// 读内存字节集
/// </summary>
/// <param name="ProcessID">进程ID,-1为自进程</param>
/// <param name="Address">地址 无符号整数型</param>
/// <param name="Size">读取长度 0为智能读取</param>
/// <returns>返回字节数组,失败返回空字节集</returns>
public static byte[] ReadMemByteArray(int ProcessID, uint Address, int Size)
{
//声明变量
int a, t_size = 0;
IntPtr handle = new IntPtr();
ReadWriteAPI.MemAttribute mematt = new ReadWriteAPI.MemAttribute();
t_size = Size;
if (ProcessID == -1) //-1读取自进程
{
handle = ProcessAPI.GetCurrentProcess();
}
else
{
handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄
}
if (t_size == 0) //大小为0智能读取
{
ReadWriteAPI.VirtualQueryEx(handle, Address, mematt, 28);
t_size = mematt.Size + mematt.RegBaseAdd - (int)Address;
}
byte[] temp = new byte[t_size];
a = ReadWriteAPI.ReadProcessMemory(handle, Address, temp, t_size, 0);
ProcessAPI.CloseHandle(handle); //关闭对象
if (a != 0)
{
return(temp);
}
else
{
byte[] falsedata = new byte[1]; //失败返回空字节集
return(falsedata);
}
}
public static int ClrExcute(string paramstr)
{
try
{
//加载DLL
LoadDlls();
if (ProcessAPI.GetProcessModule(Process.GetCurrentProcess().Id).Any(m => m.ModuleName == "ClrLoader.dll"))
{
CMethod2();
}
else
{
//c# 调用c++函数
CMethod();
//c++调用c#函数
SetCallback(_cCallback);
}
JsonConvert.DeserializeObject("{}");
Console.ReadKey();
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return(1);
}
/// <summary>
/// 读内存整数型
/// </summary>
/// <param name="ProcessID">进程ID,-1为自进程</param>
/// <param name="Address">地址 无符号整数型</param>
/// <returns>返回读取值,失败返回-1</returns>
public static int ReadMemInt(int ProcessID, uint Address)
{
//声明变量
int a = 0;
byte[] temp = new byte[4];
IntPtr handle = new IntPtr();
if (ProcessID == -1) //-1读取自进程
{
handle = ProcessAPI.GetCurrentProcess();
}
else
{
handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄
}
a = ReadWriteAPI.ReadProcessMemory(handle, Address, temp, 4, 0);
ProcessAPI.CloseHandle(handle); //关闭对象
if (a == 0)
{
return(-1); //读取失败返回-1
}
else
{
return(BitConverter.ToInt32(temp, 0));
}
}
/// <summary>
/// 写内存整数型
/// </summary>
/// <param name="ProcessID">进程ID,-1为自进程</param>
/// <param name="Address">地址 无符号整数型</param>
/// <param name="Data">写入数据</param>
/// <returns>返回是否成功</returns>
public static bool WriteMemInt(int ProcessID, uint Address, int Data)
{
//声明变量
int a = 0;
IntPtr handle = new IntPtr();
byte[] temp = new byte[4];
temp = BitConverter.GetBytes(Data);
if (ProcessID == -1) //-1为自进程
{
handle = ProcessAPI.GetCurrentProcess();
}
else
{
handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄
}
a = ReadWriteAPI.WriteProcessMemory(handle, Address, temp, 4, 0);
ProcessAPI.CloseHandle(handle); //关闭对象
if (a == 0) //返回bool型
{
return(false);
}
else
{
return(true);
}
}
/// <summary>
/// 写内存字节集
/// </summary>
/// <param name="ProcessID">进程ID,-1为自进程</param>
/// <param name="Address">地址 无符号整数型</param>
/// <param name="Data">写入数据 字节数组型</param>
/// <param name="Size">写入长度 0为完整长度</param>
/// <returns>返回是否成功</returns>
public static bool WriteMemByteArray(int ProcessID, uint Address, byte[] Data, int Size)
{
//声明变量
int a = 0;
IntPtr handle = new IntPtr();
if (ProcessID == -1) //-1为自进程
{
handle = ProcessAPI.GetCurrentProcess();
}
else
{
handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄
}
if (Size == 0)
{
a = ReadWriteAPI.WriteProcessMemory(handle, Address, Data, Data.Length, 0);
}
else
{
a = ReadWriteAPI.WriteProcessMemory(handle, Address, Data, Size, 0);
}
ProcessAPI.CloseHandle(handle); //关闭对象
if (a == 0) //返回bool型
{
return(false);
}
else
{
return(true);
}
}
private void NetDetailForm_Load(object sender, EventArgs e)
{
#region 启动任务
IP = GetIP();
Task.Factory.StartNew(() =>
{
try
{
while (!this.IsDisposed)
{
GetNetProcess();
this.dataGridView1.Invoke(new Action(() =>
{
foreach (var p in netProcesses)
{
bool inView = false;
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
if (dataGridView1.Rows[i].Cells["Column3"].Value.ToString() == p.ProcessID.ToString())
{
inView = true;
dataGridView1.Rows[i].Cells["Column4"].Value = ByteConvertTool.Fmt(p.UpLoad) + "/s";
dataGridView1.Rows[i].Cells["Column7"].Value = ByteConvertTool.Fmt(p.UpLoadCount);
dataGridView1.Rows[i].Cells["Column5"].Value = ByteConvertTool.Fmt(p.DownLoad) + "/s";
dataGridView1.Rows[i].Cells["Column8"].Value = ByteConvertTool.Fmt(p.DownLoadCount);
dataGridView1.Rows[i].Cells["Column6"].Value = ByteConvertTool.Fmt(p.UpLoadCount + p.DownLoadCount);
}
}
if (!inView)
{
dataGridView1.Rows.Add(new object[] {
p.ProcessICon,
ProcessAPI.GetProcessNameByPID(p.ProcessID),
p.ProcessID.ToString(),
ByteConvertTool.Fmt(p.UpLoad) + "/s",
ByteConvertTool.Fmt(p.UpLoadCount),
ByteConvertTool.Fmt(p.DownLoad) + "/s",
ByteConvertTool.Fmt(p.DownLoadCount),
ByteConvertTool.Fmt(p.UpLoadCount + p.DownLoadCount)
});
}
}
}));
CalcBagFlow();
this.status.Invoke(new Action(() =>
{
status.Text = string.Format("信息:IP:{0},上传流量:{1},下载流量:{2}",
IP, ByteConvertTool.Fmt(NetWorkService.NowSent), ByteConvertTool.Fmt(NetWorkService.NowReceived));
status.Text += string.Format(",单位时间:{0}分钟,上传流量:{1},下载流量:{2},下次刷新时间:{3}",
NetWorkService.ThresholdTime, ByteConvertTool.Fmt(NetWorkService.UnitSent), ByteConvertTool.Fmt(NetWorkService.UnitReceived), NetWorkService.CalcTime.ToString("yyyy-MM-dd HH:mm:ss"));
}));
Thread.Sleep(1000);
}
}
catch { }
});
CaptureInit();
Task.Factory.StartNew(() => { try { _rs.Capture(); } catch { } });
#endregion
}
/// <summary>
/// 读内存整数型2
/// </summary>
/// <param name="ProcessID">进程ID</param>
/// <param name="Address">地址</param>
/// <param name="Offsets">偏移量 整数数组</param>
/// <returns>返回读取值,失败返回-1</returns>
public static int ReadMemInt2(int ProcessID, uint Address, uint[] Offsets)
{
//声明变量
int t_data = 0;
uint t_add = Address;
IntPtr handle = new IntPtr();
if (ProcessID == -1) //-1读取自进程
{
handle = ProcessAPI.GetCurrentProcess();
}
else
{
handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄
}
for (int i = 0; i < Offsets.Length; i++)
{
t_data = ReadMemInt(ProcessID, t_add);
t_add = (uint)t_data + Offsets[i];
}
t_data = ReadMemInt(ProcessID, t_add);
ProcessAPI.CloseHandle(handle); //关闭对象
if (t_data == 0)
{
return(-1); //失败返回-1
}
else
{
return(t_data);
}
}
static void Main(string[] args)
{
var strPid = args.Length > 0 ? args[0] : null;
if (int.TryParse(strPid, out int pid))
{
RemoteExcuteAPI.InjectDLL(pid, InjectNativeDll);
ProcessAPI.LoadLibrary(InjectNativeDll);
var module = ProcessAPI.GetProcessModule(Process.GetCurrentProcess().Id).First(m => m.ModuleName == InjectNativeDll);
var startProc = ProcessAPI.GetProcAddress(module.BaseAddress, "Start") - (int)module.BaseAddress;
var remotModule = ProcessAPI.GetProcessModule(pid).First(m => m.ModuleName == InjectNativeDll);
RemoteExcuteAPI.ExcuteRemoteFunction(pid, remotModule.BaseAddress + (int)startProc, Encoding.Unicode.GetBytes(Directory.GetCurrentDirectory() + "\\" + InjectSharpDll));
}
}
private void endProcessToolStripMenuItem_Click(object sender, EventArgs e)
{
if (MessageBox.Show(this, "确定要关闭此进程吗?", "SocketsViewer", MessageBoxButtons.YesNo, MessageBoxIcon.Asterisk, MessageBoxDefaultButton.Button2) == DialogResult.Yes)
{
try
{
var row = dataGridView1.Rows[dataGridView1.SelectedCells[0].RowIndex];
var pid = int.Parse(row.Cells[0].Value.ToString());
ProcessAPI.GetProcessByPID(pid).Kill();
dataGridView1.Rows.Remove(row);
}
catch { }
}
}
public static void SendProConnRecord(ProConnRecordBag rec)
{
try
{
rec.Name = ProcessAPI.GetProcessNameByPID(int.Parse(rec.Name));
if (!string.IsNullOrWhiteSpace(rec.Name) && rec.Name.ToLower() != "idle")
{
string rsJson = JsonTool.ToStr(rec);
string path = R.Paths.BasePath + @"ProConnRec";
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
//Write(string.Format(path + @"\{0}-{1}.txt", DateTime.Now.ToString("yyyyMMddHHmmss"), rec.Name), rsJson);
SendHelper.Send("43", rsJson);
}
}
catch { }
}
static void Main(string[] args)
{
var pid = Process.GetProcessesByName("DemoWinFormApp").First().Id;
if (!File.Exists(InjectNativeDll))
{
Console.WriteLine($"{InjectNativeDll} not exists!");
return;
}
ProcessAPI.LoadLibrary(InjectNativeDll);
var module = ProcessAPI.GetProcessModule(Process.GetCurrentProcess().Id).FirstOrDefault(m => m.ModuleName == InjectNativeDll);
if (module == null)
{
Console.WriteLine("locale native dll load failed!");
return;
}
var startProc = ProcessAPI.GetProcAddress(module.BaseAddress, "LoadClrLibrary") - (int)module.BaseAddress;
RemoteExcuteAPI.InjectDLL(pid, Directory.GetCurrentDirectory() + "\\" + InjectNativeDll);
WindowsApi.ProcessModule remotModule = null;
for (int i = 0; i < 10 && remotModule == null; i++)
{
remotModule = ProcessAPI.GetProcessModule(pid).FirstOrDefault(m => m.ModuleName == InjectNativeDll);
if (remotModule == null)
{
Thread.Sleep(100);
}
}
if (remotModule == null)
{
Console.WriteLine("remote native dll load failed!");
return;
}
if (!RemoteExcuteAPI.ExcuteRemoteFunction(pid, remotModule.BaseAddress + (int)startProc, GetParamAddress))
{
Console.WriteLine("excute remote function failed!");
}
}
private static void AddTCPNetProcess(TcpRow item)
{
try
{
var _netProcess = netProcesses.FirstOrDefault(x => x.ProcessID == item.owningPid);
if (_netProcess == null)
{
_netProcess = new NetProcess()
{
ProcessID = item.owningPid
};
netProcesses.Add(_netProcess);
}
if (_netProcess.Ports.FirstOrDefault(x => x.Port == item.LocalPort) == null)
{
_netProcess.ProcessICon = ProcessAPI.GetIcon(item.owningPid, true);
}
_netProcess.Ports.Add(GetTcpProcessPort(item));
}
catch (Exception e)
{
}
}
private void AddUDPNetProcess(UdpRow item)
{
try
{
var _netProcess = netProcesses.FirstOrDefault(x => x.ProcessID == item.owningPid);
if (_netProcess == null)
{
_netProcess = new NetProcess()
{
ProcessID = item.owningPid, ProcessName = ProcessAPI.GetProcessNameByPID(item.owningPid)
};
netProcesses.Add(_netProcess);
}
if (_netProcess.Ports.FirstOrDefault(x => x.Port == item.LocalPort) == null)
{
_netProcess.ProcessICon = ProcessAPI.GetIcon(item.owningPid, true);
_netProcess.Ports.Add(GetUDPProcessPort(item));
}
}
catch (Exception e)
{
}
}
private static void AddTCPNetPro(TcpRow item, List <NetProcess> proList)
{
try
{
var _netProcess = proList.FirstOrDefault(x => x.ProcessID == item.owningPid);
if (_netProcess == null)
{
_netProcess = new NetProcess()
{
ProcessID = item.owningPid, ProcessName = ProcessAPI.GetProcessNameByPID(item.owningPid)
};
proList.Add(_netProcess);
}
if (_netProcess.Ports.FirstOrDefault(x => x.Port == item.LocalPort) == null)
{
_netProcess.ProcessICon = ProcessAPI.GetIcon(item.owningPid, true);
}
_netProcess.Ports.Add(GetTcpProPort(item));
}
catch (Exception e)
{
}
}
public HttpResponseMessage Get(string name, int incoming_date)
{
ProcessAPI api = new ProcessAPI();
return(api.getAllCodes(name, incoming_date));
}
public MulticoreProcess(ProcessAPI.Linux.Process p)
{
process = p;
}
private void button1_Click(object sender, EventArgs e)
{
button1.Enabled = false;
var pName = textBox1.Text;
var lIp = textBox2.Text;
var lPort = textBox3.Text;
var rIp = textBox4.Text;
var rPort = textBox5.Text;
var tps = NetProcessAPI.GetAllTcpConnections();
var ups = NetProcessAPI.GetAllUdpConnections();
dataGridView1.Rows.Clear();
foreach (var p in tps)
{
if (!string.IsNullOrEmpty(pName) && ProcessAPI.GetProcessNameByPID(p.owningPid).IndexOf(pName, StringComparison.OrdinalIgnoreCase) == -1)
{
continue;
}
if (!string.IsNullOrEmpty(lIp) && p.LocalAddress.ToString() != lIp)
{
continue;
}
if (!string.IsNullOrEmpty(lPort) && p.LocalPort.ToString() != lPort)
{
continue;
}
if (!string.IsNullOrEmpty(rIp) && p.RemoteAddress.ToString() != rIp)
{
continue;
}
if (!string.IsNullOrEmpty(rPort) && p.RemotePort.ToString() != rPort)
{
continue;
}
dataGridView1.Rows.Add(new object[] { p.owningPid.ToString(), ProcessAPI.GetIcon(p.owningPid, true), ProcessAPI.GetProcessNameByPID(p.owningPid), "TCP", p.LocalAddress.ToString(), p.LocalPort.ToString(), p.RemoteAddress.ToString(), p.RemotePort.ToString() });
}
if (!string.IsNullOrEmpty(rIp) || !string.IsNullOrEmpty(rPort))
{
button1.Enabled = true;
return;
}
foreach (var p in ups)
{
if (!string.IsNullOrEmpty(pName) && ProcessAPI.GetProcessNameByPID(p.owningPid).IndexOf(pName, StringComparison.OrdinalIgnoreCase) == -1)
{
continue;
}
if (!string.IsNullOrEmpty(lIp) && p.LocalAddress.ToString() != lIp)
{
continue;
}
if (!string.IsNullOrEmpty(lPort) && p.LocalPort.ToString() != lPort)
{
continue;
}
dataGridView1.Rows.Add(new object[] { p.owningPid.ToString(), ProcessAPI.GetIcon(p.owningPid, true), ProcessAPI.GetProcessNameByPID(p.owningPid), "UDP", p.LocalAddress.ToString(), p.LocalPort.ToString(), "", "" });
}
for (int i = 0; i < this.dataGridView1.Rows.Count; i++)
{
DataGridViewRow r = this.dataGridView1.Rows[i];
r.HeaderCell.Value = string.Format("{0}", i + 1);
}
this.dataGridView1.Refresh();
button1.Enabled = true;
}
private void button1_Click(object sender, EventArgs e)
{
dataGridView1.Rows.Clear();
//tcp
if (this.comboBox1.SelectedText == "" || this.comboBox1.SelectedText == "全部" || this.comboBox1.SelectedText == "TCP")
{
var processNames = new List <string>();
var allConns = NetProcessAPI.GetAllTcpConnections();
//pid
if (!string.IsNullOrEmpty(this.textBox1.Text))
{
var t = this.textBox1.Text.Split(',');
foreach (var p in t)
{
if (Int64.TryParse(p.Trim(), out long pid))
{
allConns = allConns.Where(x => x.owningPid == pid).ToArray();
}
else
{
processNames.Add(p.Trim());
}
}
}
//local port
if (!string.IsNullOrEmpty(this.textBox2.Text))
{
var t = this.textBox2.Text.Split(',');
foreach (var p in t)
{
if (Int32.TryParse(p.Trim(), out int port))
{
allConns = allConns.Where(x => x.LocalPort == port).ToArray();
}
}
}
//remote port
if (!string.IsNullOrEmpty(this.textBox3.Text))
{
var t = this.textBox3.Text.Split(',');
foreach (var p in t)
{
if (Int32.TryParse(p.Trim(), out int port))
{
allConns = allConns.Where(x => x.RemotePort == port).ToArray();
}
}
}
if (allConns.Any())
{
foreach (var p in allConns)
{
var pname = ProcessAPI.GetProcessNameByPID(p.owningPid);
if (!processNames.Any() || processNames.Any(x => x.ToLower().Contains(pname.ToLower())))
{
var icon = ProcessAPI.GetIcon(p.owningPid, true);
dataGridView1.Rows.Add(new object[]
{
icon,
pname + " " + p.owningPid,
"TCP",
p.LocalAddress.ToString(),
p.LocalPort.ToString(),
p.RemoteAddress.ToString(),
p.RemotePort.ToString(),
p.state.ToString()
});
}
}
}
}
//udp
if (this.comboBox1.SelectedText == "" || this.comboBox1.SelectedText == "全部" || this.comboBox1.SelectedText == "UDP")
{
var allUconns = NetProcessAPI.GetAllUdpConnections();
var processNames = new List <string>();
//pid
if (!string.IsNullOrEmpty(this.textBox1.Text))
{
var t = this.textBox1.Text.Split(',');
foreach (var p in t)
{
if (Int64.TryParse(p.Trim(), out long pid))
{
allUconns = allUconns.Where(x => x.owningPid == pid).ToArray();
}
else
{
processNames.Add(p.Trim());
}
}
}
//local port
if (!string.IsNullOrEmpty(this.textBox2.Text))
{
var t = this.textBox2.Text.Split(',');
foreach (var p in t)
{
if (Int32.TryParse(p.Trim(), out int port))
{
allUconns = allUconns.Where(x => x.LocalPort == port).ToArray();
}
}
}
if (allUconns != null)
{
foreach (var p in allUconns)
{
var pname = ProcessAPI.GetProcessNameByPID(p.owningPid);
if (!processNames.Any() || processNames.Any(x => pname.ToLower().Contains(x.ToLower())))
{
var icon = ProcessAPI.GetIcon(p.owningPid, true);
dataGridView1.Rows.Add(new object[]
{
icon,
pname + " " + p.owningPid,
"UDP",
p.LocalAddress.ToString(),
p.LocalPort.ToString(),
"-",
"-",
"-"
});
}
}
}
}
}
