public static MIB_TCPROW_OWNER_PID[] GetTable() { MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; int buffSize = 0; uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) { return(null); } MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { Marshal.FreeHGlobal(buffTable); } return(tTable); }
private static IEnumerable <MIB_TCPROW_OWNER_PID> EnumTcpConnectionsV4() { int dwSize = sizeof(int) + Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)) * 100; IntPtr hTcpTable; { hTcpTable = Marshal.AllocHGlobal(dwSize); int ret = GetExtendedTcpTable(hTcpTable, ref dwSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_CONNECTIONS, 0); if (ret != NO_ERROR) { // retry for new dwSize. Marshal.FreeHGlobal(hTcpTable); hTcpTable = Marshal.AllocHGlobal(dwSize); ret = GetExtendedTcpTable(hTcpTable, ref dwSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_CONNECTIONS, 0); if (ret != NO_ERROR) { Marshal.FreeHGlobal(hTcpTable); throw new Exception("GetExtendedTcpTable return: " + ret); } } } { MIB_TCPROW_OWNER_PID item = new MIB_TCPROW_OWNER_PID(); int dwNumEntries = Marshal.ReadInt32(hTcpTable); IntPtr pItem = new IntPtr(hTcpTable.ToInt64() + sizeof(int)); for (int i = 0; i < dwNumEntries; ++i) { Marshal.PtrToStructure(pItem, item); pItem = new IntPtr(pItem.ToInt64() + Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID))); yield return(item); } Marshal.FreeHGlobal(hTcpTable); } }
public static MIB_TCPROW_OWNER_PID[] GetTable() { MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; int buffSize = 0; uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) return null; MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { Marshal.FreeHGlobal(buffTable); } return tTable; }
static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { MIB_TCPROW_OWNER_PID[] rows; int AF_INET = 2; // IP_v4 uint buff_size = 0; uint ret = SafeNativeMethods.GetExtendedTcpTable(IntPtr.Zero, ref buff_size, true, AF_INET, SafeNativeMethods.TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); IntPtr buffTable = Marshal.AllocHGlobal((int)buff_size); try { ret = SafeNativeMethods.GetExtendedTcpTable(buffTable, ref buff_size, true, AF_INET, SafeNativeMethods.TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) return null; var tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr row_ptr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); rows = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { var row = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(row_ptr, typeof(MIB_TCPROW_OWNER_PID)); rows[i] = row; row_ptr = (IntPtr)((long)row_ptr + Marshal.SizeOf(row)); } } finally { Marshal.FreeHGlobal(buffTable); } return rows; }
/// <summary> /// 从MIB_TCPROW_OWNER_PID对象获得数据 /// </summary> /// <param name="row">MIB_TCPROW_OWNER_PID</param> /// <returns></returns> internal static TcpPort FromTcpRow(MIB_TCPROW_OWNER_PID row) { int port = IPAddress.NetworkToHostOrder((short)row.LocalPort); var pid = (int)row.OwningPid; return(new TcpPort(port, pid)); }
public static bool GetPerTcpConnectionEStats_Path(MIB_TCPROW_OWNER_PID row, ref TCP_ESTATS_PATH_ROD_v0 rod) { var rw = new TCP_ESTATS_PATH_RW_v0(); if (!GetPerTcpConnectionEStats(row, TCP_ESTATS_TYPE.TcpConnectionEstatsPath, ref rw, ref rod)) { return(false); } if (rw.EnableCollection) { return(true); } rw.EnableCollection = true; if (!SetPerTcpConnectionEStats(row, TCP_ESTATS_TYPE.TcpConnectionEstatsPath, ref rw, nameof(rw.EnableCollection))) { return(false); } if (!GetPerTcpConnectionEStats(row, TCP_ESTATS_TYPE.TcpConnectionEstatsPath, ref rw, ref rod)) { return(false); } return(rw.EnableCollection); }
public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; // IP_v4 int buffSize = 0; // how much memory do we need? uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0 && ret != 122) // 122 insufficient buffer size { throw new Exception("bad ret on check " + ret); } IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { throw new Exception("bad ret " + ret); } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure( buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal .PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; // next entry rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(tTable); }
public static List <TcpRecordPid> GetAllTcpConnections() { int AF_INET = 2; // IP_v4 int buffSize = 0; // getting the memory size needed uint val = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (val != 0 && val != 122) { throw new Exception("invalid size " + val); } IntPtr buffTable = Marshal.AllocHGlobal(buffSize); List <TcpRecordPid> lstRecords = new List <TcpRecordPid>(); try { val = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (val != 0) { throw new Exception("ivalid data " + val); } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID tcpTable = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tcpTable.dwNumEntries)); //tTable = new MIB_TCPROW_OWNER_PID[tcpTable.dwNumEntries]; for (int i = 0; i < tcpTable.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); //tTable[i] = tcpRow; lstRecords.Add(new TcpRecordPid( new IPAddress(tcpRow.localAddr), new IPAddress(tcpRow.remoteAddr), BitConverter.ToUInt16(new byte[2] { tcpRow.localPort2, tcpRow.localPort1 }, 0), // reverse order BitConverter.ToUInt16(new byte[2] { tcpRow.remotePort2, tcpRow.remotePort1 }, 0), // reverse order tcpRow.owningPid, tcpRow.state)); // next entry rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(lstRecords); }
private TcpConnectionInformation2(MIB_TCPROW_OWNER_PID row) { State = (TcpState)row.state; var port = (row.localPort1 << 8) | row.localPort2; var port2 = (State != TcpState.Listen) ? ((row.remotePort1 << 8) | row.remotePort2) : 0; LocalEndPoint = new IPEndPoint(row.localAddr, port); RemoteEndPoint = new IPEndPoint(row.remoteAddr, port2); ProcessId = row.owningPid; }
//public TcpRow[] GetAllTcpConnections() public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { if (getAllTcpConnections_cached == null || getAllTcpConnections_cached_lastTime + new TimeSpan(0, 0, 1) < DateTime.Now) { // TcpRow is my own class to display returned rows in a nice manner. // TcpRow[] tTable; MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; // IP_v4 int buffSize = 0; // how much memory do we need? uint ret = NativeMethods.GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = NativeMethods.GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) { return(new MIB_TCPROW_OWNER_PID[0]); } // get the number of entries in the table //MibTcpTable tab = (MibTcpTable)Marshal.PtrToStructure(buffTable, typeof(MibTcpTable)); MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); //IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.numberOfEntries) ); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); // buffer we will be returning //tTable = new TcpRow[tab.numberOfEntries]; tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; //for (int i = 0; i < tab.numberOfEntries; i++) for (int i = 0; i < tab.dwNumEntries; i++) { //MibTcpRow_Owner_Pid tcpRow = (MibTcpRow_Owner_Pid)Marshal.PtrToStructure(rowPtr, typeof(MibTcpRow_Owner_Pid)); MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); //tTable[i] = new TcpRow(tcpRow); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } getAllTcpConnections_cached = tTable; getAllTcpConnections_cached_lastTime = DateTime.Now; } return(getAllTcpConnections_cached); }
public static IEnumerable <ActiveConnectionDto> GetTcpConnections(int processId) { MIB_TCPROW_OWNER_PID[] tTable; var AF_INET = 2; // IP_v4 var buffSize = 0; // how much memory do we need? var ret = NativeMethods.GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0 && ret != 122) // 122 insufficient buffer size { throw new Exception("bad ret on check " + ret); } var buffTable = Marshal.AllocHGlobal(buffSize); try { ret = NativeMethods.GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { throw new Exception("bad ret " + ret); } // get the number of entries in the table var tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); var rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (var i = 0; i < tab.dwNumEntries; i++) { var tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; // next entry rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(tTable.Where(x => x.owningPid == processId).Select(x => new ActiveConnectionDto { ProtocolName = ProtocolName.Tcp, LocalAddress = IntToIp(x.localAddr), LocalPort = x.LocalPort, RemoteAddress = IntToIp(x.remoteAddr), RemotePort = x.RemotePort, State = ConvertToState(x.state) })); }
//return the MIB_TCPROW_OWNER_PID array as connection public MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; // IP_v4 int buffSize = 0; // what the size of the memory we need to allocate for the table? uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); //set pointer to buffer IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { //getting the buffer ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { return(null); } //convert pointer to MIB_TCPTABLE_OWNER_PID pointer MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; //reading the row from buffer using next position pointer //size of MIB_TCPROW_OWNER_PID for (int i = 0; i < tab.dwNumEntries; i++) { //convert pointer to MIB_TCPROW_OWNER_PID pointer MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); //save row in table tTable[i] = tcpRow; //go to the next entry. rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { // clear buffer Marshal.FreeHGlobal(buffTable); } return(tTable); }
//public TcpRow[] GetAllTcpConnections() public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { // TcpRow is my own class to display returned rows in a nice manner. // TcpRow[] tTable; MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; // IP_v4 int buffSize = 0; // how much memory do we need? uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { return null; } // get the number of entries in the table //MibTcpTable tab = (MibTcpTable)Marshal.PtrToStructure(buffTable, typeof(MibTcpTable)); MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); //IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.numberOfEntries) ); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); // buffer we will be returning //tTable = new TcpRow[tab.numberOfEntries]; tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; //for (int i = 0; i < tab.numberOfEntries; i++) for (int i = 0; i < tab.dwNumEntries; i++) { //MibTcpRow_Owner_Pid tcpRow = (MibTcpRow_Owner_Pid)Marshal.PtrToStructure(rowPtr, typeof(MibTcpRow_Owner_Pid)); MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); //tTable[i] = new TcpRow(tcpRow); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return tTable; }
public MIB_TCPROW_OWNER_PID[] SelectAllTcpConnections() { MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; // IP_v4 int buffSize = 0; // calculate memory usage uint res = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { res = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (res != 0) { return(null); } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); // buffer we will be returning tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; //getting the next entry // C/C++ baseAddress+= sizeof( MIB_TCPROW_OWNER_PID); rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(tTable); }
public static bool GetPerTcpConnectionEStats <TRW, TROD>(MIB_TCPROW_OWNER_PID row, TCP_ESTATS_TYPE statsType, ref TRW rw, ref TROD rod) { var buffRow = IntPtr.Zero; var buffRW = IntPtr.Zero; var buffROD = IntPtr.Zero; try { buffRow = Marshal.AllocHGlobal(Marshal.SizeOf(row)); Marshal.StructureToPtr(row, buffRow, false); buffRW = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRW))); buffROD = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TROD))); var result = GetPerTcpConnectionEStats(buffRow, statsType, buffRW, 0, (uint)Marshal.SizeOf(typeof(TRW)), IntPtr.Zero, 0, 0, buffROD, 0, (uint)Marshal.SizeOf(typeof(TROD))); if (result != 0) { return(false); } rw = (TRW)Marshal.PtrToStructure(buffRW, typeof(TRW)); rod = (TROD)Marshal.PtrToStructure(buffROD, typeof(TROD)); } finally { // Free the Memory if (buffRow != IntPtr.Zero) { Marshal.FreeHGlobal(buffRow); } if (buffRW != IntPtr.Zero) { Marshal.FreeHGlobal(buffRW); } if (buffROD != IntPtr.Zero) { Marshal.FreeHGlobal(buffROD); } } return(true); }
public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { MIB_TCPROW_OWNER_PID[] tcpConnectionRows; int AF_INET = 2; // IPv4 int buffSize = 0; // use WinAPI GetExtendedTcpTable to query all active tcp connection information uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0 && ret != 122) // 122 means insufficient buffer size { throw new Exception("Error occurred when trying to query tcp table, return code: " + ret); } IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { throw new Exception("Error occurred when trying to query tcp table, return code: " + ret); } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID table = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(table.dwNumEntries)); tcpConnectionRows = new MIB_TCPROW_OWNER_PID[table.dwNumEntries]; for (int i = 0; i < table.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tcpConnectionRows[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); } } finally { // free memory Marshal.FreeHGlobal(buffTable); } return(tcpConnectionRows); }
public MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { // TcpRow is my own class to display returned rows in a nice manner. MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; // IP_v4 int buffSize = 0; // how much memory do we need? uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) { return(null); } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); // buffer we will be returning; tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(tTable); }
public static MIB_TCPROW_OWNER_PID[] GetTcpTableEx() { MIB_TCPROW_OWNER_PID[] tTable; int buffSize = 0; // Determine much memory is needed uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, (int)AddressFamily.InterNetwork, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, (int)(int)AddressFamily.InterNetwork, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) { return(null); } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); // buffer we will be returning tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(tTable); }
private static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { const int NO_ERROR = 0; const int IP_v4 = 2; MIB_TCPROW_OWNER_PID[] tTable = null; int buffSize = 0; GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, IP_v4, TCP_TABLE_OWNER_PID_ALL, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { if (NO_ERROR != GetExtendedTcpTable(buffTable, ref buffSize, true, IP_v4, TCP_TABLE_OWNER_PID_ALL, 0)) { return(null); } MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; int rowSize = Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)); for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + rowSize); } } catch { } finally { Marshal.FreeHGlobal(buffTable); } return(tTable); }
public static bool SetPerTcpConnectionEStats <TRW>(MIB_TCPROW_OWNER_PID row, TCP_ESTATS_TYPE statsType, ref TRW rw, string fieldName) { var offset = (uint)Marshal.OffsetOf(typeof(TRW), fieldName); var buffRow = IntPtr.Zero; var buffRW = IntPtr.Zero; try { buffRow = Marshal.AllocHGlobal(Marshal.SizeOf(row)); Marshal.StructureToPtr(row, buffRow, false); buffRW = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRW))); Marshal.StructureToPtr(rw, buffRW, false); var result = SetPerTcpConnectionEStats(buffRow, statsType, buffRW, 0, (uint)Marshal.SizeOf(typeof(TRW)), offset); if (result != 0) { return(false); } } finally { // Free the Memory if (buffRow != IntPtr.Zero) { Marshal.FreeHGlobal(buffRow); } if (buffRW != IntPtr.Zero) { Marshal.FreeHGlobal(buffRW); } } return(true); }
public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections() { MIB_TCPROW_OWNER_PID[] tTable; var buffSize = 0; // how much memory do we need? var ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); var buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL); if (ret != 0) { return(null); } // get the number of entries in the table var tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); var rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (var i = 0; i < tab.dwNumEntries; i++) { var tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } return(tTable); }
/// <summary> /// The main worker thread that does process scanning. Background this so it doesn't interfere with our main thread. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void procListUpdater_DoWork(object sender, System.ComponentModel.DoWorkEventArgs e) { //Make sure we're in Debug Mode so we have access to all processes. Process.EnterDebugMode(); //Change our process priority to Below Normal so we don't eat all the CPU time. Process.GetCurrentProcess().PriorityClass = ProcessPriorityClass.BelowNormal; BackgroundWorker worker = sender as BackgroundWorker; List<Process> procs = new List<Process>(); Process[] all = Process.GetProcesses(); for (int i = 0; i < all.Length; i++) { double pct = (double) i / (double) all.Length; pct = pct * 100; Process p = all[i]; //Report our progress as a percentage of the process list completed. worker.ReportProgress((int)pct,""); //It's important to refresh processes before each check. A full scan is time consuming, and process state can often change in between. p.Refresh(); try { //Check to make sure our process is still there if (!p.HasExited) { //Filter out ourselves as well as the Windows Defender module. Windows Defender will almost always have the signature we're looking for provided AntiPwny is running if (!p.MainModule.FileName.ToLower().Contains("msmpeng")) { //Use a different scan for Java. We still need to look for meterpreter in java as well, because it can be migrated. This will look specifically for Java Meterpreter if (p.ProcessName == "java") { if (Utilities.scanJava(p)) { procs.Add(p); } } //Scan our process for Meterpreter if (Utilities.scanProcess(p)) { procs.Add(p); } } } } catch (Exception f) { Console.WriteLine("Error opening " + p.ProcessName); Console.WriteLine(f.Message); } } //Build our TCP table so we have all connections MIB_TCPROW_OWNER_PID[] table; int inet = 2; int buffSize = 0; uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, inet, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, inet, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { return; } // get the number of entries in the table MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); table = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); table[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { // Free the Memory Marshal.FreeHGlobal(buffTable); } worker.ReportProgress(100, "Scanning Connections"); //Map connections to PIDs for easier lookup Dictionary<int, List<ProcessListObject>> map = new Dictionary<int, List<ProcessListObject>>(); foreach (MIB_TCPROW_OWNER_PID row in table){ List<ProcessListObject> list; map.TryGetValue(row.owningPid, out list); if (list != null) { ProcessListObject temp = new ProcessListObject(); temp.ProcessName = new IPAddress(BitConverter.GetBytes(row.localAddr)).ToString() +" (" + BitConverter.ToUInt16( new byte[2] { row.localPort2, row.localPort1 }, 0) + ")"; temp.ProcessID = "->"; temp.ProcessPath = new IPAddress(BitConverter.GetBytes(row.remoteAddr)).ToString() + " (" + BitConverter.ToUInt16( new byte[2] { row.localPort2, row.localPort1 }, 0) + ")"; list.Add(temp); temp.InternalID = row.owningPid; map.Remove(row.owningPid); map.Add(row.owningPid, list); } else { list = new List<ProcessListObject>(); ProcessListObject temp = new ProcessListObject(); temp.ProcessName = new IPAddress(BitConverter.GetBytes(row.localAddr)).ToString() + " (" + BitConverter.ToUInt16( new byte[2] { row.localPort2, row.localPort1 }, 0) + ")"; temp.ProcessID = "->"; temp.ProcessPath = new IPAddress(BitConverter.GetBytes(row.remoteAddr)).ToString() + " (" + BitConverter.ToUInt16( new byte[2] { row.localPort2, row.localPort1 }, 0) + ")"; list.Add(temp); temp.InternalID = row.owningPid; map.Add(row.owningPid, list); } } List<ProcessListObject> objects = new List<ProcessListObject>(); List<ProcessListObject> reference; //Loop back through the processes we detected with Meterpreter and correlate connections going outbound for display foreach (Process p in procs) { p.Refresh(); if (!p.HasExited) { if (PreventionMode) { builder.Clear(); builder.Append(p.ProcessName); builder.Append(" Killed"); w.write(DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString(), builder.ToString(), "Meterpreter"); p.Kill(); } else { ProcessListObject temp = new ProcessListObject(); temp.ProcessID = p.Id.ToString(); temp.ProcessName = p.ProcessName; temp.ProcessPath = p.MainModule.FileName; temp.InternalID = p.Id; temp.Detected = "Meterpreter"; map.TryGetValue(p.Id, out reference); if (reference != null) { foreach (ProcessListObject t in reference) { t.Parent = temp; } temp.Connections = reference; } else { temp.Connections = null; } objects.Add(temp); } } } worker.ReportProgress(100, "Scanning cmd.exe"); //Looking for reverse shells. They usually manifest as cmd.exe with a parent process running that has the actual reverse connection foreach (Process p in Process.GetProcessesByName("cmd")) { Process par = Utilities.ParentProcessUtilities.GetParentProcess(p.Id); if (par != null) map.TryGetValue(par.Id, out reference); else map.TryGetValue(p.Id, out reference); if (reference != null) { if (PreventionMode) { p.Kill(); w.write(DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString(), "Killed cmd.exe", "Reverse Shell"); } else { ProcessListObject temp = new ProcessListObject(); temp.ProcessID = p.Id.ToString(); temp.ProcessName = p.ProcessName; temp.ProcessPath = p.MainModule.FileName; temp.InternalID = p.Id; temp.Detected = "Reverse Shell"; foreach (ProcessListObject t in reference) { t.Parent = temp; } temp.Connections = reference; objects.Add(temp); } } } worker.ReportProgress(100, "Scanning wscript"); //Look through wscript and cscript, which are almost always used for meterpreter. If we find the command line arguments //contain both temp and .vbs, we can be fairly certain this is a persistence script being called. foreach (Process p in Process.GetProcessesByName("wscript")) { string s = Utilities.GetCmdArguments(p); if (s.ToLower().Contains("temp") && s.ToLower().Contains(".vbs")) { ProcessListObject temp = new ProcessListObject(); temp.ProcessID = p.Id.ToString(); temp.ProcessName = p.ProcessName; temp.ProcessPath = p.MainModule.FileName; temp.InternalID = p.Id; temp.Detected = "Persistence WScript"; temp.Connections = null; objects.Add(temp); } } foreach (Process p in Process.GetProcessesByName("cscript")) { string s = Utilities.GetCmdArguments(p); if (s.ToLower().Contains("temp") && s.ToLower().Contains(".vbs")) { ProcessListObject temp = new ProcessListObject(); temp.ProcessID = p.Id.ToString(); temp.ProcessName = p.ProcessName; temp.ProcessPath = p.MainModule.FileName; temp.InternalID = p.Id; temp.Detected = "Persistence CScript"; temp.Connections = null; objects.Add(temp); } } Process.LeaveDebugMode(); //Exit Debug Mode worker.ReportProgress(100, "Waiting :60 Till Next Scan"); //Report our finished status e.Result = objects; }
private static Connection[] GetTCP() { MIB_TCPROW_OWNER_PID[] tTable; int AF_INET = 2; int buffSize = 0; uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize); try { ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0) { Connection[] con = new Connection[0]; return(con); } MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries]; for (int i = 0; i < tab.dwNumEntries; i++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow; rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry } } finally { Marshal.FreeHGlobal(buffTable); } Connection[] cons = new Connection[tTable.Length]; for (int i = 0; i < tTable.Length; i++) { IPAddress localip = new IPAddress(BitConverter.GetBytes(tTable[i].dwLocalAddr)); IPAddress remoteip = new IPAddress(BitConverter.GetBytes(tTable[i].dwRemoteAddr)); byte[] barray = BitConverter.GetBytes(tTable[i].dwLocalPort); int localport = (barray[0] * 256) + barray[1]; barray = BitConverter.GetBytes(tTable[i].dwRemotePort); int remoteport = (barray[0] * 256) + barray[1]; string state; switch (tTable[i].dwState) { case 1: state = "Closed"; break; case 2: state = "LISTENING"; break; case 3: state = "SYN SENT"; break; case 4: state = "SYN RECEIVED"; break; case 5: state = "ESTABLISHED"; break; case 6: state = "FINSIHED 1"; break; case 7: state = "FINISHED 2"; break; case 8: state = "CLOSE WAIT"; break; case 9: state = "CLOSING"; break; case 10: state = "LAST ACKNOWLEDGE"; break; case 11: state = "TIME WAIT"; break; case 12: state = "DELETE TCB"; break; default: state = "UNKNOWN"; break; } Connection tmp = new Connection(localip, localport, remoteip, remoteport, (int)tTable[i].dwOwningPid, state); cons[i] = (tmp); } return(cons); }
public static List <TcpConnectionInfo> GetTcpConnections(IPVersion ipVersion, Dictionary <int, Process> processesByPid = null) { int bufferSize = 0; List <TcpConnectionInfo> tcpTableRecords = new List <TcpConnectionInfo>(); int ulAf = AF_INET; if (ipVersion == IPVersion.IPv6) { ulAf = AF_INET6; } // Getting the initial size of TCP table. uint result = Iphlpapi.GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, ulAf, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); // Allocating memory as an IntPtr with the bufferSize. IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize); try { // The IntPtr from last call, tcpTableRecoresPtr must be used in the subsequent // call and passed as the first parameter. result = Iphlpapi.GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true, ulAf, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); // If not zero, the call failed. if (result != 0) { return(new List <TcpConnectionInfo>()); } // Marshals data fron an unmanaged block of memory to the // newly allocated managed object 'tcpRecordsTable' of type // 'MIB_TCPTABLE_OWNER_PID' to get number of entries of TCP // table structure. // Determine if IPv4 or IPv6. if (ipVersion == IPVersion.IPv4) { MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(tcpTableRecordsPtr, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr + Marshal.SizeOf(tcpRecordsTable.dwNumEntries)); // Read and parse the TCP records from the table and store them in list // 'TcpConnection' structure type objects. for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID)); // Add row to list of TcpConnetions. tcpTableRecords.Add(new TcpConnectionInfo( Protocol.TCP, new IPAddress(tcpRow.localAddr), new IPAddress(tcpRow.remoteAddr), BitConverter.ToUInt16(new byte[2] { tcpRow.localPort[1], tcpRow.localPort[0] }, 0), BitConverter.ToUInt16(new byte[2] { tcpRow.remotePort[1], tcpRow.remotePort[0] }, 0), tcpRow.owningPid, tcpRow.state, GetProcessNameByPid(tcpRow.owningPid, processesByPid))); tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow)); } } else if (ipVersion == IPVersion.IPv6) { MIB_TCP6TABLE_OWNER_PID tcpRecordsTable = (MIB_TCP6TABLE_OWNER_PID)Marshal.PtrToStructure(tcpTableRecordsPtr, typeof(MIB_TCP6TABLE_OWNER_PID)); IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr + Marshal.SizeOf(tcpRecordsTable.dwNumEntries)); // Read and parse the TCP records from the table and store them in list // 'TcpConnection' structure type objects. for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++) { MIB_TCP6ROW_OWNER_PID tcpRow = (MIB_TCP6ROW_OWNER_PID)Marshal.PtrToStructure(tableRowPtr, typeof(MIB_TCP6ROW_OWNER_PID)); tcpTableRecords.Add(new TcpConnectionInfo( Protocol.TCP, new IPAddress(tcpRow.localAddr, tcpRow.localScopeId), new IPAddress(tcpRow.remoteAddr, tcpRow.remoteScopeId), BitConverter.ToUInt16(new byte[2] { tcpRow.localPort[1], tcpRow.localPort[0] }, 0), BitConverter.ToUInt16(new byte[2] { tcpRow.remotePort[1], tcpRow.remotePort[0] }, 0), tcpRow.owningPid, tcpRow.state, GetProcessNameByPid(tcpRow.owningPid, processesByPid))); tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow)); } } } catch (OutOfMemoryException outOfMemoryException) { throw outOfMemoryException; } catch (Exception exception) { throw exception; } finally { Marshal.FreeHGlobal(tcpTableRecordsPtr); } return(tcpTableRecords != null?tcpTableRecords.Distinct().ToList() : new List <TcpConnectionInfo>()); }
//根据端口找PID private void TrySetProcessId(int port) { int bufferSize = 0; uint result = GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize); try { result = GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true, INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(tcpTableRecordsPtr, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr + Marshal.SizeOf(tcpRecordsTable.dwNumEntries)); for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID)); int localPort = BitConverter.ToUInt16(new byte[2] { tcpRow.localPort[1], tcpRow.localPort[0] }, 0); int remotePort = BitConverter.ToUInt16(new byte[2] { tcpRow.remotePort[1], tcpRow.remotePort[0] }, 0); int pid = tcpRow.owningPid; if (localPort == port) { Process p = Process.GetProcessById(pid); //IE比较烦,要获取最先启动的那个主进程 这里不知道怎么找,暂时通过启动时间找,是否靠谱待验证 if (p.ProcessName == "iexplore") { DateTime time = DateTime.MaxValue; Process[] procs = Process.GetProcessesByName("iexplore"); for (int ii = 0; ii < procs.Length; ii++) { if (time == DateTime.MaxValue) { pid = procs[ii].Id; time = procs[ii].StartTime; continue; } else if (procs[ii].StartTime < time) { pid = procs[ii].Id; time = procs[ii].StartTime; continue; } } } this.ProcessId = pid; break; } tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow)); //IPAddress localIp, IPAddress remoteIp, ushort localPort,ushort remotePort, int pId, MibTcpState state //tcpTableRecords.Add(new TcpProcessRecord( // new IPAddress(tcpRow.localAddr), // new IPAddress(tcpRow.remoteAddr), // BitConverter.ToUInt16(new byte[2] { // tcpRow.localPort[1], // tcpRow.localPort[0] }, 0), // BitConverter.ToUInt16(new byte[2] { // tcpRow.remotePort[1], // tcpRow.remotePort[0] }, 0), // tcpRow.owningPid, tcpRow.state)); } } catch (Exception ex) { } finally { Marshal.FreeHGlobal(tcpTableRecordsPtr); } }
public static List <TcpProcessRecord> GetAllTcpConnections() { int bufferSize = 0; List <TcpProcessRecord> tcpTableRecords = new List <TcpProcessRecord>(); // Getting the size of TCP table, that is returned in 'bufferSize' variable. uint result = GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, AF_INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); // Allocating memory from the unmanaged memory of the process by using the // specified number of bytes in 'bufferSize' variable. IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize); try { // The size of the table returned in 'bufferSize' variable in previous // call must be used in this subsequent call to 'GetExtendedTcpTable' // function in order to successfully retrieve the table. result = GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true, AF_INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL); // Non-zero value represent the function 'GetExtendedTcpTable' failed, // hence empty list is returned to the caller function. if (result != 0) { return(new List <TcpProcessRecord>()); } // Marshals data from an unmanaged block of memory to a newly allocated // managed object 'tcpRecordsTable' of type 'MIB_TCPTABLE_OWNER_PID' // to get number of entries of the specified TCP table structure. MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID) Marshal.PtrToStructure(tcpTableRecordsPtr, typeof(MIB_TCPTABLE_OWNER_PID)); IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr + Marshal.SizeOf(tcpRecordsTable.dwNumEntries)); // Reading and parsing the TCP records one by one from the table and // storing them in a list of 'TcpProcessRecord' structure type objects. for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++) { MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal. PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID)); tcpTableRecords.Add(new TcpProcessRecord( new IPAddress(tcpRow.localAddr), new IPAddress(tcpRow.remoteAddr), BitConverter.ToUInt16(new byte[2] { tcpRow.localPort[1], tcpRow.localPort[0] }, 0), BitConverter.ToUInt16(new byte[2] { tcpRow.remotePort[1], tcpRow.remotePort[0] }, 0), tcpRow.owningPid, tcpRow.state)); tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow)); } } catch (OutOfMemoryException) { } catch (Exception) { } finally { Marshal.FreeHGlobal(tcpTableRecordsPtr); } return(tcpTableRecords != null?tcpTableRecords.Distinct() .ToList <TcpProcessRecord>() : new List <TcpProcessRecord>()); }