Z5NTS功能之netstat(网络工具)
Author:zfive5(zhaozidong)
Eamil :zfive5@yahoo.com.cn
出于回忆一下网络编程的目的,开始写一个类似nettools的网络工具,当然
不能像nettools那样面面俱到,现在只能完成简单的netstat功能,大部分实现来
自于<<windows网络编程实例>>和网络,以前真的没有注重到iphlpapi.dll有如此
强大的功能!
功能界面如下:
核心代码如下:
typedef DWord (WINAPI *Z5AllocateAndGetTcpExTableFromStack)
(
PMIB_TCPTABLEEX *pTcpTable,
BOOL bOrder,
HANDLE hHeap,
DWORD dwZero,
DWORD dwFlag
);
typedef DWORD (WINAPI *Z5AllocateAndGetUdpExTableFromStack)
(
PMIB_UDPTABLEEX *pUdpTable,
BOOL bOrder,
HANDLE hHeap,
DWORD dwZero,
DWORD dwFlag
);
strUCt ZF5NTSLook_S lineS;
m_Line.clear();
Z5AllocateAndGetTcpExTableFromStack pAllocateAndGetTcpExTableFromStack;
Z5AllocateAndGetUdpExTableFromStack pAllocateAndGetUdpExTableFromStack;
char szBUF[1024];
HMODULE hM=NULL;
hM=LoadLibrary("iphlpapi.dll");
if(hM==NULL)
{
return -1;
}
pAllocateAndGetTcpExTableFromStack=(Z5AllocateAndGetTcpExTableFromStack)GetPRocAddress(hM,"AllocateAndGetTcpExTableFromStack");
pAllocateAndGetUdpExTableFromStack=(Z5AllocateAndGetUdpExTableFromStack)GetProcAddress(hM,"AllocateAndGetUdpExTableFromStack");
PMIB_TCPTABLEEX ptcpmib=NULL;
DWORD dwSize=0;
//TCP
if(pAllocateAndGetTcpExTableFromStack(&ptcpmib,TRUE,GetProcessHeap(),2,2)!=NO_ERROR)
{
return -1;
}
UINT i=0;
for(i=0;i< ptcpmib->dwNumEntries;i++)
{
lineS.szLocal="";
lineS.szName="";
lineS.szRemote="";
lineS.szState="";
lineS.szType="";
lineS.dwPID=NULL;
switch(ptcpmib->table[i].dwState)
{
case MIB_TCP_STATE_CLOSED:
lineS.szState="CLOSED";
break;
case MIB_TCP_STATE_LISTEN:
lineS.szState="LISTEN";
break;
case MIB_TCP_STATE_SYN_SENT:
lineS.szState="SYN_SENT";
break;
case MIB_TCP_STATE_SYN_RCVD:
lineS.szState="SYN_RCVD";
break;
case MIB_TCP_STATE_ESTAB:
lineS.szState="ESTAB";
break;
case MIB_TCP_STATE_FIN_WAIT1:
lineS.szState="FIN_WAIT1";
break;
case MIB_TCP_STATE_FIN_WAIT2:
lineS.szState="FIN_WAIT2";
break;
case MIB_TCP_STATE_CLOSE_WAIT:
lineS.szState="CLOSE_WAIT";
break;
case MIB_TCP_STATE_CLOSING:
lineS.szState="CLOSING";
break;
case MIB_TCP_STATE_LAST_ACK:
lineS.szState="LAST_ACK";
break;
case MIB_TCP_STATE_TIME_WAIT:
lineS.szState="TIME_WAIT";
break;
case MIB_TCP_STATE_DELETE_TCB:
lineS.szState="DELETE_TCB";
break;
default:
lineS.szState="UNKNOWN";
break;
}
struct in_addr locIP;
struct in_addr RemIP;
locIP.s_addr=ptcpmib->table[i].dwLocalAddr;
RemIP.s_addr=ptcpmib->table[i].dwRemoteAddr;
sprintf(szBUF,"%s:%u",inet_ntoa(locIP),ntohs(ptcpmib->table[i].dwLocalPort));
lineS.szLocal=szBUF;
if(strcmp(lineS.szState.c_str(),"LISTEN")!=0)
{
sprintf(szBUF,"%s:%u",inet_ntoa(RemIP),ntohs(ptcpmib->table[i].dwRemotePort));
}
else
{
sprintf(szBUF,"%s:%u",inet_ntoa(RemIP),0);
}
lineS.szRemote =szBUF;
lineS.szType="TCP";
lineS.dwPID=ptcpmib->table[i].dwProcessId;
m_Line.push_back(lineS);
}
//UDP
PMIB_UDPTABLEEX pudpmib=NULL;
dwSize=0;
if(pAllocateAndGetUdpExTableFromStack(&pudpmib,TRUE,GetProcessHeap(),2,2)!=NO_ERROR)
{
return -1;
}
for(i=0;i< pudpmib->dwNumEntries;i++)
{
struct in_addr locIP;
lineS.szLocal="";
lineS.szName="";
lineS.szRemote="";
lineS.szState="";
lineS.szType="";
lineS.dwPID=NULL;
locIP.s_addr=pudpmib->table[i].dwLocalAddr;
sprintf(szBUF,"%s:%u",inet_ntoa(locIP),ntohs(pudpmib->table[i].dwLocalPort));
lineS.szLocal=szBUF;
lineS.szType="UDP";
lineS.dwPID=pudpmib->table[i].dwProcessId;
m_Line.push_back(lineS);
}
//Snap
HANDLE hProcessSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap==INVALID_HANDLE_VALUE)
{
return -1;
}
for(i=0;i<m_Line.size();i++)
{
string strName;
PROCESSENTRY32 proEn;
proEn.dwSize=sizeof(proEn);
strName="*.???";
if(::Process32First(hProcessSnap,&proEn))
{
do
{
if(proEn.th32ProcessID==m_Line[i].dwPID)
{
m_Line[i].szName=proEn.szExeFile;
break;
}
} while(::Process32Next(hProcessSnap,&proEn));
}
}
::CloseHandle(hProcessSnap);
if(ptcpmib!=NULL) LocalFree(ptcpmib);
if(pudpmib!=NULL) LocalFree(pudpmib);
if(hM!=NULL) FreeLibrary(hM);
return 0;
下次要在z5nts上加上发送所有类型的icmp数据包的功能:)