[trancexx]

There are situation when you know something is going off from or to your computer and you have no idea what that is or who's doing that. On the other hand, sometimes you are just curious to know (I know I am) what's cooking.

Scrip below is analyzing every connection that your machine have. Either TCP or UDP. It'll give you port numbers, IP addresses, names of the processes issuing connections, their PIDs, locations on HD, user names, connection statuses, and hints on protocols for used ports (so that you know roughly what that connection is or could be).

Script:
 ConnView.au3 (37.33K)
Number of downloads: 398

edit: new script

This post has been edited by trancexx: 09 November 2009 - 01:31 PM

[Beege]

Nice Script. Like it a lot. 5 Stars! :party:

[trancexx]

I like it you like it. Thanks.

[Avian]

trancexx, on 08 November 2009 - 01:38 AM, said:

There are situation when you know something is going off from or to your computer and you have no idea what that is or who's doing that. On the other hand, sometimes you are just curious to know (I know I am) what's cooking.

Scrip below is analyzing every connection that your machine have. Either TCP or UDP. It'll give you port numbers, IP addresses, names of the processes issuing connections, their PIDs, connection statuses, and hints on protocols for used ports (so that you know roughly what that connection is or could be).

Script:
ConnView.au3

Many thanks!! I've always wondered what was going on when the drive activity light was on and I wasn't doing anything. I always wondered if there was something connecting to my PC without my knowledge!

Avian

[trancexx]

The library has been updated.
I'm kidding :lmao:

New script attached.
More informations available for endpoints. 'Elevated Mode' button is now showing its purpose when needed.

With this script I've assimilated a couple of functions written by Manko and wraithdu. They are rewritten to look the way I like it. I fixed Manko's (there were a bug with trying to access unavailable space causing a random crash).

So, what was the joke in the intro? I bet you don't know :P

[UEZ]

Very nice code demonstration again! :graduated:

Btw, you can use netstat -na to get these information from cmd but from your tool it is much more comfortable and it has more infomation.

UEZ

*****

This post has been edited by UEZ: 09 November 2009 - 03:15 PM

[trancexx]

Thanks UEZ.
And a joke?


Btw, netstat.exe is, among others, using functions InternalGetTcpTableWithOwnerModule and InternalGetUdpTableWithOwnerModule but I couldn't find any documentation for those two even though they sound smart.
Never mind, going around sometimes is not that bad.

[UEZ]

trancexx, on 09 November 2009 - 02:31 PM, said:

...
And a joke?
...

A Joke?

UEZ

[trancexx]

UEZ, on 09 November 2009 - 03:15 PM, said:

A Joke?

UEZ

Well yeah, from the post above :muttley:

Ahh, you didn't get it.

[UEZ]

I'm 37 and very often I need a lot of time to understand... :idiot:


UEZ :lol:

[trancexx]

UEZ, on 09 November 2009 - 03:29 PM, said:

I'm 37 and very often I need a lot of time to understand... :idiot:


UEZ :lol:

I'm not 37 and very often I need a lot of time to understand too... but don't tell anyone :shhh: it's a sort of a secret

[mrmacadamia]

I'm not very understand about tcp and udp stuff.
But i think i like it :graduated:

[trancexx]

mrmacadamia, on 10 November 2009 - 09:06 AM, said:

I'm not very understand about tcp and udp stuff.
But i think i like it :graduated:

Very resolutive :mellow:

I just saw that I dropped two 'DllOpen' and one tiny other thing. It makes almost no difference but still, flaw is a flaw.

[MirnesC2]

Ran it, nothing happened. Windows 7 x64, just a heads up.

[trancexx]

MirnesC2, on 15 November 2009 - 04:06 AM, said:

Ran it, nothing happened. Windows 7 x64, just a heads up.

And what's the exit code? Version of AutoIt?

[UEZ]

MirnesC2, on 15 November 2009 - 04:06 AM, said:

Ran it, nothing happened. Windows 7 x64, just a heads up.

How did you run it? With F5 in SciTE or double click?

If yes, then indeed it is crashing in x64 mode! I got error code: AutoIT3.exe ended.rc:-1073741819

I got German version and this is the crash info:

Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: AutoIt3_x64.exe
Anwendungsversion: 3.3.0.0
Anwendungszeitstempel: 4951fa01
Fehlermodulname: AutoIt3_x64.exe
Fehlermodulversion: 3.3.0.0
Fehlermodulzeitstempel: 4951fa01
Ausnahmecode: c0000005
Ausnahmeoffset: 0000000000018660
Betriebsystemversion: 6.1.7600.2.0.0.256.1
Gebietsschema-ID: 1031
Zusatzinformation 1: d9e9
Zusatzinformation 2: d9e98e26e5862e4b8c1835bc653abe12
Zusatzinformation 3: 1735
Zusatzinformation 4: 1735faf7dba7c27eea43b7a3330f19b3


But if you compile it and start it afterwards it is working because it will started as x32 not x64 native version!

UEZ

This post has been edited by UEZ: 15 November 2009 - 12:31 PM

[trancexx]

That's 'Access Violation'.
Interesting. Could you or someone with x64 windows try to determine what function is causing the error?

[UEZ]

Probably function Func _ProcessList() is causing "access violation" in for next loop

[ autoIt ]    ( Popup )

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _
                "dword ProcessId;" & _
                "ptr ProcessName;" & _
                "ptr UserSid", _
                $aCall[4] + ($i - 1) * 16) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next
 

Maybe other functions are also not working but this is the 1st one!

UEZ

This post has been edited by UEZ: 15 November 2009 - 08:02 PM

[trancexx]

Well, can you fix it? I'm 32-bit only.


edit:
I just spotted a strange bug(?) with AutoIt when 'thinking' what you wrote. Will report it to get an explanation on the behavior.

This post has been edited by trancexx: 15 November 2009 - 04:35 PM

[UEZ]

If you can put your brain in my head, I will do it! I'm a noob in this kind of stuff!

But I will try it anyway. Don't expect a successfull result...

UEZ