Search the Community
Showing results for tags 'getextendedtcptable'.
- 
	Hello, I just made wrapper functions for GetTcpTable() function and GetExtendedTcpTable(). You can use it for netstat like information. #include <Array.au3> Global Enum $TCP_TABLE_BASIC_LISTENER, $TCP_TABLE_BASIC_CONNECTIONS, $TCP_TABLE_BASIC_ALL, $TCP_TABLE_OWNER_PID_LISTENER, $TCP_TABLE_OWNER_PID_CONNECTIONS, _ $TCP_TABLE_OWNER_PID_ALL, $TCP_TABLE_OWNER_MODULE_LISTENER, $TCP_TABLE_OWNER_MODULE_CONNECTIONS, $TCP_TABLE_OWNER_MODULE_ALL ; $TCP_TABLE_OWNER_MODULE_... not working for now Global $aTcpTable = _WinAPI_GetTcpTable() _ArrayDisplay($aTcpTable, "TCP TABLE", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT") Global $aTcpTable_BL = _WinAPI_GetExtendedTcpTable($TCP_TABLE_BASIC_LISTENER) _ArrayDisplay($aTcpTable_BL, "Extended TCP TABLE - Listening only", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT") Global $aTcpTable_PID = _WinAPI_GetExtendedTcpTable($TCP_TABLE_OWNER_PID_ALL) _ArrayDisplay($aTcpTable_PID, "Extended TCP TABLE - PID included", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT|PID") ;~ Global $aTcpTable_Module = _WinAPI_GetExtendedTcpTable($TCP_TABLE_OWNER_MODULE_ALL) ;~ _ArrayDisplay($aTcpTable_Module, "Extended TCP TABLE - Module All", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT|PID|TIMESTAMP") Func _WinAPI_GetTcpTable() ;funkey 2012.12.14 Local Const $aConnState[12] = ["CLOSED", "LISTENING", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "FIN_WAIT1", _ "FIN_WAIT2", "CLOSE_WAIT", "CLOSING", "LAST_ACK", "TIME_WAIT", "DELETE_TCB"] Local $tMIB_TCPTABLE = DllStructCreate("dword[6]") Local $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetTcpTable", "struct*", $tMIB_TCPTABLE, "DWORD*", 0, "BOOL", True) Local $dwSize = $aRet[2] $tMIB_TCPTABLE = DllStructCreate("DWORD[" & $dwSize / 4 & "]") $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetTcpTable", "struct*", $tMIB_TCPTABLE, "DWORD*", $dwSize, "BOOL", True) If $aRet[0] <> 0 Then Return SetError(1) Local $iNumEntries = DllStructGetData($tMIB_TCPTABLE, 1, 1) Local $aRes[$iNumEntries][6] For $i = 0 To $iNumEntries - 1 $aRes[$i][0] = DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 0) $aRes[$i][1] = $aConnState[$aRes[$i][0] - 1] $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 1)) ; local IP / translate $aRes[$i][2] = $aRet[0] $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 2)) ; local port / translate $aRes[$i][3] = $aRet[0] $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 3)) ; remote IP / translate $aRes[$i][4] = $aRet[0] If $aRes[$i][0] <= 2 Then $aRes[$i][5] = 0 Else $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 4)) ; remote port / translate $aRes[$i][5] = $aRet[0] EndIf Next Return $aRes EndFunc ;==>_WinAPI_GetTcpTable Func _WinAPI_GetExtendedTcpTable($iTableClass) ;funkey 2012.12.14 Local Const $aConnState[12] = ["CLOSED", "LISTENING", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "FIN_WAIT1", _ "FIN_WAIT2", "CLOSE_WAIT", "CLOSING", "LAST_ACK", "TIME_WAIT", "DELETE_TCB"] Local Const $AF_INET = 2 Local $tTCPTABLE = 0, $iLoop = 0 Switch Floor($iTableClass / 3) Case 0 $tTCPTABLE = DllStructCreate("DWORD[6]") $iLoop = 5 Case 1 $tTCPTABLE = DllStructCreate("DWORD[7]") $iLoop = 6 Case 2 $tTCPTABLE = DllStructCreate("DWORD[7];INT64;UINT64[16]") $iLoop = 40 EndSwitch Local $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetExtendedTcpTable", "struct*", $tTCPTABLE, "DWORD*", 0, "BOOL", True, "ULONG", $AF_INET, "INT", $iTableClass, "ULONG", 0) Local $dwSize = $aRet[2] $tTCPTABLE = DllStructCreate("DWORD[" & $dwSize / 4 & "]") $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetExtendedTcpTable", "struct*", $tTCPTABLE, "DWORD*", $dwSize, "BOOL", True, "ULONG", $AF_INET, "INT", $iTableClass, "ULONG", 0) If $aRet[0] <> 0 Then Return SetError(1) Local $iNumEntries = DllStructGetData($tTCPTABLE, 1, 1) If $iLoop = 40 Then Local $aRes[$iNumEntries][8] Else Local $aRes[$iNumEntries][$iLoop + 1] EndIf Local $iOffset = 2, $tTemp = 0 If $iLoop = 40 Then $iOffset = 3 For $i = 0 To $iNumEntries - 1 $aRes[$i][0] = DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 0) $aRes[$i][1] = $aConnState[$aRes[$i][0] - 1] $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 1)) ; local IP $aRes[$i][2] = $aRet[0] $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 2)) ; local port $aRes[$i][3] = $aRet[0] $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 3)) ; remote IP $aRes[$i][4] = $aRet[0] If $aRes[$i][0] <= 2 Then $aRes[$i][5] = 0 Else $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 4)) ; remote port $aRes[$i][5] = $aRet[0] EndIf If $iLoop = 6 Or $iLoop = 40 Then $aRes[$i][6] = DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 5) EndIf If $iLoop = 40 Then $tTemp = DllStructCreate("word[8]", DllStructGetPtr($tTCPTABLE, 1) + (($iOffset + $i * $iLoop + 6) * 4)) $aRes[$i][7] = StringFormat("Date: %i.%i.%i", DllStructGetData($tTemp, 1, 1), DllStructGetData($tTemp, 1, 2), DllStructGetData($tTemp, 1, 4)) EndIf Next Return $aRes EndFunc ;==>_WinAPI_GetExtendedTcpTable I hope you like it. But I have problems getting the right timestamps using one of the TCP_TABLE_OWNER_MODULE_... flags. Maybe someone can help me. Greetings from Austria funkey
