Jump to content

Network Connections Viewer


Recommended Posts

This is working:

For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _
                "dword ProcessId;" & _
                "ptr ProcessName;" & _
                "ptr UserSid");, _
                ;$aCall[4] + ($i - 1) * 16) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

I don't know what $aCall[4] + ($i - 1) * 16) is doing exactly!

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to post
Share on other sites
  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

There are situation when you know something is going off from or to your computer and you have no idea what that is or who's doing that. On the other hand, sometimes you are just curious to know (I kn

If you can put your brain in my head, I will do it! I'm a noob in this kind of stuff! But I will try it anyway. Don't expect a successfull result... UEZ

Well now since this has been bumped, I was wondering. Is there a way to get process receive/send bytes over network like procexp?

This is working:

For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _
                "dword ProcessId;" & _
                "ptr ProcessName;" & _
                "ptr UserSid");, _
                ;$aCall[4] + ($i - 1) * 16) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

I don't know what $aCall[4] + ($i - 1) * 16) is doing exactly!

UEZ

That's not ok. It makes no sense to do it that way.

$aCall[4] + ($i - 1) * 16 is moving pointer further 16 bytes with every new $i.

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Took a quick look at it, was playing with this at work. Nice tool, btw.

The problem on x64 systems is related to what others commented out. You are incrementing only 16 bytes for each WTS_PROCESS_INFO struct, but on 64-bit systems, they are not 16 bytes wide, they are larger. Pointers in 64-bit OS's are larger, and since the last 2 members of this struct are pointers, that is where things are getting off.

Best solution I found was to create a single struct for use with it, and increment based on it's size. That will enable it to work fully on both 32-bit and 64-bit OS's.

Here's how that section looks for me now:

Local $tWTS_PROCESS_INFO, $sWTS_PROCESS_INFO = "dword SessionId;dword ProcessId;ptr ProcessName;ptr UserSID"
    Local $pString, $iStringLen
    Local $iStruct_Size = DllStructGetSize(DllStructCreate($sWTS_PROCESS_INFO))

    Local $aOut[$aCall[5] + 1][3]
    $aOut[0][0] = $aCall[5]

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate($sWTS_PROCESS_INFO, _
                $aCall[4] + ($i - 1) * $iStruct_Size) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next
Link to post
Share on other sites

Took a quick look at it, was playing with this at work. Nice tool, btw.

The problem on x64 systems is related to what others commented out. You are incrementing only 16 bytes for each WTS_PROCESS_INFO struct, but on 64-bit systems, they are not 16 bytes wide, they are larger. Pointers in 64-bit OS's are larger, and since the last 2 members of this struct are pointers, that is where things are getting off.

Best solution I found was to create a single struct for use with it, and increment based on it's size. That will enable it to work fully on both 32-bit and 64-bit OS's.

Here's how that section looks for me now:

Local $tWTS_PROCESS_INFO, $sWTS_PROCESS_INFO = "dword SessionId;dword ProcessId;ptr ProcessName;ptr UserSID"
    Local $pString, $iStringLen
    Local $iStruct_Size = DllStructGetSize(DllStructCreate($sWTS_PROCESS_INFO))

    Local $aOut[$aCall[5] + 1][3]
    $aOut[0][0] = $aCall[5]

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate($sWTS_PROCESS_INFO, _
                $aCall[4] + ($i - 1) * $iStruct_Size) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

Yep, I can confirm that your code above is working properly under Win7 x64!

UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to post
Share on other sites

I don't know what I was doing wrong. It's working now and I love it.

Would it be posible for me to use your code in my utilities suit, I promise to give you full credit. If you want me to include a link to your site, I will.

You can take a look at Rizone's Power Tools Here!

Edited by Rizonetech

Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK

Link to post
Share on other sites

Took a quick look at it, was playing with this at work. Nice tool, btw.

The problem on x64 systems is related to what others commented out. You are incrementing only 16 bytes for each WTS_PROCESS_INFO struct, but on 64-bit systems, they are not 16 bytes wide, they are larger. Pointers in 64-bit OS's are larger, and since the last 2 members of this struct are pointers, that is where things are getting off.

Best solution I found was to create a single struct for use with it, and increment based on it's size. That will enable it to work fully on both 32-bit and 64-bit OS's.

Here's how that section looks for me now:

Local $tWTS_PROCESS_INFO, $sWTS_PROCESS_INFO = "dword SessionId;dword ProcessId;ptr ProcessName;ptr UserSID"
    Local $pString, $iStringLen
    Local $iStruct_Size = DllStructGetSize(DllStructCreate($sWTS_PROCESS_INFO))

    Local $aOut[$aCall[5] + 1][3]
    $aOut[0][0] = $aCall[5]

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate($sWTS_PROCESS_INFO, _
                $aCall[4] + ($i - 1) * $iStruct_Size) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

Thanks for the code.

I don't like tags so I modified it a bit. It's not that 'correct' but should be fine now.

Thanks UEZ too.

@Rizonetech, you can do whatever you want with code. It's not even a remote option for me to put some (or any) restrictions.

New script - first post.

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Could someone with x64 run this and post the result

$tStructure = DllStructCreate("ptr")
$iSize = DllStructGetSize($tStructure)

ConsoleWrite("Size of ptr = " & $iSize & " bytes" & @CRLF)
MsgBox(64, "ptr", "Size = " & $iSize)

I just want to be completely sure because AutoIt's documentation seems wrong.

And that new type with beta HANDLE, and old/new HWND.

Thanks in advance.

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Could someone with x64 run this and post the result

$tStructure = DllStructCreate("ptr")
$iSize = DllStructGetSize($tStructure)

ConsoleWrite("Size of ptr = " & $iSize & " bytes" & @CRLF)
MsgBox(64, "ptr", "Size = " & $iSize)

I just want to be completely sure because AutoIt's documentation seems wrong.

And that new type with beta HANDLE, and old/new HWND.

Thanks in advance.

Avec plaisir!

>Running:(3.3.0.0):C:\Program Files (x86)\AutoIt3\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

>Running:(3.3.1.6):C:\Program Files (x86)\AutoIt3\beta\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

Running compiled version (x32) will return Size of ptr = 4 bytes

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to post
Share on other sites

Avec plaisir!

>Running:(3.3.0.0):C:\Program Files (x86)\AutoIt3\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

>Running:(3.3.1.6):C:\Program Files (x86)\AutoIt3\beta\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

Running compiled version (x32) will return Size of ptr = 4 bytes

UEZ

Excellent.

So the documentation is wrong.

The description for DllStructCreate() type 'ptr' is 32bit(4bytes) integer and there is no mention of difference between version of AutoIt used.

I would assume the same thing is for 'hwnd' or 'HANDLE'.

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Really nice UDF, lady :)...

But what I found most interesting while looking at the source was your solution to "simulate" an Associative Array, nice technique, will definitly use it in one of my projects! Btw, the port<>description relation is not always 1:1, e.g. 514 or 752.

; http://www.autoitscript.com/forum/index.php?showtopic=105150&st=0
; from ConnView by trancexx

; Associative Array simulation?

;$aTCPTable[$i][2] &= _GetPortHint($aTCPTable[$i][2])

$output = ""

$timer =TimerInit()
for $i = 0 to 1000
    $output &= _GetPortHint(514) & @crlf
Next

ConsoleWrite($output & @crlf & @crlf & $i & " iterations in " & TimerDiff($timer) & " ms..." & @crlf)

Func _GetPortHint($iPort)
    Local $aArray = StringRegExp(_Ports(), ";" & $iPort & "\|(.*?);", 3)
    If @error Then
        Return ""
    EndIf
    Return " (" & $aArray[0] & ")"
EndFunc   ;==>_GetPortHint


Func _Ports()
    Local $sString = ";1|TCPPortServiceMultiplexer;2|ManagementUtility;3|CompressionPro" & _
            "cess;5|RemoteJobEntry;7|Echo;8|Unassigned;9|Discard;11|Active Us" & _
            "ers;13|DAYTIME;17|QD;18|MSP;19|CG;20|FTP;21|FTP;22|SSH;23|Telnet" & _
            ";25|SMTP;34|RF;35|PPS;35|QMS;37|TIME;39|RLP;41|Graphics;42|ARPA;" & _
            "42|WINS;43|WHOIS;47|GRE;49|TACACS;52|XNS;53|DNS;54|XNS;55|ISI-GL" & _
            ";56|XNS;56|RAP;57|MTP;58|XNS;67|BOOTP (DHCP);68|BOOTP (DHCP);69|" & _
            "TFTP;70|Gopher;79|Finger;80|HTTP;81|Torpark—Onion;82|Torpark—Con" & _
            "trol;83|MIT ML Device;88|Kerberos—authentication;90|dnsix;90|Poi" & _
            "ntcast;99|WIP;101|NIC;102|ISO-TSAP;104|ACR/NEMA;105|CCSO;107|Rem" & _
            "oteTELNET;109|POP2;110|POP3;111|Sun;113|IRC;113|auth;115|SFTP;11" & _
            "7|UUCP;118|SQL;119|NNTP;123|NTP;135|DCE;135|MicrosoftEPMAP;137|N" & _
            "etBIOSName;138|NetBIOSDatagram;139|NetBIOSSession;143|IMAP;152|B" & _
            "FTP;153|SGMP;156|SQL;158|DMSP;161|SNMP;162|SNMPTRAP;170|Print-sr" & _
            "v;177|XDMCP;179|BGP;194|IRC;199|SMUX;201|AppleTalk;209|QMTP;210|" & _
            "ANSI Z39.50;213|IPX;218|MPP;220|IMAP v3;256|2DEV 2SP;259|ESRO;26"
    $sString &= "4|BGMP;311|MacOSXServerAdmin;308|Novastor;318|PKIX TSP;323|IMMP;" & _
            "350|MATIP-Type A;351|MATIP-Type B;366|ODMR;369|Rpc2portmap;370|c" & _
            "odaauth2;370|OutgoingNAI;371|ClearCase albd;383|HP;384|RNSS;387|" & _
            "AURP;389|LDAP;401|UPS;402|Altiris;411|DCH;412|DCCC;427|SLP;443|H" & _
            "TTPS;444|SNPP;445|Microsoft-DS AD;445|Microsoft-DS SMB;464|Kerbe" & _
            "ros;465|Cisco;465|SMTPS;475|tcpnethaspsrv;497|DantzRetrospect;50" & _
            "0|ISAKMP;501|STMF;502|Modbus;504|Citadel;510|FCP;512|Rexec;512|c" & _
            "omsat;513|Login;513|Who;514|Shell—used;514|Syslog—used;515|Line " & _
            "Printer Daemon;517|Talk;518|NTalk;520|efs;520|Routing—RIP;524|NC" & _
            "P;525|Timeserver;530|RPC;531|AOL, IRC;532|netnews;533|netwall;54" & _
            "0|UUCP;542|commerce;543|klogin;544|kshell;545|VMS;546|DHCPv6;547" & _
            "|DHCPv6;548|AFP;550|new-rwho, new-who;554|RTSP;556|RFS;560|rmoni" & _
            "tor;561|monitor;563|NNTPS;587|SMTP;591|HTTP Alternate;593|HTTP R" & _
            "PC;604|TUNNEL;623|ASF-RMCP;631|IPP;636|LLDAPS;639|MSDP;641|Suppo" & _
            "rtSoft;646|LDP;647|DHCP;648|RRP;652|DTCP;653|SupportSoft;654|AOD" & _
            "V;655|IEEE MMS;657|IBM RMC;660|MacOSXServerAdmin;665|sun-dr;666|"
    $sString &= "Doom;674|ACAP;691|MSExchangeRouting;692|Hyperwave-ISP;694|Linux-" & _
            "HA;695|IEEE-MMS-SSL;698|OLSR;699|AccessNetwork;700|EPP;701|LMP;7" & _
            "02|IRIS over BEEP;706|SILC;711|CiscoTDP;712|TBRPF;712|PromiseRAI" & _
            "DController;720|SMQP;749|Kerberos;750|rfile;750|loadav;750|kerbe" & _
            "ros-4;751|pump;751|kerberos_master;752|qrh;752|qrh;752|userreg_s" & _
            "erver;753|rrh;753|rrh;753|passwd_server;754|tell send;754|krb5_p" & _
            "rop;754|tell send;760|ns;760|krbupdate;782|Conserver;783|SpamAss" & _
            "assin;829|CMP;843|AdobeFlash;860|iSCSI;873|rsync;888|cddbp;901|S" & _
            "WAT;901|VMware;902|VMware;902|VMware;903|VMware;904|VMware;911|N" & _
            "CA;953|DNS;981|SofaWare;989|FTPS;990|FTPS;991|NAS;992|TELNET;993" & _
            "|IMAPS;995|POP3S;999|ScimoreDB;1001|JtoMB;1025|NFS or IIS;1026|M" & _
            "icrosoftDCOM;1029|MicrosoftDCOM;1058|NIM;1059|NIMreg;1080|SOCKS;" & _
            "1085|WebObjects;1098|RMIactivation;1099|RMIregistry;1109|KPOP;11" & _
            "11|EasyBits;1140|AutoNOC;1167|phone;1169|Tripwire;1176|PAIHome;1" & _
            "182|AITP;1194|OpenVPN;1198|cajo;1200|scol;1200|scol;1200|SFA;121" & _
            "4|Kazaa;1220|QSS;1223|TGP;1234|VLC;1236|SymantecBVC;1241|NSScann"
    $sString &= "er;1248|NSClient/NSClient++/NC_Net;1270|SCOM;1293|IPSec;1311|Del" & _
            "lHTTPS;1313|Xbiim;1337|MandM DNS;1337|PowerFolderP2P;1337|WASTE;" & _
            "1352|IBM RPC;1387|cadsi-lm;1414|IBMWebSphereMQ;1417|Timbuktu;141" & _
            "8|Timbuktu;1419|Timbuktu;1420|Timbuktu;1431|RGTP;1433|MSSQL;1434" & _
            "|MSSQL;1494|ICA;1500|NetGuard;1501|NetGuard;1503|WLMessenger;151" & _
            "2|WINS;1521|nCube;1521|Oracle;1524|ingreslock, ingres;1526|Oracl" & _
            "e;1533|IBM MicrosoftSQL;1547|Laplink;1550|Gadu-Gadu;1581|MIL STD" & _
            " 2045-47001 VMF;1589|Cisco VQP/ VMPS;1645|radius/radacct;1627|iS" & _
            "ketch;1677|NovellGroupWise;1701|L2F L2TP;1716|MMO;1719|H.323;172" & _
            "0|H.323;1723|PPTP;1725|VSC;1755|MMS;1761|cft-0;1761|NovellZRC;17" & _
            "62|cft-1;1763|cft-2;1764|cft-3;1765|cft-4;1766|cft-5;1767|cft-6;" & _
            "1768|cft-7;1812|radius;1813|radacct;1863|MSNP;1900|MicrosoftSSDP" & _
            ";1920|IBM Tivoli;1935|AdobeRTMP;1947|hasplm;1970|DNORC;1971|DNOS" & _
            ";1972|InterSystems;1975|CiscoTCO;1975|CiscoTCO;1977|CiscoTCO;198" & _
            "4|BB;1985|CiscoHSRP;1994|CiscoSTUN-SDLC;1998|CiscoX.25;2000|Cisc" & _
            "oSCCP;2001|CAPTAN;2002|ACS;2030|OracleMTS;2041|Mail.Ru;2049|NFS;"
    $sString &= "2049|shilp;2053|lot105;2053|lot105;2053|knetd;2056|Civilization4" & _
            ";2073|DataReel;2074|VertelVMF SA;2082|IMServer;2082|CPanel;2083|" & _
            "radsec;2083|CPanel;2086|GNUnet;2086|WebHostManager;2087|WebHostM" & _
            "anage;2095|CPanel;2096|CPanel;2102|zephyr-srv;2103|zephyr-clt;21" & _
            "04|zephyr-hm;2105|IBM MiniPay;2105|rlogin;2105|zephyr-hm-srv;214" & _
            "4|IronMountainLiveVault;2145|IronMountainLiveVault;2161|APC;2181" & _
            "|EForward;2190|TiVoConnectBeacon;2200|Tuxanci;2210|NOAAPORT;2210" & _
            "|MikroTik;2211|EMWIN;2211|MikroTik;2212|LeeCO;2212|Port-A-Pour;2" & _
            "219|NetIQ NCAP;2220|NetIQ End2End;2222|DirectAdmin;2223|MSOffice" & _
            ";2301|HP System Management;2302|ArmA;2302|CombatEvolved;2303|Arm" & _
            "A;2305|ArmA;2369|BMC;2370|BMC;2381|HP;2401|CVS;2404|IEC 60870-5-" & _
            "104;2420|WestellRemoteAccess;2427|CiscoMGCP;2447|ovwdb;2483|Orac" & _
            "le;2484|Oracle;2500|THEÒSMESSENGER;2546|EVault;2593|RunUO;2598|n" & _
            "ew ICA;2610|DarkAges;2612|QPasa;2638|Sybase;2700|KnowShowGo;2710" & _
            "|XBT;2710|XBT;2710|Knuddels;2713|Raven;2714|Raven;2735|NetIQ;280" & _
            "0|KnowShowGo;2809|corbaloc;2809|IBMWebSphere;2809|corbaloc;2868|"
    $sString &= "NPEP;2944|MegacoTextH.248;2945|MegacoBinaryH.248;2948|WAP-push M" & _
            "MS;2949|WAP-pushsecure MMS;2967|Symantec;3000|Miralix;3000|DIS;3" & _
            "001|Miralix;3002|Miralix;3003|Miralix;3004|Miralix;3005|Miralix;" & _
            "3006|Miralix;3007|Miralix;3017|Miralix;3025|netpd.org;3030|NetPa" & _
            "nzer;3050|gds_db;3051|Galaxy;3074|Xbox;3100|HTTP;3101|Blackberry" & _
            ";3128|HTTP;3128|HTTP;3225|FCIP;3233|WhiskerControl;3235|Galaxy;3" & _
            "260|iSCSI;3268|msft-gc;3269|msft-gc-ssl;3283|Apple;3299|SAP-Rout" & _
            "er;3300|TripleA;3300|DebateGopher;3305|odette-ftp;3306|MySQL;333" & _
            "3|NetworkCallerID;3386|GTP' 3GPP GSM/UMTS;3389|RDP WBT;3396|Nove" & _
            "ll;3455|RSVP;3423|Xware;3424|Xware;3478|STUN;3483|Slim;3483|Slim" & _
            ";3516|Smartcard;3532|Raven;3533|Raven;3537|ni-visa-remote;3544|T" & _
            "eredo;3632|distributed compiler;3689|DAAP;3690|Subversion;3702|W" & _
            "S-Discovery;3723|Battle.net;3724|WOW MMORPG;3724|ClubPenguinDisn" & _
            "ey;3784|VentriloVoIP;3785|VentriloVoIP;3868|DBP;3872|Oracle;3899" & _
            "|RemoteAdmin;3900|udt_os;3945|EMCADS;3978|OpenTTD;3979|OpenTTD;3" & _
            "999|Norman;4000|DiabloII;4001|MicrosoftAnts;4007|PrintBuzzer;401"
    $sString &= "8|protocol information;4069|MEAV;4089|OpenCORE;4093|PxPlus;4096|" & _
            "ASCOM;4100|WatchGuard;4111|Xgrid;4116|Smartcard-TLS;4125|MSRemot" & _
            "eWebWorkplace;4201|TinyMUD;4226|Aleph;4224|Cisco;4321|RWhois;432" & _
            "3|Lincoln;4500|IPSec;4534|Armagetron;4569|Inter-Asterisk;4610|Qu" & _
            "aliSystems TestShell Suite Services;4662|OrbitNet;4662|eMule;466" & _
            "4|Google;4672|eMule;4747|Apprentice;4750|BladeLogic Agent;4840|O" & _
            "PC;4843|OPC;4847|WebFreshComm;4993|HomeFTP;4894|LysKOM;4899|Radm" & _
            "in;5000|commplex-main;5000|UPnP;5000|VTun;5001|commplex;5001|Ipe" & _
            "rf;5001|Sling;5003|FileMaker;5004|RTP;5005|RTP;5031|AVM CAPI;505" & _
            "0|Yahoo!;5051|ita;5060|SIP;5061|SIP;5093|SPSS;5104|IBM Tivoli;51" & _
            "06|A-Talk;5107|A-Talk;5110|ProRat;5121|Neverwinter;5151|ESRI;515" & _
            "1|ESRI;5154|BZFlag;5176|ConsoleWorks default UI interface;5190|I" & _
            "CQ and AOL;5222|XMPP;5223|XMPP;5269|XMPP;5298|XMPP;5310|Ginever." & _
            "net;5311|Ginever.net;5312|Ginever.net;5313|Ginever.net;5314|Gine" & _
            "ver.net;5315|Ginever.net;5351|NAT PMP;5353|mDNS;5355|LLMNR;5402|" & _
            "mftp;5405|NetSupport;5421|NetSupport2;5432|PostgreSQL;5433|Bouws"
    $sString &= "oft;5445|Cisco;5450|OSIsoft;5495|Applix;5498|Hotline;5499|Hotlin" & _
            "e;5500|VNC;5501|Hotline;5517|Setiqueue;5550|Hewlett-Packard;5555" & _
            "|Freeciv;5556|Freeciv;5631|pcANYWHEREdata;5632|pcANYWHEREstat;56" & _
            "66|NRPE;5667|NSCA;5723|OperationsManager;5800|VNC;5814|Hewlett-P" & _
            "ackard;5850|COMIT SE(PCR);5852|Adeona;5900|VNC;5938|TeamViewer;5" & _
            "984|CouchDB;5999|CVSup;6000|X11;6001|X11;6005|BMC;6005|Camfrog;6" & _
            "050|Brightstor;6050|Nortel;6051|Brightsto;6072|iOperator;6086|PD" & _
            "TP—FTP;6100|Vizrt;6101|BackupExecAgentBrowser;6110|softcm;6111|s" & _
            "pc;6112|dtspcd—a;6112|Blizzard;6112|Disney;6113|Disney;6129|Dame" & _
            "Ware;6257|WinMX;6262|SybaseADS;6346|gnutella-svc;6347|gnutella-r" & _
            "tr;6389|EMC;6432|PgBouncer;6444|SunGridEngine;6445|SunGridEngine" & _
            ";6502|Danware;6522|Gobby;6523|Gobby0.5;6543|Paradigm;6566|SANE;6" & _
            "571|WindowsLiveFolderShare;6600|MPD;6619|odette-ftps;6646|McAfee" & _
            ";6660|Internet Relay Chat;6665|Internet Relay Chat;6679|IRC SSL;" & _
            "6697|IRC SSL;6699|WinMX;6771|Polycom;6789|Datalogger;6881–6887|B" & _
            "itTorrent;6888|MUSE;6888|BitTorrent;6889–6890|BitTorrent;6891–69"
    $sString &= "00|WindowsLiveMessenger or BitTorrent;6901|WindowsLiveMessenger;" & _
            "6901|BitTorrent;6902–6968|BitTorrent;6969|acmsoda;6969|BitTorren" & _
            "t;6970–6999|BitTorrent;7000|Bittorrent;7001|WebLogic;7002|WebLog" & _
            "ic;7005|BMC;7006|BMC;7010|Cisco;7025|ZimbraLMTP;7047|Zimbra;7133" & _
            "|EnemyTerritory;7171|Tibia;7306|Zimbra;7307|Zimbra;7312|Sibelius" & _
            ";7400|RTPS;7401|RTPS;7402|RTPS;7670|BrettspielWelt;7676|AquminAl" & _
            "phaVision;7777|iChat;7777|Oracle;7777|tini.exe;7777|Unreal;7778|" & _
            "Unreal;7831|Smartlaunch;7915|YSFlight;8000|iRDMI;8000|SHOUTcast;" & _
            "8001|SHOUTcast;8002|Cisco;8008|HTTP;8008|IBM HTTP;8009|ajp13;801" & _
            "0|XMPP;8074|Gadu-Gadu;8080|HTTP;8080|ApacheTomcat;8080|FilePhile" & _
            ";8081|HTTP;8086|HELM;8086|Kaspersky;8087|HostingAccelerator;8087" & _
            "|ParallelsPlesk;8087|Kaspersky;8090|HTTP;8116|CPCC;8118|Privoxy;" & _
            "8123|Polipo;8192|Sophos;8193|Sophos;8194|Sophos;8200|GoToMyPC;82" & _
            "22|VMware;8243|HTTPS;8280|HTTP;8291|Winbox;8333|VMware;8400|cvp;" & _
            "8443|SW;8484|MapleStory;8500|ColdFusion;8501|DukesterX;8691|Ultr" & _
            "aFractal;8701|SoftPerfect;8702|SoftPerfect;8767|TeamSpeak;8768|T"
    $sString &= "eamSpeak;8880|cddbp-alt;8880|cddbp-alt;8880|WebSpher;8881|Atlasz" & _
            ";8882|Atlasz;8888|NewsEDGE;8888|Sun;8888|GNUmp3d;8888|LoLo;8888|" & _
            "D2GS (Diablo 2);8888|Earthland;8889|Earthland;9000|Buffalo;9000|" & _
            "DBGp;9000|SqueezeCenter;9000|UDPCast;9001|MicrosoftSharepoint;90" & _
            "01|cisco;9001|Tor;9001|DBGp;9009|Pichat;9030|Tor;9043|WebSphere;" & _
            "9050|Tor;9051|Tor;9060|WebSphere;9080|glrpc;9080|glrpc;9080|WebS" & _
            "phere;9090|Openfire;9090|SqueezeCenter;9091|Openfire;9100|PDL;91" & _
            "01|Bacula;9102|Bacula;9103|Bacula;9105|Xadmin;9110|SSMP;9119|MXi" & _
            "t;9300|IBMCognos;9418|git;9420|MooseFS;9421|MooseFS;9422|MooseFS" & _
            ";9535|mngsuite;9535|mngsuite;9800|WebDAV;9800|WebCT;9875|Disney;" & _
            "9898|MonkeyCom;9898|Tripwire;9996|PalaceChat;9999|Hydranode;9999" & _
            "|Lantronix;9999|Urchin;10000|Webmin;10000|BackupExec;10000|Erics" & _
            "son;10001|Lantronix;10008|Octopus;10010|ooRexx;10017|AIX;10024|Z" & _
            "imbra;10025|Ximbra;10050|Zabbix;10051|Zabbix;10113|NetIQ;10114|N" & _
            "etIQ;10115|NetIQ;10116|NetIQ;10200|FRISK;10201|FRISK;10202|FRISK" & _
            ";10203|FRISK;10204|FRISK;10308|Lock-on;10480|SWAT4;11211|memcach"
    $sString &= "ed;11235|Savage;11294|BloodQuest;11371|OpenPGP;11576|IPStor;1201" & _
            "2|Audition;12013|Audition;12035|Linden;12345|NetBus;12975|LogMeI" & _
            "n;12998|Takenaka;12999|Takenaka;13000|Linden;13076|BMC;13720|Sym" & _
            "antec;13721|Symantec;13724|Symantec;13782|Symantec;13783|Symante" & _
            "c;13785|Symantec;13786|Symantec;14439|APRS;14567|Battlefield;150" & _
            "00|psyBNC;15000|Wesnoth;15000|Kaspersky;15000|hydap;15000|hydap;" & _
            "15567|Battlefield;15345|XPilot;16000|shroudBNC;16080|HTTP;16384|" & _
            "IronMountainDigital;16567|Battlefield;18010|SDO-X;18180|DART;182" & _
            "00|AsiaSoft;18201|AsiaSoft;18206|AsiaSoft;18300|AsiaSoft;18301|A" & _
            "siaSoft;18306|AsiaSoft;18400|KAIZEN;18401|KAIZEN;18505|Nexon;185" & _
            "06|Nexon;18605|X-BEAT;18606|X-BEAT;19000|G10/alaplaya;19001|G10/" & _
            "alaplaya;19226|Panda;19283|K2;19315|KeyShadow;19638|Ensim;19771|" & _
            "Softros;19813|4D;19880|Softros;20000|DNP;20000|Usermin;20014|DAR" & _
            "T;20720|Symantec;22347|WibuKey;22350|CodeMeter;23073|SoldatDedic" & _
            "ated;23399|Skype;23513|DukeNukem;24444|NetBeans;24465|Tonido;245" & _
            "54|BINKP;24800|Synergy;24842|StepMania;25888|Xfire;25999|Xfire;2"
    $sString &= "6000|idSoftware;26000|EVE MMORPG;26900|EVE MMORPG;26901|EVE MMOR" & _
            "PG;27000|QuakeWorld;27000|FlexNet;27001|FlexNet;27002|FlexNet;27" & _
            "003|FlexNet;27004|FlexNet;27005|FlexNet;27006|FlexNet;27007|Flex" & _
            "Net;27008|FlexNet;27009|FlexNet;27010|SourceEngineDedicated;2701" & _
            "5|GoldSrc;27374|Sub7;27500|QuakeWorld;27888|Kaillera;27900|Ninte" & _
            "ndo;27901|QuakeII;27902|QuakeII;27903|QuakeII;27904|QuakeII;2790" & _
            "5|QuakeII;27906|QuakeII;27907|QuakeII;27908|QuakeII;27909|QuakeI" & _
            "I;27910|QuakeII;27960|QuakeIII;28000|Bitfighter;28001|Starsiege;" & _
            "28395|SmartSale5.0;28910|Nintendo;28960|CallOfDuty;29900|Nintend" & _
            "o;29901|Nintendo;29920|Nintendo;30000|Pokemon;30301|BitTorrent;3" & _
            "0564|Multiplicity;31337|BackOrifice;31415|ThoughtSignal;31456|Te" & _
            "triNET IRC;31457|TetriNET;31458|TetriNET;32245|MMTSG;32976|LogMe" & _
            "InHamachi;33434|traceroute;34443|Linksys PSUS4;36963|CounterStri" & _
            "ke;37777|DigitalVideoRecorder;40000|SafetyNET;43047|TheosMesseng" & _
            "er;43594|RuneScape;43595|RuneScape;47808|BACnet;"
    Return $sString
EndFunc   ;==>_Ports
Link to post
Share on other sites

Very nice/usefull!!   :)

Tip for improvement: Add checkbox "Don't show User SYSTEM"

to be posssible simply filter SYSTEM processes and their connections and see only common applications.

I also prefer obvious standard vertical scrollbar position at the right edge of listview (not at the left edge).

Edited by Zedna
Link to post
Share on other sites

Very nice/usefull!!   :)

Tip for improvement: Add checkbox "Don't show User SYSTEM"

to be posssible simply filter SYSTEM processes and their connections and see only common applications.

I also prefer obvious standard vertical scrollbar position at the right edge of listview (not at the left edge).

After wraithdu showed how to impersonate SYSTEM, I dropped that option for good. The only way to see that you are fooled by some malware software is to examine location of the module. Though, you can manipulate even that (I demonstrated that exploit in one thread of mine here on the forum).

Vertical scrollbar is on the left because of used LVS_EX_LABELTIP ex-style. I don't know how to force it right. LVS_EX_LABELTIP stays with me, that's for sure.

Thanks for the nice post.

@KaFu, I knew somebody would notice my incredible amplitude eventually ;) .

Will correct that string. Overlapped parts are outcome of obviously a bit sloppy string concatenation.

edit: eng

Edited by trancexx

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Regarding the extended style...this has always been some kind of bug in the GuiCtrlCreateListView function. You can never correctly set the extended LV style directly in that function...it always messes something up. Try replacing the appropriate lines of code with this:

$hListViewTCP = GUICtrlCreateListView(_GetColumns($aTCPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewTCP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT
$hListViewUDP = GUICtrlCreateListView(_GetColumns($aUDPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewUDP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT
Edited by wraithdu
Link to post
Share on other sites

Regarding the extended style...this has always been some kind of bug in the GuiCtrlCreateListView function. You can never correctly set the extended LV style directly in that function...it always messes something up. Try replacing the appropriate lines of code with this:

$hListViewTCP = GUICtrlCreateListView(_GetColumns($aTCPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewTCP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT
$hListViewUDP = GUICtrlCreateListView(_GetColumns($aUDPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewUDP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT

:)

Yes, that's working.

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Nice script!

Could you help me out on this one. I have a bonjour service running on a PC and for some reason it stops working. Not that the service stops but I think that the ports are suddenly blocked. When I stop and start the service it works again for a while.

What I would like to do is use a small part of your script to check if the ports are ok and if not stop and start the service.

Could you help me?

thx

The more you learn, the less you know.

Link to post
Share on other sites

Nice script!

Could you help me out on this one. I have a bonjour service running on a PC and for some reason it stops working. Not that the service stops but I think that the ports are suddenly blocked. When I stop and start the service it works again for a while.

What I would like to do is use a small part of your script to check if the ports are ok and if not stop and start the service.

Could you help me?

thx

How do you identify that connection? By port numbers, addresses or module making it?

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Good question, I think I need to check if a certain local port for the bonjour service is used.

You do this in your script after you pull _GetExtendedTcpTable() function out (pseudo):

$aArrayOfData = _GetExtendedTcpTable()
; ...check for errors here

For $i = 1 To UBound($aArrayOfData) - 1
    If $aArrayOfData[$i][3] = -that what you use To idetify the connection - Then
        $sConnectionState = $aArrayOfData[$i][0]
        ExitLoop
    EndIf
Next

If $sConnectionState = "ESTABLISHED" Then ; or whatever
    ;Do Something
Else
    ;Do something else
EndIf
Edited by trancexx

♡♡♡

.

eMyvnE

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...