Jump to content

GetExtendedTcpTable - Get netstat information

funkey

By funkey,
in AutoIt Example Scripts

 Share

Recommended Posts

funkey Universalist

funkey

Posted
Posted (edited)

Hello,

I just made wrapper functions for GetTcpTable() function and GetExtendedTcpTable(). You can use it for netstat like information.

#include <Array.au3>

Global Enum $TCP_TABLE_BASIC_LISTENER, $TCP_TABLE_BASIC_CONNECTIONS, $TCP_TABLE_BASIC_ALL, $TCP_TABLE_OWNER_PID_LISTENER, $TCP_TABLE_OWNER_PID_CONNECTIONS, _
        $TCP_TABLE_OWNER_PID_ALL, $TCP_TABLE_OWNER_MODULE_LISTENER, $TCP_TABLE_OWNER_MODULE_CONNECTIONS, $TCP_TABLE_OWNER_MODULE_ALL

;    $TCP_TABLE_OWNER_MODULE_... not working for now

Global $aTcpTable = _WinAPI_GetTcpTable()
_ArrayDisplay($aTcpTable, "TCP TABLE", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT")

Global $aTcpTable_BL = _WinAPI_GetExtendedTcpTable($TCP_TABLE_BASIC_LISTENER)
_ArrayDisplay($aTcpTable_BL, "Extended TCP TABLE - Listening only", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT")

Global $aTcpTable_PID = _WinAPI_GetExtendedTcpTable($TCP_TABLE_OWNER_PID_ALL)
_ArrayDisplay($aTcpTable_PID, "Extended TCP TABLE - PID included", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT|PID")


;~ Global $aTcpTable_Module = _WinAPI_GetExtendedTcpTable($TCP_TABLE_OWNER_MODULE_ALL)
;~ _ArrayDisplay($aTcpTable_Module, "Extended TCP TABLE - Module All", -1, 0, "", "|", "IDX|STATE|STATE DESC|LOCAL IP|LOCAL PORT|REMOTE IP|REMOTE PORT|PID|TIMESTAMP")




Func _WinAPI_GetTcpTable()
    ;funkey 2012.12.14
    Local Const $aConnState[12] = ["CLOSED", "LISTENING", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "FIN_WAIT1", _
            "FIN_WAIT2", "CLOSE_WAIT", "CLOSING", "LAST_ACK", "TIME_WAIT", "DELETE_TCB"]

    Local $tMIB_TCPTABLE = DllStructCreate("dword[6]")
    Local $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetTcpTable", "struct*", $tMIB_TCPTABLE, "DWORD*", 0, "BOOL", True)
    Local $dwSize = $aRet[2]
    $tMIB_TCPTABLE = DllStructCreate("DWORD[" & $dwSize / 4 & "]")

    $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetTcpTable", "struct*", $tMIB_TCPTABLE, "DWORD*", $dwSize, "BOOL", True)
    If $aRet[0] <> 0 Then Return SetError(1)
    Local $iNumEntries = DllStructGetData($tMIB_TCPTABLE, 1, 1)
    Local $aRes[$iNumEntries][6]

    For $i = 0 To $iNumEntries - 1
        $aRes[$i][0] = DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 0)
        $aRes[$i][1] = $aConnState[$aRes[$i][0] - 1]
        $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 1)) ; local IP / translate
        $aRes[$i][2] = $aRet[0]
        $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 2)) ; local port / translate
        $aRes[$i][3] = $aRet[0]
        $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 3)) ; remote IP / translate
        $aRes[$i][4] = $aRet[0]
        If $aRes[$i][0] <= 2 Then
            $aRes[$i][5] = 0
        Else
            $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tMIB_TCPTABLE, 1, 2 + $i * 5 + 4)) ; remote port / translate
            $aRes[$i][5] = $aRet[0]
        EndIf
    Next

    Return $aRes
EndFunc   ;==>_WinAPI_GetTcpTable


Func _WinAPI_GetExtendedTcpTable($iTableClass)
    ;funkey 2012.12.14
    Local Const $aConnState[12] = ["CLOSED", "LISTENING", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "FIN_WAIT1", _
            "FIN_WAIT2", "CLOSE_WAIT", "CLOSING", "LAST_ACK", "TIME_WAIT", "DELETE_TCB"]

    Local Const $AF_INET = 2

    Local $tTCPTABLE = 0, $iLoop = 0
    Switch Floor($iTableClass / 3)
        Case 0
            $tTCPTABLE = DllStructCreate("DWORD[6]")
            $iLoop = 5
        Case 1
            $tTCPTABLE = DllStructCreate("DWORD[7]")
            $iLoop = 6
        Case 2
            $tTCPTABLE = DllStructCreate("DWORD[7];INT64;UINT64[16]")
            $iLoop = 40
    EndSwitch

    Local $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetExtendedTcpTable", "struct*", $tTCPTABLE, "DWORD*", 0, "BOOL", True, "ULONG", $AF_INET, "INT", $iTableClass, "ULONG", 0)
    Local $dwSize = $aRet[2]
    $tTCPTABLE = DllStructCreate("DWORD[" & $dwSize / 4 & "]")
    $aRet = DllCall("Iphlpapi.dll", "DWORD", "GetExtendedTcpTable", "struct*", $tTCPTABLE, "DWORD*", $dwSize, "BOOL", True, "ULONG", $AF_INET, "INT", $iTableClass, "ULONG", 0)
    If $aRet[0] <> 0 Then Return SetError(1)
    Local $iNumEntries = DllStructGetData($tTCPTABLE, 1, 1)
    If $iLoop = 40 Then
        Local $aRes[$iNumEntries][8]
    Else
        Local $aRes[$iNumEntries][$iLoop + 1]
    EndIf

    Local $iOffset = 2, $tTemp = 0
    If $iLoop = 40 Then $iOffset = 3
    For $i = 0 To $iNumEntries - 1
        $aRes[$i][0] = DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 0)
        $aRes[$i][1] = $aConnState[$aRes[$i][0] - 1]
        $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 1)) ; local IP
        $aRes[$i][2] = $aRet[0]
        $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 2)) ; local port
        $aRes[$i][3] = $aRet[0]
        $aRet = DllCall("ws2_32.dll", "str", "inet_ntoa", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 3)) ; remote IP
        $aRes[$i][4] = $aRet[0]
        If $aRes[$i][0] <= 2 Then
            $aRes[$i][5] = 0
        Else
            $aRet = DllCall("ws2_32.dll", "ushort", "ntohs", "uint", DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 4)) ; remote port
            $aRes[$i][5] = $aRet[0]
        EndIf
        If $iLoop = 6 Or $iLoop = 40 Then
            $aRes[$i][6] = DllStructGetData($tTCPTABLE, 1, $iOffset + $i * $iLoop + 5)
        EndIf
        If $iLoop = 40 Then
            $tTemp = DllStructCreate("word[8]", DllStructGetPtr($tTCPTABLE, 1) + (($iOffset + $i * $iLoop + 6) * 4))
            $aRes[$i][7] = StringFormat("Date: %i.%i.%i", DllStructGetData($tTemp, 1, 1), DllStructGetData($tTemp, 1, 2), DllStructGetData($tTemp, 1, 4))
        EndIf
    Next

    Return $aRes
EndFunc   ;==>_WinAPI_GetExtendedTcpTable

I hope you like it. But I have problems getting the right timestamps using one of the TCP_TABLE_OWNER_MODULE_... flags. Maybe someone can help me.

Greetings from Austria

funkey

Edited by funkey

Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the Universe
trying to produce bigger and better idiots.
So far, the Universe is winning.

Link to comment
Share on other sites
guinness Universalist

guinness

Posted
Posted

I like what you have so far.

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...