firsttimer Posted March 10, 2014 Share Posted March 10, 2014 (edited) I took the example code from this post by D4RKON3 expandcollapse popupLocal $PID = ProcessExists("sset.exe") Local $Port = 6620 MsgBox(64,"", IsConnectedToRoom($PID)) Func IsConnectedToRoom($iProcessId) Local $avResult = DllCall("iphlpapi.dll", "DWORD", "GetExtendedTcpTable", _ "ptr", 0, _ "DWORD*", 0, _ "BOOL", True, _ "ULONG", 2, _ ;AF_INET "DWORD", 4, _ ;TCP_TABLE_OWNER_PID_CONNECTIONS "ULONG", 0) If ((@error) Or ($avResult[0] <> 0x7A)) Then Return False ;ERROR_INSUFFICIENT_BUFFER Local $dwSize = $avResult[2] Local $tTcpTable = DllStructCreate("BYTE[" & $dwSize & "]") $avResult = DllCall("iphlpapi.dll", "DWORD", "GetExtendedTcpTable", _ "ptr", DllStructGetPtr($tTcpTable), _ "DWORD*", $dwSize, _ "BOOL", True, _ "ULONG", 2, _ ;AF_INET "DWORD", 4, _ ;TCP_TABLE_OWNER_PID_CONNECTIONS "ULONG", 0) If ((@error) Or ($avResult[0])) Then Return False Local $tMIB_TCPTABLE_OWNER_PID = DllStructCreate("DWORD[" & Ceiling($dwSize / 4) & "]", DllStructGetPtr($tTcpTable)) Local $dwNumEntries = DllStructGetData($tMIB_TCPTABLE_OWNER_PID, 1) If ($dwNumEntries = 0) Then Return False Local $iOffset Local $iConnectionProcessId, $iConnectionRemotePort For $i = 0 To $dwNumEntries - 1 $iOffset = ($i * 6) + 1 $iConnectionProcessId = DllStructGetData($tMIB_TCPTABLE_OWNER_PID, 1, $iOffset + 6) $iConnectionRemotePort = Dec(Hex(BinaryMid(DllStructGetData($tMIB_TCPTABLE_OWNER_PID, 1, $iOffset + 5), 1, 2))) If (($iConnectionProcessId = $iProcessId) And ($iConnectionRemotePort = $Port)) Then Return True Next Return False EndFunc The code works but now the problem is, if the process crash, the tcp connection port remain active/open also. So I thought why not close the port connection first if the port connection already exist, wait then check it again. If the process did not crash, it will auto open the same tcp port again, so its easy to test for process crash using this method. But one thing first, how do you close a tcp port connection for this process only? Thank you Edited March 10, 2014 by firsttimer Link to comment Share on other sites More sharing options...
firsttimer Posted March 11, 2014 Author Share Posted March 11, 2014 Ok, after further research, this tool below works for me, since I know the computer ip address the software is connected to in the network. wKillcx Example syntax : wkillcx [dest_ip:dest_port] example : wkillcx 10.11.220.55:6620 But its an external commandline utility tool. Is anyone able to convert it into autoit? That way, I could merge both methods into one autoit source code. Thanks The source code below expandcollapse popup<pre> ;===================================================================== ; [wkillcx] - (c) 2009 Jerome Bruandet <floodmon@spamcleaner.org> ; ; Sources + docs : http://wkillcx.sourceforge.net/ ; ;--------------------------------------------------------------------- ; Close any TCP connection under Windows ; ; OS : Windows (XP/Vista/Seven + Windows Server 2003/2008) ; Language : Assembler ; Compiler : Borland Tasm32 ; ;--------------------------------------------------------------------- ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as published by ; the Free Software Foundation, either version 3 of the License, or ; (at your option) any later version. ; ; This program is distributed in the hope that it will be useful, ; but WITHOUT ANY WARRANTY; without even the implied warranty of ; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ; GNU General Public License for more details. ;===================================================================== .586p locals jumps .model flat, STDCALL ; ==================================================================== ; API : extrn ExitProcess : proc extrn GetCommandLineA : proc extrn GetProcAddress : proc extrn GetProcessHeap : proc extrn GetStdHandle : proc extrn GlobalAlloc : proc extrn GlobalFree : proc extrn GlobalLock : proc extrn GlobalUnlock : proc extrn HeapFree : proc extrn LoadLibraryA : proc extrn lstrlenA : proc extrn WriteFile : proc extrn _wsprintfA : proc extrn htons : proc extrn inet_addr : proc extrn inet_ntoa : proc ; ==================================================================== .const copyrightMsg db 13,10, ' wkillcx - v1.0.2 - (c) 2009 Jerome Bruandet' db ' <floodmon@spamcleaner.org>',13,10,13,10,0 syntaxMsg db ' syntax : wkillcx [dest_ip:dest_port]',13,10,13,10 db ' example : wkillcx 10.11.22.23:1234',13,10,13,10 db ' full doc : http://wkillcx.sourceforge.net/',13,10,0 DLLname db 'iphlpapi.dll',0 DLLnotfoundMsg db ' - error : cannot find [iphlpapi.dll] !',0 ; XP / Windows Server 2003 : winOldAPIname db 'AllocateAndGetTcpExTableFromStack',0 ; XP SP2 / Vista / Seven / Server 2003 SP1 & 2008 : winNewApiName db 'GetExtendedTcpTable',0 APInotfoundMsg db ' - error : your operating system is not compatible !' db ' Please read the doc file.',0 SetTcpEntry db 'SetTcpEntry',0 SetTcpErrMsg db ' - error : cannot find SetTcpEntry API !',0 NoCxMsg db ' - error : there are currently no connection !',0 TotCxMsg db ' - found [%i] connections, parsing them all',13,10,0 notFoundMsg db ' - error : no matching connection found !',0 killOkMsg db ' - success : connection has been closed !',0 killErr1Msg db ' - error : you must have administrative privileges' db ' to kill a connection !',0 killErr2Msg db ' - error : cannot kill the connection !',0 memErrMsg db ' - error : GetExtendedTcpTable returned ' db 'ERROR_INSUFFICIENT_BUFFER !',0 aagErrMsg db " - error : AllocateAndGetTcpExTableFromStack didn't" db ' return ERROR_SUCCESS !',0 strErrMsg db ' - error : cannot get TcpTable !',0 APIsizeBuffer dd 10240 lookingMsg db ' - looking for connection with [%s:%s]',13,10,0 endianErrMsg db ' - error : network byte order conversion failed,' db ' check IP or port syntax.',0 foundFormat db ' - found connection with [%s:%i]',13,10,0 Exiting db 13,10,13,10, ' Exiting.',13,10,0 .data MIB_TCP struc dwState dd ? dwLocalAddr dd ? dwLocalPort dd ? dwRemoteAddr dd ? dwRemotePort dd ? MIB_TCP ends TCPtable MIB_TCP <> oldWinVer db 0 APIaddress dd 0 hProcess dd 0 null dd 0 APImemAlloc dd 0 APIptr dd 0 memAlloc dd 0 SetTcpEntryAPI dd 0 bytesWritten dd 0 stdout dd 0 ip_string db 16 dup (0) port_string db 5 dup (0) searchRemAddr dd 0 searchRemPort dd 0 outBuffer db 150 dup (0) ; ==================================================================== .code start: ; get console handle : call GetStdHandle, -11 mov stdout, eax call Write2Console, offset copyrightMsg ; look for iphlpapi.dll : call LoadLibraryA, offset DLLname test eax, eax jnz DLL_found push offset DLLnotfoundMsg jmp quit DLL_found: mov null, eax ; look for AllocateAndGetTcpExTableFromStack : call GetProcAddress, eax, offset winOldAPIname test eax, eax jz isNewer mov oldWinVer, 1 mov APIaddress, eax call GetProcessHeap mov hProcess, eax jmp API_found isNewer: ; look for GetExtendedTcpTable : call GetProcAddress, null, offset winNewApiName test eax, eax jnz isNewer2 push offset APInotfoundMsg jmp quit isNewer2: mov APIaddress, eax ; allocate a 10Kb buffer for the TcpTable : call GlobalAlloc, 42h, 10240 ; GHND mov APImemAlloc, eax call GlobalLock, eax mov APIptr, eax API_found: ; look for SetTcpEntry : call GetProcAddress, null, offset SetTcpEntry test eax, eax jnz saveTcpEntry push offset SetTcpErrMsg jmp quit saveTcpEntry: mov SetTcpEntryAPI, eax ; fetch command line parameters : call GetCommandLineA ; parse it : call ParseCmdLine test eax, eax jz display_lookingMsg push offset syntaxMsg jmp quit display_lookingMsg: ; display what we are looking for : call _wsprintfA, offset outBuffer, offset lookingMsg, \ offset ip_string, offset port_string add esp, 4*4 call Write2Console, offset outBuffer ; convert IP/port to network byte order : call inet_addr, offset ip_string cmp eax, 0ffffffffh jne convert_port push offset endianErrMsg jmp quit convert_port: mov searchRemAddr, eax mov esi, offset port_string xor ecx, ecx xor eax, eax mov bl, 9 cld convert_port_loop: lodsb sub al, '0' js convert_port_end_loop cmp al, bl ja convert_port_end_loop lea ecx, [ecx+4*ecx] lea ecx, [2*ecx+eax] jmp short convert_port_loop convert_port_end_loop: push ecx call htons cmp eax, 0ffffffffh jne convert_port2 push offset endianErrMsg jmp quit convert_port2: mov searchRemPort, eax cmp oldWinVer, 1 jnz GetExtendedTcpTable ; AllocateAndGetTcpExTableFromStack : call dword ptr [APIaddress], offset APIptr, 0, \ hProcess, 0, 2 test eax, eax ; ERROR_SUCCESS ? je APIok push offset aagErrMsg jmp quit GetExtendedTcpTable: ; GetExtendedTcpTable : call dword ptr [APIaddress], [APIptr], offset APIsizeBuffer, \ 0, 2, 5, 0 cmp eax, 122 ; ERROR_INSUFFICIENT_BUFFER jne APIok push offset memErrMsg jmp quit APIok: mov esi, [APIptr] ; our structure test esi, esi jne fetch_cx push offset strErrMsg jmp quit fetch_cx: ; number of active connections : mov ecx, [esi] test ecx, ecx ; none ? jne display_totcx push offset NoCxMsg jmp quit display_totcx: push ecx call _wsprintfA, offset outBuffer, offset TotCxMsg, ecx add esp, 4*3 call Write2Console, offset outBuffer pop ecx next_cx: push ecx ; counter push esi ; pointer ; try to find our IP/port : mov eax, dword ptr [esi+10h] ; dwRemoteAddr cmp eax, searchRemAddr jne unwanted mov TCPtable.dwRemoteAddr, eax mov eax, dword ptr [esi+14h] ; dwRemotePort cmp eax, searchRemPort jne unwanted mov TCPtable.dwRemotePort, eax ; found matching connection : mov eax, dword ptr [esi+0Ch] ; dwLocalPort mov TCPtable.dwLocalPort, eax xchg ah, al push eax mov eax, dword ptr [esi+08h] ; dwLocalAddr mov TCPtable.dwLocalAddr, eax ; convert IP to ASCII : call inet_ntoa, eax push eax push offset foundFormat push offset outBuffer call _wsprintfA add esp, 4*4 call Write2Console, offset outBuffer pop esi pop ecx ; kill the connection : mov TCPtable.dwState, 12 ; MIB_TCP_STATE_DELETE_TCB call dword ptr [SetTcpEntryAPI], offset TCPtable test eax, eax jnz kill_error push offset killOkMsg jmp quit kill_error: cmp eax, 5 ; ERROR_ACCESS_DENIED jne unknown_err push offset killErr1Msg jmp quit unknown_err: push offset killErr2Msg jmp quit unwanted: pop esi pop ecx dec ecx jcxz noMoreCX add esi, 18h ; next structure jmp next_cx noMoreCX: push offset notFoundMsg quit: call Write2Console cmp oldWinVer, 1 jnz noHeapFree ; free memory if AllocateAndGetTcpExTableFromStack was used : call HeapFree, hProcess, 0, [APIptr] jmp noGlobalFree noHeapFree: cmp APImemAlloc, 0 jz noGlobalFree call GlobalUnlock, [APImemAlloc] call GlobalFree, [APImemAlloc] noGlobalFree: push offset Exiting call Write2Console call ExitProcess, 0 endp ; ==================================================================== ; output text to console ; param : [esp+4] : msg to output Write2Console proc call lstrlenA, dword ptr [esp+4] call WriteFile, stdout, dword ptr [esp+4*4], eax, bytesWritten, 0 ; clean up stack retn 4 Write2Console endp ; ==================================================================== ; parse the command line parameters ; ret : success (eax == 0) or error (eax == 1) ParseCmdLine proc ; need to check whether there ; are quotes (") or not : cmp byte ptr [eax], 22h jne check_next find_last_quote: inc eax cmp byte ptr [eax], 22h jne find_last_quote check_next: inc eax ; look for space or NULL cmp byte ptr [eax], 20h je space_found cmp byte ptr [eax], 00h je cmdLineError jmp check_next space_found: ; some Windows versions have 2 spaces ; between program name and parameters : cmp byte ptr [eax+1], 20h je check_next inc eax mov esi, eax push eax call lstrlenA ; size must be from 9 to 21 characters : cmp eax, 9 jb cmdLineError cmp eax, 21 ja cmdLineError mov edi, offset ip_string next_ip_char: test eax, eax jz cmdLineError cmp byte ptr [esi], 3ah ; colon ? je fetch_port cmp byte ptr[esi], 39h ja cmdLineError cmp byte ptr[esi], 30h jb is_dot jmp copy_ip is_dot: cmp byte ptr [esi], 2eh ; dot ? jne cmdLineError copy_ip: movsb ; save to dest buffer dec eax jmp next_ip_char fetch_port: inc esi mov edi, offset port_string next_port_char: dec eax test eax, eax je test_port cmp byte ptr [esi], 39h ja cmdLineError cmp byte ptr[esi], 30h jb cmdLineError movsb jmp next_port_char test_port: cmp byte ptr [port_string], 0 jne endcmdLine cmdLineError: mov eax, 1 ret endcmdLine: xor eax, eax ret ParseCmdLine endp end start ; ==================================================================== ; EOF </pre> Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now