Jump to content
Sign in to follow this  
duckling78

Detect if an executable/process is using the network

Recommended Posts

duckling78

First you'll need TcpView from:

http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx

Then replace: Local $dirTcpViewSource = "\\orca\main\StudiosQA\Tools\TcpView\*.*"

...with your own network path where TcpView is located.

$process is the process you're detecting for network usage.

This is a nice alternative instead of using "netstat -b" since "netstat -b" requires elevation on Vista (and generally you don't want to elevate when you don't need to).

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.12.1
 Author:         Michael Sunwoo

 Script Function:
    Network usage tracking script.

#ce ----------------------------------------------------------------------------

; Script Start

#include <Constants.au3>
;#include <Array.au3>
#include <String.au3>

HotKeySet("{Esc}", "ExitScript")

Local $process = "firefox.exe"
Local $dirTcpView = @TempDir & "\" & StringTrimRight(@ScriptName, 4) & "\"
Local $dirTcpViewSource = "\\orca\main\StudiosQA\Tools\TcpView\*.*"

If Not FileExists($dirTcpView & "tcpvcon.exe") Then
    If FileExists($dirTcpViewSource) Then
        FileCopy($dirTcpViewSource, $dirTcpView, 9)
    Else
        MsgBox(48, "TcpView source not found, line: " & @ScriptLineNumber, $dirTcpViewSource & " was not found." & @CRLF & "This is required to do network tracking.")
    EndIf
EndIf

While True
    If IsUsingNetwork($process) Then
        ConsoleWrite("Network use detected by " & $process & "." & @CRLF)
    Else
        ConsoleWrite("Network use NOT detected by " & $process & "." & @CRLF)
    EndIf
    
    Sleep(100)
WEnd

Func IsUsingNetwork($processName)
    $found = False
    ;ConsoleWrite('"' & $dirTcpView & 'tcpvcon.exe" -c -n "' & $process & '" | find /i "' & $process & '" . . .' & @CRLF)
    $pidTcpvcon = Run('"' & $dirTcpView & 'tcpvcon.exe" -c -n ' & $processName, "c:\", "", $STDERR_MERGED)
    ProcessWaitClose($pidTcpvcon)
    ;ConsoleWrite(@YEAR & @MON & @MDAY & "-" & @HOUR & @MIN & @SEC & ":" & @CRLF)
    $string = StdoutRead($pidTcpvcon)
    $arrayStrings = _StringSplit($string, @CRLF, True)
    ;_ArrayDisplay($arrayStrings)
    For $i = 0 To UBound($arrayStrings) - 1
        $arrayWords = _StringSplit($arrayStrings[$i], ",")
        ;_ArrayDisplay($arrayWords)
        For $j = 0 To UBound($arrayWords) - 1
            If $arrayWords[$j] = $processName Then
                ;ConsoleWrite("Found " & $processName & ": " & $arrayStrings[$i] & @CRLF)
                $found = True
            EndIf
        Next
    Next
    
    Return $found
EndFunc

Func ExitScript()
    Exit
EndFunc

Share this post


Link to post
Share on other sites
ludocus

I think kip has done this 2..

but then no need to have other files..

-edit:

Yes he has. just click here

Edited by ludocus

Share this post


Link to post
Share on other sites
duckling78

I think kip has done this 2..

but then no need to have other files..

-edit:

Yes he has. just click here

The specific reason I made this was because "netstat -b" requires administrator priviledges. So on Vista you'd need to elevate the script with UAC turned on to be able to run "netstat -b".

TcpView does not require elevation so runs fine un-elevated.

The script I'm working on does not require elevation and I wanted to add network usage tracking to it, but the "netstat -b" elevation requirement made it annoying to use on Vista. TcpView is a nice workaround.

Share this post


Link to post
Share on other sites
SoulA

I made this too if anyone else is interested. Does basically what kips program did with netstat just with tcpvcon.

Obviously requires tcpvcon.exe in the directory of the script.

#NoTrayIcon
#include <Array.au3>

$aConnections = _GetAllConnections()

_ArrayDisplay($aConnections,"Connection Info")

Func _GetAllConnections()
   
    Local $sInstall = @TempDir & "\tcpvcon.exe"
    FileInstall("tcpvcon.exe", $sInstall, 1)
    Local $iPID = Run($sInstall & " -a -c", "", @SW_HIDE, 2 + 4)
    Local $sConnections = ""
    Local $aConnections[1][6]
    
    While ProcessExists($iPID)
        $sConnections &= StdoutRead($iPID)
    WEnd
   
    $aSplit_Connections = StringSplit(StringReplace($sConnections, @CRLF, " "), " ")
    If @error Then Return SetError(1, 0, "")
   
    For $i = 1 to $aSplit_Connections[0]
        $aArray = StringSplit($aSplit_Connections[$i], ",")
        
        If $aArray[0] = 6 Then
            $aConnections[0][0] += 1                ;Number of total connections
            $iUBound = $aConnections[0][0]
            ReDim $aConnections[$iUBound + 1][6]
            $aConnections[$iUBound][0] = $aArray[1] ;TCP/UDP
            $aConnections[$iUBound][1] = $aArray[2] ;Process Name
            $aConnections[$iUBound][2] = $aArray[3] ;PID
            $aConnections[$iUBound][3] = $aArray[4] ;State
            $aConnections[$iUBound][4] = $aArray[5] ;Local Host
            $aConnections[$iUBound][5] = $aArray[6] ;Remote Host
        EndIf
    Next
    
    If FileExists($sInstall) Then FileDelete($sInstall)
    Return $aConnections
EndFunc   ;==>_GetAllConnections
Edited by SoulA

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.