Jump to content
Sign in to follow this  
duckling78

Detect if an executable/process is using the network

Recommended Posts

duckling78

First you'll need TcpView from:

http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx

Then replace: Local $dirTcpViewSource = "\\orca\main\StudiosQA\Tools\TcpView\*.*"

...with your own network path where TcpView is located.

$process is the process you're detecting for network usage.

This is a nice alternative instead of using "netstat -b" since "netstat -b" requires elevation on Vista (and generally you don't want to elevate when you don't need to).

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.12.1
 Author:         Michael Sunwoo

 Script Function:
    Network usage tracking script.

#ce ----------------------------------------------------------------------------

; Script Start

#include <Constants.au3>
;#include <Array.au3>
#include <String.au3>

HotKeySet("{Esc}", "ExitScript")

Local $process = "firefox.exe"
Local $dirTcpView = @TempDir & "\" & StringTrimRight(@ScriptName, 4) & "\"
Local $dirTcpViewSource = "\\orca\main\StudiosQA\Tools\TcpView\*.*"

If Not FileExists($dirTcpView & "tcpvcon.exe") Then
    If FileExists($dirTcpViewSource) Then
        FileCopy($dirTcpViewSource, $dirTcpView, 9)
    Else
        MsgBox(48, "TcpView source not found, line: " & @ScriptLineNumber, $dirTcpViewSource & " was not found." & @CRLF & "This is required to do network tracking.")
    EndIf
EndIf

While True
    If IsUsingNetwork($process) Then
        ConsoleWrite("Network use detected by " & $process & "." & @CRLF)
    Else
        ConsoleWrite("Network use NOT detected by " & $process & "." & @CRLF)
    EndIf
    
    Sleep(100)
WEnd

Func IsUsingNetwork($processName)
    $found = False
    ;ConsoleWrite('"' & $dirTcpView & 'tcpvcon.exe" -c -n "' & $process & '" | find /i "' & $process & '" . . .' & @CRLF)
    $pidTcpvcon = Run('"' & $dirTcpView & 'tcpvcon.exe" -c -n ' & $processName, "c:\", "", $STDERR_MERGED)
    ProcessWaitClose($pidTcpvcon)
    ;ConsoleWrite(@YEAR & @MON & @MDAY & "-" & @HOUR & @MIN & @SEC & ":" & @CRLF)
    $string = StdoutRead($pidTcpvcon)
    $arrayStrings = _StringSplit($string, @CRLF, True)
    ;_ArrayDisplay($arrayStrings)
    For $i = 0 To UBound($arrayStrings) - 1
        $arrayWords = _StringSplit($arrayStrings[$i], ",")
        ;_ArrayDisplay($arrayWords)
        For $j = 0 To UBound($arrayWords) - 1
            If $arrayWords[$j] = $processName Then
                ;ConsoleWrite("Found " & $processName & ": " & $arrayStrings[$i] & @CRLF)
                $found = True
            EndIf
        Next
    Next
    
    Return $found
EndFunc

Func ExitScript()
    Exit
EndFunc

Share this post


Link to post
Share on other sites
ludocus

I think kip has done this 2..

but then no need to have other files..

-edit:

Yes he has. just click here

Edited by ludocus

Share this post


Link to post
Share on other sites
duckling78

I think kip has done this 2..

but then no need to have other files..

-edit:

Yes he has. just click here

The specific reason I made this was because "netstat -b" requires administrator priviledges. So on Vista you'd need to elevate the script with UAC turned on to be able to run "netstat -b".

TcpView does not require elevation so runs fine un-elevated.

The script I'm working on does not require elevation and I wanted to add network usage tracking to it, but the "netstat -b" elevation requirement made it annoying to use on Vista. TcpView is a nice workaround.

Share this post


Link to post
Share on other sites
SoulA

I made this too if anyone else is interested. Does basically what kips program did with netstat just with tcpvcon.

Obviously requires tcpvcon.exe in the directory of the script.

#NoTrayIcon
#include <Array.au3>

$aConnections = _GetAllConnections()

_ArrayDisplay($aConnections,"Connection Info")

Func _GetAllConnections()
   
    Local $sInstall = @TempDir & "\tcpvcon.exe"
    FileInstall("tcpvcon.exe", $sInstall, 1)
    Local $iPID = Run($sInstall & " -a -c", "", @SW_HIDE, 2 + 4)
    Local $sConnections = ""
    Local $aConnections[1][6]
    
    While ProcessExists($iPID)
        $sConnections &= StdoutRead($iPID)
    WEnd
   
    $aSplit_Connections = StringSplit(StringReplace($sConnections, @CRLF, " "), " ")
    If @error Then Return SetError(1, 0, "")
   
    For $i = 1 to $aSplit_Connections[0]
        $aArray = StringSplit($aSplit_Connections[$i], ",")
        
        If $aArray[0] = 6 Then
            $aConnections[0][0] += 1                ;Number of total connections
            $iUBound = $aConnections[0][0]
            ReDim $aConnections[$iUBound + 1][6]
            $aConnections[$iUBound][0] = $aArray[1] ;TCP/UDP
            $aConnections[$iUBound][1] = $aArray[2] ;Process Name
            $aConnections[$iUBound][2] = $aArray[3] ;PID
            $aConnections[$iUBound][3] = $aArray[4] ;State
            $aConnections[$iUBound][4] = $aArray[5] ;Local Host
            $aConnections[$iUBound][5] = $aArray[6] ;Remote Host
        EndIf
    Next
    
    If FileExists($sInstall) Then FileDelete($sInstall)
    Return $aConnections
EndFunc   ;==>_GetAllConnections
Edited by SoulA

Share this post


Link to post
Share on other sites
WeMartiansAreFriendly

Is there API for this. I'd rather use DllCall instead. Using an external process for such a trivial task is not my cup of tea. Nice job nonetheless.


Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites
SoulA

I agree but I couldn't find anything.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×