06-04-2011, 01:16 PM
Hey,
I never really intended to release it as I had some crap with this getting it to work. Though I had lots of help with this since I liked it more then WireShark and I got all the info I needed without searching.
I've used this for packet logging of: HWID applications, games and other things you will find out while using this.
Screenshot:
We are going to use iphlpapi.dll (GetExtendedTcpTable) to get the information.
First, declare the API and some structures we need:
Now comes the most important function of this, the part where we get all the connections.
As I'm using a Command Application I made this:
This will check if a row in the table contains the matched ID of the process we are looking for.
As you see there are some errors. We need to translate the port and IP.
Enjoy, any questions can be asked below. I'd appreciate if you reply below
I never really intended to release it as I had some crap with this getting it to work. Though I had lots of help with this since I liked it more then WireShark and I got all the info I needed without searching.
I've used this for packet logging of: HWID applications, games and other things you will find out while using this.
Screenshot:
We are going to use iphlpapi.dll (GetExtendedTcpTable) to get the information.
First, declare the API and some structures we need:
Code:
<DllImport("iphlpapi.dll", SetLastError:=True)> _
Private Function GetExtendedTcpTable(ByVal pTcpTable As IntPtr, ByRef OutBufLen As Integer, ByVal sort As Boolean, ByVal ipVersion As Integer, ByVal tblClass As Integer, ByVal reserved As Integer) As UInteger
End Function
Private Structure tcprows
Public LocalAddress As Integer
Public LocalPort As Integer
Public RemoteAddress As Integer
Public RemotePort As Integer
Public ProcessID As Integer
End Structure
Private Structure tcptable
Public NumEntries As Integer
End Structure
Now comes the most important function of this, the part where we get all the connections.
Code:
Private Function GetAllTcpConnections() As tcprows()
Const NO_ERROR As Integer = 0
Const IP_v4 As Integer = 2
Dim tTable As tcprows() = Nothing
Dim buffSize As Integer = 0
GetExtendedTcpTable(IntPtr.Zero, buffSize, True, IP_v4, 5, 0)
Dim buffTable As IntPtr = Marshal.AllocHGlobal(buffSize)
Try
If NO_ERROR <> GetExtendedTcpTable(buffTable, buffSize, True, IP_v4, 5, 0) Then
Return Nothing
End If
Dim tab As tcptable = Marshal.PtrToStructure(buffTable, GetType(tcptable))
Dim rowPtr As IntPtr = CLng(buffTable) + Marshal.SizeOf(tab.NumEntries)
tTable = New tcprows(tab.NumEntries - 1) {}
Dim rowSize As Integer = Marshal.SizeOf(GetType(tcprows))
For i As Integer = 0 To tab.NumEntries - 1
Dim tcpRow As tcprows = Marshal.PtrToStructure(rowPtr, GetType(tcprows))
tTable(i) = tcpRow
rowPtr = CInt(rowPtr) + rowSize
Next
Finally
Marshal.FreeHGlobal(buffTable)
End Try
Return tTable
End Function
As I'm using a Command Application I made this:
Code:
Public Sub CheckProcess_Tcp(ByVal procname As String)
Dim allTcpConns As tcprows() = GetAllTcpConnections()
For Each row As tcprows In allTcpConns
For Each p As Process In Process.GetProcessesByName(procname)
If row.ProcessID = p.Id Then
Console.ForegroundColor = ConsoleColor.White
Console.Write("---------------------------------------------" & vbNewLine)
Console.Write("Remote: " & tIP(row.RemoteAddress) & ":" & tPort(row.RemotePort) & vbNewLine)
Console.Write("Local: " & tIP(row.LocalAddress) & ":" & tPort(row.LocalPort) & vbNewLine)
Console.Write("Process: " & procname & "(" & row.ProcessID & ")" & vbNewLine)
Try
For Each pm As ProcessModule In p.Modules
If pm.FileName.Contains(procname) Then
Console.Write("Location: " & pm.FileName() & vbNewLine)
Exit For
End If
Next
Catch
Console.Write("Location: Error - 32 bit process could not been read" & vbNewLine)
End Try
Console.Write("---------------------------------------------" & vbNewLine)
End If
Next
Next
End Sub
This will check if a row in the table contains the matched ID of the process we are looking for.
As you see there are some errors. We need to translate the port and IP.
Code:
Private Function tPort(ByVal port As Integer) As Integer
Return ((port And &HFF) << 8 Or (port And &HFF00) >> 8)
End Function
Public Function tIP(ByVal LongIP As Double) As String
Dim ByteIP(4) As String
Dim x As Byte = Nothing
Dim IP As String
If LongIP < 4294967296.0# And LongIP >= 0 Then
ByteIP(0) = Fix(LongIP / (256 ^ 3))
ByteIP(1) = Fix(((LongIP - (ByteIP(0) * (256 ^ 3))) / (256 ^ 2)))
ByteIP(2) = Fix(((LongIP - (ByteIP(0) * (256 ^ 3)) - (ByteIP(1) * (256 ^ 2))) / 256))
ByteIP(3) = ((LongIP - (ByteIP(0) * (256 ^ 3)) - (ByteIP(1) * (256 ^ 2)) - (ByteIP(2) * 256)))
IP = ByteIP(3) & "." & ByteIP(2) & "." & ByteIP(1) & "." & ByteIP(0)
tIP = IP
Else
tIP = -1
End If
End Function
Enjoy, any questions can be asked below. I'd appreciate if you reply below