Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[VB.Net] Local/Remote TCP info from process [Source]
#1
Hey,

I never really intended to release it as I had some crap with this getting it to work. Though I had lots of help with this since I liked it more then WireShark and I got all the info I needed without searching.
I've used this for packet logging of: HWID applications, games and other things you will find out while using this.

Screenshot:
[Image: jcNZU2.png]

We are going to use iphlpapi.dll (GetExtendedTcpTable) to get the information.

First, declare the API and some structures we need:

Code:
<DllImport("iphlpapi.dll", SetLastError:=True)> _
    Private Function GetExtendedTcpTable(ByVal pTcpTable As IntPtr, ByRef OutBufLen As Integer, ByVal sort As Boolean, ByVal ipVersion As Integer, ByVal tblClass As Integer, ByVal reserved As Integer) As UInteger
    End Function

    Private Structure tcprows
        Public LocalAddress As Integer
        Public LocalPort As Integer
        Public RemoteAddress As Integer
        Public RemotePort As Integer
        Public ProcessID As Integer
    End Structure

    Private Structure tcptable
        Public NumEntries As Integer
    End Structure

Now comes the most important function of this, the part where we get all the connections.

Code:
Private Function GetAllTcpConnections() As tcprows()
        Const NO_ERROR As Integer = 0
        Const IP_v4 As Integer = 2
        Dim tTable As tcprows() = Nothing
        Dim buffSize As Integer = 0
        GetExtendedTcpTable(IntPtr.Zero, buffSize, True, IP_v4, 5, 0)
        Dim buffTable As IntPtr = Marshal.AllocHGlobal(buffSize)
        Try
            If NO_ERROR <> GetExtendedTcpTable(buffTable, buffSize, True, IP_v4, 5, 0) Then
                Return Nothing
            End If
            Dim tab As tcptable = Marshal.PtrToStructure(buffTable, GetType(tcptable))
            Dim rowPtr As IntPtr = CLng(buffTable) + Marshal.SizeOf(tab.NumEntries)
            tTable = New tcprows(tab.NumEntries - 1) {}

            Dim rowSize As Integer = Marshal.SizeOf(GetType(tcprows))
            For i As Integer = 0 To tab.NumEntries - 1
                Dim tcpRow As tcprows = Marshal.PtrToStructure(rowPtr, GetType(tcprows))
                tTable(i) = tcpRow
                rowPtr = CInt(rowPtr) + rowSize
            Next
        Finally
            Marshal.FreeHGlobal(buffTable)
        End Try
        Return tTable
    End Function

As I'm using a Command Application I made this:

Code:
Public Sub CheckProcess_Tcp(ByVal procname As String)
        Dim allTcpConns As tcprows() = GetAllTcpConnections()
        For Each row As tcprows In allTcpConns
            For Each p As Process In Process.GetProcessesByName(procname)
                If row.ProcessID = p.Id Then
                    Console.ForegroundColor = ConsoleColor.White
                    Console.Write("---------------------------------------------" & vbNewLine)
                    Console.Write("Remote:   " & tIP(row.RemoteAddress) & ":" & tPort(row.RemotePort) & vbNewLine)
                    Console.Write("Local:    " & tIP(row.LocalAddress) & ":" & tPort(row.LocalPort) & vbNewLine)
                    Console.Write("Process:  " & procname & "(" & row.ProcessID & ")" & vbNewLine)
                    Try
                        For Each pm As ProcessModule In p.Modules
                            If pm.FileName.Contains(procname) Then
                                Console.Write("Location: " & pm.FileName() & vbNewLine)
                                Exit For
                            End If
                        Next
                    Catch
                        Console.Write("Location: Error - 32 bit process could not been read" & vbNewLine)
                    End Try
                    Console.Write("---------------------------------------------" & vbNewLine)
                End If
            Next
        Next
    End Sub

This will check if a row in the table contains the matched ID of the process we are looking for.

As you see there are some errors. We need to translate the port and IP.

Code:
Private Function tPort(ByVal port As Integer) As Integer
        Return ((port And &HFF) << 8 Or (port And &HFF00) >> 8)
    End Function
    Public Function tIP(ByVal LongIP As Double) As String
        Dim ByteIP(4) As String
        Dim x As Byte = Nothing
        Dim IP As String

        If LongIP < 4294967296.0# And LongIP >= 0 Then
            ByteIP(0) = Fix(LongIP / (256 ^ 3))
            ByteIP(1) = Fix(((LongIP - (ByteIP(0) * (256 ^ 3))) / (256 ^ 2)))
            ByteIP(2) = Fix(((LongIP - (ByteIP(0) * (256 ^ 3)) - (ByteIP(1) * (256 ^ 2))) / 256))
            ByteIP(3) = ((LongIP - (ByteIP(0) * (256 ^ 3)) - (ByteIP(1) * (256 ^ 2)) - (ByteIP(2) * 256)))
            IP = ByteIP(3) & "." & ByteIP(2) & "." & ByteIP(1) & "." & ByteIP(0)
            tIP = IP
        Else
            tIP = -1
        End If
    End Function

Enjoy, any questions can be asked below. I'd appreciate if you reply below Big Grin
Reply


Messages In This Thread
[VB.Net] Local/Remote TCP info from process [Source] - by The-One - 06-04-2011, 01:16 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  [VB.NET] Remote desktop viewer [VB.NET] TalishHF 13 11,557 05-25-2013, 03:21 AM
Last Post: Imaking31
  Free Advanced Port Scanner SOURCE [ VB.NET ] Filefinder 6 5,739 01-22-2013, 04:27 AM
Last Post: TalishHF
  [VB.NET]Console app Menu example (amortization calculator)[Source] KoBE 8 8,161 12-28-2012, 06:55 AM
Last Post: mouse719
  [VB.NET] Get Region Info [Source] ƃu∀ ıʞƃu∀ 0 1,250 11-28-2012, 04:38 AM
Last Post: ƃu∀ ıʞƃu∀
  [Source] List Process'/Kill Process ♱ RedTube ♱ 3 1,811 11-25-2012, 10:39 PM
Last Post: ƃu∀ ıʞƃu∀

Forum Jump:


Users browsing this thread: 1 Guest(s)