TCP/UDP Handle List [Zz]

最新推荐文章于 2021-11-08 11:16:05 发布
最新推荐文章于 2021-11-08 11:16:05 发布
阅读量5.1k 收藏
点赞数
分类专栏: 经典转载 文章标签: list struct winapi buffer null system

    摘要://
// Coded By Napalm
// Modified By ZwelL
//

#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include "psapi.h"
#include <shlwapi.h>

#pragma comment(lib, "psapi.lib")
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "shlwapi.lib")

typedef LONG NTSTATUS;

typedef struct _IO_STATUS_BLOCK {
    union {
        NTSTATUS Status;
        PVOID Pointer;
    };
    ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

typedef void (WINAPI * PIO_APC_ROUTINE)(PVOID, PIO_STATUS_BLOCK, DWORD);

typedef LONG TDI_STATUS;
typedef PVOID CONNECTION_CONTEXT;        // connection context

typedef struct _TDI_REQUEST {
    union {
        HANDLE AddressHandle;
        CONNECTION_CONTEXT ConnectionContext;
        HANDLE ControlChannel;
    } Handle;

    PVOID RequestNotifyObject;
    PVOID RequestContext;
    TDI_STATUS TdiStatus;
} TDI_REQUEST, *PTDI_REQUEST;

typedef struct _TDI_CONNECTION_INFORMATION {
    LONG UserDataLength;        // length of user data buffer
    PVOID UserData;            // pointer to user data buffer
    LONG OptionsLength;        // length of following buffer
    PVOID Options;             // pointer to buffer containing options
    LONG RemoteAddressLength;   // length of following buffer
    PVOID RemoteAddress;        // buffer containing the remote address
} TDI_CONNECTION_INFORMATION, *PTDI_CONNECTION_INFORMATION;

typedef struct _TDI_REQUEST_QUERY_INFORMATION {
    TDI_REQUEST Request;
    ULONG QueryType;             // class of information to be queried.
    PTDI_CONNECTION_INFORMATION RequestConnectionInformation;
} TDI_REQUEST_QUERY_INFORMATION, *PTDI_REQUEST_QUERY_INFORMATION;

#define TDI_QUERY_ADDRESS_INFO           0x00000003
#define IOCTL_TDI_QUERY_INFORMATION      CTL_CODE(FILE_DEVICE_TRANSPORT, 4, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

typedef VOID *POBJECT;

typedef struct _SYSTEM_HANDLE {
    ULONG       uIdProcess;
    UCHAR       ObjectType;    // OB_TYPE_* (OB_TYPE_TYPE, etc.)
    UCHAR       Flags;        // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.)
    USHORT         Handle;
    POBJECT         pObject;
    ACCESS_MASK    GrantedAccess;
} SYSTEM_HANDLE, *PSYSTEM_HANDLE;

typedef struct _SYSTEM_HANDLE_INFORMATION {
    ULONG           uCount;
    SYSTEM_HANDLE     Handles[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
typedef const UNICODE_STRING *PCUNICODE_STRING;

typedef UNICODE_STRING OBJECT_NAME_INFORMATION;
typedef UNICODE_STRING *POBJECT_NAME_INFORMATION;

#define SystemHandleInformation           16
#define ObjectNameInformation           1
#define STATUS_SUCCESS                ((NTSTATUS)0x00000000L)
#define STATUS_INFO_LENGTH_MISMATCH       ((NTSTATUS)0xC0000004L)
#define STATUS_BUFFER_OVERFLOW           ((NTSTATUS)0x80000005L)
// -------------------------------------------------------------------------


typedef NTSTATUS (WINAPI *tNTQSI)(DWORD SystemInformationClass, PVOID SystemInformation,
                                     DWORD SystemInformationLength, PDWORD ReturnLength);
typedef NTSTATUS (WINAPI *tNTQO)(HANDLE ObjectHandle, DWORD ObjectInformationClass, PVOID ObjectInformation,
                                    DWORD Length, PDWORD ResultLength);
typedef NTSTATUS (WINAPI *tNTDIOCF)(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext,
                                  PIO_STATUS_BLOCK IoStatusBlock, DWORD IoControlCode,
                                  PVOID InputBuffer, DWORD InputBufferLength,
                                  PVOID OutputBuffer, DWORD OutputBufferLength);


void EnableDebugPrivilege()
{
    HANDLE hToken;
    TOKEN_PRIVILEGES tokenPriv;
    LUID luidDebug;
    if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) != FALSE) {
        if(LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidDebug) != FALSE)
        {
             tokenPriv.PrivilegeCount            = 1;
             tokenPriv.Privileges [0].Luid       = luidDebug;
             tokenPriv.Privileges [0].Attributes = SE_PRIVILEGE_ENABLED;
             AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, sizeof(tokenPriv), NULL, NULL);
        }
    }
}

LPWSTR GetObjectName(HANDLE hObject)
{
    LPWSTR lpwsReturn = NULL;
    tNTQO pNTQO = (tNTQO)GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtQueryObject");
    if(pNTQO != NULL){
        DWORD dwSize = sizeof(OBJECT_NAME_INFORMATION);
        POBJECT_NAME_INFORMATION pObjectInfo = (POBJECT_NAME_INFORMATION) new BYTE[dwSize];
        NTSTATUS ntReturn = pNTQO(hObject, ObjectNameInformation, pObjectInfo, dwSize, &dwSize);
        if(ntReturn == STATUS_BUFFER_OVERFLOW){
             delete pObjectInfo;
             pObjectInfo = (POBJECT_NAME_INFORMATION) new BYTE[dwSize];
             ntReturn = pNTQO(hObject, ObjectNameInformation, pObjectInfo, dwSize, &dwSize);
        }
        if((ntReturn >= STATUS_SUCCESS) && (pObjectInfo->Buffer != NULL))
        {
             lpwsReturn = (LPWSTR) new BYTE[pObjectInfo->Length + sizeof(WCHAR)];
             ZeroMemory(lpwsReturn, pObjectInfo->Length + sizeof(WCHAR));
             CopyMemory(lpwsReturn, pObjectInfo->Buffer, pObjectInfo->Length);
        }
        delete pObjectInfo;
    }
    return lpwsReturn;
}

void OutputConnectionDetails(HANDLE hObject, in_addr *ip, DWORD *port)
{
    tNTDIOCF pNTDIOCF = (tNTDIOCF)GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtDeviceIoControlFile");
    if(pNTDIOCF != NULL){
        IO_STATUS_BLOCK IoStatusBlock;
        TDI_REQUEST_QUERY_INFORMATION tdiRequestAddress = {{0}, TDI_QUERY_ADDRESS_INFO};
        BYTE tdiAddress[128];

        HANDLE hEvent2 = CreateEvent(NULL, TRUE, FALSE, NULL);
        NTSTATUS ntReturn2 = pNTDIOCF(hObject, hEvent2, NULL, NULL, &IoStatusBlock, IOCTL_TDI_QUERY_INFORMATION,
             &tdiRequestAddress, sizeof(tdiRequestAddress), &tdiAddress, sizeof(tdiAddress));
        if(hEvent2) CloseHandle(hEvent2);

        if(ntReturn2 == STATUS_SUCCESS){
             struct in_addr *pAddr = (struct in_addr *)&tdiAddress[14];
             *ip = *pAddr;
             *port = ntohs(*(PUSHORT)&tdiAddress[12]);
        }
    }
}

int main(int argc, char *argv[])
{
    printf("TCP/UDP Handle List - by Napalm/n");
    printf("Modified by ZwelL/n");
    printf("===============================/n/n");

    EnableDebugPrivilege();

    tNTQSI pNTQSI = (tNTQSI)GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtQuerySystemInformation");
    if(pNTQSI != NULL){
        DWORD dwSize = sizeof(SYSTEM_HANDLE_INFORMATION);
        PSYSTEM_HANDLE_INFORMATION pHandleInfo = (PSYSTEM_HANDLE_INFORMATION) new BYTE[dwSize];
        NTSTATUS ntReturn = pNTQSI(SystemHandleInformation, pHandleInfo, dwSize, &dwSize);
        if(ntReturn == STATUS_INFO_LENGTH_MISMATCH){
             delete pHandleInfo;
             pHandleInfo = (PSYSTEM_HANDLE_INFORMATION) new BYTE[dwSize];
             ntReturn = pNTQSI(SystemHandleInformation, pHandleInfo, dwSize, &dwSize);
        }
        if(ntReturn == STATUS_SUCCESS){
             printf(" Found %d Handles. Listing TCP/UDP Handles.../n/n", pHandleInfo->uCount);
             printf(" PID/tHandle/t%-16sHandle Name/tIP Address/tPort/n", "Process Name");
             for(DWORD dwIdx = 0; dwIdx < pHandleInfo->uCount; dwIdx++)
             {
                HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
                     FALSE, pHandleInfo->Handles[dwIdx].uIdProcess);
                if(hProcess != INVALID_HANDLE_VALUE)
                {
                     HANDLE hObject = NULL;
                     if(DuplicateHandle(hProcess, (HANDLE)pHandleInfo->Handles[dwIdx].Handle,
                          GetCurrentProcess(), &hObject, STANDARD_RIGHTS_REQUIRED, FALSE, 0) != FALSE)
                      {
                          LPWSTR lpwsName = GetObjectName(hObject);
                          if(lpwsName != NULL){
                               if(!wcscmp(lpwsName, L"//Device//Tcp") || !wcscmp(lpwsName, L"//Device//Udp"))
                               {
                                   LPSTR lpszProcess = new CHAR[MAX_PATH];
                                   struct in_addr ipaddr;
                                   DWORD port;

                                   OutputConnectionDetails(hObject, &ipaddr, &port);
                                   ZeroMemory(lpszProcess, MAX_PATH);
                                   GetModuleFileNameEx(hProcess, NULL, lpszProcess, MAX_PATH);
                                   printf("%5d/t%6d/t%-16s%-20ws%12s%7d/t%s/n",
                                       pHandleInfo->Handles[dwIdx].uIdProcess,
                                       pHandleInfo->Handles[dwIdx].Handle,
                                       ((lstrlen(lpszProcess) > 0)?PathFindFileName(lpszProcess):"[System]"),
                                       lpwsName,
                                       inet_ntoa(ipaddr),
                                       port,
                                       lpszProcess);
                                   delete lpszProcess;
                               }
                               delete lpwsName;
                          }
                          CloseHandle(hObject);
                     }
                     CloseHandle(hProcess);
                }
             }
             printf("/n/n");
        }else{
             printf("Error while trying to allocate memory for System Handle Information./n");
        }
        delete pHandleInfo;
    }else{
        printf("Cannot find NtQuerySystemInformation API... Is this system not Win2K and above?");
    }

    return 0;
}

觉鸿
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
List集合分批多线程处理
人生就像一场戏
03-31 4108
mybatis批量插入或者删除限制1000条记录,分批处理 private void close (List<PdfDataTest> closeList){ //限制次数 int limitNum=1000; if (closeList.size()<limitNum){ //执行代码逻辑 ...
aspx中使用ajax,在ashx中查询list,在前台显示页面
zhanglingcsdn的博客
11-26 243
项目环境 vs2019 数据库 MySQL 三层(BLL,DAL,Models),aspx页面(UI) 三层架构以下是查询一个list,使用ajax返回数据,在aspx显示 在aspx页面 <script type="text/javascript"> $(function () { $(".span-li").cli...
List集合分批多线程处理,同时控制最大并发
weixin_30662109的博客
06-21 1146
业务中,要实现数据日终同步,采用将同步文件中的数据封装成List集合分批处理加多线程的方式,根据数据量动态设置线程数,同时控制最大并发数量(业务中有IO操作,避免过大并发导致堵塞),实现效率提高 //最大线程数控制 private static int MAX_THREADS= 5; //跑批分页大小 private static int EXPIRED_PAGE_SIZE = 30;...
aspx里面使用List
aaaPostcard的博客
12-31 820
新建的一般处理程序里面无法应用List<>,如图: 使用List方法:加上命名空间:using System.Collections.Generic;即可。
asp.net简单新闻系统2-list.aspx
“开心最好”的专栏
05-07 5801
 这个几乎就跟作者的一模一样,只是我是用vs2005,作者用的是vs2003,只是简化了,因为有的我不懂什么意思.不知道是不是必须的list.aspx源码如下:http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">http://www.w3.org/1999/xhtml" >    无标题页              网站
Socket网络TCP/UDP通信调试工具
05-19
SocketTool调试工具官方版是一款网络TCP/UDP通信调试工具。SocketTool调试工具最新版可以有效地帮助网络管理员检测各种网络通信状永久,集成了TCP服务器/客户端、UDP服务器/客户端和UDP广播/组播等功能。SocketTool...
TCP/UDP Socket调试工具 V2.3
01-07
TCP/UDP Socket调试工具 V2.3
TCP/UDP网络调试助手
08-01
private void Form1_Load(object sender, EventArgs e)//初始化为UDP Server模式 { cobProtocol.SelectedIndex = 0; txtIP.Text = GetAddressIP(); Control.CheckForIllegalCrossThreadCalls = false; } ...
TCP/UDP Socket调试工具
06-12
★ 全面集成 TCP服务器/客户端; UDP服务器/客户端; UDP广播/组播 功能 ★ 支持多Socket并行测试, 采用树状Socket可视化界面,所有Socket句柄一目了然 ★ 在一个程序内可进行多句柄/多类型的Socket的创建/删除/以及...
Qt通过TCP/UDP实现网络通信
最新发布
04-04
Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信Qt通过TCP/UDP实现网络通信...
C# aspx List<T>绑定下拉框
起风了
11-08 268
 public static void DDlTypeBind(DropDownList ddlControl, List EntityList, string valuename, string textname, string firstvalue) { //清理下拉框 ddlControl.Items.Cl
Java网络编程 TCP
sinat_31089473的博客
05-16 277
Socket是一个抽象概念,一个应用程序通过一个Socket来建立一个远程连接,而Socket内部通过TCP/IP协议把数据传输到网络: Socket、TCP和部分IP的功能都是由操作系统提供的,不同的编程语言只是提供了对操作系统调用的简单的封装。例如,Java提供的几个Socket相关的类就封装了操作系统提供的接口。 为什么需要Socket进行网络通信?因为仅仅通过IP地址进行通信是不够的,同一台计算机同一时间会运行多个网络应用程序,例如浏览器、QQ、邮件客户端等。当操作系统接收到一个数据包的时候
关于EventHandlerList的用法简介
脚踏实地
06-24 2400
EventHandlerList作为事件处理的替补方案 如果你发现你的服务组件对外需要提供很多的事件,而这些事件一般情况下你认为很少有程序拦截。使用EventHandlerList提供的功能将很适合你,如果使用.NET提供的默认事件机制,你可能在创建实例时消耗较多 的内存,而使用EventHandlerList挂接事件将节约内存。下面的代码演示了如何使用此功能。 private EventHa
UEFI小结-Handle的来龙去脉
09-09 8121
转自:http://www.biosren.com/thread-3440-1-1.html 作者:HarmonyHu 本文说明:本人刚学习UEFI不久,写该文一是为了将学到的东西做一个规范化的总结,二是为了给初学UEFI的兄弟起到借鉴作用。同样地,错误的地方肯定很多,还望能
进程-端口-IP地址关联演示
phphot
01-31 2192
这篇文章是我看了一篇VC的文章增加修改而来,原文章地址我也忘记了,作者也不是很清楚,在这里希望原作者能原谅. 此代码演示了进 程和端口以及IP地址的关联,程序使用了ZwQuerySystemInformation函数来枚举所有打开的句柄然后再使用 ZwQueryObject函数来获取句柄所对应的路径,如果发现路径正包含/device/rawip或者/device/tcp或者/device/
TDI笔记
kernweak的博客
07-04 1025
XP中应用层数据到达内核,经过TDI驱动,TDI Client驱动程序-》TDI传输驱动程序,在TDI驱动中数据此时还在IRP包里,TDI中网络数据还封装在IRP包中,还是可以查看属于哪个进程的。所以进程查看等就在这设置。 再往下发给NDIS驱动,这时候就是纯NDIS网络数据包了,脱离了进程。如果进行限流的话就是TDI加NDIS结合使用。因为NDIS脱离了进程。 NDIS分为三层,网络协议驱动...
BlueStore源码分析之BlockDevice
qq_23929673的博客
01-27 886
文章目录前言数据结构初始化设备同步IO异步IOAIO架构AIO读写AIO线程SyncDiscard 前言 Ceph新的存储引擎BlueStore已成为默认的存储引擎,抛弃了对传统文件系统的依赖,直接管理裸设备,通过Libaio的方式进行读写。抽象出了BlockDevice基类,提供统一的操作接口,后端对应不同的设备类型的实现(Kernel、NVME、NVRAM)等。除此之外,还引入了支持NVME的...
卓岚tcp/udp调试工具使用
08-25
卓岚TCP/UDP调试工具是一款用于网络调试的工具,可以帮助开发人员在TCP/UDP协议的通信过程中进行调试和测试。其主要功能包括以下几个方面: 1. TCP/UDP客户端:可以模拟TCP/UDP客户端的行为,发送请求并接收服务器...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值