在xp和2003下察看端口对应的进程
-作者:shadow -编辑:shadow -来源:http://www.codehome.6600.org -时间:2004-10-27 20:20:13
/*========================================
在xp和2003下察看端口对应的进程
作者:shadow
Email:dreamshadow@mail.sdu.edu.cn
日期:2004/10/26
来源:http://www.codehome.6600.org
转载请注明出处!
==========================================*/
我们都知道fport.exe只能在2000下运行,那么有没有办法在xp和2003下察看端口对应的信息呢?答案是肯定的:)
首先让我们来熟悉几条命令和程序的用法吧:
netstat -ano //这个命令是列出当前网络连接状况,并且列出端口对应程序的pid
tlist.exe //在2000和xp安装盘的Support/Tools目录下,support.cab 压缩包自带的一个工具,可以查看指定pid对应的进程信息
让我们来看看运行效果吧
以下是netstat-ano在cmd中的运行结果:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 496
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 984
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1316
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724
TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2860
TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1476
TCP 202.194.4.218:21 0.0.0.0:0 LISTENING 1476
TCP 202.194.4.218:80 202.194.4.218:3768 ESTABLISHED 4
TCP 202.194.4.218:1433 211.233.12.64:8374 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:8716 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:9075 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:9430 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:9785 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:10750 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:11091 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:11418 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:11739 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:12093 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:12452 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:15486 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:15851 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:16223 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:16580 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:16928 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:17283 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:17635 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:18005 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:18372 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:18746 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:19077 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:19453 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:19827 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:20199 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:20601 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:20951 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:21295 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:22194 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:22505 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:23517 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:23883 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:24245 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:24584 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:24920 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:25257 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:25676 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:26009 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:26345 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:26719 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:27724 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:28607 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:28950 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:29280 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:29582 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:29931 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:30299 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:30635 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:31003 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:31965 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:32317 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:33716 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:34076 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:34447 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:34735 FIN_WAIT_1 1316
TCP 202.194.4.218:3389 219.218.104.91:1065 ESTABLISHED 724
TCP 202.194.4.218:3768 202.194.4.218:80 ESTABLISHED 3172
TCP 202.194.4.218:3771 66.94.230.51:80 TIME_WAIT 0
TCP 202.194.4.218:3772 66.94.230.37:80 TIME_WAIT 0
UDP 0.0.0.0:42 *:* 1524
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 496
UDP 0.0.0.0:1029 *:* 860
UDP 0.0.0.0:1030 *:* 1576
UDP 0.0.0.0:1032 *:* 1524
UDP 0.0.0.0:1434 *:* 1316
UDP 0.0.0.0:1645 *:* 876
UDP 0.0.0.0:1646 *:* 876
UDP 0.0.0.0:1812 *:* 876
UDP 0.0.0.0:1813 *:* 876
UDP 0.0.0.0:1837 *:* 860
UDP 0.0.0.0:1886 *:* 860
UDP 0.0.0.0:1887 *:* 860
UDP 0.0.0.0:1888 *:* 860
UDP 0.0.0.0:1889 *:* 860
UDP 0.0.0.0:1890 *:* 860
UDP 0.0.0.0:1891 *:* 860
UDP 0.0.0.0:1892 *:* 860
UDP 0.0.0.0:3527 *:* 1576
UDP 0.0.0.0:4000 *:* 2840
UDP 0.0.0.0:4500 *:* 496
UDP 0.0.0.0:6000 *:* 2840
UDP 0.0.0.0:6001 *:* 2840
UDP 127.0.0.1:123 *:* 876
UDP 127.0.0.1:1027 *:* 876
UDP 127.0.0.1:1028 *:* 876
UDP 127.0.0.1:1180 *:* 2496
UDP 127.0.0.1:2920 *:* 2476
UDP 127.0.0.1:3546 *:* 1904
UDP 127.0.0.1:3798 *:* 3400
UDP 127.0.0.1:3877 *:* 2312
UDP 202.194.4.218:123 *:* 876
最后一列就是PID了
//---------------------------------------------------------------------------
以下是tlist.exe的运行结果:tlist.exe的用法是:tlist.exe pid
譬如:tlist.exe 1524 其结果如下:
1524 wins.exe
CWD: C:/WINDOWS/system32/
CmdLine: C:/WINDOWS/System32/wins.exe
VirtualSize: 77372 KB PeakVirtualSize: 78212 KB
WorkingSetSize: 2604 KB PeakWorkingSetSize: 6768 KB
NumberOfThreads: 18
1528 Win32StartAddr:0x0101249a LastErr:0x000003e5 State:Waiting
1544 Win32StartAddr:0x77d7570d LastErr:0x000003e5 State:Waiting
1828 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1832 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1836 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1840 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1972 Win32StartAddr:0x01003e1a LastErr:0x00000000 State:Waiting
1976 Win32StartAddr:0x01003fc7 LastErr:0x00000000 State:Waiting
1980 Win32StartAddr:0x01007b95 LastErr:0x00000000 State:Waiting
1984 Win32StartAddr:0x0101d872 LastErr:0x00000000 State:Waiting
1988 Win32StartAddr:0x01020137 LastErr:0x00000000 State:Waiting
1996 Win32StartAddr:0x01014d48 LastErr:0x00000000 State:Waiting
2000 Win32StartAddr:0x01013a15 LastErr:0x00000000 State:Waiting
2004 Win32StartAddr:0x01006a10 LastErr:0x00000000 State:Waiting
2008 Win32StartAddr:0x77c30840 LastErr:0x00000102 State:Waiting
2012 Win32StartAddr:0x77c30840 LastErr:0x00000000 State:Waiting
2508 Win32StartAddr:0x06001cb7 LastErr:0x00000000 State:Waiting
2272 Win32StartAddr:0x00000000 LastErr:0x000003f0 State:Waiting
5.2.3790.99 shp 0x01000000 wins.exe
5.2.3790.0 shp 0x77f30000 ntdll.dll
5.2.3790.0 shp 0x77e10000 kernel32.dll
7.0.3790.0 shp 0x77b70000 msvcrt.dll
5.2.3790.0 shp 0x77d60000 ADVAPI32.dll
5.2.3790.137 shp 0x77c20000 RPCRT4.dll
5.2.3790.0 shp 0x71ba0000 NETAPI32.dll
5.2.3790.73 shp 0x77cd0000 USER32.dll
5.2.3790.0 shp 0x77bd0000 GDI32.dll
5.2.3790.0 shp 0x71b60000 WS2_32.dll
5.2.3790.0 shp 0x71b50000 WS2HELP.dll
5.2.3790.138 shp 0x77150000 ole32.dll
5.2.3790.0 shp 0x5bb80000 VSSAPI.DLL
3.5.2283.0 shp 0x769c0000 ATL.DLL
5.2.3790.0 shp 0x770d0000 OLEAUT32.dll
5.2.3790.0 shp 0x76180000 IMM32.DLL
5.2.3790.0 shp 0x63090000 LPK.DLL
1.421.3790.0 shp 0x72ee0000 USP10.dll
5.2.3790.0 shp 0x71a80000 mswsock.dll
5.2.3790.0 shp 0x71a40000 wshtcpip.dll
5.2.3790.0 shp 0x76e30000 DNSAPI.dll
5.2.3790.0 shp 0x76ed0000 winrnr.dll
5.2.3790.0 shp 0x76e70000 WLDAP32.dll
5.2.3790.0 shp 0x76ee0000 rasadhlp.dll
5.2.3790.0 shp 0x699b0000 esent.dll
5.2.3790.0 shp 0x5d000000 SAMLIB.dll
2001.12.4720.130 s 0x76ef0000 CLBCatQ.DLL
2001.12.4720.0 shp 0x76f70000 COMRes.dll
5.2.3790.0 shp 0x77b60000 VERSION.dll
2001.12.4720.130 s 0x76a10000 es.dll
5.2.3790.0 shp 0x76eb0000 secur32.dll
16.0.0.19 shp 0x06000000 ApiHook.dll
16.2.0.6 shp 0x05000000 MemMon.dll
很显然CmdLine:后面的就是程序的路径
//----------------------------------------------------
到这里,聪明的你一定想到方法了,其实只要找到端口对应的进程的PID,再根据PID找到程序具体的路径就行了
我们所要实现的工作就是自动化而已
下面讲下大体思路:
首先我们执行以下两条命令:
netstat -ano|find "LISTENING">tcplisten.txt //获得TCP监听端口列表
netstat -ano|find "UDP">udplisten.txt //获得UDP监听端口列表
//---------------------------------------------------------
以下是netstat -ano|find "LISTENING">tcplisten.txt执行结果,打开tcplisten.txt 可以看到:
TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 496
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 984
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1316
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724
TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2860
TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1476
TCP 202.194.4.218:21 0.0.0.0:0 LISTENING 1476
//--------------------------------------------------------
以下是netstat -ano|find "UDP">udplisten.txt 执行结果,打开udplisten.txt 可以看到:
UDP 0.0.0.0:42 *:* 1524
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 496
UDP 0.0.0.0:1029 *:* 860
UDP 0.0.0.0:1030 *:* 1576
UDP 0.0.0.0:1032 *:* 1524
UDP 0.0.0.0:1434 *:* 1316
UDP 0.0.0.0:1645 *:* 876
UDP 0.0.0.0:1646 *:* 876
UDP 0.0.0.0:1812 *:* 876
UDP 0.0.0.0:1813 *:* 876
UDP 0.0.0.0:1837 *:* 860
UDP 0.0.0.0:1886 *:* 860
UDP 0.0.0.0:1887 *:* 860
UDP 0.0.0.0:1888 *:* 860
UDP 0.0.0.0:1889 *:* 860
UDP 0.0.0.0:1890 *:* 860
UDP 0.0.0.0:1891 *:* 860
UDP 0.0.0.0:1892 *:* 860
UDP 0.0.0.0:3527 *:* 1576
UDP 0.0.0.0:4000 *:* 2840
UDP 0.0.0.0:4500 *:* 496
UDP 0.0.0.0:6000 *:* 2840
UDP 0.0.0.0:6001 *:* 2840
UDP 127.0.0.1:123 *:* 876
UDP 127.0.0.1:1027 *:* 876
UDP 127.0.0.1:1028 *:* 876
UDP 127.0.0.1:1180 *:* 2496
UDP 127.0.0.1:2920 *:* 2476
UDP 127.0.0.1:3546 *:* 1904
UDP 127.0.0.1:3798 *:* 3400
UDP 127.0.0.1:3877 *:* 2312
UDP 202.194.4.218:123 *:* 876
//---------------------------------------------------------
我们只要对这两个文件中的信息处理下就能提取到端口和PID的对应表了
定义如下结构体吧:
//-------------------------------
typedef struct _PORTTOPROCESS{
CString Port;
CString Protocol;
CString Pid;
CString ProcName;
CString ProcPath;
}PORTTOPROCESS;
//-------------------------------
PORTTOPROCESS PortToProcess[100] //声明一百个结构体应该够用了
第一步通过处理上述两个文件来实例化PortToProcess数组中的Port,Protocol,Pid项,并返回总的PortNum;
第二步通过进程快照获得pid对应的程序名实例化结构体中的ProcName项;
第三步先按
tlist.exe pid1|find "CmdLine:">>procinfo.txt
tlist.exe pid2|find "CmdLine:">>procinfo.txt
tlist.exe pid3|find "CmdLine:">>procinfo.txt
.
.
.
.
的格式写成一个bat文件,通过system()函数运行它,得到每个端口对应PID对应的进程信息
接着写个函数从procinfo.txt文件里把信息读出来实例化结构体中的ProcPath项;最后根据PortNum输出结果
原理就这么简单了,具体的看代码吧,附查看程序!在2003和xp下测试成功,vc6.0+2003的编译环境,代码中PcInfor类是个比较
全的类,可以获得系统的详细信息,只要把PcInfor.h和PcInfor.cpp拷贝到你的工程项目中就能用了
程序运行的时候会有CMD窗口弹出,这是因为调用了system()函数所致,在CMD窗口运行完之后程序会等待一段时间(大概20秒),是为了等待bat文件执行完,如果你的机子运行比较慢,可以把原代码的此处修改一下:
void PcInfor::GetPortToProcessInfo()
{
int i;
BornTcpListen();
BornUdpListen();
GetListenPort();
FindProcName();
FindProcPath();
for(i=0;i<20;i++) Sleep(1000);
GetProcPath();
DeleteTempFile();
WriteProcinfo();
}
循环次数加多点,在重新编译以下就行了!
如果发现bug或者你修改了更好的请给我一份,本人不胜感激:)
//shadow 2004/10/26
//email:dreamshadow@mail.sdu.edu.cn
//http:www.codehome.6600.org