上一篇:微软ping程序源代码完整版 >>
在xp和2003下察看端口对应的进程
我们都知道fport.exe只能在2000下运行,那么有没有办法在xp和2003下察看端口对应的信息呢?答案是肯定的:)
首先让我们来熟悉几条命令和程序的用法吧:
netstat -ano//这个命令是列出当前网络连接状况,并且列出端口对应程序的pid
tlist.exe //在2000和xp安装盘的support\tools目录下,support.cab 压缩包自带的一个工具,可以查看指定pid对应的进程信息
让我们来看看运行效果吧
以下是netstat-ano在cmd中的运行结果:
active connections
protolocal addressforeign addressstate pid
tcp0.0.0.0:42 0.0.0.0:0listening 1524
tcp0.0.0.0:80 0.0.0.0:0listening 1616
tcp0.0.0.0:1350.0.0.0:0listening 660
tcp0.0.0.0:4450.0.0.0:0listening 4
tcp0.0.0.0:1025 0.0.0.0:0listening 496
tcp0.0.0.0:1026 0.0.0.0:0listening 984
tcp0.0.0.0:1031 0.0.0.0:0listening 1576
tcp0.0.0.0:1033 0.0.0.0:0listening 1524
tcp0.0.0.0:1433 0.0.0.0:0listening 1316
tcp0.0.0.0:1801 0.0.0.0:0listening 1576
tcp0.0.0.0:2103 0.0.0.0:0listening 1576
tcp0.0.0.0:2105 0.0.0.0:0listening 1576
tcp0.0.0.0:2107 0.0.0.0:0listening 1576
tcp0.0.0.0:3389 0.0.0.0:0listening 724
tcp0.0.0.0:4899 0.0.0.0:0listening 2860
tcp127.0.0.1:439580.0.0.0:0listening 1476
tcp202.194.4.218:21 0.0.0.0:0listening 1476
tcp202.194.4.218:80 202.194.4.218:3768 established 4
tcp202.194.4.218:1433 211.233.12.64:8374 time_wait 0
tcp202.194.4.218:1433 211.233.12.64:8716 time_wait 0
tcp202.194.4.218:1433 211.233.12.64:9075 time_wait 0
tcp202.194.4.218:1433 211.233.12.64:9430 time_wait 0
tcp202.194.4.218:1433 211.233.12.64:9785 time_wait 0
tcp202.194.4.218:1433 211.233.12.64:10750time_wait 0
tcp202.194.4.218:1433 211.233.12.64:11091time_wait 0
tcp202.194.4.218:1433 211.233.12.64:11418time_wait 0
tcp202.194.4.218:1433 211.233.12.64:11739time_wait 0
tcp202.194.4.218:1433 211.233.12.64:12093time_wait 0
tcp202.194.4.218:1433 211.233.12.64:12452time_wait 0
tcp202.194.4.218:1433 211.233.12.64:15486time_wait 0
tcp202.194.4.218:1433 211.233.12.64:15851time_wait 0
tcp202.194.4.218:1433 211.233.12.64:16223time_wait 0
tcp202.194.4.218:1433 211.233.12.64:16580time_wait 0
tcp202.194.4.218:1433 211.233.12.64:16928time_wait 0
tcp202.194.4.218:1433 211.233.12.64:17283time_wait 0
tcp202.194.4.218:1433 211.233.12.64:17635time_wait 0
tcp202.194.4.218:1433 211.233.12.64:18005time_wait 0
tcp202.194.4.218:1433 211.233.12.64:18372time_wait 0
tcp202.194.4.218:1433 211.233.12.64:18746time_wait 0
tcp202.194.4.218:1433 211.233.12.64:19077time_wait 0
tcp202.194.4.218:1433 211.233.12.64:19453time_wait 0
tcp202.194.4.218:1433 211.233.12.64:19827time_wait 0
tcp202.194.4.218:1433 211.233.12.64:20199time_wait 0
tcp202.194.4.218:1433 211.233.12.64:20601time_wait 0
tcp202.194.4.218:1433 211.233.12.64:20951time_wait 0
tcp202.194.4.218:1433 211.233.12.64:21295time_wait 0
tcp202.194.4.218:1433 211.233.12.64:22194time_wait 0
tcp202.194.4.218:1433 211.233.12.64:22505time_wait 0
tcp202.194.4.218:1433 211.233.12.64:23517time_wait 0
tcp202.194.4.218:1433 211.233.12.64:23883time_wait 0
tcp202.194.4.218:1433 211.233.12.64:24245time_wait 0
tcp202.194.4.218:1433 211.233.12.64:24584time_wait 0
tcp202.194.4.218:1433 211.233.12.64:24920time_wait 0
tcp202.194.4.218:1433 211.233.12.64:25257time_wait 0
tcp202.194.4.218:1433 211.233.12.64:25676time_wait 0
tcp202.194.4.218:1433 211.233.12.64:26009time_wait 0
tcp202.194.4.218:1433 211.233.12.64:26345time_wait 0
tcp202.194.4.218:1433 211.233.12.64:26719time_wait 0
tcp202.194.4.218:1433 211.233.12.64:27724time_wait 0
tcp202.194.4.218:1433 211.233.12.64:28607time_wait 0
tcp202.194.4.218:1433 211.233.12.64:28950time_wait 0
tcp202.194.4.218:1433 211.233.12.64:29280time_wait 0
tcp202.194.4.218:1433 211.233.12.64:29582time_wait 0
tcp202.194.4.218:1433 211.233.12.64:29931time_wait 0
tcp202.194.4.218:1433 211.233.12.64:30299time_wait 0
tcp202.194.4.218:1433 211.233.12.64:30635time_wait 0
tcp202.194.4.218:1433 211.233.12.64:31003time_wait 0
tcp202.194.4.218:1433 211.233.12.64:31965time_wait 0
tcp202.194.4.218:1433 211.233.12.64:32317time_wait 0
tcp202.194.4.218:1433 211.233.12.64:33716time_wait 0
tcp202.194.4.218:1433 211.233.12.64:34076time_wait 0
tcp202.194.4.218:1433 211.233.12.64:34447time_wait 0
tcp202.194.4.218:1433 211.233.12.64:34735fin_wait_11316
tcp202.194.4.218:3389 219.218.104.91:1065established 724
tcp202.194.4.218:3768 202.194.4.218:80 established 3172
tcp202.194.4.218:3771 66.94.230.51:80time_wait 0
tcp202.194.4.218:3772 66.94.230.37:80time_wait 0
udp0.0.0.0:42 *:*1524
udp0.0.0.0:445*:*4
udp0.0.0.0:500*:*496
udp0.0.0.0:1029 *:*860
udp0.0.0.0:1030 *:*1576
udp0.0.0.0:1032 *:*1524
udp0.0.0.0:1434 *:*1316
udp0.0.0.0:1645 *:*876
udp0.0.0.0:1646 *:*876
udp0.0.0.0:1812 *:*876
udp0.0.0.0:1813 *:*876
udp0.0.0.0:1837 *:*860
udp0.0.0.0:1886 *:*860
udp0.0.0.0:1887 *:*860
udp0.0.0.0:1888 *:*860
udp0.0.0.0:1889 *:*860
udp0.0.0.0:1890 *:*860
udp0.0.0.0:1891 *:*860
udp0.0.0.0:1892 *:*860
udp0.0.0.0:3527 *:*1576
udp0.0.0.0:4000 *:*2840
udp0.0.0.0:4500 *:*496
udp0.0.0.0:6000 *:*2840
udp0.0.0.0:6001 *:*2840
udp127.0.0.1:123*:*876
udp127.0.0.1:1027 *:*876
udp127.0.0.1:1028 *:*876
udp127.0.0.1:1180 *:*2496
udp127.0.0.1:2920 *:*2476
udp127.0.0.1:3546 *:*1904
udp127.0.0.1:3798 *:*3400
udp127.0.0.1:3877 *:*2312
udp202.194.4.218:123*:*876
最后一列就是pid了
//---------------------------------------------------------------------------
以下是tlist.exe的运行结果:tlist.exe的用法是:tlist.exe pid
譬如:tlist.exe 1524 其结果如下:
1524 wins.exe
cwd: c:\windows\system32\
cmdline: c:\windows\system32\wins.exe
virtualsize:77372 kb peakvirtualsize:78212 kb
workingsetsize:2604 kb peakworkingsetsize:6768 kb
numberofthreads: 18
1528 win32startaddr:0x0101249a lasterr:0x000003e5 state:waiting
1544 win32startaddr:0x77d7570d lasterr:0x000003e5 state:waiting
1828 win32startaddr:0x69a6ef20 lasterr:0x00000000 state:waiting
1832 win32startaddr:0x69a6ef20 lasterr:0x00000000 state:waiting
1836 win32startaddr:0x69a6ef20 lasterr:0x00000000 state:waiting
1840 win32startaddr:0x69a6ef20 lasterr:0x00000000 state:waiting
1972 win32startaddr:0x01003e1a lasterr:0x00000000 state:waiting
1976 win32startaddr:0x01003fc7 lasterr:0x00000000 state:waiting
1980 win32startaddr:0x01007b95 lasterr:0x00000000 state:waiting
1984 win32startaddr:0x0101d872 lasterr:0x00000000 state:waiting
1988 win32startaddr:0x01020137 lasterr:0x00000000 state:waiting
1996 win32startaddr:0x01014d48 lasterr:0x00000000 state:waiting
2000 win32startaddr:0x01013a15 lasterr:0x00000000 state:waiting
2004 win32startaddr:0x01006a10 lasterr:0x00000000 state:waiting
2008 win32startaddr:0x77c30840 lasterr:0x00000102 state:waiting
2012 win32startaddr:0x77c30840 lasterr:0x00000000 state:waiting
2508 win32startaddr:0x06001cb7 lasterr:0x00000000 state:waiting
2272 win32startaddr:0x00000000 lasterr:0x000003f0 state:waiting
5.2.3790.99 shp0x01000000wins.exe
5.2.3790.0 shp0x77f30000ntdll.dll
5.2.3790.0 shp0x77e10000kernel32.dll
7.0.3790.0 shp0x77b70000msvcrt.dll
5.2.3790.0 shp0x77d60000advapi32.dll
5.2.3790.137 shp0x77c20000rpcrt4.dll
5.2.3790.0 shp0x71ba0000netapi32.dll
5.2.3790.73 shp0x77cd0000user32.dll
5.2.3790.0 shp0x77bd0000gdi32.dll
5.2.3790.0 shp0x71b60000ws2_32.dll
5.2.3790.0 shp0x71b50000ws2help.dll
5.2.3790.138 shp0x77150000ole32.dll
5.2.3790.0 shp0x5bb80000vssapi.dll
3.5.2283.0 shp0x769c0000atl.dll
5.2.3790.0 shp0x770d0000oleaut32.dll
5.2.3790.0 shp0x76180000imm32.dll
5.2.3790.0 shp0x63090000lpk.dll
1.421.3790.0 shp0x72ee0000usp10.dll
5.2.3790.0 shp0x71a80000mswsock.dll
5.2.3790.0 shp0x71a40000wshtcpip.dll
5.2.3790.0 shp0x76e30000dnsapi.dll
5.2.3790.0 shp0x76ed0000winrnr.dll
5.2.3790.0 shp0x76e70000wldap32.dll
5.2.3790.0 shp0x76ee0000rasadhlp.dll
5.2.3790.0 shp0x699b0000esent.dll
5.2.3790.0 shp0x5d000000samlib.dll
2001.12.4720.130 s0x76ef0000clbcatq.dll
2001.12.4720.0 shp0x76f70000comres.dll
5.2.3790.0 shp0x77b60000version.dll
2001.12.4720.130 s0x76a10000es.dll
5.2.3790.0 shp0x76eb0000secur32.dll
16.0.0.19 shp0x06000000apihook.dll
16.2.0.6 shp0x05000000memmon.dll
很显然cmdline:后面的就是程序的路径
到这里,聪明的你一定想到方法了,其实只要找到端口对应的进程的pid,再根据pid找到程序具体的路径就行了
我们所要实现的工作就是自动化而已
下面讲下大体思路:
首先我们执行以下两条命令:
netstat -anofind "listening">tcplisten.txt //获得tcp监听端口列表
netstat -anofind "udp">udplisten.txt //获得udp监听端口列表
//---------------------------------------------------------
以下是netstat -anofind "listening">tcplisten.txt执行结果,打开tcplisten.txt 可以看到:
tcp0.0.0.0:42 0.0.0.0:0listening 1524
tcp0.0.0.0:80 0.0.0.0:0listening 1616
tcp0.0.0.0:1350.0.0.0:0listening 660
tcp0.0.0.0:4450.0.0.0:0listening 4
tcp0.0.0.0:1025 0.0.0.0:0listening 496
tcp0.0.0.0:1026 0.0.0.0:0listening 984
tcp0.0.0.0:1031 0.0.0.0:0listening 1576
tcp0.0.0.0:1033 0.0.0.0:0listening 1524
tcp0.0.0.0:1433 0.0.0.0:0listening 1316
tcp0.0.0.0:1801 0.0.0.0:0listening 1576
tcp0.0.0.0:2103 0.0.0.0:0listening 1576
tcp0.0.0.0:2105 0.0.0.0:0listening 1576
tcp0.0.0.0:2107 0.0.0.0:0listening 1576
tcp0.0.0.0:3389 0.0.0.0:0listening 724
tcp0.0.0.0:4899 0.0.0.0:0listening 2860
tcp127.0.0.1:439580.0.0.0:0listening 1476
tcp202.194.4.218:21 0.0.0.0:0listening 1476
//--------------------------------------------------------
以下是netstat -anofind "udp">udplisten.txt 执行结果,打开udplisten.txt 可以看到:
udp0.0.0.0:42 *:*1524
udp0.0.0.0:445*:*4
udp0.0.0.0:500*:*496
udp0.0.0.0:1029 *:*860
udp0.0.0.0:1030 *:*1576
udp0.0.0.0:1032 *:*1524
udp0.0.0.0:1434 *:*1316
udp0.0.0.0:1645 *:*876
udp0.0.0.0:1646 *:*876
udp0.0.0.0:1812 *:*876
udp0.0.0.0:1813 *:*876
udp0.0.0.0:1837 *:*860
udp0.0.0.0:1886 *:*860
udp0.0.0.0:1887 *:*860
udp0.0.0.0:1888 *:*860
udp0.0.0.0:1889 *:*860
udp0.0.0.0:1890 *:*860
udp0.0.0.0:1891 *:*860
udp0.0.0.0:1892 *:*860
udp0.0.0.0:3527 *:*1576
udp0.0.0.0:4000 *:*2840
udp0.0.0.0:4500 *:*496
udp0.0.0.0:6000 *:*2840
udp0.0.0.0:6001 *:*2840
udp127.0.0.1:123*:*876
udp127.0.0.1:1027 *:*876
udp127.0.0.1:1028 *:*876
udp127.0.0.1:1180 *:*2496
udp127.0.0.1:2920 *:*2476
udp127.0.0.1:3546 *:*1904
udp127.0.0.1:3798 *:*3400
udp127.0.0.1:3877 *:*2312
udp202.194.4.218:123*:*876
//---------------------------------------------------------
我们只要对这两个文件中的信息处理下就能提取到端口和pid的对应表了
定义如下结构体吧:
//-------------------------------
typedef struct _porttoprocess{
cstring port;
cstring protocol;
cstring pid;
cstring procname;
cstring procpath;
}porttoprocess;
//-------------------------------
porttoprocess porttoprocess[100] //声明一百个结构体应该够用了
第一步通过处理上述两个文件来实例化porttoprocess数组中的port,protocol,pid项,并返回总的portnum;
第二步通过进程快照获得pid对应的程序名实例化结构体中的procname项;
第三步先按
tlist.exe pid1find "cmdline:">>procinfo.txt
tlist.exe pid2find "cmdline:">>procinfo.txt
tlist.exe pid3find "cmdline:">>procinfo.txt
.
.
.
.
的格式写成一个bat文件,通过system()函数运行它,得到每个端口对应pid对应的进程信息
接着写个函数从procinfo.txt文件里把信息读出来实例化结构体中的procpath项;最后根据portnum输出结果
原理就这么简单了,具体的看代码吧,附查看程序!在2003和xp下测试成功,vc6.0+2003的编译环境,代码中pcinfor类是个比较
全的类,可以获得系统的详细信息,只要把pcinfor.h和pcinfor.cpp拷贝到你的工程项目中就能用了
程序运行的时候会有cmd窗口弹出,这是因为调用了system()函数所致,在cmd窗口运行完之后程序会等待一段时间(大概20秒),是为了等待bat文件执行完,如果你的机子运行比较慢,可以把原代码的此处修改一下:
void pcinfor::getporttoprocessinfo()
{
int i;
borntcplisten();
bornudplisten();
getlistenport();
findprocname();
findprocpath();
for(i=0;i<20;i++) sleep(1000);
getprocpath();
deletetempfile();
writeprocinfo();
}
循环次数加多点,在重新编译以下就行了!
如果发现bug或者你修改了更好的请给我一份,本人不胜感激:)
//shadow 2004/10/26
//email:dreamshadow@mail.sdu.edu.cn
//http:www.codehome.6600.org
()
相关文章:
- · webshell下的一次得到终端账号和密码的尝试
- · 通过试验探索 Access 2000/XP 数据库的最佳 NTFS 权限设置
- · 简单更改W2K的Telnet端口
- · 电子邮件头解析
- · VMware还是微软?虚拟机的选择权就在你手中
- · asp中获取安全的参数
- · Google还可以这样用
- · Smail堆溢出漏洞允许远程攻击者获得Root权限
- · Linux下软件的安装与卸载
- · 学习设置端口映射
- · 收藏经典:windows消息大全
- · 一行代码崩溃IE
- · 脚本安全和利用
- · 亲手打造一个QQ恶作剧程序
- · CCIE:年薪翻了两倍
- · Linux认证基本知识介绍
- · 思科认证考生问答集
- · 微软认证考试的几种形式
- · 利用SSH从外网安全地访问PIX防火墙
- · 多网段环境下的Windows文件夹共享解决
- · 防火墙中使用Telnet、FTP、RealAudio
- · 网络经典命令行-网络安全工作者必杀技
- · Java 程序编码规范
- · FTP 鸡肉制作
- · 安全程序员必读书籍清单
- · 编辑web.config,保证ASP.NET的安全
- · 修复ADSL的Firmware之手记
- · Microsoft平台下的find在网络管理中的妙用
- · 利用组策略对象(GPOs)防止匿名登录
- · 删除系统顽固文件的十二招技巧
- · DoS攻击隐身于合法指令中 难以完全阻绝
- · 我能躲到哪里去?—无线定位技术
- · Windows“安全模式”的五项用途
- · ECHO命令的超详细使用
- · php注入专题
- · 对IPv6在NGI核心层和接入层部署的思考
- · IDS(入侵检测系统)术语
- · 如何用好双WAN路由器