在xp和2003下察看端口對應的進程
-作者:shadow -編輯:shadow -來源:http://www.codehome.6600.org -時間:2004-10-27 20:20:13
/*========================================
在xp和2003下察看端口對應的進程
作者:shadow
Email:[email protected]
日期:2004/10/26
來源:http://www.codehome.6600.org
轉載請註明出處!
==========================================*/
我們都知道fport.exe只能在2000下運行,那麼有沒有辦法在xp和2003下察看端口對應的信息呢?答案是肯定的:)
首先讓我們來熟悉幾條命令和程序的用法吧:
netstat -ano //這個命令是列出當前網絡連接狀況,並且列出端口對應程序的pid
tlist.exe //在2000和xp安裝盤的Support/Tools目錄下,support.cab 壓縮包自帶的一個工具,可以查看指定pid對應的進程信息
讓我們來看看運行效果吧
以下是netstat-ano在cmd中的運行結果:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 496
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 984
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1316
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724
TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2860
TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1476
TCP 202.194.4.218:21 0.0.0.0:0 LISTENING 1476
TCP 202.194.4.218:80 202.194.4.218:3768 ESTABLISHED 4
TCP 202.194.4.218:1433 211.233.12.64:8374 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:8716 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:9075 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:9430 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:9785 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:10750 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:11091 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:11418 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:11739 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:12093 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:12452 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:15486 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:15851 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:16223 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:16580 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:16928 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:17283 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:17635 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:18005 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:18372 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:18746 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:19077 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:19453 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:19827 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:20199 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:20601 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:20951 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:21295 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:22194 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:22505 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:23517 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:23883 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:24245 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:24584 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:24920 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:25257 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:25676 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:26009 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:26345 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:26719 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:27724 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:28607 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:28950 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:29280 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:29582 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:29931 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:30299 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:30635 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:31003 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:31965 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:32317 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:33716 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:34076 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:34447 TIME_WAIT 0
TCP 202.194.4.218:1433 211.233.12.64:34735 FIN_WAIT_1 1316
TCP 202.194.4.218:3389 219.218.104.91:1065 ESTABLISHED 724
TCP 202.194.4.218:3768 202.194.4.218:80 ESTABLISHED 3172
TCP 202.194.4.218:3771 66.94.230.51:80 TIME_WAIT 0
TCP 202.194.4.218:3772 66.94.230.37:80 TIME_WAIT 0
UDP 0.0.0.0:42 *:* 1524
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 496
UDP 0.0.0.0:1029 *:* 860
UDP 0.0.0.0:1030 *:* 1576
UDP 0.0.0.0:1032 *:* 1524
UDP 0.0.0.0:1434 *:* 1316
UDP 0.0.0.0:1645 *:* 876
UDP 0.0.0.0:1646 *:* 876
UDP 0.0.0.0:1812 *:* 876
UDP 0.0.0.0:1813 *:* 876
UDP 0.0.0.0:1837 *:* 860
UDP 0.0.0.0:1886 *:* 860
UDP 0.0.0.0:1887 *:* 860
UDP 0.0.0.0:1888 *:* 860
UDP 0.0.0.0:1889 *:* 860
UDP 0.0.0.0:1890 *:* 860
UDP 0.0.0.0:1891 *:* 860
UDP 0.0.0.0:1892 *:* 860
UDP 0.0.0.0:3527 *:* 1576
UDP 0.0.0.0:4000 *:* 2840
UDP 0.0.0.0:4500 *:* 496
UDP 0.0.0.0:6000 *:* 2840
UDP 0.0.0.0:6001 *:* 2840
UDP 127.0.0.1:123 *:* 876
UDP 127.0.0.1:1027 *:* 876
UDP 127.0.0.1:1028 *:* 876
UDP 127.0.0.1:1180 *:* 2496
UDP 127.0.0.1:2920 *:* 2476
UDP 127.0.0.1:3546 *:* 1904
UDP 127.0.0.1:3798 *:* 3400
UDP 127.0.0.1:3877 *:* 2312
UDP 202.194.4.218:123 *:* 876
最後一列就是PID了
//---------------------------------------------------------------------------
以下是tlist.exe的運行結果:tlist.exe的用法是:tlist.exe pid
譬如:tlist.exe 1524 其結果如下:
1524 wins.exe
CWD: C:/WINDOWS/system32/
CmdLine: C:/WINDOWS/System32/wins.exe
VirtualSize: 77372 KB PeakVirtualSize: 78212 KB
WorkingSetSize: 2604 KB PeakWorkingSetSize: 6768 KB
NumberOfThreads: 18
1528 Win32StartAddr:0x0101249a LastErr:0x000003e5 State:Waiting
1544 Win32StartAddr:0x77d7570d LastErr:0x000003e5 State:Waiting
1828 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1832 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1836 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1840 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting
1972 Win32StartAddr:0x01003e1a LastErr:0x00000000 State:Waiting
1976 Win32StartAddr:0x01003fc7 LastErr:0x00000000 State:Waiting
1980 Win32StartAddr:0x01007b95 LastErr:0x00000000 State:Waiting
1984 Win32StartAddr:0x0101d872 LastErr:0x00000000 State:Waiting
1988 Win32StartAddr:0x01020137 LastErr:0x00000000 State:Waiting
1996 Win32StartAddr:0x01014d48 LastErr:0x00000000 State:Waiting
2000 Win32StartAddr:0x01013a15 LastErr:0x00000000 State:Waiting
2004 Win32StartAddr:0x01006a10 LastErr:0x00000000 State:Waiting
2008 Win32StartAddr:0x77c30840 LastErr:0x00000102 State:Waiting
2012 Win32StartAddr:0x77c30840 LastErr:0x00000000 State:Waiting
2508 Win32StartAddr:0x06001cb7 LastErr:0x00000000 State:Waiting
2272 Win32StartAddr:0x00000000 LastErr:0x000003f0 State:Waiting
5.2.3790.99 shp 0x01000000 wins.exe
5.2.3790.0 shp 0x77f30000 ntdll.dll
5.2.3790.0 shp 0x77e10000 kernel32.dll
7.0.3790.0 shp 0x77b70000 msvcrt.dll
5.2.3790.0 shp 0x77d60000 ADVAPI32.dll
5.2.3790.137 shp 0x77c20000 RPCRT4.dll
5.2.3790.0 shp 0x71ba0000 NETAPI32.dll
5.2.3790.73 shp 0x77cd0000 USER32.dll
5.2.3790.0 shp 0x77bd0000 GDI32.dll
5.2.3790.0 shp 0x71b60000 WS2_32.dll
5.2.3790.0 shp 0x71b50000 WS2HELP.dll
5.2.3790.138 shp 0x77150000 ole32.dll
5.2.3790.0 shp 0x5bb80000 VSSAPI.DLL
3.5.2283.0 shp 0x769c0000 ATL.DLL
5.2.3790.0 shp 0x770d0000 OLEAUT32.dll
5.2.3790.0 shp 0x76180000 IMM32.DLL
5.2.3790.0 shp 0x63090000 LPK.DLL
1.421.3790.0 shp 0x72ee0000 USP10.dll
5.2.3790.0 shp 0x71a80000 mswsock.dll
5.2.3790.0 shp 0x71a40000 wshtcpip.dll
5.2.3790.0 shp 0x76e30000 DNSAPI.dll
5.2.3790.0 shp 0x76ed0000 winrnr.dll
5.2.3790.0 shp 0x76e70000 WLDAP32.dll
5.2.3790.0 shp 0x76ee0000 rasadhlp.dll
5.2.3790.0 shp 0x699b0000 esent.dll
5.2.3790.0 shp 0x5d000000 SAMLIB.dll
2001.12.4720.130 s 0x76ef0000 CLBCatQ.DLL
2001.12.4720.0 shp 0x76f70000 COMRes.dll
5.2.3790.0 shp 0x77b60000 VERSION.dll
2001.12.4720.130 s 0x76a10000 es.dll
5.2.3790.0 shp 0x76eb0000 secur32.dll
16.0.0.19 shp 0x06000000 ApiHook.dll
16.2.0.6 shp 0x05000000 MemMon.dll
很顯然CmdLine:後面的就是程序的路徑
//----------------------------------------------------
到這裏,聰明的你一定想到方法了,其實只要找到端口對應的進程的PID,再根據PID找到程序具體的路徑就行了
我們所要實現的工作就是自動化而已
下面講下大體思路:
首先我們執行以下兩條命令:
netstat -ano|find "LISTENING">tcplisten.txt //獲得TCP監聽端口列表
netstat -ano|find "UDP">udplisten.txt //獲得UDP監聽端口列表
//---------------------------------------------------------
以下是netstat -ano|find "LISTENING">tcplisten.txt執行結果,打開tcplisten.txt 可以看到:
TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 496
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 984
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING 1524
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1316
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING 1576
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724
TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2860
TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1476
TCP 202.194.4.218:21 0.0.0.0:0 LISTENING 1476
//--------------------------------------------------------
以下是netstat -ano|find "UDP">udplisten.txt 執行結果,打開udplisten.txt 可以看到:
UDP 0.0.0.0:42 *:* 1524
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 496
UDP 0.0.0.0:1029 *:* 860
UDP 0.0.0.0:1030 *:* 1576
UDP 0.0.0.0:1032 *:* 1524
UDP 0.0.0.0:1434 *:* 1316
UDP 0.0.0.0:1645 *:* 876
UDP 0.0.0.0:1646 *:* 876
UDP 0.0.0.0:1812 *:* 876
UDP 0.0.0.0:1813 *:* 876
UDP 0.0.0.0:1837 *:* 860
UDP 0.0.0.0:1886 *:* 860
UDP 0.0.0.0:1887 *:* 860
UDP 0.0.0.0:1888 *:* 860
UDP 0.0.0.0:1889 *:* 860
UDP 0.0.0.0:1890 *:* 860
UDP 0.0.0.0:1891 *:* 860
UDP 0.0.0.0:1892 *:* 860
UDP 0.0.0.0:3527 *:* 1576
UDP 0.0.0.0:4000 *:* 2840
UDP 0.0.0.0:4500 *:* 496
UDP 0.0.0.0:6000 *:* 2840
UDP 0.0.0.0:6001 *:* 2840
UDP 127.0.0.1:123 *:* 876
UDP 127.0.0.1:1027 *:* 876
UDP 127.0.0.1:1028 *:* 876
UDP 127.0.0.1:1180 *:* 2496
UDP 127.0.0.1:2920 *:* 2476
UDP 127.0.0.1:3546 *:* 1904
UDP 127.0.0.1:3798 *:* 3400
UDP 127.0.0.1:3877 *:* 2312
UDP 202.194.4.218:123 *:* 876
//---------------------------------------------------------
我們只要對這兩個文件中的信息處理下就能提取到端口和PID的對應表了
定義如下結構體吧:
//-------------------------------
typedef struct _PORTTOPROCESS{
CString Port;
CString Protocol;
CString Pid;
CString ProcName;
CString ProcPath;
}PORTTOPROCESS;
//-------------------------------
PORTTOPROCESS PortToProcess[100] //聲明一百個結構體應該夠用了
第一步通過處理上述兩個文件來實例化PortToProcess數組中的Port,Protocol,Pid項,並返回總的PortNum;
第二步通過進程快照獲得pid對應的程序名實例化結構體中的ProcName項;
第三步先按
tlist.exe pid1|find "CmdLine:">>procinfo.txt
tlist.exe pid2|find "CmdLine:">>procinfo.txt
tlist.exe pid3|find "CmdLine:">>procinfo.txt
.
.
.
.
的格式寫成一個bat文件,通過system()函數運行它,得到每個端口對應PID對應的進程信息
接着寫個函數從procinfo.txt文件裏把信息讀出來實例化結構體中的ProcPath項;最後根據PortNum輸出結果
原理就這麼簡單了,具體的看代碼吧,附查看程序!在2003和xp下測試成功,vc6.0+2003的編譯環境,代碼中PcInfor類是個比較
全的類,可以獲得系統的詳細信息,只要把PcInfor.h和PcInfor.cpp拷貝到你的工程項目中就能用了
程序運行的時候會有CMD窗口彈出,這是因爲調用了system()函數所致,在CMD窗口運行完之後程序會等待一段時間(大概20秒),是爲了等待bat文件執行完,如果你的機子運行比較慢,可以把原代碼的此處修改一下:
void PcInfor::GetPortToProcessInfo()
{
int i;
BornTcpListen();
BornUdpListen();
GetListenPort();
FindProcName();
FindProcPath();
for(i=0;i<20;i++) Sleep(1000);
GetProcPath();
DeleteTempFile();
WriteProcinfo();
}
循環次數加多點,在重新編譯以下就行了!
如果發現bug或者你修改了更好的請給我一份,本人不勝感激:)
//shadow 2004/10/26
//email:[email protected]
//http:www.codehome.6600.org