1,183
社区成员
发帖
与我相关
我的任务
分享
const
ANY_SIZE = 256;
//----------------------------------------------------------------------------
MIB_TCP_STATE_CLOSED = 1;
MIB_TCP_STATE_LISTEN = 2;
MIB_TCP_STATE_SYN_SENT = 3;
MIB_TCP_STATE_SYN_RCVD = 4;
MIB_TCP_STATE_ESTAB = 5;
MIB_TCP_STATE_FIN_WAIT1 = 6;
MIB_TCP_STATE_FIN_WAIT2 = 7;
MIB_TCP_STATE_CLOSE_WAIT = 8;
MIB_TCP_STATE_CLOSING = 9;
MIB_TCP_STATE_LAST_ACK = 10;
MIB_TCP_STATE_TIME_WAIT = 11;
MIB_TCP_STATE_DELETE_TCB = 12;
//------------------------------------------------------------------------------
TTCPTableClass = (TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS ,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER ,
TCP_TABLE_OWNER_PID_CONNECTIONS ,
TCP_TABLE_OWNER_PID_ALL ,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS ,
TCP_TABLE_OWNER_MODULE_ALL
);
TUDPTableClass = (UDP_TABLE_BASIC ,
UDP_TABLE_OWNER_PID ,
UDP_TABLE_OWNER_MODULE
);
MIB_TCPROW_OWNER_PID = record
dwState :DWORD;
dwLocalAddr :DWORD;
dwLocalPort :DWORD;
dwRemoteAddr :DWORD;
dwRemotePort :DWORD;
dwOwningPid :DWORD;
end;
PMIB_TCP_ROW = ^MIB_TCPROW_OWNER_PID;
MIB_TCPTABLE_OWNER_PID = record
dwNumEntries :DWORD;
table :array[0..ANY_SIZE-1] of MIB_TCPROW_OWNER_PID;
end;
PMIB_TCPTABLE_OWNER_PID = ^MIB_TCPTABLE_OWNER_PID;
//----------------------------------------------------------------------------
{
DWORD GetExtendedTcpTable(
PVOID pTcpTable,
PDWORD pdwSize,
BOOL bOrder,
ULONG ulAf,
TCP_TABLE_CLASS TableClass,
ULONG Reserved
); }
function GetExtendedTcpTable(pTcpTable:PMIB_TCPTABLE_OWNER_PID;
pdwSize:pDWORD;
bOrder:Boolean;
ulAf:Cardinal;
TableClass:TTCPTableClass;
Reserved:Cardinal):DWORD ;
stdcall; external 'iphlpapi.dll' name 'GetExtendedTcpTable';
{
DWORD GetExtendedUdpTable(
PVOID pUdpTable,
PDWORD pdwSize,
BOOL bOrder,
ULONG ulAf,
UDP_TABLE_CLASS TableClass,
ULONG Reserved
);
}
function GetExtendedUdpTable(pTcpTable:Pointer;
pdwSize:pDWORD;
bOrder:Boolean;
ulAf:Cardinal;
TableClass:TUDPTableClass;
Reserved:Cardinal):DWORD ;
stdcall; external 'iphlpapi.dll' name 'GetExtendedUdpTable';
procedure TBaseSniffer.displayConnections(PID: DWORD);
var
pBuf:PChar;
tcpRow:MIB_TCPROW_OWNER_PID;
adwSize,dResult:DWORD;
tmp:string;
I,num: Integer;
begin
try
FConnections.Clear;//清楚列表
adwSize:=0; //先定义大小为0,来获取真的大小.
dResult:=GetExtendedTcpTable(nil,@adwSize,
True,0,TCP_TABLE_OWNER_PID_CONNECTIONS,0);//跟踪到这里发现dResult不是0 也就是函数调用错误了
if adwSize<>0 then
begin
//分配空间,来获取真的tcp连接表.
GetMem(pBuf,adwSize);
dResult:=GetExtendedTcpTable(PMIB_TCPTABLE_OWNER_PID(pBuf),@adwSize,True,AF_INET,TCP_TABLE_OWNER_PID_ALL,0);
if dResult<>NO_ERROR then
begin
FErrorInfo:='获取TCP列表出错';
doError;
end
else
begin
num:=PMIB_TCPTABLE_OWNER_PID(pBuf)^.dwNumEntries;
if num>0 then
begin
Inc(pBuf,SizeOf(DWORD));
for I := 1 to num - 1 do
begin
tcpRow:=PMIB_TCP_ROw(pBuf)^;
with tcpRow do
if (dwOwningPid=PID)and(dwState in [2,5])and(dwRemoteAddr<>0) then
begin
tmp:='';
tmp:=Format('远程主机:%S,远程端口:%D,本地端口:%D',
[IpAddr2Str(dwRemoteAddr),dwRemotePort,dwLocalPort]);
FConnections.Append(tmp);
end;
Inc(pBuf,SizeOf(MIB_TCPROW_OWNER_PID));
end;
end;
end;
Dec(pBuf,SizeOf(dword)+ num* SizeOf(MIB_TCPROW_OWNER_PID));
FreeMem(pBuf);
end;
finally
end;
end;