声明:
此份代码参考了“Hook 系统服务隐藏端口”和http://topic.csdn.net/t/20050105/17/3701810.html#|的一些代码片断和内容,以及对iphlpapi的反汇编才有了这份代码。并且是在原文章"进程-端口-IP地址关联演示"补充和扩展。在"进程-端口-IP地址关联演示"中是没法获取远程IP地址和端口的,现在这份代码已经算比较完美的解决了一系列问题。程序重新封装了GetTcpTable和GetUdpTable两个API函数,并且增加了两个函数的扩展版本GetTcpTableEx和GetUdpTableEx,主要的区别是前两个函数不能从端口关联到进程,后两个函数成功解决此问题。目前代码只在win2k/winxp/win2003上测试通过,由于本人没有vista就没办法测试了,有条件的朋友可以去测试一下。如果你还发现有什么bug请于我联系,谢谢!如果能把你修改的更完美的代码发给我一份的话,就更好了!!
先贴关键代码,需要完整代码的可以下载,地址是:http://p.blog.csdn.net/images/p_blog_csdn_net/chenhui530/EntryImages/20080803/GetNetInfo.jpg
- Public Function GetTcpTable(ByVal Handle As Long) As MIB_TCPTABLE
- Dim TcpRows() As MIB_TCPROW
- Dim objQuery As TCP_REQUEST_QUERY_INFORMATION_EX
- Dim hEvent As Long, hEvent1 As Long
- Dim ntStatus As Long
- Dim objIoStatusBlock As IO_STATUS_BLOCK
- Dim TcpStats As MIB_TCPSTATS
- hEvent = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent Then
- objQuery.ID.toi_entity.tei_entity = &H400 'CO_TL_ENTITY; tcp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H1 'TCP_STATS_ID
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- TcpStats, _
- LenB(TcpStats))
- If NT_SUCCESS(ntStatus) Then
- hEvent1 = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent1 Then
- ZeroMemory objQuery, LenB(objQuery)
- ZeroMemory objIoStatusBlock, LenB(objIoStatusBlock)
- objQuery.ID.toi_entity.tei_entity = &H400 'CO_TL_ENTITY; tcp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H101 'TCP_MIB_ADDRTABLE_ENTRY_ID
- ReDim TcpRows(TcpStats.dwNumConns - 1)
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent1, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- TcpRows(0), _
- TcpStats.dwNumConns * LenB(TcpRows(0)))
- If NT_SUCCESS(ntStatus) Then
- GetTcpTable.dwNumEntries = objIoStatusBlock.uInformation / LenB(TcpRows(0))
- ReDim GetTcpTable.table(TcpStats.dwNumConns - 1)
- CopyMemory GetTcpTable.table(0), TcpRows(0), TcpStats.dwNumConns * LenB(TcpRows(0))
- End If
- End If
- End If
- End If
- If hEvent Then NtClose hEvent
- If hEvent1 Then NtClose hEvent1
- End Function
- Public Function GetTcpTableEx(ByVal Handle As Long) As MIB_TCPTABLEEX
- Dim TcpRows() As MIB_TCPROWEX
- Dim objQuery As TCP_REQUEST_QUERY_INFORMATION_EX
- Dim hEvent As Long, hEvent1 As Long
- Dim ntStatus As Long
- Dim objIoStatusBlock As IO_STATUS_BLOCK
- Dim TcpStats As MIB_TCPSTATS
- hEvent = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent Then
- objQuery.ID.toi_entity.tei_entity = &H400 'CO_TL_ENTITY; tcp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H1 'TCP_STATS_ID
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- TcpStats, _
- LenB(TcpStats))
- If NT_SUCCESS(ntStatus) Then
- hEvent1 = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent1 Then
- ZeroMemory objQuery, LenB(objQuery)
- ZeroMemory objIoStatusBlock, LenB(objIoStatusBlock)
- objQuery.ID.toi_entity.tei_entity = &H400 'CO_TL_ENTITY; tcp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H102 'TCP_MIB_ADDRTABLE_ENTRY_EX_ID
- ReDim TcpRows(TcpStats.dwNumConns - 1)
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent1, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- TcpRows(0), _
- TcpStats.dwNumConns * LenB(TcpRows(0)))
- If NT_SUCCESS(ntStatus) Then
- GetTcpTableEx.dwNumEntries = objIoStatusBlock.uInformation / LenB(TcpRows(0))
- ReDim GetTcpTableEx.table(TcpStats.dwNumConns - 1)
- CopyMemory GetTcpTableEx.table(0), TcpRows(0), TcpStats.dwNumConns * LenB(TcpRows(0))
- End If
- End If
- End If
- End If
- If hEvent Then NtClose hEvent
- If hEvent1 Then NtClose hEvent1
- End Function
- Public Function GetUdpTable(ByVal Handle As Long) As MIB_UDPTABLE
- Dim UdpRows() As MIB_UDPROW
- Dim objQuery As TCP_REQUEST_QUERY_INFORMATION_EX
- Dim hEvent As Long, hEvent1 As Long
- Dim ntStatus As Long
- Dim objIoStatusBlock As IO_STATUS_BLOCK
- Dim UdpStats As MIB_UDPSTATS
- hEvent = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent Then
- objQuery.ID.toi_entity.tei_entity = &H401 'CO_TL_ENTITY; udp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H1 'TCP_STATS_ID
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- UdpStats, _
- LenB(UdpStats))
- If NT_SUCCESS(ntStatus) Then
- hEvent1 = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent1 Then
- ZeroMemory objQuery, LenB(objQuery)
- ZeroMemory objIoStatusBlock, LenB(objIoStatusBlock)
- objQuery.ID.toi_entity.tei_entity = &H401 'CO_TL_ENTITY; udp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H101 'TCP_MIB_ADDRTABLE_ENTRY_ID
- ReDim UdpRows(UdpStats.dwNumAddrs - 1)
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent1, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- UdpRows(0), _
- UdpStats.dwNumAddrs * LenB(UdpRows(0)))
- If NT_SUCCESS(ntStatus) Then
- GetUdpTable.dwNumEntries = objIoStatusBlock.uInformation / LenB(UdpRows(0))
- ReDim GetUdpTable.table(UdpStats.dwNumAddrs - 1)
- CopyMemory GetUdpTable.table(0), UdpRows(0), UdpStats.dwNumAddrs * LenB(UdpRows(0))
- End If
- End If
- End If
- End If
- If hEvent Then NtClose hEvent
- If hEvent1 Then NtClose hEvent1
- End Function
- Public Function GetUdpTableEx(ByVal Handle As Long) As MIB_UDPTABLEEX
- Dim UdpRows() As MIB_UDPROWEX
- Dim objQuery As TCP_REQUEST_QUERY_INFORMATION_EX
- Dim hEvent As Long, hEvent1 As Long
- Dim ntStatus As Long
- Dim objIoStatusBlock As IO_STATUS_BLOCK
- Dim UdpStats As MIB_UDPSTATS
- hEvent = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent Then
- objQuery.ID.toi_entity.tei_entity = &H401 'CO_TL_ENTITY; udp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H1 'TCP_STATS_ID
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- UdpStats, _
- LenB(UdpStats))
- If NT_SUCCESS(ntStatus) Then
- hEvent1 = CreateEvent(ByVal 0&, 0, 1, vbNullString)
- If hEvent1 Then
- ZeroMemory objQuery, LenB(objQuery)
- ZeroMemory objIoStatusBlock, LenB(objIoStatusBlock)
- objQuery.ID.toi_entity.tei_entity = &H401 'CO_TL_ENTITY; udp
- objQuery.ID.toi_entity.tei_instance = 0
- objQuery.ID.toi_class = &H200 'INFO_CLASS_PROTOCOL
- objQuery.ID.toi_type = &H100 'INFO_TYPE_PROVIDER
- objQuery.ID.toi_id = &H102 'TCP_MIB_ADDRTABLE_ENTRY_EX_ID
- ReDim UdpRows(UdpStats.dwNumAddrs - 1)
- ntStatus = NtDeviceIoControlFile(Handle, _
- hEvent1, _
- ByVal 0&, _
- ByVal 0&, _
- objIoStatusBlock, _
- &H120003, _
- objQuery, _
- LenB(objQuery), _
- UdpRows(0), _
- UdpStats.dwNumAddrs * LenB(UdpRows(0)))
- If NT_SUCCESS(ntStatus) Then
- GetUdpTableEx.dwNumEntries = objIoStatusBlock.uInformation / LenB(UdpRows(0))
- ReDim GetUdpTableEx.table(UdpStats.dwNumAddrs - 1)
- CopyMemory GetUdpTableEx.table(0), UdpRows(0), UdpStats.dwNumAddrs * LenB(UdpRows(0))
- End If
- End If
- End If
- End If
- If hEvent Then NtClose hEvent
- If hEvent1 Then NtClose hEvent1
- End Function