一个端口到进程的关联,救命;(100分)

  • 主题发起人 主题发起人 蛮牛野蛮牛
  • 开始时间 开始时间

蛮牛野蛮牛

Unregistered / Unconfirmed
GUEST, unregistred user!
//提升进程hToken特权<br>function RaisePrivileges(hToken:THandle; pPriv: Pchar):Boolean;<br>var<br>&nbsp; tkp &nbsp; &nbsp; &nbsp; : TOKEN_PRIVILEGES;<br>&nbsp; rl &nbsp; &nbsp; &nbsp; &nbsp;: Cardinal;<br>&nbsp; iRet &nbsp; &nbsp; &nbsp;: Integer;<br>begin<br> if ( not LookupPrivilegeValue( nil, pPriv, tkp.Privileges[0].Luid ) ) then<br> begin<br> Writeln( 'LookupPrivilegeValue Error: '+ IntToStr(GetLastError) );<br> Result := false;<br>&nbsp; &nbsp; Exit;<br> end;<br><br>&nbsp; rl := 0;<br>&nbsp; tkp.PrivilegeCount := 1;<br> tkp.Privileges[0].Attributes := tkp.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED;<br>&nbsp; Result := AdjustTokenPrivileges( hToken,<br> false,<br> tkp,<br> rl,<br> PTokenPrivileges(nil),<br> rl );<br><br> if ( not Result ) then //AdjustTokenPrivileges函数调用失败<br> begin<br> Writeln( 'AdjustTokenPrivileges Error:%d/n", GetLastError() ');<br>&nbsp; &nbsp; Exit;<br> end<br> else //AdjustTokenPrivileges调用成功<br> begin //使用GetLastError()获得返回值<br> iRet := GetLastError();<br> case ( iRet ) of<br> ERROR_NOT_ALL_ASSIGNED://未指派所有的特权<br>&nbsp; &nbsp; &nbsp; begin<br> writeln( 'AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED' );<br> result := false;<br>&nbsp; &nbsp; &nbsp; end;<br><br> ERROR_SUCCESS: //成功地指派了所有的特权<br>&nbsp; &nbsp; &nbsp; begin<br> result := true;<br>&nbsp; &nbsp; &nbsp; &nbsp; writeln('ERROR_SUCCESS');<br>&nbsp; &nbsp; &nbsp; end;<br><br> else<br>&nbsp; &nbsp; &nbsp; begin //不知名的错误<br> writeln( 'AdjustTokenPrivileges Unknow Error:%d/n", iRet ');<br> result := false;<br>&nbsp; &nbsp; &nbsp; end;<br> end<br> end<br>end;//end of RaisePrivleges<br><br>//调整目标进程DACL<br>procedure AdjustDACL(ProHandle:THandle);<br>var<br>&nbsp; pSD &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : PPSECURITY_DESCRIPTOR;<br>&nbsp; pNewDacl,pDacl &nbsp;: PACL;<br>&nbsp; ea &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: EXPLICIT_ACCESS;<br>begin<br>&nbsp; pSD:=nil;<br>&nbsp; pDacl:=nil;<br>&nbsp; pNewDacl:=nil;<br>&nbsp; GetSecurityInfo(ProHandle,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; nil,nil,pDacl,nil,pSD);<br>&nbsp; ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));<br>&nbsp; ea.grfAccessPermissions:=STANDARD_RIGHTS_ALL or &nbsp;SPECIFIC_RIGHTS_ALL;<br>&nbsp; ea.grfAccessMode:=SET_ACCESS;<br>&nbsp; ea.grfInheritance:=NO_INHERITANCE;<br>&nbsp; ea.Trustee.pMultipleTrustee:=nil;<br>&nbsp; ea.Trustee.MultipleTrusteeOperation:=NO_MULTIPLE_TRUSTEE;<br>&nbsp; ea.Trustee.TrusteeForm:=TRUSTEE_IS_SID;<br>&nbsp; ea.Trustee.TrusteeType:=TRUSTEE_IS_USER;<br>&nbsp; ea.Trustee.ptstrName:='CURRENT_USER';<br>&nbsp; SetEntriesInAcl(1,@ea,pDacl,pNewDacl);<br>&nbsp; SetSecurityInfo(ProHandle,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,nil,nil,pNewDacl,nil);<br>end;<br><br>var<br>&nbsp; NtQuerySystemInformation: function (infoClass: DWORD; <br>&nbsp; &nbsp; buffer: Pointer;<br>&nbsp; &nbsp; bufSize: DWORD;<br>&nbsp; &nbsp; returnSize: TPDword): DWORD; stdcall = nil;<br><br>procedure NTXPPort2Proc(ListView1:TListView);<br>//type<br>// &nbsp; TNTQuerySystemInformation = function(Nmb: integer; Ptr: Pointer; Size1, Size2: integer): DWORD; stdcall;<br>var<br>&nbsp; &nbsp; //NTQuerySystemInfomation &nbsp; &nbsp; : &nbsp; &nbsp;TNTQuerySystemInformation;<br>&nbsp; &nbsp; DllHandle,hToken,CurrProcHandle,ProcHandle,MyHandle :THandle;<br>&nbsp; &nbsp; dwNumBytes,dwNumBytesRet,dwNumEntries,i : DWORD;<br>&nbsp; &nbsp; namelen,optlen,sockType: integer;<br>&nbsp; &nbsp; dwHandleList: PDWORD;<br>&nbsp; &nbsp; s &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : TSocket;<br>&nbsp; &nbsp; GInitData &nbsp; : TWSADATA;<br>&nbsp; &nbsp; PhInfo &nbsp; &nbsp; &nbsp;: PHandleInfo;<br>&nbsp; &nbsp; name &nbsp; &nbsp; &nbsp; &nbsp;: TSockAddrIn;<br>&nbsp; &nbsp; PortPath &nbsp; &nbsp;: array [0..MAX_PATH] of Char;<br>&nbsp; &nbsp; temp : DWORD;<br>begin<br>&nbsp; //ListView1.Clear;<br>&nbsp; MyHandle:=0;<br>&nbsp; WSAStartup($101, GInitData);<br>&nbsp; CurrProcHandle:=GetCurrentProcess;<br>&nbsp; if not OpenProcessToken(CurrProcHandle, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then<br>&nbsp; &nbsp; writeln('OpenProcessToken Error')<br>&nbsp; else<br>&nbsp; &nbsp; if not RaisePrivileges(hToken,'SeSecurityPrivilege') then<br>&nbsp; &nbsp; &nbsp; writeln('SeSecurityPrivilege Error ');<br>&nbsp; if hToken&lt;&gt;0 then<br>&nbsp; &nbsp; CloseHandle(HToken);<br><br>&nbsp; DllHandle := LoadLibrary('ntdll.dll');<br>&nbsp; if(DllHandle&lt;&gt;0) then<br>&nbsp; begin<br>&nbsp; &nbsp; if @NtQuerySystemInformation = nil then<br>&nbsp; &nbsp; &nbsp; NTQuerySystemInformation:=GetProcAddress(DllHandle,'NtQuerySystemInformation');<br>&nbsp; &nbsp; dwNumbytesRet:=0;<br>&nbsp; &nbsp; NTQuerySystemInformation(NT_HANDLE_LIST, @temp, 0, @dwNumBytes);<br>&nbsp; &nbsp; dwNumBytes:=MAX_HANDLE_LIST_BUF;//本来想通过上面取需要的内存长度,结果为零;<br>&nbsp; &nbsp; dwNumbytesRet:=0;<br>&nbsp; &nbsp; //分配内存<br>&nbsp; &nbsp; dwHandleList := AllocMem(dwNumBytes);<br>&nbsp; &nbsp; //GetMem(dwHandleList,dwNumBytes);<br>&nbsp; &nbsp; //成功调用将返回0值<br>&nbsp; &nbsp; NTQuerySystemInformation(NT_HANDLE_LIST,dwHandleList,dwNumBytes,@dwNumbytesRet);<br>&nbsp; end;<br>&nbsp; dwNumEntries:=dwHandleList^;<br>&nbsp; inc(dwHandleList);<br>&nbsp; Phinfo:=@dwHandleList;<br>&nbsp; for i:=0 to dwNumEntries - 1 do<br>&nbsp; begin<br>&nbsp; &nbsp; //★★需要判断操作系统类型 XP 和 NT或WIN2000<br>&nbsp; &nbsp; try &nbsp;//***出现问题的代码;//不知道为什么内存访问出错;<br>&nbsp; &nbsp; &nbsp; if (PhInfo.ObjType=$1A) and (PhInfo.dwPid&lt;&gt;0) then<br>&nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; ProcHandle:=OpenProcess(WRITE_DAC,FALSE,PhInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; //showmessage('rr:'+IntToStr(ProcHandle));<br>&nbsp; &nbsp; &nbsp; &nbsp; if ProcHandle&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; AdjustDACL(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; ProcHandle:=OpenProcess(PROCESS_DUP_HANDLE,TRUE,PhInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; if ProcHandle&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DuplicateHandle(ProcHandle,Cardinal(PhInfo.HndlOffset),CurrProcHandle,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;@MYHandle,STANDARD_RIGHTS_REQUIRED,FALSE,0);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; if MyHandle&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; name.sin_family:=AF_INET;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; namelen:=sizeof(TSockAddrIn);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s:=TSocket(MyHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if GetSockName(s,name,namelen)&lt;&gt;SOCKET_ERROR then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sockType:=0;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; optlen:=4;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; getsockopt(s,SOL_SOCKET,SO_TYPE,PChar(sockType),optlen);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ProcHandle:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,PhInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; GetModuleFileNameEx(ProcHandle,0,PortPath,sizeof(PortPath));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //输出信息<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {with ListView1.Items.Add do<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //协议类型<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Caption:='TCP';<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //本机端口<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add(Format('%6d',[ntohs(name.sin_port)]));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //远程主机IP<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add('');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //远程主机端口<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add('');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //进程路径<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add(PortPath);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Writeln(PortPath);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; //★★<br>&nbsp; &nbsp; except<br>&nbsp; &nbsp; &nbsp; Break;<br>&nbsp; &nbsp; end;<br>&nbsp; &nbsp; inc(PhInfo);<br>&nbsp; end;<br>&nbsp; //释放内存<br>&nbsp; FreeMem(dwHandleList);<br>&nbsp; //showmessage('kkk');<br>&nbsp; FreeAndNil(PhInfo);<br>&nbsp; FreeAndNil(dwHandleList);<br>&nbsp; if CurrProcHandle&gt;0 then CloseHandle(CurrProcHandle);<br>&nbsp; FreeLibrary(DllHandle);<br>&nbsp; WSACleanup;<br>end;
 
[:D][:D]<br>代码是我从一个网站找到的。现在不知道来自什么地方了。但是为什么不能用了。还有一<br>个奇怪的问题就是我写一个数据的操作,在的的计算机上出问题,而在其他计算机上成功<br>执行,我用了别名。在两个数据库上操作。<br><br>上面代码有很多C写的都可以成功执行,我现在越来越对PAS保持距离了。这是C代码的地址<br><br>http://vip.6to23.com/NowCan1/tech/fport.htm
 
我想用DELPHI一定可以搞定,!!!<br>只是我现在没时间做呀[:(]
 
不需要怎么做的,代码都全部帖出来了,大侠给调试一下三。
 
这是我与SaD jAckAl(CIONO2)写的代码的一段。<br><br>// NTXPPort2Proc<br>&nbsp;PhInfo,HandleInfo &nbsp; &nbsp; &nbsp;: PHandleInfo;<br>&nbsp;iRet:DWORD;<br>......<br>&nbsp; dwNumBytes:=sizeof(THANDLEINFO);<br>&nbsp; &nbsp;Try<br>&nbsp; &nbsp; &nbsp;//first call try to determin buffer size we'll need<br>&nbsp; &nbsp; &nbsp;iRet := NtQuerySystemInformation(NT_HANDLE_LIST, PhInfo,<br>&nbsp; &nbsp; &nbsp; &nbsp;dwNumBytes, @dwNumBytesRet);<br><br>&nbsp; &nbsp; &nbsp; //call NtQuery we get STATUS_INFO_LENGTH_MISMATCH<br>&nbsp; &nbsp; &nbsp;While iRet = STATUS_INFO_LENGTH_MISMATCH Do<br>&nbsp; &nbsp; &nbsp;Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; inc(dwNumBytes,dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; ReallocMem(hinfo, dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; iRet &nbsp;:= NtQuerySystemInformation(NT_HANDLE_LIST, hInfo, dwNumBytes, @dwNumBytesRet);<br>&nbsp; &nbsp; &nbsp;End;<br><br>&nbsp; &nbsp; &nbsp;//if we still can't get STATUS_SUCCESS<br>&nbsp; &nbsp; &nbsp;If iRet &lt;&gt; STATUS_SUCCESS Then<br>&nbsp; &nbsp; &nbsp; Begin<br> ....<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; exit; <br>&nbsp; &nbsp; &nbsp; End<br>&nbsp; &nbsp; &nbsp;Else<br>&nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=hInfo;<br>&nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=PHANDLEINFO(ULONG(HandleInfo)+4); <br> //why+4 ?See what Nebbett said in his book or ask C.I.O member<br>&nbsp; &nbsp; &nbsp; &nbsp; dwNumEntries := dwNumBytesRet;<br> ...<br>&nbsp; &nbsp; &nbsp; &nbsp; //in for sentence<br>&nbsp; &nbsp; &nbsp; &nbsp; For &nbsp;i := 0 To ((dwNumEntries-4) div 16) Do<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // why ((dwNumEntries-4) div 16)? &nbsp;;-) &nbsp;ask C.I.O. member to know the answer :p<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;// here you do your job ...<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;...<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;HandleInfo:= PHANDLEINFO(ULONG(HandleInfo)+sizeof(THANDLEINFO));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end; //for<br>&nbsp; &nbsp; &nbsp; end; // else<br>&nbsp; &nbsp;finally<br>&nbsp; &nbsp; &nbsp; If HandleInfo &lt;&gt; nil then FreeMem(HandleInfo);<br>&nbsp; .....<br>&nbsp; &nbsp;end;<br>....<br>//----------<br>晚上我再看看代码。<br>CIONO1 [ C.I.O creator] .
 
HandleInfo:=hInfo;<br>&nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=PHANDLEINFO(ULONG(HandleInfo)+4); <br> //why+4 ?See what Nebbett said in his book or ask C.I.O member<br>&nbsp; &nbsp; &nbsp; &nbsp; dwNumEntries := dwNumBytesRet;<br> ...<br>&nbsp; &nbsp; &nbsp; &nbsp; //in for sentence<br>&nbsp; &nbsp; &nbsp; &nbsp; For &nbsp;i := 0 To ((dwNumEntries-4) div 16) Do<br><br>to kcahcn:<br>非常重要的一段代码,谢谢,如果多测试几次没有问题,我就发分。
 
PhInfo,HandleInfo &nbsp; &nbsp; &nbsp;: PHandleInfo;<br>&nbsp;iRet:DWORD;<br>......<br>&nbsp; dwNumBytes:=sizeof(THANDLEINFO);<br>&nbsp; &nbsp;Try<br>&nbsp; &nbsp; &nbsp;//first call try to determin buffer size we'll need<br>&nbsp; &nbsp; &nbsp;iRet := NtQuerySystemInformation(NT_HANDLE_LIST, PhInfo,<br>&nbsp; &nbsp; &nbsp; &nbsp;dwNumBytes, @dwNumBytesRet);<br><br>&nbsp; &nbsp; &nbsp; //call NtQuery we get STATUS_INFO_LENGTH_MISMATCH<br>&nbsp; &nbsp; &nbsp;While iRet = STATUS_INFO_LENGTH_MISMATCH Do<br>&nbsp; &nbsp; &nbsp;Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; inc(dwNumBytes,dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; ReallocMem(hinfo, dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; iRet &nbsp;:= NtQuerySystemInformation(NT_HANDLE_LIST, hInfo, dwNumBytes, @dwNumBytesRet);<br>&nbsp; &nbsp; &nbsp;End;<br><br>to kcahcn:<br>还是要出地址错误,能把上面这段代码给全吗?谢谢。
 
你先试试这段代码:<br>const<br>&nbsp; NT_HANDLE_LIST &nbsp; &nbsp; = 16;<br>&nbsp; MAX_HANDLE_LIST_BUF = $200;<br>&nbsp; STATUS_INFO_LENGTH_MISMATCH = $C0000004; // fail<br>&nbsp; STATUS_SUCCESS = $00000000;// &nbsp;call to NTQueary successed<br>&nbsp; SE_DEBUG_NAME &nbsp; &nbsp; &nbsp;= 'SeDebugPrivilege';<br>&nbsp; SID_REVISION = (1); // Current revision level<br>&nbsp; SECURITY_WORLD_SID_AUTHORITY: TSidIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 1));<br>...<br>//--------------------------------------------------------------<br>type<br>&nbsp; u_short = Word; // compatibility<br>&nbsp; PHANDLEINFO = ^tHandleInfo; // handle info recordd<br>&nbsp; tHandleInfo = Packed Record<br>&nbsp; &nbsp; dwPid:ULONG;<br>&nbsp; &nbsp; ObjType:UCHAR;<br>&nbsp; &nbsp; Flags:UCHAR;<br>&nbsp; &nbsp; HndlOffset:U_SHORT;<br>&nbsp; &nbsp; _Object:Pointer;<br>&nbsp; &nbsp; GrantedAccess: Ulong;<br>&nbsp; End;<br>&nbsp; PSid = ^SID; // Security Ident used with ACL<br>&nbsp; SID &nbsp;= Record<br>&nbsp; &nbsp; Revision: Byte;<br>&nbsp; &nbsp; SubAuthorityCount: Byte;<br>&nbsp; &nbsp; IdentifierAuthority: SID_IDENTIFIER_AUTHORITY;<br>&nbsp; &nbsp; SubAuthority: Array [0..0] Of DWORD;<br>&nbsp; End;<br>&nbsp; PPSID = ^PSID;<br>&nbsp; TSid &nbsp;= SID;<br>&nbsp; //for more info refer to Platform SDK/Security<br>//---------------------------------------------------------------<br>function RaisePrivileges(hToken:THandle; pPriv: Pchar):Boolean;<br>var<br>&nbsp; tkp ,tpko &nbsp; &nbsp; &nbsp;: TOKEN_PRIVILEGES;<br>&nbsp; rl &nbsp; &nbsp; &nbsp; &nbsp;: Cardinal;<br>&nbsp; iRet &nbsp; &nbsp; &nbsp;: Integer;<br>begin<br>&nbsp; if ( not Windows.LookupPrivilegeValue( nil, pPriv, tkp.Privileges[0].Luid ) ) then<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; ShowMessage( 'LookupPrivilegeValue Error: '+ IntToStr(GetLastError) );<br>&nbsp; &nbsp; &nbsp; Result := false;<br>&nbsp; &nbsp; &nbsp; Exit;<br>&nbsp; &nbsp; end;<br>&nbsp; rl := 0;<br>&nbsp; tkp.PrivilegeCount := 1;<br>&nbsp; tkp.Privileges[0].Attributes := tkp.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED;<br>&nbsp; Result := Windows.AdjustTokenPrivileges(<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hToken,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; false,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tkp,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sizeof(tkp),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tpko,//PTokenPrivileges(nil),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; rl );<br><br>&nbsp; if ( not Result ) then //AdjustTokenPrivileges函数调用失败 &nbsp; &nbsp;<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; ShowMessage( 'AdjustTokenPrivileges Error:%d/n", GetLastError() ');<br>&nbsp; &nbsp; &nbsp; Exit;<br>&nbsp; &nbsp; end<br>&nbsp; else &nbsp; &nbsp;//AdjustTokenPrivileges调用成功<br>&nbsp; &nbsp; begin &nbsp; //使用GetLastError()获得返回值 &nbsp; &nbsp; &nbsp;<br>&nbsp; &nbsp; &nbsp; iRet := GetLastError();<br>&nbsp; &nbsp; &nbsp; case ( iRet ) of<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ERROR_NOT_ALL_ASSIGNED:://未指派所有的特权<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ShowMessage( 'AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED' );<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;result := false;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;end;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ERROR_SUCCESS: //成功地指派了所有的特 <br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;result := true;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ShowMessage('ERROR_SUCCESS');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;end;<br>&nbsp; &nbsp; &nbsp; &nbsp;else<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;begin //不知名的错误<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ShowMessage( 'AdjustTokenPrivileges Unknow Error:%d/n", iRet ');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;result := false;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;end;<br>&nbsp; &nbsp; &nbsp; &nbsp;end; //case<br>&nbsp; &nbsp; end; //else<br>end;//end of RaisePrivleges<br>//---------------------------------------------------------<br>Procedure AdjustDacl(hProcess: tHANDLE);<br>Var<br>&nbsp; ea: PEXPLICIT_ACCESS_;<br>&nbsp; ACL: PACL;<br>&nbsp; world: PSID;<br>Begin<br>&nbsp; ea := AllocMem(SizeOf(EXPLICIT_ACCESS));<br>&nbsp; world &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;:= AllocMem(SizeOf(SID));<br>&nbsp; world.Revision := SID_REVISION;<br>&nbsp; world.SubAuthorityCount := 1;<br>&nbsp; world.IdentifierAuthority := SECURITY_WORLD_SID_AUTHORITY;<br>&nbsp; ZeroMemory(@world.SubAuthority, sizeof(world.SubAuthority));<br><br>&nbsp; //evryone has access<br>&nbsp; //can Write/Read/Execute ?<br>&nbsp; ea.grfAccessPermissions := STANDARD_RIGHTS_ALL Or SPECIFIC_RIGHTS_ALL;<br>&nbsp; ea.grfAccessMode &nbsp; &nbsp; &nbsp; &nbsp;:= SET_ACCESS;<br>&nbsp; ea.grfInheritance &nbsp; &nbsp; &nbsp; := NO_INHERITANCE; //no previlige inheritence for child objects<br>&nbsp; ea.Trustee.pMultipleTrustee := Nil;<br>&nbsp; ea.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;<br>&nbsp; ea.Trustee.TrusteeForm &nbsp;:= TRUSTEE_IS_SID;<br>&nbsp; ea.Trustee.TrusteeType &nbsp;:= TRUSTEE_IS_USER;<br>&nbsp; ea.Trustee.ptstrName &nbsp; &nbsp;:= @world;<br>&nbsp; If SetEntriesInAcl(1, ea, Nil, ACL) &lt;&gt; ERROR_SUCCESS Then<br>&nbsp; &nbsp; ;//(Format('SetEntriesInAcl Error: %d', [GetLastError]));<br>&nbsp; If SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,<br>&nbsp; &nbsp; Nil, Nil, ACL, Nil) &lt;&gt; ERROR_SUCCESS Then<br>&nbsp; &nbsp; ;// ('SetSecurityInfo Error: ', GetLastError);<br>&nbsp; LocalFree(INTEGER(ACL));<br>End;<br><br>var<br>&nbsp; NtQuerySystemInformation: function (infoClass: DWORD;<br>&nbsp; &nbsp; buffer: Pointer;<br>&nbsp; &nbsp; bufSize: DWORD;<br>&nbsp; &nbsp; returnSize: PDword): DWORD; stdcall = nil;<br><br>procedure NTXPPort2Proc(ListView1:TListView);<br>var<br>&nbsp; &nbsp; DllHandle,hToken,CurrProcHandle,ProcHandle,MyHandle :THandle;<br>&nbsp; &nbsp; dwNumBytes,dwNumBytesRet,dwNumEntries,i : DWORD;<br>&nbsp; &nbsp; namelen,optlen,sockType: integer;<br>&nbsp; &nbsp; dwHandleList: PDWORD;<br>&nbsp; &nbsp; s &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : TSocket;<br>&nbsp; &nbsp; GInitData &nbsp; : TWSADATA;<br>&nbsp; &nbsp; name &nbsp; &nbsp; &nbsp; &nbsp;: TSockAddrIn;<br>&nbsp; &nbsp; PortPath &nbsp; &nbsp;: array [0..MAX_PATH] of Char;<br>&nbsp; &nbsp; iRet: DWORD;<br>&nbsp; &nbsp; PhInfo,handleinfo : PHandleInfo;<br>begin<br>&nbsp; ListView1.Clear;<br>&nbsp; MyHandle:=0;<br>&nbsp; WSAStartup($101, GInitData);<br>&nbsp; CurrProcHandle:=GetCurrentProcess;<br>&nbsp; if not OpenProcessToken(CurrProcHandle, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then<br>&nbsp; &nbsp; writeln('OpenProcessToken Error')<br>&nbsp; else<br>&nbsp; &nbsp; if not RaisePrivileges(hToken,SE_DEBUG_NAME) then<br>&nbsp; &nbsp; &nbsp; writeln('SeSecurityPrivilege Error ');<br>&nbsp; if hToken&lt;&gt;0 then<br>&nbsp; &nbsp; CloseHandle(HToken);<br><br>&nbsp; DllHandle := LoadLibrary('ntdll.dll');<br>&nbsp; if(DllHandle&lt;&gt;0) then<br>&nbsp; begin<br>&nbsp; &nbsp; if @NtQuerySystemInformation = nil then<br>&nbsp; &nbsp; &nbsp; NTQuerySystemInformation:=GetProcAddress(DllHandle,'NtQuerySystemInformation')<br>&nbsp; &nbsp; else<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; dwNumBytes:=MAX_HANDLE_LIST_BUF;<br>&nbsp; &nbsp; Phinfo &nbsp; &nbsp; &nbsp; &nbsp; := AllocMem(dwNumBytes);<br>&nbsp; &nbsp; dwNumBytes:=sizeof(THANDLEINFO);<br>&nbsp; &nbsp; dwNumbytesRet:=0;<br>&nbsp; &nbsp; try<br>&nbsp; &nbsp; &nbsp; iRet:=NTQuerySystemInformation(NT_HANDLE_LIST, @PhInfo, dwNumBytes, @dwNumBytesRet);<br>&nbsp; &nbsp; &nbsp; //call NtQuery we get STATUS_INFO_LENGTH_MISMATCH<br>&nbsp; &nbsp; &nbsp; While iRet = STATUS_INFO_LENGTH_MISMATCH Do<br>&nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inc(dwNumBytes,dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ReallocMem(Phinfo, dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; iRet &nbsp;:= NtQuerySystemInFORMation(NT_HANDLE_LIST, PhInfo, dwNumBytes, @dwNumBytesRet);<br>&nbsp; &nbsp; &nbsp; &nbsp; End; //while<br>&nbsp; &nbsp; &nbsp; if iRet &lt;&gt; STATUS_SUCCESS Then<br>&nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //Writeln('NtQuerySystemInFORMation return Error: ', dwNumBytesRet, GetLastError);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //ReadLn;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; &nbsp; &nbsp; End &nbsp;//if<br>&nbsp; &nbsp; &nbsp; Else<br>&nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=PhInfo;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=PHANDLEINFO(ULONG(HandleInfo)+4); &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dwNumEntries := dwNumBytesRet;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; For &nbsp;i := 0 To ((dwNumEntries-4) div 16) Do<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Begin &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; try;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If (PhInfo.ObjType = $1A) And (PhInfo.dwPid = 0)<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; And (PhInfo.dwPid = GetCurrentProcessId ) Then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //ShowMessage('Error On OBJECT_TYPE_SOCKET');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ProcHandle:=OpenProcess(WRITE_DAC,FALSE,HandleInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //showmessage('rr:'+IntToStr(ProcHandle));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if ProcHandle&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; AdjustDACL(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end; //if<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ProcHandle:=OpenProcess(PROCESS_DUP_HANDLE,TRUE,HandleInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if ProcHandle&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DuplicateHandle(ProcHandle,Cardinal(HandleInfo.HndlOffset),CurrProcHandle,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @MYHandle,STANDARD_RIGHTS_REQUIRED,FALSE,0);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if MyHandle&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; name.sin_family:=AF_INET;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; namelen:=sizeof(TSockAddrIn);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s:=TSocket(MyHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if GetSockName(s,name,namelen)&lt;&gt;SOCKET_ERROR then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sockType:=0;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; optlen:=4;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; getsockopt(s,SOL_SOCKET,SO_TYPE,PChar(sockType),optlen);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ProcHandle:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,HandleInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; GetModuleFileNameEx(ProcHandle,0,PortPath,sizeof(PortPath));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(ProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; with ListView1.Items.Add do<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Caption:='TCP';<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add(Format('%6d',[ntohs(name.sin_port)]));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add('');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add('');<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SubItems.Add(PortPath);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //Writeln(PortPath);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end; //if<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;//if<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;//if<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; except<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Break;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end; &nbsp; //try..except<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:= PHANDLEINFO(ULONG(HandleInfo)+sizeof(THANDLEINFO));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;//for<br>&nbsp; &nbsp; &nbsp; &nbsp; end;//else<br>&nbsp; &nbsp; &nbsp; finally<br>&nbsp; &nbsp; &nbsp; &nbsp; FreeMem(PhInfo);<br>&nbsp; &nbsp; &nbsp; &nbsp;if CurrProcHandle&gt;0 then CloseHandle(CurrProcHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp;FreeLibrary(DllHandle);<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; end;<br>&nbsp; WSACleanup;<br>end;<br>//-----------------<br>我以后再把全代码给你。(我先问我的朋友SAD。还有一些问题要讨论,比如程序会关闭某些程序如 OICQ,导致MSN Messenger不能正常使用..)<br>CIONO1
 
注释:<br>HandleInfo:=PHANDLEINFO(ULONG(HandleInfo)+4);<br>为何 +4?<br>Gary Nebbet在(Windows NT/2000 本机API)说了这样的一段话:<br>返回到SystemInformation 缓冲区的数据是一个ULONG类型的句柄数,后面紧接着是 SYYTEM_HANDLE_INFORMATON<br>的一个数组。<br>知道为什么加4吧? 就是那个(ULONG类型的句柄数),这样HandleInfo就指向SYYTEM_HANDLE_INFORMATON<br>的手地址。<br>//-----<br>dwNumEntries := dwNumBytesRet;<br>For &nbsp;i := 0 To ((dwNumEntries-4) div 16) Do<br>为何用((dwNumEntries-4) div 16)?<br>dwNumEntries接收实际返回到SystemInformation (就是你定义为buffer)的字节数。<br>注意是字节数<br>我们先减4 就是前面说的"ULONG类型的句柄数"。<br>16就是tHandleInfo 的size。清楚吧?<br>//-----<br>CIONO1
 
我在测试了程序后没有发现死机的现象。oicq和msn使用都正常。<br><br>还想问一个问题,现在怎么判断他是TCP连接还是UDP连接呢?
 
接受答案了.
 
这么快就放弃讨论这个问题,还有很多问题要解决。<br>看看这个:<br>//--------------------------------------------------------<br>// 作者:SaDjAckAl(CIONO2) 。 <br>// kcahcn(CIONO1) 解决调用NtQuerySystemInformation的内存问题,MyPIDToName函数。。。<br>// 用一个ListView,一个Button。<br>uses winsock,AclAPI,AccCtrl{,tlhelp32}; //如果想用PIDToName要用tlhelp32<br>CONST<br>&nbsp; NT_HANDLE_LIST &nbsp; &nbsp; = 16; // pass to Ntqueary for obtain process list<br>&nbsp; OBJECT_TYPE_SOCKET = $1c;// 在winxp <br><br>&nbsp; // we want to get socket objects that associated with process handle<br><br>&nbsp; SE_DEBUG_NAME &nbsp; &nbsp; &nbsp;= 'SeDebugPrivilege'; // debug previlige has highst previlige like admin<br>&nbsp; SE_SYSTEMTIME_NAME = 'SeSystemtimePrivilege';<br><br>&nbsp; SECURITY_WORLD_SID_AUTHORITY: TSidIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 1));<br>&nbsp; SID_REVISION = (1); // Current revision level<br><br>&nbsp; STATUS_INFO_LENGTH_MISMATCH = $C0000004; // fail<br>&nbsp; STATUS_SUCCESS = $00000000;// &nbsp;call to NTQueary successed<br>&nbsp; err_noOS = 'The OS version could not be determined. Quitting.';<br>//--------------------------------<br>TYPE<br>&nbsp; PPort=^Tport;<br>&nbsp; TPort = RECORD<br>&nbsp; &nbsp; name: string;<br>&nbsp; &nbsp; Port : Dword;<br>&nbsp; &nbsp; PID: DWORD;<br>&nbsp; &nbsp; Socket_type : String;<br>&nbsp; &nbsp; err : String;<br>&nbsp; END;<br>&nbsp; Tports = ARRAY OF Tport;<br><br>&nbsp; u_short = Word; // compatibility<br><br>&nbsp; PHANDLEINFO = ^tHandleInfo; // handle info recordd<br>&nbsp; tHandleInfo = Packed Record<br>&nbsp; &nbsp; dwPid: U_SHORT;<br>&nbsp; &nbsp; CreatorBackTraceIndex: U_short;<br>&nbsp; &nbsp; ObjType: Byte;<br>&nbsp; &nbsp; HandleAttributes: Byte;<br>&nbsp; &nbsp; HndlOffset: U_short;<br>&nbsp; &nbsp; dwKeObject: DWORD;<br>&nbsp; &nbsp; GrantedAccess: Ulong;<br>&nbsp; &nbsp; {PId:ULONG;<br>&nbsp; &nbsp; ObjTypeName:UCHAR;<br>&nbsp; &nbsp; Flags:UCHAR;<br>&nbsp; &nbsp; Handle:U_SHORT;<br>&nbsp; &nbsp; _Object:Pointer;<br>&nbsp; &nbsp; GrantedAccess: Ulong; }<br>&nbsp; End;<br>&nbsp; PDebug_Buffer=^TDebug_Buffer;<br>&nbsp; TDebug_Buffer=packed record<br>&nbsp; &nbsp; &nbsp; &nbsp; sectionHandle:THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; SectionBase:Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; RemoteSectionBase:Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; SectionBaseDelta:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; EventPairHandle:THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; Unknown1:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; Unknown2:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; RemoteThreadHandle:THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; InfoClassMask:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; SizeOfInfo:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; AllocatedSize:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; SectionSize:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; ModuleInformation:Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; BackTraceInformation:Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; HeapInformation:Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; LockInformation:Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; Reserved:array [0..7]of Pointer;<br>&nbsp; end;<br>&nbsp; PDebug_Module_Information=^TDebug_Module_Information;<br>&nbsp; TDebug_Module_Information=Packed record<br>&nbsp; &nbsp; &nbsp; &nbsp; Reserved:array[0..1]of ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; Base:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; Size:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; Flags:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; Index:U_SHORT;<br>&nbsp; &nbsp; &nbsp; &nbsp; Unknown:U_SHORT;<br>&nbsp; &nbsp; &nbsp; &nbsp; LoadCount:U_SHORT;<br>&nbsp; &nbsp; &nbsp; &nbsp; ModuleNameOffset:U_SHORT;<br>&nbsp; &nbsp; &nbsp; &nbsp; ImageName:array [0..255]of char;<br>&nbsp; end;<br>&nbsp; PSid = ^SID; // Security Ident used with ACL<br>&nbsp; SID &nbsp;= Record<br>&nbsp; &nbsp; Revision: Byte;<br>&nbsp; &nbsp; SubAuthorityCount: Byte;<br>&nbsp; &nbsp; IdentifierAuthority: SID_IDENTIFIER_AUTHORITY;<br>&nbsp; &nbsp; SubAuthority: Array [0..0] Of DWORD;<br>&nbsp; End;<br>&nbsp; PPSID = ^PSID;<br>&nbsp; TSid &nbsp;= SID;<br>&nbsp; //for more info refer to Platform SDK/Security<br>VAR<br>&nbsp; runonNT: boolean = false;<br>&nbsp; remote_enabled: boolean = FALSE;<br>&nbsp; fixedfont: DWORD;<br>&nbsp; hdlg: DWORD = 0;<br><br>&nbsp; //compname: string = '';<br>&nbsp; cbuffer: array[0..16] of char;<br>&nbsp; hNtdll: HMODULE;<br>&nbsp; NtQuerySystemInformation: function (infoClass: DWORD;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; buffer: Pointer;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; bufSize: DWORD;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; returnSize: PuLong): DWORD;Stdcall = nil;<br>&nbsp; RtlCreateQueryDebugBuffer:function(<br>&nbsp; &nbsp; &nbsp; &nbsp; Size:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; Eventpair:BOOL<br>&nbsp; &nbsp; &nbsp; &nbsp; ):PDebug_Buffer;stdcall=nil;<br>&nbsp; RtlQueryProcessDebugInformation:function(<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ProcessId:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DebugInfoClassMask:ULONG;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DebugBuffer:Pointer<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ):DWORD;stdcall=nil;<br>&nbsp; &nbsp;HandleInfo, hinfo: PHANDLEINFO;<br>&nbsp; &nbsp;// socket object type<br>&nbsp; &nbsp;szSockType: array[1..6] of string = ('NULL',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;'TCP',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;'UPD',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;'RAW',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;'RDM',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;'SEQ');<br>//-----------------------------------------------<br>//adjust privelge<br><br>Function RaisePrivleges(hToken: Thandle; pPriv: PChar): Boolean;<br>Var<br>&nbsp; tkp, tpko: TOKEN_PRIVILEGES;<br>&nbsp; iret: Integer;<br>&nbsp; buffer: Dword;<br>Begin<br>&nbsp; If Not Windows.LookupPrivilegevalue(Nil,<br>&nbsp; &nbsp; pPriv,<br>&nbsp; &nbsp; tkp.Privileges[0].Luid) Then<br>&nbsp; Begin<br>&nbsp; &nbsp; ShowMessage(Format('LookupPrivilegevalue Error : %d', [GetLastError]));<br>&nbsp; &nbsp; result:=false;<br>&nbsp; &nbsp; exit;<br>&nbsp; End;<br><br>&nbsp; tkp.PrivilegeCount := 1;<br>&nbsp; tkp.Privileges[0].Attributes := tkp.Privileges[0].Attributes Or SE_PRIVILEGE_ENABLED;<br>&nbsp; buffer := 0;<br>&nbsp; If Not Windows.AdjustTokenPrivileges(hToken,<br>&nbsp; &nbsp; False, tkp, sizeof(tkp), tpko, buffer) Then <br>&nbsp; //AdjustTokenPrivileges function transfer defeat<br>&nbsp; Begin<br>&nbsp; &nbsp; ShowMessage(Format('AdjustTokenPrivileges Error: %d', [GetLastError]));<br>&nbsp; &nbsp; Result := False;<br>&nbsp; &nbsp; exit;<br>&nbsp; End<br>&nbsp; Else &nbsp;//AdjustTokenPrivileges transfers successfully<br>&nbsp; Begin // uses GetLastError () obtains returns the value<br>&nbsp; &nbsp; iRet := GetLastError;<br>&nbsp; &nbsp; Case iRet Of<br>&nbsp; &nbsp; &nbsp; ERROR_NOT_ALL_ASSIGNED:// not appoints all privileges<br>&nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result := False;<br>&nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; &nbsp; ERROR_SUCCESS: // successfully appointed all privileges<br>&nbsp; &nbsp; &nbsp; &nbsp; //set result then leave the function<br>&nbsp; &nbsp; &nbsp; &nbsp; Result := True;<br>&nbsp; &nbsp; &nbsp; Else<br>&nbsp; &nbsp; &nbsp; &nbsp; Begin // not well-known mistake<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //AdjustTokenPrivileges Unknow Error<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result := False;<br>&nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; End;<br>&nbsp; End;<br>End;<br><br>// AdjustDacl uses for to adjust the goal advancement DACL<br>Procedure AdjustDacl(hProcess: tHANDLE);<br>Var<br>&nbsp; ea: PEXPLICIT_ACCESS_;<br>&nbsp; ACL: PACL;<br>&nbsp; world: PSID;<br>Begin<br>&nbsp; ea := AllocMem(SizeOf(EXPLICIT_ACCESS));<br>&nbsp; world &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;:= AllocMem(SizeOf(SID));<br>&nbsp; world.Revision := SID_REVISION;<br>&nbsp; world.SubAuthorityCount := 1;<br>&nbsp; world.IdentifierAuthority := SECURITY_WORLD_SID_AUTHORITY;<br>&nbsp; ZeroMemory(@world.SubAuthority, sizeof(world.SubAuthority));<br>&nbsp; //evryone has access<br>&nbsp; //can Write/Read/Execute ?<br>&nbsp; ea.grfAccessPermissions := STANDARD_RIGHTS_ALL Or SPECIFIC_RIGHTS_ALL;<br>&nbsp; ea.grfAccessMode &nbsp; &nbsp; &nbsp; &nbsp;:= SET_ACCESS;<br>&nbsp; ea.grfInheritance &nbsp; &nbsp; &nbsp; := NO_INHERITANCE; //no previlige inheritence for child objects<br>&nbsp; ea.Trustee.pMultipleTrustee := Nil;<br>&nbsp; ea.Trustee.MultipleTrusteeOperation := NO_MULTIPLE_TRUSTEE;<br>&nbsp; ea.Trustee.TrusteeForm &nbsp;:= TRUSTEE_IS_SID;<br>&nbsp; ea.Trustee.TrusteeType &nbsp;:= TRUSTEE_IS_USER;<br>&nbsp; ea.Trustee.ptstrName &nbsp; &nbsp;:= @world;<br>&nbsp; {<br>&nbsp; If SetEntriesInAcl(1, ea, Nil, ACL) &lt;&gt; ERROR_SUCCESS Then<br>&nbsp; &nbsp; ;//WriteLn('SetEntriesInAcl Error: ', GetLastError);<br><br>&nbsp; If SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,<br>&nbsp; &nbsp; Nil, Nil, ACL, Nil) &lt;&gt; ERROR_SUCCESS Then<br>&nbsp; &nbsp;;// WriteLn('SetSecurityInfo Error: ', GetLastError);<br>&nbsp; }<br>&nbsp; LocalFree(INTEGER(ACL));<br>End;<br>//------------------------------------------------<br>{<br>function PIDToName(ProcessSnap: THandle; PID: dword): string;<br>var ProcessEntry: TProcessEntry32;<br>&nbsp; &nbsp; ModuleEntry : TModuleEntry32;<br>&nbsp; &nbsp; SnapProcHandle : THANDLE;<br>begin<br>&nbsp;ProcessEntry.dwSize := sizeof(TProcessEntry32);<br>&nbsp;if (not Process32First(ProcessSnap, ProcessEntry)) then<br>&nbsp; &nbsp; Result := '????'<br>&nbsp; else begin<br>&nbsp; &nbsp; while PID &lt;&gt; ProcessEntry.th32ProcessID do<br>&nbsp; &nbsp; &nbsp; Process32Next(ProcessSnap, ProcessEntry);<br>&nbsp; end;<br>&nbsp; SnapProcHandle := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessEntry.th32ProcessID);<br>&nbsp; ModuleEntry.dwSize:=Sizeof(TModuleEntry32);<br>&nbsp; if (not Module32First(SnapProcHandle, ModuleEntry)) then<br>&nbsp; &nbsp; Result := '????'<br>&nbsp; else begin<br>&nbsp; &nbsp; while ProcessEntry.th32ProcessID &lt;&gt; ModuleEntry.th32ProcessID do<br>&nbsp; &nbsp; &nbsp; Module32Next(SnapProcHandle, ModuleEntry);<br>&nbsp; &nbsp; Result := ModuleEntry.szExePath;<br>&nbsp; end;<br>&nbsp; CloseHandle(SnapProcHandle);<br>end;<br>}<br>//--------------------------------------------------------------<br>function MyPIDToName( PID: dword):string ;// I prefer this function<br>var<br>PDBuf:PDebug_Buffer;<br>ModuleInfo:PDebug_Module_Information;<br>begin<br>&nbsp; @RtlCreateQueryDebugBuffer := GetProCaddress(hNtdll, 'RtlCreateQueryDebugBuffer');<br>&nbsp; @RtlQueryProcessDebugInformation := GetProCaddress(hNtdll, 'RtlQueryProcessDebugInformation');<br><br>&nbsp; If @RtlCreateQueryDebugBuffer = nil then<br>&nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; ShowMessage(Format('GetProcess (RtlCreateQueryDebugBuffer) Error: %d',[GetLastError]));<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; End;<br>&nbsp; if @RtlQueryProcessDebugInformation=nil then<br>&nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; ShowMessage(Format('GetProcess (RtlQueryProcessDebugInformation) Error: %d',[GetLastError]));<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; End;<br>&nbsp; PDBuf:=RtlCreateQueryDebugBuffer(0,false);<br>&nbsp; RtlQueryProcessDebugInformation(PID,1,PDBuf);<br>&nbsp; ModuleInfo:=ptr(integer(PDBuf.ModuleInformation)+4);<br>&nbsp; result:=strpas(ModuleInfo.ImageName);<br>end;<br>//-----------------------------------------------------------------<br>Function MyAcl :TList;<br>Var<br>&nbsp; iRet: Cardinal;<br>&nbsp; iiRet: Integer;<br>&nbsp; hCurrentProc, hToken: Thandle;<br>&nbsp; dwNumBytes: Cardinal;<br>&nbsp; dwNumBytesRet: Ulong;<br>&nbsp; dwNumEntries: Dword;<br>&nbsp; hMyHandle, hProc: THANDLE;<br>&nbsp; i: Dword;<br>&nbsp; Namee: Tsockaddr;<br>&nbsp; namelen: Integer;<br>&nbsp; S: Tsocket;<br>&nbsp; optlen, sockType: Integer;<br>&nbsp; //psnap :Thandle;<br>&nbsp; APort:PPort;<br>Begin<br>&nbsp; result:= TList.Create;<br>&nbsp; @NtQuerySystemInformation := GetProCaddress(hNtdll, 'NtQuerySystemInformation');<br>&nbsp; If @NtQuerySystemInformation = Nil Then<br>&nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; ShowMessage(Format('GetProcess (NtQuerySystemInFORMation) Error: %d',[GetLastError]));<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; End;<br><br>&nbsp; hCurrentProc := GetCurrentProcess;<br>&nbsp; If Not Windows.OpenProcessToken(hCurrentProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY,<br>&nbsp; &nbsp; hToken) Then<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; ShowMessage(Format('OpenProcessToken Error: %d ', [GetLastError]));<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; end<br>&nbsp; Else<br>&nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; If Not RaisePrivleges(hToken, SE_DEBUG_NAME) Then<br>&nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ShowMessage(Format('SetPrivleges SE_DEBUG_NAME Error: %d',[GetLastError]));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; End;<br>&nbsp; If hToken &lt;&gt; 0 Then CloseHandle(hToken);<br>&nbsp; dwNumBytes &nbsp; &nbsp;:= sizeof(THANDLEINFO);<br>&nbsp; hinfo &nbsp; &nbsp; &nbsp; &nbsp; := AllocMem(dwNumBytes);<br>&nbsp; dwNumBytesRet := 0;<br>&nbsp; Try<br>&nbsp; &nbsp; //first call try to determin buffer size we'll need<br>&nbsp; &nbsp; iRet := NtQuerySystemInformation(NT_HANDLE_LIST, hInfo,dwNumBytes, @dwNumBytesRet);<br>&nbsp; &nbsp; //call NtQuery we get STATUS_INFO_LENGTH_MISMATCH<br>&nbsp; &nbsp; While iRet = STATUS_INFO_LENGTH_MISMATCH Do<br>&nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; inc(dwNumBytes,dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; ReallocMem(hinfo, dwNumBytes);<br>&nbsp; &nbsp; &nbsp; &nbsp; iRet &nbsp;:= NtQuerySystemInformation(NT_HANDLE_LIST, hInfo, dwNumBytes, @dwNumBytesRet);<br>&nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; //if we still can't get STATUS_SUCCESS<br>&nbsp; &nbsp; If iRet &lt;&gt; STATUS_SUCCESS Then<br>&nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; ShowMessage(Format('NtQuerySystemInFORMation return Error: %d',[GetLastError]));<br>&nbsp; &nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; &nbsp; End<br>&nbsp; &nbsp; Else<br>&nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=hInfo;<br>&nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:=PHANDLEINFO(ULONG(HandleInfo)+4);<br>&nbsp; &nbsp; &nbsp; &nbsp; dwNumEntries := dwNumBytesRet;<br>&nbsp; &nbsp; &nbsp; &nbsp; For &nbsp;i := 0 To ((dwNumEntries-4) div 16) Do<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If (HandleInfo.ObjType = OBJECT_TYPE_SOCKET)and<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;(HandleInfo.dwPid &lt;&gt; 0)and<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;(HandleInfo.dwPid &lt;&gt; GetCurrentProcessId ) Then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hProc := OpenProcess(WRITE_DAC, False, HandleInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If hProc &lt;&gt; 0 Then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; AdjustDacl(hProc);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hProc);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hMyHandle := 0;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; hProc &nbsp; &nbsp; := OpenProcess(PROCESS_DUP_HANDLE, True, HandleInfo.dwPid);<br><br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If hProc &lt;&gt; 0 Then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;DuplicateHandle(hProc, HandleInfo.HndlOffset, hCurrentProc,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @hMyHandle, STANDARD_RIGHTS_REQUIRED, True, 0);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CloseHandle(hProc);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If hMyHandle &lt;&gt; 0 Then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Namee.sin_family := AF_INET;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; namelen := sizeof(Tsockaddrin);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s:= Tsocket(hMyHandle);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; iiRet := getsockname(s, Namee, namelen);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If iiRet &lt;&gt; SOCKET_ERROR Then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sockType := 0;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; optlen &nbsp; := 4;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; getsockopt(s, SOL_SOCKET, SO_TYPE, @sockType, optlen);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; new(APort);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //psnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; //APort^.name:=PIDToName(psnap,HandleInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; APort^.name:=MyPIDToName(HandleInfo.dwPid);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; APort^.Port:=ntohs(Namee.sin_port);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; APort^.Socket_type:=szSockType[sockType];<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Aport^.PID:= HandleInfo.dwPid;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result.Add(Aport);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End; //if<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HandleInfo:= PHANDLEINFO(ULONG(HandleInfo)+sizeof(THANDLEINFO));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; End; //for<br>&nbsp; &nbsp; &nbsp;End; //else<br>&nbsp; &nbsp;Finally<br>&nbsp; &nbsp; If hinfo &lt;&gt; Nil Then FreeMem(hinfo);<br>&nbsp; &nbsp; If hCurrentProc &lt;&gt; 0 Then CloseHandle(hCurrentProc);<br>&nbsp; &nbsp;End; //end of try<br>End;<br>//---------------------------------------<br>procedure TForm1.Button1Click(Sender: TObject);<br>var<br>&nbsp; osinfo: TOSVERSIONinfo;<br>&nbsp; size: Cardinal;<br>&nbsp; WSAData : TWSAData;<br>&nbsp; PortList:TList;<br>&nbsp; CIO_Port:PPort;<br>&nbsp; ListItem: TListItem;<br>&nbsp; i:integer;<br>begin<br>&nbsp; WSAStartup($0202, WSAData);<br>&nbsp; hNtdll := LoadLibrary('NTDLL.DLL');<br>&nbsp; If hNtdll = 0 then<br>&nbsp; begin<br>&nbsp; &nbsp; ShowMessage(Format('LoadLibrary (NTDLL.DLL) Error: %d', [GetLastError]));<br>&nbsp; &nbsp; exit;<br>&nbsp; end;<br>&nbsp; osinfo.dwOSVersionInfoSize := sizeof(TOSVERSIONinfo);<br>&nbsp; if not BOOL(GetVersionEx(osinfo)) then<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; messagebox(0, err_noOS, 'Error', MB_OK);<br>&nbsp; &nbsp; &nbsp; exit;//halt($FF);<br>&nbsp; &nbsp; end<br>&nbsp; else runonNT := osinfo.dwPlatformId = VER_PLATFORM_WIN32_NT;<br>&nbsp; size := SizeOf(cbuffer);<br>&nbsp;try<br>&nbsp; PortList:=TList.Create;<br>&nbsp; PortList:=MyAcl;<br>&nbsp; with ListView1 do<br>&nbsp; begin<br>&nbsp; clear;<br>&nbsp; for i:=0 to PortList.Count -1 do<br>&nbsp; begin<br>&nbsp; &nbsp; ListItem := Items.Add;<br>&nbsp; &nbsp; CIO_Port:=PortList;<br>&nbsp; &nbsp; ListItem.Caption :=IntToStr(CIO_Port.PID);<br>&nbsp; &nbsp; Listitem.SubItems.Add(CIO_Port.name);<br>&nbsp; &nbsp; Listitem.SubItems.Add(CIO_Port.Socket_type);<br>&nbsp; &nbsp; Listitem.SubItems.Add(IntToStr(CIO_Port.Port));<br>&nbsp; end;<br>&nbsp; end;<br>&nbsp; for i := 0 to (PortList.Count - 1) do<br>&nbsp; &nbsp;begin &nbsp;<br>&nbsp; &nbsp; &nbsp;CIO_Port := PortList.Items;<br>&nbsp; &nbsp; &nbsp;Dispose(CIO_Port);<br>&nbsp; &nbsp;end;<br>&nbsp; finally<br>&nbsp; &nbsp; PortList.Free;<br>&nbsp; end;<br>end;<br>//-------------------------------------<br>我在XP测试过,会导致MSN Messneger不能正常使用、关闭QQ..<br>WIN2K好像没问题。<br>//-----<br>CIONO1
 
在winxp上使用这个函数就可以了,不用这样复杂的。<br>pAllocateAndGetTcpExTableFromStack<br>&nbsp; PMIB_TCPEXROW=^MIB_TCPEXROW<br>&nbsp; MIB_TCPEXROW=record<br>&nbsp; dwState : DWORD; &nbsp; &nbsp; &nbsp; &nbsp;// state of the connection<br>&nbsp; dwLocalAddr : DWORD; &nbsp; &nbsp;// address on local computer<br>&nbsp; dwLocalPort : DWORD; &nbsp; &nbsp;// port number on local computer<br>&nbsp; dwRemoteAddr : DWORD; &nbsp; // address on remote computer<br>&nbsp; dwRemotePort : DWORD; &nbsp; // port number on remote computer<br>&nbsp; dwProcessId : DWORD;<br>&nbsp; end; <br><br>&nbsp;PMIB_TCPEXTABLE = ^MIB_TCPEXTABLE<br>&nbsp;MIB_TCPEXTABLE=record<br>&nbsp; dwNumEntries : DWORD;<br>&nbsp; table : array [0..0] of MIB_TCPEXROW;<br>&nbsp; end;<br><br>&nbsp;function pAllocateAndGetTcpExTableFromStack)(<br>&nbsp; pTcpTable : PMIB_TCPEXTABLE, &nbsp;// buffer for the connection table<br>&nbsp; bOrder : BOOL , &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // sort the table?<br>&nbsp; heap : HANDLE ,<br>&nbsp; zero : DWORD,<br>&nbsp; flags :DWORD<br>):DWORD<br><br>而且据说在winxp上这个地方应该是(PhInfo.ObjType = $1C)<br>
 
在winxp(PhInfo.ObjType = $1A)下应该为(PhInfo.ObjType = $1C)<br>而且在XP下不使用这样发方法,而是用这个API。<br>PTMibTCPRow = ^TMibTCPRow;<br>&nbsp; TMibTCPRow = packed record<br>&nbsp; &nbsp; dwState: DWORD;<br>&nbsp; &nbsp; dwLocalAddr: DWORD;<br>&nbsp; &nbsp; dwLocalPort: DWORD;<br>&nbsp; &nbsp; dwRemoteAddr: DWORD;<br>&nbsp; &nbsp; dwRemotePort: DWORD;<br>&nbsp; &nbsp; dwProcessId: DWORD;<br>&nbsp; end;<br>&nbsp; //<br>&nbsp; PTMibTCPTable = ^TMibTCPTable;<br>&nbsp; TMibTCPTable = packed record<br>&nbsp; &nbsp; dwNumEntries: DWORD;<br>&nbsp; &nbsp; Table: array[0..ANY_SIZE - 1] of TMibTCPRow;<br>&nbsp; end;<br>function GetTcpTable( pTCPTable: PTMibTCPTable;<br>&nbsp; bOrder : BOOL, &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>&nbsp; heap : HANDLE,<br>&nbsp; zero : DWORD,<br>&nbsp; flags : DWORD): DWORD;<br>stdcall; external 'IPHLPAPI.DLL';<br>
 
kcahcn提供的最后那个例程什么也得不到,前面那个倒是可以,不过速度太慢了。
 
我这儿可以得到结果。我再看看代码。<br>速度太慢这我也知道,因为没用线程。我留给别人做。别人给你做所有的工作没意思吧。<br>你应该动动手吧。<br>to蛮牛野蛮牛:你说的那个函数我知道,不只是一个函数。<br>Mark Russinovich的TCPVIEW就用那些函数。<br>delphi源代码我有(CIONO4写的)。你的问题没提到那些函数所以我没提供那个方法。<br>你只讨论了native api的方法。不能怪我[:p]<br>如果你要那个代码我可以发。<br>//------------------<br>忘了说:要在listview建立四个column还要把viewstyle设置为vsReport(谁都应该知道这个吧)<br>&nbsp; 从代码可以看出这点: <br>&nbsp; &nbsp;ListItem := Items.Add;<br>&nbsp; &nbsp; CIO_Port:=PortList;<br>&nbsp; &nbsp; ListItem.Caption :=IntToStr(CIO_Port.PID);<br>&nbsp; &nbsp; Listitem.SubItems.Add(CIO_Port.name);<br>&nbsp; &nbsp; Listitem.SubItems.Add(CIO_Port.Socket_type);<br>&nbsp; &nbsp; Listitem.SubItems.Add(IntToStr(CIO_Port.Port));<br>//----------------<br>如果还不现实结果就告诉你用什么windows,编译通过吗?,遇到哪些问题。。。<br>//-----<br>Regrads CIONO1<br>CIONO1
 
我说速度慢可没有别的意思,只是说说而已,因为网上那个fport.exe速度非常快,<br>不知道是不是工作原理的不同。<br>另外,关于第二个例程,我跟踪了一下,总是在这里:<br>&nbsp; &nbsp; &nbsp; iiRet := getsockname(s, Namee, namelen);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; If iiRet &lt;&gt; SOCKET_ERROR Then<br>返回值总是SOCKET_ERROR<br><br>至于第三个例程,用到了iphelper,其实在win2000下就有了,的确很简单,可惜<br>98不支持。你的前面的例程支持98/95吗?
 
FPort它调用了ZwQuerySystemInformation<br>还调用了AllocateAndGetUdpExTableFromStack,AllocateAndGetTcpExTableFromStack<br>(在xp)跟踪FPort发现它使用了AllocateAndGetUdpExTableFromStack,AllocateAndGetTcpExTableFromStack<br>而没有用ZwQuerySystemInformation(在win2k我还没跟踪FPort)。<br>这些方法在WIN9x不可行的。<br>//---------------------<br>下面的代码用实现AllocateAndGetUdpExTableFromStack,AllocateAndGetTcpExTableFromStack<br>实现“一个端口到进程的关联”。<br>(Delphi6.0 7.0 ,WINXP下 )<br>//////////////////////////////////////////////////////<br>//<br>// &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OpenPorts<br>// &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CopyRight for CIO<br>// &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Computer Idiot Organization<br>// &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; fsl(CIONO5)<br>//<br>//////////////////////////////////////////////////////<br><br>//TODO: lots of stuff ;p<br>unit Unit1;<br><br>interface<br><br>uses<br>&nbsp; Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br>&nbsp; Dialogs, ActnList, ComCtrls, StdCtrls, winsock,tlhelp32, ExtCtrls;<br><br>type<br>&nbsp; TForm1 = class(TForm)<br>&nbsp; &nbsp; Button1: TButton; &nbsp;//onclick -&gt; acRefreshExecute , Action-&gt;acRefresh<br>&nbsp; &nbsp; ListView1: TListView;<br>&nbsp; &nbsp; ActionList1: TActionList;<br>&nbsp; &nbsp; acRefresh: TAction;<br>&nbsp; &nbsp; procedure acRefreshExecute(Sender: TObject);<br>&nbsp; private<br>&nbsp; &nbsp; { Private declarations }<br>&nbsp; &nbsp; function GetIP(ipAddr: cardinal):string;<br>&nbsp; &nbsp; function GetPort(port: cardinal):string;<br>&nbsp; &nbsp; function PIDToName(ProcessSnap: THandle; PID:dword):string;<br><br>&nbsp; public<br>&nbsp; &nbsp; { Public declarations }<br>&nbsp; end;<br><br>var<br>&nbsp; Form1: TForm1;<br>&nbsp; TcpState: array[0..12] of String= ('???',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'CLOSED',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'LISTENING',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'SYN_SENT',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'SYN_RCVD',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'ESTABLISHED',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'FIN_WAIT1',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'FIN_WAIT2',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'CLOSE_WAIT',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'CLOSING',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'LAST_ACK',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'TIME_WAIT',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 'DELETE_TCB' );<br><br>implementation<br><br>{$R *.dfm}<br>type<br>&nbsp; MIB_TCPEXRow = record<br>&nbsp; &nbsp; &nbsp;dwState &nbsp; &nbsp; &nbsp;:DWORD;<br>&nbsp; &nbsp; &nbsp;dwLocalAddr &nbsp;:DWORD;<br>&nbsp; &nbsp; &nbsp;dwLocalPort &nbsp;:DWORD;<br>&nbsp; &nbsp; &nbsp;dwRemoteAddr :DWORD;<br>&nbsp; &nbsp; &nbsp;dwRemotePort :DWORD;<br>&nbsp; &nbsp; &nbsp;dwProcessId &nbsp;:DWORD;<br>&nbsp; end;<br>&nbsp; PMIB_TCPExRow = ^MIB_TCPExRow;<br><br>&nbsp; MIB_TCPExTable = record<br>&nbsp; &nbsp; &nbsp;dwNumEntries :DWORD;<br>&nbsp; &nbsp; &nbsp;table &nbsp; &nbsp; &nbsp; &nbsp;:array[0..50] of MIB_TCPExRow; // 50 ? .. ANY_SIZE !<br>&nbsp; end;<br>&nbsp; PMIB_TCPExTable= ^MIB_TCPExTable;<br><br>&nbsp; MIB_UDPExRow = record<br>&nbsp; &nbsp; &nbsp;dwLocalAddr &nbsp;:DWORD;<br>&nbsp; &nbsp; &nbsp;dwLocalPort &nbsp;:DWORD;<br>&nbsp; &nbsp; &nbsp;dwProcessID &nbsp;:DWORD;<br>&nbsp; end;<br>&nbsp; PMIB_UDPExRow = ^MIB_UDPExRow;<br><br>&nbsp; MIB_UDPExTable = record<br>&nbsp; &nbsp; &nbsp;dwNumEntries :DWORD;<br>&nbsp; &nbsp; &nbsp;table &nbsp; &nbsp; &nbsp; &nbsp;:array[0..50] of MIB_UDPExRow;<br>&nbsp; end;<br>&nbsp; PMIB_UDPExTable = ^MIB_UDPExTable;<br><br><br>function AllocateAndGetTcpExTableFromStack(TCPExTable: PMIB_TCPExTable;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;order: boolean;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;AllocHeap: THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;AlloFlags: integer;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ProtocolVer: integer): integer;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;stdcall; external 'iphlpapi.dll' name 'AllocateAndGetTcpExTableFromStack';<br><br>function AllocateAndGetUdpExTableFromStack(UDPExTable: PMIB_UDPExTable;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;order: boolean;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;AllocHeap: THandle;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;AlloFlags: integer;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ProtocolVer: integer): integer;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;stdcall; external 'iphlpapi.dll' name 'AllocateAndGetUdpExTableFromStack';<br><br>function TForm1.GetIP(ipAddr: cardinal): string;<br>var nIpAddr: cardinal;<br>begin<br>&nbsp; nIpAddr := htonl(ipAddr);<br>&nbsp; Result := IntToStr(HIByte(HIWord(nIpAddr)))+'.'+<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; IntToStr(LOByte(HIWord(nIpAddr)))+'.'+<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; IntToStr(HIByte(LOWord(nIpAddr)))+'.'+<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; IntToStr(LOByte(LOWord(nIpAddr)));<br>end;<br><br>function TForm1.GetPort(port: cardinal): string;<br>begin<br>&nbsp; Result := inttostr(htons(word(port)));<br>end;<br><br>function TForm1.PIDToName(ProcessSnap: THandle; PID: dword): string;<br>var ProcessEntry: TProcessEntry32;<br>begin<br>&nbsp; if (not Process32First(ProcessSnap, ProcessEntry)) then<br>&nbsp; &nbsp; Result := '????'<br>&nbsp; else begin<br>&nbsp; &nbsp; while PID &lt;&gt; ProcessEntry.th32ProcessID do<br>&nbsp; &nbsp; &nbsp; Process32Next(ProcessSnap, ProcessEntry);<br>&nbsp; &nbsp; Result := ProcessEntry.szExeFile<br>&nbsp; end<br>end;<br><br>procedure TForm1.acRefreshExecute(Sender: TObject);<br>var<br>&nbsp; i: integer;<br>&nbsp; tcp: PMIB_TCPExTable;<br>&nbsp; udp: PMIB_UDPExTable;<br>&nbsp; item: TListItem;<br>&nbsp; psnap: THandle;<br>begin<br>&nbsp; i := AllocateAndGetTCPExTableFromStack(@tcp, true, GetProcessHeap(), 2, 2);<br>&nbsp; if i &lt;&gt; 0 then exit;<br>&nbsp; i := AllocateAndGetUDPExTableFromStack(@udp, true, GetProcessHeap(), 2, 2);<br>&nbsp; if i &lt;&gt; 0 then exit;<br>&nbsp; psnap := CreateToolHelp32SnapShot(2,0);<br>&nbsp; if psnap = INVALID_HANDLE_VALUE then exit;<br>&nbsp; ListView1.Items.Clear;<br>&nbsp; for i := 0 to tcp.dwNumEntries -1 do begin<br>&nbsp; &nbsp; item := nil;<br>&nbsp; &nbsp; item := ListView1.Items.Add();<br>&nbsp; &nbsp; item.Caption := GetIP(tcp.table.dwLocalAddr); &nbsp;//local IP<br>&nbsp; &nbsp; item.SubItems.Add(GetPort(tcp.table.dwLocalPort)); //Local Port<br>&nbsp; &nbsp; item.SubItems.Add(GetIP(tcp.table.dwRemoteAddr)); &nbsp;// Remote IP<br>&nbsp; &nbsp; item.SubItems.Add(GetPort(tcp.table.dwRemotePort)); // Remote Port<br>&nbsp; &nbsp; item.SubItems.Add(PIDToName(psnap,tcp.table.dwProcessId)); // Process<br>&nbsp; &nbsp; item.SubItems.Add(IntToStr(tcp.table.dwProcessId)); // PId<br>&nbsp; &nbsp; item.SubItems.Add(TCPState[tcp.table.dwState]); &nbsp;//Status<br>&nbsp; &nbsp; item.SubItems.Add('TCP'); //Protocol<br>&nbsp; &nbsp; //todo : add path &nbsp;<br>&nbsp; end;<br>&nbsp; for i := 0 to udp.dwNumEntries -1 do begin<br>&nbsp; &nbsp; item := nil;<br>&nbsp; &nbsp; item := ListView1.Items.Add();<br>&nbsp; &nbsp; item.Caption := GetIP(udp.table.dwLocalAddr);<br>&nbsp; &nbsp; item.SubItems.Add(GetPort(udp.table.dwLocalPort));<br>&nbsp; &nbsp; item.SubItems.Add('');<br>&nbsp; &nbsp; item.SubItems.Add('');<br>&nbsp; &nbsp; item.SubItems.Add(PIDToName(psnap,udp.table.dwProcessId));<br>&nbsp; &nbsp; item.SubItems.Add(IntToStr(udp.table.dwProcessId));<br>&nbsp; &nbsp; item.SubItems.Add('');<br>&nbsp; &nbsp; item.SubItems.Add('UDP')<br>&nbsp; end;<br>&nbsp; CloseHandle(psnap);<br><br>end;<br>end.<br>//-----<br>CIONO1
 
你的方法适用于9x吗?
 
前面已经说了“这些方法在WIN9x不可行的。”。<br>NativeAPI只能在winnt/2k/xp用。(这你应该知道吧。)。<br>在win9x要用驱动程序。<br>//-----<br>CIONO1
 
后退
顶部