C
china_peng
Unregistered / Unconfirmed
GUEST, unregistred user!
听课
Y
yulin
Unregistered / Unconfirmed
GUEST, unregistred user!
关注
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
下面是我翻译的c++不过运转不正常,请高手指点!不够可以不断加分!!
unit Port2Proc;
interface
uses
Windows,WinSock,AclAPI,AccCtrl,ComCtrls,PsAPI,SysUtils,QDialogs;
const
NT_HANDLE_LIST = 16;
MAX_HANDLE_LIST_BUF = $20000;
type
PHandleInfo=^_HANDLEINFO;
_HANDLEINFO=packed record
dwPid : WORD;
GreatorBackTraceIndex : WORD;
ObjType : Byte;
HandleAttributes : Byte;
HndlOffset : SHORT;
dwKeObject : DWORD;
GrantedAccess : ULONG
end;
function RaisePrivileges(hToken:THandle;pPriv: Pchar):Boolean;
procedure AdjustDACL(ProHandle:THandle);
procedure NTXPPort2Proc(ListView1:TListView);
implementation
//提升进程hToken特权
function RaisePrivileges(hToken:THandle;pPriv: Pchar):Boolean;
var
tkp : TOKEN_PRIVILEGES;
rl : Cardinal;
begin
LookupPrivilegeValue(nil,pPriv,tkp.Privileges[0].Luid);
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
tkp.PrivilegeCount := 1;
Result:=AdjustTokenPrivileges(hToken, False, tkp, 0, nil,rl);
end;
//调整目标进程DACL
procedure AdjustDACL(ProHandle:THandle);
var
pSD : PPSECURITY_DESCRIPTOR;
pNewDacl,pDacl : PACL;
ea : EXPLICIT_ACCESS;
begin
pSD:=nil;
pDacl:=nil;
pNewDacl:=nil;
GetSecurityInfo(ProHandle,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,
nil,nil,pDacl,nil,pSD);
ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions:=STANDARD_RIGHTS_ALL or SPECIFIC_RIGHTS_ALL;
ea.grfAccessMode:=SET_ACCESS;
ea.grfInheritance:=NO_INHERITANCE;
ea.Trustee.pMultipleTrustee:=nil;
ea.Trustee.MultipleTrusteeOperation:=NO_MULTIPLE_TRUSTEE;
ea.Trustee.TrusteeForm:=TRUSTEE_IS_SID;
ea.Trustee.TrusteeType:=TRUSTEE_IS_USER;
ea.Trustee.ptstrName:='CURRENT_USER';
SetEntriesInAcl(1,@ea,pDacl,pNewDacl);
SetSecurityInfo(ProHandle,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,nil,nil,pNewDacl,nil);
end;
procedure NTXPPort2Proc(ListView1:TListView);
type
TNTQuerySystemInformation= function( pdwRecordType
WORD; pdwHandleList
DWORD;
pdwNumBytesWORD;pdwNumBytesRetWORD)WORD;stdcall;
var
NTQuerySystemInfomation : TNTQuerySystemInformation;
DllHandle,hToken,CurrProcHandle,ProcHandle,MyHandle :THandle;
dwNumBytes,dwNumBytesRet,dwNumEntries,i : DWORD;
namelen,optlen,sockType: integer;
dwHandleList: PDWORD;
s : TSocket;
GInitData : TWSADATA;
PhInfo : PHandleInfo;
name : TSockAddrIn;
PortPath : array [0..MAX_PATH] of Char;
begin
ListView1.Clear;
MyHandle:=0;
WSAStartup($101, GInitData);
CurrProcHandle:=GetCurrentProcess;
OpenProcessToken(CurrProcHandle, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken);
RaisePrivileges(hToken,'SeSecurityPrivilege');
if hToken>0 then CloseHandle(HToken);
DllHandle := LoadLibrary('ntdll.dll');
if(DllHandle<>0) then
begin
NTQuerySystemInfomation:=GetProcAddress(DllHandle,'NtQuerySystemInformation');
dwNumBytes:=MAX_HANDLE_LIST_BUF;
dwNumbytesRet:=0;
//分配内存
GetMem(dwHandleList,dwNumBytes);
//成功调用将返回0值
NTQuerySystemInfomation(NT_HANDLE_LIST,dwHandleList,dwNumBytes,dwNumbytesRet);
end;
dwNumEntries:=dwHandleList^;
inc(dwHandleList^);
Phinfo:=@dwHandleList;
for i:=0 to dwNumEntries-1 do
begin
//★★需要判断操作系统类型 XP 和 NT或WIN2000
if (PhInf
bjType=$1A) and (PhInfo.dwPid>0) then
begin
ProcHandle:=OpenProcess(WRITE_DAC,FALSE,PhInfo.dwPid);
showmessage('rr:'+IntToStr(ProcHandle));
if ProcHandle>0 then
begin
AdjustDACL(ProcHandle);
CloseHandle(ProcHandle);
end;
ProcHandle:=OpenProcess(PROCESS_DUP_HANDLE,TRUE,PhInfo.dwPid);
if ProcHandle>0 then
begin
DuplicateHandle(ProcHandle,Cardinal(PhInfo.HndlOffset),CurrProcHandle,
@MYHandle,STANDARD_RIGHTS_REQUIRED,FALSE,0);
CloseHandle(ProcHandle);
end;
if MyHandle>0 then
begin
name.sin_family:=AF_INET;
namelen:=sizeof(TSockAddrIn);
s:=TSocket(MyHandle);
if GetSockName(s,name,namelen)<>SOCKET_ERROR then
begin
sockType:=0;
optlen:=4;
getsockopt(s,SOL_SOCKET,SO_TYPE,PChar(sockType),optlen);
ProcHandle:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,PhInfo.dwPid);
GetModuleFileNameEx(ProcHandle,0,PortPath,sizeof(PortPath));
CloseHandle(ProcHandle);
//输出信息
with ListView1.Items.Add do
begin
//协议类型
Caption:='TCP';
//本机端口
SubItems.Add(Format('%6d',[ntohs(name.sin_port)]));
//远程主机IP
SubItems.Add('');
//远程主机端口
SubItems.Add('');
//进程路径
SubItems.Add(PortPath);
end;
end;
end;
end;
//★★
inc(PhInfo);
end;
//释放内存
FreeMem(dwHandleList);
showmessage('kkk');
FreeAndNil(PhInfo);
FreeAndNil(dwHandleList);
if CurrProcHandle>0 then CloseHandle(CurrProcHandle);
FreeLibrary(DllHandle);
WSACleanup;
end;
end.
unit Port2Proc;
interface
uses
Windows,WinSock,AclAPI,AccCtrl,ComCtrls,PsAPI,SysUtils,QDialogs;
const
NT_HANDLE_LIST = 16;
MAX_HANDLE_LIST_BUF = $20000;
type
PHandleInfo=^_HANDLEINFO;
_HANDLEINFO=packed record
dwPid : WORD;
GreatorBackTraceIndex : WORD;
ObjType : Byte;
HandleAttributes : Byte;
HndlOffset : SHORT;
dwKeObject : DWORD;
GrantedAccess : ULONG
end;
function RaisePrivileges(hToken:THandle;pPriv: Pchar):Boolean;
procedure AdjustDACL(ProHandle:THandle);
procedure NTXPPort2Proc(ListView1:TListView);
implementation
//提升进程hToken特权
function RaisePrivileges(hToken:THandle;pPriv: Pchar):Boolean;
var
tkp : TOKEN_PRIVILEGES;
rl : Cardinal;
begin
LookupPrivilegeValue(nil,pPriv,tkp.Privileges[0].Luid);
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
tkp.PrivilegeCount := 1;
Result:=AdjustTokenPrivileges(hToken, False, tkp, 0, nil,rl);
end;
//调整目标进程DACL
procedure AdjustDACL(ProHandle:THandle);
var
pSD : PPSECURITY_DESCRIPTOR;
pNewDacl,pDacl : PACL;
ea : EXPLICIT_ACCESS;
begin
pSD:=nil;
pDacl:=nil;
pNewDacl:=nil;
GetSecurityInfo(ProHandle,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,
nil,nil,pDacl,nil,pSD);
ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions:=STANDARD_RIGHTS_ALL or SPECIFIC_RIGHTS_ALL;
ea.grfAccessMode:=SET_ACCESS;
ea.grfInheritance:=NO_INHERITANCE;
ea.Trustee.pMultipleTrustee:=nil;
ea.Trustee.MultipleTrusteeOperation:=NO_MULTIPLE_TRUSTEE;
ea.Trustee.TrusteeForm:=TRUSTEE_IS_SID;
ea.Trustee.TrusteeType:=TRUSTEE_IS_USER;
ea.Trustee.ptstrName:='CURRENT_USER';
SetEntriesInAcl(1,@ea,pDacl,pNewDacl);
SetSecurityInfo(ProHandle,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,nil,nil,pNewDacl,nil);
end;
procedure NTXPPort2Proc(ListView1:TListView);
type
TNTQuerySystemInformation= function( pdwRecordType
WORD; pdwHandleListDWORD;pdwNumBytes
WORD;pdwNumBytesRetWORD)WORD;stdcall;var
NTQuerySystemInfomation : TNTQuerySystemInformation;
DllHandle,hToken,CurrProcHandle,ProcHandle,MyHandle :THandle;
dwNumBytes,dwNumBytesRet,dwNumEntries,i : DWORD;
namelen,optlen,sockType: integer;
dwHandleList: PDWORD;
s : TSocket;
GInitData : TWSADATA;
PhInfo : PHandleInfo;
name : TSockAddrIn;
PortPath : array [0..MAX_PATH] of Char;
begin
ListView1.Clear;
MyHandle:=0;
WSAStartup($101, GInitData);
CurrProcHandle:=GetCurrentProcess;
OpenProcessToken(CurrProcHandle, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken);
RaisePrivileges(hToken,'SeSecurityPrivilege');
if hToken>0 then CloseHandle(HToken);
DllHandle := LoadLibrary('ntdll.dll');
if(DllHandle<>0) then
begin
NTQuerySystemInfomation:=GetProcAddress(DllHandle,'NtQuerySystemInformation');
dwNumBytes:=MAX_HANDLE_LIST_BUF;
dwNumbytesRet:=0;
//分配内存
GetMem(dwHandleList,dwNumBytes);
//成功调用将返回0值
NTQuerySystemInfomation(NT_HANDLE_LIST,dwHandleList,dwNumBytes,dwNumbytesRet);
end;
dwNumEntries:=dwHandleList^;
inc(dwHandleList^);
Phinfo:=@dwHandleList;
for i:=0 to dwNumEntries-1 do
begin
//★★需要判断操作系统类型 XP 和 NT或WIN2000
if (PhInf
bjType=$1A) and (PhInfo.dwPid>0) thenbegin
ProcHandle:=OpenProcess(WRITE_DAC,FALSE,PhInfo.dwPid);
showmessage('rr:'+IntToStr(ProcHandle));
if ProcHandle>0 then
begin
AdjustDACL(ProcHandle);
CloseHandle(ProcHandle);
end;
ProcHandle:=OpenProcess(PROCESS_DUP_HANDLE,TRUE,PhInfo.dwPid);
if ProcHandle>0 then
begin
DuplicateHandle(ProcHandle,Cardinal(PhInfo.HndlOffset),CurrProcHandle,
@MYHandle,STANDARD_RIGHTS_REQUIRED,FALSE,0);
CloseHandle(ProcHandle);
end;
if MyHandle>0 then
begin
name.sin_family:=AF_INET;
namelen:=sizeof(TSockAddrIn);
s:=TSocket(MyHandle);
if GetSockName(s,name,namelen)<>SOCKET_ERROR then
begin
sockType:=0;
optlen:=4;
getsockopt(s,SOL_SOCKET,SO_TYPE,PChar(sockType),optlen);
ProcHandle:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,PhInfo.dwPid);
GetModuleFileNameEx(ProcHandle,0,PortPath,sizeof(PortPath));
CloseHandle(ProcHandle);
//输出信息
with ListView1.Items.Add do
begin
//协议类型
Caption:='TCP';
//本机端口
SubItems.Add(Format('%6d',[ntohs(name.sin_port)]));
//远程主机IP
SubItems.Add('');
//远程主机端口
SubItems.Add('');
//进程路径
SubItems.Add(PortPath);
end;
end;
end;
end;
//★★
inc(PhInfo);
end;
//释放内存
FreeMem(dwHandleList);
showmessage('kkk');
FreeAndNil(PhInfo);
FreeAndNil(dwHandleList);
if CurrProcHandle>0 then CloseHandle(CurrProcHandle);
FreeLibrary(DllHandle);
WSACleanup;
end;
end.
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
c++源程序参考自:
http://go5.163.com/nowcan/tech/fport.htm
http://go5.163.com/nowcan/tech/fport.htm
飘
飘摇客
Unregistered / Unconfirmed
GUEST, unregistred user!
up
热
热血
Unregistered / Unconfirmed
GUEST, unregistred user!
没做过
M
mikecool
Unregistered / Unconfirmed
GUEST, unregistred user!
没看出什么大的问题,等我编译看看
C
Claudia
Unregistered / Unconfirmed
GUEST, unregistred user!
无建设性意见,只是希望大家多关注啦;)
B
bigroute
Unregistered / Unconfirmed
GUEST, unregistred user!
gz
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
特大喜讯!本人已经在一位网络高手的协助下彻底修正了程序,鉴于源C++
乃存在着bug,所有暂时不公布修改程序!!如果各位高手有兴趣的话,
欢迎共同研究讨论!!
另外本人参考了fport.exe 2.0版本 tcpview2.2 版本 activeports等
端口到进程的映射程序!发现它们都存在着这样或者那样的缺陷或者
bug!如fport.exe需要管理员权限,tcpview2.2有时候会报错,activeports
也如此!看来端口到进程的映射问题乃是一个世界性难题!!看来采用防火墙
技术才是正道!天网在这方面就作得不错!!
以上鄙人之愚见!!望大家指正!!
乃存在着bug,所有暂时不公布修改程序!!如果各位高手有兴趣的话,
欢迎共同研究讨论!!
另外本人参考了fport.exe 2.0版本 tcpview2.2 版本 activeports等
端口到进程的映射程序!发现它们都存在着这样或者那样的缺陷或者
bug!如fport.exe需要管理员权限,tcpview2.2有时候会报错,activeports
也如此!看来端口到进程的映射问题乃是一个世界性难题!!看来采用防火墙
技术才是正道!天网在这方面就作得不错!!
以上鄙人之愚见!!望大家指正!!
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
修正程序显示与源C++结果相同!!看来C++能做到的,有些方面Delphi也可以!!
热烈欢迎各位衷心诚心学习网络编程的程序员一起研究和指导和索取程序!!!!
!!!
执着的程序人生,执着的爱一个人,执着的哲学和佛学主义者!……
午夜的感慨:
转载:
生死犹如瀑流。有时,看这茫茫的人海,就象在瀑流中飘逝的无数花朵,美丽却
只是短暂。只有岸边的大树,扎根在深深的土壤,才有着无穷的生命和活力。即使、它偶然有树枝飘入瀑流,但它的根和树干却不曾离开坚实的河岸。
如果,没有大树的伟岸和潇洒,那就认真地种一颗大树的种子吧。努力地让生命长成大树,不要随风飘逝。
.
热烈欢迎各位衷心诚心学习网络编程的程序员一起研究和指导和索取程序!!!!
!!!
执着的程序人生,执着的爱一个人,执着的哲学和佛学主义者!……
午夜的感慨:
转载:
生死犹如瀑流。有时,看这茫茫的人海,就象在瀑流中飘逝的无数花朵,美丽却
只是短暂。只有岸边的大树,扎根在深深的土壤,才有着无穷的生命和活力。即使、它偶然有树枝飘入瀑流,但它的根和树干却不曾离开坚实的河岸。
如果,没有大树的伟岸和潇洒,那就认真地种一颗大树的种子吧。努力地让生命长成大树,不要随风飘逝。
.
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
xp下面端口到进程的映射本人也用Delphi完美解决,跟netstat -noa显示结果一模异样:)
NT和2000的还存在一点小bug
NT和2000的还存在一点小bug
D
d村长
Unregistered / Unconfirmed
GUEST, unregistred user!
http://delphi.mychangshu.com/dispdoc.asp?id=367
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
to 村长
上不去哟!!!:((
上不去哟!!!:((
K
kongg
Unregistered / Unconfirmed
GUEST, unregistred user!
大家认为这个怎么样?
http://www.csdn.net/cnshare/soft/5/5181.shtm
http://www.csdn.net/cnshare/soft/5/5181.shtm
H
hgood
Unregistered / Unconfirmed
GUEST, unregistred user!
聽聽
D
duducat
Unregistered / Unconfirmed
GUEST, unregistred user!
to kongg
那个程序没有什么价值!!我2000年就搞出来了!我现在是要实现fport.exe和TCPVIEW之类
软件的功能!!通俗的说就是端口到进程的关联!
本人已经搞得差不多了!xp下面已经完全完美的解决了!!
就差2000下面一点小bug的修正,望有兴趣的高手指点一二
那个程序没有什么价值!!我2000年就搞出来了!我现在是要实现fport.exe和TCPVIEW之类
软件的功能!!通俗的说就是端口到进程的关联!
本人已经搞得差不多了!xp下面已经完全完美的解决了!!
就差2000下面一点小bug的修正,望有兴趣的高手指点一二
W
wdl
Unregistered / Unconfirmed
GUEST, unregistred user!
duducat:请给我一份源程序好吗?谢谢!
ishyboy@163.com
ishyboy@163.com
S
smilboy
Unregistered / Unconfirmed
GUEST, unregistred user!
关联进程解决了么?
J
jingtao
Unregistered / Unconfirmed
GUEST, unregistred user!
早点说嘛
偶有代码啊
http://tty.yyun.net/lovejingtao/Port.exe
偶有代码啊
http://tty.yyun.net/lovejingtao/Port.exe
