Page 1 sur 1
Recuperer le nom du process qui se connecte a internet
Publié : mar. 19/juin/2018 11:01
par ChaudEf
Bonjour
Dans Fiddler, on peut voir quel processus a demande une certaine connexion Internet.
Est ce que c'est possible de faire ca en purebasic? Monter un petit serveur local, puis recevoir les domaines visites par les differents programmes de l'ordinateur, en sachant quel domaine a ete visite par quel programme?
Merci
Re: Recuperer le nom du process qui se connecte a internet
Publié : jeu. 21/juin/2018 21:05
par celtic88
Bonjour
test !
Code : Tout sélectionner
InitNetwork()
Structure MIB_TCPTABLE_OWNER_PID
dwStats.l
dwLocalAddr.l
dwLocalPort.l
dwRemoteAddr.l
dwRemotePort.l
dwOwningPid.l
EndStructure
Structure MIB_TCPTABLE
dwNumEntries.l
table.MIB_TCPTABLE_OWNER_PID[0]
EndStructure
Structure MIB_UDPROW_OWNER_PID
dwLocalAddr.l
dwLocalPort.l
dwOwningPid.l
EndStructure
Structure MIB_UDPTABLE
dwNumEntries.l
table.MIB_UDPROW_OWNER_PID[0]
EndStructure
Prototype GetExtendedTcpTable(pTcpTable,pdwSize,bOrder,ulAf,TableClass,Reserved = 0)
Prototype GetExtendedUdpTable(pUdpTable,pdwSize,bOrder,ulAf,TableClass,Reserved = 0)
OpenLibrary(0, "iphlpapi.dll")
Global GetExtendedTcpTable.GetExtendedTcpTable = GetFunction(0,"GetExtendedTcpTable")
Global GetExtendedUdpTable.GetExtendedUdpTable = GetFunction(0,"GetExtendedUdpTable")
Global State.s = "CLOSED|LISTENING|SYN_SENT|SYN_RCVD|ESTABLISHED|FIN_WAIT1|FIN_WAIT2|CLOSE_WAIT|CLOSING|LAST_ACK|TIME_WAIT|DELETE_TCB"
Structure ProcessInfo
strProcessName.s
Pid.l
EndStructure
Procedure GetProcessList(List ProcessList.ProcessInfo())
ClearList(ProcessList())
Protected Proc32.PROCESSENTRY32\dwSize = SizeOf(PROCESSENTRY32)
Protected snapShot = CreateToolhelp32Snapshot_(#TH32CS_SNAPPROCESS, 0)
If snapShot
If Process32First_(snapShot, @Proc32)
While Process32Next_(snapShot, @Proc32)
AddElement(ProcessList())
ProcessList()\strProcessName = PeekS(@Proc32\szExeFile)
ProcessList()\Pid = Proc32\th32ProcessID
Wend
EndIf
CloseHandle_(snapShot)
EndIf
EndProcedure
Structure ConnectionListInfo
strType.s
dwStats.l
strStats.s
dwLocalAddr.l
strLocalAddr.s
strLocalAddr2.s
dwLocalPort.l
dwRemoteAddr.l
strRemoteAddr.s
strRemoteAddr2.s
dwRemotePort.l
dwOwningPid.l
strProcessName.s
EndStructure
Procedure GetConnectionList(List ConnectionList.ConnectionListInfo())
Protected *tcpTable.MIB_TCPTABLE,dwSize,*udpTable.MIB_UDPTABLE,*IpName,
NewList ProcessList.ProcessInfo()
GetProcessList(ProcessList())
GetExtendedTcpTable(0 , @dwSize, #True,#AF_INET,5)
If dwSize = 0
ProcedureReturn -1
EndIf
*tcpTable = AllocateMemory(dwSize)
If GetExtendedTcpTable(*tcpTable , @dwSize, #True,#AF_INET,5) <> 0
FreeMemory(*tcpTable)
ProcedureReturn -2
EndIf
With *tcpTable
For i = 0 To \dwNumEntries - 1
AddElement(ConnectionList())
ConnectionList()\strType = "TCP"
ConnectionList()\dwStats = \table[i]\dwStats
ConnectionList()\dwLocalAddr = \table[i]\dwLocalAddr
ConnectionList()\dwLocalPort = ntohs_(\table[i]\dwLocalPort)
ConnectionList()\dwRemoteAddr = \table[i]\dwRemoteAddr
ConnectionList()\dwRemotePort = ntohs_(\table[i]\dwRemotePort)
ConnectionList()\dwOwningPid = \table[i]\dwOwningPid
ConnectionList()\strStats = StringField(State,\table[i]\dwStats,"|")
ConnectionList()\strRemoteAddr = IPString(\table[i]\dwRemoteAddr)
*IpName = gethostbyaddr_(@\table[i]\dwRemoteAddr,4,#PF_INET)
If *IpName > 0
ConnectionList()\strRemoteAddr2 = PeekS(PeekL(*IpName),-1,#PB_Ascii)
EndIf
ConnectionList()\strLocalAddr = IPString(\table[i]\dwLocalAddr)
*IpName = gethostbyaddr_(@\table[i]\dwLocalAddr,4,#PF_INET)
If *IpName > 0
ConnectionList()\strLocalAddr2 = PeekS(PeekL(*IpName),-1,#PB_Ascii)
EndIf
ForEach ProcessList()
If ProcessList()\Pid = \table[i]\dwOwningPid
ConnectionList()\strProcessName = ProcessList()\strProcessName
Break
EndIf
Next
Next
EndWith
FreeMemory(*tcpTable)
dwSize = 0
GetExtendedUdpTable(0,@dwSize, #True,#AF_INET,1)
If dwSize = 0
ProcedureReturn -3
EndIf
*udpTable = AllocateMemory(dwSize)
If GetExtendedUdpTable(*udpTable , @dwSize, #True,#AF_INET,1) <> 0
FreeMemory(*udpTable)
ProcedureReturn -4
EndIf
With *udpTable
For i = 0 To \dwNumEntries - 1
AddElement(ConnectionList())
ConnectionList()\strType = "UDP"
ConnectionList()\dwLocalAddr = \table[i]\dwLocalAddr
ConnectionList()\dwLocalPort = ntohs_(\table[i]\dwLocalPort)
ConnectionList()\dwOwningPid = \table[i]\dwOwningPid
ConnectionList()\strLocalAddr = IPString(\table[i]\dwLocalAddr)
*IpName = gethostbyaddr_(@\table[i]\dwLocalAddr,4,#PF_INET)
If *IpName > 0
ConnectionList()\strLocalAddr2 = PeekS(PeekL(*IpName),-1,#PB_Ascii)
EndIf
ForEach ProcessList()
If ProcessList()\Pid = \table[i]\dwOwningPid
ConnectionList()\strProcessName = ProcessList()\strProcessName
Break
EndIf
Next
Next
EndWith
FreeMemory(*udpTable)
ProcedureReturn 1
EndProcedure
NewList ConnectionList.ConnectionListInfo()
st = GetConnectionList(ConnectionList())
If st <> 1
Debug " ERROR CODE : " + Str(st)
End 1
EndIf
ForEach ConnectionList()
Debug ConnectionList()\strType + " - " + ConnectionList()\strStats
Debug ConnectionList()\strProcessName + " (" + Str(ConnectionList()\dwOwningPid) + ")"
Debug ConnectionList()\strRemoteAddr2 + " (" + ConnectionList()\strRemoteAddr + ") : " +
Str(ConnectionList()\dwRemotePort)
Debug ConnectionList()\strLocalAddr + " (" + ConnectionList()\strLocalAddr2 + ") : " +
Str(ConnectionList()\dwLocalPort)
Debug "____________________________________________________________________________________"
Next
Re: Recuperer le nom du process qui se connecte a internet
Publié : ven. 22/juin/2018 6:14
par Marc56
...quel processus a demande une certaine connexion Internet.
Sous Windows, sans API, avec
netstat
Code : Tout sélectionner
C:> netstat /?
Affiche les statistiques de protocole et les connexions réseau TCP/IP actuelles
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]
-a Affiche toutes les connexions et tous les ports d'écoute.
-b Affiche l'exécutable impliqué dans la création de chaque
connexion ou port d'écoute...
(Voir le reste de l'aide pour les autres paramètres)
Ensuite
RunProgram("cmd", "/c netstat ...) et récupérer la sortie.
Re: Recuperer le nom du process qui se connecte a internet
Publié : sam. 23/juin/2018 15:54
par Kwai chang caine
@CELTIC
Marche nickel ton code sur W10 X64
Merci