ich habe mir jetzt aus dem[LINK] und dem[LINK] den[unten] code Gemacht
und eigentlich müsste der mir doch jetzt fast alle offenen ports ausgeben
das macht er aber nicht [nicht mal port 80 vom apache]
Code: Alles auswählen
Enumeration
#LinkToKernel32Lib
#LinkToAdvapi32Lib
EndEnumeration
#MAX_PATH = 260
#TH32CS_SNAPHEAPLIST = $1 ;Includes all heaps of the process specified in th32ProcessID in the snapshot. To enumerate the heaps, see Heap32ListFirst.
#TH32CS_SNAPPROCESS = $2 ;Includes all processes in the system in the snapshot. To enumerate the processes, see Process32First.
#TH32CS_SNAPTHREAD = $4 ;To identify the threads that belong to a specific process, compare its process identifier to the th32OwnerProcessID member of the THREADENTRY32 structure when enumerating the threads.
#TH32CS_SNAPMODULE = $8 ;Includes all modules of the process specified in th32ProcessID in the snapshot. To enumerate the modules, see Module32First.
#TH32CS_SNAPALL = #TH32CS_SNAPHEAPLIST | #TH32CS_SNAPPROCESS | #TH32CS_SNAPTHREAD | #TH32CS_SNAPMODULE ;Includes all processes and threads in the system, plus the heaps and modules of the process specified in th32ProcessID. Equivalent to specifying the TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, TH32CS_SNAPPROCESS, and TH32CS_SNAPTHREAD values.
#TH32CS_INHERIT = $80000000 ;Indicates that the snapshot handle is to be inheritable.
#TOKEN_QUERY=8
#TOKEN_ADJUST_PRIVILEGES=32
#PROCESS_DUP_HANDLE=64
#STANDARD_RIGHTS_ALL=2031616
#GENERIC_ALL=268435456
Structure PROCESSENTRY32
dwSize.l
cntUsage.l
th32ProcessID.l
th32DefaultHeapID.l
th32ModuleID.l
cntThreads.l
th32ParentProcessID.l
pcPriClassBase.l
dwFlags.l
szExeFile.b [#MAX_PATH]
EndStructure
NewList Process32.PROCESSENTRY32()
Procedure.s GetUsedPorts(ProcessID)
Global GetPorts_AlreadyCalled
Select OSVersion()
Case #PB_OS_Windows_2000
OSDepType=26
Case #PB_OS_Windows_XP
OSDepType=28
Default
ProcedureReturn "0"
EndSelect
If GetPorts_AlreadyCalled=0
NewToken.TOKEN_PRIVILEGES
OldToken.TOKEN_PRIVILEGES
FoundPorts=0
AdvapiInst=LoadLibrary_("advapi32.dll")
If AdvapiInst
Addr1=GetProcAddress_(AdvapiInst,"LookupPrivilegeValueA")
Addr2=GetProcAddress_(AdvapiInst,"OpenProcessToken")
Addr3=GetProcAddress_(AdvapiInst,"AdjustTokenPrivileges")
If Addr1<>0 And Addr2<>0 And Addr3<>0
result=CallFunctionFast(Addr2,GetCurrentProcess_(),#TOKEN_ADJUST_PRIVILEGES|#TOKEN_QUERY,@A)
If result
result=CallFunctionFast(Addr1,"","SeDebugPrivilege",OldToken\Privileges[0]\Luid)
If result
NewToken\PrivilegeCount=1
NewToken\Privileges[0]\Attributes=#SE_PRIVILEGE_ENABLED
NewToken\Privileges[0]\Luid\LowPart=OldToken\Privileges[0]\Luid\LowPart
NewToken\Privileges[0]\Luid\HighPart=OldToken\Privileges[0]\Luid\HighPart
CallFunctionFast(Addr3,A,0,NewToken,SizeOf(TOKEN_PRIVILEGES),OldToken,@dummy)
EndIf
EndIf
EndIf
FreeLibrary_(AdvapiInst)
EndIf
If result=0
Else
GetPorts_AlreadyCalled=-1
EndIf
EndIf
QuerySizePtr=GlobalAlloc_(#GMEM_FIXED|#GMEM_ZEROINIT,20)
If QuerySizePtr=0:ProcedureReturn "":EndIf
NtQuerySystemInformation_(16,QuerySizePtr,20,0)
Size=(PeekL(QuerySizePtr)-1)*16+20
GlobalFree_(QuerySizePtr)
If Size<=4:ProcedureReturn "":EndIf
Addr=GlobalAlloc_(#GMEM_FIXED|#GMEM_ZEROINIT,Size)
If Addr=0:ProcedureReturn "":EndIf
NtQuerySystemInformation_(16,Addr,Size,0)
For Count=0 To Size-16 Step 16
AppProcessID=PeekW(Addr+Count+4)&$FFFF
Type=PeekB(Addr+Count+8)&$FF
hSocket=PeekW(Addr+Count+10)&$FFFF
If AppProcessID=ProcessID
If Type=OSDepType
Process=OpenProcess_(#PROCESS_DUP_HANDLE,0,ProcessID)
If Process
DuplicateHandle_(Process,hSocket,GetCurrentProcess_(),@hNewSocket,#STANDARD_RIGHTS_ALL|#GENERIC_ALL,0,0)
If hNewSocket
FileType=GetFileType_(hNewSocket)
If FileType=3
SockNameSize=SizeOf(sockaddr_in)
If getsockname_(hNewSocket,SockName.sockaddr_in,@SockNameSize)=0
If FoundPorts>0:Ports.s+",":EndIf
FoundPorts+1
Ports.s+Str(htons_(SockName\sin_port)&$FFFF)
EndIf
EndIf
CloseHandle_(hNewSocket)
EndIf
CloseHandle_(Process)
EndIf
EndIf
EndIf
Next
GlobalFree_(Addr)
ProcedureReturn Ports.s
EndProcedure
If OpenLibrary(#LinkToKernel32Lib, "kernel32.dll")
hSnapshot = CallFunction(#LinkToKernel32Lib, "CreateToolhelp32Snapshot", #TH32CS_SNAPPROCESS, 0)
If hSnapshot
Proc32.PROCESSENTRY32
Proc32\dwSize = SizeOf(PROCESSENTRY32)
If CallFunction(#LinkToKernel32Lib, "Process32First", hSnapshot, @Proc32)
AddElement(Process32())
CopyMemory(@Proc32, @Process32(), SizeOf(PROCESSENTRY32))
While CallFunction(#LinkToKernel32Lib, "Process32Next", hSnapshot, @Proc32)
AddElement(Process32())
CopyMemory(@Proc32, @Process32 (), SizeOf(PROCESSENTRY32))
Wend
EndIf
CloseHandle_(hSnapshot)
EndIf
CloseLibrary(#LinkToKernel32Lib)
EndIf
ResetList(Process32())
While NextElement(Process32())
Debug PeekS(@Process32()\szExeFile)+" : "+GetUsedPorts(PeekL(@Process32()\th32ProcessID))
Wendps :es geht mir nicht darum alle offenen ports zu finden sondern möchte ich wissen welches programm welchen port auf gemacht hat
weil meine ganzen offen ports kenne ich schon
80: Apache
135: Net BIOS
445: irgendwas fürs interne Microsoft Netzwerk
1048: glaube NET Services
5354: K.A.
Edit by NicTheQuick: Threadtitel geändert
