2003下安装虚拟机:在xp和2003下察看端口对应的进程来源: 发布时间:星期六, 2009年9月12日 浏览:0次 评论:0
作者:shadow
Email:[email protected] 来源:http://www.codehome.6600.org  */我们都知道fport.exe只能在2000下运行  那么有没有办法在xp和2003下察看端口对应 信息呢?答案是肯定:)首先让我们来熟悉几条命令和  使用方法吧:netstat -ano //这个命令是列出当前网络连接状况 并且列出端口对应pidtlist.exe //在2000和xp安装盘 Support\Tools目录下support.cab 压缩包自带 个工具可以查看指定pid对应进程信息让我们来看看运行效果吧 以下是netstat-ano在cmd中 运行结果:Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 496 TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 984 TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING 1524 TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1316 TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724 TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2860 TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1476 TCP 202.194.4.218:21 0.0.0.0:0 LISTENING 1476 TCP 202.194.4.218:80 202.194.4.218:3768 ESTABLISHED 4 TCP 202.194.4.218:1433 211.233.12.64:8374 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:8716 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:9075 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:9430 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:9785 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:10750 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:11091 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:11418 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:11739 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:12093 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:12452 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:15486 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:15851 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:16223 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:16580 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:16928 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:17283 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:17635 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:18005 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:18372 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:18746 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:19077 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:19453 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:19827 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:20199 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:20601 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:20951 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:21295 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:22194 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:22505 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:23517 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:23883 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:24245 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:24584 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:24920 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:25257 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:25676 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:26009 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:26345 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:26719 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:27724 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:28607 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:28950 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:29280 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:29582 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:29931 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:30299 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:30635 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:31003 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:31965 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:32317 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:33716 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:34076 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:34447 TIME_WAIT 0 TCP 202.194.4.218:1433 211.233.12.64:34735 FIN_WAIT_1 1316 TCP 202.194.4.218:3389 219.218.104.91:1065 ESTABLISHED 724 TCP 202.194.4.218:3768 202.194.4.218:80 ESTABLISHED 3172 TCP 202.194.4.218:3771 66.94.230.51:80 TIME_WAIT 0 TCP 202.194.4.218:3772 66.94.230.37:80 TIME_WAIT 0 UDP 0.0.0.0:42 *:* 1524 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 496 UDP 0.0.0.0:1029 *:* 860 UDP 0.0.0.0:1030 *:* 1576 UDP 0.0.0.0:1032 *:* 1524 UDP 0.0.0.0:1434 *:* 1316 UDP 0.0.0.0:1645 *:* 876 UDP 0.0.0.0:1646 *:* 876 UDP 0.0.0.0:1812 *:* 876 UDP 0.0.0.0:1813 *:* 876 UDP 0.0.0.0:1837 *:* 860 UDP 0.0.0.0:1886 *:* 860 UDP 0.0.0.0:1887 *:* 860 UDP 0.0.0.0:1888 *:* 860 UDP 0.0.0.0:1889 *:* 860 UDP 0.0.0.0:1890 *:* 860 UDP 0.0.0.0:1891 *:* 860 UDP 0.0.0.0:1892 *:* 860 UDP 0.0.0.0:3527 *:* 1576 UDP 0.0.0.0:4000 *:* 2840 UDP 0.0.0.0:4500 *:* 496 UDP 0.0.0.0:6000 *:* 2840 UDP 0.0.0.0:6001 *:* 2840 UDP 127.0.0.1:123 *:* 876 UDP 127.0.0.1:1027 *:* 876 UDP 127.0.0.1:1028 *:* 876 UDP 127.0.0.1:1180 *:* 2496 UDP 127.0.0.1:2920 *:* 2476 UDP 127.0.0.1:3546 *:* 1904 UDP 127.0.0.1:3798 *:* 3400 UDP 127.0.0.1:3877 *:* 2312 UDP 202.194.4.218:123 *:* 876 最后 列就是PID了//--------------------------------------------------------------------------- 以下是tlist.exe 运行结果:tlist.exe使用方法是:tlist.exe pid譬如:tlist.exe 1524 其结果如下: 1524 wins.exe CWD: C:\WINDOWS\system32\ CmdLine: C:\WINDOWS\  32\wins.exeVirtualSize: 77372 KB PeakVirtualSize: 78212 KB WorkingSetSize: 2604 KB PeakWorkingSetSize: 6768 KB NumberOfThreads: 18 1528 Win32StartAddr:0x0101249a LastErr:0x000003e5 State:Waiting 1544 Win32StartAddr:0x77d7570d LastErr:0x000003e5 State:Waiting 1828 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting 1832 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting 1836 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting 1840 Win32StartAddr:0x69a6ef20 LastErr:0x00000000 State:Waiting 1972 Win32StartAddr:0x01003e1a LastErr:0x00000000 State:Waiting 1976 Win32StartAddr:0x01003fc7 LastErr:0x00000000 State:Waiting 1980 Win32StartAddr:0x01007b95 LastErr:0x00000000 State:Waiting 1984 Win32StartAddr:0x0101d872 LastErr:0x00000000 State:Waiting 1988 Win32StartAddr:0x01020137 LastErr:0x00000000 State:Waiting 1996 Win32StartAddr:0x01014d48 LastErr:0x00000000 State:Waiting 2000 Win32StartAddr:0x01013a15 LastErr:0x00000000 State:Waiting 2004 Win32StartAddr:0x01006a10 LastErr:0x00000000 State:Waiting 2008 Win32StartAddr:0x77c30840 LastErr:0x00000102 State:Waiting 2012 Win32StartAddr:0x77c30840 LastErr:0x00000000 State:Waiting 2508 Win32StartAddr:0x06001cb7 LastErr:0x00000000 State:Waiting 2272 Win32StartAddr:0x00000000 LastErr:0x000003f0 State:Waiting 5.2.3790.99 shp 0x01000000 wins.exe 5.2.3790.0 shp 0x77f30000 ntdll.dll 5.2.3790.0 shp 0x77e10000 kernel32.dll 7.0.3790.0 shp 0x77b70000 msvcrt.dll 5.2.3790.0 shp 0x77d60000 ADVAPI32.dll 5.2.3790.137 shp 0x77c20000 RPCRT4.dll 5.2.3790.0 shp 0x71ba0000 NETAPI32.dll 5.2.3790.73 shp 0x77cd0000 USER32.dll 5.2.3790.0 shp 0x77bd0000 GDI32.dll 5.2.3790.0 shp 0x71b60000 WS2_32.dll 5.2.3790.0 shp 0x71b50000 WS2HELP.dll 5.2.3790.138 shp 0x77150000 ole32.dll 5.2.3790.0 shp 0x5bb80000 VSSAPI.DLL 3.5.2283.0 shp 0x769c0000 ATL.DLL 5.2.3790.0 shp 0x770d0000 OLEAUT32.dll 5.2.3790.0 shp 0x76180000 IMM32.DLL 5.2.3790.0 shp 0x63090000 LPK.DLL 1.421.3790.0 shp 0x72ee0000 USP10.dll 5.2.3790.0 shp 0x71a80000 mswsock.dll 5.2.3790.0 shp 0x71a40000 wshtcpip.dll 5.2.3790.0 shp 0x76e30000 DNSAPI.dll 5.2.3790.0 shp 0x76ed0000 winrnr.dll 5.2.3790.0 shp 0x76e70000 WLDAP32.dll 5.2.3790.0 shp 0x76ee0000 rasadhlp.dll 5.2.3790.0 shp 0x699b0000 esent.dll 5.2.3790.0 shp 0x5d000000 SAMLIB.dll 2001.12.4720.130 s 0x76ef0000 CLBCatQ.DLL 2001.12.4720.0 shp 0x76f70000 COMRes.dll 5.2.3790.0 shp 0x77b60000 VERSION.dll 2001.12.4720.130 s 0x76a10000 es.dll 5.2.3790.0 shp 0x76eb0000 secur32.dll 16.0.0.19 shp 0x06000000 ApiHook.dll 16.2.0.6 shp 0x05000000 MemMon.dll 很显然CmdLine:后面 就是路径到这里 聪明你定想到思路方法了其实只要找到端口对应进程PID再根据PID找到具体路径就行了我们所要实现 工作就是自动化而已下面讲下大体思路: 首先我们执行以下两条命令: netstat -ano|find "LISTENING">tcplisten.txt //获得TCP监听端口列表 netstat -ano|find "UDP">udplisten.txt //获得UDP监听端口列表 //--------------------------------------------------------- 以下是netstat -ano|find "LISTENING">tcplisten.txt执行结果 打开tcplisten.txt 可以看到:TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 496 TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 984 TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING 1524 TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1316 TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING 1576 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 724 TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2860 TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 1476 TCP 202.194.4.218:21 0.0.0.0:0 LISTENING 1476 //-------------------------------------------------------- 以下是netstat -ano|find "UDP">udplisten.txt 执行结果 打开udplisten.txt 可以看到:UDP 0.0.0.0:42 *:* 1524 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 496 UDP 0.0.0.0:1029 *:* 860 UDP 0.0.0.0:1030 *:* 1576 UDP 0.0.0.0:1032 *:* 1524 UDP 0.0.0.0:1434 *:* 1316 UDP 0.0.0.0:1645 *:* 876 UDP 0.0.0.0:1646 *:* 876 UDP 0.0.0.0:1812 *:* 876 UDP 0.0.0.0:1813 *:* 876 UDP 0.0.0.0:1837 *:* 860 UDP 0.0.0.0:1886 *:* 860 UDP 0.0.0.0:1887 *:* 860 UDP 0.0.0.0:1888 *:* 860 UDP 0.0.0.0:1889 *:* 860 UDP 0.0.0.0:1890 *:* 860 UDP 0.0.0.0:1891 *:* 860 UDP 0.0.0.0:1892 *:* 860 UDP 0.0.0.0:3527 *:* 1576 UDP 0.0.0.0:4000 *:* 2840 UDP 0.0.0.0:4500 *:* 496 UDP 0.0.0.0:6000 *:* 2840 UDP 0.0.0.0:6001 *:* 2840 UDP 127.0.0.1:123 *:* 876 UDP 127.0.0.1:1027 *:* 876 UDP 127.0.0.1:1028 *:* 876 UDP 127.0.0.1:1180 *:* 2496 UDP 127.0.0.1:2920 *:* 2476 UDP 127.0.0.1:3546 *:* 1904 UDP 127.0.0.1:3798 *:* 3400 UDP 127.0.0.1:3877 *:* 2312 UDP 202.194.4.218:123 *:* 876 //--------------------------------------------------------- 我们只要对这两个文件中 信息处理下就能提取到端口和PID对应表了定义如下结构体吧: //------------------------------- typedef struct _PORTTOPROCESS{ CString Port; CString Protocol; CString Pid; CString ProcName; CString ProcPath; }PORTTOPROCESS; //------------------------------- PORTTOPROCESS PortToProcess[100] //声明 百个结构体应该够用了 第 步通过处理上述两个文件来例子化PortToProcess 中Port,Protocol,Pid项并返回总PortNum;第 2步通过进程快照获得pid对应 名例子化结构体中ProcName项;第 3步先按 tlist.exe pid1|find "CmdLine:">>procinfo.txt tlist.exe pid2|find "CmdLine:">>procinfo.txt tlist.exe pid3|find "CmdLine:">>procinfo.txt . . . . 格式写成个bat文件通过system  运行它得到每个端口对应PID对应进程信息接着写个 从procinfo.txt文件里把信息读出来例子化结构体中ProcPath项;最后根据PortNum输出结果原理就这么简单了 具体看代码吧附查看!在2003和xp下测试成功,vc6.0+2003编译环境,代码中PcInfor类是个比较全 类可以获得系统详细信息只要把PcInfor.h和PcInfor.cpp拷贝到你工程项目中就能用了运行时候会有CMD窗口弹出这是  了system所致在CMD窗口运行完的后会等待段时间(大概20秒)是为了等待bat文件执行完如果你机子运行比较慢可以把原代码此处修改下:void PcInfor::GetPortToProcessInfo {  i;BornTcpListen ;BornUdpListen ;GetListenPort ;FindProcName ;FindProcPath ;for(i=0;i<20;i  ) Sleep(1000);GetProcPath ;DeleteTempFile ;WriteProcinfo ;} 循环次数加多点 在重新编译以下就行了!如果发现bug或者你修改了更好 请给我份本人不胜感激:)//shadow 2004/10/26 //email:[email protected] //http:www.codehome.6600.org 篇文章: DEF分析和打造其脱壳软件Software篇文章: 对instr在asp中过滤多余参数看法0
相关文章读者评论发表评论 |
 |
专注于互联网--专注于架构 |
最新标签 网站地图 文章索引 Rss订阅 |
