Jump to content

Network Connections Viewer

trancexx

By trancexx,
in AutoIt Example Scripts

 Share

Recommended Posts

UEZ Universalist

UEZ

Posted
Posted (edited)

This is working:

For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _
                "dword ProcessId;" & _
                "ptr ProcessName;" & _
                "ptr UserSid");, _
                ;$aCall[4] + ($i - 1) * 16) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

I don't know what $aCall[4] + ($i - 1) * 16) is doing exactly!

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites
  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

trancexx
trancexx

There are situation when you know something is going off from or to your computer and you have no idea what that is or who's doing that. On the other hand, sometimes you are just curious to know (I kn

UEZ
UEZ

If you can put your brain in my head, I will do it! I'm a noob in this kind of stuff! But I will try it anyway. Don't expect a successfull result... UEZ

Chance
Chance

Well now since this has been bumped, I was wondering. Is there a way to get process receive/send bytes over network like procexp?

trancexx Universalist

trancexx

Posted
  • Author
Posted

This is working:

For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _
                "dword ProcessId;" & _
                "ptr ProcessName;" & _
                "ptr UserSid");, _
                ;$aCall[4] + ($i - 1) * 16) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

I don't know what $aCall[4] + ($i - 1) * 16) is doing exactly!

UEZ

That's not ok. It makes no sense to do it that way.

$aCall[4] + ($i - 1) * 16 is moving pointer further 16 bytes with every new $i.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
SkinnyWhiteGuy Universalist

SkinnyWhiteGuy

Posted
Posted

Took a quick look at it, was playing with this at work. Nice tool, btw.

The problem on x64 systems is related to what others commented out. You are incrementing only 16 bytes for each WTS_PROCESS_INFO struct, but on 64-bit systems, they are not 16 bytes wide, they are larger. Pointers in 64-bit OS's are larger, and since the last 2 members of this struct are pointers, that is where things are getting off.

Best solution I found was to create a single struct for use with it, and increment based on it's size. That will enable it to work fully on both 32-bit and 64-bit OS's.

Here's how that section looks for me now:

Local $tWTS_PROCESS_INFO, $sWTS_PROCESS_INFO = "dword SessionId;dword ProcessId;ptr ProcessName;ptr UserSID"
    Local $pString, $iStringLen
    Local $iStruct_Size = DllStructGetSize(DllStructCreate($sWTS_PROCESS_INFO))

    Local $aOut[$aCall[5] + 1][3]
    $aOut[0][0] = $aCall[5]

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate($sWTS_PROCESS_INFO, _
                $aCall[4] + ($i - 1) * $iStruct_Size) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next
Link to comment
Share on other sites
UEZ Universalist

UEZ

Posted
Posted

Took a quick look at it, was playing with this at work. Nice tool, btw.

The problem on x64 systems is related to what others commented out. You are incrementing only 16 bytes for each WTS_PROCESS_INFO struct, but on 64-bit systems, they are not 16 bytes wide, they are larger. Pointers in 64-bit OS's are larger, and since the last 2 members of this struct are pointers, that is where things are getting off.

Best solution I found was to create a single struct for use with it, and increment based on it's size. That will enable it to work fully on both 32-bit and 64-bit OS's.

Here's how that section looks for me now:

Local $tWTS_PROCESS_INFO, $sWTS_PROCESS_INFO = "dword SessionId;dword ProcessId;ptr ProcessName;ptr UserSID"
    Local $pString, $iStringLen
    Local $iStruct_Size = DllStructGetSize(DllStructCreate($sWTS_PROCESS_INFO))

    Local $aOut[$aCall[5] + 1][3]
    $aOut[0][0] = $aCall[5]

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate($sWTS_PROCESS_INFO, _
                $aCall[4] + ($i - 1) * $iStruct_Size) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

Yep, I can confirm that your code above is working properly under Win7 x64!

UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites
Rizonetech Seeker

Rizonetech

Posted
Posted (edited)

I don't know what I was doing wrong. It's working now and I love it.

Would it be posible for me to use your code in my utilities suit, I promise to give you full credit. If you want me to include a link to your site, I will.

You can take a look at Rizone's Power Tools Here!

Edited by Rizonetech

Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Took a quick look at it, was playing with this at work. Nice tool, btw.

The problem on x64 systems is related to what others commented out. You are incrementing only 16 bytes for each WTS_PROCESS_INFO struct, but on 64-bit systems, they are not 16 bytes wide, they are larger. Pointers in 64-bit OS's are larger, and since the last 2 members of this struct are pointers, that is where things are getting off.

Best solution I found was to create a single struct for use with it, and increment based on it's size. That will enable it to work fully on both 32-bit and 64-bit OS's.

Here's how that section looks for me now:

Local $tWTS_PROCESS_INFO, $sWTS_PROCESS_INFO = "dword SessionId;dword ProcessId;ptr ProcessName;ptr UserSID"
    Local $pString, $iStringLen
    Local $iStruct_Size = DllStructGetSize(DllStructCreate($sWTS_PROCESS_INFO))

    Local $aOut[$aCall[5] + 1][3]
    $aOut[0][0] = $aCall[5]

    For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate($sWTS_PROCESS_INFO, _
                $aCall[4] + ($i - 1) * $iStruct_Size) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

Thanks for the code.

I don't like tags so I modified it a bit. It's not that 'correct' but should be fine now.

Thanks UEZ too.

@Rizonetech, you can do whatever you want with code. It's not even a remote option for me to put some (or any) restrictions.

New script - first post.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Could someone with x64 run this and post the result

$tStructure = DllStructCreate("ptr")
$iSize = DllStructGetSize($tStructure)

ConsoleWrite("Size of ptr = " & $iSize & " bytes" & @CRLF)
MsgBox(64, "ptr", "Size = " & $iSize)

I just want to be completely sure because AutoIt's documentation seems wrong.

And that new type with beta HANDLE, and old/new HWND.

Thanks in advance.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
UEZ Universalist

UEZ

Posted
Posted (edited)

Could someone with x64 run this and post the result

$tStructure = DllStructCreate("ptr")
$iSize = DllStructGetSize($tStructure)

ConsoleWrite("Size of ptr = " & $iSize & " bytes" & @CRLF)
MsgBox(64, "ptr", "Size = " & $iSize)

I just want to be completely sure because AutoIt's documentation seems wrong.

And that new type with beta HANDLE, and old/new HWND.

Thanks in advance.

Avec plaisir!

>Running:(3.3.0.0):C:\Program Files (x86)\AutoIt3\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

>Running:(3.3.1.6):C:\Program Files (x86)\AutoIt3\beta\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

Running compiled version (x32) will return Size of ptr = 4 bytes

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Avec plaisir!

>Running:(3.3.0.0):C:\Program Files (x86)\AutoIt3\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

>Running:(3.3.1.6):C:\Program Files (x86)\AutoIt3\beta\autoit3_x64.exe "C:\AutoIt\Test02.au3"

Size of ptr = 8 bytes

Running compiled version (x32) will return Size of ptr = 4 bytes

UEZ

Excellent.

So the documentation is wrong.

The description for DllStructCreate() type 'ptr' is 32bit(4bytes) integer and there is no mention of difference between version of AutoIt used.

I would assume the same thing is for 'hwnd' or 'HANDLE'.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
KaFu Universalist

KaFu

Posted
Posted

Really nice UDF, lady :)...

But what I found most interesting while looking at the source was your solution to "simulate" an Associative Array, nice technique, will definitly use it in one of my projects! Btw, the port<>description relation is not always 1:1, e.g. 514 or 752.

; http://www.autoitscript.com/forum/index.php?showtopic=105150&st=0
; from ConnView by trancexx

; Associative Array simulation?

;$aTCPTable[$i][2] &= _GetPortHint($aTCPTable[$i][2])

$output = ""

$timer =TimerInit()
for $i = 0 to 1000
    $output &= _GetPortHint(514) & @crlf
Next

ConsoleWrite($output & @crlf & @crlf & $i & " iterations in " & TimerDiff($timer) & " ms..." & @crlf)

Func _GetPortHint($iPort)
    Local $aArray = StringRegExp(_Ports(), ";" & $iPort & "\|(.*?);", 3)
    If @error Then
        Return ""
    EndIf
    Return " (" & $aArray[0] & ")"
EndFunc   ;==>_GetPortHint


Func _Ports()
    Local $sString = ";1|TCPPortServiceMultiplexer;2|ManagementUtility;3|CompressionPro" & _
            "cess;5|RemoteJobEntry;7|Echo;8|Unassigned;9|Discard;11|Active Us" & _
            "ers;13|DAYTIME;17|QD;18|MSP;19|CG;20|FTP;21|FTP;22|SSH;23|Telnet" & _
            ";25|SMTP;34|RF;35|PPS;35|QMS;37|TIME;39|RLP;41|Graphics;42|ARPA;" & _
            "42|WINS;43|WHOIS;47|GRE;49|TACACS;52|XNS;53|DNS;54|XNS;55|ISI-GL" & _
            ";56|XNS;56|RAP;57|MTP;58|XNS;67|BOOTP (DHCP);68|BOOTP (DHCP);69|" & _
            "TFTP;70|Gopher;79|Finger;80|HTTP;81|Torpark—Onion;82|Torpark—Con" & _
            "trol;83|MIT ML Device;88|Kerberos—authentication;90|dnsix;90|Poi" & _
            "ntcast;99|WIP;101|NIC;102|ISO-TSAP;104|ACR/NEMA;105|CCSO;107|Rem" & _
            "oteTELNET;109|POP2;110|POP3;111|Sun;113|IRC;113|auth;115|SFTP;11" & _
            "7|UUCP;118|SQL;119|NNTP;123|NTP;135|DCE;135|MicrosoftEPMAP;137|N" & _
            "etBIOSName;138|NetBIOSDatagram;139|NetBIOSSession;143|IMAP;152|B" & _
            "FTP;153|SGMP;156|SQL;158|DMSP;161|SNMP;162|SNMPTRAP;170|Print-sr" & _
            "v;177|XDMCP;179|BGP;194|IRC;199|SMUX;201|AppleTalk;209|QMTP;210|" & _
            "ANSI Z39.50;213|IPX;218|MPP;220|IMAP v3;256|2DEV 2SP;259|ESRO;26"
    $sString &= "4|BGMP;311|MacOSXServerAdmin;308|Novastor;318|PKIX TSP;323|IMMP;" & _
            "350|MATIP-Type A;351|MATIP-Type B;366|ODMR;369|Rpc2portmap;370|c" & _
            "odaauth2;370|OutgoingNAI;371|ClearCase albd;383|HP;384|RNSS;387|" & _
            "AURP;389|LDAP;401|UPS;402|Altiris;411|DCH;412|DCCC;427|SLP;443|H" & _
            "TTPS;444|SNPP;445|Microsoft-DS AD;445|Microsoft-DS SMB;464|Kerbe" & _
            "ros;465|Cisco;465|SMTPS;475|tcpnethaspsrv;497|DantzRetrospect;50" & _
            "0|ISAKMP;501|STMF;502|Modbus;504|Citadel;510|FCP;512|Rexec;512|c" & _
            "omsat;513|Login;513|Who;514|Shell—used;514|Syslog—used;515|Line " & _
            "Printer Daemon;517|Talk;518|NTalk;520|efs;520|Routing—RIP;524|NC" & _
            "P;525|Timeserver;530|RPC;531|AOL, IRC;532|netnews;533|netwall;54" & _
            "0|UUCP;542|commerce;543|klogin;544|kshell;545|VMS;546|DHCPv6;547" & _
            "|DHCPv6;548|AFP;550|new-rwho, new-who;554|RTSP;556|RFS;560|rmoni" & _
            "tor;561|monitor;563|NNTPS;587|SMTP;591|HTTP Alternate;593|HTTP R" & _
            "PC;604|TUNNEL;623|ASF-RMCP;631|IPP;636|LLDAPS;639|MSDP;641|Suppo" & _
            "rtSoft;646|LDP;647|DHCP;648|RRP;652|DTCP;653|SupportSoft;654|AOD" & _
            "V;655|IEEE MMS;657|IBM RMC;660|MacOSXServerAdmin;665|sun-dr;666|"
    $sString &= "Doom;674|ACAP;691|MSExchangeRouting;692|Hyperwave-ISP;694|Linux-" & _
            "HA;695|IEEE-MMS-SSL;698|OLSR;699|AccessNetwork;700|EPP;701|LMP;7" & _
            "02|IRIS over BEEP;706|SILC;711|CiscoTDP;712|TBRPF;712|PromiseRAI" & _
            "DController;720|SMQP;749|Kerberos;750|rfile;750|loadav;750|kerbe" & _
            "ros-4;751|pump;751|kerberos_master;752|qrh;752|qrh;752|userreg_s" & _
            "erver;753|rrh;753|rrh;753|passwd_server;754|tell send;754|krb5_p" & _
            "rop;754|tell send;760|ns;760|krbupdate;782|Conserver;783|SpamAss" & _
            "assin;829|CMP;843|AdobeFlash;860|iSCSI;873|rsync;888|cddbp;901|S" & _
            "WAT;901|VMware;902|VMware;902|VMware;903|VMware;904|VMware;911|N" & _
            "CA;953|DNS;981|SofaWare;989|FTPS;990|FTPS;991|NAS;992|TELNET;993" & _
            "|IMAPS;995|POP3S;999|ScimoreDB;1001|JtoMB;1025|NFS or IIS;1026|M" & _
            "icrosoftDCOM;1029|MicrosoftDCOM;1058|NIM;1059|NIMreg;1080|SOCKS;" & _
            "1085|WebObjects;1098|RMIactivation;1099|RMIregistry;1109|KPOP;11" & _
            "11|EasyBits;1140|AutoNOC;1167|phone;1169|Tripwire;1176|PAIHome;1" & _
            "182|AITP;1194|OpenVPN;1198|cajo;1200|scol;1200|scol;1200|SFA;121" & _
            "4|Kazaa;1220|QSS;1223|TGP;1234|VLC;1236|SymantecBVC;1241|NSScann"
    $sString &= "er;1248|NSClient/NSClient++/NC_Net;1270|SCOM;1293|IPSec;1311|Del" & _
            "lHTTPS;1313|Xbiim;1337|MandM DNS;1337|PowerFolderP2P;1337|WASTE;" & _
            "1352|IBM RPC;1387|cadsi-lm;1414|IBMWebSphereMQ;1417|Timbuktu;141" & _
            "8|Timbuktu;1419|Timbuktu;1420|Timbuktu;1431|RGTP;1433|MSSQL;1434" & _
            "|MSSQL;1494|ICA;1500|NetGuard;1501|NetGuard;1503|WLMessenger;151" & _
            "2|WINS;1521|nCube;1521|Oracle;1524|ingreslock, ingres;1526|Oracl" & _
            "e;1533|IBM MicrosoftSQL;1547|Laplink;1550|Gadu-Gadu;1581|MIL STD" & _
            " 2045-47001 VMF;1589|Cisco VQP/ VMPS;1645|radius/radacct;1627|iS" & _
            "ketch;1677|NovellGroupWise;1701|L2F L2TP;1716|MMO;1719|H.323;172" & _
            "0|H.323;1723|PPTP;1725|VSC;1755|MMS;1761|cft-0;1761|NovellZRC;17" & _
            "62|cft-1;1763|cft-2;1764|cft-3;1765|cft-4;1766|cft-5;1767|cft-6;" & _
            "1768|cft-7;1812|radius;1813|radacct;1863|MSNP;1900|MicrosoftSSDP" & _
            ";1920|IBM Tivoli;1935|AdobeRTMP;1947|hasplm;1970|DNORC;1971|DNOS" & _
            ";1972|InterSystems;1975|CiscoTCO;1975|CiscoTCO;1977|CiscoTCO;198" & _
            "4|BB;1985|CiscoHSRP;1994|CiscoSTUN-SDLC;1998|CiscoX.25;2000|Cisc" & _
            "oSCCP;2001|CAPTAN;2002|ACS;2030|OracleMTS;2041|Mail.Ru;2049|NFS;"
    $sString &= "2049|shilp;2053|lot105;2053|lot105;2053|knetd;2056|Civilization4" & _
            ";2073|DataReel;2074|VertelVMF SA;2082|IMServer;2082|CPanel;2083|" & _
            "radsec;2083|CPanel;2086|GNUnet;2086|WebHostManager;2087|WebHostM" & _
            "anage;2095|CPanel;2096|CPanel;2102|zephyr-srv;2103|zephyr-clt;21" & _
            "04|zephyr-hm;2105|IBM MiniPay;2105|rlogin;2105|zephyr-hm-srv;214" & _
            "4|IronMountainLiveVault;2145|IronMountainLiveVault;2161|APC;2181" & _
            "|EForward;2190|TiVoConnectBeacon;2200|Tuxanci;2210|NOAAPORT;2210" & _
            "|MikroTik;2211|EMWIN;2211|MikroTik;2212|LeeCO;2212|Port-A-Pour;2" & _
            "219|NetIQ NCAP;2220|NetIQ End2End;2222|DirectAdmin;2223|MSOffice" & _
            ";2301|HP System Management;2302|ArmA;2302|CombatEvolved;2303|Arm" & _
            "A;2305|ArmA;2369|BMC;2370|BMC;2381|HP;2401|CVS;2404|IEC 60870-5-" & _
            "104;2420|WestellRemoteAccess;2427|CiscoMGCP;2447|ovwdb;2483|Orac" & _
            "le;2484|Oracle;2500|THEÒSMESSENGER;2546|EVault;2593|RunUO;2598|n" & _
            "ew ICA;2610|DarkAges;2612|QPasa;2638|Sybase;2700|KnowShowGo;2710" & _
            "|XBT;2710|XBT;2710|Knuddels;2713|Raven;2714|Raven;2735|NetIQ;280" & _
            "0|KnowShowGo;2809|corbaloc;2809|IBMWebSphere;2809|corbaloc;2868|"
    $sString &= "NPEP;2944|MegacoTextH.248;2945|MegacoBinaryH.248;2948|WAP-push M" & _
            "MS;2949|WAP-pushsecure MMS;2967|Symantec;3000|Miralix;3000|DIS;3" & _
            "001|Miralix;3002|Miralix;3003|Miralix;3004|Miralix;3005|Miralix;" & _
            "3006|Miralix;3007|Miralix;3017|Miralix;3025|netpd.org;3030|NetPa" & _
            "nzer;3050|gds_db;3051|Galaxy;3074|Xbox;3100|HTTP;3101|Blackberry" & _
            ";3128|HTTP;3128|HTTP;3225|FCIP;3233|WhiskerControl;3235|Galaxy;3" & _
            "260|iSCSI;3268|msft-gc;3269|msft-gc-ssl;3283|Apple;3299|SAP-Rout" & _
            "er;3300|TripleA;3300|DebateGopher;3305|odette-ftp;3306|MySQL;333" & _
            "3|NetworkCallerID;3386|GTP' 3GPP GSM/UMTS;3389|RDP WBT;3396|Nove" & _
            "ll;3455|RSVP;3423|Xware;3424|Xware;3478|STUN;3483|Slim;3483|Slim" & _
            ";3516|Smartcard;3532|Raven;3533|Raven;3537|ni-visa-remote;3544|T" & _
            "eredo;3632|distributed compiler;3689|DAAP;3690|Subversion;3702|W" & _
            "S-Discovery;3723|Battle.net;3724|WOW MMORPG;3724|ClubPenguinDisn" & _
            "ey;3784|VentriloVoIP;3785|VentriloVoIP;3868|DBP;3872|Oracle;3899" & _
            "|RemoteAdmin;3900|udt_os;3945|EMCADS;3978|OpenTTD;3979|OpenTTD;3" & _
            "999|Norman;4000|DiabloII;4001|MicrosoftAnts;4007|PrintBuzzer;401"
    $sString &= "8|protocol information;4069|MEAV;4089|OpenCORE;4093|PxPlus;4096|" & _
            "ASCOM;4100|WatchGuard;4111|Xgrid;4116|Smartcard-TLS;4125|MSRemot" & _
            "eWebWorkplace;4201|TinyMUD;4226|Aleph;4224|Cisco;4321|RWhois;432" & _
            "3|Lincoln;4500|IPSec;4534|Armagetron;4569|Inter-Asterisk;4610|Qu" & _
            "aliSystems TestShell Suite Services;4662|OrbitNet;4662|eMule;466" & _
            "4|Google;4672|eMule;4747|Apprentice;4750|BladeLogic Agent;4840|O" & _
            "PC;4843|OPC;4847|WebFreshComm;4993|HomeFTP;4894|LysKOM;4899|Radm" & _
            "in;5000|commplex-main;5000|UPnP;5000|VTun;5001|commplex;5001|Ipe" & _
            "rf;5001|Sling;5003|FileMaker;5004|RTP;5005|RTP;5031|AVM CAPI;505" & _
            "0|Yahoo!;5051|ita;5060|SIP;5061|SIP;5093|SPSS;5104|IBM Tivoli;51" & _
            "06|A-Talk;5107|A-Talk;5110|ProRat;5121|Neverwinter;5151|ESRI;515" & _
            "1|ESRI;5154|BZFlag;5176|ConsoleWorks default UI interface;5190|I" & _
            "CQ and AOL;5222|XMPP;5223|XMPP;5269|XMPP;5298|XMPP;5310|Ginever." & _
            "net;5311|Ginever.net;5312|Ginever.net;5313|Ginever.net;5314|Gine" & _
            "ver.net;5315|Ginever.net;5351|NAT PMP;5353|mDNS;5355|LLMNR;5402|" & _
            "mftp;5405|NetSupport;5421|NetSupport2;5432|PostgreSQL;5433|Bouws"
    $sString &= "oft;5445|Cisco;5450|OSIsoft;5495|Applix;5498|Hotline;5499|Hotlin" & _
            "e;5500|VNC;5501|Hotline;5517|Setiqueue;5550|Hewlett-Packard;5555" & _
            "|Freeciv;5556|Freeciv;5631|pcANYWHEREdata;5632|pcANYWHEREstat;56" & _
            "66|NRPE;5667|NSCA;5723|OperationsManager;5800|VNC;5814|Hewlett-P" & _
            "ackard;5850|COMIT SE(PCR);5852|Adeona;5900|VNC;5938|TeamViewer;5" & _
            "984|CouchDB;5999|CVSup;6000|X11;6001|X11;6005|BMC;6005|Camfrog;6" & _
            "050|Brightstor;6050|Nortel;6051|Brightsto;6072|iOperator;6086|PD" & _
            "TP—FTP;6100|Vizrt;6101|BackupExecAgentBrowser;6110|softcm;6111|s" & _
            "pc;6112|dtspcd—a;6112|Blizzard;6112|Disney;6113|Disney;6129|Dame" & _
            "Ware;6257|WinMX;6262|SybaseADS;6346|gnutella-svc;6347|gnutella-r" & _
            "tr;6389|EMC;6432|PgBouncer;6444|SunGridEngine;6445|SunGridEngine" & _
            ";6502|Danware;6522|Gobby;6523|Gobby0.5;6543|Paradigm;6566|SANE;6" & _
            "571|WindowsLiveFolderShare;6600|MPD;6619|odette-ftps;6646|McAfee" & _
            ";6660|Internet Relay Chat;6665|Internet Relay Chat;6679|IRC SSL;" & _
            "6697|IRC SSL;6699|WinMX;6771|Polycom;6789|Datalogger;6881–6887|B" & _
            "itTorrent;6888|MUSE;6888|BitTorrent;6889–6890|BitTorrent;6891–69"
    $sString &= "00|WindowsLiveMessenger or BitTorrent;6901|WindowsLiveMessenger;" & _
            "6901|BitTorrent;6902–6968|BitTorrent;6969|acmsoda;6969|BitTorren" & _
            "t;6970–6999|BitTorrent;7000|Bittorrent;7001|WebLogic;7002|WebLog" & _
            "ic;7005|BMC;7006|BMC;7010|Cisco;7025|ZimbraLMTP;7047|Zimbra;7133" & _
            "|EnemyTerritory;7171|Tibia;7306|Zimbra;7307|Zimbra;7312|Sibelius" & _
            ";7400|RTPS;7401|RTPS;7402|RTPS;7670|BrettspielWelt;7676|AquminAl" & _
            "phaVision;7777|iChat;7777|Oracle;7777|tini.exe;7777|Unreal;7778|" & _
            "Unreal;7831|Smartlaunch;7915|YSFlight;8000|iRDMI;8000|SHOUTcast;" & _
            "8001|SHOUTcast;8002|Cisco;8008|HTTP;8008|IBM HTTP;8009|ajp13;801" & _
            "0|XMPP;8074|Gadu-Gadu;8080|HTTP;8080|ApacheTomcat;8080|FilePhile" & _
            ";8081|HTTP;8086|HELM;8086|Kaspersky;8087|HostingAccelerator;8087" & _
            "|ParallelsPlesk;8087|Kaspersky;8090|HTTP;8116|CPCC;8118|Privoxy;" & _
            "8123|Polipo;8192|Sophos;8193|Sophos;8194|Sophos;8200|GoToMyPC;82" & _
            "22|VMware;8243|HTTPS;8280|HTTP;8291|Winbox;8333|VMware;8400|cvp;" & _
            "8443|SW;8484|MapleStory;8500|ColdFusion;8501|DukesterX;8691|Ultr" & _
            "aFractal;8701|SoftPerfect;8702|SoftPerfect;8767|TeamSpeak;8768|T"
    $sString &= "eamSpeak;8880|cddbp-alt;8880|cddbp-alt;8880|WebSpher;8881|Atlasz" & _
            ";8882|Atlasz;8888|NewsEDGE;8888|Sun;8888|GNUmp3d;8888|LoLo;8888|" & _
            "D2GS (Diablo 2);8888|Earthland;8889|Earthland;9000|Buffalo;9000|" & _
            "DBGp;9000|SqueezeCenter;9000|UDPCast;9001|MicrosoftSharepoint;90" & _
            "01|cisco;9001|Tor;9001|DBGp;9009|Pichat;9030|Tor;9043|WebSphere;" & _
            "9050|Tor;9051|Tor;9060|WebSphere;9080|glrpc;9080|glrpc;9080|WebS" & _
            "phere;9090|Openfire;9090|SqueezeCenter;9091|Openfire;9100|PDL;91" & _
            "01|Bacula;9102|Bacula;9103|Bacula;9105|Xadmin;9110|SSMP;9119|MXi" & _
            "t;9300|IBMCognos;9418|git;9420|MooseFS;9421|MooseFS;9422|MooseFS" & _
            ";9535|mngsuite;9535|mngsuite;9800|WebDAV;9800|WebCT;9875|Disney;" & _
            "9898|MonkeyCom;9898|Tripwire;9996|PalaceChat;9999|Hydranode;9999" & _
            "|Lantronix;9999|Urchin;10000|Webmin;10000|BackupExec;10000|Erics" & _
            "son;10001|Lantronix;10008|Octopus;10010|ooRexx;10017|AIX;10024|Z" & _
            "imbra;10025|Ximbra;10050|Zabbix;10051|Zabbix;10113|NetIQ;10114|N" & _
            "etIQ;10115|NetIQ;10116|NetIQ;10200|FRISK;10201|FRISK;10202|FRISK" & _
            ";10203|FRISK;10204|FRISK;10308|Lock-on;10480|SWAT4;11211|memcach"
    $sString &= "ed;11235|Savage;11294|BloodQuest;11371|OpenPGP;11576|IPStor;1201" & _
            "2|Audition;12013|Audition;12035|Linden;12345|NetBus;12975|LogMeI" & _
            "n;12998|Takenaka;12999|Takenaka;13000|Linden;13076|BMC;13720|Sym" & _
            "antec;13721|Symantec;13724|Symantec;13782|Symantec;13783|Symante" & _
            "c;13785|Symantec;13786|Symantec;14439|APRS;14567|Battlefield;150" & _
            "00|psyBNC;15000|Wesnoth;15000|Kaspersky;15000|hydap;15000|hydap;" & _
            "15567|Battlefield;15345|XPilot;16000|shroudBNC;16080|HTTP;16384|" & _
            "IronMountainDigital;16567|Battlefield;18010|SDO-X;18180|DART;182" & _
            "00|AsiaSoft;18201|AsiaSoft;18206|AsiaSoft;18300|AsiaSoft;18301|A" & _
            "siaSoft;18306|AsiaSoft;18400|KAIZEN;18401|KAIZEN;18505|Nexon;185" & _
            "06|Nexon;18605|X-BEAT;18606|X-BEAT;19000|G10/alaplaya;19001|G10/" & _
            "alaplaya;19226|Panda;19283|K2;19315|KeyShadow;19638|Ensim;19771|" & _
            "Softros;19813|4D;19880|Softros;20000|DNP;20000|Usermin;20014|DAR" & _
            "T;20720|Symantec;22347|WibuKey;22350|CodeMeter;23073|SoldatDedic" & _
            "ated;23399|Skype;23513|DukeNukem;24444|NetBeans;24465|Tonido;245" & _
            "54|BINKP;24800|Synergy;24842|StepMania;25888|Xfire;25999|Xfire;2"
    $sString &= "6000|idSoftware;26000|EVE MMORPG;26900|EVE MMORPG;26901|EVE MMOR" & _
            "PG;27000|QuakeWorld;27000|FlexNet;27001|FlexNet;27002|FlexNet;27" & _
            "003|FlexNet;27004|FlexNet;27005|FlexNet;27006|FlexNet;27007|Flex" & _
            "Net;27008|FlexNet;27009|FlexNet;27010|SourceEngineDedicated;2701" & _
            "5|GoldSrc;27374|Sub7;27500|QuakeWorld;27888|Kaillera;27900|Ninte" & _
            "ndo;27901|QuakeII;27902|QuakeII;27903|QuakeII;27904|QuakeII;2790" & _
            "5|QuakeII;27906|QuakeII;27907|QuakeII;27908|QuakeII;27909|QuakeI" & _
            "I;27910|QuakeII;27960|QuakeIII;28000|Bitfighter;28001|Starsiege;" & _
            "28395|SmartSale5.0;28910|Nintendo;28960|CallOfDuty;29900|Nintend" & _
            "o;29901|Nintendo;29920|Nintendo;30000|Pokemon;30301|BitTorrent;3" & _
            "0564|Multiplicity;31337|BackOrifice;31415|ThoughtSignal;31456|Te" & _
            "triNET IRC;31457|TetriNET;31458|TetriNET;32245|MMTSG;32976|LogMe" & _
            "InHamachi;33434|traceroute;34443|Linksys PSUS4;36963|CounterStri" & _
            "ke;37777|DigitalVideoRecorder;40000|SafetyNET;43047|TheosMesseng" & _
            "er;43594|RuneScape;43595|RuneScape;47808|BACnet;"
    Return $sString
EndFunc   ;==>_Ports

de.png OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu
prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2024-Oct-13) prog_icon_bic.png BIC - Batch-Image-Cropper (2023-Apr-01) prog_icon_cop.png COP - Color Picker (2009-May-21)
prog_icon_dcs.png DCS - Dynamic Cursor Selector (2024-Oct-13) prog_icon_hmw.png HMW - Hide my Windows (2024-Oct-19) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 
prog_icon_icu.png ICU - Icon Configuration Utility (2018-Sep-16) prog_icon_smf.png SMF - Search my Files (2024-Oct-20) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

Link to comment
Share on other sites
Zedna Universalist

Zedna

Posted
Posted (edited)

Very nice/usefull!!   :)

Tip for improvement: Add checkbox "Don't show User SYSTEM"

to be posssible simply filter SYSTEM processes and their connections and see only common applications.

I also prefer obvious standard vertical scrollbar position at the right edge of listview (not at the left edge).

Edited by Zedna

Resources UDF   ResourcesEx UDF   AutoIt Forum Search

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted (edited)

Very nice/usefull!!   :)

Tip for improvement: Add checkbox "Don't show User SYSTEM"

to be posssible simply filter SYSTEM processes and their connections and see only common applications.

I also prefer obvious standard vertical scrollbar position at the right edge of listview (not at the left edge).

After wraithdu showed how to impersonate SYSTEM, I dropped that option for good. The only way to see that you are fooled by some malware software is to examine location of the module. Though, you can manipulate even that (I demonstrated that exploit in one thread of mine here on the forum).

Vertical scrollbar is on the left because of used LVS_EX_LABELTIP ex-style. I don't know how to force it right. LVS_EX_LABELTIP stays with me, that's for sure.

Thanks for the nice post.

@KaFu, I knew somebody would notice my incredible amplitude eventually ;) .

Will correct that string. Overlapped parts are outcome of obviously a bit sloppy string concatenation.

edit: eng

Edited by trancexx

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
wraithdu Universalist

wraithdu

Posted
Posted (edited)

Regarding the extended style...this has always been some kind of bug in the GuiCtrlCreateListView function. You can never correctly set the extended LV style directly in that function...it always messes something up. Try replacing the appropriate lines of code with this:

$hListViewTCP = GUICtrlCreateListView(_GetColumns($aTCPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewTCP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT
$hListViewUDP = GUICtrlCreateListView(_GetColumns($aUDPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewUDP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT
Edited by wraithdu
Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Regarding the extended style...this has always been some kind of bug in the GuiCtrlCreateListView function. You can never correctly set the extended LV style directly in that function...it always messes something up. Try replacing the appropriate lines of code with this:

$hListViewTCP = GUICtrlCreateListView(_GetColumns($aTCPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewTCP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT
$hListViewUDP = GUICtrlCreateListView(_GetColumns($aUDPArray, 0), 15, 37, $aClientSize[0] - 33, $aClientSize[1] - 113)
GUICtrlSendMsg($hListViewUDP, 0x1036, 0x14220, 0x14220) ; $LVM_SETEXTENDEDLISTVIEWSTYLE / LVS_EX_DOUBLEBUFFER|LVS_EX_LABELTIP|LVS_EX_REGIONAL|LVS_EX_FULLROWSELECT

:)

Yes, that's working.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
gertsolo Wayfarer

gertsolo

Posted
Posted

Nice script!

Could you help me out on this one. I have a bonjour service running on a PC and for some reason it stops working. Not that the service stops but I think that the ports are suddenly blocked. When I stop and start the service it works again for a while.

What I would like to do is use a small part of your script to check if the ports are ok and if not stop and start the service.

Could you help me?

thx

The more you learn, the less you know.

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Nice script!

Could you help me out on this one. I have a bonjour service running on a PC and for some reason it stops working. Not that the service stops but I think that the ports are suddenly blocked. When I stop and start the service it works again for a while.

What I would like to do is use a small part of your script to check if the ports are ok and if not stop and start the service.

Could you help me?

thx

How do you identify that connection? By port numbers, addresses or module making it?

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted (edited)

Good question, I think I need to check if a certain local port for the bonjour service is used.

You do this in your script after you pull _GetExtendedTcpTable() function out (pseudo):

$aArrayOfData = _GetExtendedTcpTable()
; ...check for errors here

For $i = 1 To UBound($aArrayOfData) - 1
    If $aArrayOfData[$i][3] = -that what you use To idetify the connection - Then
        $sConnectionState = $aArrayOfData[$i][0]
        ExitLoop
    EndIf
Next

If $sConnectionState = "ESTABLISHED" Then ; or whatever
    ;Do Something
Else
    ;Do something else
EndIf
Edited by trancexx

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...