Jump to content

Recommended Posts

Posted

There are situation when you know something is going off from or to your computer and you have no idea what that is or who's doing that. On the other hand, sometimes you are just curious to know (I know I am) what's cooking.

Scrip below is analyzing every connection that your machine have. Either TCP or UDP. It'll give you port numbers, IP addresses, names of the processes issuing connections, their PIDs, connection statuses, and hints on protocols for used ports (so that you know roughly what that connection is or could be).

Script:

Many thanks!! I've always wondered what was going on when the drive activity light was on and I wasn't doing anything. I always wondered if there was something connecting to my PC without my knowledge!

Avian

A millihelen is the amount of beauty required to launch one ship.

Posted

The library has been updated.

I'm kidding :)

New script attached.

More informations available for endpoints. 'Elevated Mode' button is now showing its purpose when needed.

With this script I've assimilated a couple of functions written by Manko and wraithdu. They are rewritten to look the way I like it. I fixed Manko's (there were a bug with trying to access unavailable space causing a random crash).

So, what was the joke in the intro? I bet you don't know ;)

♡♡♡

.

eMyvnE

Posted (edited)

Very nice code demonstration again! :)

Btw, you can use netstat -na to get these information from cmd but from your tool it is much more comfortable and it has more infomation.

UEZ

*****

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Posted

Thanks UEZ.

And a joke?

Btw, netstat.exe is, among others, using functions InternalGetTcpTableWithOwnerModule and InternalGetUdpTableWithOwnerModule but I couldn't find any documentation for those two even though they sound smart.

Never mind, going around sometimes is not that bad.

♡♡♡

.

eMyvnE

Posted

I'm 37 and very often I need a lot of time to understand... :)

UEZ B)

I'm not 37 and very often I need a lot of time to understand too... but don't tell anyone ;) it's a sort of a secret

♡♡♡

.

eMyvnE

Posted

I'm not very understand about tcp and udp stuff.

But i think i like it :)

Very resolutive ;)

I just saw that I dropped two 'DllOpen' and one tiny other thing. It makes almost no difference but still, flaw is a flaw.

♡♡♡

.

eMyvnE

Posted (edited)

Ran it, nothing happened. Windows 7 x64, just a heads up.

How did you run it? With F5 in SciTE or double click?

If yes, then indeed it is crashing in x64 mode! I got error code: AutoIT3.exe ended.rc:-1073741819

I got German version and this is the crash info:

Problemsignatur:

Problemereignisname: APPCRASH

Anwendungsname: AutoIt3_x64.exe

Anwendungsversion: 3.3.0.0

Anwendungszeitstempel: 4951fa01

Fehlermodulname: AutoIt3_x64.exe

Fehlermodulversion: 3.3.0.0

Fehlermodulzeitstempel: 4951fa01

Ausnahmecode: c0000005

Ausnahmeoffset: 0000000000018660

Betriebsystemversion: 6.1.7600.2.0.0.256.1

Gebietsschema-ID: 1031

Zusatzinformation 1: d9e9

Zusatzinformation 2: d9e98e26e5862e4b8c1835bc653abe12

Zusatzinformation 3: 1735

Zusatzinformation 4: 1735faf7dba7c27eea43b7a3330f19b3

But if you compile it and start it afterwards it is working because it will started as x32 not x64 native version!

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Posted (edited)

Probably function Func _ProcessList() is causing "access violation" in for next loop

For $i = 1 To $aCall[5]

        $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _
                "dword ProcessId;" & _
                "ptr ProcessName;" & _
                "ptr UserSid", _
                $aCall[4] + ($i - 1) * 16) ; looping thru structures

        $pString = DllStructGetData($tWTS_PROCESS_INFO, "ProcessName")
        $iStringLen = _PtrStringLenW($pString)
        $aOut[$i][0] = DllStructGetData(DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pString), 1)
        $aOut[$i][1] = DllStructGetData($tWTS_PROCESS_INFO, "ProcessId")
        $aOut[$i][2] = _AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid"))

    Next

Maybe other functions are also not working but this is the 1st one!

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Posted (edited)

Well, can you fix it? I'm 32-bit only.

edit:

I just spotted a strange bug(?) with AutoIt when 'thinking' what you wrote. Will report it to get an explanation on the behavior.

Edited by trancexx

♡♡♡

.

eMyvnE

Posted

If you can put your brain in my head, I will do it! I'm a noob in this kind of stuff!

But I will try it anyway. Don't expect a successfull result...

UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...