franpol38000 Posted September 28, 2016 Posted September 28, 2016 Hi, I'd like to make a program with Autoit which can detects when something try to get or send informations on my computer. I think that I could use the function "netstat" with "cmd", however I need to know how to get the result of this command on the GUI. Have you another idea to realize this program ? If no, How can i get the result of the function "netstat" in the GUI with autoit ? Thanks in advance for your help.
Chromed Posted September 28, 2016 Posted September 28, 2016 I think something along the lines of .. #include <Constants.au3> ConsoleWrite( _GetDOSOutput("netstat") & @CRLF) Func _GetDOSOutput($sCommand) Local $iPID, $sOutput = "" $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $sOutput &= StdoutRead($iPID, False, False) If @error Then ExitLoop EndIf Sleep(10) WEnd Return $sOutput EndFunc ;==>_GetDOSOutput franpol38000 1
TurionAltec Posted September 28, 2016 Posted September 28, 2016 "@comspec / c" is only needed when calling an internal cmd.exe command (like dir, del, type, etc). If the command being run is from an external program, like netstat.exe, it can be run on it's own. In this example I call netstat -n which will return quicker as it's showing just IP addresses, and not trying to resolve the name. Also, depending on what your script is doing, if it's waiting on the results, Using ProcessWaitClose is easier than continuously polling and concatenating the string. #include <Constants.au3> ConsoleWrite(_GetDOSOutput("netstat -n") & @CRLF) Func _GetDOSOutput($sCommand) Local $iPID, $sOutput = "" ;$iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) $iPID = Run($sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) ProcessWaitClose($iPID) $sOutput = StdoutRead($iPID, False, False) Return $sOutput EndFunc ;==>_GetDOSOutput That said, what is the OP looking for? Netstat will show connections, but not transfer of data. I have used AutoIT to interpret raw data coming out of "Tshark" (a CLI tool from Wireshark), but if you don't have a very specific filter to narrow down traffic, it will get quickly bogged down with all traffic on your PC. Mobius and franpol38000 2
franpol38000 Posted September 30, 2016 Author Posted September 30, 2016 Sorry to answer you so late, I was ill this last few days. So, Thanks for your answers, this is exactly what I need. I didn't think there were so much traffic on the PC, that's why to understand what happen I use also TCPview. But for me, this freeware is for professionnal. My idea is to use basic DOS command like "netsat" and try to make my own filter. When the program will detect that I send or obtain something to an suspect IP, I will open a msgbox to say : "you get or send something to this IP which corresponds to this site, this application, software or something else, do you want continu with this connection ? ". If the user say "no", the program will block this IP. I think It will be a nice application to know in live when you are hacked :-) The second part of my program will be to detect when a new computer is connected to your private Wi-Fi hotspot network. But for the moment I don't know how to do ? If you are interested by this project, we can continue to exchange on this topic ;-)
franpol38000 Posted October 2, 2016 Author Posted October 2, 2016 Hi hereunder, the draft code expandcollapse popup#include <MsgBoxConstants.au3> #include <Constants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <GuiStatusBar.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <Array.au3> #include <String.au3> ;déclaration variable Local $ip="" #Region ### START Koda GUI section ### Form= Global $Form1 = GUICreate("Form1", 615, 437, 192, 124) Global $btn1 = GUICtrlCreateButton("Lancer l'analyse des ports", 80, 50, 150, 30) GUICtrlSetColor(-1, 0x0000FF) Global $Edit1 = GUICtrlCreateEdit("", 16, 152, 577, 257) GUICtrlSetData(-1, "Edit1") Global $Label1 = GUICtrlCreateLabel("Etat des connexions", 16, 128, 100, 17) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $btn1 $infip=_GetDOSOutput("netstat -n") GUICtrlSetData($Edit1,$infip);Affichage du résultat $valu=StringSplit ($infip,@CRLF) $nbr=UBound($valu) For $i=0 To ($nbr-1) Step 1 $regex="TCP" If $valu[$i]<>"" Then $ipexploit= StringRegExp($valu[$i],$regex,$STR_REGEXPMATCH) If $ipexploit=1 Then $answer = StringRegExp($valu[$i],'((?:\d{1,3}\.){3}\d{1,3})',3) If @error=0 Then If (($answer[0]<>$answer[1]) And ($ip<>$answer[1])) Then $ip=$answer[1] MsgBox(0,"adresse",$ip) EndIf EndIf EndIf EndIf Next EndSwitch WEnd Func _GetDOSOutput($sCommand) Local $iPID, $sOutput = "" $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $sOutput &= StdoutRead($iPID, False, False) If @error Then ExitLoop EndIf Sleep(10) WEnd Return $sOutput EndFunc ;==>_GetDOSOutput The next step will be to find how We can get some details about the adress IP without to use existing website? Who know where it's possible to get these elements ? Like the website "whois" or other do. Thanks in advance for this information.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now