Get the currently open port (TCP.UDP) status of the system, as well as the IP of the connection. port
-------------------------------------------------- ------------------------------
1. Monitor the TCP connection to monitor all ports in real time, timely, a warning is prompted and prompting the user to delete an abnormal connection, which can effectively achieve anti-black purposes. Using Microsoft IP Assistive Brake Functions (iPhlPapi.dll) is a shortcut. The GetTcptable function returns all valid TCP connections in the current system. It is defined as
: DWORD GETTCPTABLE (PMIB_TCPTABLE PTCPTABLE, / / BUFFER for TABLE PDWORD PDWSIZIZE, / / SIZE OF THE BUFFER BOOL BORDER / / SORT TABLE?); One of the parameters is the pointer of the TCP connection table buffer, the parameter 2 is The buffer size (when the buffer is not large enough, the parameter returns the actual size), the parameter three indication connection
Whether the table needs to be sorted by "Local IP", "LocalPort", "Remote IP", "Remote Port". For monitoring UDP connection tables, you can use the getudptable function. Since the use is completely similar, it will be slightly discussed (the corresponding manner in the following instance programs)
UDP monitoring). Second, abnormal warnings and delete connections By timing compare two TCP connection tables, we can immediately discover an exception and issue a warning. The following instance programs use sound and alarm signs to remind users to pay attention to possible outside world
Intrusion. After receiving the warning signal, we should first delete the suspicious connection, then look at the security vulnerability in the system or have a suspicious process at work. The SetTCPENTRY function in the IP Assistance Bank function can help us delete suspicious connections. It is defined as: DWORD settcPentry (PMIB_TCPROW PTCPROW / / POINTER TO STRUCT. WITH New State Info); Before calling this function, you should delete the connection to MIB_TCP_STATE_DELETE_TCB (delete). MIB_TCP_STATE_DELETE_TCB is also the only current
The status set at runtime.
// msdn example // link iphlpapi.lib # include
INT_Tmain (int Argc, _tchar * argv []) {PMIB_TCPTable PTCPTABLE;
PTCPTable = (MIB_TCPTable *) Malloc (sizeof (mib_tcptable)); dword dwsize = 0; dword dwretval = 0;
// Make an initial call to gettcptable to // get the next, / / View MSDN knows if the error returns ERROR_INSUFFICIENT_Buffer, indicating that there is not enough space to initialize PTCPTable, getTcptable
The size of DWSE
if (GetTcpTable (pTcpTable, & dwSize, TRUE) == ERROR_INSUFFICIENT_BUFFER) {// Here we must apply once again to pTcpTable space, because the space is not enough of the original application with the new application size is obtained GlobalFree (pTcpTable); pTcpTable = (MIB_TCPTABLE *) malloc ((UINT) dwSize);} // Make a second call to after GetTcpTable to get // the actual data we require // get called once GetTcpTable dwSize filling pTcpTable if ((dwRetVal = GetTcpTable (pTcpTable, & dwSize, True)) == NO_ERROR) {for (int i = 0; i <(int) ptcptable-> dwnumentries; i ) {printf ("state:% ld / n", ptcptable-> table [i] .dwstate); // ptcptable-> Table [i] records}} else {printf ("/ tcall to gettcptable failed./n");
LPVOID LPMSGBUF;
if (FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, dwRetVal, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language (LPTSTR) & lpMsgBuf, 0, NULL)) {printf ( "/ tError:% s", lpMsgBuf);} Localfree (lpmsgbuf);} return 0;
------- Refer to the article of Ma Wenzhao, Canta (China) International Information Service Co., Ltd.
