部分安全代码
// FPort.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID,
� � � �LPMODULEENTRY32 lpMe32, DWORD cbMe32)
{
� �BOOL � � � � �bRet � � � �= FALSE;
� �BOOL � � � � �bFound � � �= FALSE;
� �HANDLE � � � �hModuleSnap = NULL;
� �MODULEENTRY32 me32 � � � �= { 0 };
� �hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
� �if (hModuleSnap == INVALID_HANDLE_VALUE)
� � � �return (FALSE);
� �me32.dwSize = sizeof(MODULEENTRY32);
� �if (Module32First(hModuleSnap, &me32))
� �{
� � � �do
� � � �{
� � � � � �if (me32.th32ModuleID == dwModuleID)
� � � � � �{
� � � � � � � �CopyMemory (lpMe32, &me32, cbMe32);
� � � � � � � �bFound = TRUE;
� � � � � �}
� � � �}
� � � �while (!bFound && Module32Next(hModuleSnap, &me32));
�
� � � �bRet = bFound;
� �}
� �else
� � � �bRet = FALSE;
� �CloseHandle (hModuleSnap);
� �return (bRet);
}
PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName)
{
PROCESSENTRY32 processEntry = { 0 };
processEntry.dwSize = sizeof(PROCESSENTRY32);
lstrcpy(ProcessName, "???");
if (!Process32First(hProcessSnap, &processEntry))
{
�return ProcessName;
�}
do
{
�if (processEntry.th32ProcessID == ProcessId)
�{
� MODULEENTRY32 me32 � � � = { 0 };
� GetProcessModule(processEntry.th32ProcessID,
� � 1, &me32, sizeof(MODULEENTRY32));
� �
� if (lstrlen(me32.szExePath) != 0)
� {
� �lstrcpy(ProcessName, me32.szExePath);
� �}
� else
� {
� �lstrcpy(ProcessName, processEntry.szExeFile);
� �}
� return ProcessName;
� }
�
�} while(Process32Next(hProcessSnap, &processEntry));
return ProcessName;
}
HANDLE OpenPhysicalMemory(HANDLE& hSection)
{
� �NTSTATUS � � � � �status;
� �UNICODE_STRING � �physmemString;
� �OBJECT_ATTRIBUTES attributes;
HANDLE � � � � � �hMemory;
�
� �RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory");
� �InitializeObjectAttributes(&attributes, &physmemString,
�OBJ_CASE_INSENSITIVE, NULL, NULL);
� �status = ZwOpenSection(&hSection, SECTION_MAP_READ, &attributes );
�
if (!NT_SUCCESS(status)) return NULL;
� �hMemory = MapViewOfFile(hSection, FILE_MAP_READ,
�0, 0x30000, 0x1000);
� �if (GetLastError() != 0) return NULL; � �
� �return hMemory;
}
void AdjustDacl(HANDLE hProcess)
{
SID world = { SID_REVISION,1, SECURITY_WORLD_SID_AUTHORITY, 0 };
LPTSTR ptstrName � = (LPTSTR)&world;
EXPLICIT_ACCESS ea = { STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, SET_ACCESS, NO_INHERITANCE,
�{ 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, ptstrName } };
ACL * pdacl = 0;
if (SetEntriesInAcl(1, &ea, 0, &pdacl) != ERROR_SUCCESS)
{
�printf( "SetEntriesInAcl Error:%d", GetLastError());
�}
if (SetSecurityInfo(hProcess, SE_KERNEL_OBJECT,
� DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0) != ERROR_SUCCESS)
{
�printf( "SetSecurityInfo Error:%d", GetLastError());
�}
LocalFree(pdacl);
}
HANDLE OpenDeviceTcpUdp(WCHAR * deviceName)
{
� �UNICODE_STRING � �physmemString;
� �OBJECT_ATTRIBUTES attributes;
� �IO_STATUS_BLOCK � iosb;
� �HANDLE � � � � � �hDeviceHandle;
� �RtlInitUnicodeString(&physmemString, deviceName); � �
� �if (GetLastError() != 0) return NULL;
� �InitializeObjectAttributes(&attributes, &physmemString,
�OBJ_CASE_INSENSITIVE, 0, NULL);
� �NTSTATUS status = ZwOpenFile(&hDeviceHandle, 0x100000, &attributes, &iosb, 3, 0);
� �if (!NT_SUCCESS(status)) return NULL;
return hDeviceHandle;
}
PULONG GetHandleList()
{
� �ULONG �cbBuffer = 0x1000; � � � � � � �
� �PULONG pBuffer �= new ULONG[cbBuffer];
� �NTSTATUS Status;
� �do
{
� � � �Status = ZwQuerySystemInformation(
� SystemHandleInformation,
� pBuffer,
� cbBuffer * sizeof(ULONG),
� NULL
� );
�
� � � �if (Status == STATUS_INFO_LENGTH_MISMATCH)
� � � �{
� � � � � �delete [] pBuffer;
� � � � � �pBuffer = new ULONG[cbBuffer *= 2];
� � � �}
� � � �else if (!NT_SUCCESS(Status))
� � � �{
� � � � � �delete [] pBuffer;
� � � � � �return NULL;
� � � �}
�}while (Status == STATUS_INFO_LENGTH_MISMATCH);
� �return pBuffer;
}
PVOID GetTcpUdpObject(PULONG pBuffer, HANDLE hHandle, DWORD ProcessId)
{
int nCount = *pBuffer;
� �PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);
� �for (int i = 0; i < nCount; i++)
� �{
� � � �if (pProcesses->ProcessId == ProcessId && pProcesses->Handle == (int)hHandle)
� � � �{
� � � � � return (PVOID)pProcesses;
� }
�pProcesses++;
�}
return NULL;
}
BOOL GetPTE(PVOID objAddress, HANDLE hMapPhysicalMemory, HANDLE hSection, PTE& pte)
{
DWORD dwPhysMemBuf = (DWORD)hMapPhysicalMemory, dwAddress = (DWORD)objAddress;
� �LPVOID pNewMapPhy �= NULL;
DWORD dwNewAddress = *((LPDWORD)(dwPhysMemBuf + (dwAddress >> 0x16) * 4));
if ((dwNewAddress & 0x000000ff) < 0x01)
{
�return FALSE;
�}
if ((dwNewAddress & 0x000000ff) < 0x80)
{
�pNewMapPhy = MapViewOfFile(hSection, 4, 0, dwNewAddress & 0xFFFFF000, 0x1000);
�dwNewAddress = (dwAddress >> 0x0c) & 0x3ff;
�dwNewAddress = *((LPDWORD)((DWORD)pNewMapPhy + 4 * dwNewAddress)) & 0xFFFFF000;
�UnmapViewOfFile(pNewMapPhy);
�pNewMapPhy = NULL;
�}
else
{
�dwNewAddress = (dwNewAddress & 0xFFFFF000) + (dwAddress & 0x003ff000);
�}
pNewMapPhy = MapViewOfFile(hSection, FILE_MAP_READ,
�0, dwNewAddress, 0x1000);
if (pNewMapPhy == NULL)
{
�long lError = GetLastError();
�return FALSE;
�}
else
{
�memcpy(&pte, (char *)pNewMapPhy + (dwAddress & 0x00000FFF), sizeof(PTE));
�}
UnmapViewOfFile(pNewMapPhy);
return TRUE;
}
BOOL RaisePrivleges( HANDLE hToken, char *pPriv )
{
TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount � � � � � � �= 1;
tkp.Privileges[0].Attributes � �= SE_PRIVILEGE_ENABLED;
tkp.Privileges[0].Luid.HighPart = 0;
tkp.Privileges[0].Luid.LowPart �= 0;
if (!LookupPrivilegeValue(NULL, pPriv, &tkp.Privileges[0].Luid))
{
�printf("LookupPrivilegeValue Error:%d\n", GetLastError());
�return FALSE;
�}
int iRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0x10, (PTOKEN_PRIVILEGES)NULL, 0);
if (iRet == NULL)
{
�printf( "AdjustTokenPrivileges Error:%d\n", GetLastError());
�return TRUE;
�}
else
{
�iRet = GetLastError();
�switch (iRet)
�{
�case ERROR_NOT_ALL_ASSIGNED:
� {
� �printf("AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" );
� �return FALSE;
� �}
�case ERROR_SUCCESS: � � �
� {
� �return TRUE;
� �}
�default: � �
� {
� �printf("AdjustTokenPrivileges Unknow Error:%d\n", iRet);
� �return FALSE;
� �}
� }
�}
}
int main(int argc, char* argv[])
{
HANDLE hToken;
HANDLE hTcpHandle;
HANDLE hUdpHandle;
HANDLE hSection;
� �printf("---[ FPort, by Phiger �]---\n");
� �printf("---[ Date : 2003-12-30 ]---\n\n");
HANDLE hMapPhysicalMemory = OpenPhysicalMemory(hSection);
HANDLE hCurrentProc = GetCurrentProcess();
if (!OpenProcessToken(hCurrentProc,
�TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
�&hToken))
{
�printf( "OpenProcessToken Error:%d\n", GetLastError());
�}
else
{
�if (!RaisePrivleges(hToken, (char*)SE_DEBUG_NAME))
� printf( "SetPrivlegesSE_DEBUG_NAME Error:%d\n", GetLastError());
�}
if (hToken) CloseHandle(hToken);
hTcpHandle = OpenDeviceTcpUdp(L"\\Device\\TCP");
hUdpHandle = OpenDeviceTcpUdp(L"\\Device\\UDP");
� �PULONG pBuffer = GetHandleList();
if (pBuffer == NULL) return 0;
PSYSTEM_HANDLE_INFORMATION objTcpAddress = NULL;
PSYSTEM_HANDLE_INFORMATION objUdpAddress = NULL;
objTcpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hTcpHandle, GetCurrentProcessId());
PTE pteTCPCur;
if (!GetPTE(objTcpAddress->Object, hMapPhysicalMemory, hSection, pteTCPCur))
{
�return 0;
�}
objUdpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hUdpHandle, GetCurrentProcessId());
PTE pteUDPCur;
if (!GetPTE(objUdpAddress->Object, hMapPhysicalMemory, hSection, pteUDPCur))
{
�return 0;
�}
OVERLAPPED � �Overlap;
HANDLE hEvent = CreateEvent(0, 1, 0, 0);
Overlap.Internal � � = 0;
Overlap.InternalHigh = 0;
Overlap.Offset � � � = 0;
Overlap.OffsetHigh � = 0;
Overlap.hEvent � � � = hEvent;
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
�printf("Failed to take process snapshot. Process names will not be shown.\n\n");
�}
int nCount = *pBuffer;
� �PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);
� �for (int i = 0; i < nCount; i++)
� �{
�if (pProcesses->ObjectTypeNumber == objTcpAddress->ObjectTypeNumber)
�{
� PTE pte;
� if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte))
� {
� �pProcesses++;
� �continue;
� �}
� if ((pte.NoCache == 1 || pte.NoCache == 2) &&
� �(pteTCPCur.WriteTable == pte.WriteTable))
� {
� �HANDLE hProc = NULL, DupHandle=NULL;
� �int �i = 0, portflag = 0;
� �u_short openport;
� �
� �hProc = OpenProcess(PROCESS_DUP_HANDLE,
� � 0,
� � pProcesses->ProcessId);
� �if (hProc)
� �{
� � DuplicateHandle(hProc,
� � �(HANDLE)pProcesses->Handle,
� � �GetCurrentProcess(),
� � �&DupHandle,
� � �0,
� � �FALSE,
� � �2);
� � CloseHandle(hProc);
� � if (DupHandle)
� � {
� � �TDI_CONNECTION_INFO � �TdiConnInfo={ 0 };
� � �TDI_CONNECTION_INFORMATION TdiConnInformation = { 0 };
� � �DWORD dwRetu=0; � �
� � �
� � �if (pte.NoCache == 0x02)
� � �{
� � � TdiConnInformation.RemoteAddressLength = 4;
� � � if (DeviceIoControl(
� � � �DupHandle,
� � � �0x210012,
� � � �&TdiConnInformation,
� � � �sizeof(TdiConnInformation),
� � � �&TdiConnInfo,
� � � �sizeof(TdiConnInfo),
� � � �NULL,
� � � �&Overlap))
� � � { �
� � � �char szProcName[256];
� � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
� � � �if (openport != 0)
� � � �{
� � � � printf("TCP �PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
� � � � }
� � � �}
� � � else
� � � {
� � � �long lError = GetLastError();
� � � �}
� � � }
� � �else if (pte.NoCache == 0x01)
� � �{
� � � TdiConnInformation.RemoteAddressLength = 3;
� � � if (DeviceIoControl(DupHandle, 0x210012,
� � � �&TdiConnInformation, sizeof(TdiConnInformation),
� � � �&TdiConnInfo, sizeof(TdiConnInfo),
� � � �NULL, &Overlap))
� � � {
� � � �char szProcName[256];
� � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
� � � �if (openport != 0)
� � � �{
� � � � printf("TCP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
� � � � }
� � � �}
� � � else
� � � {
� � � �long lError = GetLastError();
� � � �}
� � � }
� � �CloseHandle(DupHandle);
� � �}
� � }
� �}
� }
�pProcesses++;
�}
nCount = *pBuffer;
� �pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);
� �for (i = 0; i < nCount; i++)
� �{
�if (pProcesses->ObjectTypeNumber == objUdpAddress->ObjectTypeNumber)
�{
� PTE pte;
� if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte))
� {
� �pProcesses++;
� �continue;
� �}
�
� if ((pte.NoCache == 1 || pte.NoCache == 2) &&
� �(pteUDPCur.WriteTable == pte.WriteTable))
� {
� �HANDLE hProc = NULL, DupHandle=NULL;
� �int �i = 0, portflag = 0;
� �u_short openport;
� �
� �hProc = OpenProcess(PROCESS_DUP_HANDLE,
� � 0,
� � pProcesses->ProcessId);
� �
� �if (hProc)
� �{
� � DuplicateHandle(hProc,
� � �(HANDLE)pProcesses->Handle,
� � �GetCurrentProcess(),
� � �&DupHandle,
� � �0,
� � �FALSE,
� � �2);
� �
� � CloseHandle(hProc);
� �
� � if (DupHandle)
� � {
� � �TDI_CONNECTION_INFO � �TdiConnInfo={ 0 };
� � �TDI_CONNECTION_INFORMATION TdiConnInformation = { 0 };
� � �DWORD dwRetu=0; � �
� � �
� � �if (pte.NoCache == 0x02)
� � �{
� � � TdiConnInformation.RemoteAddressLength = 4;
� � � if (DeviceIoControl(
� � � �DupHandle,
� � � �0x210012,
� � � �&TdiConnInformation,
� � � �sizeof(TdiConnInformation),
� � � �&TdiConnInfo,
� � � �sizeof(TdiConnInfo),
� � � �NULL,
� � � �&Overlap))
� � � {
� � � �char szProcName[256]; � � � �
� � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
� � � �if (openport != 0)
� � � �{
� � � � printf("UDP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
� � � � }
� � � �}
� � � else
� � � {
� � � �long lError = GetLastError();
� � � �}
� � � }
� � �else if (pte.NoCache == 0x01)
� � �{
� � � TdiConnInformation.RemoteAddressLength = 3;
� � � if (DeviceIoControl(DupHandle, 0x210012,
� � � �&TdiConnInformation, sizeof(TdiConnInformation),
� � � �&TdiConnInfo, sizeof(TdiConnInfo),
� � � �NULL, &Overlap))
� � � {
� � � �char szProcName[256];
� � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
� � � �if (openport != 0)
� � � �{
� � � � printf("UDP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
� � � � }
� � � �}
� � � else
� � � {
� � � �long lError = GetLastError();
� � � �}
� � � }
� � �CloseHandle(DupHandle);
� � �}
� � }
� �}
� }
�pProcesses++;
�}
CloseHandle(hEvent);
CloseHandle(hProcessSnap);
return 0;
}
// stdafx.h : include file for standard system include files,
// �or project specific include files that are used frequently, but
// � � �are changed infrequently
//
#if !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)
#define AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#define _WIN32_WINNT 0x0500
#pragma comment(lib, "ntdll.lib")
#include <windows.h>
#include <ntsecapi.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <tchar.h>
#include <malloc.h>
#include <Aclapi.h>
#include <Tlhelp32.h>
#include <iprtrmib.h>
#include <Iphlpapi.h>
#pragma warning(disable: 4786)
#pragma warning(disable: 4530)
#include <string>
#include <map>
using namespace std;
#define _CRTDBG_MAP_ALLOC
#include <crtdbg.h>
#define NTAPI __stdcall
typedef LONG NTSTATUS;
typedef LONG KPRIORITY;
#define SECTION_QUERY � � � 0x0001
#define SECTION_MAP_WRITE � 0x0002
#define SECTION_MAP_READ � �0x0004
#define SECTION_MAP_EXECUTE 0x0008
#define SECTION_EXTEND_SIZE 0x0010
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH � � �((NTSTATUS)0xC0000004L)
#define OBJ_INHERIT � � � � � � 0x00000002L
#define OBJ_PERMANENT � � � � � 0x00000010L
#define OBJ_EXCLUSIVE � � � � � 0x00000020L
#define OBJ_CASE_INSENSITIVE � �0x00000040L
#define OBJ_OPENIF � � � � � � �0x00000080L
#define OBJ_OPENLINK � � � � � �0x00000100L
#define OBJ_KERNEL_HANDLE � � � 0x00000200L
#define OBJ_VALID_ATTRIBUTES � �0x000003F2L
#define SystemHandleInformation 16
#define FILE_DIRECTORY_FILE � � � � � � � � � � 0x00000001
#define FILE_WRITE_THROUGH � � � � � � � � � � �0x00000002
#define FILE_SEQUENTIAL_ONLY � � � � � � � � � �0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING � � � � �0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT � � � � � � � 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT � � � � � �0x00000020
#define FILE_NON_DIRECTORY_FILE � � � � � � � � 0x00000040
#define FILE_CREATE_TREE_CONNECTION � � � � � � 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED � � � � � � � 0x00000100
#define FILE_NO_EA_KNOWLEDGE � � � � � � � � � �0x00000200
#define FILE_OPEN_FOR_RECOVERY � � � � � � � � �0x00000400
#define FILE_RANDOM_ACCESS � � � � � � � � � � �0x00000800
#define FILE_DELETE_ON_CLOSE � � � � � � � � � �0x00001000
#define FILE_OPEN_BY_FILE_ID � � � � � � � � � �0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT � � � � � � 0x00004000
#define FILE_NO_COMPRESSION � � � � � � � � � � 0x00008000
#define FILE_RESERVE_OPFILTER � � � � � � � � � 0x00100000
#define FILE_OPEN_REPARSE_POINT � � � � � � � � 0x00200000
#define FILE_OPEN_NO_RECALL � � � � � � � � � � 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY � � � � �0x00800000
#define FILE_COPY_STRUCTURED_STORAGE � � � � � �0x00000041
#define FILE_STRUCTURED_STORAGE � � � � � � � � 0x00000441
#define FILE_VALID_OPTION_FLAGS � � � � � � � � 0x00ffffff
#define FILE_VALID_PIPE_OPTION_FLAGS � � � � � �0x00000032
#define FILE_VALID_MAILSLOT_OPTION_FLAGS � � � �0x00000032
#define FILE_VALID_SET_FLAGS � � � � � � � � � �0x00000036
#define InitializeObjectAttributes( p, n, a, r, s ) { \
(p)->Length = sizeof( OBJECT_ATTRIBUTES ); � � � � �\
(p)->RootDirectory = r; � � � � � � � � � � � � � � \
(p)->Attributes = a; � � � � � � � � � � � � � � � �\
(p)->ObjectName = n; � � � � � � � � � � � � � � � �\
(p)->SecurityDescriptor = s; � � � � � � � � � � � �\
(p)->SecurityQualityOfService = NULL; � � � � � � � \
}
typedef struct {
� ULONG Present;
� ULONG WriteTable;
� ULONG User;
� ULONG WriteThru;
� ULONG NoCache;
� ULONG Accessed;
� ULONG Dirty;
� ULONG PageSize;
� ULONG Global;
� ULONG Available;
� ULONG Pfn;
} PTE, *PPTE;
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
};
ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
#if defined(_WIN64)
typedef struct _IO_STATUS_BLOCK32 {
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK32, *PIO_STATUS_BLOCK32;
#endif
typedef struct _SYSTEM_HANDLE_INFORMATION { //Information Class 16
ULONG ProcessId;
UCHAR ObjectTypeNumber;
UCHAR Flags; � � � � � � � � � � //0x01 =PROTECT_FROM_CLOSE,0x02 =INHERIT
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
}SYSTEM_HANDLE_INFORMATION,*PSYSTEM_HANDLE_INFORMATION;
typedef struct _TDI_CONNECTION_INFO {
� ULONG � � � � �State;
� ULONG � � � � �Event;
� ULONG � � � � �TransmittedTsdus;
� ULONG � � � � �ReceivedTsdus;
� ULONG � � � � �TransmissionErrors;
� ULONG � � � � �ReceiveErrors;
� LARGE_INTEGER �Throughput;
� LARGE_INTEGER �Delay;
� ULONG � � � � �SendBufferSize;
� ULONG � � � � �ReceiveBufferSize;
� BOOLEAN � � � �Unreliable;
} TDI_CONNECTION_INFO, *PTDI_CONNECTION_INFO;
typedef struct _TDI_CONNECTION_INFORMATION {
� LONG � UserDataLength;
� PVOID �UserData;
� LONG � OptionsLength;
� PVOID �Options;
� LONG � RemoteAddressLength;
� PVOID �RemoteAddress;
} TDI_CONNECTION_INFORMATION, *PTDI_CONNECTION_INFORMATION;
#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
SECTION_MAP_WRITE | � � �\
SECTION_MAP_READ | � � � \
SECTION_MAP_EXECUTE | � �\
SECTION_EXTEND_SIZE)
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; � � � �// Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; �// Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenSection(
OUT PHANDLE sectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenFile(
�OUT PHANDLE FileHandle,
�IN ACCESS_MASK DesiredAccess,
�IN POBJECT_ATTRIBUTES ObjectAttributes,
�OUT PIO_STATUS_BLOCK IoStatusBlock,
�IN ULONG ShareAccess,
�IN ULONG OpenOptions
�);
extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
IN UINT SystemInformationClass,
IN OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
extern "C"
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
//{ { AFX_INSERT_LOCATION } }
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
#endif // !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)
//iphelpasp.h
#ifndef _IPHLPAPI_H
#define _IPHLPAPI_H
#if __GNUC__ >=3
#pragma GCC system_header
#endif
#include <iprtrmib.h>
#include <ipexport.h>
#include <iptypes.h>
#ifdef __cplusplus
extern "C" {
#endif
DWORD WINAPI AddIPAddress(IPAddr,IPMask,DWORD,PULONG,PULONG);
DWORD WINAPI CreateIpForwardEntry(PMIB_IPFORWARDROW);
DWORD WINAPI CreateIpNetEntry(PMIB_IPNETROW);
DWORD WINAPI CreateProxyArpEntry(DWORD,DWORD,DWORD);
DWORD WINAPI DeleteIPAddress(ULONG);
DWORD WINAPI DeleteIpForwardEntry(PMIB_IPFORWARDROW);
DWORD WINAPI DeleteIpNetEntry(PMIB_IPNETROW);
DWORD WINAPI DeleteProxyArpEntry(DWORD,DWORD,DWORD);
DWORD WINAPI EnableRouter(HANDLE*,OVERLAPPED*);
DWORD WINAPI FlushIpNetTable(DWORD);
DWORD WINAPI GetAdapterIndex(LPWSTR,PULONG);
DWORD WINAPI GetAdaptersInfo(PIP_ADAPTER_INFO,PULONG);
DWORD WINAPI GetBestInterface(IPAddr,PDWORD);
DWORD WINAPI GetBestRoute(DWORD,DWORD,PMIB_IPFORWARDROW);
DWORD WINAPI GetFriendlyIfIndex(DWORD);
DWORD WINAPI GetIcmpStatistics(PMIB_ICMP);
DWORD WINAPI GetIfEntry(PMIB_IFROW);
DWORD WINAPI GetIfTable(PMIB_IFTABLE,PULONG,BOOL);
DWORD WINAPI GetInterfaceInfo(PIP_INTERFACE_INFO,PULONG);
DWORD WINAPI GetIpAddrTable(PMIB_IPADDRTABLE,PULONG,BOOL);
DWORD WINAPI GetIpForwardTable(PMIB_IPFORWARDTABLE,PULONG,BOOL);
DWORD WINAPI GetIpNetTable(PMIB_IPNETTABLE,PULONG,BOOL);
DWORD WINAPI GetIpStatistics(PMIB_IPSTATS);
DWORD WINAPI GetNetworkParams(PFIXED_INFO,PULONG);
DWORD WINAPI GetNumberOfInterfaces(PDWORD);
DWORD WINAPI GetPerAdapterInfo(ULONG,PIP_PER_ADAPTER_INFO, PULONG);
BOOL WINAPI GetRTTAndHopCount(IPAddr,PULONG,ULONG,PULONG);
DWORD WINAPI GetTcpStatistics(PMIB_TCPSTATS);
DWORD WINAPI GetTcpTable(PMIB_TCPTABLE,PDWORD,BOOL);
DWORD WINAPI GetUniDirectionalAdapterInfo(PIP_UNIDIRECTIONAL_ADAPTER_ADDRESS,PULONG);
DWORD WINAPI GetUdpStatistics(PMIB_UDPSTATS);
DWORD WINAPI GetUdpTable(PMIB_UDPTABLE,PDWORD,BOOL);
DWORD WINAPI IpReleaseAddress(PIP_ADAPTER_INDEX_MAP);
DWORD WINAPI IpRenewAddress(PIP_ADAPTER_INDEX_MAP);
DWORD WINAPI NotifyAddrChange(PHANDLE,LPOVERLAPPED);
DWORD WINAPI NotifyRouteChange(PHANDLE,LPOVERLAPPED);
DWORD WINAPI SendARP(IPAddr,IPAddr,PULONG,PULONG);
DWORD WINAPI SetIfEntry(PMIB_IFROW);
DWORD WINAPI SetIpForwardEntry(PMIB_IPFORWARDROW);
DWORD WINAPI SetIpNetEntry(PMIB_IPNETROW);
DWORD WINAPI SetIpStatistics(PMIB_IPSTATS);
DWORD WINAPI SetIpTTL(UINT);
DWORD WINAPI SetTcpEntry(PMIB_TCPROW);
DWORD WINAPI UnenableRouter(OVERLAPPED*, LPDWORD);
#ifdef __cplusplus
}
#endif
#endif /* _IPHLPAPI_H */