EyeSpy: C:/work/RevealedSystems/EyeSpy-RS/eyespy/src/swig/extendedTCPTableLib/ExtendedXportTable.cxx Source File

00001 /*
00002     Copyright (C) <2008>  <Mark Hanegraaff>
00003 
00004     This program is free software: you can redistribute it and/or modify
00005     it under the terms of the GNU General Public License as published by
00006     the Free Software Foundation, either version 3 of the License, or
00007     (at your option) any later version.
00008 
00009     This program is distributed in the hope that it will be useful,
00010     but WITHOUT ANY WARRANTY; without even the implied warranty of
00011     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00012     GNU General Public License for more details.
00013 
00014     You should have received a copy of the GNU General Public License
00015     along with this program.  If not, see <http://www.gnu.org/licenses/>.
00016 */
00017 
00018 #include "Winsock2.h"
00019 #include "Iphlpapi.h"
00020 #include <stdio.h>
00021 #include <tchar.h>
00022 #include <psapi.h>
00023 
00024 
00025 #define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
00026 #define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
00027 
00028 //FWD Declarations
00029 void clearERROR_MESSAGE();
00030 bool tableArrayOutOfRange(unsigned int idx);
00031 bool indexOutOfRange(unsigned int idx);
00032 void populateTCPV4Table();
00033 void populateUDPV4Table();
00034 BOOL GetProcessName( DWORD processID, TCHAR* szProcessName);
00035 void updateV4Tables();
00036 
00037 
00038 
00039 char ERROR_MESSAGE[4096];
00040 const unsigned int maxSize = 10000;
00041 unsigned int tableSize;
00042 
00043 typedef struct V4Table
00044 {
00045         unsigned int    Pid;
00046         char                    processName[256];
00047         char                    transport[9]; //TCP or UDP
00048         unsigned int    srcPort;
00049         unsigned int    state;  
00050 
00051 
00052 } V4Table;
00053 
00054 
00055 V4Table tableArray[maxSize];
00056 
00057 
00058 
00059 //
00060 // Getters
00061 //
00062 
00063 unsigned int getV4TableSize() {return tableSize;}
00064 
00065 
00066 unsigned int getV4Pid(unsigned int idx) throw (const char *)
00067 {
00068         clearERROR_MESSAGE();
00069 
00070         if (tableArrayOutOfRange(idx) || indexOutOfRange(idx)) throw ERROR_MESSAGE;
00071 
00072         clearERROR_MESSAGE();
00073 
00074         return tableArray[idx].Pid;
00075                 
00076 }
00077 
00078 char * getV4ProcessName(unsigned int idx) throw (const char *)
00079 {
00080         clearERROR_MESSAGE();
00081 
00082         if (tableArrayOutOfRange(idx) || indexOutOfRange(idx)) throw ERROR_MESSAGE;
00083 
00084         clearERROR_MESSAGE();
00085 
00086         return tableArray[idx].processName;
00087                 
00088 }
00089 
00090 
00091 unsigned int getV4SrcPort(unsigned int idx) throw (const char *)
00092 {
00093         clearERROR_MESSAGE();
00094 
00095         if (tableArrayOutOfRange(idx) || indexOutOfRange(idx)) throw ERROR_MESSAGE;
00096 
00097         clearERROR_MESSAGE();
00098 
00099         return tableArray[idx].srcPort; 
00100 }
00101 
00102 
00103 unsigned int getV4State(unsigned int idx) throw (const char *)
00104 {
00105         clearERROR_MESSAGE();
00106 
00107         if (tableArrayOutOfRange(idx) || indexOutOfRange(idx)) throw ERROR_MESSAGE;
00108 
00109         clearERROR_MESSAGE();
00110 
00111         return tableArray[idx].state;   
00112 }
00113 
00114 char * getV4Transport(unsigned int idx) throw (const char *)
00115 {
00116         clearERROR_MESSAGE();
00117 
00118         if (tableArrayOutOfRange(idx) || indexOutOfRange(idx)) throw ERROR_MESSAGE;
00119 
00120         clearERROR_MESSAGE();
00121 
00122         return tableArray[idx].transport;       
00123 }
00124 
00125 
00126 //
00127 // Exported work function. This does all the actual work
00128 //
00129 
00130 void updateV4Tables()
00131 {
00132         tableSize = 0;
00133 
00134         // initialize the table
00135         memset(tableArray, 0, sizeof(tableArray) );
00136 
00137         populateTCPV4Table();
00138         populateUDPV4Table();   
00139 }
00140 
00141 
00142 void populateTCPV4Table() throw (const char *)
00143 {       
00144         clearERROR_MESSAGE();   
00145 
00146         MIB_TCPTABLE_OWNER_PID * pTcpTable;
00147 
00148         DWORD dwSize = 0;
00149         DWORD dwRetVal = 0;     
00150 
00151         pTcpTable = ( MIB_TCPTABLE_OWNER_PID *) MALLOC(sizeof ( MIB_TCPTABLE_OWNER_PID));
00152 
00153         if (pTcpTable == NULL) 
00154         {
00155                 strcpy(ERROR_MESSAGE, "Could not allocate memory for TCP Table");
00156                 throw ERROR_MESSAGE;
00157         }
00158 
00159         dwSize = sizeof (MIB_TCPTABLE_OWNER_PID);
00160 
00161         if ((dwRetVal = GetExtendedTcpTable (pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL , 0)) == ERROR_INSUFFICIENT_BUFFER) 
00162         {
00163                 FREE(pTcpTable);
00164                 pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(dwSize);
00165     
00166                 if (pTcpTable == NULL) 
00167                 {            
00168                         strcpy(ERROR_MESSAGE, "Could not allocate memory for TCP Table");
00169                         throw ERROR_MESSAGE;
00170 
00171                         return;
00172                 }
00173         }
00174 
00175         // Make a second call to GetTcpTable to get
00176         // the actual data we require
00177 
00178         if ((dwRetVal = GetExtendedTcpTable (pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL , 0)) == NO_ERROR)
00179         {
00180                 //
00181         }
00182         else
00183         {
00184                 strcpy(ERROR_MESSAGE, "Could not allocate memory for TCP Table");
00185                 FREE(pTcpTable);
00186 
00187                 throw ERROR_MESSAGE;
00188         }
00189 
00190         char processName[1024];
00191 
00192 
00193         for (int i = 0; i < pTcpTable->dwNumEntries; i++)
00194         {
00195                 GetProcessName(pTcpTable->table[i].dwOwningPid, processName);                           
00196 
00197                 //getTCPProcName(&pTcpTable->table[i], processName, processPath);
00198 
00199 
00200                 tableArray[tableSize].Pid = pTcpTable->table[i].dwOwningPid;
00201                 strcpy(tableArray[i].processName, processName);
00202                 tableArray[tableSize].srcPort = ntohs(pTcpTable->table[i].dwLocalPort);
00203                 strcpy(tableArray[tableSize].transport, "TCP");
00204                 tableArray[tableSize].state = pTcpTable->table[i].dwState;
00205 
00206                 tableSize ++;
00207         }
00208 
00209         FREE(pTcpTable);
00210 }
00211 
00212 
00213 
00214 
00215 
00216 void populateUDPV4Table() throw (const char *)
00217 {       
00218         clearERROR_MESSAGE();
00219 
00220         MIB_UDPTABLE_OWNER_PID* pUDPTable;
00221 
00222         DWORD dwSize = 0;
00223         DWORD dwRetVal = 0;     
00224 
00225         pUDPTable = ( MIB_UDPTABLE_OWNER_PID  *) MALLOC(sizeof ( MIB_UDPTABLE_OWNER_PID ));
00226 
00227         if (pUDPTable == NULL) 
00228         {               
00229                 strcpy(ERROR_MESSAGE, "Error allocating UDP table memory");
00230         throw ERROR_MESSAGE;
00231         }
00232 
00233         dwSize = sizeof (MIB_UDPTABLE_OWNER_PID);
00234 
00235         if ((dwRetVal = GetExtendedUdpTable (pUDPTable, &dwSize, TRUE, AF_INET,  UDP_TABLE_OWNER_PID, 0)) == ERROR_INSUFFICIENT_BUFFER) 
00236         {
00237                 FREE(pUDPTable);
00238                 pUDPTable = (MIB_UDPTABLE_OWNER_PID *) MALLOC(dwSize);
00239     
00240                 if (pUDPTable == NULL) 
00241                 {            
00242                         strcpy(ERROR_MESSAGE, "Error allocating UDP table memory");
00243                         throw ERROR_MESSAGE;
00244                 }
00245         }
00246 
00247 
00248         // Make a second call to GetTcpTable to get
00249         // the actual data we require
00250 
00251         if ((dwRetVal = GetExtendedUdpTable (pUDPTable, &dwSize, TRUE, AF_INET, UDP_TABLE_OWNER_PID, 0)) == NO_ERROR)
00252         {
00253                 //
00254         }
00255         else
00256         {
00257                 strcpy(ERROR_MESSAGE, "Error allocating UDP table memory");
00258                 FREE(pUDPTable);
00259 
00260         throw ERROR_MESSAGE;
00261         }
00262 
00263         char procName[1024];
00264 
00265         for (int i = 0; i < pUDPTable->dwNumEntries; i++)
00266         {
00267                 GetProcessName(pUDPTable->table[i].dwOwningPid, procName);              
00268                 strcpy(tableArray[tableSize].processName, procName);
00269 
00270                 tableArray[tableSize].Pid = pUDPTable->table[i].dwOwningPid;            
00271                 tableArray[tableSize].srcPort =  ntohs(pUDPTable->table[i].dwLocalPort);
00272                 tableArray[tableSize].state = -1;
00273                 strcpy(tableArray[tableSize].transport,  "UDP");
00274 
00275                 tableSize++;
00276         }
00277 
00278         FREE(pUDPTable);
00279 
00280 }
00281 
00282 
00283 //
00284 // Helpers
00285 //
00286 
00287 void clearERROR_MESSAGE()
00288 {
00289         //Nulls string may cause problems back in Pythonland
00290         strcpy(ERROR_MESSAGE, "NOERROR");
00291 }
00292 
00293 bool tableArrayOutOfRange(unsigned int idx)
00294 {
00295         if (idx >= maxSize)
00296         {
00297                 sprintf(ERROR_MESSAGE, "Index exceeded size of table: Index:%d, Max Table Size:%d", idx, maxSize);
00298                 return true;
00299         }
00300 
00301         return false;
00302 }
00303 
00304 bool indexOutOfRange(unsigned int idx)
00305 {
00306         if (idx >= tableSize)
00307         {
00308                 sprintf(ERROR_MESSAGE, "Index out of Range: Index:%d, Current Table Size:%d", idx, tableSize);
00309                 return true;
00310         }
00311 
00312         return false;
00313 }
00314 
00315 
00316 //      Returns the process name give its pid
00317 
00318 BOOL GetProcessName( DWORD processID, TCHAR* szProcessName)
00319 {
00320  
00321     BOOL bRC = FALSE;
00322  
00323     // Get a handle to the process.
00324  
00325     HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
00326                                    PROCESS_VM_READ,
00327                                    FALSE, processID );
00328  
00329     // Get the process name.
00330  
00331     if (NULL != hProcess )
00332     {
00333         HMODULE hMod;
00334         DWORD cbNeeded;
00335  
00336         if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod),
00337              &cbNeeded) )
00338         {
00339             GetModuleBaseName( hProcess, hMod, szProcessName,
00340                                MAX_PATH );
00341  
00342             bRC = TRUE;
00343         }
00344                 else
00345                 {
00346                         strcpy(szProcessName, "UNKNOWN");
00347                 }
00348     }
00349         else
00350         {
00351                 strcpy(szProcessName, "UNKNOWN");
00352         }
00353  
00354     CloseHandle( hProcess );
00355  
00356     return bRC;
00357 }
00358