低调小强

驱动牛犊

注册日期2005-09-16
最后登录2016-01-09
粉丝0
关注0
积分457分
威望48点
贡献值0点
好评度45点
原创分1分
专家分0分

加关注写私信

阅读：2243回复：11

网上Fport的源码不能用在XP上？请问高手那里出问题（内附源码）

楼主^#

更多发布于：2007-01-08 11:58

  // FPort.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID,
   LPMODULEENTRY32 lpMe32, DWORD cbMe32)
{
   BOOL bRet = FALSE;
   BOOL bFound = FALSE;
   HANDLE hModuleSnap = NULL;
   MODULEENTRY32 me32 = {0};

   hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
   if (hModuleSnap == INVALID_HANDLE_VALUE)
   return (FALSE);

   me32.dwSize = sizeof(MODULEENTRY32);

   if (Module32First(hModuleSnap, &me32))
   {
   do
   {
   if (me32.th32ModuleID == dwModuleID)
   {
   CopyMemory (lpMe32, &me32, cbMe32);
   bFound = TRUE;
   }
   }
   while (!bFound && Module32Next(hModuleSnap, &me32));

   bRet = bFound;

   }
   else
   bRet = FALSE;

   CloseHandle (hModuleSnap);

   return (bRet);
}

PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName)
{
   PROCESSENTRY32 processEntry = { 0 };
   processEntry.dwSize = sizeof(PROCESSENTRY32);

   lstrcpy(ProcessName, "???");

   if (!Process32First(hProcessSnap, &processEntry))
   {
   return ProcessName;
   }

   do
   {
   if (processEntry.th32ProcessID == ProcessId)
   {
   MODULEENTRY32 me32 = {0};
   GetProcessModule(processEntry.th32ProcessID,
   1, &me32, sizeof(MODULEENTRY32));

   if (lstrlen(me32.szExePath) != 0)
   {
   lstrcpy(ProcessName, me32.szExePath);
   }
   else
   {
   lstrcpy(ProcessName, processEntry.szExeFile);
   }
   return ProcessName;
   }

   } while(Process32Next(hProcessSnap, &processEntry));

   return ProcessName;
}

HANDLE OpenPhysicalMemory(HANDLE& hSection)
{
   NTSTATUS status;
   UNICODE_STRING physmemString;
   OBJECT_ATTRIBUTES attributes;
   HANDLE hMemory;

   RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory");

   InitializeObjectAttributes(&attributes, &physmemString,
   OBJ_CASE_INSENSITIVE, NULL, NULL);

   status = ZwOpenSection(&hSection, SECTION_MAP_READ, &attributes );


   if (!NT_SUCCESS(status)) return NULL;

   hMemory = MapViewOfFile(hSection, FILE_MAP_READ,
   0, 0x30000, 0x1000);

   if (GetLastError() != 0) return NULL;

   return hMemory;
}

void AdjustDacl(HANDLE hProcess)
{
   SID world = { SID_REVISION,1, SECURITY_WORLD_SID_AUTHORITY, 0 };

   LPTSTR ptstrName = (LPTSTR)&world;
   EXPLICIT_ACCESS ea = { STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, SET_ACCESS, NO_INHERITANCE,
   { 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, ptstrName}};

   ACL * pdacl = 0;
   if (SetEntriesInAcl(1, &ea, 0, &pdacl) != ERROR_SUCCESS)
   {
   printf( "SetEntriesInAcl Error:%d", GetLastError());
   }

   if (SetSecurityInfo(hProcess, SE_KERNEL_OBJECT,
   DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0) != ERROR_SUCCESS)
   {
   printf( "SetSecurityInfo Error:%d", GetLastError());
   }

   LocalFree(pdacl);
}

HANDLE OpenDeviceTcpUdp(WCHAR * deviceName)
{
   UNICODE_STRING physmemString;
   OBJECT_ATTRIBUTES attributes;
   IO_STATUS_BLOCK iosb;
   HANDLE hDeviceHandle;

   RtlInitUnicodeString(&physmemString, deviceName);

   if (GetLastError() != 0) return NULL;

   InitializeObjectAttributes(&attributes, &physmemString,
   OBJ_CASE_INSENSITIVE, 0, NULL);

   NTSTATUS status = ZwOpenFile(&hDeviceHandle, 0x100000, &attributes, &iosb, 3, 0);

   if (!NT_SUCCESS(status)) return NULL;

   return hDeviceHandle;
}

PULONG GetHandleList()
{
   ULONG cbBuffer = 0x1000;
   PULONG pBuffer = new ULONG[cbBuffer];
   NTSTATUS Status;

   do
   {
   Status = ZwQuerySystemInformation(
   SystemHandleInformation,
   pBuffer,
   cbBuffer * sizeof(ULONG),
   NULL
   );

   if (Status == STATUS_INFO_LENGTH_MISMATCH)
   {
   delete [] pBuffer;
   pBuffer = new ULONG[cbBuffer *= 2];
   }
   else if (!NT_SUCCESS(Status))
   {
   delete [] pBuffer;
   return NULL;
   }
   }while (Status == STATUS_INFO_LENGTH_MISMATCH);

   return pBuffer;
}

PVOID GetTcpUdpObject(PULONG pBuffer, HANDLE hHandle, DWORD ProcessId)
{
   int nCount = *pBuffer;
   PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);

   for (int i = 0; i < nCount; i++)
   {
   if (pProcesses->ProcessId == ProcessId && pProcesses->Handle == (int)hHandle)
   {
   return (PVOID)pProcesses;
   }
   pProcesses++;
   }
   return NULL;
}

BOOL GetPTE(PVOID objAddress, HANDLE hMapPhysicalMemory, HANDLE hSection, PTE& pte)
{
   DWORD dwPhysMemBuf = (DWORD)hMapPhysicalMemory, dwAddress = (DWORD)objAddress;
   LPVOID pNewMapPhy = NULL;
   DWORD dwNewAddress = *((LPDWORD)(dwPhysMemBuf + (dwAddress >> 0x16) * 4));

   if ((dwNewAddress & 0x000000ff) < 0x01)
   {
   return FALSE;
   }
   if ((dwNewAddress & 0x000000ff) < 0x80)
   {
   pNewMapPhy = MapViewOfFile(hSection, 4, 0, dwNewAddress & 0xFFFFF000, 0x1000);
   dwNewAddress = (dwAddress >> 0x0c) & 0x3ff;
   dwNewAddress = *((LPDWORD)((DWORD)pNewMapPhy + 4 * dwNewAddress)) & 0xFFFFF000;
   UnmapViewOfFile(pNewMapPhy);
   pNewMapPhy = NULL;
   }
   else
   {
   dwNewAddress = (dwNewAddress & 0xFFFFF000) + (dwAddress & 0x003ff000);
   }

   pNewMapPhy = MapViewOfFile(hSection, FILE_MAP_READ,
   0, dwNewAddress, 0x1000);

   if (pNewMapPhy == NULL)
   {
   long lError = GetLastError();
   return FALSE;
   }
   else
   {
   memcpy(&pte, (char *)pNewMapPhy + (dwAddress & 0x00000FFF), sizeof(PTE));
   }

   UnmapViewOfFile(pNewMapPhy);
   return TRUE;
}

BOOL RaisePrivleges( HANDLE hToken, char *pPriv )
{
   TOKEN_PRIVILEGES tkp;

   tkp.PrivilegeCount = 1;
   tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
   tkp.Privileges[0].Luid.HighPart = 0;
   tkp.Privileges[0].Luid.LowPart = 0;

   if (!LookupPrivilegeValue(NULL, pPriv, &tkp.Privileges[0].Luid))
   {
   printf("LookupPrivilegeValue Error:%d\n", GetLastError());
   return FALSE;
   }

   int iRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0x10, (PTOKEN_PRIVILEGES)NULL, 0);
   if (iRet == NULL)
   {
   printf( "AdjustTokenPrivileges Error:%d\n", GetLastError());
   return TRUE;
   }
   else
   {
   iRet = GetLastError();

   switch (iRet)
   {
   case ERROR_NOT_ALL_ASSIGNED:
   {
   printf("AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" );
   return FALSE;
   }
   case ERROR_SUCCESS:
   {
   return TRUE;
   }
   default:
   {
   printf("AdjustTokenPrivileges Unknow Error:%d\n", iRet);
   return FALSE;
   }
   }
   }
}

int main(int argc, char* argv[])
{
   HANDLE hToken;
   HANDLE hTcpHandle;
   HANDLE hUdpHandle;
   HANDLE hSection;

   printf("---[ FPort, by Phiger ]---\n");
   printf("---[ Date : 2003-12-30 ]---\n\n");

   HANDLE hMapPhysicalMemory = OpenPhysicalMemory(hSection);

   HANDLE hCurrentProc = GetCurrentProcess();

   if (!OpenProcessToken(hCurrentProc,
   TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
   &hToken))
   {
   printf( "OpenProcessToken Error:%d\n", GetLastError());
   }
   else
   {
   if (!RaisePrivleges(hToken, (char*)SE_DEBUG_NAME))
   printf( "SetPrivlegesSE_DEBUG_NAME Error:%d\n", GetLastError());
   }

   if (hToken) CloseHandle(hToken);

   hTcpHandle = OpenDeviceTcpUdp(L"\\Device\\TCP");
   hUdpHandle = OpenDeviceTcpUdp(L"\\Device\\UDP");

   PULONG pBuffer = GetHandleList();

   if (pBuffer == NULL) return 0;

   PSYSTEM_HANDLE_INFORMATION objTcpAddress = NULL;
   PSYSTEM_HANDLE_INFORMATION objUdpAddress = NULL;

   objTcpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hTcpHandle, GetCurrentProcessId());

   PTE pteTCPCur;
   if (!GetPTE(objTcpAddress->Object, hMapPhysicalMemory, hSection, pteTCPCur))
   {
   return 0;
   }

   objUdpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hUdpHandle, GetCurrentProcessId());

   PTE pteUDPCur;
   if (!GetPTE(objUdpAddress->Object, hMapPhysicalMemory, hSection, pteUDPCur))
   {
   return 0;
   }

   OVERLAPPED Overlap;

   HANDLE hEvent = CreateEvent(0, 1, 0, 0);

   Overlap.Internal = 0;
   Overlap.InternalHigh = 0;
   Overlap.Offset = 0;
   Overlap.OffsetHigh = 0;
   Overlap.hEvent = hEvent;

   HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
   if (hProcessSnap == INVALID_HANDLE_VALUE)
   {
   printf("Failed to take process snapshot. Process names will not be shown.\n\n");
   }

   int nCount = *pBuffer;
   PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);

   for (int i = 0; i < nCount; i++)
   {
   if (pProcesses->ObjectTypeNumber == objTcpAddress->ObjectTypeNumber)
   {
   PTE pte;
   if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte))
   {
   pProcesses++;
   continue;
   }

   if ((pte.NoCache == 1 || pte.NoCache == 2) &&
   (pteTCPCur.WriteTable == pte.WriteTable))
   {
   HANDLE hProc = NULL, DupHandle=NULL;
   int i = 0, portflag = 0;
   u_short openport;

   hProc = OpenProcess(PROCESS_DUP_HANDLE,
   0,
   pProcesses->ProcessId);

   if (hProc)
   {
   DuplicateHandle(hProc,
   (HANDLE)pProcesses->Handle,
   GetCurrentProcess(),
   &DupHandle,
   0,
   FALSE,
   2);

   CloseHandle(hProc);

   if (DupHandle)
   {
   TDI_CONNECTION_INFO TdiConnInfo={0};
   TDI_CONNECTION_INFORMATION TdiConnInformation = {0};
   DWORD dwRetu=0;

   if (pte.NoCache == 0x02)
   {
   TdiConnInformation.RemoteAddressLength = 4;
   if (DeviceIoControl(
   DupHandle,
   0x210012,
   &TdiConnInformation,
   sizeof(TdiConnInformation),
   &TdiConnInfo,
   sizeof(TdiConnInfo),
   NULL,
   &Overlap))
   {
   char szProcName[256];
   openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
   if (openport != 0)
   {
   printf("TCP PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
   }
   }
   else
   {
   long lError = GetLastError();
   }
   }
   else if (pte.NoCache == 0x01)
   {
   TdiConnInformation.RemoteAddressLength = 3;
   if (DeviceIoControl(DupHandle, 0x210012,
   &TdiConnInformation, sizeof(TdiConnInformation),
   &TdiConnInfo, sizeof(TdiConnInfo),
   NULL, &Overlap))
   {
   char szProcName[256];
   openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
   if (openport != 0)
   {
   printf("TCP PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
   }
   }
   else
   {
   long lError = GetLastError();
   }
   }
   CloseHandle(DupHandle);
   }
   }
   }
   }
   pProcesses++;
   }

   nCount = *pBuffer;
   pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);

   for (i = 0; i < nCount; i++)
   {
   if (pProcesses->ObjectTypeNumber == objUdpAddress->ObjectTypeNumber)
   {
   PTE pte;
   if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte))
   {
   pProcesses++;
   continue;
   }

   if ((pte.NoCache == 1 || pte.NoCache == 2) &&
   (pteUDPCur.WriteTable == pte.WriteTable))
   {
   HANDLE hProc = NULL, DupHandle=NULL;
   int i = 0, portflag = 0;
   u_short openport;

   hProc = OpenProcess(PROCESS_DUP_HANDLE,
   0,
   pProcesses->ProcessId);

   if (hProc)
   {
   DuplicateHandle(hProc,
   (HANDLE)pProcesses->Handle,
   GetCurrentProcess(),
   &DupHandle,
   0,
   FALSE,
   2);

   CloseHandle(hProc);

   if (DupHandle)
   {
   TDI_CONNECTION_INFO TdiConnInfo={0};
   TDI_CONNECTION_INFORMATION TdiConnInformation = {0};
   DWORD dwRetu=0;

   if (pte.NoCache == 0x02)
   {
   TdiConnInformation.RemoteAddressLength = 4;
   if (DeviceIoControl(
   DupHandle,
   0x210012,
   &TdiConnInformation,
   sizeof(TdiConnInformation),
   &TdiConnInfo,
   sizeof(TdiConnInfo),
   NULL,
   &Overlap))
   {
   char szProcName[256];
   openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
   if (openport != 0)
   {
   printf("UDP PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
   }
   }
   else
   {
   long lError = GetLastError();
   }
   }
   else if (pte.NoCache == 0x01)
   {
   TdiConnInformation.RemoteAddressLength = 3;
   if (DeviceIoControl(DupHandle, 0x210012,
   &TdiConnInformation, sizeof(TdiConnInformation),
   &TdiConnInfo, sizeof(TdiConnInfo),
   NULL, &Overlap))
   {
   char szProcName[256];
   openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
   if (openport != 0)
   {
   printf("UDP PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
   }
   }
   else
   {
   long lError = GetLastError();
   }
   }
   CloseHandle(DupHandle);
   }
   }
   }
   }
   pProcesses++;
   }

   CloseHandle(hEvent);
   CloseHandle(hProcessSnap);

   return 0;
}

喜欢1

最新喜欢：

WY.lsl...

低调小强

驱动牛犊

注册日期2005-09-16
最后登录2016-01-09
粉丝0
关注0
积分457分
威望48点
贡献值0点
好评度45点
原创分1分
专家分0分

加关注写私信

沙发^#

发布于：2007-01-08 11:59

// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently, but
// are changed infrequently
//

#if !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)
#define AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#define _WIN32_WINNT 0x0500

#pragma comment(lib, "ntdll.lib")

#include <windows.h>
#include <ntsecapi.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <tchar.h>
#include <malloc.h>
#include <Aclapi.h>
#include <Tlhelp32.h>
#include <iprtrmib.h>
#include <Iphlpapi.h>

#pragma warning(disable: 4786)
#pragma warning(disable: 4530)
#include <string>
#include <map>
using namespace std;

#define _CRTDBG_MAP_ALLOC
#include <crtdbg.h>

#define NTAPI __stdcall

typedef LONG NTSTATUS;
typedef LONG KPRIORITY;

#define SECTION_QUERY 0x0001
#define SECTION_MAP_WRITE 0x0002
#define SECTION_MAP_READ 0x0004
#define SECTION_MAP_EXECUTE 0x0008
#define SECTION_EXTEND_SIZE 0x0010

#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)

#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)

#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_VALID_ATTRIBUTES 0x000003F2L

#define SystemHandleInformation 16

#define FILE_DIRECTORY_FILE 0x00000001
#define FILE_WRITE_THROUGH 0x00000002
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
#define FILE_CREATE_TREE_CONNECTION 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
#define FILE_NO_EA_KNOWLEDGE 0x00000200
#define FILE_OPEN_FOR_RECOVERY 0x00000400
#define FILE_RANDOM_ACCESS 0x00000800
#define FILE_DELETE_ON_CLOSE 0x00001000
#define FILE_OPEN_BY_FILE_ID 0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_NO_COMPRESSION 0x00008000
#define FILE_RESERVE_OPFILTER 0x00100000
#define FILE_OPEN_REPARSE_POINT 0x00200000
#define FILE_OPEN_NO_RECALL 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
#define FILE_COPY_STRUCTURED_STORAGE 0x00000041
#define FILE_STRUCTURED_STORAGE 0x00000441
#define FILE_VALID_OPTION_FLAGS 0x00ffffff
#define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
#define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
#define FILE_VALID_SET_FLAGS 0x00000036

#define InitializeObjectAttributes( p, n, a, r, s ) { \
   (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
   (p)->RootDirectory = r; \
   (p)->Attributes = a; \
   (p)->ObjectName = n; \
   (p)->SecurityDescriptor = s; \
   (p)->SecurityQualityOfService = NULL; \
}

typedef struct {
   ULONG Present;
   ULONG WriteTable;
   ULONG User;
   ULONG WriteThru;
   ULONG NoCache;
   ULONG Accessed;
   ULONG Dirty;
   ULONG PageSize;
   ULONG Global;
   ULONG Available;
   ULONG Pfn;
} PTE, *PPTE;

typedef struct _IO_STATUS_BLOCK {
   union {
   NTSTATUS Status;
   PVOID Pointer;
   };

   ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

#if defined(_WIN64)
typedef struct _IO_STATUS_BLOCK32 {
   NTSTATUS Status;
   ULONG Information;
} IO_STATUS_BLOCK32, *PIO_STATUS_BLOCK32;
#endif

typedef struct _SYSTEM_HANDLE_INFORMATION {//Information Class 16
   ULONG ProcessId;
   UCHAR ObjectTypeNumber;
   UCHAR Flags; //0x01 =PROTECT_FROM_CLOSE,0x02 =INHERIT
   USHORT Handle;
   PVOID Object;
   ACCESS_MASK GrantedAccess;
}SYSTEM_HANDLE_INFORMATION,*PSYSTEM_HANDLE_INFORMATION;

typedef struct _TDI_CONNECTION_INFO {
   ULONG State;
   ULONG Event;
   ULONG TransmittedTsdus;
   ULONG ReceivedTsdus;
   ULONG TransmissionErrors;
   ULONG ReceiveErrors;
   LARGE_INTEGER Throughput;
   LARGE_INTEGER Delay;
   ULONG SendBufferSize;
   ULONG ReceiveBufferSize;
   BOOLEAN Unreliable;
} TDI_CONNECTION_INFO, *PTDI_CONNECTION_INFO;

typedef struct _TDI_CONNECTION_INFORMATION {
   LONG UserDataLength;
   PVOID UserData;
   LONG OptionsLength;
   PVOID Options;
   LONG RemoteAddressLength;
   PVOID RemoteAddress;
} TDI_CONNECTION_INFORMATION, *PTDI_CONNECTION_INFORMATION;

#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
   SECTION_MAP_WRITE | \
   SECTION_MAP_READ | \
   SECTION_MAP_EXECUTE | \
SECTION_EXTEND_SIZE)

typedef struct _OBJECT_ATTRIBUTES {
   ULONG Length;
   HANDLE RootDirectory;
   PUNICODE_STRING ObjectName;
   ULONG Attributes;
   PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
   PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;

typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenSection(
   OUT PHANDLE sectionHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes
   );

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenFile(
   OUT PHANDLE FileHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   OUT PIO_STATUS_BLOCK IoStatusBlock,
   IN ULONG ShareAccess,
   IN ULONG OpenOptions
   );

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
   IN UINT SystemInformationClass,
   IN OUT PVOID SystemInformation,
   IN ULONG SystemInformationLength,
   OUT PULONG ReturnLength OPTIONAL
   );

extern "C"
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
   PUNICODE_STRING DestinationString,
   PCWSTR SourceString
   );

//{{AFX_INSERT_LOCATION}}
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.

#endif // !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)

回复喜欢

低调小强驱动牛犊注册日期2005-09-16 最后登录2016-01-09 粉丝0 关注0 积分457分威望48点贡献值0点好评度45点原创分1分专家分0分加关注写私信	板凳^# 发布于：2007-01-08 13:50 是不是XP下tcp.sys更新了？？那个达人知道如何改。。
	回复(0) 喜欢(0)

低调小强驱动牛犊注册日期2005-09-16 最后登录2016-01-09 粉丝0 关注0 积分457分威望48点贡献值0点好评度45点原创分1分专家分0分加关注写私信	地板^# 发布于：2007-01-08 14:20 DWORD dwPhysMemBuf = (DWORD)hMapPhysicalMemory, dwAddress = (DWORD)objAddress; LPVOID pNewMapPhy = NULL; DWORD dwNewAddress = ((LPDWORD)(dwPhysMemBuf + (dwAddress >> 0x16) 4)); 在windowxp下得到的dwNewAddress为0，是XP和2000的物理地址转线型地址方法不同？？？
	回复(0) 喜欢(0)

cswang

驱动小牛

注册日期2001-11-05
最后登录2010-03-01
粉丝0
关注0
积分1004分
威望144点
贡献值0点
好评度96点
原创分0分
专家分0分

加关注写私信

地下室^#

发布于：2007-02-14 14:36

LZ的问题解决了没？我在XP下编译的时候也碰到问题了，不过还没到你的那一步，我跟踪调试的时候发现函数OpenPhysicalMemory()的返回值是0，不知道为什么会这样，LZ的有没有发现同样的问题？能否指点一下？
HANDLE OpenPhysicalMemory(HANDLE& hSection)
{
   NTSTATUS status;
   UNICODE_STRING physmemString;
   OBJECT_ATTRIBUTES attributes;
   HANDLE hMemory;

   RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory");

   InitializeObjectAttributes(&attributes, &physmemString,
   OBJ_CASE_INSENSITIVE, NULL, NULL);

   status = ZwOpenSection(&hSection, SECTION_MAP_READ, &attributes );


   if (!NT_SUCCESS(status)) return NULL;

   hMemory = MapViewOfFile(hSection, FILE_MAP_READ,
   0, 0x30000, 0x1000);

   if (GetLastError() != 0) return NULL;

   return hMemory;
}

瞬息不可挽救，永恒不可企及

回复喜欢

cswang

驱动小牛

注册日期2001-11-05
最后登录2010-03-01
粉丝0
关注0
积分1004分
威望144点
贡献值0点
好评度96点
原创分0分
专家分0分

加关注写私信

5楼^#

发布于：2007-02-14 14:41

其中GetLastError()的返回值是487，查了一下MSDN，是指Attempt to access invalid address，应该是其中的最后两个参数设置不正确

瞬息不可挽救，永恒不可企及

回复喜欢

cswang

驱动小牛

注册日期2001-11-05
最后登录2010-03-01
粉丝0
关注0
积分1004分
威望144点
贡献值0点
好评度96点
原创分0分
专家分0分

加关注写私信

6楼^#

发布于：2007-02-14 16:09

用IDA跟踪了原版的fport.exe才发现，其实fport.exe对于win xp以上的操作系统，不是走上面代码所示的那条路，而是用iphlpapi.dll中提供的两个未公开的AllocateAndGetTcpExTableFromStack和AllocateAndGetUdpExTableFromStack函数来分别获取TCP和UDP的连接的，其实在winxp和winx 2k3下用公开的GetExtendedTcpTable和GetExtendedUdpTable也可以获取当前的连接信息，不知道fport.exe不采用这两个公开的函数而用那两个未公开的函数。

瞬息不可挽救，永恒不可企及

回复喜欢

cswang

驱动小牛

注册日期2001-11-05
最后登录2010-03-01
粉丝0
关注0
积分1004分
威望144点
贡献值0点
好评度96点
原创分0分
专家分0分

加关注写私信

7楼^#

发布于：2007-02-14 16:11

在网上搜索了一下AllocateAndGetTcpExTableFromStack和AllocateAndGetUdpExTableFromStack函数，在codeproject上有类似的应用，有兴趣的可以把源代码拿下来看看，http://www.codeproject.com/cs/internet/iphlpapi.asp?df=100&forumid=15746&exp=0&select=1129534

瞬息不可挽救，永恒不可企及

回复喜欢

cswang

驱动小牛

注册日期2001-11-05
最后登录2010-03-01
粉丝0
关注0
积分1004分
威望144点
贡献值0点
好评度96点
原创分0分
专家分0分

加关注写私信

8楼^#

发布于：2007-02-14 16:36

再问一个问题，有没有办法在应用层把连接断开，注意：只是端口连接，而不是把相关的应用程序干掉

瞬息不可挽救，永恒不可企及

回复喜欢

低调小强驱动牛犊注册日期2005-09-16 最后登录2016-01-09 粉丝0 关注0 积分457分威望48点贡献值0点好评度45点原创分1分专家分0分加关注写私信	9楼^# 发布于：2007-03-07 23:33 cswang大哥说得对。已经实现了FPort一样功能了。也是XP 和2K分别实现的。。。2K下是要管理员权限的，XP不用，可以看出实现方法不一样。要在应用层拦截写个SPI的HOOK应该可以了。
	回复(0) 喜欢(0)

cswang

驱动小牛

注册日期2001-11-05
最后登录2010-03-01
粉丝0
关注0
积分1004分
威望144点
贡献值0点
好评度96点
原创分0分
专家分0分

加关注写私信

10楼^#

发布于：2007-03-10 11:10

我要的是断开指定连接，而不是拦截；费尔防火墙3.0就有这样的功能，估计它就是通过SPI来实现的，不知道谁有费尔3.0防火墙的源代码（不是2.1的源代码），想也就一下它的实现方法.

瞬息不可挽救，永恒不可企及

回复喜欢

低调小强驱动牛犊注册日期2005-09-16 最后登录2016-01-09 粉丝0 关注0 积分457分威望48点贡献值0点好评度45点原创分1分专家分0分加关注写私信	11楼^# 发布于：2007-03-10 14:57 2.1以后的版本都不卖了吧。。。。
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册