杀毒

开发平台：
Visual C++

ProcessViewPage.cpp：源码内容
							// ProcessViewPage.cpp : implementation file
//
#include "stdafx.h"
#include "AntiEvilTools.h"
#include "ProcessViewPage.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
//#include <stdio.h>
//#include <windows.h>
#include "Iphlpapi.h"
#include <tlhelp32.h>
#include "Winsock2.h"
#pragma comment(lib, "Iphlpapi.lib")
#pragma comment(lib, "WS2_32.lib")
long total_num=1;
typedef struct 
{
  DWORD   dwState;        	// 连接状态
  DWORD   dwLocalAddr;    	// 本地地址
  DWORD   dwLocalPort;    	// 本地端口
  DWORD   dwRemoteAddr;   	// 远程地址
  DWORD   dwRemotePort;   	// 远程端口
  DWORD	  dwProcessId;		// 进程ID号
} MIB_TCPEXROW, *PMIB_TCPEXROW;
typedef struct 
{
	DWORD			dwNumEntries;
	MIB_TCPEXROW	table[ANY_SIZE];
} MIB_TCPEXTABLE, *PMIB_TCPEXTABLE;
typedef struct 
{
  DWORD   dwLocalAddr;    	// 本地地址
  DWORD   dwLocalPort;    	// 本地端口
  DWORD	  dwProcessId;		// 进程ID号
} MIB_UDPEXROW, *PMIB_UDPEXROW;
typedef struct 
{
	DWORD			dwNumEntries;
	MIB_UDPEXROW	table[ANY_SIZE];
} MIB_UDPEXTABLE, *PMIB_UDPEXTABLE;
// 扩展函数原型
typedef DWORD (WINAPI *PFNAllocateAndGetTcpExTableFromStack)(
  PMIB_TCPEXTABLE *pTcpTable, 
  BOOL bOrder,             
  HANDLE heap,
  DWORD zero,
  DWORD flags
);
typedef DWORD (WINAPI *PFNAllocateAndGetUdpExTableFromStack)(
  PMIB_UDPEXTABLE *pUdpTable,  
  BOOL bOrder,              
  HANDLE heap,
  DWORD zero,
  DWORD flags
);
PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName);
/////////////////////////////////////////////////////////////////////////////
// CProcessViewPage property page
IMPLEMENT_DYNCREATE(CProcessViewPage, CPropertyPage)
CProcessViewPage::CProcessViewPage() : CPropertyPage(CProcessViewPage::IDD)
{
	//{{AFX_DATA_INIT(CProcessViewPage)
		// NOTE: the ClassWizard will add member initialization here
	//}}AFX_DATA_INIT
}
CProcessViewPage::~CProcessViewPage()
{
}
void CProcessViewPage::DoDataExchange(CDataExchange* pDX)
{
	CPropertyPage::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CProcessViewPage)
	DDX_Control(pDX, IDC_LIST_PROCESS_VIEW, m_process_ListCtrl);
	//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CProcessViewPage, CPropertyPage)
	//{{AFX_MSG_MAP(CProcessViewPage)
	ON_NOTIFY(NM_RCLICK, IDC_LIST_PROCESS_VIEW, OnRclickProcessList)
	ON_COMMAND(ID_REF, OnMenuitemProcessRefresh)
		// NOTE: the ClassWizard will add message map macros here
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CProcessViewPage message handlers
int CProcessViewPage::GetFileIcon(LPCTSTR lpFileName)
{
	SHFILEINFO sfi;
	SHGetFileInfo(lpFileName, 0, &sfi, sizeof(sfi), SHGFI_ICON|SHGFI_SMALLICON|SHGFI_LARGEICON);
	return sfi.iIcon;
}
void CProcessViewPage::GetProcessPort()
{
	m_process_ListCtrl.DeleteAllItems();
	PFNAllocateAndGetTcpExTableFromStack pAllocateAndGetTcpExTableFromStack;
	PFNAllocateAndGetUdpExTableFromStack pAllocateAndGetUdpExTableFromStack;
    CString   str1;
	// 获取扩展函数的入口地址	
	HMODULE hModule = ::LoadLibrary("iphlpapi.dll");
	pAllocateAndGetTcpExTableFromStack = 
			(PFNAllocateAndGetTcpExTableFromStack)::GetProcAddress(hModule, 
									"AllocateAndGetTcpExTableFromStack");
	
	pAllocateAndGetUdpExTableFromStack = 
			(PFNAllocateAndGetUdpExTableFromStack)::GetProcAddress(hModule, 
									"AllocateAndGetUdpExTableFromStack");
	if(pAllocateAndGetTcpExTableFromStack == NULL || pAllocateAndGetUdpExTableFromStack == NULL)
	{
		printf(" Ex APIs are not present n ");
		// 说明你应该调用普通的IP帮助API去获取TCP连接表和UDP监听表
		return ;
	}
	// 调用扩展函数，获取TCP扩展连接表和UDP扩展监听表
	PMIB_TCPEXTABLE pTcpExTable;
	PMIB_UDPEXTABLE pUdpExTable;
	// pTcpExTable和pUdpExTable所指的缓冲区自动由扩展函数在进程堆中申请
	if(pAllocateAndGetTcpExTableFromStack(&pTcpExTable, TRUE, GetProcessHeap(), 2, 2) != 0)
	{
			//printf(" Failed to snapshot TCP endpoints.n");
			return ;
	}
	if(pAllocateAndGetUdpExTableFromStack(&pUdpExTable, TRUE, GetProcessHeap(), 2, 2) != 0)
	{
			//printf(" Failed to snapshot UDP endpoints.n");
			return ;
	}
	// 给系统内的所有进程拍一个快照
	HANDLE hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if(hProcessSnap == INVALID_HANDLE_VALUE)
	{
		//printf(" Failed to take process snapshot. Process names will not be shown.nn");
		return ;
	}
//	printf(" Active Connections nn");
//	char	szLocalAddr[128];
//	char	szRemoteAddr[128];
	char	szProcessName[128];
	in_addr inadLocal, inadRemote;
	char    strState[128];
	DWORD   dwRemotePort = 0;	
	char strTemp[1024];
	CString str, strNum, strName,szSource,strSourPort, szDest,strDestPort, strData, strSize,strMAC,strHost;
		// 打印UDP监听表信息
	for(UINT i = 0; i < pUdpExTable->dwNumEntries; ++i)
	{
		// 本地IP地址
		inadLocal.s_addr = pUdpExTable->table[i].dwLocalAddr;
		
		// 远程端口
		if(strcmp(strState, "LISTEN") != 0)
		{
			dwRemotePort = pTcpExTable->table[i].dwRemotePort;
		}
		else
			dwRemotePort = 0;
		// 远程IP地址
		inadRemote.s_addr = pTcpExTable->table[i].dwRemoteAddr;
		
//		sprintf(szLocalAddr,  "%s:%u", inet_ntoa(inadLocal), 
//				ntohs((unsigned short)(0x0000FFFF & pUdpExTable->table[i].dwLocalPort)));
		// 打印出此入口的信息
//		str1.Format("%-5s %s:%dn", "[UDP]", 
//			ProcessPidToName(hProcessSnap, pUdpExTable->table[i].dwProcessId, szProcessName),
//			pUdpExTable->table[i].dwProcessId );
	//	MessageBox(str1);
	strNum.Format("%d",pUdpExTable->table[i].dwProcessId);
	strName.Format("%s",ProcessPidToName(hProcessSnap, pUdpExTable->table[i].dwProcessId, szProcessName));
	szSource.Format("%s",inet_ntoa(inadLocal));
	strSourPort.Format("%d",ntohs((unsigned short)(0x0000FFFF & pUdpExTable->table[i].dwLocalPort)));
	szDest.Format("%s","*.*.*.*");
//	strDestPort.Format("%d",ntohs((unsigned short)(0x0000FFFF & dwRemotePort)));
int index;
		CString Proto="UDP";
		GetExeFilePath(ProcessPidToName(hProcessSnap, pUdpExTable->table[i].dwProcessId, szProcessName), strTemp,pUdpExTable->table[i].dwProcessId);
			index = m_process_ListCtrl.InsertItem(0,strName,GetFileIcon(strTemp));
	m_process_ListCtrl.SetItem(index,1,LVIF_TEXT,strNum, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,2,LVIF_TEXT,Proto, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,3,LVIF_TEXT,szSource, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,4,LVIF_TEXT,strSourPort, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,5,LVIF_TEXT,szDest, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,6,LVIF_TEXT,"*", 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,7,LVIF_TEXT,"*", 0, 0, 0, 0);
		/*printf("      Local:   %sn      Remote:  %sn",
			szLocalAddr, "*.*.*.*:*" );*/
	}
	// 打印TCP扩展连接表信息
	for(i = 0; i < pTcpExTable->dwNumEntries; ++i)
	{
		// 状态
		switch (pTcpExTable->table[i].dwState)
		{
		case MIB_TCP_STATE_CLOSED:
			strcpy(strState, "CLOSED");
			break;
		case MIB_TCP_STATE_TIME_WAIT:
			strcpy(strState, "TIME_WAIT");
			break;
		case MIB_TCP_STATE_LAST_ACK:
			strcpy(strState, "LAST_ACK");
			break;
		case MIB_TCP_STATE_CLOSING:
			strcpy(strState, "CLOSING");
			break;
		case MIB_TCP_STATE_CLOSE_WAIT:
			strcpy(strState, "CLOSE_WAIT");
			break;
		case MIB_TCP_STATE_FIN_WAIT1:
			strcpy(strState, "FIN_WAIT1");
			break;
		case MIB_TCP_STATE_ESTAB:
			strcpy(strState, "ESTAB");
			break;
		case MIB_TCP_STATE_SYN_RCVD:
			strcpy(strState, "SYN_RCVD");
			break;
		case MIB_TCP_STATE_SYN_SENT:
			strcpy(strState, "SYN_SENT");
			break;
		case MIB_TCP_STATE_LISTEN:
			strcpy(strState, "LISTEN");
			break;
		case MIB_TCP_STATE_DELETE_TCB:
			strcpy(strState, "DELETE");
			break;
		default:
		//	printf("Error: unknown state!n");
			break;
		}
		// 本地IP地址
		inadLocal.s_addr = pTcpExTable->table[i].dwLocalAddr;
		
		// 远程端口
		if(strcmp(strState, "LISTEN") != 0)
		{
			dwRemotePort = pTcpExTable->table[i].dwRemotePort;
		}
		else
			dwRemotePort = 0;
		// 远程IP地址
		inadRemote.s_addr = pTcpExTable->table[i].dwRemoteAddr;
		
//		sprintf(szLocalAddr, "%s:%u", inet_ntoa(inadLocal), 
//					ntohs((unsigned short)(0x0000FFFF & pTcpExTable->table[i].dwLocalPort)));
//		sprintf(szRemoteAddr, "%s:%u", inet_ntoa(inadRemote), 
//					ntohs((unsigned short)(0x0000FFFF & dwRemotePort)));
		// 打印出此入口的信息
		//str1.Format("%-5s %s:%dn      State:   %sn", "[TCP]", 
		//	ProcessPidToName(hProcessSnap, pTcpExTable->table[i].dwProcessId, szProcessName),
	//		pTcpExTable->table[i].dwProcessId,
	//		strState);
     //   MessageBox(str1);
	strNum.Format("%d",pTcpExTable->table[i].dwProcessId);
	strName.Format("%s",ProcessPidToName(hProcessSnap, pTcpExTable->table[i].dwProcessId, szProcessName));
	szSource.Format("%s",inet_ntoa(inadLocal));
	strSourPort.Format("%d",ntohs((unsigned short)(0x0000FFFF & pTcpExTable->table[i].dwLocalPort)));
	szDest.Format("%s",inet_ntoa(inadRemote));
	strDestPort.Format("%d",ntohs((unsigned short)(0x0000FFFF & dwRemotePort)));
		if(szDest=="0.0.0.0")
		strDestPort="0";
		int index;
		CString Proto="TCP";
		GetExeFilePath(ProcessPidToName(hProcessSnap, pUdpExTable->table[i].dwProcessId, szProcessName), strTemp,pUdpExTable->table[i].dwProcessId);
			index = m_process_ListCtrl.InsertItem(0,strName,GetFileIcon(strTemp));
	m_process_ListCtrl.SetItem(index,1,LVIF_TEXT,strNum, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,2,LVIF_TEXT,Proto, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,3,LVIF_TEXT,szSource, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,4,LVIF_TEXT,strSourPort, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,5,LVIF_TEXT,szDest, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,6,LVIF_TEXT,strDestPort, 0, 0, 0, 0);
	m_process_ListCtrl.SetItem(index,7,LVIF_TEXT,strState, 0, 0, 0, 0);
		/*printf("      Local:   %sn      Remote:  %sn",
			szLocalAddr, szRemoteAddr);*/
	}
	
	
	::CloseHandle(hProcessSnap);
	::LocalFree(pTcpExTable);
	::LocalFree(pUdpExTable);
	::FreeLibrary(hModule);
	return ;
}
bool CProcessViewPage::InitSystemImageLists(HWND hwndList)
{
	SHFILEINFO sfi;
    HIMAGELIST himlSmall = (HIMAGELIST)::SHGetFileInfo( "C:\", 0, &sfi, 
		sizeof(SHFILEINFO), SHGFI_SYSICONINDEX | SHGFI_SMALLICON );
    HIMAGELIST himlLarge = (HIMAGELIST)::SHGetFileInfo( "C:\", 0, &sfi, 
		sizeof(SHFILEINFO), SHGFI_SYSICONINDEX | SHGFI_LARGEICON );
    if( himlSmall && himlLarge ) { 
		ListView_SetImageList(hwndList, himlSmall, LVSIL_SMALL);
		ListView_SetImageList(hwndList, himlLarge, LVSIL_NORMAL);
		return TRUE;
    }
    return FALSE;
}
BOOL CProcessViewPage::OnInitDialog()
{
	CDialog::OnInitDialog();
	// Add "About..." menu item to system menu.
	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);
	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}
	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	//  ListView initialize
	DWORD dwStyle=GetWindowLong(m_process_ListCtrl.GetSafeHwnd(),GWL_STYLE);
	dwStyle&=~LVS_TYPEMASK;
	dwStyle|=LVS_REPORT;
	SetWindowLong(m_process_ListCtrl.GetSafeHwnd(),GWL_STYLE,dwStyle);
	//SetRedraw(TRUE); 
	
	//初始化列表
	InitSystemImageLists(m_process_ListCtrl.m_hWnd);
	m_process_ListCtrl.InsertColumn(0,"状态",LVCFMT_LEFT,60);
    m_process_ListCtrl.InsertColumn(0,"目的端口",LVCFMT_LEFT,80);
	m_process_ListCtrl.InsertColumn(0,"目的地址IP",LVCFMT_LEFT,100);
	m_process_ListCtrl.InsertColumn(0,"源端口",LVCFMT_LEFT,60);
	m_process_ListCtrl.InsertColumn(0,"源地址",LVCFMT_LEFT,100);
	m_process_ListCtrl.InsertColumn(0,"协议",LVCFMT_LEFT,40);
	m_process_ListCtrl.InsertColumn(0,"进程号",LVCFMT_LEFT,60);
	m_process_ListCtrl.InsertColumn(0,"进程名",LVCFMT_LEFT,80);
    
    ::SendMessage(m_process_ListCtrl.m_hWnd, LVM_SETEXTENDEDLISTVIEWSTYLE,
		LVS_EX_FULLROWSELECT, LVS_EX_FULLROWSELECT);
//	SetWindowText("进程与端口");
	
//	SetTimer(0, 500, NULL);
	
	GetProcessPort();
	return TRUE;  // return TRUE  unless you set the focus to a control
}
bool CProcessViewPage::GetExeFilePath(char pExeFileName[], char buffer[], DWORD pid)
{
	bool flag = true;
	memset(buffer, 0, strlen(buffer));
	int result = (int)FindExecutable(pExeFileName, 0, buffer);
	if(result <= 32)
	{
		memset(buffer, 0, strlen(buffer));
		HANDLE hProcess;
		hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_QUERY_INFORMATION, FALSE, pid);
		if(hProcess != NULL)
		{
			if(GetModuleFileNameEx(hProcess, 0, buffer, 1024) == 0)
				flag = false;
		}
		else
		{
			flag = false;
		}
		CloseHandle(hProcess);
	}
	if(!flag)
	{
		strcpy(buffer, "不知道");
	}
	return flag;
}
PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName)
{
	PROCESSENTRY32 processEntry;
	processEntry.dwSize = sizeof(processEntry);
	// 找不到的话，默认进程名为“???”
	strcpy(ProcessName, "???");
	if(!::Process32First(hProcessSnap, &processEntry)) 
		return ProcessName;
	do 
	{
		if(processEntry.th32ProcessID == ProcessId) // 就是这个进程
		{
			strcpy(ProcessName, processEntry.szExeFile);
			break;
		}
	}
	while(::Process32Next(hProcessSnap, &processEntry));
	return ProcessName;
}
void CProcessViewPage::OnRclickProcessList(NMHDR *pNMHDR, LRESULT *pResult)
{
	iSelected = m_process_ListCtrl.GetNextItem(-1, LVNI_SELECTED);
	POINT point;
	::GetCursorPos(&point);
	CMenu menu;
	menu.LoadMenu(IDR_MENU1);
	menu.GetSubMenu(0)->TrackPopupMenu(TPM_LEFTALIGN, point.x, point.y, this);
	*pResult = 0;
}
void CProcessViewPage::OnMenuitemProcessRefresh()
{
	GetProcessPort();
}

						