// FPort.cpp : Defines the entry point for the console application.//#include "stdafx.h"BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID, � � � �LPMODULEENTRY32 lpMe32, DWORD cbMe32) { � �BOOL � � � � �bRet � � � �= FALSE; � �BOOL � � � � �bFound � � �= FALSE; � �HANDLE � � � �hModuleSnap = NULL; � �MODULEENTRY32 me32 � � � �= { 0 }; � �hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); � �if (hModuleSnap == INVALID_HANDLE_VALUE) � � � �return (FALSE); � �me32.dwSize = sizeof(MODULEENTRY32); � �if (Module32First(hModuleSnap, &me32)) � �{ � � � �do � � � �{ � � � � � �if (me32.th32ModuleID == dwModuleID) � � � � � �{ � � � � � � � �CopyMemory (lpMe32, &me32, cbMe32); � � � � � � � �bFound = TRUE; � � � � � �} � � � �} � � � �while (!bFound && Module32Next(hModuleSnap, &me32)); � � � � �bRet = bFound; � �} � �else � � � �bRet = FALSE; � �CloseHandle (hModuleSnap); � �return (bRet); }PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName){ PROCESSENTRY32 processEntry = { 0 }; processEntry.dwSize = sizeof(PROCESSENTRY32); lstrcpy(ProcessName, "???"); if (!Process32First(hProcessSnap, &processEntry)) { �return ProcessName; �} do { �if (processEntry.th32ProcessID == ProcessId) �{ � MODULEENTRY32 me32 � � � = { 0 }; � GetProcessModule(processEntry.th32ProcessID, � � 1, &me32, sizeof(MODULEENTRY32)); � � � if (lstrlen(me32.szExePath) != 0) � { � �lstrcpy(ProcessName, me32.szExePath); � �} � else � { � �lstrcpy(ProcessName, processEntry.szExeFile); � �} � return ProcessName; � } � �} while(Process32Next(hProcessSnap, &processEntry)); return ProcessName;}HANDLE OpenPhysicalMemory(HANDLE& hSection){ � �NTSTATUS � � � � �status; � �UNICODE_STRING � �physmemString; � �OBJECT_ATTRIBUTES attributes; HANDLE � � � � � �hMemory; � � �RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory"); � �InitializeObjectAttributes(&attributes, &physmemString, �OBJ_CASE_INSENSITIVE, NULL, NULL); � �status = ZwOpenSection(&hSection, SECTION_MAP_READ, &attributes ); � if (!NT_SUCCESS(status)) return NULL; � �hMemory = MapViewOfFile(hSection, FILE_MAP_READ, �0, 0x30000, 0x1000); � �if (GetLastError() != 0) return NULL; � � � �return hMemory;}void AdjustDacl(HANDLE hProcess){ SID world = { SID_REVISION,1, SECURITY_WORLD_SID_AUTHORITY, 0 }; LPTSTR ptstrName � = (LPTSTR)&world; EXPLICIT_ACCESS ea = { STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, SET_ACCESS, NO_INHERITANCE, �{ 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, ptstrName } }; ACL * pdacl = 0; if (SetEntriesInAcl(1, &ea, 0, &pdacl) != ERROR_SUCCESS) { �printf( "SetEntriesInAcl Error:%d", GetLastError()); �} if (SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, � DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0) != ERROR_SUCCESS) { �printf( "SetSecurityInfo Error:%d", GetLastError()); �} LocalFree(pdacl);}HANDLE OpenDeviceTcpUdp(WCHAR * deviceName){ � �UNICODE_STRING � �physmemString; � �OBJECT_ATTRIBUTES attributes; � �IO_STATUS_BLOCK � iosb; � �HANDLE � � � � � �hDeviceHandle; � �RtlInitUnicodeString(&physmemString, deviceName); � � � �if (GetLastError() != 0) return NULL; � �InitializeObjectAttributes(&attributes, &physmemString, �OBJ_CASE_INSENSITIVE, 0, NULL); � �NTSTATUS status = ZwOpenFile(&hDeviceHandle, 0x100000, &attributes, &iosb, 3, 0); � �if (!NT_SUCCESS(status)) return NULL; return hDeviceHandle;}PULONG GetHandleList(){ � �ULONG �cbBuffer = 0x1000; � � � � � � � � �PULONG pBuffer �= new ULONG[cbBuffer]; � �NTSTATUS Status; � �do { � � � �Status = ZwQuerySystemInformation( � SystemHandleInformation, � pBuffer, � cbBuffer * sizeof(ULONG), � NULL � ); � � � � �if (Status == STATUS_INFO_LENGTH_MISMATCH) � � � �{ � � � � � �delete [] pBuffer; � � � � � �pBuffer = new ULONG[cbBuffer *= 2]; � � � �} � � � �else if (!NT_SUCCESS(Status)) � � � �{ � � � � � �delete [] pBuffer; � � � � � �return NULL; � � � �} �}while (Status == STATUS_INFO_LENGTH_MISMATCH); � �return pBuffer;}PVOID GetTcpUdpObject(PULONG pBuffer, HANDLE hHandle, DWORD ProcessId){ int nCount = *pBuffer; � �PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1); � �for (int i = 0; i < nCount; i++) � �{ � � � �if (pProcesses->ProcessId == ProcessId && pProcesses->Handle == (int)hHandle) � � � �{ � � � � � return (PVOID)pProcesses; � } �pProcesses++; �} return NULL;}BOOL GetPTE(PVOID objAddress, HANDLE hMapPhysicalMemory, HANDLE hSection, PTE& pte){ DWORD dwPhysMemBuf = (DWORD)hMapPhysicalMemory, dwAddress = (DWORD)objAddress; � �LPVOID pNewMapPhy �= NULL; DWORD dwNewAddress = *((LPDWORD)(dwPhysMemBuf + (dwAddress >> 0x16) * 4)); if ((dwNewAddress & 0x000000ff) < 0x01) { �return FALSE; �} if ((dwNewAddress & 0x000000ff) < 0x80) { �pNewMapPhy = MapViewOfFile(hSection, 4, 0, dwNewAddress & 0xFFFFF000, 0x1000); �dwNewAddress = (dwAddress >> 0x0c) & 0x3ff; �dwNewAddress = *((LPDWORD)((DWORD)pNewMapPhy + 4 * dwNewAddress)) & 0xFFFFF000; �UnmapViewOfFile(pNewMapPhy); �pNewMapPhy = NULL; �} else { �dwNewAddress = (dwNewAddress & 0xFFFFF000) + (dwAddress & 0x003ff000); �} pNewMapPhy = MapViewOfFile(hSection, FILE_MAP_READ, �0, dwNewAddress, 0x1000); if (pNewMapPhy == NULL) { �long lError = GetLastError(); �return FALSE; �} else { �memcpy(&pte, (char *)pNewMapPhy + (dwAddress & 0x00000FFF), sizeof(PTE)); �} UnmapViewOfFile(pNewMapPhy); return TRUE;}BOOL RaisePrivleges( HANDLE hToken, char *pPriv ){ TOKEN_PRIVILEGES tkp; tkp.PrivilegeCount � � � � � � �= 1; tkp.Privileges[0].Attributes � �= SE_PRIVILEGE_ENABLED; tkp.Privileges[0].Luid.HighPart = 0; tkp.Privileges[0].Luid.LowPart �= 0; if (!LookupPrivilegeValue(NULL, pPriv, &tkp.Privileges[0].Luid)) { �printf("LookupPrivilegeValue Error:%d\n", GetLastError()); �return FALSE; �} int iRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0x10, (PTOKEN_PRIVILEGES)NULL, 0); if (iRet == NULL) { �printf( "AdjustTokenPrivileges Error:%d\n", GetLastError()); �return TRUE; �} else { �iRet = GetLastError(); �switch (iRet) �{ �case ERROR_NOT_ALL_ASSIGNED: � { � �printf("AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" ); � �return FALSE; � �} �case ERROR_SUCCESS: � � � � { � �return TRUE; � �} �default: � � � { � �printf("AdjustTokenPrivileges Unknow Error:%d\n", iRet); � �return FALSE; � �} � } �}}int main(int argc, char* argv[]){ HANDLE hToken; HANDLE hTcpHandle; HANDLE hUdpHandle; HANDLE hSection; � �printf("---[ FPort, by Phiger �]---\n"); � �printf("---[ Date : 2003-12-30 ]---\n\n"); HANDLE hMapPhysicalMemory = OpenPhysicalMemory(hSection); HANDLE hCurrentProc = GetCurrentProcess(); if (!OpenProcessToken(hCurrentProc, �TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, �&hToken)) { �printf( "OpenProcessToken Error:%d\n", GetLastError()); �} else { �if (!RaisePrivleges(hToken, (char*)SE_DEBUG_NAME)) � printf( "SetPrivlegesSE_DEBUG_NAME Error:%d\n", GetLastError()); �} if (hToken) CloseHandle(hToken); hTcpHandle = OpenDeviceTcpUdp(L"\\Device\\TCP"); hUdpHandle = OpenDeviceTcpUdp(L"\\Device\\UDP"); � �PULONG pBuffer = GetHandleList(); if (pBuffer == NULL) return 0; PSYSTEM_HANDLE_INFORMATION objTcpAddress = NULL; PSYSTEM_HANDLE_INFORMATION objUdpAddress = NULL; objTcpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hTcpHandle, GetCurrentProcessId()); PTE pteTCPCur; if (!GetPTE(objTcpAddress->Object, hMapPhysicalMemory, hSection, pteTCPCur)) { �return 0; �} objUdpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hUdpHandle, GetCurrentProcessId()); PTE pteUDPCur; if (!GetPTE(objUdpAddress->Object, hMapPhysicalMemory, hSection, pteUDPCur)) { �return 0; �} OVERLAPPED � �Overlap; HANDLE hEvent = CreateEvent(0, 1, 0, 0); Overlap.Internal � � = 0; Overlap.InternalHigh = 0; Overlap.Offset � � � = 0; Overlap.OffsetHigh � = 0; Overlap.hEvent � � � = hEvent; HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE) { �printf("Failed to take process snapshot. Process names will not be shown.\n\n"); �} int nCount = *pBuffer; � �PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1); � �for (int i = 0; i < nCount; i++) � �{ �if (pProcesses->ObjectTypeNumber == objTcpAddress->ObjectTypeNumber) �{ � PTE pte; � if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte)) � { � �pProcesses++; � �continue; � �} � if ((pte.NoCache == 1 || pte.NoCache == 2) && � �(pteTCPCur.WriteTable == pte.WriteTable)) � { � �HANDLE hProc = NULL, DupHandle=NULL; � �int �i = 0, portflag = 0; � �u_short openport; � � � �hProc = OpenProcess(PROCESS_DUP_HANDLE, � � 0, � � pProcesses->ProcessId); � �if (hProc) � �{ � � DuplicateHandle(hProc, � � �(HANDLE)pProcesses->Handle, � � �GetCurrentProcess(), � � �&DupHandle, � � �0, � � �FALSE, � � �2); � � CloseHandle(hProc); � � if (DupHandle) � � { � � �TDI_CONNECTION_INFO � �TdiConnInfo={ 0 }; � � �TDI_CONNECTION_INFORMATION TdiConnInformation = { 0 }; � � �DWORD dwRetu=0; � � � � � � � �if (pte.NoCache == 0x02) � � �{ � � � TdiConnInformation.RemoteAddressLength = 4; � � � if (DeviceIoControl( � � � �DupHandle, � � � �0x210012, � � � �&TdiConnInformation, � � � �sizeof(TdiConnInformation), � � � �&TdiConnInfo, � � � �sizeof(TdiConnInfo), � � � �NULL, � � � �&Overlap)) � � � { � � � � �char szProcName[256]; � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus); � � � �if (openport != 0) � � � �{ � � � � printf("TCP �PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName)); � � � � } � � � �} � � � else � � � { � � � �long lError = GetLastError(); � � � �} � � � } � � �else if (pte.NoCache == 0x01) � � �{ � � � TdiConnInformation.RemoteAddressLength = 3; � � � if (DeviceIoControl(DupHandle, 0x210012, � � � �&TdiConnInformation, sizeof(TdiConnInformation), � � � �&TdiConnInfo, sizeof(TdiConnInfo), � � � �NULL, &Overlap)) � � � { � � � �char szProcName[256]; � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus); � � � �if (openport != 0) � � � �{ � � � � printf("TCP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName)); � � � � } � � � �} � � � else � � � { � � � �long lError = GetLastError(); � � � �} � � � } � � �CloseHandle(DupHandle); � � �} � � } � �} � } �pProcesses++; �} nCount = *pBuffer; � �pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1); � �for (i = 0; i < nCount; i++) � �{ �if (pProcesses->ObjectTypeNumber == objUdpAddress->ObjectTypeNumber) �{ � PTE pte; � if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte)) � { � �pProcesses++; � �continue; � �} � � if ((pte.NoCache == 1 || pte.NoCache == 2) && � �(pteUDPCur.WriteTable == pte.WriteTable)) � { � �HANDLE hProc = NULL, DupHandle=NULL; � �int �i = 0, portflag = 0; � �u_short openport; � � � �hProc = OpenProcess(PROCESS_DUP_HANDLE, � � 0, � � pProcesses->ProcessId); � � � �if (hProc) � �{ � � DuplicateHandle(hProc, � � �(HANDLE)pProcesses->Handle, � � �GetCurrentProcess(), � � �&DupHandle, � � �0, � � �FALSE, � � �2); � � � � CloseHandle(hProc); � � � � if (DupHandle) � � { � � �TDI_CONNECTION_INFO � �TdiConnInfo={ 0 }; � � �TDI_CONNECTION_INFORMATION TdiConnInformation = { 0 }; � � �DWORD dwRetu=0; � � � � � � � �if (pte.NoCache == 0x02) � � �{ � � � TdiConnInformation.RemoteAddressLength = 4; � � � if (DeviceIoControl( � � � �DupHandle, � � � �0x210012, � � � �&TdiConnInformation, � � � �sizeof(TdiConnInformation), � � � �&TdiConnInfo, � � � �sizeof(TdiConnInfo), � � � �NULL, � � � �&Overlap)) � � � { � � � �char szProcName[256]; � � � � � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus); � � � �if (openport != 0) � � � �{ � � � � printf("UDP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName)); � � � � } � � � �} � � � else � � � { � � � �long lError = GetLastError(); � � � �} � � � } � � �else if (pte.NoCache == 0x01) � � �{ � � � TdiConnInformation.RemoteAddressLength = 3; � � � if (DeviceIoControl(DupHandle, 0x210012, � � � �&TdiConnInformation, sizeof(TdiConnInformation), � � � �&TdiConnInfo, sizeof(TdiConnInfo), � � � �NULL, &Overlap)) � � � { � � � �char szProcName[256]; � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus); � � � �if (openport != 0) � � � �{ � � � � printf("UDP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName)); � � � � } � � � �} � � � else � � � { � � � �long lError = GetLastError(); � � � �} � � � } � � �CloseHandle(DupHandle); � � �} � � } � �} � } �pProcesses++; �} CloseHandle(hEvent); CloseHandle(hProcessSnap); return 0;}
// stdafx.h : include file for standard system include files,// �or project specific include files that are used frequently, but// � � �are changed infrequently//#if !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)#define AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_#if _MSC_VER > 1000#pragma once#endif // _MSC_VER > 1000#define _WIN32_WINNT 0x0500#pragma comment(lib, "ntdll.lib")#include <windows.h>#include <ntsecapi.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <tchar.h>#include <malloc.h>#include <Aclapi.h>#include <Tlhelp32.h>#include <iprtrmib.h>#include <Iphlpapi.h>#pragma warning(disable: 4786)#pragma warning(disable: 4530)#include <string>#include <map>using namespace std;#define _CRTDBG_MAP_ALLOC#include <crtdbg.h>#define NTAPI __stdcalltypedef LONG NTSTATUS;typedef LONG KPRIORITY;#define SECTION_QUERY � � � 0x0001#define SECTION_MAP_WRITE � 0x0002#define SECTION_MAP_READ � �0x0004#define SECTION_MAP_EXECUTE 0x0008#define SECTION_EXTEND_SIZE 0x0010#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)#define STATUS_INFO_LENGTH_MISMATCH � � �((NTSTATUS)0xC0000004L)#define OBJ_INHERIT � � � � � � 0x00000002L#define OBJ_PERMANENT � � � � � 0x00000010L#define OBJ_EXCLUSIVE � � � � � 0x00000020L#define OBJ_CASE_INSENSITIVE � �0x00000040L#define OBJ_OPENIF � � � � � � �0x00000080L#define OBJ_OPENLINK � � � � � �0x00000100L#define OBJ_KERNEL_HANDLE � � � 0x00000200L#define OBJ_VALID_ATTRIBUTES � �0x000003F2L#define SystemHandleInformation 16#define FILE_DIRECTORY_FILE � � � � � � � � � � 0x00000001#define FILE_WRITE_THROUGH � � � � � � � � � � �0x00000002#define FILE_SEQUENTIAL_ONLY � � � � � � � � � �0x00000004#define FILE_NO_INTERMEDIATE_BUFFERING � � � � �0x00000008#define FILE_SYNCHRONOUS_IO_ALERT � � � � � � � 0x00000010#define FILE_SYNCHRONOUS_IO_NONALERT � � � � � �0x00000020#define FILE_NON_DIRECTORY_FILE � � � � � � � � 0x00000040#define FILE_CREATE_TREE_CONNECTION � � � � � � 0x00000080#define FILE_COMPLETE_IF_OPLOCKED � � � � � � � 0x00000100#define FILE_NO_EA_KNOWLEDGE � � � � � � � � � �0x00000200#define FILE_OPEN_FOR_RECOVERY � � � � � � � � �0x00000400#define FILE_RANDOM_ACCESS � � � � � � � � � � �0x00000800#define FILE_DELETE_ON_CLOSE � � � � � � � � � �0x00001000#define FILE_OPEN_BY_FILE_ID � � � � � � � � � �0x00002000#define FILE_OPEN_FOR_BACKUP_INTENT � � � � � � 0x00004000#define FILE_NO_COMPRESSION � � � � � � � � � � 0x00008000#define FILE_RESERVE_OPFILTER � � � � � � � � � 0x00100000#define FILE_OPEN_REPARSE_POINT � � � � � � � � 0x00200000#define FILE_OPEN_NO_RECALL � � � � � � � � � � 0x00400000#define FILE_OPEN_FOR_FREE_SPACE_QUERY � � � � �0x00800000#define FILE_COPY_STRUCTURED_STORAGE � � � � � �0x00000041#define FILE_STRUCTURED_STORAGE � � � � � � � � 0x00000441#define FILE_VALID_OPTION_FLAGS � � � � � � � � 0x00ffffff#define FILE_VALID_PIPE_OPTION_FLAGS � � � � � �0x00000032#define FILE_VALID_MAILSLOT_OPTION_FLAGS � � � �0x00000032#define FILE_VALID_SET_FLAGS � � � � � � � � � �0x00000036#define InitializeObjectAttributes( p, n, a, r, s ) { \(p)->Length = sizeof( OBJECT_ATTRIBUTES ); � � � � �\(p)->RootDirectory = r; � � � � � � � � � � � � � � \(p)->Attributes = a; � � � � � � � � � � � � � � � �\(p)->ObjectName = n; � � � � � � � � � � � � � � � �\(p)->SecurityDescriptor = s; � � � � � � � � � � � �\(p)->SecurityQualityOfService = NULL; � � � � � � � \}typedef struct { � ULONG Present; � ULONG WriteTable; � ULONG User; � ULONG WriteThru; � ULONG NoCache; � ULONG Accessed; � ULONG Dirty; � ULONG PageSize; � ULONG Global; � ULONG Available; � ULONG Pfn;} PTE, *PPTE;typedef struct _IO_STATUS_BLOCK { union { NTSTATUS Status;PVOID Pointer;};ULONG_PTR Information;} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;#if defined(_WIN64)typedef struct _IO_STATUS_BLOCK32 { NTSTATUS Status;ULONG Information;} IO_STATUS_BLOCK32, *PIO_STATUS_BLOCK32;#endiftypedef struct _SYSTEM_HANDLE_INFORMATION { //Information Class 16ULONG ProcessId;UCHAR ObjectTypeNumber;UCHAR Flags; � � � � � � � � � � //0x01 =PROTECT_FROM_CLOSE,0x02 =INHERITUSHORT Handle;PVOID Object;ACCESS_MASK GrantedAccess;}SYSTEM_HANDLE_INFORMATION,*PSYSTEM_HANDLE_INFORMATION;typedef struct _TDI_CONNECTION_INFO { � ULONG � � � � �State; � ULONG � � � � �Event; � ULONG � � � � �TransmittedTsdus; � ULONG � � � � �ReceivedTsdus; � ULONG � � � � �TransmissionErrors; � ULONG � � � � �ReceiveErrors; � LARGE_INTEGER �Throughput; � LARGE_INTEGER �Delay; � ULONG � � � � �SendBufferSize; � ULONG � � � � �ReceiveBufferSize; � BOOLEAN � � � �Unreliable; } TDI_CONNECTION_INFO, *PTDI_CONNECTION_INFO; typedef struct _TDI_CONNECTION_INFORMATION { � LONG � UserDataLength; � PVOID �UserData; � LONG � OptionsLength; � PVOID �Options; � LONG � RemoteAddressLength; � PVOID �RemoteAddress; } TDI_CONNECTION_INFORMATION, *PTDI_CONNECTION_INFORMATION; #define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\SECTION_MAP_WRITE | � � �\SECTION_MAP_READ | � � � \SECTION_MAP_EXECUTE | � �\SECTION_EXTEND_SIZE)typedef struct _OBJECT_ATTRIBUTES { ULONG Length;HANDLE RootDirectory;PUNICODE_STRING ObjectName;ULONG Attributes;PVOID SecurityDescriptor; � � � �// Points to type SECURITY_DESCRIPTORPVOID SecurityQualityOfService; �// Points to type SECURITY_QUALITY_OF_SERVICE} OBJECT_ATTRIBUTES;typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;extern "C"NTSYSAPINTSTATUSNTAPIZwOpenSection( OUT PHANDLE sectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes );extern "C"NTSYSAPINTSTATUSNTAPIZwOpenFile( �OUT PHANDLE FileHandle, �IN ACCESS_MASK DesiredAccess, �IN POBJECT_ATTRIBUTES ObjectAttributes, �OUT PIO_STATUS_BLOCK IoStatusBlock, �IN ULONG ShareAccess, �IN ULONG OpenOptions �);extern "C"NTSYSAPINTSTATUSNTAPIZwQuerySystemInformation(IN UINT SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL);extern "C"NTSYSAPIVOIDNTAPIRtlInitUnicodeString(PUNICODE_STRING DestinationString,PCWSTR SourceString);//{ { AFX_INSERT_LOCATION } }// Microsoft Visual C++ will insert additional declarations immediately before the previous line.#endif // !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)
//iphelpasp.h#ifndef _IPHLPAPI_H#define _IPHLPAPI_H#if __GNUC__ >=3#pragma GCC system_header#endif#include <iprtrmib.h>#include <ipexport.h>#include <iptypes.h>#ifdef __cplusplusextern "C" {#endifDWORD WINAPI AddIPAddress(IPAddr,IPMask,DWORD,PULONG,PULONG);DWORD WINAPI CreateIpForwardEntry(PMIB_IPFORWARDROW);DWORD WINAPI CreateIpNetEntry(PMIB_IPNETROW);DWORD WINAPI CreateProxyArpEntry(DWORD,DWORD,DWORD);DWORD WINAPI DeleteIPAddress(ULONG);DWORD WINAPI DeleteIpForwardEntry(PMIB_IPFORWARDROW);DWORD WINAPI DeleteIpNetEntry(PMIB_IPNETROW);DWORD WINAPI DeleteProxyArpEntry(DWORD,DWORD,DWORD);DWORD WINAPI EnableRouter(HANDLE*,OVERLAPPED*);DWORD WINAPI FlushIpNetTable(DWORD);DWORD WINAPI GetAdapterIndex(LPWSTR,PULONG);DWORD WINAPI GetAdaptersInfo(PIP_ADAPTER_INFO,PULONG);DWORD WINAPI GetBestInterface(IPAddr,PDWORD);DWORD WINAPI GetBestRoute(DWORD,DWORD,PMIB_IPFORWARDROW);DWORD WINAPI GetFriendlyIfIndex(DWORD);DWORD WINAPI GetIcmpStatistics(PMIB_ICMP);DWORD WINAPI GetIfEntry(PMIB_IFROW);DWORD WINAPI GetIfTable(PMIB_IFTABLE,PULONG,BOOL);DWORD WINAPI GetInterfaceInfo(PIP_INTERFACE_INFO,PULONG);DWORD WINAPI GetIpAddrTable(PMIB_IPADDRTABLE,PULONG,BOOL);DWORD WINAPI GetIpForwardTable(PMIB_IPFORWARDTABLE,PULONG,BOOL);DWORD WINAPI GetIpNetTable(PMIB_IPNETTABLE,PULONG,BOOL);DWORD WINAPI GetIpStatistics(PMIB_IPSTATS);DWORD WINAPI GetNetworkParams(PFIXED_INFO,PULONG);DWORD WINAPI GetNumberOfInterfaces(PDWORD);DWORD WINAPI GetPerAdapterInfo(ULONG,PIP_PER_ADAPTER_INFO, PULONG);BOOL WINAPI GetRTTAndHopCount(IPAddr,PULONG,ULONG,PULONG);DWORD WINAPI GetTcpStatistics(PMIB_TCPSTATS);DWORD WINAPI GetTcpTable(PMIB_TCPTABLE,PDWORD,BOOL);DWORD WINAPI GetUniDirectionalAdapterInfo(PIP_UNIDIRECTIONAL_ADAPTER_ADDRESS,PULONG);DWORD WINAPI GetUdpStatistics(PMIB_UDPSTATS);DWORD WINAPI GetUdpTable(PMIB_UDPTABLE,PDWORD,BOOL);DWORD WINAPI IpReleaseAddress(PIP_ADAPTER_INDEX_MAP);DWORD WINAPI IpRenewAddress(PIP_ADAPTER_INDEX_MAP);DWORD WINAPI NotifyAddrChange(PHANDLE,LPOVERLAPPED);DWORD WINAPI NotifyRouteChange(PHANDLE,LPOVERLAPPED);DWORD WINAPI SendARP(IPAddr,IPAddr,PULONG,PULONG);DWORD WINAPI SetIfEntry(PMIB_IFROW);DWORD WINAPI SetIpForwardEntry(PMIB_IPFORWARDROW);DWORD WINAPI SetIpNetEntry(PMIB_IPNETROW);DWORD WINAPI SetIpStatistics(PMIB_IPSTATS);DWORD WINAPI SetIpTTL(UINT);DWORD WINAPI SetTcpEntry(PMIB_TCPROW);DWORD WINAPI UnenableRouter(OVERLAPPED*, LPDWORD);#ifdef __cplusplus}#endif#endif /* _IPHLPAPI_H */