热门标签
热门文章
当前位置: article > 正文
Go1.10使用Windows系统API查看网络链接情况_windows抓取进程的网络连接 golang
作者:我家小花儿 | 2024-03-05 13:25:23
赞
踩
windows抓取进程的网络连接 golang
package main
import (
"fmt"
"syscall"
"unsafe"
)
const ERROR_INSUFFICIENT_BUFFER = 122
func main() {
lazydll := syscall.NewLazyDLL("Iphlpapi.dll")
proc := lazydll.NewProc("GetTcpTable2")
var mibtable2 MIB_TCPTABLE2
size := unsafe.Sizeof(mibtable2)
//第一次执行是获取缓存区大小,然后根据返回的size申请对应长度的内存
r, _, err := proc.Call(uintptr(unsafe.Pointer(&mibtable2)), uintptr(unsafe.Pointer(&size)), 1)
if err != nil && r != 0 {
if r == ERROR_INSUFFICIENT_BUFFER {
buf := make([]byte, size)
r, _, err = proc.Call(uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&size)), 1)
if r != 0 {
fmt.Printf("Get tcp table error:%s\n", err.Error())
return
}
var index = int(unsafe.Sizeof(mibtable2.dwNumEntries))
var step = int(unsafe.Sizeof(mibtable2.table))
dwNumEntries := *(*uint32)(unsafe.Pointer(&buf[0]))
for i := 0; i < int(dwNumEntries); i++ {
mibs := *(*MIB_TCPROW2)(unsafe.Pointer(&buf[index]))
index += step
fmt.Println(mibs)
}
}
}
}
type inet_ntoa uint32
//地址转化
func (i inet_ntoa) String() string {
return fmt.Sprintf("%d.%d.%d.%d", i&255, i>>8&255, i>>16&255, i>>24&255)
}
type ntohs uint32
//端口转化
func (i ntohs) String() string {
return fmt.Sprint(syscall.Ntohs(uint16(i)))
}
type TCP_CONNECTION_OFFLOAD_STATE uint32
//状态枚举
var _MIB_TCP_STATE = map[uint32]string{
1: "CLOSED",
2: "LISTEN",
3: "SYN_SENT",
4: "SYN_RCVD",
5: "ESTABLISHED",
6: "FIN_WAIT1",
7: "FIN_WAIT2",
8: "CLOSE_WAIT",
9: "CLOSING",
10: "LAST_ACK",
11: "TIME_WAIT",
12: "DELETE_TCB",
}
type MIB_TCP_STATE uint32
func (m MIB_TCP_STATE) String() string {
return _MIB_TCP_STATE[uint32(m)]
}
type MIB_TCPROW2 struct {
dwState MIB_TCP_STATE
dwLocalAddr inet_ntoa
dwLocalPort ntohs
dwRemoteAddr inet_ntoa
dwRemotePort ntohs
dwOwningPid uint32
dwOffloadState TCP_CONNECTION_OFFLOAD_STATE
}
func (M MIB_TCPROW2) String() string {
return fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%d", M.dwLocalAddr, M.dwLocalPort, M.dwRemoteAddr, M.dwRemotePort, M.dwState, M.dwOwningPid)
}
type MIB_TCPTABLE2 struct {
dwNumEntries uint32
table [1]MIB_TCPROW2
}
/*
const (
//MIB_TCPTABLE
TCP_TABLE_BASIC_LISTENER uintptr = iota + 1
TCP_TABLE_BASIC_CONNECTIONS
TCP_TABLE_BASIC_ALL
//MIB_TCPTABLE_OWNER_PID
TCP_TABLE_OWNER_PID_LISTENER
TCP_TABLE_OWNER_PID_CONNECTIONS
TCP_TABLE_OWNER_PID_ALL
//MIB_TCPTABLE_OWNER_MODULE
TCP_TABLE_OWNER_MODULE_LISTENER
TCP_TABLE_OWNER_MODULE_CONNECTIONS
TCP_TABLE_OWNER_MODULE_ALL
)
const (
AF_INET = 2
AF_INET6 = 23
)
type MIB_TCPROW_OWNER_PID struct {
dwState MIB_TCP_STATE
dwLocalAddr inet_ntoa
dwLocalPort ntohs
dwRemoteAddr inet_ntoa
dwRemotePort ntohs
dwOwningPid uint32
}
func (M MIB_TCPROW_OWNER_PID) String() string {
return fmt.Sprintf("%s %s %s %s %s %d", M.dwLocalAddr, M.dwLocalPort, M.dwRemoteAddr, M.dwRemotePort, M.dwState, M.dwOwningPid)
}
func MIB_TCPROW_OWNER_PID_TOSTRING(p unsafe.Pointer) fmt.Stringer {
return *(*MIB_TCPROW_OWNER_PID)(p)
}
type MIB_TCPTABLE_OWNER_PID struct {
dwNumEntries uint32
table [1]MIB_TCPROW_OWNER_PID
}
*/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
本文内容由网友自发贡献,转载请注明出处:https://www.wpsshop.cn/w/我家小花儿/article/detail/191395
推荐阅读
相关标签
