Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Borrowed parts of https://github.com/fireeye/flare-fakenet-ng/blob/master/fakenet/diverters/winutil.py
- from ctypes import *
- from ctypes.wintypes import *
- from socket import AF_INET, ntohs, inet_ntoa, socket
- import struct
- NO_ERROR = 0
- AF_INET = 2
- ##############################################################################
- # GetExtendedTcpTable constants and structures
- STATES = {
- 1: 'MIB_TCP_STATE_CLOSED',
- 2: 'MIB_TCP_STATE_LISTEN',
- 3: 'MIB_TCP_STATE_SYN_SENT',
- 4: 'MIB_TCP_STATE_SYN_RCVD',
- 5: 'MIB_TCP_STATE_ESTAB',
- 6: 'MIB_TCP_STATE_FIN_WAIT1',
- 7: 'MIB_TCP_STATE_FIN_WAIT2',
- 8: 'MIB_TCP_STATE_CLOSE_WAIT',
- 9: 'MIB_TCP_STATE_CLOSING',
- 10: 'MIB_TCP_STATE_LAST_ACK',
- 11: 'MIB_TCP_STATE_TIME_WAIT',
- 12: 'MIB_TCP_STATE_DELETE_TCB',
- }
- TCP_TABLE_OWNER_PID_ALL = 5
- class MIB_TCPROW_OWNER_PID(Structure):
- _fields_ = [
- ("dwState", DWORD),
- ("dwLocalAddr", DWORD),
- ("dwLocalPort", DWORD),
- ("dwRemoteAddr", DWORD),
- ("dwRemotePort", DWORD),
- ("dwOwningPid", DWORD)
- ]
- class MIB_TCPTABLE_OWNER_PID(Structure):
- _fields_ = [
- ("dwNumEntries", DWORD),
- ("table", MIB_TCPROW_OWNER_PID * 512)
- ]
- ###########################################################################
- # The GetExtendedTcpTable function retrieves a table that contains a list of TCP endpoints available to the application.
- #
- # DWORD GetExtendedTcpTable(
- # _Out_ PVOID pTcpTable,
- # _Inout_ PDWORD pdwSize,
- # _In_ BOOL bOrder,
- # _In_ ULONG ulAf,
- # _In_ TCP_TABLE_CLASS TableClass,
- # _In_ ULONG Reserved
- # );
- def get_extended_tcp_table():
- dwSize = DWORD(sizeof(MIB_TCPROW_OWNER_PID) * 512 + 4)
- TcpTable = MIB_TCPTABLE_OWNER_PID()
- if windll.iphlpapi.GetExtendedTcpTable(byref(TcpTable), byref(dwSize), True, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) != NO_ERROR:
- raise Exception("Failed to call GetExtendedTcpTable")
- for item in TcpTable.table[:TcpTable.dwNumEntries]:
- yield item
- def get_pid_port_tcp(port):
- for item in get_extended_tcp_table():
- lPort = socket.ntohs(item.dwLocalPort)
- lAddr = socket.inet_ntoa(struct.pack('L', item.dwLocalAddr))
- pid = item.dwOwningPid
- if lPort == port:
- return pid
- else:
- return None
- def print_entry(entry):
- print('dwState={}, local={}:{}, remote={}:{}, dwOwningPid={}'.format(
- STATES[entry.dwState], inet_ntoa(struct.pack('L', entry.dwLocalAddr)), ntohs(entry.dwLocalPort),
- inet_ntoa(struct.pack('L', entry.dwRemoteAddr)), ntohs(entry.dwRemotePort), entry.dwOwningPid))
- def main():
- s = socket()
- print('Before bind:')
- for entry in get_extended_tcp_table():
- if ntohs(entry.dwLocalPort) == 12345:
- print_entry(entry)
- print('------------------------------------------------------------------------')
- s.bind(('', 12345))
- print('After bind, before listen:')
- for entry in get_extended_tcp_table():
- if ntohs(entry.dwLocalPort) == 12345:
- print_entry(entry)
- print('------------------------------------------------------------------------')
- s.listen(5)
- print('After bind and listen:')
- for entry in get_extended_tcp_table():
- if ntohs(entry.dwLocalPort) == 12345:
- print_entry(entry)
- print('------------------------------------------------------------------------')
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement