bind without listen

1. # Borrowed parts of https://github.com/fireeye/flare-fakenet-ng/blob/master/fakenet/diverters/winutil.py
2.  
3. from ctypes import *
4. from ctypes.wintypes import *
5. from socket import AF_INET, ntohs, inet_ntoa, socket
6. import struct
7.  
8. NO_ERROR                  = 0
9.  
10. AF_INET                   = 2
11.  
12. ##############################################################################
13. # GetExtendedTcpTable constants and structures
14.  
15. STATES = {
16.     1: 'MIB_TCP_STATE_CLOSED',
17.     2: 'MIB_TCP_STATE_LISTEN',
18.     3: 'MIB_TCP_STATE_SYN_SENT',
19.     4: 'MIB_TCP_STATE_SYN_RCVD',
20.     5: 'MIB_TCP_STATE_ESTAB',
21.     6: 'MIB_TCP_STATE_FIN_WAIT1',
22.     7: 'MIB_TCP_STATE_FIN_WAIT2',
23.     8: 'MIB_TCP_STATE_CLOSE_WAIT',
24.     9: 'MIB_TCP_STATE_CLOSING',
25.     10: 'MIB_TCP_STATE_LAST_ACK',
26.     11: 'MIB_TCP_STATE_TIME_WAIT',
27.     12: 'MIB_TCP_STATE_DELETE_TCB',
28.     }
29.  
30. TCP_TABLE_OWNER_PID_ALL   = 5
31.  
32. class MIB_TCPROW_OWNER_PID(Structure):
33.     _fields_ = [
34.         ("dwState",      DWORD),
35.         ("dwLocalAddr",  DWORD),
36.         ("dwLocalPort",  DWORD),
37.         ("dwRemoteAddr", DWORD),
38.         ("dwRemotePort", DWORD),
39.         ("dwOwningPid",  DWORD)
40.     ]
41.  
42. class MIB_TCPTABLE_OWNER_PID(Structure):
43.     _fields_ = [
44.         ("dwNumEntries", DWORD),
45.         ("table",        MIB_TCPROW_OWNER_PID * 512)
46.     ]
47.  
48.  
49. ###########################################################################
50. # The GetExtendedTcpTable function retrieves a table that contains a list of TCP endpoints available to the application.
51. #
52. # DWORD GetExtendedTcpTable(
53. #  _Out_   PVOID           pTcpTable,
54. #  _Inout_ PDWORD          pdwSize,
55. #  _In_    BOOL            bOrder,
56. #  _In_    ULONG           ulAf,
57. #  _In_    TCP_TABLE_CLASS TableClass,
58. #  _In_    ULONG           Reserved
59. # );
60.  
61. def get_extended_tcp_table():
62.  
63.     dwSize = DWORD(sizeof(MIB_TCPROW_OWNER_PID) * 512 + 4)
64.  
65.     TcpTable = MIB_TCPTABLE_OWNER_PID()
66.  
67.     if windll.iphlpapi.GetExtendedTcpTable(byref(TcpTable), byref(dwSize), True, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) != NO_ERROR:
68.         raise Exception("Failed to call GetExtendedTcpTable")
69.  
70.     for item in TcpTable.table[:TcpTable.dwNumEntries]:
71.         yield item
72.  
73. def get_pid_port_tcp(port):
74.  
75.     for item in get_extended_tcp_table():
76.  
77.         lPort = socket.ntohs(item.dwLocalPort)
78.         lAddr = socket.inet_ntoa(struct.pack('L', item.dwLocalAddr))
79.         pid   = item.dwOwningPid
80.  
81.         if lPort == port:
82.             return pid
83.     else:
84.         return None
85.  
86.  
87. def print_entry(entry):
88.     print('dwState={}, local={}:{}, remote={}:{}, dwOwningPid={}'.format(
89.         STATES[entry.dwState], inet_ntoa(struct.pack('L', entry.dwLocalAddr)), ntohs(entry.dwLocalPort),
90.         inet_ntoa(struct.pack('L', entry.dwRemoteAddr)), ntohs(entry.dwRemotePort), entry.dwOwningPid))
91.  
92. def main():
93.     s = socket()
94.     print('Before bind:')
95.     for entry in get_extended_tcp_table():
96.         if ntohs(entry.dwLocalPort) == 12345:
97.             print_entry(entry)
98.     print('------------------------------------------------------------------------')
99.     s.bind(('', 12345))
100.     print('After bind, before listen:')
101.     for entry in get_extended_tcp_table():
102.         if ntohs(entry.dwLocalPort) == 12345:
103.             print_entry(entry)
104.     print('------------------------------------------------------------------------')
105.     s.listen(5)
106.     print('After bind and listen:')
107.     for entry in get_extended_tcp_table():
108.         if ntohs(entry.dwLocalPort) == 12345:
109.             print_entry(entry)
110.     print('------------------------------------------------------------------------')
111.  
112. if __name__ == '__main__':
113.     main()