├── img ├── TCPView_01.png └── TCPView_02.png ├── README.md ├── LICENSE └── src └── TCPView.ahk /img/TCPView_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jNizM/TCPView/HEAD/img/TCPView_01.png -------------------------------------------------------------------------------- /img/TCPView_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jNizM/TCPView/HEAD/img/TCPView_02.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # TCPView 2 | Shows TCP and UDP connections. 3 | 4 | 5 | ## Features 6 | * Shows TCP (v4 and v6) connections. 7 | * Shows UDP (v4 and v6) connections. 8 | * Resolves Remote IP to Hostname 9 | * Export as .csv 10 | 11 | 12 | ## Examples 13 | ![TCPView](img/TCPView_01.png) 14 | ![TCPView](img/TCPView_02.png) 15 | 16 | 17 | ## Contributing 18 | * thanks to Bentschi for NetStat() 19 | * thanks 'just me' for DnsQuery() 20 | * thanks to swagfag 21 | * thanks to AutoHotkey Community 22 | 23 | 24 | ## Inspired by 25 | [TCPView](https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview) by Mark Russinovich (Sysinternals) 26 | 27 | 28 | ## Questions / Bugs / Issues 29 | If you notice any kind of bugs or issues, report them on the [AHK Thread](https://www.autohotkey.com/boards/viewtopic.php?t=94333). Same for any kind of questions. 30 | 31 | 32 | ## Copyright and License 33 | [MIT License](LICENSE) 34 | 35 | 36 | ## Donations 37 | [Donations are appreciated if I could help you](https://www.paypal.me/smithz) -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Thomann 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/TCPView.ahk: -------------------------------------------------------------------------------- 1 | ; SCRIPT DIRECTIVES ============================================================================================================= 2 | 3 | #Requires AutoHotkey v2.0-beta.1 4 | #DllLoad "dnsapi.dll" 5 | #DllLoad "iphlpapi.dll" 6 | #DllLoad "ntdll.dll" 7 | #DllLoad "shell32.dll" 8 | #DllLoad "ws2_32.dll" 9 | 10 | 11 | ; GLOBALS ======================================================================================================================= 12 | 13 | app := Map("name", "TCPView", "version", "0.4", "release", "2021-09-06", "author", "jNizM", "licence", "MIT") 14 | 15 | LV_Header := ["Process Name", "Process ID", "Protocol", "State", "Local Address", "Local Port", "Remote Address", "Remote Port", "Create Time", "Module Name"] 16 | LV_Options := ["150 Text Left", "100 Integer Right", "80 Text Center", "80 Text Left", "150 Integer Left", "90 Integer Right", "150 Integer Left", "90 Integer Right", "140 Text Right", "180 Text Left"] 17 | SB_Info := [" Endpoints:", "Established:", "Listening:", "Time Wait:", "Close Wait:", "Update:", "States: (All)"] 18 | PORTS := Map(22, "ssh", 80, "http", 135, "epmap", 443, "https", 445, "microsoft-ds") 19 | SortCol := 0 20 | 21 | 22 | ; GUI =========================================================================================================================== 23 | 24 | OnMessage 0x0135, WM_CTLCOLORBTN 25 | hhr1 := DllCall("gdi32\CreateBitmap", "int", 1, "int", 2, "int", 0x1, "int", 32, "int64*", 0x7f5a5a5a7fa5a5a5, "ptr") 26 | hhr2 := DllCall("gdi32\CreateBitmap", "int", 1, "int", 2, "int", 0x1, "int", 32, "int64*", 0x7fcfcfcf7ffcfcfc, "ptr") 27 | 28 | Main := Gui("+Resize", app["name"]) 29 | Main.MarginX := 0 30 | Main.MarginY := 0 31 | Main.BackColor := "FFFFFF" 32 | Main.SetFont("s10", "Segoe UI") 33 | 34 | PIC1 := Main.AddPicture("xm ym w1250 h1 BackgroundTrans", "HBITMAP:*" hhr1) 35 | CB1 := Main.AddCheckBox("xm+5 y+4 w80 h27 0x1000 Checked", "TCP v4") 36 | CB2 := Main.AddCheckBox("x+4 yp w80 h27 0x1000", "TCP v6") 37 | CB3 := Main.AddCheckBox("x+4 yp w80 h27 0x1000", "UDP v4") 38 | CB4 := Main.AddCheckBox("x+4 yp w80 h27 0x1000", "UDP v6") 39 | CB5 := Main.AddCheckBox("x+4 yp w80 h27 0x1000 Checked", "Pause") 40 | CB5.OnEvent("Click", CB_Click) 41 | DDL1 := Main.AddDropDownList("x+5 yp+1 w100 Choose2", ["2 Seconds", "5 Seconds", "10 Seconds"]) 42 | DDL1.OnEvent("Change", DDL1_Change) 43 | CB6 := Main.AddCheckBox("x+4 yp-1 w80 h27 0x1000", "Resolve") 44 | Main.SetFont("s9", "Segoe UI") 45 | 46 | PIC2 := Main.AddPicture("xm y+4 w1250 h2 BackgroundTrans", "HBITMAP:*" hhr2) 47 | LV := Main.AddListView("w1250 r30 xm-1 y+0 -LV0x10 LV0x10000 -E0x0200", LV_Header) 48 | loop LV_Options.Length 49 | LV.ModifyCol(A_Index, LV_Options[A_Index]) 50 | ImageListID1 := IL_Create(10) 51 | ImageListID2 := IL_Create(10, 10, true) 52 | LV.SetImageList(ImageListID1) 53 | LV.SetImageList(ImageListID2) 54 | LV.OnEvent("ContextMenu", LV_ContextMenu) 55 | 56 | SB := Main.AddStatusBar("") 57 | SB.SetParts(120, 120, 120, 120, 120, 120) 58 | loop SB_Info.Length 59 | SB.SetText(SB_Info[A_Index], A_Index) 60 | 61 | Main.OnEvent("Size", Gui_Size) 62 | Main.OnEvent("Close", Gui_Close) 63 | Main.Show() 64 | SetExplorerTheme(LV.Hwnd) 65 | HideFocusBorder(Main.Hwnd) 66 | 67 | SetTimer NetStat, -1000 68 | 69 | 70 | ; WINDOW EVENTS ================================================================================================================= 71 | 72 | Gui_Size(thisGui, MinMax, Width, Height) 73 | { 74 | if (MinMax = -1) 75 | return 76 | PIC1.Move(,, Width) 77 | PIC2.Move(,, Width) 78 | LV.Move(,, Width + 3, Height - 61) 79 | } 80 | 81 | 82 | Gui_Close(thisGui) 83 | { 84 | global hBrush 85 | if (hBrush) 86 | DllCall("gdi32\DeleteObject", "ptr", hBrush) 87 | ExitApp 88 | } 89 | 90 | 91 | ; CONTROL EVENTS ================================================================================================================ 92 | 93 | CB_Click(*) 94 | { 95 | if (CB5.Value) 96 | { 97 | CB5.Text := "Pause" 98 | Interval := (DDL1.Value = 1) ? 2000 : (DDL1.Value = 2) ? 5000 : (DDL1.Value = 3) ? 10000 : 5000 99 | SB.SetText("Update: " StrLower(SubStr(DDL1.Text, 1, -4)), 6) 100 | SetTimer NetStat, Interval 101 | } 102 | else 103 | { 104 | CB5.Text := "Resume" 105 | SB.SetText("Paused", 6) 106 | SetTimer NetStat, 0 107 | } 108 | } 109 | 110 | 111 | DDL1_Change(*) 112 | { 113 | Interval := (DDL1.Value = 1) ? 2000 : (DDL1.Value = 2) ? 5000 : (DDL1.Value = 3) ? 10000 : 5000 114 | SB.SetText("Update: " StrLower(SubStr(DDL1.Text, 1, -4)), 6) 115 | SetTimer NetStat, Interval 116 | } 117 | 118 | 119 | LV_ContextMenu(LV, Item, IsRightClick, X, Y) 120 | { 121 | ContextMenu := Menu() 122 | ContextMenu.Add("Select All", Select) 123 | ContextMenu.SetIcon("Select All", "imageres.dll", 249) 124 | ContextMenu.Add("Export", Export) 125 | ContextMenu.SetIcon("Export", "shell32.dll", 259) 126 | ContextMenu.Add("Copy", Copy) 127 | ContextMenu.SetIcon("Copy", "shell32.dll", 135) 128 | ContextMenu.Show(X, Y) 129 | 130 | 131 | Select(*) 132 | { 133 | LV.Modify(0, "Select") 134 | } 135 | 136 | 137 | Export(*) 138 | { 139 | ExportFile := A_Desktop "\tcpview.csv" 140 | if (FileExist(ExportFile)) 141 | FileDelete(ExportFile) 142 | 143 | loop LV.GetCount() + 1 144 | { 145 | i := A_Index - 1, Line := "" 146 | loop LV.GetCount("Column") 147 | { 148 | RetrievedText := LV.GetText(i, A_Index) 149 | Line .= RetrievedText ";" 150 | } 151 | FileAppend(SubStr(Line, 1, -1) "`n", ExportFile, "RAW") 152 | } 153 | Main.Opt("+OwnDialogs") 154 | MsgBox("CSV-Export is done (Desktop)", "CSV-Export", "T3") 155 | } 156 | 157 | 158 | Copy(*) 159 | { 160 | LV_List := ListViewGetContent("Selected", LV) 161 | A_Clipboard := LV_List 162 | } 163 | } 164 | 165 | 166 | ; FUNCTIONS ===================================================================================================================== 167 | 168 | HideFocusBorder(wParam, lParam := "", Msg := "", hWnd := "") 169 | { 170 | static Affected := Map() 171 | static WM_UPDATEUISTATE := 0x0128 172 | static UIS_SET := 1 173 | static UISF_HIDEFOCUS := 0x1 174 | static SET_HIDEFOCUS := UIS_SET << 16 | UISF_HIDEFOCUS 175 | static init := OnMessage(WM_UPDATEUISTATE, HideFocusBorder) 176 | 177 | if (Msg = WM_UPDATEUISTATE) { 178 | if (wParam = SET_HIDEFOCUS) 179 | Affected[hWnd] := true 180 | else if (Affected.Has(hWnd)) 181 | PostMessage WM_UPDATEUISTATE, SET_HIDEFOCUS, 0,, "ahk_id " hWnd 182 | } 183 | else if (DllCall("user32\IsWindow", "ptr", wParam, "uint")) 184 | PostMessage WM_UPDATEUISTATE, SET_HIDEFOCUS, 0,, "ahk_id " wParam 185 | } 186 | 187 | 188 | WM_CTLCOLORBTN(*) 189 | { 190 | global hBrush 191 | return hBrush := DllCall("gdi32\CreateSolidBrush", "uint", 0xFFFFFF, "uptr") 192 | } 193 | 194 | 195 | SetExplorerTheme(handle) 196 | { 197 | if (DllCall("kernel32\GetVersion", "uchar") > 5) { 198 | VarSetStrCapacity(&ClassName, 1024) 199 | if (DllCall("user32\GetClassName", "ptr", handle, "str", ClassName, "int", 512, "int")) { 200 | if (ClassName = "SysListView32") || (ClassName = "SysTreeView32") 201 | return !DllCall("uxtheme\SetWindowTheme", "ptr", handle, "str", "Explorer", "ptr", 0) 202 | } 203 | } 204 | return false 205 | } 206 | 207 | 208 | Process32() 209 | { 210 | static PROCESS_QUERY_INFORMATION := 0x00000400 211 | static TH32CS_SNAPPROCESS := 0x00000002 212 | 213 | if (hSnapshot := DllCall("kernel32\CreateToolhelp32Snapshot", "uint", TH32CS_SNAPPROCESS, "uint", 0, "ptr")) 214 | { 215 | TABLE := Map() 216 | PROCESSENTRY32W := Buffer(A_PtrSize = 8 ? 568 : 556, 0) 217 | NumPut("uint", PROCESSENTRY32W.Size, PROCESSENTRY32W, 0) 218 | if (DllCall("kernel32\Process32FirstW", "ptr", hSnapshot, "ptr", PROCESSENTRY32W)) 219 | { 220 | while (DllCall("kernel32\Process32NextW", "ptr", hSnapshot, "ptr", PROCESSENTRY32W)) 221 | { 222 | ROW := Map(), ProcessID := 0, hIcon := 0, IconNumber := 0 223 | ROW["ProcessID"] := ProcessID := NumGet(PROCESSENTRY32W, 8, "uint") 224 | ROW["ExeFile"] := StrGet(PROCESSENTRY32W.Ptr + (A_PtrSize = 8 ? 44 : 36), "utf-16") 225 | 226 | if (hProcess := DllCall("kernel32\OpenProcess", "uint", PROCESS_QUERY_INFORMATION, "int", 0, "uint", ProcessID, "ptr")) 227 | { 228 | Size := VarSetStrCapacity(&ImagePath, 520) 229 | DllCall("kernel32\QueryFullProcessImageNameW", "ptr", hProcess, "uint", 0, "str", ImagePath, "uint*", Size) 230 | DllCall("kernel32\CloseHandle", "ptr", hProcess) 231 | if (ImagePath) 232 | { 233 | SHFILEINFOW := Buffer(A_PtrSize + 688, 0) 234 | if (DllCall("shell32\SHGetFileInfoW", "str", ImagePath, "uint", 0, "ptr", SHFILEINFOW, "uint", SHFILEINFOW.Size, "uint", 0x0101, "ptr")) 235 | { 236 | hIcon := NumGet(SHFILEINFOW, 0, "ptr") 237 | IconNumber := DllCall("comctl32\ImageList_ReplaceIcon", "ptr", ImageListID1, "int", -1, "ptr", hIcon) + 1 238 | DllCall("comctl32\ImageList_ReplaceIcon", "ptr", ImageListID2, "int", -1, "ptr", hIcon) 239 | DllCall("user32\DestroyIcon", "ptr", hIcon) 240 | } 241 | } 242 | } 243 | 244 | ROW["IconNumber"] := IconNumber ? IconNumber : 9999999 245 | TABLE[ProcessID] := ROW 246 | } 247 | } 248 | return TABLE 249 | } 250 | return false 251 | } 252 | 253 | 254 | GetExtendedTcpTable(PROCESS_TABLE, Resolve := false) 255 | { 256 | static AF_INET := 2 257 | static ERROR_INSUFFICIENT_BUFFER := 122 258 | static NO_ERROR := 0 259 | static TCP_TABLE_OWNER_MODULE_ALL := 8 260 | static TCP_STATE := ["Closed", "Listen", "Syn Sent", "Syn Received", "Established", "Fin Wait 1", "Fin Wait 2", "Close Wait", "Closing", "Ack", "Time Wait", "Delete TCB"] 261 | 262 | TCP := Buffer(4, 0) 263 | if (DllCall("iphlpapi\GetExtendedTcpTable", "ptr", TCP, "uint*", &Size := 0, "int", 0, "uint", AF_INET, "uint", TCP_TABLE_OWNER_MODULE_ALL, "uint", 0) = ERROR_INSUFFICIENT_BUFFER) 264 | { 265 | TCP := Buffer(Size, 0) 266 | if (DllCall("iphlpapi\GetExtendedTcpTable", "ptr", TCP, "uint*", Size, "int", 0, "uint", AF_INET, "uint", TCP_TABLE_OWNER_MODULE_ALL, "uint", 0) = NO_ERROR) 267 | { 268 | TCP_TABLE := Map() 269 | NumEntries := NumGet(TCP, 0, "uint") 270 | loop NumEntries 271 | { 272 | TCP_ROW := Map(), ModuleName := "" 273 | Offset := 8 + ((A_Index - 1) * 160) 274 | TCP_ROW["State"] := TCP_STATE[NumGet(TCP, Offset, "uint")] 275 | TCP_ROW["LocalAddr"] := InetNtopW(AF_INET, TCP.Ptr + Offset + 4) 276 | TCP_ROW["LocalPort"] := ntohs(NumGet(TCP, Offset + 8, "uint")) 277 | RemoteAddr := InetNtopW(AF_INET, TCP.Ptr + Offset + 12) 278 | RemoteAddrResolved := Resolve ? DnsQueryW(Reverse_IPv4(RemoteAddr)) : RemoteAddr 279 | TCP_ROW["RemoteAddr"] := RemoteAddrResolved ? RemoteAddrResolved : RemoteAddr 280 | RemotePort := ntohs(NumGet(TCP, Offset + 16, "uint")) 281 | TCP_ROW["RemotePort"] := (Resolve && PORTS.Has(RemotePort)) ? PORTS[RemotePort] : RemotePort 282 | TCP_ROW["OwningPID"] := OwningPID := NumGet(TCP, Offset + 20, "uint") 283 | TCP_ROW["ProcessName"] := OwningPID ? PROCESS_TABLE[OwningPID]["ExeFile"] : "[Time Wait]" 284 | TCP_ROW["CreateTimestamp"] := CreateTime(NumGet(TCP, Offset + 28, "uint") << 32 | NumGet(TCP, Offset + 32, "uint")) 285 | TCP_ROW["ModuleName"] := GetOwnerModuleFromTcpEntry(TCP.Ptr + Offset) 286 | TCP_ROW["IconNumber"] := OwningPID ? PROCESS_TABLE[OwningPID]["IconNumber"] : 9999999 287 | TCP_ROW["Protocol"] := "TCP" 288 | TCP_TABLE[A_Index] := TCP_ROW 289 | } 290 | } 291 | return TCP_TABLE 292 | } 293 | return false 294 | } 295 | 296 | 297 | GetExtendedTcp6Table(PROCESS_TABLE, Resolve := false) 298 | { 299 | static AF_INET6 := 23 300 | static ERROR_INSUFFICIENT_BUFFER := 122 301 | static NO_ERROR := 0 302 | static TCP_TABLE_OWNER_MODULE_ALL := 8 303 | static TCP_STATE := ["Closed", "Listen", "Syn Sent", "Syn Received", "Established", "Fin Wait 1", "Fin Wait 2", "Close Wait", "Closing", "Ack", "Time Wait", "Delete TCB"] 304 | 305 | TCP6 := Buffer(4, 0) 306 | if (DllCall("iphlpapi\GetExtendedTcpTable", "ptr", TCP6, "uint*", &Size := 0, "int", 0, "uint", AF_INET6, "uint", TCP_TABLE_OWNER_MODULE_ALL, "uint", 0) = ERROR_INSUFFICIENT_BUFFER) 307 | { 308 | TCP6 := Buffer(Size, 0) 309 | if (DllCall("iphlpapi\GetExtendedTcpTable", "ptr", TCP6, "uint*", Size, "int", 0, "uint", AF_INET6, "uint", TCP_TABLE_OWNER_MODULE_ALL, "uint", 0) = NO_ERROR) 310 | { 311 | TCP6_TABLE := Map() 312 | NumEntries := NumGet(TCP6, 0, "uint") 313 | loop NumEntries 314 | { 315 | TCP6_ROW := Map(), ModuleName := "" 316 | Offset := 8 + ((A_Index - 1) * 192) 317 | TCP6_ROW["LocalAddr"] := InetNtopW(AF_INET6, TCP6.Ptr + Offset) 318 | TCP6_ROW["LocalScopeId"] := ntohl(NumGet(TCP6, Offset + 16, "uint")) 319 | TCP6_ROW["LocalPort"] := ntohs(NumGet(TCP6, Offset + 20, "uint")) 320 | RemoteAddr := InetNtopW(AF_INET6, TCP6.Ptr + Offset + 24) 321 | RemoteAddrResolved := Resolve ? DnsQueryW(Reverse_IPv4(RemoteAddr)) : RemoteAddr 322 | TCP6_ROW["RemoteAddr"] := RemoteAddrResolved ? RemoteAddrResolved : RemoteAddr 323 | TCP6_ROW["RemoteScopeId"] := ntohl(NumGet(TCP6, Offset + 40, "uint")) 324 | TCP6_ROW["RemotePort"] := ntohs(NumGet(TCP6, Offset + 44, "uint")) 325 | TCP6_ROW["State"] := TCP_STATE[NumGet(TCP6, Offset + 48, "uint")] 326 | TCP6_ROW["OwningPID"] := OwningPID := NumGet(TCP6, Offset + 52, "uint") 327 | TCP6_ROW["ProcessName"] := OwningPID ? PROCESS_TABLE[OwningPID]["ExeFile"] : "[Time Wait]" 328 | TCP6_ROW["CreateTimestamp"] := CreateTime(NumGet(TCP6, Offset + 60, "uint") << 32 | NumGet(TCP6, Offset + 64, "uint")) 329 | TCP6_ROW["ModuleName"] := GetOwnerModuleFromTcp6Entry(TCP6.Ptr + Offset) 330 | TCP6_ROW["IconNumber"] := OwningPID ? PROCESS_TABLE[OwningPID]["IconNumber"] : 9999999 331 | TCP6_ROW["Protocol"] := "TCPv6" 332 | TCP6_TABLE[A_Index] := TCP6_ROW 333 | } 334 | } 335 | return TCP6_TABLE 336 | } 337 | return false 338 | } 339 | 340 | 341 | GetExtendedUdpTable(PROCESS_TABLE) 342 | { 343 | static AF_INET := 2 344 | static ERROR_INSUFFICIENT_BUFFER := 122 345 | static NO_ERROR := 0 346 | static UDP_TABLE_OWNER_MODULE := 2 347 | 348 | UDP := Buffer(4, 0) 349 | if (DllCall("iphlpapi\GetExtendedUdpTable", "ptr", UDP, "uint*", &Size := 0, "int", 0, "uint", AF_INET, "uint", UDP_TABLE_OWNER_MODULE, "uint", 0) = ERROR_INSUFFICIENT_BUFFER) 350 | { 351 | UDP := Buffer(Size, 0) 352 | if (DllCall("iphlpapi\GetExtendedUdpTable", "ptr", UDP, "uint*", Size, "int", 0, "uint", AF_INET, "uint", UDP_TABLE_OWNER_MODULE, "uint", 0) = NO_ERROR) 353 | { 354 | UDP_TABLE := Map() 355 | NumEntries := NumGet(UDP, 0, "uint") 356 | loop NumEntries 357 | { 358 | UDP_ROW := Map(), ModuleName := "" 359 | Offset := 8 + ((A_Index - 1) * 160) 360 | UDP_ROW["LocalAddr"] := InetNtopW(AF_INET, UDP.Ptr + Offset) 361 | UDP_ROW["LocalPort"] := ntohs(NumGet(UDP, Offset + 4, "uint")) 362 | UDP_ROW["OwningPID"] := OwningPID := NumGet(UDP, Offset + 8, "uint") 363 | UDP_ROW["ProcessName"] := OwningPID ? PROCESS_TABLE[OwningPID]["ExeFile"] : "[Time Wait]" 364 | UDP_ROW["CreateTimestamp"] := CreateTime(NumGet(UDP, Offset + 20, "uint") << 32 | NumGet(UDP, Offset + 24, "uint")) 365 | UDP_ROW["ModuleName"] := GetOwnerModuleFromUdpEntry(UDP.Ptr + Offset) 366 | UDP_ROW["IconNumber"] := OwningPID ? PROCESS_TABLE[OwningPID]["IconNumber"] : 9999999 367 | UDP_ROW["Protocol"] := "UDP" 368 | UDP_ROW["State"] := "" 369 | UDP_ROW["RemoteAddr"] := "*" 370 | UDP_ROW["RemotePort"] := "" 371 | UDP_TABLE[A_Index] := UDP_ROW 372 | } 373 | } 374 | return UDP_TABLE 375 | } 376 | return false 377 | } 378 | 379 | 380 | GetExtendedUdp6Table(PROCESS_TABLE) 381 | { 382 | static AF_INET6 := 23 383 | static ERROR_INSUFFICIENT_BUFFER := 122 384 | static NO_ERROR := 0 385 | static UDP_TABLE_OWNER_MODULE := 2 386 | 387 | UDP6 := Buffer(4, 0) 388 | if (DllCall("iphlpapi\GetExtendedUdpTable", "ptr", UDP6, "uint*", &Size := 0, "int", 0, "uint", AF_INET6, "uint", UDP_TABLE_OWNER_MODULE, "uint", 0) = ERROR_INSUFFICIENT_BUFFER) 389 | { 390 | UDP6 := Buffer(Size, 0) 391 | if (DllCall("iphlpapi\GetExtendedUdpTable", "ptr", UDP6, "uint*", Size, "int", 0, "uint", AF_INET6, "uint", UDP_TABLE_OWNER_MODULE, "uint", 0) = NO_ERROR) 392 | { 393 | UDP6_TABLE := Map() 394 | NumEntries := NumGet(UDP6, 0, "uint") 395 | loop NumEntries 396 | { 397 | UDP6_ROW := Map(), ModuleName := "" 398 | Offset := 8 + ((A_Index - 1) * 176) 399 | UDP6_ROW["LocalAddr"] := NumGet(UDP6, Offset, "uchar") 400 | UDP6_ROW["LocalAddr"] := InetNtopW(AF_INET6, UDP6.Ptr + Offset) 401 | UDP6_ROW["LocalScopeId"] := ntohl(NumGet(UDP6, Offset + 16, "uint")) 402 | UDP6_ROW["LocalPort"] := ntohs(NumGet(UDP6, Offset + 20, "uint")) 403 | UDP6_ROW["OwningPID"] := OwningPID := NumGet(UDP6, Offset + 24, "uint") 404 | UDP6_ROW["ProcessName"] := OwningPID ? PROCESS_TABLE[OwningPID]["ExeFile"] : "[Time Wait]" 405 | UDP6_ROW["CreateTimestamp"] := CreateTime(NumGet(UDP6, Offset + 36, "uint") << 32 | NumGet(UDP6, Offset + 40, "uint")) 406 | UDP6_ROW["ModuleName"] := GetOwnerModuleFromUdp6Entry(UDP6.Ptr + Offset) 407 | UDP6_ROW["IconNumber"] := OwningPID ? PROCESS_TABLE[OwningPID]["IconNumber"] : 9999999 408 | UDP6_ROW["Protocol"] := "UDPv6" 409 | UDP6_ROW["State"] := "" 410 | UDP6_ROW["RemoteAddr"] := "*" 411 | UDP6_ROW["RemotePort"] := "" 412 | UDP6_TABLE[A_Index] := UDP6_ROW 413 | } 414 | } 415 | return UDP6_TABLE 416 | } 417 | return false 418 | } 419 | 420 | 421 | GetOwnerModuleFromTcpEntry(OWNER_MODULE) 422 | { 423 | static NO_ERROR := 0 424 | static ERROR_INSUFFICIENT_BUFFER := 122 425 | static OWNER_MODULE_INFO_CLASS := 0 426 | 427 | OWNER_MODULE_BASIC_INFO := Buffer(4, 0) 428 | if (DllCall("iphlpapi\GetOwnerModuleFromTcpEntry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", &Size := 0) = ERROR_INSUFFICIENT_BUFFER) 429 | { 430 | OWNER_MODULE_BASIC_INFO := Buffer(Size, 0) 431 | if (DllCall("iphlpapi\GetOwnerModuleFromTcpEntry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", Size) = NO_ERROR) 432 | return StrGet(NumGet(OWNER_MODULE_BASIC_INFO, 0, "ptr")) 433 | } 434 | return "" 435 | } 436 | 437 | 438 | GetOwnerModuleFromTcp6Entry(OWNER_MODULE) 439 | { 440 | static NO_ERROR := 0 441 | static ERROR_INSUFFICIENT_BUFFER := 122 442 | static OWNER_MODULE_INFO_CLASS := 0 443 | 444 | OWNER_MODULE_BASIC_INFO := Buffer(4, 0) 445 | if (DllCall("iphlpapi\GetOwnerModuleFromTcp6Entry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", &Size := 0) = ERROR_INSUFFICIENT_BUFFER) 446 | { 447 | OWNER_MODULE_BASIC_INFO := Buffer(Size, 0) 448 | if (DllCall("iphlpapi\GetOwnerModuleFromTcp6Entry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", Size) = NO_ERROR) 449 | return StrGet(NumGet(OWNER_MODULE_BASIC_INFO, 0, "ptr")) 450 | } 451 | return "" 452 | } 453 | 454 | 455 | GetOwnerModuleFromUdpEntry(OWNER_MODULE) 456 | { 457 | static NO_ERROR := 0 458 | static ERROR_INSUFFICIENT_BUFFER := 122 459 | static OWNER_MODULE_INFO_CLASS := 0 460 | 461 | OWNER_MODULE_BASIC_INFO := Buffer(4, 0) 462 | if (DllCall("iphlpapi\GetOwnerModuleFromUdpEntry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", &Size := 0) = ERROR_INSUFFICIENT_BUFFER) 463 | { 464 | OWNER_MODULE_BASIC_INFO := Buffer(Size, 0) 465 | if (DllCall("iphlpapi\GetOwnerModuleFromUdpEntry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", Size) = NO_ERROR) 466 | return StrGet(NumGet(OWNER_MODULE_BASIC_INFO, 0, "ptr")) 467 | } 468 | return "" 469 | } 470 | 471 | 472 | GetOwnerModuleFromUdp6Entry(OWNER_MODULE) 473 | { 474 | static NO_ERROR := 0 475 | static ERROR_INSUFFICIENT_BUFFER := 122 476 | static OWNER_MODULE_INFO_CLASS := 0 477 | 478 | OWNER_MODULE_BASIC_INFO := Buffer(4, 0) 479 | if (DllCall("iphlpapi\GetOwnerModuleFromUdp6Entry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", &Size := 0) = ERROR_INSUFFICIENT_BUFFER) 480 | { 481 | OWNER_MODULE_BASIC_INFO := Buffer(Size, 0) 482 | if (DllCall("iphlpapi\GetOwnerModuleFromUdp6Entry", "ptr", OWNER_MODULE, "int", OWNER_MODULE_INFO_CLASS, "ptr", OWNER_MODULE_BASIC_INFO, "uint*", Size) = NO_ERROR) 483 | return StrGet(NumGet(OWNER_MODULE_BASIC_INFO, 0, "ptr")) 484 | } 485 | return "" 486 | } 487 | 488 | 489 | InetNtopW(Family, Addr) 490 | { 491 | VarSetStrCapacity(&AddrString, Size := (Family = 2) ? 32 : 94) 492 | if (DllCall("ws2_32\InetNtopW", "int", Family, "ptr", Addr, "str", AddrString, "uint", Size)) 493 | return AddrString 494 | return "" 495 | } 496 | 497 | 498 | htonl(hostlong) 499 | { 500 | return DllCall("ws2_32\htonl", "uint", hostlong, "uint") 501 | } 502 | 503 | 504 | htons(hostshort) 505 | { 506 | return DllCall("ws2_32\htons", "ushort", hostshort, "ushort") 507 | } 508 | 509 | 510 | inet_addr(cp) 511 | { 512 | return DllCall("ws2_32\inet_addr", "astr", cp, "uint") 513 | } 514 | 515 | 516 | inet_ntoa(addr) 517 | { 518 | return DllCall("ws2_32\inet_ntoa", "uint", addr, "astr") 519 | } 520 | 521 | 522 | ntohl(netlong) 523 | { 524 | return DllCall("ws2_32\ntohl", "uint", netlong, "uint") 525 | } 526 | 527 | 528 | ntohs(netshort) 529 | { 530 | return DllCall("ws2_32\ntohs", "ushort", netshort, "ushort") 531 | } 532 | 533 | 534 | RtlIpv4AddressToStringW(IN_ADDR) 535 | { 536 | Size := VarSetStrCapacity(&StringAddr, 32) 537 | if (DllCall("ntdll\RtlIpv4AddressToStringW", "ptr*", IN_ADDR, "str", StringAddr)) 538 | return StringAddr 539 | return false 540 | } 541 | 542 | 543 | RtlIpv4StringToAddressW(AddrString) 544 | { 545 | static STATUS_SUCCESS := 0 546 | 547 | if (DllCall("ntdll\RtlIpv4StringToAddressW", "str", AddrString, "int", 0, "ptr*", 0, "ptr*", &IN_ADDR := 0) = STATUS_SUCCESS) 548 | return IN_ADDR 549 | return false 550 | } 551 | 552 | 553 | RtlIpv6StringToAddressW(AddrString) 554 | { 555 | static STATUS_SUCCESS := 0 556 | 557 | IN6_ADDR := Buffer(16, 0) 558 | if (DllCall("ntdll\RtlIpv6StringToAddressW", "str", AddrString, "ptr*", 0, "ptr", IN6_ADDR) = STATUS_SUCCESS) 559 | return IN6_ADDR 560 | return false 561 | } 562 | 563 | 564 | Reverse_IPv4(AddrString) 565 | { 566 | if (IN_ADDR := RtlIpv4StringToAddressW(AddrString)) 567 | { 568 | IN_ADDR := htonl(IN_ADDR) 569 | if (StringAddr := RtlIpv4AddressToStringW(IN_ADDR)) 570 | return StringAddr ".in-addr.arpa" 571 | } 572 | return false 573 | } 574 | 575 | 576 | Reverse_IPv6(AddrString) 577 | { 578 | if (IN6_ADDR := RtlIpv6StringToAddressW(AddrString)) 579 | { 580 | VarSetStrCapacity(&StringAddr, 72) 581 | loop size := 16 582 | { 583 | byte := NumGet(IN6_ADDR, size - A_Index, "uchar") 584 | StringAddr .= Format("{:x}", (byte & 0x0F)) "." Format("{:x}", ((byte & 0xF0) >> 4)) "." 585 | } 586 | return StringAddr "ip6.arpa" 587 | } 588 | return false 589 | } 590 | 591 | 592 | DnsQueryW(RevIP) 593 | { 594 | static DNS_TYPE_PTR := 0x000c 595 | 596 | if (RevIP = "0.0.0.0") || (RevIP = "::") || (RevIP = false) 597 | return false 598 | if !(DllCall("dnsapi\DnsQuery_W", "str", RevIP, "short", DNS_TYPE_PTR, "uint", 0, "ptr", 0, "ptr*", &DNS_RECORD := 0, "ptr", 0)) 599 | { 600 | if (NumGet(DNS_RECORD, A_PtrSize * 2, "ushort") = DNS_TYPE_PTR) 601 | { 602 | DNS_RECORD_LIST := [] 603 | addr := DNS_RECORD 604 | while (addr) 605 | { 606 | DNS_RECORD_LIST.Push(StrGet(NumGet(addr, (A_PtrSize * 2) + 16, "ptr"))) 607 | addr := NumGet(addr, "ptr") 608 | } 609 | DllCall("dnsapi\DnsRecordListFree", "ptr", DNS_RECORD, "int", 1) 610 | loop DNS_RECORD_LIST.Length 611 | HOSTNAMES .= DNS_RECORD_LIST[A_Index] " | " 612 | return SubStr(HOSTNAMES, 1, -3) 613 | } 614 | DllCall("dnsapi\DnsRecordListFree", "ptr", DNS_RECORD, "int", 1) 615 | } 616 | return false 617 | } 618 | 619 | 620 | CreateTime(FileTime) 621 | { 622 | if !(FileTime) 623 | return "" 624 | SystemTime := Buffer(16, 0) 625 | if (DllCall("kernel32\FileTimeToSystemTime", "int64*", FileTime, "ptr", SystemTime)) 626 | { 627 | LocalTime := Buffer(16, 0) 628 | if (DllCall("kernel32\SystemTimeToTzSpecificLocalTime", "ptr", 0, "ptr", SystemTime, "ptr", LocalTime)) 629 | { 630 | return Format("{:04}-{:02}-{:02} {:02}:{:02}:{:02}" 631 | , NumGet(LocalTime, 0, "ushort") 632 | , NumGet(LocalTime, 2, "ushort") 633 | , NumGet(LocalTime, 6, "ushort") 634 | , NumGet(LocalTime, 8, "ushort") 635 | , NumGet(LocalTime, 10, "ushort") 636 | , NumGet(LocalTime, 12, "ushort")) 637 | } 638 | return false 639 | } 640 | return false 641 | } 642 | 643 | 644 | NetStat() 645 | { 646 | Interval := (DDL1.Value = 1) ? 2000 : (DDL1.Value = 2) ? 5000 : (DDL1.Value = 3) ? 10000 : 5000 647 | LV_TABLE := [] 648 | ResolveAddr := CB6.Value 649 | SetTimer NetStat, Interval 650 | 651 | if !(PROCESS_TABLE := Process32()) 652 | { 653 | Main.Opt("+OwnDialogs") 654 | MsgBox("Process32 failed", "TCPView Error", "T5 16") 655 | ExitApp 656 | } 657 | 658 | if (CB1.Value) 659 | { 660 | if !(TCP_TABLE := GetExtendedTcpTable(PROCESS_TABLE, ResolveAddr)) 661 | { 662 | Main.Opt("+OwnDialogs") 663 | MsgBox("GetExtendedTcpTable failed", "TCPView Error", "T5 16") 664 | ExitApp 665 | } 666 | for i, v in TCP_TABLE 667 | LV_TABLE.Push(TCP_TABLE[i]) 668 | } 669 | 670 | if (CB2.Value) 671 | { 672 | if !(TCP6_TABLE := GetExtendedTcp6Table(PROCESS_TABLE, ResolveAddr)) 673 | { 674 | Main.Opt("+OwnDialogs") 675 | MsgBox("GetExtendedTcp6Table failed", "TCPView Error", "T5 16") 676 | ExitApp 677 | } 678 | for i, v in TCP6_TABLE 679 | LV_TABLE.Push(TCP6_TABLE[i]) 680 | } 681 | 682 | if (CB3.Value) 683 | { 684 | if !(UDP_TABLE := GetExtendedUdpTable(PROCESS_TABLE)) 685 | { 686 | Main.Opt("+OwnDialogs") 687 | MsgBox("GetExtendedUdpTable failed", "TCPView Error", "T5 16") 688 | ExitApp 689 | } 690 | for i, v in UDP_TABLE 691 | LV_TABLE.Push(UDP_TABLE[i]) 692 | } 693 | 694 | if (CB4.Value) 695 | { 696 | if !(UDP6_TABLE := GetExtendedUdp6Table(PROCESS_TABLE)) 697 | { 698 | Main.Opt("+OwnDialogs") 699 | MsgBox("GetExtendedUdp6Table failed", "TCPView Error", "T5 16") 700 | ExitApp 701 | } 702 | for i, v in UDP6_TABLE 703 | LV_TABLE.Push(UDP6_TABLE[i]) 704 | } 705 | 706 | LV.Opt("-Redraw") 707 | 708 | TableEntries := LV_TABLE.Length 709 | loop TableEntries 710 | { 711 | v := LV_TABLE[A_Index] 712 | if (A_Index > LV.GetCount()) 713 | LV.Add("Icon" . v["IconNumber"], v["ProcessName"], v["OwningPID"], v["Protocol"], v["State"], v["LocalAddr"], v["LocalPort"], v["RemoteAddr"], v["RemotePort"], v["CreateTimestamp"], v["ModuleName"]) 714 | else 715 | LV.Modify(A_Index, "Icon" . v["IconNumber"], v["ProcessName"], v["OwningPID"], v["Protocol"], v["State"], v["LocalAddr"], v["LocalPort"], v["RemoteAddr"], v["RemotePort"], v["CreateTimestamp"], v["ModuleName"]) 716 | } 717 | 718 | GetCount := LV.GetCount() 719 | if (TableEntries = 0) 720 | LV.Delete() 721 | if (GetCount > TableEntries) 722 | loop GetCount - TableEntries 723 | LV.Delete(GetCount - A_Index + 1) 724 | 725 | LV.Opt("+Redraw") 726 | 727 | SB_C2 := 0, SB_C3 := 0, SB_C4 := 0, SB_C5 := 0 728 | loop SB_C1 := LV.GetCount() 729 | { 730 | if (LV.GetText(A_Index, 4) = "Established") 731 | SB_C2++ 732 | if (LV.GetText(A_Index, 4) = "Listen") 733 | SB_C3++ 734 | if (LV.GetText(A_Index, 4) = "Time Wait") 735 | SB_C4++ 736 | if (LV.GetText(A_Index, 4) = "Close Wait") 737 | SB_C5++ 738 | } 739 | SB.SetText(" Endpoints: " SB_C1, 1) 740 | SB.SetText("Established: " SB_C2, 2) 741 | SB.SetText("Listening: " SB_C3, 3) 742 | SB.SetText("Time Wait: " SB_C4, 4) 743 | SB.SetText("Close Wait: " SB_C5, 5) 744 | SB.SetText("Update: " StrLower(SubStr(DDL1.Text, 1, -4)), 6) 745 | } 746 | 747 | 748 | ; =============================================================================================================================== --------------------------------------------------------------------------------