Lets assume you have a app that opens a socket port for communication purposes. How can I get the path of this app only by knowing its port?
I want to do what netstat -b does. It lists all socket ports opened and the app that opened the socket.
I am using delphi 2010.
By knowing which app opened which port I am able to kill the app.
Note that I need a delphi code, not an Dos command or an explanation of how to use netstat.
Rafael, you can use the GetExtendedTcpTable function, this function retrieves a table that contains a list of TCP connections availables.
first you must inspect the records returned by this function, and check the dwLocalPortor dwRemotePort (depending of what port your need to check), then you can get the pid of the application checking the dwOwningPid field and resolve the exe name using a windows api function like GetModuleFileNameEx
Check this sample application which show all tcp connections like netstat. you can modify this sample to fit with your requirements.
uses
PsAPI,
WinSock,
Windows,
SysUtils;
const
ANY_SIZE = 1;
iphlpapi = 'iphlpapi.dll';
TCP_TABLE_OWNER_PID_ALL = 5;
MIB_TCP_STATE:
array[1..12] of string = ('CLOSED', 'LISTEN', 'SYN-SENT ','SYN-RECEIVED', 'ESTABLISHED', 'FIN-WAIT-1',
'FIN-WAIT-2', 'CLOSE-WAIT', 'CLOSING','LAST-ACK', 'TIME-WAIT', 'delete TCB');
type
TCP_TABLE_CLASS = Integer;
PMibTcpRowOwnerPid = ^TMibTcpRowOwnerPid;
TMibTcpRowOwnerPid = packed record
dwState : DWORD;
dwLocalAddr : DWORD;
dwLocalPort : DWORD;
dwRemoteAddr: DWORD;
dwRemotePort: DWORD;
dwOwningPid : DWORD;
end;
PMIB_TCPTABLE_OWNER_PID = ^MIB_TCPTABLE_OWNER_PID;
MIB_TCPTABLE_OWNER_PID = packed record
dwNumEntries: DWord;
table: array [0..ANY_SIZE - 1] OF TMibTcpRowOwnerPid;
end;
var
GetExtendedTcpTable:function (pTcpTable: Pointer; dwSize: PDWORD; bOrder: BOOL; lAf: ULONG; TableClass: TCP_TABLE_CLASS; Reserved: ULONG): DWord; stdcall;
function GetPathPID(PID: DWORD): string;
var
Handle: THandle;
begin
Result := '';
Handle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, PID);
if Handle <> 0 then
try
SetLength(Result, MAX_PATH);
if GetModuleFileNameEx(Handle, 0, PChar(Result), MAX_PATH) > 0 then
SetLength(Result, StrLen(PChar(Result)))
else
Result := '';
finally
CloseHandle(Handle);
end;
end;
procedure ShowCurrentTCPConnections;
var
Error : DWORD;
TableSize : DWORD;
i : integer;
IpAddress : in_addr;
RemoteIp : string;
LocalIp : string;
FExtendedTcpTable : PMIB_TCPTABLE_OWNER_PID;
begin
TableSize := 0;
Error := GetExtendedTcpTable(nil, #TableSize, False, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if Error <> ERROR_INSUFFICIENT_BUFFER then
Exit;
GetMem(FExtendedTcpTable, TableSize);
try
if GetExtendedTcpTable(FExtendedTcpTable, #TableSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) = NO_ERROR then
for i := 0 to FExtendedTcpTable.dwNumEntries - 1 do
if {(FExtendedTcpTable.Table[i].dwOwningPid=Pid) and} (FExtendedTcpTable.Table[i].dwRemoteAddr<>0) then //here you can check the particular port
begin
IpAddress.s_addr := FExtendedTcpTable.Table[i].dwRemoteAddr;
RemoteIp := string(inet_ntoa(IpAddress));
IpAddress.s_addr := FExtendedTcpTable.Table[i].dwLocalAddr;
LocalIp := string(inet_ntoa(IpAddress));
Writeln(GetPathPID(FExtendedTcpTable.Table[i].dwOwningPid));
Writeln(Format('%-16s %-6d %-16s %-6d %s',[LocalIp,FExtendedTcpTable.Table[i].dwLocalPort,RemoteIp,FExtendedTcpTable.Table[i].dwRemotePort,MIB_TCP_STATE[FExtendedTcpTable.Table[i].dwState]]));
end;
finally
FreeMem(FExtendedTcpTable);
end;
end;
var
libHandle : THandle;
begin
try
ReportMemoryLeaksOnShutdown:=DebugHook<>0;
libHandle := LoadLibrary(iphlpapi);
GetExtendedTcpTable := GetProcAddress(libHandle, 'GetExtendedTcpTable');
ShowCurrentTCPConnections;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
readln;
end.
You can use IP Helper Component of Magenta Systems.
It is free and also has very good example
For correct number of port you must using function WinSock
ntohs(FExtendedTcpTable.Table[i].dwLocalPort)
Related
Good afternoon,
I need lock CTRL+ALT+DEL combination using SetWindowsHookEx and today i have done a code and don't is working until now.
This code is executing in a dll ( this dll is my software ) that is injected in other process.
So, how i can adapt this code below to work?
const
WH_KEYBOARD_LL = 13;
LLKHF_ALTDOWN = $20;
type
KBDLLHOOKSTRUCT = record
vkCode: DWORD;
scanCode: DWORD;
flags: DWORD;
time: DWORD;
dwExtraInfo: Longint ;
end;
var
hhkLowLevelKybd : HHOOK;
FoldProc : LongInt;
hSASWnd : HWND;
hThread : Cardinal;
{$R *.dfm}
Function LowLevelKeyboardProc(nCode : Integer; wParam : Longint; var LParam: KBDLLHOOKSTRUCT) : Longint; stdcall;
var
fEatKeystroke : Boolean;
dwThreadId : Cardinal;
begin
If (nCode = HC_ACTION) Then
begin
If (wParam = WM_KEYDOWN) Or
(wParam = WM_SYSKEYDOWN) Or
(wParam = WM_KEYUP) Or
(wParam = WM_SYSKEYUP) Then
begin
fEatKeystroke :=
(((GetKeyState(VK_CONTROL) And $8000) <> 0) And
((LParam.flags And LLKHF_ALTDOWN ) <> 0) And
(LParam.vkCode = VK_DELETE));
End;
If fEatKeystroke Then
Result := -1
Else
Result := CallNextHookEx(0, nCode, wParam, LongInt(#LParam));
End;
end;
////////// FormCreate event here ///////////
hhkLowLevelKybd := 0;
hhkLowLevelKybd := SetWindowsHookEx(WH_KEYBOARD_LL, #LowLevelKeyboardProc,
HInstance, 0);
end.
Windows does not allow you to intercept Ctrl+Alt+Del for security reasons. Earlier versions (pre-Vista?) used to allow it by replacing the GINA DLL, but it's not been allowed for years.
That key combination is known as a secure attention sequence which is guaranteed to be trustworthy as part of the login process.
If your goal is to only allow your application to be run, you can configure it to act in kiosk mode if you're running a suitable version of Windows, as shown in Set up a device for anyone to use (kiosk mode) at TechNet which #LURD kindly provided.
By design it's impossible to trap or block Ctrl+Alt+Del (The Secure Attention Sequence). There is however a commercial library available (disclaimer: I am the author), SasLibEx.
SasLibEx: a library that can simulate or block the Secure Attention
Sequence (Ctrl+Alt+Del) but it can even unlock a
workstation or session without entering or needing the user’s
credentials (and many more things)
See this screencast for a demo.
Impossible. The Ctl-Alt-Del gets trapped in the Kernel and never makes it to the user mode space where your app is running.
I have had to do this on kiosks systems (using Win XP and Vista) and I did it with a keyboard filter driver (which runs in the kernel) that swaps out the scan codes when the key are pressed.
Not is impossible, see the following code:
program Project1;
{$APPTYPE CONSOLE}
{$R *.res}
uses
SysUtils,
Windows,
Registry,
vcl.Dialogs;
procedure DisableCtrAltDel(boolState: Boolean);
var
SystemReg: TRegistry;
Data: Array [1 .. 48] of Byte;
i: Byte;
begin
try
for i := 1 to 48 do
Data[i] := $00;
Data[9] := $09;
Data[15] := $5B;
Data[16] := $E0;
Data[19] := $5C;
Data[20] := $E0;
Data[23] := $5D;
Data[24] := $E0;
Data[27] := $44;
Data[31] := $1D;
Data[35] := $38;
Data[39] := $1D;
Data[40] := $E0;
Data[43] := $38;
Data[44] := $E0;
try
SystemReg := TRegistry.Create;
with SystemReg do
begin
RootKey := HKEY_LOCAL_MACHINE;
OpenKey('\System\CurrentControlSet\Control\Keyboard Layout', True);
if boolState then
WriteBinaryData('Scancode Map', Data, SizeOf(Data))
else
DeleteValue('Scancode Map');
MessageDlg('Restart Windows in order the changes to take effect!',
mtInformation, [mbOK], 0);
CloseKey;
end;
finally
SystemReg.Free;
end;
except
MessageDlg
('Error occurred while trying to disable ctrl+alt+del and Task Manager',
mtWarning, [mbOK], 0);
end;
end;
begin
try
DisableCtrAltDel(True);
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
end.
Reference
i have Call Center Using Avaya System I need To manage this System
by my application that's developed by my
there are dll Called devlink have 4 Events
DEVLINK_COMMS_OPERATIONAL
DEVLINK_COMMS_NORESPONSE
DEVLINK_COMMS_REJECTED
DEVLINK_COMMS_MISSEDPACKETS
the first Event
DEVLINK_COMMS_OPERATIONAL
meen the connection was establish
when Click The Button Connect
procedure TfrmMain.btnConnectClick(Sender: TObject);
var
hEvent:integer;
vPass,vAddress:PChar;
begin
with frmSetup.tblConnections do
begin
First;
while not Eof do
begin
if FieldByName('IPEnabled').AsInteger=1 then
Begin
vPass:=PChar(FieldByName('IPPassword').AsString);
vAddress:=PChar(FieldByName('IpAddress').AsString);
DLOpen(fNextHandle, vAddress,vPass, nil, nil,HandleCommsEvent);
Edit;
FieldByName('pbxh').AsInteger:=fNextHandle;
Post;
hEvent := CreateEvent(nil, FALSE, FALSE, nil);
try
WaitForSingleObject(hEvent, 10000);
if (Locate('pbxh',fNextHandle,[]))and(FieldByName('connected').AsInteger=1) then
else
LogAddLine(fNextHandle,'No Responce');
finally
CloseHandle(hEvent);
inc(fNextHandle);
end;
End;
next;
end;
end;
end;
we note DlOpen Method Take the IP of system And Password
and Event that will fire to test the Dlopen
Always appear message of the event DEVLINK_COMMS_NORESPONSE
that is no response
i need to know where the error where the IP And Password Was correct. There
are The HandleCommsEvent
procedure HandleCommsEvent(pbxh: LongInt; Comms_status: DWORD; Parm1: DWORD);stdcall;
stdcall;
begin
//4 cases for event of DLOPEN
LogAddLine(pbxh,'HandleCommsEvent happend');
case Comms_status of
DEVLINK_COMMS_OPERATIONAL:
Begin
DLRegisterType2CallDeltas(pbxh, HandleEvent);
LogAddLine(pbxh,'Connected Done');
if frmSetup.tblConnections.Locate('pbxh',pbxh,[]) then
Begin
frmSetup.tblConnections.Edit;
frmSetup.tblConnections.FieldByName('connected').AsInteger:=1;
frmSetup.tblConnections.Post;
End;
end;
DEVLINK_COMMS_NORESPONSE:
begin
LogAddLine(pbxh,'Connected NORESPONSE There Are Problem In network ');
if frmSetup.tblConnections.Locate('pbxh',pbxh,[]) then
Begin
frmSetup.tblConnections.Edit;
frmSetup.tblConnections.FieldByName('pbxh').AsInteger:=pbxh;
frmSetup.tblConnections.FieldByName('connected').AsInteger:=0;
frmSetup.tblConnections.Post;
End;
end ;
DEVLINK_COMMS_REJECTED:
begin
LogAddLine(pbxh,'Connected REJECTED,Password was incorrect');
if frmSetup.tblConnections.Locate('pbxh',pbxh,[]) then
Begin
frmSetup.tblConnections.Edit;
frmSetup.tblConnections.FieldByName('pbxh').AsInteger:=pbxh;
frmSetup.tblConnections.FieldByName('connected').AsInteger:=0;
frmSetup.tblConnections.Post;
End;
end;
// Case of Packets were generated by IP Office System unit ,but Not recieved by Devlink
DEVLINK_COMMS_MISSEDPACKETS:
begin
LogAddLine(pbxh,'Connected MISSEDPACKETS ,Packets were generated by IP Office System unit ,but Not recieved by Devlink ');
end;
//Case of NO Response from From System Unit
end;
end;
if Any one need more info and details i'm ready.
The Message of NO Response Always appear
for more Details
This is Devlink
unit UDevLink;
{**************************************************************************}
{ Delphi unit for DevLink (c) 2001 Avaya Global SME Solutions }
{ Contents:- }
{ IP Office DevLink DLL provides an interface for managing }
{ the IP Office product ranges from a Windows PC }
{**************************************************************************}
interface
uses
Windows, SysUtils , Classes, UfrmMain,strutils,Ustrings;
const
DEVLINK_SUCCESS = 0;
DEVLINK_UNSPECIFIEDFAIL = 1;
DEVLINK_LICENCENOTFOUND = 2;
const
DEVLINK_COMMS_OPERATIONAL = 0;
DEVLINK_COMMS_NORESPONSE = 1;
DEVLINK_COMMS_REJECTED = 2;
DEVLINK_COMMS_MISSEDPACKETS = 3;
type
TCallLogEvent = procedure(pbxh: LongInt; info: PChar); stdcall;
type
TCommsEvent = procedure(pbxh: LongInt;
Comms_status: DWORD;
Parm1: DWORD); stdcall;
function DLOpen(pbxh: LongInt;
pbx_address: PChar;
pbx_password: PChar;
reserved1: PChar;
reserved2: PChar;
cb: TCommsEvent): LongInt; stdcall;
function DLClose(pbxh: THandle): LongInt; stdcall;
function DLRegisterType2CallDeltas(pbxh: LongInt;
cb: TCallLogEvent): LongInt; stdcall;
implementation
function DLOpen; external 'DEVLINK.DLL';
function DLClose; external 'DEVLINK.DLL';
function DLRegisterType2CallDeltas; external 'DEVLINK.DLL';
end.
Your DB management is manipulating the DB cursor while you are iterating with the same cursor. There is no need to Locate() the record that you are actively processing.
Your call to DlOpen() should look more like this, based on the Delphi example provided in the official Avaya DevLink API documentation (which I assume you have read):
var
hEvent: THandle;
Status: DWORD;
Starting: Boolean;
procedure HandleCommsEvent(pbxh: LongInt; Comms_status: DWORD; Parm1: DWORD); stdcall;
begin
//4 cases for event of DLOPEN
LogAddLine(pbxh, 'HandleCommsEvent happend');
case Comms_status of
DEVLINK_COMMS_OPERATIONAL,
DEVLINK_COMMS_NORESPONSE,
DEVLINK_COMMS_REJECTED:
begin
if Starting then begin
Status := Comms_status;
SetEvent(hEvent);
end;
end;
// Case of Packets were generated by IP Office System unit ,but Not recieved by Devlink
DEVLINK_COMMS_MISSEDPACKETS:
begin
LogAddLine(pbxh,'Connected MISSEDPACKETS ,Packets were generated by IP Office System unit ,but Not recieved by Devlink ');
end;
//Case of NO Response from From System Unit
end;
end;
procedure TfrmMain.btnConnectClick(Sender: TObject);
var
vPass, vAddress: String;
begin
hEvent := CreateEvent(nil, TRUE, FALSE, nil);
try
with frmSetup.tblConnections do
begin
First;
while not Eof do
begin
if FieldByName('IPEnabled').AsInteger = 1 then
begin
vPass := FieldByName('IPPassword').AsString;
vAddress := FieldByName('IpAddress').AsString;
Edit;
FieldByName('pbxh').AsInteger := fNextHandle;
FieldByName('connected').AsInteger := 0;
Post;
Status := DEVLINK_COMMS_NORESPONSE;
Starting := True;
ResetEvent(hEvent);
DLOpen(fNextHandle, PChar(vAddress), PChar(vPass), nil, nil, HandleCommsEvent);
WaitForSingleObject(hEvent, 10000);
Starting := False;
if Status = DEVLINK_COMMS_OPERATIONAL then
begin
DLRegisterType2CallDeltas(fNextHandle, HandleEvent);
LogAddLine(fNextHandle, 'Connected Done');
Edit;
FieldByName('connected').AsInteger := 1;
Post;
end else
begin
DLClose(fNextHandle);
case Status of
DEVLINK_COMMS_NORESPONSE:
begin
LogAddLine(fNextHandle, 'Connected NORESPONSE There Are Problem In network ');
end;
DEVLINK_COMMS_REJECTED:
begin
LogAddLine(fNextHandle, 'Connected REJECTED,Password was incorrect');
end;
end;
end;
end;
Inc(fNextHandle);
end;
Next;
end;
finally
CloseHandle(hEvent);
end;
end;
upload logs for more details..
and write else part of case to check value of Comms_status
I have been given a task of finding the info abt n/w or, the info which is given by the netstat command in Windows. Now, I have been told to use some API for extracting that information. Any API which is available for delphi 7 for this task will be helpful.
I have come across this API, the IP helper API , but i cannot find that in my PC. i could only find the DLL 'iphlpapi.dll' in C:\Windows\System32. Also, there seems to be very less information on how to use this particular API. Please help.
Thanks IN advance
P.S. Earlier i was doing the same by executing the Netstat command, writing the output to a text file, and then parsing the same for display, which for me, is a Perfectly fine approach. My sir however is not fine with it. What is the cause, i could not fathom.
Check these windows functions GetTcpTable, GetUdpTable, GetExtendedTcpTable, GetExtendedUdpTable.
UPDATE
{$APPTYPE CONSOLE}
uses
WinSock,
Windows,
SysUtils;
const
ANY_SIZE = 1;
iphlpapi = 'iphlpapi.dll';
TCP_TABLE_OWNER_PID_ALL = 5;
MIB_TCP_STATE:
array[1..12] of string = ('CLOSED', 'LISTEN', 'SYN-SENT ','SYN-RECEIVED', 'ESTABLISHED', 'FIN-WAIT-1',
'FIN-WAIT-2', 'CLOSE-WAIT', 'CLOSING','LAST-ACK', 'TIME-WAIT', 'delete TCB');
type
TCP_TABLE_CLASS = Integer;
PMibTcpRowOwnerPid = ^TMibTcpRowOwnerPid;
TMibTcpRowOwnerPid = packed record
dwState : DWORD;
dwLocalAddr : DWORD;
dwLocalPort : DWORD;
dwRemoteAddr: DWORD;
dwRemotePort: DWORD;
dwOwningPid : DWORD;
end;
PMIB_TCPTABLE_OWNER_PID = ^MIB_TCPTABLE_OWNER_PID;
MIB_TCPTABLE_OWNER_PID = packed record
dwNumEntries: DWORD;
table: Array [0..ANY_SIZE - 1] of TMibTcpRowOwnerPid;
end;
var
GetExtendedTcpTable:function (pTcpTable: Pointer; dwSize: PDWORD; bOrder: BOOL; lAf: ULONG; TableClass: TCP_TABLE_CLASS; Reserved: ULONG): DWord; stdcall;
procedure ShowCurrentTCPConnections;
var
Error : DWORD;
TableSize : DWORD;
i : integer;
IpAddress : in_addr;
RemoteIp : string;
LocalIp : string;
pTcpTable : PMIB_TCPTABLE_OWNER_PID;
begin
TableSize := 0;
//Get the size o the tcp table
Error := GetExtendedTcpTable(nil, #TableSize, False, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if Error <> ERROR_INSUFFICIENT_BUFFER then exit;
//alocate the buffer
GetMem(pTcpTable, TableSize);
try
Writeln(Format('%-16s %-6s %-16s %-6s %s',['Local IP','Port','Remote IP','Port','Status']));
//get the tcp table data
if GetExtendedTcpTable(pTcpTable, #TableSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) = NO_ERROR then
for i := 0 to pTcpTable.dwNumEntries - 1 do
begin
IpAddress.s_addr := pTcpTable.Table[i].dwRemoteAddr;
RemoteIp := string(inet_ntoa(IpAddress));
IpAddress.s_addr := pTcpTable.Table[i].dwLocalAddr;
LocalIp := string(inet_ntoa(IpAddress));
Writeln(Format('%-16s %-6d %-16s %-6d %s',[LocalIp,pTcpTable.Table[i].dwLocalPort,RemoteIp,pTcpTable.Table[i].dwRemotePort,MIB_TCP_STATE[pTcpTable.Table[i].dwState]]));
end;
finally
FreeMem(pTcpTable);
end;
end;
var
hModule : THandle;
begin
try
hModule := LoadLibrary(iphlpapi);
GetExtendedTcpTable := GetProcAddress(hModule, 'GetExtendedTcpTable');
ShowCurrentTCPConnections;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
Readln;
end.
When I establish a socket connection to a server, both client and server have sockets opened. Its easy to know what is the server port (since I use it to connect to the server). But I would like to discover the client port of the connection after connecting to a server. I am using Wininet functions in a Delphi 2010 application.
Pseudo-code:
1 - InternetOpen
2 - InternetConnect
3 - HttpOpenRequest
4 - HttpSendRequestA
5 - InternetReadFile
6 - ?????? <------ How to get the client port?
Edited:
I have found I should use InternetQueryOption with INTERNET_OPTION_DIAGNOSTIC_SOCKET_INFO, but i have no idea how to do that.
you are correct about use the InternetQueryOption function with the INTERNET_OPTION_DIAGNOSTIC_SOCKET_INFO flag, this will return a INTERNET_DIAGNOSTIC_SOCKET_INFO Structure
typedef struct {
DWORD_PTR Socket;
DWORD SourcePort;
DWORD DestPort;
DWORD Flags;
} INTERNET_DIAGNOSTIC_SOCKET_INFO, * LPINTERNET_DIAGNOSTIC_SOCKET_INFO;
which in Delphi look like this
PINTERNET_DIAGNOSTIC_SOCKET_INFO = ^TINTERNET_DIAGNOSTIC_SOCKET_INFO;
TINTERNET_DIAGNOSTIC_SOCKET_INFO= record
Socket : DWORD_PTR;
SourcePort : DWORD;
DestPort : DWORD;
Flags : DWORD;
end;
and then you can wrote a function to return the socket info
function GetSocketInfo(hInet: HINTERNET) : TINTERNET_DIAGNOSTIC_SOCKET_INFO;
var
lpdwBufferLength: DWORD;
begin
lpdwBufferLength:=SizeOf(TINTERNET_DIAGNOSTIC_SOCKET_INFO);
ZeroMemory(#Result,lpdwBufferLength);
if not InternetQueryOption(hInet, INTERNET_OPTION_DIAGNOSTIC_SOCKET_INFO, #Result, lpdwBufferLength) then
RaiseLastOSError;
end;
check this sample app to see how use it.
{$APPTYPE CONSOLE}
uses
Windows,
WinInet,
SysUtils;
type
PINTERNET_DIAGNOSTIC_SOCKET_INFO = ^TINTERNET_DIAGNOSTIC_SOCKET_INFO;
TINTERNET_DIAGNOSTIC_SOCKET_INFO= record
Socket : DWORD_PTR;
SourcePort : DWORD;
DestPort : DWORD;
Flags : DWORD;
end;
const
INTERNET_OPTION_DIAGNOSTIC_SOCKET_INFO = Cardinal(67);
function GetSocketInfo(hInet: HINTERNET) : TINTERNET_DIAGNOSTIC_SOCKET_INFO;
var
lpdwBufferLength: DWORD;
begin
lpdwBufferLength:=SizeOf(TINTERNET_DIAGNOSTIC_SOCKET_INFO);
ZeroMemory(#Result,lpdwBufferLength);
if not InternetQueryOption(hInet, INTERNET_OPTION_DIAGNOSTIC_SOCKET_INFO, #Result, lpdwBufferLength) then
RaiseLastOSError;
end;
//this a dummy function to download a file, only to show the use of the INTERNET_OPTION_DIAGNOSTIC_SOCKET_INFO
procedure WinInet_HttpGet(const Url: string);
const
BuffSize = 1024*1024;
var
hInter : HINTERNET;
UrlHandle: HINTERNET;
BytesRead: DWORD;
Buffer : Pointer;
SocketInfo: TINTERNET_DIAGNOSTIC_SOCKET_INFO;
begin
hInter := InternetOpen('', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
if Assigned(hInter) then
begin
GetMem(Buffer,BuffSize);
try
UrlHandle := InternetOpenUrl(hInter, PChar(Url), nil, 0, INTERNET_FLAG_RELOAD, 0);
if Assigned(UrlHandle) then
begin
//Get the info of the socket
SocketInfo:=GetSocketInfo(UrlHandle);
Writeln('Socket Info');
Writeln(Format('Source Port %d',[SocketInfo.SourcePort]));
Writeln(Format('Dest Port %d',[SocketInfo.DestPort]));
try
repeat
InternetReadFile(UrlHandle, Buffer, BuffSize, BytesRead);
if BytesRead>0 then
begin
//do your stuff
end;
until BytesRead = 0;
finally
InternetCloseHandle(UrlHandle);
end;
end;
finally
FreeMem(Buffer);
end;
InternetCloseHandle(hInter);
end
end;
begin
try
WinInet_HttpGet('http://msdn.microsoft.com/en-us/library/aa385096%28v=vs.85%29.aspx');
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
readln;
end.
How can I get the list of opened files by an application, using Delphi?
For example what files are opened by winword.exe
Using the Native API function NtQuerySystemInformation you can list all open handles from all processes.
try this example
program ListAllHandles;
{$APPTYPE CONSOLE}
uses
PSApi,
Windows,
SysUtils;
const
SystemHandleInformation = $10;
STATUS_SUCCESS = $00000000;
STATUS_BUFFER_OVERFLOW = $80000005;
STATUS_INFO_LENGTH_MISMATCH = $C0000004;
DefaulBUFFERSIZE = $100000;
type
OBJECT_INFORMATION_CLASS = (ObjectBasicInformation,ObjectNameInformation,ObjectTypeInformation,ObjectAllTypesInformation,ObjectHandleInformation );
SYSTEM_HANDLE=packed record
uIdProcess:ULONG;
ObjectType:UCHAR;
Flags :UCHAR;
Handle :Word;
pObject :Pointer;
GrantedAccess:ACCESS_MASK;
end;
PSYSTEM_HANDLE = ^SYSTEM_HANDLE;
SYSTEM_HANDLE_ARRAY = Array[0..0] of SYSTEM_HANDLE;
PSYSTEM_HANDLE_ARRAY= ^SYSTEM_HANDLE_ARRAY;
SYSTEM_HANDLE_INFORMATION=packed record
uCount:ULONG;
Handles:SYSTEM_HANDLE_ARRAY;
end;
PSYSTEM_HANDLE_INFORMATION=^SYSTEM_HANDLE_INFORMATION;
TNtQuerySystemInformation=function (SystemInformationClass:DWORD; SystemInformation:pointer; SystemInformationLength:DWORD; ReturnLength:PDWORD):THandle; stdcall;
TNtQueryObject =function (ObjectHandle:cardinal; ObjectInformationClass:OBJECT_INFORMATION_CLASS; ObjectInformation:pointer; Length:ULONG;ResultLength:PDWORD):THandle;stdcall;
UNICODE_STRING=packed record
Length :Word;
MaximumLength:Word;
Buffer :PWideChar;
end;
OBJECT_NAME_INFORMATION=UNICODE_STRING;
POBJECT_NAME_INFORMATION=^OBJECT_NAME_INFORMATION;
Var
NTQueryObject :TNtQueryObject;
NTQuerySystemInformation:TNTQuerySystemInformation;
function GetObjectInfo(hObject:cardinal; objInfoClass:OBJECT_INFORMATION_CLASS):LPWSTR;
var
pObjectInfo:POBJECT_NAME_INFORMATION;
HDummy :THandle;
dwSize :DWORD;
begin
Result:=nil;
dwSize := sizeof(OBJECT_NAME_INFORMATION);
pObjectInfo := AllocMem(dwSize);
HDummy := NTQueryObject(hObject, objInfoClass, pObjectInfo,dwSize, #dwSize);
if((HDummy = STATUS_BUFFER_OVERFLOW) or (HDummy = STATUS_INFO_LENGTH_MISMATCH)) then
begin
FreeMem(pObjectInfo);
pObjectInfo := AllocMem(dwSize);
HDummy := NTQueryObject(hObject, objInfoClass, pObjectInfo,dwSize, #dwSize);
end;
if((HDummy >= STATUS_SUCCESS) and (pObjectInfo.Buffer <> nil)) then
begin
Result := AllocMem(pObjectInfo.Length + sizeof(WCHAR));
CopyMemory(result, pObjectInfo.Buffer, pObjectInfo.Length);
end;
FreeMem(pObjectInfo);
end;
Procedure EnumerateOpenFiles();
var
sDummy : string;
hProcess : THandle;
hObject : THandle;
ResultLength: DWORD;
aBufferSize : DWORD;
aIndex : Integer;
pHandleInfo : PSYSTEM_HANDLE_INFORMATION;
HDummy : THandle;
lpwsName : PWideChar;
lpwsType : PWideChar;
lpszProcess : PAnsiChar;
begin
AbufferSize := DefaulBUFFERSIZE;
pHandleInfo := AllocMem(AbufferSize);
HDummy := NTQuerySystemInformation(DWORD(SystemHandleInformation), pHandleInfo,AbufferSize, #ResultLength); //Get the list of handles
if(HDummy = STATUS_SUCCESS) then //If no error continue
begin
for aIndex:=0 to pHandleInfo^.uCount-1 do //iterate the list
begin
hProcess := OpenProcess(PROCESS_DUP_HANDLE or PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE, pHandleInfo.Handles[aIndex].uIdProcess); //open the process to get aditional info
if(hProcess <> INVALID_HANDLE_VALUE) then //Check valid handle
begin
hObject := 0;
if DuplicateHandle(hProcess, pHandleInfo.Handles[aIndex].Handle,GetCurrentProcess(), #hObject, STANDARD_RIGHTS_REQUIRED,FALSE, 0) then //Get a copy of the original handle
begin
lpwsName := GetObjectInfo(hObject, ObjectNameInformation); //Get the filename linked to the handle
if (lpwsName <> nil) then
begin
lpwsType := GetObjectInfo(hObject, ObjectTypeInformation);
lpszProcess := AllocMem(MAX_PATH);
if GetModuleFileNameEx(hProcess, 0,lpszProcess, MAX_PATH)<>0 then //get the name of the process
sDummy:=ExtractFileName(lpszProcess)
else
sDummy:= 'System Process';
Writeln('PID ',pHandleInfo.Handles[aIndex].uIdProcess);
Writeln('Handle ',pHandleInfo.Handles[aIndex].Handle);
Writeln('Process ',sDummy);
Writeln('FileName ',string(lpwsName));
Writeln;
FreeMem(lpwsName);
FreeMem(lpwsType);
FreeMem(lpszProcess);
end;
CloseHandle(hObject);
end;
CloseHandle(hProcess);
end;
end;
end;
FreeMem(pHandleInfo);
end;
begin
try
NTQueryObject := GetProcAddress(GetModuleHandle('NTDLL.DLL'), 'NtQueryObject');
NTQuerySystemInformation := GetProcAddress(GetModuleHandle('NTDLL.DLL'), 'NtQuerySystemInformation');
if (#NTQuerySystemInformation<>nil) and (#NTQuerySystemInformation<>nil) then
EnumerateOpenFiles();
Readln;
except
on E:Exception do
Writeln(E.Classname, ': ', E.Message);
end;
end.
You could port walkobjects.cpp or run a command line process that does it for you and parse it's output.
I've looked at the MSDN page...
it said NtQuerySystemInformation() is an OS internal proc,
and that we're not recommended to use it:
The NtQuerySystemInformation function
and the structures that it returns are
internal to the operating system and
subject to change from one release of
Windows to another. To maintain the
compatibility of your application, it
is better to use the alternate
functions previously mentioned
instead.