Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broke out process names and command lines for tcp/udp network connect… #116

Closed
wants to merge 1 commit into from
Closed

Broke out process names and command lines for tcp/udp network connect… #116

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 32 additions & 17 deletions Seatbelt/Commands/Windows/TCPConnectionsCommand.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ internal class TcpConnectionsCommand : CommandBase
{
public override string Command => "TcpConnections";
public override string Description => "Current TCP connections and their associated processes and services";
public override CommandGroup[] Group => new[] {CommandGroup.System};
public override CommandGroup[] Group => new[] { CommandGroup.System };
public override bool SupportRemote => false;

public TcpConnectionsCommand(Runtime runtime) : base(runtime)
Expand All @@ -27,7 +27,8 @@ public TcpConnectionsCommand(Runtime runtime) : base(runtime)
uint tableBufferSize = 0;
var tableBuffer = IntPtr.Zero;
var rowPtr = IntPtr.Zero;
var processes = new Dictionary<string, string>();
var processNames = new Dictionary<string, string>();
var processCommandLines = new Dictionary<string, string>();

WriteHost(" Local Address Foreign Address State PID Service ProcessName");

Expand All @@ -40,13 +41,10 @@ public TcpConnectionsCommand(Runtime runtime) : base(runtime)

foreach (ManagementObject Process in retObjectCollection)
{
processNames.Add(Process["ProcessId"].ToString(), Process["Name"].ToString());
if (Process["CommandLine"] != null)
{
processes.Add(Process["ProcessId"].ToString(), Process["CommandLine"].ToString());
}
else
{
processes.Add(Process["ProcessId"].ToString(), Process["Name"].ToString());
processCommandLines.Add(Process["ProcessId"].ToString(), Process["CommandLine"].ToString());
}
}

Expand Down Expand Up @@ -87,7 +85,14 @@ public TcpConnectionsCommand(Runtime runtime) : base(runtime)
string? processName = null;
try
{
processName = processes[entry.OwningPid.ToString()];
processName = processNames[entry.OwningPid.ToString()];
}
catch { }

string? processCommandLine = null;
try
{
processCommandLine = processCommandLines[entry.OwningPid.ToString()];
}
catch { }

Expand All @@ -101,8 +106,9 @@ public TcpConnectionsCommand(Runtime runtime) : base(runtime)
entry.RemotePort,
entry.State,
entry.OwningPid,
serviceName,
processName
processName,
processCommandLine,
serviceName
);
}
}
Expand All @@ -118,16 +124,17 @@ public TcpConnectionsCommand(Runtime runtime) : base(runtime)

internal class TcpConnectionsDTO : CommandDTOBase
{
public TcpConnectionsDTO(string localAddress, ushort localPort, string remoteAddress, ushort remotePort, MIB_TCP_STATE state, uint processId, string? service, string? command)
public TcpConnectionsDTO(string localAddress, ushort localPort, string remoteAddress, ushort remotePort, MIB_TCP_STATE state, uint processId, string? processName, string? processCommandLine, string? service)
{
LocalAddress = localAddress;
LocalPort = localPort;
RemoteAddress = remoteAddress;
RemotePort = remotePort;
State = state;
ProcessId = processId;
Service = service;
Command = command;
ProcessName = processName;
ProcessCommandLine = processCommandLine;
ServiceName = service;
}

public string LocalAddress { get; }
Expand All @@ -136,8 +143,9 @@ public TcpConnectionsDTO(string localAddress, ushort localPort, string remoteAdd
public ushort RemotePort { get; }
public MIB_TCP_STATE State { get; }
public uint ProcessId { get; }
public string? Service { get; }
public string? Command { get; }
public string? ProcessName { get; }
public string? ProcessCommandLine { get; }
public string? ServiceName { get; }
}

[CommandOutputType(typeof(TcpConnectionsDTO))]
Expand All @@ -152,8 +160,15 @@ public override void FormatResult(CommandBase? command, CommandDTOBase result, b
if (result != null)
{
var dto = (TcpConnectionsDTO)result;
WriteLine(" {0,-23}{1,-23}{2,-11}{3,-6}{4,-15} {5}", dto.LocalAddress + ":" + dto.LocalPort, dto.RemoteAddress + ":" + dto.RemotePort, dto.State, dto.ProcessId, dto.Service, dto.Command);
if (dto.ProcessCommandLine != null)
{
WriteLine(" {0,-23}{1,-23}{2,-11}{3,-6}{4,-15} {5}", dto.LocalAddress + ":" + dto.LocalPort, dto.RemoteAddress + ":" + dto.RemotePort, dto.State, dto.ProcessId, dto.ServiceName, dto.ProcessCommandLine);
}
else
{
WriteLine(" {0,-23}{1,-23}{2,-11}{3,-6}{4,-15} {5}", dto.LocalAddress + ":" + dto.LocalPort, dto.RemoteAddress + ":" + dto.RemotePort, dto.State, dto.ProcessId, dto.ServiceName, dto.ProcessName);
}
}
}
}
}
}
47 changes: 31 additions & 16 deletions Seatbelt/Commands/Windows/UDPConnectionsCommand.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ public UdpConnectionsCommand(Runtime runtime) : base(runtime)
uint tableBufferSize = 0;
var tableBuffer = IntPtr.Zero;
var rowPtr = IntPtr.Zero;
var processes = new Dictionary<string, string>();
var processNames = new Dictionary<string, string>();
var processCommandLines = new Dictionary<string, string>();

WriteHost(" Local Address PID Service ProcessName");

Expand All @@ -40,13 +41,10 @@ public UdpConnectionsCommand(Runtime runtime) : base(runtime)

foreach (ManagementObject Process in retObjectCollection)
{
processNames.Add(Process["ProcessId"].ToString(), Process["Name"].ToString());
if (Process["CommandLine"] != null)
{
processes.Add(Process["ProcessId"].ToString(), Process["CommandLine"].ToString());
}
else
{
processes.Add(Process["ProcessId"].ToString(), Process["Name"].ToString());
processCommandLines.Add(Process["ProcessId"].ToString(), Process["CommandLine"].ToString());
}
}

Expand All @@ -69,7 +67,7 @@ public UdpConnectionsCommand(Runtime runtime) : base(runtime)
yield break;
}

//// get the number of entries in the table
// get the number of entries in the table
var ownerModuleTable = (MIB_UDPTABLE_OWNER_MODULE)Marshal.PtrToStructure(tableBuffer, typeof(MIB_UDPTABLE_OWNER_MODULE));
rowPtr = (IntPtr)(tableBuffer.ToInt64() + Marshal.OffsetOf(typeof(MIB_UDPTABLE_OWNER_MODULE), "Table").ToInt64());
var UdpRows = new MIB_UDPROW_OWNER_MODULE[ownerModuleTable.NumEntries];
Expand All @@ -85,10 +83,17 @@ public UdpConnectionsCommand(Runtime runtime) : base(runtime)

foreach (var entry in UdpRows)
{
var processName = "";
string? processName = null;
try
{
processName = processes[entry.OwningPid.ToString()];
processName = processNames[entry.OwningPid.ToString()];
}
catch { }

string? processCommandLine = null;
try
{
processCommandLine = processCommandLines[entry.OwningPid.ToString()];
}
catch { }

Expand All @@ -98,8 +103,9 @@ public UdpConnectionsCommand(Runtime runtime) : base(runtime)
entry.LocalAddress.ToString(),
entry.LocalPort,
entry.OwningPid,
serviceName,
processName
processName,
processCommandLine,
serviceName
);
}
}
Expand All @@ -116,19 +122,21 @@ public UdpConnectionsCommand(Runtime runtime) : base(runtime)

internal class UdpConnectionsDTO : CommandDTOBase
{
public UdpConnectionsDTO(string localAddress, ushort localPort, uint processId, string? service, string processName)
public UdpConnectionsDTO(string localAddress, ushort localPort, uint processId, string? processName, string? processCommandLine, string? service)
{
LocalAddress = localAddress;
LocalPort = localPort;
ProcessId = processId;
Service = service;
ProcessName = processName;
ProcessCommandLine = processCommandLine;
ServiceName = service;
}
public string LocalAddress { get; set; }
public ushort LocalPort { get; set; }
public uint ProcessId { get; set; }
public string? Service { get; set; }
public string ProcessName { get; set; }
public string? ProcessName { get; }
public string? ProcessCommandLine { get; }
public string? ServiceName { get; }
}

[CommandOutputType(typeof(UdpConnectionsDTO))]
Expand All @@ -143,7 +151,14 @@ public override void FormatResult(CommandBase? command, CommandDTOBase result, b
if (result != null)
{
var dto = (UdpConnectionsDTO)result;
WriteLine(" {0,-23}{1,-7}{2,-23} {3}", dto.LocalAddress + ":" + dto.LocalPort, dto.ProcessId, dto.Service, dto.ProcessName);
if (dto.ProcessCommandLine != null)
{
WriteLine(" {0,-23}{1,-7}{2,-23} {3}", dto.LocalAddress + ":" + dto.LocalPort, dto.ProcessId, dto.ServiceName, dto.ProcessCommandLine);
}
else
{
WriteLine(" {0,-23}{1,-7}{2,-23} {3}", dto.LocalAddress + ":" + dto.LocalPort, dto.ProcessId, dto.ServiceName, dto.ProcessName);
}
}
}
}
Expand Down