|
Hi,
I like to know how to block or allow the packets so that it can act as a firewall.
Kindly help me.
Thanks and Regards
VSS
|
|
|
|
|
In windows 2k, xp, 2003, we can do this work easy, by using NTDDK
But in win98, this method is not ok.
I know have one way, but i havn't found solution (source code)
if u have, please show me!
Thanks very much!
|
|
|
|
|
Hmmm ... win98 ? ... I would like to know that too. You know what? Probably you can find some info regarding this issue on: http://rootkit.host.sk/ (see Open Ports) or http://www.rootkit.com/index.php
Good luck,
y0d4
"A pint of sweat, saves a gallon of blood."
- General George S. Patton (1885-1945)
|
|
|
|
|
I found JiurlPortHide
This program is good, but it's only for WinNT family, because it uses NTDDK (include ntdll.h in source), not for win98.
I'm researching solution by using LSP (Winsock 2 Layered Service Provider).
if u know more, please show me.
Thanks!
|
|
|
|
|
Hi,
I'm wondering why all items in sniff menu are grayed.
How activate it?
Friedhelm
|
|
|
|
|
Hi,
You can activate it only programmatically. This feature is not released because is not working properly and hence it uses raw sock which is not supported by default in xp sp2.
It was left as an open feature.
"A pint of sweat, saves a gallon of blood."
- General George S. Patton (1885-1945)
|
|
|
|
|
Hi i am wondering how to be notified
immediately that the connection to internet has been lost.
EG cable unplugged within IsNewConnection
|
|
|
|
|
well you can add in full path instead of just showing which exe is running Just an idea
|
|
|
|
|
I must list process and port on win98, you can show me how to do that?
Thanks very much!
|
|
|
|
|
In the Source Zip File EnetstatX_src.zip (65.079 Bytes) is not a path /res with *.bmp and *.ico files. Please can you update?
thanks
|
|
|
|
|
oops ... you can find it in the other location http://www.codeproject.com/internet/EnetstatX/EnetstatX_demo.zip
"A pint of sweat, saves a gallon of blood."
- General George S. Patton (1885-1945)
|
|
|
|
|
Gathering TCP & UDP connection:
AllocateAndGetTcpExTableFromStack is supported beginning with nt kernel version 5.x as follow:
-> winxp-5.1.2600-sp1
-> w2k3server-5.2-3790, "http://24.229.94.2/tables/exports/iphlpapi_exports.html[^]"
If you would like to run EnetstatX on win2000 you should replace:
AllocateAndGetTcpExTableFromStack with AllocateAndGetTcpTableFromStack e.q. GetTcpTable. The drawback is "no pid - process id for * tcp connection" ;(
&
AllocateAndGetUdpExTableFromStack with AllocateAndGetUdpTableFromStack e.q. GetUdpTable. The drawback is "no pid - process id for * udp connection" ;(
In this chapter we can have a different approach given by:
http://rootkit.host.sk/knowhow/hidingen.txt[^]-> 10 Ports
-> 10.1 Netstat, OpPorts on WinXP, FPort on WinXP
-> 10.2 OpPorts on Win2k and NT4, FPort on Win2k
___________________________________________________________________________________________
Packet filtering:
PfCreateInterface, PfAddFiltersToInterface,PfBindInterfaceToIPAddress, ... are supported for:
-> winme-4.90.3000
-> win2k-sp1-5.00.2195
-> winxp-5.1.2600-sp1
-> w2k3server-5.2-3790, "http://24.229.94.2/tables/exports/iphlpapi_exports.html[^]"
___________________________________________________________________________________________
Process Icon:
Replace GetProcessImageFileName which is only available in XP with
EnumProcessModules & GetModuleFileNameEx, http://www.codeproject.com/useritems/EnetstatX.asp?msg=846777#xx846777xx[^], thanks to Gabriel 2
"A pint of sweat, saves a gallon of blood."
- General George S. Patton (1885-1945)
|
|
|
|
|
Hi y0da
great work, changes got the program to come up with some errors:
in: DWORD CTCPTable::GetTableEx(void)
Module:
File: i386\chkesp.c
line: 42
the value of esp was not properly saved across a function call. this is usually a result of a function declared with one calling convention with a function pointer declared with a different calling convention.
if you keep pressing the igonre, the application will come up, but
|
|
|
|
|
I have the same issue with my application. If someone has a solution, please post.
Thanks!
|
|
|
|
|
Hi y0da,
Thank you for the quick answer of my "/res Problem". I believe many of us have Win2k. It was very nice, if you can make a Version for WinXp or/and Win2k.
Best regards NielsR
|
|
|
|
|
The function "AllocateAndGetTcoTableFromStack" can only get PMIB_TCPTABLE, not PMIB_TCPTABLE_EX, so we can't get the process info related with the tcp port on Win2k using this method. Simply replace AllocateAndGetTcpExTableFromStack with AllocateAndGetTcpTableFromStack will not work , you should change the type of variant m_pBuffTcpTableEx from PMIB_TCPTABLE_EX to PMIB_TCPTABLE, All MIB_TCPROW_EX to MIB_TCPROW etc. But you can't get the processid info however. So i think it is nonsense to change the codes to run on Win2k. If you want get the result as this program on WinXP, you can use the method of FPort used. The source code of FPort can be finded by the link http://www.cnzz.cn/downloadsoft/1902/7.aspx.
|
|
|
|
|
Hi...
I'm trying to download this software but i have an error, can you email it to me please?
silence at sdf dot lonestar dot org.
Thans for this reply and thanks for your post.
Byron H.
|
|
|
|
|
GPF's in:
TCPTable.cpp
if (CBase::m_hModuleTcp != NULL)
{
//gathering info
(CBase::m_pGetTcpTableEx) ( &m_pBuffTcpTableEx,
TRUE, //sorted list
GetProcessHeap(),
0,
2);
}
anyone solve this issue ???, stumped to where he initialized pGetTcpTableEx
TIA
Johnny
|
|
|
|
|
I tried compiling this program but got an error right off the bat. The compiler can't find FilterDefs.h. I do have an October 2001 SDK (about when my MSDN ran out) installed with VC6 (plus the latest service pack). Do I need something newer?
So then I tried running just the release version and got an error that the procedure entry point GetProcessImageFileNameA could not be located in PSAPI.DLL. Reading one of the posts below, it appears to be because I am running Win2K. I would like to apply the mod suggested in the message but can't compile as noted above.
Any ideas on how to procede?
Thanks,
Paul
|
|
|
|
|
I solved my problem by just commenting out that #include directive. I also needed to add enum eDirection { in, out } to get it to compile. I applied the fix from the message below regarding the alternate GetProcessImageFileName approach and the program can (almost) start up. I get a crash in CTCPTable::GetTableEx because although m_hModuleTcp is valid, m_pGetTcpTableEx is NULL. I guess when you stated that only WinXP is supported, you meant it. Any suggestions on how to get this to work on Windows 2000?
|
|
|
|
|
FilterDefs.h is included in the "/extern/include" directory of the
EnetstatX_demo.zip file.
You can add the directory to the include directory: tools -> options -> directories -> include files. For example:
C:\...The project folder...\EXTERN\INCLUDES
Anyway, the project crashes when started. Tell me if you find the bug.
|
|
|
|
|
I think the right way is (blind translation from german VS):
project settings
c/c++
preprocessor
additional include folder
extern\includes
Friedhelm
|
|
|
|
|
|
Great code, got my 5.
Here are some bug fixes:
---------------------------------------------------------------
1 - Source Code of the demo hangs when compiled.
When CENetStatXDlg::InitListAll() is called, m_pBuffTcpTableEx contains NULL, but it's used.
I can't find where you are initializing it.
---------------------------------------------------------------
2 - You are using GetProcessImageFileName which is only available in XP (not a bug).
It could be replaced by a call to:
EnumProcessModules + GetModuleFileNameEx
to make it compatible with Windows 2000.
--------------------- Here's the code -------------------------
HMODULE hModule;
DWORD dwSize;
bRet = EnumProcessModules(hProc, &hModule, sizeof(hModule), &dwSize);
GetModuleFileNameEx (hProc, hModule, sFileName, sizeof (sFileName));
|
|
|
|
|
This program run well on w2003, and I tested on W2k
I repaire code same to yours but it still have error, the code is repaired following:
/* ::GetProcessImageFileName(
hndProc,
buffPath,
MAX_PATH);
*/
HMODULE hModule;
DWORD dwSize;
BOOL bRet = ::EnumProcessModules(hndProc, &hModule, sizeof(hModule), &dwSize);
::GetModuleFileNameEx (hndProc, hModule, buffPath, MAX_PATH);
- and error occur in function:
void CENetStatXDlg::InitCriticalSection(void)
with error: "The instruction at 0x0000000..."
Have you got a answer please!!!
|
|
|
|