跪求:360 进程流量监视原理,有源码最好 如题 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 看看监视网卡!学习一下API应该会有用吧 源码下载http://download.csdn.net/source/2495521或者: 以下的代码的原作是opensource的一个叫sniffer.net的,用vb.net写的,这里只是简单的用c#翻译了一下,暂时还只能监控所有数据包,不能监控某一个进程的数据包,代码如下:using System;using System.Text;using System.Net;using System.Net.Sockets;using System.Runtime.InteropServices;namespace UpdateTester{ /**//// <summary> /// Monitor 的摘要说明。 /// </summary> public class Monitor { public delegate void NewPacketEventHandler(Monitor m, Packet p); public event NewPacketEventHandler NewPacket; private Socket m_Monitor; private IPAddress m_Ip; private byte[] m_Buffer = new byte[65535]; private const System.Int32 IOC_VENDOR = 0x18000000; private const int IOC_IN = -2147483648; private const int SIO_RCVALL = IOC_IN ^ IOC_VENDOR ^ 1; private const int SECURITY_BUILTIN_DOMAIN_RID = 0x20; private const int DOMAIN_ALIAS_RID_ADMINS = 0x220; public System.Net.IPAddress IP { get { return m_Ip; } } public byte[] Buffer { get { return m_Buffer; } } public Monitor() { // // TODO: 在此处添加构造函数逻辑 // } public Monitor(IPAddress IpAddress) { if (!(Environment.OSVersion.Platform == PlatformID.Win32NT) && Environment.OSVersion.Version.Major<5) { throw new NotSupportedException("This program requires Windows 2000, Windows XP or Windows .NET Server!"); } m_Ip = IpAddress; } public void Start() { if (m_Monitor==null) { try { m_Monitor = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP); m_Monitor.Bind(new IPEndPoint(IP, 0)); m_Monitor.IOControl(SIO_RCVALL, BitConverter.GetBytes(1), null); m_Monitor.BeginReceive(m_Buffer, 0, m_Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null); } catch (Exception e) { m_Monitor = null; throw new SocketException(); } } } public void Stop() { if (m_Monitor!=null) { m_Monitor.Close(); } m_Monitor = null; } public void OnReceive(System.IAsyncResult ar) { try { int received = m_Monitor.EndReceive(ar); try { if (m_Monitor!=null) { byte[] pkt = new byte[received]; Array.Copy(Buffer, 0, pkt, 0, received); OnNewPacket(new Packet(pkt, DateTime.Now)); } } catch(Exception e) { throw; } m_Monitor.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null); } catch (Exception e) { } } protected void OnNewPacket(Packet p) { NewPacket(this, p); } }}using System;using System.Text;using System.Net;using System.Net.Sockets;namespace UpdateTester{ public enum Precedence { Routine = 0, Priority = 1, Immediate = 2, Flash = 3, FlashOverride = 4, CRITICECP = 5, InternetworkControl = 6, NetworkControl = 7 } public enum Delay { NormalDelay = 0, LowDelay = 1 } public enum Throughput { NormalThroughput = 0, HighThroughput = 1 } public enum Reliability { NormalReliability = 0, HighReliability = 1 } public enum Protocol { Ggp = 3, Icmp = 1, Idp = 22, Igmp = 2, IP = 4, ND = 77, Pup = 12, Tcp = 6, Udp = 17, Other = -1 } /**//// <summary> /// Packet 的摘要说明。 /// </summary> public class Packet { private byte[] m_Raw; private DateTime m_Time; private int m_Version; private int m_HeaderLength; private Precedence m_Precedence; private Delay m_Delay; private Throughput m_Throughput; private Reliability m_Reliability; private int m_TotalLength; private int m_Identification; private int m_TimeToLive; private Protocol m_Protocol; private byte[] m_Checksum; private string m_SourceAddress; private string m_DestinationAddress; private int m_SourcePort; private int m_DestinationPort; public Packet() { // // TODO: 在此处添加构造函数逻辑 // } // // public Packet(byte[] raw):(byte[] raw, DateTime time) // { // Packet(raw, DateTime.Now); // } public Packet(byte[] raw, DateTime time) { if (raw==null) { throw new ArgumentNullException(); } if (raw.Length<20) { throw new ArgumentException(); } this.m_Raw = raw; this.m_Time = time; this.m_HeaderLength = (raw[0] & 0xF) * 4; if ((raw[0] & 0xF) < 5) {throw new ArgumentException();} this.m_Precedence = (Precedence)((raw[1] & 0xE0) >> 5); this.m_Delay = (Delay)((raw[1] & 0x10) >> 4); this.m_Throughput = (Throughput)((raw[1] & 0x8) >> 3); this.m_Reliability = (Reliability)((raw[1] & 0x4) >> 2); this.m_TotalLength = raw[2] * 256 + raw[3]; if ( ! (this.m_TotalLength == raw.Length)) { throw new ArgumentException();} // invalid size of packet; this.m_Identification = raw[4] * 256 + raw[5]; this.m_TimeToLive = raw[8]; m_Protocol = (Protocol)raw[Array]; m_Checksum = new byte[2]; m_Checksum[0] = raw[11]; m_Checksum[1] = raw[10]; try { m_SourceAddress = GetIPAddress(raw, 12); m_DestinationAddress = GetIPAddress(raw, 16); } catch (Exception e) { throw; } if (m_Protocol == Protocol.Tcp || m_Protocol == Protocol.Udp) { m_SourcePort = raw[m_HeaderLength] * 256 + raw[m_HeaderLength + 1]; m_DestinationPort = raw[m_HeaderLength + 2] * 256 + raw[m_HeaderLength + 3]; } else { m_SourcePort = -1; m_DestinationPort = -1; } } public string GetIPAddress(byte[] bArray, int nStart) { byte[] tmp = new byte[4]; if (bArray.Length > nStart + 2) { tmp[0] = bArray[nStart]; tmp[1] = bArray[nStart + 1]; tmp[2] = bArray[nStart + 2]; tmp[3] = bArray[nStart + 3]; } return tmp[0] + "." + tmp[1] + "." + tmp[2] + "." + tmp[3]; } public int TotalLength { get { return m_TotalLength; } } public DateTime Time { get { return this.m_Time; } } public Protocol Protocol { get { return this.m_Protocol; } } public string SourceAddress { get { return this.m_SourceAddress; } } public string Source { get { if ( m_SourcePort != -1 ) { return SourceAddress.ToString() + ":" + m_SourcePort.ToString(); } else { return SourceAddress.ToString(); } } } public string Destination { get { if (this.m_DestinationPort != -1) { return DestinationAddress.ToString() + ":" + m_DestinationPort.ToString(); } else { return DestinationAddress.ToString(); } } } public string DestinationAddress { get { return m_DestinationAddress; } } }} 在主程序里private Monitor[] m_PacketMonitors; private ArrayList m_Packets; private System.Windows.Forms.StatusBar statusBar1; private int m_PacketsSize;执行方法中private void StartMonitor() { IPAddress[] hosts = Dns.Resolve(Dns.GetHostName()).AddressList; if (hosts.Length == 0) { throw new NotSupportedException("This computer does not have non-loopback interfaces installed!");} for (int i=0; i<hosts.Length; i++) { } m_PacketMonitors = new Monitor[1]; m_Packets = new ArrayList(); m_PacketMonitors[0] = new Monitor(hosts[0]);// 添加代理,每次有新的packet到时都出发下面哪个动作 m_PacketMonitors[0].NewPacket+=new Monitor.NewPacketEventHandler(this.OnNewPacket); m_PacketMonitors[0].Start(); }// 这个方法用于把packet显示到一个地方private void OnNewPacket(Monitor m, Packet p) { m_Packets.Add(p); m_PacketsSize += p.TotalLength; try { txtLog.Text += p.Time.ToString()+p.Protocol.ToString()+p.Source.ToString()+p.Destination.ToString()+p.TotalLength.ToString(); } catch (Exception e) { MessageBox.Show(e.Message); } statusBar1.Text = String.Format("Intercepted {0} packet(s) [{1} bytes]", m_Packets.Count, m_PacketsSize); } Process[] pl = Process.GetProcesses();//可获得本机进程列表(PID) 要素:进程名称,进程IDnetstat -ano 可获得要素:进程ID,端口,协议类型 // 运行端口检查命令 pro.StandardInput.WriteLine("netstat -ano"); pro.StandardInput.WriteLine("exit"); // 获取结果 string pstr = @"^\s*(?<ProtocolName>.*?)\s+\d+\.\d+\.\d+\.\d+:(?<Port>\d+).*?(?<PId>\d+)\s*$";http://topic.csdn.net/u/20101018/08/596d7688-cc6b-46a9-83b1-e7e7834c37c0.html 洗牌程序,不大明白,请高手每句加上注释,详细点的。 C# access求助 搜了半天没搞定,基于套接字发送 哪位兄台有YogiCommon.dll源码 C# 操作 Excel 作图 请教如何用C#创建Windows服务程序 c# 有关文本,图片,文件(txt,office文档)等在sqlserver的存储问题? C#通过Excel遍历XLS文件每一行 关于初始化的一个问题 c#如何向已有网站输入框发送一段文字 C# 结构体初始化赋值,谁懂? winform 导出 Excel合并单元格问题
http://download.csdn.net/source/2495521
或者
: 以下的代码的原作是opensource的一个叫sniffer.net的,用vb.net写的,这里只是简单的用c#翻译了一下,暂时还只能监控所有数据包,不能监控某一个进程的数据包,代码如下:
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Runtime.InteropServices;
namespace UpdateTester
{
/**//// <summary>
/// Monitor 的摘要说明。
/// </summary>
public class Monitor
{
public delegate void NewPacketEventHandler(Monitor m, Packet p);
public event NewPacketEventHandler NewPacket;
private Socket m_Monitor;
private IPAddress m_Ip;
private byte[] m_Buffer = new byte[65535];
private const System.Int32 IOC_VENDOR = 0x18000000;
private const int IOC_IN = -2147483648;
private const int SIO_RCVALL = IOC_IN ^ IOC_VENDOR ^ 1;
private const int SECURITY_BUILTIN_DOMAIN_RID = 0x20;
private const int DOMAIN_ALIAS_RID_ADMINS = 0x220; public System.Net.IPAddress IP
{
get { return m_Ip; }
} public byte[] Buffer
{
get { return m_Buffer; }
} public Monitor()
{
//
// TODO: 在此处添加构造函数逻辑
//
} public Monitor(IPAddress IpAddress)
{
if (!(Environment.OSVersion.Platform == PlatformID.Win32NT) && Environment.OSVersion.Version.Major<5)
{
throw new NotSupportedException("This program requires Windows 2000, Windows XP or Windows .NET Server!");
}
m_Ip = IpAddress;
} public void Start()
{
if (m_Monitor==null)
{
try
{
m_Monitor = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
m_Monitor.Bind(new IPEndPoint(IP, 0));
m_Monitor.IOControl(SIO_RCVALL, BitConverter.GetBytes(1), null);
m_Monitor.BeginReceive(m_Buffer, 0, m_Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
}
catch (Exception e)
{
m_Monitor = null;
throw new SocketException();
}
}
} public void Stop()
{
if (m_Monitor!=null)
{
m_Monitor.Close();
}
m_Monitor = null;
} public void OnReceive(System.IAsyncResult ar)
{
try
{
int received = m_Monitor.EndReceive(ar); try
{
if (m_Monitor!=null)
{
byte[] pkt = new byte[received];
Array.Copy(Buffer, 0, pkt, 0, received);
OnNewPacket(new Packet(pkt, DateTime.Now));
}
}
catch(Exception e)
{
throw;
} m_Monitor.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, new AsyncCallback(OnReceive), null);
}
catch (Exception e)
{ }
} protected void OnNewPacket(Packet p)
{
NewPacket(this, p);
}
}
}
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;namespace UpdateTester
{ public enum Precedence
{
Routine = 0,
Priority = 1,
Immediate = 2,
Flash = 3,
FlashOverride = 4,
CRITICECP = 5,
InternetworkControl = 6,
NetworkControl = 7
} public enum Delay
{
NormalDelay = 0,
LowDelay = 1
} public enum Throughput
{
NormalThroughput = 0,
HighThroughput = 1
} public enum Reliability
{
NormalReliability = 0,
HighReliability = 1
} public enum Protocol
{
Ggp = 3,
Icmp = 1,
Idp = 22,
Igmp = 2,
IP = 4,
ND = 77,
Pup = 12,
Tcp = 6,
Udp = 17,
Other = -1
}
/**//// <summary>
/// Packet 的摘要说明。
/// </summary>
public class Packet
{ private byte[] m_Raw;
private DateTime m_Time;
private int m_Version;
private int m_HeaderLength;
private Precedence m_Precedence;
private Delay m_Delay;
private Throughput m_Throughput;
private Reliability m_Reliability;
private int m_TotalLength;
private int m_Identification;
private int m_TimeToLive;
private Protocol m_Protocol;
private byte[] m_Checksum;
private string m_SourceAddress;
private string m_DestinationAddress;
private int m_SourcePort;
private int m_DestinationPort; public Packet()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
//
// public Packet(byte[] raw):(byte[] raw, DateTime time)
// {
// Packet(raw, DateTime.Now);
// } public Packet(byte[] raw, DateTime time)
{
if (raw==null)
{
throw new ArgumentNullException();
}
if (raw.Length<20)
{
throw new ArgumentException();
} this.m_Raw = raw;
this.m_Time = time;
this.m_HeaderLength = (raw[0] & 0xF) * 4;
if ((raw[0] & 0xF) < 5) {throw new ArgumentException();}
this.m_Precedence = (Precedence)((raw[1] & 0xE0) >> 5);
this.m_Delay = (Delay)((raw[1] & 0x10) >> 4);
this.m_Throughput = (Throughput)((raw[1] & 0x8) >> 3);
this.m_Reliability = (Reliability)((raw[1] & 0x4) >> 2);
this.m_TotalLength = raw[2] * 256 + raw[3];
if ( ! (this.m_TotalLength == raw.Length)) { throw new ArgumentException();} // invalid size of packet;
this.m_Identification = raw[4] * 256 + raw[5];
this.m_TimeToLive = raw[8]; m_Protocol = (Protocol)raw[Array]; m_Checksum = new byte[2];
m_Checksum[0] = raw[11];
m_Checksum[1] = raw[10]; try
{
m_SourceAddress = GetIPAddress(raw, 12);
m_DestinationAddress = GetIPAddress(raw, 16);
}
catch (Exception e)
{
throw;
} if (m_Protocol == Protocol.Tcp || m_Protocol == Protocol.Udp)
{
m_SourcePort = raw[m_HeaderLength] * 256 + raw[m_HeaderLength + 1];
m_DestinationPort = raw[m_HeaderLength + 2] * 256 + raw[m_HeaderLength + 3];
}
else
{
m_SourcePort = -1;
m_DestinationPort = -1;
}
} public string GetIPAddress(byte[] bArray, int nStart)
{
byte[] tmp = new byte[4]; if (bArray.Length > nStart + 2)
{
tmp[0] = bArray[nStart];
tmp[1] = bArray[nStart + 1];
tmp[2] = bArray[nStart + 2];
tmp[3] = bArray[nStart + 3];
} return tmp[0] + "." + tmp[1] + "." + tmp[2] + "." + tmp[3];
} public int TotalLength
{
get { return m_TotalLength; }
} public DateTime Time
{
get { return this.m_Time; }
} public Protocol Protocol
{
get { return this.m_Protocol; }
} public string SourceAddress
{
get { return this.m_SourceAddress; }
} public string Source
{
get
{
if ( m_SourcePort != -1 )
{
return SourceAddress.ToString() + ":" + m_SourcePort.ToString();
}
else
{
return SourceAddress.ToString();
}
}
} public string Destination
{
get
{
if (this.m_DestinationPort != -1)
{
return DestinationAddress.ToString() + ":" + m_DestinationPort.ToString();
}
else
{
return DestinationAddress.ToString();
}
}
} public string DestinationAddress
{ get
{
return m_DestinationAddress;
}
}
}
} 在主程序里
private Monitor[] m_PacketMonitors;
private ArrayList m_Packets;
private System.Windows.Forms.StatusBar statusBar1;
private int m_PacketsSize;执行方法中
private void StartMonitor()
{
IPAddress[] hosts = Dns.Resolve(Dns.GetHostName()).AddressList; if (hosts.Length == 0) { throw new NotSupportedException("This computer does not have non-loopback interfaces installed!");}
for (int i=0; i<hosts.Length; i++)
{
} m_PacketMonitors = new Monitor[1];
m_Packets = new ArrayList();
m_PacketMonitors[0] = new Monitor(hosts[0]);// 添加代理,每次有新的packet到时都出发下面哪个动作
m_PacketMonitors[0].NewPacket+=new Monitor.NewPacketEventHandler(this.OnNewPacket);
m_PacketMonitors[0].Start();
}// 这个方法用于把packet显示到一个地方private void OnNewPacket(Monitor m, Packet p)
{
m_Packets.Add(p);
m_PacketsSize += p.TotalLength;
try
{
txtLog.Text += p.Time.ToString()+p.Protocol.ToString()+p.Source.ToString()+p.Destination.ToString()+p.TotalLength.ToString();
}
catch (Exception e)
{
MessageBox.Show(e.Message);
} statusBar1.Text = String.Format("Intercepted {0} packet(s) [{1} bytes]", m_Packets.Count, m_PacketsSize);
}
pro.StandardInput.WriteLine("netstat -ano");
pro.StandardInput.WriteLine("exit");
// 获取结果
string pstr = @"^\s*(?<ProtocolName>.*?)\s+\d+\.\d+\.\d+\.\d+:(?<Port>\d+).*?(?<PId>\d+)\s*$";
http://topic.csdn.net/u/20101018/08/596d7688-cc6b-46a9-83b1-e7e7834c37c0.html