在WindowsXP/2003下查看端口对应的进程(16) 5.2.3790.0 shp 0x76e70000 WLDAP32.dll 5.2.3790.0 shp 0x76ee0000 rasadhlp.dll 5.2.3790.0 shp 0x699b0000 esent.dll 5.2.3790.0 shp 0x5d000000 SAMLIB.dll2001.12.4720.130 s 0x76ef0000 CLBCatQ.DLL2001.12.4720.0 shp 0x76f70000 COMRes.dll 5.2.3790.0 shp 0x77b60000 VERSION.dll2001.12.4720.130 s 0x76a10000 es.dll 5.2.3790.0 shp 0x76eb0000 secur32.dll 16.0.0.19 shp 0x06000000 ApiHook.dll 16.2.0.6 shp 0x05000000 MemMon.dll很显然CmdLine:后面的就是程序的路径//----------------------------------------------------到这里,聪明的你一定想到方法了,其实只要找到端口对应的进程的PID,再根据PID找到程序具体的路径就行了我们所要实现的工作就是自动化而已下面讲下大体思路:首先我们执行以下两条命令:netstat -anofind "LISTENING">tcplisten.txt //获得TCP监听端口列表netstat -anofind "UDP">udplisten.txt //获得UDP监听端口列表//---------------------------------------------------------以下是netstat -anofind "LISTENING">tcplisten.txt执行结果,打开tcplisten.txt 可以看到: TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 1524 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1616 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 660
