From aedc7335986d817da92e087e5193fa9fa1b29759 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 6 Feb 2026 15:55:59 -0500 Subject: [PATCH 1/4] feat: Add a listening entry which shows which ports a process is listening to --- main.cpp | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/main.cpp b/main.cpp index 627c3f2..6cc7c1f 100644 --- a/main.cpp +++ b/main.cpp @@ -1668,6 +1668,52 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } +void FindProcessPorts(DWORD targetPid) { + // this function gets the ports that a process is listening to + // unfortunately, according to microsoft docs, this only works starting from windows xp sp2 :( + // so sorry for those of you using vanilla xp + // the docs in question: https://learn.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getextendedtcptable + + MIB_TCPTABLE_OWNER_PID* pTcpTable; + DWORD dwSize = 0; + DWORD dwRetVal = 0; + + + dwRetVal = GetExtendedTcpTable(NULL, &dwSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); + + if (dwRetVal == ERROR_INSUFFICIENT_BUFFER) { + pTcpTable = (MIB_TCPTABLE_OWNER_PID*)malloc(dwSize); + if (pTcpTable == NULL) { + std::cerr << "Error retrieving\n"; + return; + } + + + dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); + + if (dwRetVal == NO_ERROR) { + if (IsVirtualTerminalModeEnabled()) { + std::cout << "\033[1;32mListening\033[0m: " << std::endl; + } else { + std::cout << "Listening: " << std::endl; + } + for (DWORD i = 0; i < pTcpTable->dwNumEntries; i++) { + + if (pTcpTable->table[i].dwOwningPid == targetPid && pTcpTable->table[i].dwState == MIB_TCP_STATE_LISTEN) { + + u_short port = ntohs(pTcpTable->table[i].dwLocalPort); + std::cout << "\t" << port << std::endl; + } + } + } else { + std::cout << "Error retrieving:" << dwRetVal << std::endl; + } + + free(pTcpTable); + } +} + + @@ -1870,6 +1916,11 @@ std::string FRAM = ""; // fram means formatted ram, i'm so creative at var namin std::cout << "\nWhy It Exists:\n"; } PrintAncestry(pid); + + FindProcessPorts(); + + + if (IsVirtualTerminalModeEnabled()) { From e6f0a9029d611e4b87cd36a90629d8808582447e Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 6 Feb 2026 16:00:28 -0500 Subject: [PATCH 2/4] fix: Add missing header and pass pid to FindProcessPorts --- main.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 6cc7c1f..34e649b 100644 --- a/main.cpp +++ b/main.cpp @@ -22,6 +22,7 @@ #include #include #include +#include #define windows_time_to_unix_epoch(x) ((x) - 116444736000000000LL) / 10000000LL // The above macro converts Windows FILETIME to Unix epoch time in seconds. @@ -1917,7 +1918,7 @@ std::string FRAM = ""; // fram means formatted ram, i'm so creative at var namin } PrintAncestry(pid); - FindProcessPorts(); + FindProcessPorts(pid); From 90337c4f57661b59996d682b5f1a907b704520be Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 6 Feb 2026 16:23:48 -0500 Subject: [PATCH 3/4] feat: Make it look like witr --- main.cpp | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/main.cpp b/main.cpp index 34e649b..559b3c4 100644 --- a/main.cpp +++ b/main.cpp @@ -1679,35 +1679,46 @@ void FindProcessPorts(DWORD targetPid) { DWORD dwSize = 0; DWORD dwRetVal = 0; - dwRetVal = GetExtendedTcpTable(NULL, &dwSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if (dwRetVal == ERROR_INSUFFICIENT_BUFFER) { pTcpTable = (MIB_TCPTABLE_OWNER_PID*)malloc(dwSize); if (pTcpTable == NULL) { - std::cerr << "Error retrieving\n"; return; } - dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, FALSE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0); if (dwRetVal == NO_ERROR) { - if (IsVirtualTerminalModeEnabled()) { - std::cout << "\033[1;32mListening\033[0m: " << std::endl; - } else { - std::cout << "Listening: " << std::endl; - } + // Collect all listening IP:port pairs first + std::vector listening; for (DWORD i = 0; i < pTcpTable->dwNumEntries; i++) { - - if (pTcpTable->table[i].dwOwningPid == targetPid && pTcpTable->table[i].dwState == MIB_TCP_STATE_LISTEN) { - + if (pTcpTable->table[i].dwOwningPid == targetPid && + pTcpTable->table[i].dwState == MIB_TCP_STATE_LISTEN) { + struct in_addr addr; + addr.S_un.S_addr = pTcpTable->table[i].dwLocalAddr; + std::string ip = inet_ntoa(addr); u_short port = ntohs(pTcpTable->table[i].dwLocalPort); - std::cout << "\t" << port << std::endl; + listening.push_back(ip + ":" + std::to_string(port)); } } - } else { - std::cout << "Error retrieving:" << dwRetVal << std::endl; + + if (!listening.empty()) { + if (IsVirtualTerminalModeEnabled()) { + std::cout << "\033[1;32mListening\033[0m : "; + } else { + std::cout << "Listening : "; + } + + + for (size_t i = 0; i < listening.size(); i++) { + std::cout << "\t\t" << listening[i]; + if (i < listening.size() - 1) { + std::cout << ",\n"; + } + } + std::cout << std::endl; + } } free(pTcpTable); @@ -1715,9 +1726,6 @@ void FindProcessPorts(DWORD targetPid) { } - - - void PIDinspect(DWORD pid) { // ooh guys look i'm in the void std::string procName = GetProcessNameFromPid(pid); From 7d554e269fec4c793401b7aa3f146c3c1d0281b0 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 6 Feb 2026 16:27:16 -0500 Subject: [PATCH 4/4] fix: add newline after listening --- main.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.cpp b/main.cpp index 559b3c4..20a4477 100644 --- a/main.cpp +++ b/main.cpp @@ -1705,9 +1705,9 @@ void FindProcessPorts(DWORD targetPid) { if (!listening.empty()) { if (IsVirtualTerminalModeEnabled()) { - std::cout << "\033[1;32mListening\033[0m : "; + std::cout << "\033[1;32mListening\033[0m: \n"; } else { - std::cout << "Listening : "; + std::cout << "Listening: \n"; }