Skip to content

Instantly share code, notes, and snippets.

@koike koike/monitor.php
Last active Aug 17, 2017

Embed
What would you like to do?
<?php
while(true)
{
$out = null;
$netstat = exec('netstat -nao', $out, $ret);
for($i=0; $i<count($out); $i++)
{
$out[$i] = trim($out[$i]);
$out[$i] = preg_replace('/\s{2,}/', ' ', $out[$i]);
$out[$i] = explode(' ', $out[$i]);
if(count($out[$i]) == 4 && $out[$i][0] == 'UDP')
{
$pid = $out[$i][3];
$out = null;
$tasklist = exec('wmic process where "ProcessId=' . $pid . '"', $out, $ret);
if(count($out) > 1)
{
$out[1] = preg_replace('/\s{2,}/', ' ', $out[1]);
$out[1] = explode(' ', $out[1]);
if($out[1][1] != 'Win32_Process')
{
echo PHP_EOL . 'PID: ' . $pid . PHP_EOL;
echo $out[1][1] . PHP_EOL;
file_put_contents(date('Y-m-d_H-i-s') . '.json', json_encode($out[1]));
}
}
}
}
usleep(10);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.