My internet tools

I have written two small tools to diagnose internet problems. One (EnumProcess) enumerates all running processes and tries to find out if one or more of them are firewall processes. If you have informations about firewall processes send me a message. The other (wdnslookup) simply calls the internet name resolution  and times the call. Then it prints all the ip addresses it got together with the canonical name and the time it took resp. the exact error message. It is similar to the nslookup tool but it provides a GUI for easy use.
If you have any questions you can find me at MozillaZine forums as user trolly.

System requirements

Both tools should run under WindowsXP, Windows2000 and Windows Vista. Compatibility with Windows 9X is not guaranteed.

Description

EnumProcess

EnumProcess

Elements

Use PSAPI Use the PSAPI interface. *
Use Toolhelp Use the Toolhelp interface. *
Number of processes The number of processes enumerated
Show PID Shows the process identifier. Useful if you want to know which process has started another one.
Show Parent PID Show the PID of the parent process. Useful if you want to know which process has started another one.
Versioninfo Tries to read the version info from the process. Useful to determine who is the provider of the process/program.
List processes Enumerates all running processes and tries to find firewall related processes which are shown in red. The entry for its own process is shown in green.
HTML/TikiWiki/BBCode/Plain Use formatting for forum posts
Copy all to Clipboard Copies the list of the entries to the clipboard. The color information is copied in respect of the format buttons.
Exit Terminates.

* PSAPI and Toolhelp are two different interfaces to the process handling in Windows. The interfaces return different informations about the running processes. If you try both possibilities you will see some differences about the processes.

The available modes are following:
Simple Print only a summary about known processes and services
Processes only Prints a list of all processes and marks known ones.
Processes and Services Same as above but prints the services for a process
Services only Prints a list of running services (mainly a diagnostics mode)

Currently recognized firewalls

Manufacturer Process name
lmgui.exe BitDefender
bdswitch.exe BitDefender 8
vsserv.exe BitDefender 9
blackd.exe BlackICE
cfp.exe Comodo
blinksvc.exe eEye Digital Security
ca.exe ezTrust
fsdfwd.exe F-Secure
igdctrl.exe Fritz!dsl Firewall
fwebprot.exe Fritz!dsl Firewall
kasvc.exe Kaspersky
kavpf.exe Kaspersky Anti-Hacker
kpfss.exe Kerio
persfw.exe Kerio/Tiny Personal Firewall
mpfagent.exe McAfee
npfsvc32.exe Norman Personal Firewall
issvc.exe Norton Internet Security
nisserv.exe Norton Internet Security 2002
nscsrvce.exe Norton Internet Security 2006
nSvcIp.exe NVidia
nSvcAppFlt.exe NVidia
oasrv.exe Online Armor
outpost.exe Outpost
pavfires.exe Panda Anti-Virus Firewall
fwservice.exe PC Tools
firewall.exe PCSecurityShield/BitGuard Personal Firewall
scfservice.exe Sophos
smc.exe Sygate/Symantec
tmpfw.exe Trend Micro
ofcpfwsvc.exe Trend Micro
vsmon.exe ZoneAlarm

Additionally it knows a few services including the notorious Norton/Symantec kernel service "SYMTDI". It is not associated with a process so it is not recognized if only processes are scanned.

Current version is 1.1.3.

If you have informations about firewall processes please tell me.

Back to top

wdnslookup

wdnslookup

Elements

Host name The name to resolve. You can use an URL here because the program tries to remove any pre-  and postfixes. This is a combo box which holds previously tried names.
IPv4 only Use only the "current" IPv4 protocol for resolution
IPv6 only Use only the "new" IPv6 protocol for resolution
Resolve Resolve the name
Clear cache Calls "ipconfig /flushdns" to clear the local dns cache.  This function is independant of the name resolution function.
Copy last IP Copies the last IP address in the form "http://xx.xx.xx.xx/" to the clipboard.
Ping Performs five pings to the given address.
TraceRT Performs a traceroute command to the given address. Depending on the responsiveness of the routers it may take a long time.
Results Here the name tried, the returned ip addresses, the canonical name and the time it took to resolve it is shown. In case of an error the exact error code and message is displayed. See below for more information.
OK Terminate

What the result tells you

Name: "www.google.de"
Addr (IPv4): 209.85.129.147
Canonical name: "www.l.google.com"
Addr (IPv4): 209.85.129.104
Addr (IPv4): 209.85.129.99
Time: 2069.332 ms


Name The name that was sent to the name resolution
Addr The returned address(es). IPv4 means a "normal" IPv4 address, IPv6 is a "new" IPv6 address. I do not have encountered an IPv6 address up to now. As you see a name can have several ip addresses.
Canonical name I guess that is the registered name of the server which belongs to the ip address(es).
Time The time it took from submitting the request until the function returns. Short times below a single milliseconds or a low  single digit value indicates that the result is taken from the local dns cache. A result of several milliseconds indicate that the result is taken from the first dns server of your ISP. Larger times indicates that the global domain servers must be asked. The example above shows that case.

Name: "www.google.dcz"
Error: No such host is known.  (11001)
Time: 2506.927 ms

This is an example of a failed resolution.  The error tells you that none of the asked servers know that name. The complete process took approximately 2.5 seconds.

Back to top

Download the binaries  here:
EnumProcess 1.2.1
EnumProcess 1.2.1 64 Bit (Windows7)
wdnslookup

Source code:
EnumProcess
wdnslookup