All geek questions in one place

PID from socket number in Windows?

I need to count the number of bytes sent and received from the network by various applications. At first I thought about using LSP, but there are many applications that do not use LSP at all (like SMB). That's why I wrote a little sniffer. This application works at the IP level and collects data using recvfrom.

So, I have the address of the remote hosts, local and remote ports. This is pretty cool, but I also need to have the PID of the local socket owner. So, is there an easy way to get such a PID code? The workaround is to use GetTcpTable, GetUdpTable or AllocateAndGetUdpExTableFromStack and AllocateAndGetTcpExTableFromStack (there are many differences in these functions between 2k, XP, XP SP2 and Vista) and to search for table results, but it seems inefficient and inefficient ...

So is there any GetPIDOfSocket function? Permission can only be WinAPI (no.net), since different languages ​​can be used, for example C ++, Delphi.

+2
source share
1 answer

Sorry for what you have to say, but using GetTcpTable or AllocateAndGetTcpExTableFromStack not a workaround, it actually works with other applications like netstat. AFAIK there is no Win32 "GetPIDOfSocket" function, the only option is to poll using port table functions. But at least you can program it yourself and do not have to start the netstat process.

See the SysInternals C source code for netstatp here . There is not much there, and it's worth a look.

+2
source

Source: https://habr.com/ru/post/1389332/

More articles:


All Articles