闲的蛋疼,写的小程序,首先感谢Sakura的帮助~
参考文献地址:GetTcpTable2的MSDN说明,其中的例子很详细,GetExtendedXXXTable虽然函数调用方式不一样但拿到的连接信息调用方式是一样的。
主要使用的API: GetTcpTable2和GetExtendedUdpTable(GetExtendedTcpTable)
#include #include #include #include #pragma comment(lib, "iphlpapi.lib") #pragma comment(lib, "ws2_32.lib") typedef unsigned int uint; typedef QMultimap INFOMAP; #define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x)) #define FREE(x) HeapFree(GetProcessHeap(), 0, (x)) bool GetProcessPort(INFOMAP& portmap) { portmap.clear(); PMIB_TCPTABLE2 pTcpTable; ULONG ulSize = 0; DWORD dwRetVal = 0; char szLocalAddr[128]; char szRemoteAddr[128]; struct in_addr IpAddr; int i; pTcpTable = (MIB_TCPTABLE2 *) MALLOC(sizeof (MIB_TCPTABLE2)); if (pTcpTable == NULL) { status=("Error allocating memoryn"); return false; } ulSize = sizeof (MIB_TCPTABLE); // Make an initial call to GetTcpTable2 to // get the necessary size into the ulSize variable if ((dwRetVal = GetTcpTable2(pTcpTable, &ulSize, TRUE)) == ERROR_INSUFFICIENT_BUFFER) { FREE(pTcpTable); pTcpTable = (MIB_TCPTABLE2 *) MALLOC(ulSize); if (pTcpTable == NULL) { status=("Error allocating memoryn"); return false; } } // Make a second call to GetTcpTable2 to get // the actual data we require if ((dwRetVal = GetTcpTable2(pTcpTable, &ulSize, TRUE)) == NO_ERROR) { printf("tNumber of entries: %dn", (int) pTcpTable->dwNumEntries); for (i = 0; i dwNumEntries; i++) { uint portnum = ntohs((u_short)pTcpTable->table[i].dwLocalPort); uint pid = pTcpTable->table[i].dwOwningPid; portmap.insert(portnum,pid); } } else { status=QString("tGetTcpTable2 failed with %1n").arg(dwRetVal); FREE(pTcpTable); return false; } if (pTcpTable != NULL) { FREE(pTcpTable); pTcpTable = NULL; } MIB_UDPTABLE_OWNER_PID* pUdpTable; pUdpTable = (MIB_UDPTABLE_OWNER_PID *) MALLOC(sizeof (MIB_UDPTABLE_OWNER_PID)); if (pUdpTable == NULL) { status=("Error allocating memoryn"); return false; } ulSize = sizeof (MIB_UDPTABLE_OWNER_PID); if ((dwRetVal = GetExtendedUdpTable(pUdpTable, &ulSize, false,AF_INET,UDP_TABLE_OWNER_PID,0)) == ERROR_INSUFFICIENT_BUFFER) { FREE(pUdpTable); pUdpTable = (MIB_UDPTABLE_OWNER_PID *) MALLOC(ulSize); if (pUdpTable == NULL) { status=("Error allocating memoryn"); return false; } } if ((dwRetVal = GetExtendedUdpTable(pUdpTable, &ulSize, false,AF_INET,UDP_TABLE_OWNER_PID,0)) == NO_ERROR) { printf("tNumber of entries: %dn", (int) pUdpTable->dwNumEntries); for (i = 0; i dwNumEntries; i++) { uint portnum = ntohs((u_short)pUdpTable->table[i].dwLocalPort); uint pid = pUdpTable->table[i].dwOwningPid; portmap.insert(portnum,pid); } } else { status=QString("tGetTcpTable2 failed with %1n").arg(dwRetVal); FREE(pUdpTable); return false; } if (pUdpTable != NULL) { FREE(pUdpTable); pUdpTable = NULL; } return true; }
最终的进程pid<->端口信息存储在portmap这个multimap里面。(我用的QT做GUI,当然QMultimap可以换成其他任何map)
关于GetExtendedXXXTable需要注意的是,这个函数有不同的table参数可以传入,根据你想获得什么样的扩展信息,其他的和GetTcpTable2基本一致。
FROM :https://blog.flanker017.me/ | Author:Flanker
相关推荐: Less-23 Error Based No Comments
这一题它在输入的时候过滤了几个字符 $reg = "/#/"; $reg1 = "/--/"; $replace = ""; $id = preg_replace($reg, $replace, $i…
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论