文章作者:Akin Ocal
The Problem
In recent times , i needed code to make a small application just like Sysinternal's TCPView for Pre-XP SP2 Windows OSs. Microsoft supplies some WinAPI functions for that purpose :
http://msdn2.microsoft.com/en-us/library/aa366026.aspx
DWORD WINAPI GetTcpTable ( PMIB_TCPTABLE pTcpTable, PDWORD pdwSize, BOOL bOrder ); [/pre]
http://msdn2.microsoft.com/en-us/library/aa366917.aspx
typedef struct _MIB_TCPTABLE {DWORD dwNumEntries;MIB_TCPROW table[ANY_SIZE]; } MIB_TCPTABLE, *PMIB_TCPTABLE; [/pre]
http://msdn2.microsoft.com/en-us/library/aa366909.aspx
typedef struct _MIB_TCPROW {DWORD dwState;DWORD dwLocalAddr;DWORD dwLocalPort;DWORD dwRemoteAddr;DWORD dwRemotePort; } MIB_TCPROW, *PMIB_TCPROW; So latest structure retrieved by GetTcpTable is MIB_TCPROW and it doesn't give us process IDs per entry. [/pre]
http://msdn2.microsoft.com/EN-US/library/aa365928.aspx
DWORD GetExtentedTcpTable( PVOID pTcpTable, PDWORD pdwSize, BOOL bOrder, ULONG ulAf, TCP_TABLE_CLASS TableClass, ULONG Reserved ); [/pre]
http://msdn2.microsoft.com/EN-US/library/aa366386.aspx
typedef enum { TCP_TABLE_BASIC_LISTENER, TCP_TABLE_BASIC_CONNECTIONS, TCP_TABLE_BASIC_ALL, TCP_TABLE_OWNER_PID_LISTENER, TCP_TABLE_OWNER_PID_CONNECTIONS, TCP_TABLE_OWNER_PID_ALL, TCP_TABLE_OWNER_MODULE_LISTENER, TCP_TABLE_OWNER_MODULE_CONNECTIONS, TCP_TABLE_OWNER_MODULE_ALL }TCP_TABLE_CLASS, *PTCP_TABLE_CLASS; [/pre]
http://msdn2.microsoft.com/EN-US/library/aa366921.aspx
typedef struct {DWORD dwNumEntries;MIB_TCPROW_OWNER_PID table[ANY_SIZE]; } MIB_TCPTABLE_OWNER_PID, *PMIB_TCPTABLE_OWNER_PID; [/pre]
http://msdn2.microsoft.com/EN-US/library/aa366913.aspx
typedef struct _MIB_TCPROW_OWNER_PID {DWORD dwState;DWORD dwLocalAddr;DWORD dwLocalPort;DWORD dwRemoteAddr;DWORD dwRemotePort;DWORD dwOwningPid; } MIB_TCPROW_OWNER_PID, *PMIB_TCPROW_OWNER_PID; [/pre]We can get process IDs too with GetExtentedTcpTable function. But it works for only XP SP2 ,
Vista , Windows Server2003 SP1. So it seems MS doesnt supply a function for pre XPSP2 systems on client side.
Solution
All my searchs guided me to a source code called "portuser.cpp" written by Gary Nebbet. He is the writer of the book Windows NT/2000 Native API Reference (Paperback). You can see the book here :
http://www.amazon.com/Windows-2000-Native-API-Reference/dp/1578701996
But it was still a problem for me because i had many problems during building the code. I supply a project for VS7.0 which is ready to build. So i think this will be a solution to people who seeks for this code days and days like me. Here is my build solution :
1. Libs :
ntdll.lib DDK for XP SP1. ( You can find it in solution.)
ws2_32.lib any PSDK
psapi.lib any PSDK
2. Header files.
tdikrnl.h DDK for XP SP1 ( C:\WINDDK\2600.1106\inc\ddk\wxp )
ddk/ntddk.h DDK2000 ( The default path is C:\NTDDK\inc )
#include <windows.h> any PSDK
#include <psapi.h> any PSDK
#include <winsock2.h> any PSDK
3. Extra Project settings :
You must set code generation style as Multi-Threaded DLL .
Inside Native Code1. We get handles of transport layer drivers by ZwOpenFile.
http://msdn2.microsoft.com/en-us/library/ms804370.aspx
2. Portuser mainly uses ZwQuerySystemInformation to get handles in the system.
http://msdn2.microsoft.com/en-us/library/ms725506.aspx
3. We select handles related with TCP and UDP drivers.
4. After getting handles , we use DeviceIOContol with IOCTL IOCTL_TDI_QUERY_INFORMATION.
http://msdn2.microsoft.com/En-US/library/aa363216.aspx
Akin Ocal
| Click here to view Akin Ocal's online profile.
|
Other popular Internet & Network articles:
|
