使用的函数和结构体:
typedef struct _MIB_UDPROW_OWNER_MODULE {
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwOwningPid;
LARGE_INTEGER liCreateTimestamp;
union {
struct { int SpecificPortBind :1; };
int dwFlags; };
ULONGLONG OwningModuleInfo[TCPIP_OWNING_MODULE_SIZE];//还没有公布的数据
} MIB_UDPROW_OWNER_MODULE, *PMIB_UDPRPW_OWNER_MODULE;
typedef struct _MIB_UDPTABLE_OWNER_MODULE {
DWORD dwNumEntries; MIB_UDPROW_OWNER_MODULE 结构的个数
MIB_UDPROW_OWNER_MODULE table[ANY_SIZE];
} MIB_UDPTABLE_OWNER_MODULE, *PMIB_UDPTABLE_OWNER_MODULE;
typedef struct _MIB_TCPROW_OWNER_PID {
DWORD dwState; //连接状态
DWORD dwLocalAddr; //本地计算机地址
DWORD dwLocalPort; //本地计算机端口
DWORD dwRemoteAddr; //远程计算机地址
DWORD dwRemotePort; //远程计算机端口
DWORD dwOwningPid;//进程ID
} MIB_TCPROW_OWNER_PID, *PMIB_TCPROW_OWNER_PID;
typedef struct {
DWORD dwNumEntries;
MIB_TCPROW_OWNER_PID table[ANY_SIZE];
} MIB_TCPTABLE_OWNER_PID, *PMIB_TCPTABLE_OWNER_PID;
DWORD GetExtendedUdpTable(
__out PVOID pUdpTable,//返回查询结构体指针
__in_out PDWORD pdwSize,//估计结构体大小
__in BOOL bOrder,//是否排序
__in ULONG ulAf,//是AF_INET还是AF_INET6
__in UDP_TABLE_CLASS TableClass,//返回结构体的种类
__in ULONG Reserved//保留值
);
DWORD GetExtendedTcpTable(
__out PVOID pTcpTable,
__in_out PDWORD pdwSize,//大小
__in BOOL bOrder,
__in ULONG ulAf,
__in TCP_TABLE_CLASS TableClass,
__in ULONG Reserved
);
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
#include <Iphlpapi.h>
#include<time.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib,"Iphlpapi.lib")
#define HOSTNAMELEN 256
#define PORTNAMELEN 256
#define ADDRESSLEN HOSTNAMELEN+PORTNAMELEN
#define FLAG_ALL_ENDPOINTS 1
#define FLAG_SHOW_NUMBERS 2
typedef struct {
DWORD dwNumEntries;
MIB_TCPROW_OWNER_MODULE table[100];
} D_MIB_TCPTABLE_OWNER_MODULE, *D_PMIB_TCPTABLE_OWNER_MODULE;
typedef struct {
DWORD dwNumEntries;
MIB_UDPROW_OWNER_MODULE table[100];
} D_MIB_UDPTABLE_OWNER_MODULE, *D_PMIB_UDPTABLE_OWNER_MODULE;
static char TcpState[][32] = {
"???",
"CLOSED",
"LISTENING",
"SYN_SENT",
"SYN_RCVD",
"ESTABLISHED",
"FIN_WAIT1",
"FIN_WAIT2",
"CLOSE_WAIT",
"CLOSING",
"LAST_ACK",
"TIME_WAIT",
"DELETE_TCB"
};
PCHAR GetPort(unsigned int port, char* pPort)
{
wsprintf(pPort, "%d", htons( (WORD) port));
return pPort;
}
PCHAR GetIp(unsigned int ipaddr, char* pIP)
{
in_addr nipaddr;
nipaddr.S_un.S_addr= ipaddr;
strcpy(pIP,inet_ntoa(nipaddr));
return pIP;
}
PCHAR ProcessPidToName( HANDLE hProcessSnap,DWORD ProcessId,PCHAR
ProcessName)
{
PROCESSENTRY32 processEntry;
strcpy( ProcessName, ".." );
if( !Process32First( hProcessSnap, &processEntry )) {
return ProcessName;
}
do {
if( processEntry.th32ProcessID == ProcessId )
{
strcpy( ProcessName, processEntry.szExeFile );
return ProcessName;
}
} while( Process32Next( hProcessSnap, &processEntry ));
return ProcessName;
}
int main(int argc, char* argv[])
{
int nRetCode;
DWORD i;
WSADATA WSAData;
HANDLE hProcessSnap;
D_MIB_TCPTABLE_OWNER_MODULE TCPExTable;
D_MIB_UDPTABLE_OWNER_MODULE UDPExTable;
DWORD UdpCount=sizeof(D_MIB_TCPTABLE_OWNER_MODULE);
DWORD TcpCount=sizeof(D_MIB_UDPTABLE_OWNER_MODULE);
char szProcessName[MAX_PATH];
char szLocalName[HOSTNAMELEN], szRemoteName[HOSTNAMELEN];
char szRemotePort[PORTNAMELEN], szLocalPort[PORTNAMELEN];
char szLocalAddress[ADDRESSLEN], szRemoteAddress[ADDRESSLEN];
struct tm *Time;
if( WSAStartup(MAKEWORD(1, 1), &WSAData ))
{
printf("WSAStartup error!\n");
return 0;
}
nRetCode= GetExtendedTcpTable(&TCPExTable,&TcpCount,
TRUE,AF_INET, TCP_TABLE_OWNER_MODULE_ALL, 0);
if( nRetCode )
{
printf("GetExtendedTcpTable!\n");
return 0;
}
nRetCode =
GetExtendedUdpTable(&UDPExTable,&UdpCount,TRUE,AF_INET,UDP_TABLE_OWNER_MODULE,0);
if( nRetCode )
{
printf("GetExtendedUdpTable.\n");
return -1;
}
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
printf("CreateToolhelp32Snapshot Error!\n");
}
printf("%-6s%-20s%-20s%-11s%s\n", "协议", "本地地址","外部地址", "连接状态","进程");
for( i = 0; i < TCPExTable.dwNumEntries; i++)
{
wsprintf( szLocalAddress, "%s:%s",
GetIp(TCPExTable.table[i].dwLocalAddr,
szLocalName),GetPort(TCPExTable.table[i].dwLocalPort, szLocalPort));
wsprintf( szRemoteAddress, "%s:%s",
GetIp(TCPExTable.table[i].dwRemoteAddr,
szRemoteName),GetPort(TCPExTable.table[i].dwRemotePort, szRemotePort));
printf("%-6s%-20s%-20s%-11s%s:%d\n", "TCP",
szLocalAddress,
szRemoteAddress,TcpState[TCPExTable.table[i].dwState],ProcessPidToName(
hProcessSnap, TCPExTable.table[i].dwOwningPid, szProcessName),
TCPExTable.table[i].dwOwningPid);
}
for( i = 0; i < UDPExTable.dwNumEntries; i++ )
{
sprintf( szLocalAddress, "%s:%s",
GetIp(UDPExTable.table[i].dwLocalAddr, szLocalName),
GetPort(UDPExTable.table[i].dwLocalPort, szLocalPort));
sprintf( szRemoteAddress, "%s", "*:*");
printf("%-6s%-20s%-33s%s:%d\n", "UDP",
szLocalAddress, szRemoteAddress,
ProcessPidToName( hProcessSnap, UDPExTable.table[i].dwOwningPid,
szProcessName),
UDPExTable.table[i].dwOwningPid
);
}
WSACleanup();
getchar();
return 0;
}
评论