#include <winsock2.h>
#include <ws2tcpip.h>
#include <iphlpapi.h>
#include <stdio.h>
#include "windows.h"
#include "tchar.h"
#include "stdio.h"
#include "psapi.h"
#pragma comment(lib, "iphlpapi.lib")
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib,"psapi.lib")
#define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
#define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
/* Note: could also use malloc() and free() */
int main()
{
// Declare and initialize variables
PMIB_TCPTABLE_OWNER_PID pTcpTable;
DWORD dwSize = 0;
DWORD dwRetVal = 0;
char szLocalAddr[128];
char szRemoteAddr[128];
struct in_addr IpAddr;
int i;
pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(sizeof (MIB_TCPTABLE_OWNER_PID));
if (pTcpTable == NULL) {
printf("Error allocating memory\n");
return 1;
}
dwSize = sizeof (MIB_TCPTABLE_OWNER_PID);
// Make an initial call to GetTcpTable to
// get the necessary size into the dwSize variable
if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)) ==
ERROR_INSUFFICIENT_BUFFER) {
FREE(pTcpTable);
pTcpTable = (MIB_TCPTABLE_OWNER_PID *) MALLOC(dwSize);
if (pTcpTable == NULL) {
printf("Error allocating memory\n");
return 1;
}
}
// Make a second call to GetTcpTable to get
// the actual data we require
if ((dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)) == NO_ERROR) {
printf("\tNumber of entries: %d\n", (int) pTcpTable->dwNumEntries);
for (i = 0; i < (int) pTcpTable->dwNumEntries; i++) {
printf("\n\tTCP[%d] State: %ld - ", i,
pTcpTable->table[i].dwState);
switch (pTcpTable->table[i].dwState) {
case MIB_TCP_STATE_CLOSED:
printf("CLOSED\n");
break;
case MIB_TCP_STATE_LISTEN:
printf("LISTEN\n");
break;
case MIB_TCP_STATE_SYN_SENT:
printf("SYN-SENT\n");
break;
case MIB_TCP_STATE_SYN_RCVD:
printf("SYN-RECEIVED\n");
break;
case MIB_TCP_STATE_ESTAB:
printf("ESTABLISHED\n");
break;
case MIB_TCP_STATE_FIN_WAIT1:
printf("FIN-WAIT-1\n");
break;
case MIB_TCP_STATE_FIN_WAIT2:
printf("FIN-WAIT-2 \n");
break;
case MIB_TCP_STATE_CLOSE_WAIT:
printf("CLOSE-WAIT\n");
break;
case MIB_TCP_STATE_CLOSING:
printf("CLOSING\n");
break;
case MIB_TCP_STATE_LAST_ACK:
printf("LAST-ACK\n");
break;
case MIB_TCP_STATE_TIME_WAIT:
printf("TIME-WAIT\n");
break;
case MIB_TCP_STATE_DELETE_TCB:
printf("DELETE-TCB\n");
break;
default:
printf("UNKNOWN dwState value: %d\n", pTcpTable->table[i].dwState);
break;
}
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwLocalAddr;
strcpy_s(szLocalAddr, sizeof (szLocalAddr), inet_ntoa(IpAddr));
printf("\tTCP[%d] Local Addr: %s\n", i, szLocalAddr);
printf("\tTCP[%d] Local Port: %d \n", i,
ntohs((u_short)pTcpTable->table[i].dwLocalPort));
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr;
strcpy_s(szRemoteAddr, sizeof (szRemoteAddr), inet_ntoa(IpAddr));
printf("\tTCP[%d] Remote Addr: %s\n", i, szRemoteAddr);
printf("\tTCP[%d] Remote Port: %d\n", i,
ntohs((u_short)pTcpTable->table[i].dwRemotePort));
printf("\tTCP[%d] Pid: %d\n", i,
ntohs((u_short)pTcpTable->table[i].dwOwningPid));
HANDLE Handle = OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE,
pTcpTable->table[i].dwOwningPid /* This is the PID, you can find one from windows task manager */
);
if (Handle)
{
TCHAR Buffer[MAX_PATH];
if (GetModuleFileNameEx(Handle, 0, Buffer, MAX_PATH))
{
// At this point, buffer contains the full path to the executable
printf("\tTCP[%d] name: %s\n", i,
Buffer);
}
else
{
// You better call GetLastError() here
}
CloseHandle(Handle);
}
}
} else {
printf("\tGetTcpTable failed with %d\n", dwRetVal);
FREE(pTcpTable);
return 1;
}
if (pTcpTable != NULL) {
FREE(pTcpTable);
pTcpTable = NULL;
}
system("pause");
return 0;
} 
709
01-11
07-14
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
