获取类似于TCPView的每个进程的统计信息 [英] Getting per process stats similar to TCPView

问题描述

TCPView是Sysinternals工具，它提供netstat信息的超集.它提供每个连接的统计信息，例如数据包/已发送/已接收的字节.

它大概将Windows IP Helper API GetPerTcpConnectionEStats和GetPerTcp6ConnectionEStats用于TCP和TCP6套接字.
但是，IP帮助程序没有与UDP类似的功能.而且IPHelper不支持XP.但是TCPView提供了UDP套接字的统计信息，并且也可以在XP上运行.

TCPView嵌入了一个二进制资源，我在某处阅读过，该资源可能是支持获取统计信息的驱动程序.我删除了此资源并保存了exe，但它仍然可以在XP和Windows 7上运行.

有人可以帮助TCPView如何显示UDP套接字的统计信息，以及如何在XP上运行.

提前谢谢.
MK.

Hi,

TCPView is a Sysinternals tool that gives a superset of information of netstat. It gives per connection stats such as packets/ bytes sent/ received.

It uses Windows IP Helper API GetPerTcpConnectionEStats and GetPerTcp6ConnectionEStats presumably for TCP and TCP6 sockets.

However IP helper does not have similar functions for UDP. Moreover IPHelper does not support XP. But TCPView gives stats for UDP sockets and works on XP too.

TCPView has a binary resource embedded which I read somewhere could be a driver that supports getting the stats. I deleted this resource and saved the exe and still it runs the same on XP and WIndows 7.

Can someone help how TCPView is showing stats for UDP sockets and work on XP as well.

Thanks in advance.
MK.

推荐答案

我不是100％确信tcpview使用的是GetPerTcpConnectionEStats，实际上，我很确定它没有使用它们，如果查看PE，则不会导入这些调用. (但我对此可能有误)

我可以肯定地说的是，TCPview利用ETW来监视网络活动.
搜索API StartTrace，OpenTrace，ProcessTrace.

我即将实现相同的功能，并且也遇到了这些问题，希望对您有所帮助...

I''m not 100% sure that tcpview uses GetPerTcpConnectionEStats as you mention, in fact, im pretty sure that it doesn''t use them, if you look at the PE these calls are not imported. (but i may be wrong on this)

What i can tell you for sure is that TCPview leverages on ETW for monitoring network activity.
Search for APIs StartTrace, OpenTrace, ProcessTrace.

I''m about to implement the same functionality and im running into these issues as well, hope this helps...

这篇关于获取类似于TCPView的每个进程的统计信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！