Windows上的套接字号是PID? [英] PID from socket number on Windows?
问题描述
我需要计算各种应用程序从网络发送和接收的字节数.首先,我考虑过使用LSP,但是有很多应用程序根本不使用LSP(例如SMB).这就是为什么我写了一个小嗅探器.此应用程序在IP级别上运行,并使用recvfrom收集数据.
所以我有远程主机,本地和远程端口的地址.这非常酷,但是我还需要具有本地套接字所有者的PID.那么,有没有简单的方法来获得这种PID?解决方法是使用GetTcpTable,GetUdpTable或AllocateAndGetUdpExTableFromStack和AllocateAndGetTcpExTableFromStack(在2k,XP,XP SP2和Vista之间,这些功能有很多差异)并查找结果表,但是这看起来不明智且效率低下.
那么有什么类型的"GetPIDOfSocket"函数?分辨率只能是WinAPI(无.net),因为可以使用各种语言,例如C ++,Delphi.
很抱歉不得不告诉您,但是使用GetTcpTable或AllocateAndGetTcpExTableFromStack并不是一种解决方法,它实际上是其他netstat类型的应用程序的工作方式. AFAIK没有Win32 "GetPIDOfSocket"函数,您唯一的选择是使用端口表函数进行轮询.但是至少您可以自己编写代码,而不必生成netstat进程.
有关netstatp的信息,请参见SysInternals C源代码.此处.没有很多,值得一看.
I need to count amount of bytes sent and received from the network by various applications. First I thought about using LSP, but there is a lot of applications that do not use LSP at all (SMB for example). This is why I have written a small sniffer. This application works on IP level and collects data using recvfrom.
So I have address of remote host, local and remote ports. This is pretty cool, but I also need to have PID of local socket owner. So, is there any simple way to obtain such PID? The workaround is using GetTcpTable, GetUdpTable Or AllocateAndGetUdpExTableFromStack and AllocateAndGetTcpExTableFromStack (there is lot of differences in those functions between 2k, XP, XP SP2 and Vista) and to lookup result tables, but it seems inelegant and inefficient...
So is there any kind of "GetPIDOfSocket" function? The resolution sholud be WinAPI (no .net) only, as various languages can be used, eg C++, Delphi.
Sorry to have to tell you, but using GetTcpTable or AllocateAndGetTcpExTableFromStack is not a workaround, it's actually how other netstat-type applications work. AFAIK there is no Win32 "GetPIDOfSocket" function, your only option is to poll using the port table functions. But at least you can code it up yourself and don't have to spawn the netstat process.
See SysInternals C source code for netstatp here. There's not a lot of it and it's well worth a look.
这篇关于Windows上的套接字号是PID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
