通过套接字端口获取应用程序路径 [英] Get app path by socket port
问题描述
如何通过知道其端口来获取此应用的路径?
我想做netstat -b做的。它列出打开的所有套接字端口和打开套接字的应用程序。
我正在使用delphi 2010.
通过知道应用程序打开,我的端口我能够杀死该应用程序。
请注意,我需要一个delphi代码,而不是一个Dos命令或者说如何使用netstat。
拉斐尔,您可以使用 GetExtendedTcpTable
函数,此函数检索包含TCP连接可用性列表的表。
首先必须检查记录通过此功能返回,并检查 dwLocalPort
或 dwRemotePort
(根据您需要检查的端口),那么你可以获取应用程序的pid,检查 dwOwningPid
字段,并使用Windows API函数(如 GetModuleFileNameEx
检查示例应用程序,显示所有tcp连接,如netstat。您可以修改此样本以符合您的要求。
使用
PsAPI,
WinSock,
Windows,
SysUtils;
const
ANY_SIZE = 1;
iphlpapi ='iphlpapi.dll';
TCP_TABLE_OWNER_PID_ALL = 5;
MIB_TCP_STATE:
数组[1..12]的string =('CLOSED','LISTEN','SYN-SENT','SYN-RECEIVED','ESTABLISHED',' FIN-WAIT-1',
'FIN-WAIT-2','CLOSE-WAIT','CLOSING','LAST-ACK','TIME-WAIT','删除TCB');
type
TCP_TABLE_CLASS =整数;
PMibTcpRowOwnerPid = ^ TMibTcpRowOwnerPid;
TMibTcpRowOwnerPid =打包记录
dwState:DWORD;
dwLocalAddr:DWORD;
dwLocalPort:DWORD;
dwRemoteAddr:DWORD;
dwRemotePort:DWORD;
dwOwningPid:DWORD;
结束
PMIB_TCPTABLE_OWNER_PID = ^ MIB_TCPTABLE_OWNER_PID;
MIB_TCPTABLE_OWNER_PID =打包记录
dwNumEntries:DWord;
表:数组[0..ANY_SIZE - 1] OF TMibTcpRowOwnerPid;
结束
var
GetExtendedTcpTable:function(pTcpTable:Pointer; dwSize:PDWORD; bOrder:BOOL; lAf:ULONG; TableClass:TCP_TABLE_CLASS; Reserved:ULONG):DWord;标准
函数GetPathPID(PID:DWORD):string;
var
句柄:THandle;
begin
结果:='';
句柄:= OpenProcess(PROCESS_QUERY_INFORMATION或PROCESS_VM_READ,False,PID);
如果Handle<> 0 then
try
SetLength(Result,MAX_PATH);
if GetModuleFileNameEx(Handle,0,PChar(Result),MAX_PATH)> 0然后
SetLength(Result,StrLen(PChar(Result)))
else
结果:='';
finally
CloseHandle(Handle);
结束
结束
程序ShowCurrentTCPConnections;
var
错误:DWORD;
TableSize:DWORD;
i:integer;
IpAddress:in_addr;
RemoteIp:string;
LocalIp:string;
FExtendedTcpTable:PMIB_TCPTABLE_OWNER_PID;
begin
TableSize:= 0;
错误:= GetExtendedTcpTable(nil,@TableSize,False,AF_INET,TCP_TABLE_OWNER_PID_ALL,0);
如果错误<> ERROR_INSUFFICIENT_BUFFER然后
退出;
GetMem(FExtendedTcpTable,TableSize);
尝试
如果GetExtendedTcpTable(FExtendedTcpTable,@TableSize,TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL,0)= NO_ERROR然后
为i:= 0到FExtendedTcpTable.dwNumEntries - 1 do
if { (FExtendedTcpTable.Table [i] .dwOwningPid = Pid)和}(FExtendedTcpTable.Table [i] .dwRemoteAddr<> 0)那么//这里你可以检查特定端口
begin
IpAddress.s_addr := FExtendedTcpTable.Table [i] .dwRemoteAddr;
RemoteIp:= string(inet_ntoa(IpAddress));
IpAddress.s_addr:= FExtendedTcpTable.Table [i] .dwLocalAddr;
LocalIp:= string(inet_ntoa(IpAddress));
Writeln(GetPathPID(FExtendedTcpTable.Table [i] .dwOwningPid));
Writeln(格式('% - 16s%-6d%-16s%-6d%s',[LocalIp,FExtendedTcpTable.Table [i] .dwLocalPort,RemoteIp,FExtendedTcpTable.Table [i] .dwRemotePort,MIB_TCP_STATE [ FETPENDTCPTable.Table [i] .dwState]]));
结束
finally
FreeMem(FExtendedTcpTable);
结束
结束
var
libHandle:THandle;
begin
try
ReportMemoryLeaksOnShutdown = = DebugHook<> 0;
libHandle:= LoadLibrary(iphlpapi);
GetExtendedTcpTable:= GetProcAddress(libHandle,'GetExtendedTcpTable');
ShowCurrentTCPConnections;
除了
在E:Exception do
Writeln(E.ClassName,':',E.Message);
结束
readln;
结束。
Lets assume you have a app that opens a socket port for comunication purpose. How can i get the path of this app only by knowing its port? I wanna do what netstat -b does. It lists all socket ports opened and the app that opened the socket. I am using delphi 2010. By knowing wich app opened wich port i am able to kill the app. Note that i need a delphi code, not an Dos command or an explanation of how to use netstat.
Rafael, you can use the GetExtendedTcpTable
function, this function retrieves a table that contains a list of TCP connections availables.
first you must inspect the records returned by this function, and check the dwLocalPort
or dwRemotePort
(depending of what port your need to check), then you can get the pid of the application checking the dwOwningPid
field and resolve the exe name using a windows api function like GetModuleFileNameEx
Check this sample application which show all tcp connections like netstat. you can modify this sample to fit with your requirements.
uses
PsAPI,
WinSock,
Windows,
SysUtils;
const
ANY_SIZE = 1;
iphlpapi = 'iphlpapi.dll';
TCP_TABLE_OWNER_PID_ALL = 5;
MIB_TCP_STATE:
array[1..12] of string = ('CLOSED', 'LISTEN', 'SYN-SENT ','SYN-RECEIVED', 'ESTABLISHED', 'FIN-WAIT-1',
'FIN-WAIT-2', 'CLOSE-WAIT', 'CLOSING','LAST-ACK', 'TIME-WAIT', 'delete TCB');
type
TCP_TABLE_CLASS = Integer;
PMibTcpRowOwnerPid = ^TMibTcpRowOwnerPid;
TMibTcpRowOwnerPid = packed record
dwState : DWORD;
dwLocalAddr : DWORD;
dwLocalPort : DWORD;
dwRemoteAddr: DWORD;
dwRemotePort: DWORD;
dwOwningPid : DWORD;
end;
PMIB_TCPTABLE_OWNER_PID = ^MIB_TCPTABLE_OWNER_PID;
MIB_TCPTABLE_OWNER_PID = packed record
dwNumEntries: DWord;
table: array [0..ANY_SIZE - 1] OF TMibTcpRowOwnerPid;
end;
var
GetExtendedTcpTable:function (pTcpTable: Pointer; dwSize: PDWORD; bOrder: BOOL; lAf: ULONG; TableClass: TCP_TABLE_CLASS; Reserved: ULONG): DWord; stdcall;
function GetPathPID(PID: DWORD): string;
var
Handle: THandle;
begin
Result := '';
Handle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, PID);
if Handle <> 0 then
try
SetLength(Result, MAX_PATH);
if GetModuleFileNameEx(Handle, 0, PChar(Result), MAX_PATH) > 0 then
SetLength(Result, StrLen(PChar(Result)))
else
Result := '';
finally
CloseHandle(Handle);
end;
end;
procedure ShowCurrentTCPConnections;
var
Error : DWORD;
TableSize : DWORD;
i : integer;
IpAddress : in_addr;
RemoteIp : string;
LocalIp : string;
FExtendedTcpTable : PMIB_TCPTABLE_OWNER_PID;
begin
TableSize := 0;
Error := GetExtendedTcpTable(nil, @TableSize, False, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if Error <> ERROR_INSUFFICIENT_BUFFER then
Exit;
GetMem(FExtendedTcpTable, TableSize);
try
if GetExtendedTcpTable(FExtendedTcpTable, @TableSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0) = NO_ERROR then
for i := 0 to FExtendedTcpTable.dwNumEntries - 1 do
if {(FExtendedTcpTable.Table[i].dwOwningPid=Pid) and} (FExtendedTcpTable.Table[i].dwRemoteAddr<>0) then //here you can check the particular port
begin
IpAddress.s_addr := FExtendedTcpTable.Table[i].dwRemoteAddr;
RemoteIp := string(inet_ntoa(IpAddress));
IpAddress.s_addr := FExtendedTcpTable.Table[i].dwLocalAddr;
LocalIp := string(inet_ntoa(IpAddress));
Writeln(GetPathPID(FExtendedTcpTable.Table[i].dwOwningPid));
Writeln(Format('%-16s %-6d %-16s %-6d %s',[LocalIp,FExtendedTcpTable.Table[i].dwLocalPort,RemoteIp,FExtendedTcpTable.Table[i].dwRemotePort,MIB_TCP_STATE[FExtendedTcpTable.Table[i].dwState]]));
end;
finally
FreeMem(FExtendedTcpTable);
end;
end;
var
libHandle : THandle;
begin
try
ReportMemoryLeaksOnShutdown:=DebugHook<>0;
libHandle := LoadLibrary(iphlpapi);
GetExtendedTcpTable := GetProcAddress(libHandle, 'GetExtendedTcpTable');
ShowCurrentTCPConnections;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
readln;
end.
这篇关于通过套接字端口获取应用程序路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!