windows获取进程端口

1. TCP端口

 

函数

  DWORD GetExtendedTcpTable(
          PVOID pTcpTable,
          PDWORD pdwSize,
          BOOL bOrder,
          ULONG ulAf,
          TCP_TABLE_CLASS TableClass,
          ULONG Reserved
  );

功能

  获取当前所有TCP端口的列表

参数

  PVOID pTcpTable：接收缓冲区，接收返回的TCP端口列表，表类型由参数TableClass决定

  PDWORD pdwSize：pTcpTable缓冲区字节数，若缓冲区过小则返回所需大小

  BOOL bOrder：端口列表是否排序

  ULONG ulAf：AF_INET表IPv4，AF_INET6表IPv6

  TCP_TABLE_CLASS TableClass：类型TCP_TABLE_CLASS的枚举值，指定TCP_TABLE_OWNER_PID_ALL即可

  ULONG Reserved：0

指定Table类型为TCP_TABLE_OWNER_PID_ALL，则获取到的TCP Table类型为MIB_TCPTABLE_OWNER_PID结构体

typedef struct {
  DWORD                dwNumEntries;
  MIB_TCPROW_OWNER_PID table[ANY_SIZE];
} MIB_TCPTABLE_OWNER_PID, *PMIB_TCPTABLE_OWNER_PID;

typedef struct _MIB_TCPROW_OWNER_PID {
  DWORD dwState;
  DWORD dwLocalAddr;
  DWORD dwLocalPort;
  DWORD dwRemoteAddr;
  DWORD dwRemotePort;
  DWORD dwOwningPid;
} MIB_TCPROW_OWNER_PID, *PMIB_TCPROW_OWNER_PID;

返回值

 成功返回NO_ERROR，否则返回值即错误码

使用方法

	#include <IPHlpApi.h>
	#pragma comment(lib, "IPHlpApi.lib")

	/*获取缓冲区大小*/
	DWORD dwBufferSize = 0;
	GetExtendedTcpTable(NULL, &dwBufferSize, true, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);

	/*创建缓冲区*/
	MIB_TCPTABLE_OWNER_PID *pMibTcpTable = (MIB_TCPTABLE_OWNER_PID*)malloc(dwBufferSize);

	/*取Tcp Table*/
	DWORD dwRet = GetExtendedTcpTable(pMibTcpTable, &dwBufferSize, true, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
	if(dwRet != NO_ERROR)
	{
		printf("GetExtendedTcpTable != ERROR_SUCCESS, ErrorCode=%d
", dwRet);
		free(pMibTcpTable);
		return false;
	}

结果

	for(DWORD i = 0; i != pMibTcpTable->dwNumEntries; ++i)
	{
		/*获取端口状态*/
		DWORD dwState = pMibTcpTable->table[i].dwState;

		/*生成IP*/
		in_addr inAddrLocal, inAddrRemote;
		memcpy(&inAddrLocal, &(pMibTcpTable->table[i].dwLocalAddr), sizeof(DWORD));
		memcpy(&inAddrRemote, &(pMibTcpTable->table[i].dwRemoteAddr), sizeof(DWORD));
		std::string sIpLocal = inet_ntoa(inAddrLocal);
		std::string sIpRemote = inet_ntoa(inAddrRemote);

		/*获取Port*/
		DWORD dwPortLocal = ntohs(pMibTcpTable->table[i].dwLocalPort);
		DWORD dwPortRemote = ntohs(pMibTcpTable->table[i].dwRemotePort);

		/*获取PID*/
		DWORD dwPid = pMibTcpTable->table[i].dwOwningPid;

		printf("端口状态=%d, 本地地址=%s, 本地端口=%d, 远端地址=%s, 远端端口=%d, 进程号=%d
", 
			dwState, sIpLocal.c_str(), dwPortLocal, sIpRemote.c_str(), dwPortRemote, dwPid);
	}

 

2. UDP端口

 

函数

  DWORD GetExtendedUdpTable(
       PVOID pUdpTable,
       PDWORD pdwSize,
       BOOL bOrder,
       ULONG ulAf,
       UDP_TABLE_CLASS TableClass,
       ULONG Reserved
  );

功能

  获取当前所有UDP端口的列表

参数

  同上

  UDP_TABLE_CLASS TableClass：类型UDP_TABLE_CLASS的枚举值，指定UDP_TABLE_OWNER_PID即可。

指定Table类型为UDP_TABLE_OWNER_PID，则获取到的UDP Table类型为MIB_UDPTABLE_OWNER_PID结构体

typedef struct _MIB_UDPTABLE_OWNER_PID {
  DWORD                dwNumEntries;
  MIB_UDPROW_OWNER_PID table[ANY_SIZE];
} MIB_UDPTABLE_OWNER_PID, *PMIB_UDPTABLE_OWNER_PID;

typedef struct _MIB_UDPROW_OWNER_PID {
  DWORD dwLocalAddr;
  DWORD dwLocalPort;
  DWORD dwOwningPid;
} MIB_UDPROW_OWNER_PID, *PMIB_UDPROW_OWNER_PID;

返回值

 成功返回NO_ERROR，否则返回值即错误码

使用方法

#include <IPHlpApi.h>
#pragma comment(lib, "IPHlpApi.lib")

/*获取缓冲区大小*/  
DWORD dwBufferSize = 0;
GetExtendedUdpTable(NULL, &dwBufferSize, true, AF_INET, UDP_TABLE_OWNER_PID, 0);  
  
/*创建缓冲区*/  
MIB_UDPTABLE_OWNER_PID *pMibUdpTable = (MIB_UDPTABLE_OWNER_PID*)malloc(dwBufferSize);  
  
/*取Udp Table*/  
DWORD dwRet = GetExtendedUdpTable(pMibUdpTable, &dwBufferSize, true, AF_INET, UDP_TABLE_OWNER_PID, 0);  
if(dwRet != NO_ERROR)  
{  
    printf("GetExtendedUdpTable != ERROR_SUCCESS, ErrorCode=%d
", dwRet);
	free(pMibUdpTable);
    return false;  
}

结果

	for(DWORD i = 0; i != pMibUdpTable->dwNumEntries; ++i)
	{
		/*获取IP*/
		in_addr inAddrLocal;
		memcpy(&inAddrLocal, &(pMibUdpTable->table[i].dwLocalAddr), sizeof(DWORD));
		std::string sIpLocal = inet_ntoa(inAddrLocal);

		/*获取Port*/
		DWORD dwPortLocal = ntohs(pMibUdpTable->table[i].dwLocalPort);

		/*获取PID*/
		DWORD dwPid = pMibUdpTable->table[i].dwOwningPid;

		printf("本地地址=%s, 本地端口=%d, 进程号=%d
", sIpLocal.c_str(), dwPortLocal, dwPid);
	}

3. 进程句柄、进程名、PID转换

 

进程句柄——>PID

DWORD GetProcessId(HANDLE hProcess) ;

进程名——>进程句柄

HANDLE GetProcessHandle(const std::string &sNameProc)
{
	/*获取进程快照句柄*/
	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	/*遍历进程*/
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(pe32);
	BOOL bMore = Process32First(hProcessSnap, &pe32);
	while(bMore)
	{
		if(!sNameProc.compare(pe32.szExeFile))
		{
			HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
			return hProcess;
		}
		bMore = ::Process32Next(hProcessSnap, &pe32);
	}

	/*进程不存在*/
	printf("GetProcessHandle: sNameProc=%s Not Exist", sNameProc.c_str());
	return INVALID_HANDLE_VALUE;
}

进程名——>PID

bool GetPidFromProcName(const std::string &sNameProc, std::set<DWORD> &setPid)
{
	/*获取进程快照*/
	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	/*遍历进程*/
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(pe32);
	BOOL bMore = Process32First(hProcessSnap, &pe32);
	while(bMore)
	{
		if(!sNameProc.compare(pe32.szExeFile))
			setPid.insert(pe32.th32ProcessID);
		bMore=::Process32Next(hProcessSnap,&pe32);
	}

	return true;
}

系统允许进程名重复。

 

PID——>进程名

bool GetProcNameByPid(const DWORD dwPid, std::string &sNameProc)
{
	/*获取进程快照句柄*/
	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	/*遍历进程*/
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(pe32);
	bool bMore = Process32First(hProcessSnap, &pe32);
	while(bMore)
	{
		if(pe32.th32ProcessID == dwPid)
		{
			sNameProc = pe32.szExeFile;
			return true;
		}
		bMore=::Process32Next(hProcessSnap, &pe32);
	}

	/*进程不存在*/
	return false;
}