M
Mike Mitchell
I'm trying to programmatically determine the Process ID for an open TCP
connection on a Windows 2000 server. I can do it under Windows 2003 or
Windows XP using the AllocateAndGetTcpExTableFromStack() call, but that
function isn't implemented on Windows 2000 or Windows NT. I've gotten a
IOCTL_TCP_QUERY_INFORMATION_EX DeviceIoControl() call to work under Windows
2003 and Windows XP, but the appropriate sub-code isn't implemented under
Windows 2000.
Other programs such as tcpview from www.sysinternals.com or fport from
www.foundstone.com are able to get that information from Windows 2000.
www.sysinternals.com does give the source code to netstatp, but that program
only gives the PID under Windows 2003 or Windows XP and not under Windows
2000.
www.sysinternals.com wants $25,000 for a source license to tcpview.
From what I've been able to decipher, both fport and tcpview approach the
problem by getting a list of open file handles for each process, then
figuring out which ones are TCP connections and getting the TCP connection
information from the file handles.
Does anyone know how this is done?
I guess I could spawn "fport" and parse it's output every time I need the
information, but I wanted everything contained in just one program. I don't
want to incur the overhead of spawning a new program every few seconds.
connection on a Windows 2000 server. I can do it under Windows 2003 or
Windows XP using the AllocateAndGetTcpExTableFromStack() call, but that
function isn't implemented on Windows 2000 or Windows NT. I've gotten a
IOCTL_TCP_QUERY_INFORMATION_EX DeviceIoControl() call to work under Windows
2003 and Windows XP, but the appropriate sub-code isn't implemented under
Windows 2000.
Other programs such as tcpview from www.sysinternals.com or fport from
www.foundstone.com are able to get that information from Windows 2000.
www.sysinternals.com does give the source code to netstatp, but that program
only gives the PID under Windows 2003 or Windows XP and not under Windows
2000.
www.sysinternals.com wants $25,000 for a source license to tcpview.
From what I've been able to decipher, both fport and tcpview approach the
problem by getting a list of open file handles for each process, then
figuring out which ones are TCP connections and getting the TCP connection
information from the file handles.
Does anyone know how this is done?
I guess I could spawn "fport" and parse it's output every time I need the
information, but I wanted everything contained in just one program. I don't
want to incur the overhead of spawning a new program every few seconds.