问一个函数的用法。getExtendedTcpTable;

huangjacky 2008-12-20 09:30:47

先定义，从msdn转过来的。不知道是否有错。请看



const

  ANY_SIZE = 256;

  //----------------------------------------------------------------------------

  MIB_TCP_STATE_CLOSED     =  1;

  MIB_TCP_STATE_LISTEN     =  2;

  MIB_TCP_STATE_SYN_SENT   =  3;

  MIB_TCP_STATE_SYN_RCVD   =  4;

  MIB_TCP_STATE_ESTAB      =  5;

  MIB_TCP_STATE_FIN_WAIT1  =  6;

  MIB_TCP_STATE_FIN_WAIT2  =  7;

  MIB_TCP_STATE_CLOSE_WAIT =  8;

  MIB_TCP_STATE_CLOSING    =  9;

  MIB_TCP_STATE_LAST_ACK   = 10;

  MIB_TCP_STATE_TIME_WAIT  = 11;

  MIB_TCP_STATE_DELETE_TCB = 12;

//------------------------------------------------------------------------------

  TTCPTableClass = (TCP_TABLE_BASIC_LISTENER,

                    TCP_TABLE_BASIC_CONNECTIONS ,

                    TCP_TABLE_BASIC_ALL,

                    TCP_TABLE_OWNER_PID_LISTENER ,

                    TCP_TABLE_OWNER_PID_CONNECTIONS ,

                    TCP_TABLE_OWNER_PID_ALL ,

                    TCP_TABLE_OWNER_MODULE_LISTENER,

                    TCP_TABLE_OWNER_MODULE_CONNECTIONS ,

                    TCP_TABLE_OWNER_MODULE_ALL 

                    );

  TUDPTableClass = (UDP_TABLE_BASIC ,

                    UDP_TABLE_OWNER_PID ,

                    UDP_TABLE_OWNER_MODULE

                    );

  MIB_TCPROW_OWNER_PID = record

    dwState       :DWORD;

    dwLocalAddr   :DWORD;

    dwLocalPort   :DWORD;

    dwRemoteAddr  :DWORD;

    dwRemotePort  :DWORD;

    dwOwningPid   :DWORD;

  end;

  PMIB_TCP_ROW = ^MIB_TCPROW_OWNER_PID;



  MIB_TCPTABLE_OWNER_PID = record

    dwNumEntries :DWORD;

    table        :array[0..ANY_SIZE-1] of MIB_TCPROW_OWNER_PID;

  end;

  

  PMIB_TCPTABLE_OWNER_PID = ^MIB_TCPTABLE_OWNER_PID;

  //----------------------------------------------------------------------------

然后再是导出的2个函数，



{

DWORD GetExtendedTcpTable(

  PVOID pTcpTable,

  PDWORD pdwSize,

  BOOL bOrder,

  ULONG ulAf,

  TCP_TABLE_CLASS TableClass,

  ULONG Reserved

); }

function GetExtendedTcpTable(pTcpTable:PMIB_TCPTABLE_OWNER_PID;

                            pdwSize:pDWORD;

                            bOrder:Boolean;

                            ulAf:Cardinal;

                            TableClass:TTCPTableClass;

                            Reserved:Cardinal):DWORD ;

                    stdcall; external 'iphlpapi.dll' name 'GetExtendedTcpTable';

{

DWORD GetExtendedUdpTable(

  PVOID pUdpTable,

  PDWORD pdwSize,

  BOOL bOrder,

  ULONG ulAf,

  UDP_TABLE_CLASS TableClass,

  ULONG Reserved

);

}

function GetExtendedUdpTable(pTcpTable:Pointer;

                            pdwSize:pDWORD;

                            bOrder:Boolean;

                            ulAf:Cardinal;

                            TableClass:TUDPTableClass;

                            Reserved:Cardinal):DWORD ;

                    stdcall; external 'iphlpapi.dll' name 'GetExtendedUdpTable';

好的。然后是使用，编译没有问题，但是结果就是不乐观。



procedure TBaseSniffer.displayConnections(PID: DWORD);

var

  pBuf:PChar;

  tcpRow:MIB_TCPROW_OWNER_PID;

  adwSize,dResult:DWORD;

  tmp:string;

  I,num: Integer;

begin

  try

    FConnections.Clear;//清楚列表

    adwSize:=0;        //先定义大小为0,来获取真的大小.

    dResult:=GetExtendedTcpTable(nil,@adwSize,

                                True,0,TCP_TABLE_OWNER_PID_CONNECTIONS,0);//跟踪到这里发现dResult不是0 也就是函数调用错误了

    if adwSize<>0 then

    begin

      //分配空间,来获取真的tcp连接表.

      GetMem(pBuf,adwSize);

      dResult:=GetExtendedTcpTable(PMIB_TCPTABLE_OWNER_PID(pBuf),@adwSize,True,AF_INET,TCP_TABLE_OWNER_PID_ALL,0);

      if dResult<>NO_ERROR then

      begin

        FErrorInfo:='获取TCP列表出错';

        doError;

      end

      else

      begin

        num:=PMIB_TCPTABLE_OWNER_PID(pBuf)^.dwNumEntries;

        if num>0 then

        begin

          Inc(pBuf,SizeOf(DWORD));

          for I := 1 to num - 1 do

          begin

            tcpRow:=PMIB_TCP_ROw(pBuf)^;

            with tcpRow do

            if (dwOwningPid=PID)and(dwState in [2,5])and(dwRemoteAddr<>0) then

            begin

              tmp:='';

              tmp:=Format('远程主机:%S,远程端口:%D,本地端口:%D',

                          [IpAddr2Str(dwRemoteAddr),dwRemotePort,dwLocalPort]);

              FConnections.Append(tmp);

            end;

            Inc(pBuf,SizeOf(MIB_TCPROW_OWNER_PID));

          end;

        end;  

      end;

      Dec(pBuf,SizeOf(dword)+ num* SizeOf(MIB_TCPROW_OWNER_PID));

      FreeMem(pBuf);   

    end;

  finally

  end;

end;

郁闷了请问各位这个函数究竟怎么用。谢谢
getTCPtable的例子我看了一下的。

...全文

971 4 打赏收藏转发到动态举报

写回复

用AI写文章

4 条回复

切换为时间正序

请发表友善的回复…

发表回复

hyz18059135302 2011-12-07

打赏
举报

弄完都没有把完整的代码贴出来，真郁闷

僵哥 2008-12-20

打赏
举报

使用API就要多参考MSDN当中的说明（http://msdn.microsoft.com/en-us/library/aa365928(VS.85).aspx）
另外需要特别注意的是被支持的操作系统。

僵哥 2008-12-20

打赏
举报

函数调用出错应该立即调用GetLastError取得具体的错误。
GetExtendedTcpTable第一个参数传的是Nil，第二个参数最好传入-1，而不是0，此时会返回一个错误，但是无关紧要.

引用

pdwSize [in, out]
The estimated size of the structure returned in pTcpTable, in bytes. If this value is set too small, ERROR_INSUFFICIENT_BUFFER is returned by this function, and this field will contain the correct size of the structure.

第四个参数只有两个选项，AF_INET = 2,AF_INET6=23

huangjacky 2008-12-20