Finding TCP ports used by application

Question

All right, so I'm extending my company's flexlm vendor daemon to be a little bit more revealing to client applications.

I need to be able to find out what port lmgrd is listening on before clients connect. The API documentation seems to be rather barren, and I believe they keep most of their code in a compiled form so I can't just look at their source.

Is it possible to call upon the awesome power of the Windows API to find out what ports a particular process is using? If Process Explorer from Sysinternals can do it, I should be able to, right? What would be some sample code for this?

It needs to support Windows XP and higher since many of our clients have yet to upgrade.

I should note that it turns out FLEX has support for pulling the port from the license file. I don't have the code in front of me, but know that this isn't the best way to find out what ports your vendor daemon/lmgrd is running.

Answer 1

GetTcpTable2 -- see below

GetTcpTable2 function

The GetTcpTable function retrieves the IPv4 TCP connection table.

This will fill in a MIB_TCPTABLE structure.

typedef struct _MIB_TCPTABLE {
  DWORD      dwNumEntries;
  MIB_TCPROW table[ANY_SIZE];
} MIB_TCPTABLE, *PMIB_TCPTABLE;

And now the MIB_TCPROW

typedef struct _MIB_TCPROW {
  DWORD dwState;
  DWORD dwLocalAddr;
  DWORD dwLocalPort;
  DWORD dwRemoteAddr;
  DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;

IMPORTANT:

You need to use GetTcpTable2 in order to get the corresponding PID associated as well.

typedef struct _MIB_TCPROW2 {
  DWORD                        dwState;
  DWORD                        dwLocalAddr;
  DWORD                        dwLocalPort;
  DWORD                        dwRemoteAddr;
  DWORD                        dwRemotePort;
  DWORD                        dwOwningPid;
  TCP_CONNECTION_OFFLOAD_STATE dwOffloadState;
} MIB_TCPROW2, *PMIB_TCPROW2;

dwOwningPid

Answer 2

Here's the code I ended up with, for anyone who hits this problem after me

#include "stdafx.h"
#include <windows.h>
#include <iphlpapi.h>

// These are just for the ntohl function in the printf below
#include <winsock.h>
#pragma comment(lib, "Ws2_32.lib")

DWORD (WINAPI *pGetExtendedTcpTable)(
  PVOID pTcpTable,
  PDWORD pdwSize,
  BOOL bOrder,
  ULONG ulAf,
  TCP_TABLE_CLASS TableClass,
  ULONG Reserved
);

int _tmain(int argc, _TCHAR* argv[])
{
    MIB_TCPTABLE_OWNER_PID *pTCPInfo;
    MIB_TCPROW_OWNER_PID *owner;
    DWORD size;
    DWORD dwResult;

    HMODULE hLib = LoadLibrary("iphlpapi.dll");

    pGetExtendedTcpTable = (DWORD (WINAPI *)(PVOID, PDWORD, BOOL, ULONG, TCP_TABLE_CLASS, ULONG))
        GetProcAddress(hLib, "GetExtendedTcpTable");

    if (!pGetExtendedTcpTable)
    {
        printf("Could not load iphlpapi.dll. This application is for Windows XP SP2 and up.\n");
        return 1;
    }

    dwResult = pGetExtendedTcpTable(NULL,     &size, false, AF_INET, TCP_TABLE_OWNER_PID_LISTENER, 0);
    pTCPInfo = (MIB_TCPTABLE_OWNER_PID*)malloc(size);
    dwResult = pGetExtendedTcpTable(pTCPInfo, &size, false, AF_INET, TCP_TABLE_OWNER_PID_LISTENER, 0);

    if (dwResult != NO_ERROR)
    {
        printf("Couldn't get our IP table");
        return 2;
    }

    printf("Iterating though table:\n");
    for (DWORD dwLoop = 0; dwLoop < pTCPInfo->dwNumEntries; dwLoop++)
    {
        owner = &pTCPInfo->table[dwLoop];

        printf("  PID: %5u - Port: %5u\n", owner->dwOwningPid, ntohs(owner->dwLocalPort));
    }

    // Pause a moment
    printf("Done Processing\n");

    return 0;
}