Question

我已经通过函数getTCPExtendedTable实现了以下用于获取TCP信息的代码：

    const
 ANY_SIZE = 1;
 iphlpapi = 'iphlpapi.dll';  //For using the DLL
 TCP_TABLE_OWNER_PID_ALL = 5;
 {States of the Connections}
 MIB_TCP_STATE:
 array[1..12] of string = ('CLOSED', 'LISTEN', 'SYN-SENT ','SYN-RECEIVED', 'ESTABLISHED', 'FIN-WAIT-1',
                             'FIN-WAIT-2', 'CLOSE-WAIT', 'CLOSING','LAST-ACK', 'TIME-   WAIT', 'delete TCB');
   {record of type MIB_TCPROW:
    typedef struct _MIB_TCPROW
     {
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
   }//MIB_TCPROW, *PMIB_TCPROW;


  type
{The type of the TCP table structure to retrieve.
 This parameter can be one of the values from the TCP_TABLE_CLASS enumeration. }
TCP_TABLE_CLASS = Integer;

PMibTcpRowOwnerPid = ^TMibTcpRowOwnerPid;
TMibTcpRowOwnerPid  = packed record
  dwState     : DWORD;
  dwLocalAddr : DWORD;
  dwLocalPort : DWORD;
  dwRemoteAddr: DWORD;
  dwRemotePort: DWORD;
  dwOwningPid : DWORD;
  end;

  {record of type MIB_TCPTABLE:
   typedef struct _MIB_TCPTABLE
     {
       DWORD  dwNumEntries;
MIB_TCPROW table[ANY_SIZE];
  } //MIB_TCPTABLE, *PMIB_TCPTABLE

      PMIB_TCPTABLE_OWNER_PID  = ^MIB_TCPTABLE_OWNER_PID;
       MIB_TCPTABLE_OWNER_PID = packed record
 dwNumEntries: DWord;
 table: array [0..ANY_SIZE - 1] OF TMibTcpRowOwnerPid;
end;

     //Defintion

   GetExtendedTcpTable:function  (pTcpTable: Pointer; dwSize: PDWORD; bOrder: BOOL; lAf: ULONG; TableClass: TCP_TABLE_CLASS; Reserved: ULONG): DWord; stdcall;
   procedure TFmainViewTCP.ShowCurrentTCPConnections;



   var
  Error        : DWORD;
  TableSize    : DWORD;
  i            : integer;
  IpAddress    : in_addr;
  RemoteIp     : string;
  LocalIp      : string;
  ProcName:string;
  FExtendedTcpTable : PMIB_TCPTABLE_OWNER_PID;
  begin
 i:=0;
 TableSize := 0;
 Error := GetExtendedTcpTable(nil, @TableSize, False,AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);

 if Error <> ERROR_INSUFFICIENT_BUFFER then
 Exit;

   GetMem(FExtendedTcpTable, TableSize);
   try
     if GetExtendedTcpTable(FExtendedTcpTable, @TableSize, TRUE,AF_INET,TCP_TABLE_OWNER_PID_ALL, 0) = NO_ERROR then
   begin
     for i := 0 to FExtendedTcpTable.dwNumEntries - 1 do

     begin
       IpAddress.s_addr := FExtendedTcpTable.Table[i].dwRemoteAddr;
        RemoteIp  := string(inet_ntoa(IpAddress));
        IpAddress.s_addr := FExtendedTcpTable.Table[i].dwLocalAddr;
        LocalIp          := string(inet_ntoa(IpAddress));

         Memo1.Lines.Add(IntToStr(FExtendedTcpTable.Table[i].dwOwningPid));
        Memo1.Lines.Add(IntToStr(Lo(FExtendedTcpTable.Table[i].dwLocalPort)));

      end; //for
    end; //if
  finally
      FreeMem(FExtendedTcpTable);
     end;
     end;

问题是显示的端口号是'34560'，而真正的端口号是通过netstat看到的'135'。要查看正确的端口号，需要进行哪些更改？

我读到我们应该只显示dwLocalPort的低16字节。我用Lo（）函数做到了。我得到了'0'，'8'等答案。请帮助。

先谢谢

Answer 1

端口号以网络字节顺序给出。网络字节顺序是大端，所以你必须颠倒字节的顺序才能理解它。

MIB_TCPROW_OWNER_PID的文档包含了这一重点。

dwLocalPort和dwRemotePort成员按网络字节顺序排列。为了使用dwLocalPort或dwRemotePort成员，可能需要Windows套接字或类似函数中的ntohs或inet_ntoa函数。

只需将端口号传递给ntohs()，它们就会再次对您有意义。例如：

Memo1.Lines.Add(IntToStr(ntohs(FExtendedTcpTable.Table[i].dwLocalPort)));

Answer 2

该函数返回需要转换为实际端口号的原始端口号，这可以通过

来完成

 function ConvertRawPortToRealPort(RawPort : DWORD) : DWORD;
begin
  Result := (RawPort div 256) + (RawPort mod 256) * 256;
end;

这应该给出正确的输出

在delphi 7中没有通过GetExtendedTcpTable获取正确的端口号

2 个答案: