如果得到系统端口是由哪个程序打开的 ( 积分: 50 )

如果得到系统端口是由哪个程序打开的?比如格式
Pro LocalPort RemoteIP RemotePort PID ProgramPath
TCP 1433 61.11.22.33 6501 156 c:/sql/sqlbin.exe
UDP 8000 62.33.55.44 6532 5682 c:/qq/qq.exe

如果得到系统端口是由哪个程序打开的?比如格式
Pro LocalPort RemoteIP RemotePort PID ProgramPath
TCP 1433 61.11.22.33 6501 156 c:/sql/sqlbin.exe
UDP 8000 62.33.55.44 6532 5682 c:/qq/qq.exe

网上有很多fport的源码,但是是c的,不是delphi的,郁闷呀

做个记号，顶一下

其实比较简单了。

fxh7622,知道?
说出来看看!大家学习学习

给你一段我开发的软件中的代码。能看懂最好，看不懂我就没有办法了！
if not LoadAPI then FatalError('Unable to load API.');
if not IpHlpSupport then
begin
InstallAndStartDriver;
OpenDriver;
GetHandleTableAndSocketType;
end;
EnableDebugPrivilege;
ZeroMemory(@ResultPorts,SizeOf(ResultPorts));

ProcessInfoTable:=nil;
ProcessInfoTableSize:=$10000;
while ProcessInfoTable=nil do
begin
ProcessInfoTable:=Pointer(LocalAlloc(LMEM_FIXED,ProcessInfoTableSize));
Status:=NtQuerySystemInformation(SystemProcessesAndThreadsInformation,ProcessInfoTable,ProcessInfoTableSize,nil);
if Status=STATUS_INFO_LENGTH_MISMATCH then
begin
LocalFree(Cardinal(ProcessInfoTable));
ProcessInfoTable:=nil;
ProcessInfoTableSize:=2*ProcessInfoTableSize;
end else if Status<>0 then FatalError('Unable to get system process information table.',True);
end;

if IpHlpSupport then
begin
if AllocateAndGetTcpExTableFromStack(@TCPPortsTable,True,GetProcessHeap,0,2)=0 then
begin
TCPRow:=@TCPPortsTable^.Table;
for I:=0 to TCPPortsTable^.NumEntries-1 do
begin
ZeroMemory(@HandleInfo,SizeOf(HandleInfo));
HandleInfo.ProcessId:=TCPRow^.ProcessId;
AddPort(HandleInfo,ntohs(TCPRow^.LocalPort),0);
Inc(TCPRow);
end;
end;
if AllocateAndGetUdpExTableFromStack(@UDPPortsTable,False,GetProcessHeap,0,2)=0 then
begin
UDPRow:=@UDPPortsTable^.Table;
for I:=0 to UDPPortsTable^.NumEntries-1 do
begin
ZeroMemory(@HandleInfo,SizeOf(HandleInfo));
HandleInfo.ProcessId:=UDPRow^.ProcessId;
AddPort(HandleInfo,ntohs(UDPRow^.LocalPort),1);
Inc(UDPRow);
end;
end;
end else
begin
LocPID:=GetCurrentProcessId;
ZeroMemory(@LastObj,SizeOf(LastObj));
LastObj.ProcessId:=$FFFFFFFF;
ProcessHandle:=INVALID_HANDLE_VALUE;
PHandleInfo:=@HandleTable^.Handles;
for I:=0 to HandleTable^.NumberOfEntries-1 do
begin
if PHandleInfo^.ObjectTypeNumber=SockHandleType then
begin
if LastObj.ProcessId<>PHandleInfo^.ProcessId then
begin
if ProcessHandle<>INVALID_HANDLE_VALUE then CloseHandle(ProcessHandle);
ProcessHandle:=OpenProcess(PROCESS_DUP_HANDLE,False,PHandleInfo^.ProcessId);
LastObj:=PHandleInfo^;
if ProcessHandle=0 then ProcessHandle:=INVALID_HANDLE_VALUE;
end;
if (ProcessHandle<>INVALID_HANDLE_VALUE) and (PHandleInfo^.ProcessId<>LocPID) then
begin
if DuplicateHandle(ProcessHandle,PHandleInfo^.Handle,GetCurrentProcess,@DupHandle,0,False,DUPLICATE_SAME_ACCESS) then
begin
ObjInfo:=GetObjInfo(PHandleInfo^,Str1);

Proto:=0;
if (ObjInfo.Flags=1) or (ObjInfo.Flags=2) then
if ObjInfo.Ptr1=SockObjInfoTCP.Ptr1 then Proto:=1
else if ObjInfo.Ptr1=SockObjInfoUDP.Ptr1 then Proto:=2;

if Proto>0 then
begin
ZeroMemory(@TdiConnIn,SizeOf(TdiConnIn));
ZeroMemory(@TdiConnOut,SizeOf(TdiConnOut));
if ObjInfo.Flags=2 then
begin
TdiConnIn.RemoteAddressLength:=4;
if DeviceIoControl(DupHandle,$00210012,@TdiConnIn,SizeOf(TdiConnIn),@TdiConnOut,SizeOf(TdiConnOut)-$16,BytesRet,nil) then
begin
TdiConnIn.RemoteAddressLength:=3;
if DeviceIoControl(DupHandle,$00210012,@TdiConnIn,SizeOf(TdiConnIn),@TdiConnOut,SizeOf(TdiConnOut),BytesRet,nil) then
begin
Port:=ntohs(TdiConnOut.ReceivedTsdus);
AddPort(LastObj,Port,Proto-1);
end;
end;
end else
begin
TdiConnIn.RemoteAddressLength:=3;
if DeviceIoControl(DupHandle,$00210012,@TdiConnIn,SizeOf(TdiConnIn),@TdiConnOut,SizeOf(TdiConnOut),BytesRet,nil) then
begin
Port:=ntohs(TdiConnOut.ReceivedTsdus);
AddPort(LastObj,Port,Proto-1);
end;
end;
end;
CloseHandle(DupHandle);
end;
end;
end;
Inc(PHandleInfo);
end;
CloseHandle(ProcessHandle);
LocalFree(Cardinal(HandleTable));
CloseHandle(DrvHandle);
UninstallDriver;
DeleteFile(DriverBin);
end;

for I:=0 to 65535 do
with ResultPorts[0,I] do
if Active then
begin
PObj:=Objects;
for J:=0 to Count-1 do
begin
new(TempNetRecord);
TempNetRecord.Porto:='TCP';
TempNetRecord.PID:=PObj^.ProcessId;
TempNetRecord.Port:=I;
TempNetRecord.ProcessPath:= GetProcessPathByPID(PObj^.ProcessId);
TempNetRecord.ProcessName:=GetProcessNameByPID(PObj^.ProcessId);
if Length(TempNetRecord.ProcessName)=0 then
begin
TempNetRecord.ProcessName:='System';
PObj^.ProcessId:=Name2PID(TempNetRecord.ProcessName);
end;
List.Add(TempNetRecord);
Inc(PObj);
end;
if Objects<>nil then LocalFree(Cardinal(Objects));
end;
for I:=0 to 65535 do
with ResultPorts[1,I] do
if Active then
begin
PObj:=Objects;
for J:=0 to Count-1 do
begin
new(TempNetRecord);
TempNetRecord.Porto:='UDP';
TempNetRecord.PID:=PObj^.ProcessId;
TempNetRecord.Port:=I;
TempNetRecord.ProcessPath:=GetProcessPathByPID(PObj^.ProcessId);
TempNetRecord.ProcessName:=GetProcessNameByPID(PObj^.ProcessId);
if Length(TempNetRecord.ProcessName)=0 then
begin
TempNetRecord.ProcessName:='System';
PObj^.ProcessId:=Name2PID(TempNetRecord.ProcessName);
end;
List.Add(TempNetRecord);
Inc(PObj);
end;
if Objects<>nil then LocalFree(Cardinal(Objects));
end;
LocalFree(Cardinal(ProcessInfoTable));

这种方法只能使用于WIN2K以后的系统。98一下是不能使用的！

又是一个不结分的！！！郁闷呀！

会给分的,还可以多给你50分,但是的你代码考过去之后,运行不了呀,老大,能不能写个demo发给我, smiledayly@163.com

晕拣现成的呀要

我没有办法了，我给你的代码是得到端口的核心部分，直接拷过去是运行不了的。你先将这部分的内容理解了，其它的就好作了。
DEMO我有但是我觉得最好你还是自己理解比较好。

给我demo吧,跟踪一下运行情况会更快理解,谢谢