[C#]Get the process a packet was sent by

Home Forums Discussions Support Portal [C#]Get the process a packet was sent by

Tagged: , , ,

This topic contains 1 reply, has 2 voices, and was last updated by  Vadim Smirnov 6 months, 2 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #9643

    ZiJer
    Participant

    Is there a way to get the process that sent the intercepted packet?
    (I use some code from C# PassThru example)

    #9644

    Vadim Smirnov
    Moderator

    Normally I’d use IP Helper API for this purpose. For the TCP protocol it can be done with the following steps:
    1) Use GetExtendedTcpTable and GetOwnerModuleFromTcpEntry to build the mapping from the local (IP address, TCP port) to process executable.
    2) Extract IP and port information from the packet and use the mapping built on previous step to look up the process executable.
    3) Update the mapping periodically or when you can’t lookup process for the certain packet.

    For the UDP just use GetExtendedUdpTable and GetOwnerModuleFromUdpEntry instead.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.