You can use GetExtendedUdpTable to find the dwLocalAddr:dwLocalPort to dwOwningPid association and then if necessary call GetOwnerModuleFromUdpEntry with TCPIP_OWNER_MODULE_INFO_BASIC to obtain pModuleName and pModulePath.
According to MSDN and my own test, the information that we can get from MIB_UDPTABLE_OWNER_MODULE or MIB_UDPTABLE_OWNER_PID (We can get those by GetExtendedUdpTable(..., UDP_TABLE_OWNER_MODULE, ...)) is only UDP listener process’s information.
>> The MIB_UDPTABLE_OWNER_PID structure contains the User Datagram Protocol (UDP) listener table for IPv4 on the local computer. The table also includes the process ID (PID) that issued the call to the bind function for each UDP endpoint.
But I need process information that called UDP sendto(). Is there anything that I know wrong?
Although sendto() can be called on unbound socket according MSDN “If the socket is unbound, unique values are assigned to the local association by the system, and the socket is then marked as bound”. So, I suspect that this is equivalent to calling bind explicitly. However, worth to test to ensure.