sommainc

Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • in reply to: Which process sent the UDP packet? #11034
    sommainc
    Participant

    Leaving this comment for records.

    Even if you do not explicitly call the bind () function, windows binds the local port dynamically as described in MSDN, so you can find the information in the UDP extended table.

    ref: https://docs.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-sendto

    In previous tests, it was a simple coding mistake that we could not get a PID.
    thanks for your help, Vadim Smirnov 🙂

    in reply to: Which process sent the UDP packet? #11032
    sommainc
    Participant

    According to MSDN and my own test, the information that we can get from MIB_UDPTABLE_OWNER_MODULE or MIB_UDPTABLE_OWNER_PID (We can get those by GetExtendedUdpTable(..., UDP_TABLE_OWNER_MODULE, ...)) is only UDP listener process’s information.

    https://docs.microsoft.com/en-us/windows/win32/api/udpmib/ns-udpmib-_mib_udptable_owner_pid

    >> The MIB_UDPTABLE_OWNER_PID structure contains the User Datagram Protocol (UDP) listener table for IPv4 on the local computer. The table also includes the process ID (PID) that issued the call to the bind function for each UDP endpoint.

    But I need process information that called UDP sendto(). Is there anything that I know wrong?

    thanks.

Viewing 2 posts - 1 through 2 (of 2 total)