Introduction
The main idea of this project was already implemented and presented by some guys around here: using GetTcpTable and GetUdpTable to read connection states of running processes. Yet another thing that is mentioned in this kind of articles are two undocumented APIs from iphlpapi.dll: AllocateAndGetTcpExTableFromStack and AllocateAndGetUdpExTableFromStack. Using these APIs, we can get access to the name of the process that holds the running connection. Unfortunately it does work only with Win2000, WinXP or newer versions.
Description
First of all, I'd like to mention there is something new regarding this subject. Enetstat will allow the user to close any "established" connection using the following API function:
DWORD SetTcpEntry(
PMIB_TCPROW pTcpRow
);
Having an established connection, we can close it using the following state: MIB_TCP_STATE_DELETE_TCB.
MIB_TCPROW sKillConn;
sKillConn.dwLocalAddr = (DWORD)ulLocIP;
sKillConn.dwLocalPort = (DWORD)usLocalPort;
sKillConn.dwRemoteAddr = (DWORD)ulRemIP;
sKillConn.dwRemotePort = (DWORD)usRemPort;
sKillConn.dwState = MIB_TCP_STATE_DELETE_TCB;
DWORD dwRez = SetTcpEntry(&sKillConn);
That's all about it. My piece of code is not described in detail and I suppose there is no need for that as long as we already have a cool and detailed description made by Axel Charpentier.
Well, if you need any good reference about this subject you'll find it here:
Getting active TCP/UDP connections on a box, by Axel Charpentier.
