- 1 year ago
How to block a Connection with information given by GetExtendedTcpTable with c++?
Comment
1 / 1
You can block a connection using the information provided by the GetExtendedTcpTable
function in C++ by using the DeleteTcpEntry
function provided by the Windows API. Here's an example of how to do this:
c++#include <windows.h>
#include <iphlpapi.h>
#pragma comment(lib, "iphlpapi.lib")
int main()
{
MIB_TCPTABLE_OWNER_PID* pTcpTable;
DWORD dwSize = 0;
DWORD dwRetVal = 0;
// Get the TCP connection table
dwRetVal = GetExtendedTcpTable(NULL, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if (dwRetVal != ERROR_INSUFFICIENT_BUFFER)
{
// Handle error
return 1;
}
pTcpTable = (MIB_TCPTABLE_OWNER_PID*)malloc(dwSize);
if (pTcpTable == NULL)
{
// Handle error
return 1;
}
dwRetVal = GetExtendedTcpTable(pTcpTable, &dwSize, TRUE, AF_INET, TCP_TABLE_OWNER_PID_ALL, 0);
if (dwRetVal != NO_ERROR)
{
// Handle error
free(pTcpTable);
return 1;
}
// Block connections to port 80
for (DWORD i = 0; i < pTcpTable->dwNumEntries; i++)
{
if (pTcpTable->table[i].dwRemotePort == htons(80))
{
DeleteTcpEntry(&pTcpTable->table[i]);
}
}
// Clean up
free(pTcpTable);
return 0;
}
In this example, the GetExtendedTcpTable
function is used to get the TCP connection table, and the DeleteTcpEntry
function is used to delete connections to port 80. The MIB_TCPTABLE_OWNER_PID
structure is used to represent the TCP connection table, which includes information about the local and remote IP addresses, ports, and process IDs for each connection.
Note that deleting a TCP connection can have unintended consequences, so use this approach with caution.