[p2p-hackers] Measure per-application bandwidth in Win32

Alex Pankratov ap at hamachi.cc
Fri Jun 16 15:47:15 UTC 2006


I am not aware of any Win32 API that does what you are asking
for and I would be surprised if there's such functionality.

I can think of three ways of doing what you want though, all
are pretty hacky and fairly complex.

Option (a) is to inject your traffic accounting DLL into each
process using CreateRemoteThread trick (see injLib for details)
and hook send/recv/etc functions. This is not hard to do, but
requires some voodoo magic for taking care of freshly spawned
processes.

Option (b) involves writing TDI driver or doing some sort of
hooking at TDI level. That's I think how TCPView works.

Option (c) is to write generic driver that does NDIS hooking
to get an access to network data at TCP/IP level. You will be
able to trace Send requests back to the calling application,
but you will need to create and maintain the state to deduce
who Receives are for.

Alex

David Barrett wrote:
> Do you know of any way to break down current bandwidth usage by application?
> 
>  
> 
> For example, is there some application like netstat or Sysinternal’s 
> TCPview that not only shows which connections are currently active (and 
> to which processes they belong), but how much bandwidth they are 
> actually using?
> 
>  
> 
> Alternatively, do you know of any Win32 API functions that could be used 
> to write such a utility?
> 
>  
> 
> -david
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences



More information about the P2p-hackers mailing list