The GetOwnerModuleFromTcpEntry function retrieves data about the module that issued the context bind for a specific IPv4 TCP endpoint in a MIB table row.
DWORD GetOwnerModuleFromTcpEntry( PMIB_TCPROW_OWNER_MODULE pTcpEntry, TCPIP_OWNER_MODULE_INFO_CLASS Class, PVOID pBuffer, PDWORD pdwSize );
A pointer to a MIB_TCPROW_OWNER_MODULE structure that contains the IPv4 TCP endpoint entry used to obtain the owner module.
A TCPIP_OWNER_MODULE_INFO_CLASS enumeration value that indicates the type of data to obtain regarding the owner module. The TCPIP_OWNER_MODULE_INFO_CLASS enumeration is defined in the Iprtrmib.h header file.
This parameter must be set to TCPIP_OWNER_MODULE_INFO_BASIC.
The estimated size, in bytes, of the structure returned in Buffer. If this value is set too small, ERROR_INSUFFICIENT_BUFFER is returned by this function, and this field will contain the correct size of the buffer. The size required is the size of the corresponding structure plus an additional number of bytes equal to the length of data pointed to in the structure (for example, the name and path strings).
If the function call is successful, the value NO_ERROR is returned.
If the function fails, the return value is one of the following error codes.
||Insufficient space was allocated for the table. The size of the table is returned in the pdwSize parameter, and must be used in a subsequent call to this function in order to successfully retrieve the table.|
||A parameter is incorrect. This value is returned if either of the pTcpEntry or pdwSize parameters are NULL. This value is also returned if the Class parameter is not equal to TCPIP_OWNER_MODULE_INFO_BASIC.|
||Not enough memory is available to complete the operation.|
||A element was no found. This value is returned if the dwOwningPid member of the MIB_TCPROW_OWNER_MODULE structure pointed to by the pTcpEntry parameter was zero or could not be found.|
||Only part of a request was completed.|
The Buffer parameter contains not only a structure with pointers to specific data, for example, pointers to the zero-terminated strings that contain the name and path of the owner module, but the actual data itself; that is the name and path strings. Therefore, when calculating the buffer size, ensure that you have enough space for both the structure as well as the data the members of the structure point to.
The resolution of TCP table entries to owner modules is a best practice. In a few cases, the owner module name returned in the TCPIP_OWNER_MODULE_BASIC_INFO structure can be a process name, such as "svchost.exe", a service name (such as "RPC"), or a component name, such as "timer.dll".
For computers running on Windows Vista or later, the pModuleName and pModulePath members of the TCPIP_OWNER_MODULE_BASIC_INFO retrieved by GetOwnerModuleFromTcpEntry function may point to an empty string for some TCP connections. Applications that start TCP connections located in the Windows system folder (C:\Windows\System32, by default) are considered protected. If the GetOwnerModuleFromTcpEntry function is called by a user that is not a member of the Administrators group, the function call will succeed but the pModuleName and pModulePath members will point to memory that contains an empty string for the TCP connections started by protected applications.
For computers running on Windows Vista or later, accessing the pModuleName and pModulePath members of the TCPIP_OWNER_MODULE_BASIC_INFO structure is limited by user account control (UAC). If an application that calls this function is executed by a user logged on as a member of the Administrators group other than the built-in Administrator, this call will succeed but access to these members returns an empty string unless the application has been marked in the manifest file with a requestedExecutionLevel set to requireAdministrator. If the application on Windows Vista or later lacks this manifest file, a user logged on as a member of the Administrators group other than the built-in Administrator must then be executing the application in an enhanced shell as the built-in Administrator (RunAs administrator) for access to the protected pModuleName and pModulePath members to be allowed.
|Windows version||Windows Vista, Windows XP with SP2 [desktop apps only] Windows Server 2008, Windows Server 2003 with SP1 [desktop apps only]|