How does netstat know the number of bytes received and sent?

I want to create a simple application that displays the number of bytes downloaded and uploaded. I noticed that netstat does just that (when using the -e switch):

How does netstat knows this information, does it call a Windows API function or something?

Solution

Netstat uses¹ the IP Helper API, which is a part of the Core Windows networking API. Running dumpbin /imports on netstat produces: (snipped for brevity)

IPHLPAPI.DLL
         140007000 Import Address Table
         1400080A0 Import Name Table
                 0 time date stamp
                 0 Index of first forwarder reference

                      A3 InternalGetBoundTcp6EndpointTable
                      A4 InternalGetBoundTcpEndpointTable
                      C2 InternalGetUdpTableWithOwnerModule
                      B5 InternalGetTcp6Table2
                      B9 InternalGetTcpTable2
                      B6 InternalGetTcp6TableWithOwnerModule
                      BB InternalGetTcpTableWithOwnerModule
                      BE InternalGetUdp6TableWithOwnerModule
                      80 GetUdpStatisticsEx
                      64 GetIpStatisticsEx
                      4D GetIcmpStatisticsEx
                      7A GetTcpStatisticsEx

The last 4 IP Helper functions are the ones you're interested in. GetUdpStatisticsEx, GetIpStatisticsEx, GetIcmpStatisticsEx and GetTcpStatisticsEx

_{¹This is the most likely answer to the question, but for completeness netstat also imports QueryPerformanceCounter which it might be using to produce the output. Without the source code for netstat, there's no way to know with 100% certainty.}