Solved

intercepting winsock

Posted on 1998-01-29
8
469 Views
Last Modified: 2013-12-03
I need to do something as Socket Spy 32.
I want my program to start an application and
then intercept all winsock calls.
How can I do that?

0
Comment
Question by:jct052097
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 2

Expert Comment

by:anichini
Comment Utility
Matt Pietrek did something similar in Microsoft System's Journal Volume 12 Number 9 (September 1997), where he wrote something that could spy the wininet.dll. Check out the Under the Hood article. Perhaps the techniques he uses there are applicable to winsock.

0
 
LVL 4

Expert Comment

by:tflai
Comment Utility
You can write a Winsock Helper kernel-mode driver that will act as an intermediate driver between Winsock and MSTCP protocol driver.  There is an example in the NT's DDK.  Why do you want to go through all that trouble and actually intercept all Winsock calls.  If you just want to monitor Winsock calls, probably anichini's proposed approach would do.
0
 
LVL 1

Author Comment

by:jct052097
Comment Utility
MSCTCP protocol?
where I can find NT's DDK? it's free?
what's anichini proposed approach? where I can find it?

do you know wether Socket Spy 32 uses a Winsock Helper kernel-mode driver?

0
 
LVL 1

Author Comment

by:jct052097
Comment Utility
MSCTCP protocol?
where I can find NT's DDK? it's free?

where I can find the Microsoft System's Journal?

do you know wether Socket Spy 32 uses a Winsock Helper kernel-mode driver?

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Expert Comment

by:tflai
Comment Utility
MSTCP protocol driver - Microsoft TCP/IP Protocol driver.
NTDDK - Device Driver Kit, get it by subscripting to MSDN.
Microsoft System's Journal - MSJ, on-shelf magazine.
I've looked at Socket Spy 32, it looks like that it uses API spy technique rather than using kernel-mode driver.  It can only monitor IP traffic of applications that were launched from within the program.  A kernel-mode intermediate driver would be able to monitor/intercept any IP traffic.
0
 
LVL 1

Author Comment

by:jct052097
Comment Utility
Not really.
Socket Spy 32 receives the winsock data, look for
a pattern, change for another and then send
the modifed data to the application.

I am just like in the beginning.
I don't know how to monitor and if possible intercept winsock
data for a single application.
Where I can find the microsoft system journal?


0
 
LVL 2

Accepted Solution

by:
AlFa earned 50 total points
Comment Utility
Get the code of TCPDUMP command of freeBSD (it's unix but sockets have the same philosophy) and do something with it.
You can also get a win tcpdump in a hacker site (do not repeat it!)
0
 
LVL 2

Expert Comment

by:AlFa
Comment Utility
Sorry I 've just sent a comment. what did my mouse has done!..
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now