intercepting winsock

I need to do something as Socket Spy 32.
I want my program to start an application and
then intercept all winsock calls.
How can I do that?

LVL 1
jct052097Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

anichiniCommented:
Matt Pietrek did something similar in Microsoft System's Journal Volume 12 Number 9 (September 1997), where he wrote something that could spy the wininet.dll. Check out the Under the Hood article. Perhaps the techniques he uses there are applicable to winsock.

0
tflaiCommented:
You can write a Winsock Helper kernel-mode driver that will act as an intermediate driver between Winsock and MSTCP protocol driver.  There is an example in the NT's DDK.  Why do you want to go through all that trouble and actually intercept all Winsock calls.  If you just want to monitor Winsock calls, probably anichini's proposed approach would do.
0
jct052097Author Commented:
MSCTCP protocol?
where I can find NT's DDK? it's free?
what's anichini proposed approach? where I can find it?

do you know wether Socket Spy 32 uses a Winsock Helper kernel-mode driver?

0
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

jct052097Author Commented:
MSCTCP protocol?
where I can find NT's DDK? it's free?

where I can find the Microsoft System's Journal?

do you know wether Socket Spy 32 uses a Winsock Helper kernel-mode driver?

0
tflaiCommented:
MSTCP protocol driver - Microsoft TCP/IP Protocol driver.
NTDDK - Device Driver Kit, get it by subscripting to MSDN.
Microsoft System's Journal - MSJ, on-shelf magazine.
I've looked at Socket Spy 32, it looks like that it uses API spy technique rather than using kernel-mode driver.  It can only monitor IP traffic of applications that were launched from within the program.  A kernel-mode intermediate driver would be able to monitor/intercept any IP traffic.
0
jct052097Author Commented:
Not really.
Socket Spy 32 receives the winsock data, look for
a pattern, change for another and then send
the modifed data to the application.

I am just like in the beginning.
I don't know how to monitor and if possible intercept winsock
data for a single application.
Where I can find the microsoft system journal?


0
AlFaCommented:
Get the code of TCPDUMP command of freeBSD (it's unix but sockets have the same philosophy) and do something with it.
You can also get a win tcpdump in a hacker site (do not repeat it!)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlFaCommented:
Sorry I 've just sent a comment. what did my mouse has done!..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.