Solved

intercepting winsock

Posted on 1998-01-29
8
470 Views
Last Modified: 2013-12-03
I need to do something as Socket Spy 32.
I want my program to start an application and
then intercept all winsock calls.
How can I do that?

0
Comment
Question by:jct052097
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 2

Expert Comment

by:anichini
ID: 1410608
Matt Pietrek did something similar in Microsoft System's Journal Volume 12 Number 9 (September 1997), where he wrote something that could spy the wininet.dll. Check out the Under the Hood article. Perhaps the techniques he uses there are applicable to winsock.

0
 
LVL 4

Expert Comment

by:tflai
ID: 1410609
You can write a Winsock Helper kernel-mode driver that will act as an intermediate driver between Winsock and MSTCP protocol driver.  There is an example in the NT's DDK.  Why do you want to go through all that trouble and actually intercept all Winsock calls.  If you just want to monitor Winsock calls, probably anichini's proposed approach would do.
0
 
LVL 1

Author Comment

by:jct052097
ID: 1410610
MSCTCP protocol?
where I can find NT's DDK? it's free?
what's anichini proposed approach? where I can find it?

do you know wether Socket Spy 32 uses a Winsock Helper kernel-mode driver?

0
 
LVL 1

Author Comment

by:jct052097
ID: 1410611
MSCTCP protocol?
where I can find NT's DDK? it's free?

where I can find the Microsoft System's Journal?

do you know wether Socket Spy 32 uses a Winsock Helper kernel-mode driver?

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Expert Comment

by:tflai
ID: 1410612
MSTCP protocol driver - Microsoft TCP/IP Protocol driver.
NTDDK - Device Driver Kit, get it by subscripting to MSDN.
Microsoft System's Journal - MSJ, on-shelf magazine.
I've looked at Socket Spy 32, it looks like that it uses API spy technique rather than using kernel-mode driver.  It can only monitor IP traffic of applications that were launched from within the program.  A kernel-mode intermediate driver would be able to monitor/intercept any IP traffic.
0
 
LVL 1

Author Comment

by:jct052097
ID: 1410613
Not really.
Socket Spy 32 receives the winsock data, look for
a pattern, change for another and then send
the modifed data to the application.

I am just like in the beginning.
I don't know how to monitor and if possible intercept winsock
data for a single application.
Where I can find the microsoft system journal?


0
 
LVL 2

Accepted Solution

by:
AlFa earned 50 total points
ID: 1410614
Get the code of TCPDUMP command of freeBSD (it's unix but sockets have the same philosophy) and do something with it.
You can also get a win tcpdump in a hacker site (do not repeat it!)
0
 
LVL 2

Expert Comment

by:AlFa
ID: 1410615
Sorry I 've just sent a comment. what did my mouse has done!..
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Visual Fox Pro commands 15 39
SQL to ElasticSearch Query 1 577
Should CArray be used for a list of pointers in C++? 19 97
Trouble with References... 5 42
In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now