Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

Snooping on winsock calls

I want to intercept another application's calls to various winsock functions.  Specifically I want to know what is being communicated between the client and server.  So ideally I'd like to be able to see the parameters to the send and receive functions for a given application.  It is important to note I did not write the application I want to snoop on.  It is a win32 program.  But I need to learn how it communicates so my app can be compatible.  I have no idea how to do this.  Any ideas?

A program able to do this would be just as helpful.  but so far the only program I can find to do this is TracePlus95.  I do not have a spare $150.
0
LukeSkywalker
Asked:
LukeSkywalker
1 Solution
 
tflaiCommented:
There are several ways that can be done to intersect TCP/UDP communication:
1.  DLL replacement on WINSOCK32.DLL.  Easy but may not be a safe way to do it:  http://www.macam98.ac.il/vmis/wspy.htm
2.  DLL injection technique using Win32 Debugger mechanism.  Take a look at the product provided at:  http://www.win-tech.com/toolkit.htm
3.  Hook MSTCP at VxD level using TDI-client interface.  There is an example provided in VToolsD called HOOKTDI:  http://www.vireo.com
4.  Write a network snooper using a promiscuous NDIS protocol driver that binds to all the adapters.  Difficult as you have to filter out all the different packet headers, DIX, 802.3, etc.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Tackle projects and never again get stuck behind a technical roadblock.
Join Now