Thursday, October 11, 2007

Winsock2 Replacement (ws2_32.dll)

Ok one day i decided try something funny, basically i wrote a winsock2 dll (ws2_32.dll) that will intercept all the calls to the real ws2_32.dll. Sure there are plenty of winsock hooks around town, but a replacement dll? oh come on, it must be a big waste of time, but anyhow i did it.

The advantage of a replacement winsock is obvious for research reasons, for one, it only intercepts whichever application folder that it is running in, without interfering the rest of applications that uses winsock, thus you dont need to filter the logging of other apps.

How was it done?

First i wrote a pre-processor that will preprocess the winsock2 header files including the ws2spi.h from the sdk and churn out a cpp and a def file. These files are then used to create a project.

To use the DLL, just copy the ws2_32.dll to the directory where your application resides.
Eg, c:\temp
Then run your application from there, eg c:\temp\telnet.exe

Depending on what kind of logs you want to see, you can create the following at c:\ before
running the app.

  • c:\winsock2.dll.var (this must be created if u intend to start logging, then content of this file is not important, enter anything)
  • c:\winsock2.dll.log (create this file with any text as the first line, this file will contain logging from the replacement winsock)
  • c:\winsock2.dll.binary.var (create this file with any text as the first line, this file will inform the replacement winsock to also log binary data)

I have used this fun project to intercept and make modifications to some legacy apps running, for eg, some dump apps just insist of listening to port 8888 which some corporate IT admin refuse to forward that port, thus the replacement winsock replace the port to 80 (u get the idea).

You can also use it for eg, to learn about data and protocols, eg put in the firefox folder, or msn messenger...well i guess i leave the rest of the ideas to you.

(* one more thing though, last time i used it was ages ago, before vista came out, so dont ask me for vista version if it doesnt work)

Here, download the complete source code with built binaries of the dll. (no support for this of course, its freeware from me)

codemagnet.winsock2.zip

Have fun!

** Update : See remarks (from Martin) Modified version. (click on the winsock2_getaddrinfo.rar)


20 comments:

  1. i've been looking for this all over the net. thxs!
    -chris hundle

    ReplyDelete
  2. can i have the source to the preprocessor? U can reach me at althckz@yahoo.com. You re a rocking madass

    --------------------------------
    |\/|/\|) |-| | _|_
    --------------------------------

    ReplyDelete
  3. Very very cool! Actually I had been searching for something to patch or update ws2_32.dll because of stupid programs compiled by lazy programmers who expect Windows XP for getaddrinfo() and friends.

    This replacement did the job! I just added the 3 functions getaddrinfo, freeaddrinfo and getnameinfo and compiled the thing on my Windows 2000 system.

    Actually there was a bit more work involved, some of the functions had a missing gpfn_ prefix on the forwarding call and so called themselves recursively, but after fixing that and dropping the .dll into my application folder it now runs perfectly.

    ReplyDelete
  4. Brilliant!

    "it only intercepts whichever application folder that it is running in, without interfering the rest of applications that uses winsock, thus you dont need to filter the logging of other apps."

    This is what I really want! Thank you genius!

    ReplyDelete
  5. Hi, this is very good, will help me in a app why will developer,
    have who i put this dll for all app in one local only?

    send me a mail!
    marco.canopus@terra.com.br

    ReplyDelete
  6. Thenk you!
    Your work very helps me.

    ReplyDelete
  7. Mark,
    you put this dll on whichever folder a particular process (*.exe) resides in that uses winsock

    ReplyDelete
  8. Martin, Springrider
    thanks for the comment, glad it was useful for some.

    ReplyDelete
  9. Unfortunately the link to the original version doesn't work anymore.

    I cleaned up the project a bit, you can download my modified version here: http://martin.brenner.de/files/winsock2_getaddrinfo.rar

    ReplyDelete
  10. thanks Martin, will upload your modified version to this article for others to share too.

    ReplyDelete
  11. hi,

    telnet.exe www.microsft.com 80

    Connecting To www.microsoft.com...Could not open connection to the host, on port
    80.
    The Windows Sockets version requested is not supported.

    OS WIN XP

    ReplyDelete
  12. Hi,

    Have tried this idea in a Windows Vista machine? It seems that proxy is loaded or is not used. The system forces to use the genuine DLL.

    Any idea why? I've been tackling this issue for a long time now. I would really appreciate for any help.

    Thanks

    ReplyDelete
  13. Hi,

    Have you tried this idea in a Windows Vista machine? It seems that proxy DLL is not loaded or is not used. The system forces to use the genuine DLL.

    Any idea why? I've been tackling this issue for a long time now. I would really appreciate for any help.

    Thanks

    ReplyDelete
  14. Hello, i don't know, but can i use this as a replacement for winsock6 in .Net since .net does not have winsock control

    ReplyDelete
  15. I was looking for information on Winsock2 Replacement and before ending in your blog I watched like 10 sites about viagra online, the web is full with that topic. But anyways the info on your site help me very much, thanks for the post and have a nice day.

    ReplyDelete
  16. Those who werentactually holding their genitals were squeezing thighs together. Lee was congratulating himself for having survived that firsttumultuous orgasm intact.
    sexy mom stories
    gange bang sex stories post
    free incest fuck stories
    taboo blowjob stories
    young boys boner sex stories
    Those who werentactually holding their genitals were squeezing thighs together. Lee was congratulating himself for having survived that firsttumultuous orgasm intact.

    ReplyDelete
  17. Thanks for the file!
    Sadly, Apache with IPv6 still doesn't work with Win2k, but the DLL-Errors are gone.

    ReplyDelete
  18. Probably a bit late, but you should have just used wrapit from code projet to generate your dll:

    http://www.codeproject.com/Articles/16541/Create-your-Proxy-DLLs-automatically

    The author of the article even used it to create a winsock dll:

    http://www.codeproject.com/Articles/18888/Proxy-WS2_32-DLL-to-create-your-own-firewall

    ReplyDelete
  19. does not work on windows 10

    ReplyDelete
  20. Probably a bit late, but you should have just used wrapit from code projet to generate your dll:

    http://www.codeproject.com/Articles/16541/Create-your-Proxy-DLLs-automatically

    The author of the article even used it to create a winsock dll:

    http://www.codeproject.com/Articles/18888/Proxy-WS2_32-DLL-to-create-your-own-firewall

    ReplyDelete