The advantage of a replacement winsock is obvious for research reasons, for one, it only intercepts whichever application folder that it is running in, without interfering the rest of applications that uses winsock, thus you dont need to filter the logging of other apps.
How was it done?
First i wrote a pre-processor that will preprocess the winsock2 header files including the ws2spi.h from the sdk and churn out a cpp and a def file. These files are then used to create a project.
To use the DLL, just copy the ws2_32.dll to the directory where your application resides.
Then run your application from there, eg c:\temp\telnet.exe
Depending on what kind of logs you want to see, you can create the following at c:\ before
running the app.
- c:\winsock2.dll.var (this must be created if u intend to start logging, then content of this file is not important, enter anything)
- c:\winsock2.dll.log (create this file with any text as the first line, this file will contain logging from the replacement winsock)
- c:\winsock2.dll.binary.var (create this file with any text as the first line, this file will inform the replacement winsock to also log binary data)
I have used this fun project to intercept and make modifications to some legacy apps running, for eg, some dump apps just insist of listening to port 8888 which some corporate IT admin refuse to forward that port, thus the replacement winsock replace the port to 80 (u get the idea).
You can also use it for eg, to learn about data and protocols, eg put in the firefox folder, or msn messenger...well i guess i leave the rest of the ideas to you.
(* one more thing though, last time i used it was ages ago, before vista came out, so dont ask me for vista version if it doesnt work)
Here, download the complete source code with built binaries of the dll. (no support for this of course, its freeware from me)
** Update : See remarks (from Martin) Modified version. (click on the winsock2_getaddrinfo.rar)