winsock example code

[zamolx32]

Hi nildo and madshi,

A while ago I was requesting for your help in order to build a small personal application based on madCollection. It's an application sniffer that will allow you to see what data is sent/received.

I have promised to post the application here when it's done.
Well, I have a build of the application. It's not done yet but it's not much left.

http://www.blad3.ro/down_appsniff.php

If you feel like it take a look and let me know what do you think.
Thanks again for all your help and keep up the good work.

I will post the source code when it's done.

madCollection rocks

[madshi]

I think the source code might help other WinSock interested programmers. So thanks for that in advance!

[Claes]

Hi zamolx!

I've downloaded your app. And it's very, very cool!! Many thanks for posting this. And I can't wait to see the source code!

One little thing that could be nice was to be able to clear the treeview at left without having to exit the program.

[zamolx32]

Hi Claes,

Thanks for the feedback,

Well, it's possible to clear the treeview.
There is a button called "Clear connections".

I'm moving right now (changing cities and stuff) and I don't have enough time to finish the tool but as soon as I find some free time will finish it and publish the source code. Will post here when the source code is available.

[Claes]

Thanks, I missed that button... Perfect!

[zamolx32]

Ok, uploaded the current source code on www.blad3.ro in case some people are interested. In order to build that source you need to install a some components such as VirtualTreeView (for the great treeview component) , pcre (for regular expressions), delphi fundamentals, and some others.

[c78]

This is very nice and is a great example on how to use codeHook.

Thanks!

[madshi]

Yes, looks quite nice!

Btw, where did you get those icons from? Are they freeware?

[zamolx32]

Mostly from Office applications (Word, Outlook, ...).
I don't think Microsoft would mind

Edit: BTW, do you know some cool freeware icons ? I wasn't able to find some good ones.

[denisb]

Hey zamolx32, madshi
I am too trying to write a traffic analyzer/personal firewall/you name it!!
aka winsock hook app and I found something interesting. Namely there are differences in my app's behaviour whether I hook ws2_32.dll or WSOCK32.dll

My approach is to filter traffic in the user gui app by using an IPC message sent from the DLL to the app and waiting for a reply from the app. - as madshi suggested

From the tries I undertook so far I got some very awkward results. Periodically IE crashes when hooked although I am only displaying the packet content in my app and returning a PASS action to the packet.
If I hook ws2_32.dll i get the result abouve mentioned. If I hook wsock32.dll, strangely enough the crashes seem to apear less often.

I think there is a different approach in how ws2_32.dll and wsock32.dll work even though they export the same functions. I'm not really sure when is one used and when another.

So far, I'll stick to hooking wsock32.dll rather than ws2_32.dll
That's because I want to do packet filtering at the user level, not the dll level. First thing is because at user level I can change the filter rule list with much more flexibility (only one place to update) whereas in the DLL, i'd have to load the latest version of the traffic filter rules list everytime a filter should occur. And that's slow.

[madshi]

Edit: BTW, do you know some cool freeware icons ? I wasn't able to find some good ones.

If your software is non-commercial and open source, then you can use all those GPL icons, e.g. "novula". It gets much more difficult, if you software is commercial...

[madshi]

From the tries I undertook so far I got some very awkward results. Periodically IE crashes when hooked although I am only displaying the packet content in my app and returning a PASS action to the packet.

Check out zamolx32's project or the firewall project (linked in another thread here in the forum). Both seem to be stable. Don't know why your project has stability problems. It's impossible to say without analyzing your code.

[zamolx32]

Hi denisb,

I have also noticed some changes if you hook ws2_32.dll or wsock32.dll.
I suspect some functions from ws2_32.dll are redirecting to wsock32.dll.
At some point I was hooking some functions from ws2_32.dll and others from wsock32.dll Later, after hooking WSAxxx I have hooked only ws2_32.dll.
Not sure it it's the rigth way but seems to be working fine now. It would be very interesting to know what exactly is going on in the background

If somebody from this forum knows more, please enlighten us

Thanks,

[zamolx32]

Madshi, my application is not comercial and will never be.
I needed a small tool for testing inspecting HTTP traffic.
If there are some people interesting in it, I may continue the development as an open source application. Otherwise, it was fun programming it.

Thanks for the hint about the icons

[madshi]

If somebody from this forum knows more, please enlighten us

AFAIK, in XP WinSock 1 internally calls WinSock 2. I think in win9x it's vice versa for some APIs, but I'm not sure myself.

If there are some people interesting in it, I may continue the development as an open source application.

I'd be glad about it. Most questions in the forum are about WinSock hooking. So if there are good "demo" projects, I can stop explaining everything again and again and just point to those projects.