======================================================================== DYNAMIC LINK LIBRARY : winsock2 ======================================================================== /* Copyright 2006, Marcus Low of Malaysia. Use at your own risk, using all related sources in this project signifies that you agree that you will be using these sources without any warranty from the author for whatsoever event/damage/reason. Work provided here is as is. */ --------------------------------------------------------------------------------------------------------------- Added/Fixed by Martin Brenner 12-Feb-2008 I modified the project to include a fix for missing getaddrinfo() functions in pre-WindowsXP versions. I just added the 3 functions getaddrinfo, freeaddrinfo and getnameinfo and compiled the thing on my Windows 2000 system. Some of the system call functions in winsock2.out.cpp had missing gpfn_ prefix on the forwarding call and so called themselves recursively crashing any application using these system calls. I changed In addrinfo.cpp: This module is new and contains code for the new DLL entry points getaddrinfo, getnameinfo and freeaddrinfo. Microsoft changed these to true DLL entries in Windows XP while there were just linktime functions previously. They are the reason why applications compiled under Windows XP usually don't run on Windows 2000 because these entry points are missing in the Windows 2000 version of ws2_32.dll. It is important to compile this project under Windows 2000 or specify the correct Windows version as preprocessor directive so that the linktime version is compiled in. In winsock2.out.def: Rearranged the entries by offset in order to see missing numbers. Then the 3 missing entries were added: freeaddrinfo @97 getaddrinfo @98 getnameinfo @99 In winsock2.out.cpp: L 1039 < SPYCALL(WSADuplicateSocketA, 3 ) > SPYCALL(g_pfnWSADuplicateSocketA, 3 ) L 1084 < SPYCALL(WSAEnumProtocolsA, 3 ) > SPYCALL(g_pfnWSAEnumProtocolsA, 3 ) L 1419 < SPYCALL(WSASocketA, 6 ) > SPYCALL(g_pfnWSASocketA, 6 ) L 1471 < SPYCALL(WSAAddressToStringA, 5 ) > SPYCALL(g_pfnWSAAddressToStringA, 5 ) L 1504 < SPYCALL(WSAStringToAddressA, 5 ) > Log("WSAStringToAddressA %d\n", AddressString); > SPYCALL(g_pfnWSAStringToAddressA, 5 ) L 1538 < SPYCALL(WSALookupServiceBeginA, 3 ) > SPYCALL(g_pfnWSALookupServiceBeginA, 3 ) L 1568 < SPYCALL(WSALookupServiceNextA, 4 ) > SPYCALL(g_pfnWSALookupServiceNextA, 4 ) L 1631 < SPYCALL(WSAInstallServiceClassA, 1 ) > SPYCALL(g_pfnWSAInstallServiceClassA, 1 ) L 1673 < SPYCALL(WSAGetServiceClassInfoA, 4 ) > SPYCALL(g_pfnWSAGetServiceClassInfoA, 4 ) L 1702 < SPYCALL(WSAEnumNameSpaceProvidersA, 2 ) > SPYCALL(g_pfnWSAEnumNameSpaceProvidersA, 2 ) L 1730 < SPYCALL(WSAGetServiceClassNameByClassIdA, 3 ) > SPYCALL(g_pfnWSAGetServiceClassNameByClassIdA, 3 ) L 1759 < SPYCALL(WSASetServiceA, 3 ) > SPYCALL(g_pfnWSASetServiceA, 3 ) After fixing that and dropping the .dll into my "WinXP only" application folder it now runs perfectly. --------------------------------------------------------------------------------------------------------------- The following is the announcement of the library on codemagnet: Thursday, October 11, 2007 Winsock2 Replacement (ws2_32.dll) Ok one day i decided try something funny, basically i wrote a winsock2 dll (ws2_32.dll) that will intercept all the calls to the real ws2_32.dll. Sure there are plenty of winsock hooks around town, but a replacement dll? oh come on, it must be a big waste of time, but anyhow i did it. The advantage of a replacement winsock is obvious for research reasons, for one, it only intercepts whichever application folder that it is running in, without interfering the rest of applications that uses winsock, thus you dont need to filter the logging of other apps. How was it done? First i wrote a pre-processor that will preprocess the winsock2 header files including the ws2spi.h from the sdk and churn out a cpp and a def file. These files are then used to create a project. To use the DLL, just copy the ws2_32.dll to the directory where your application resides. Eg, c:\temp Then run your application from there, eg c:\temp\telnet.exe Depending on what kind of logs you want to see, you can create the following at c:\ before running the app. * c:\winsock2.dll.var (this must be created if u intend to start logging, then content of this file is not important, enter anything) * c:\winsock2.dll.log (create this file with any text as the first line, this file will contain logging from the replacement winsock) * c:\winsock2.dll.binary.var (create this file with any text as the first line, this file will inform the replacement winsock to also log binary data) I have used this fun project to intercept and make modifications to some legacy apps running, for eg, some dump apps just insist of listening to port 8888 which some corporate IT admin refuse to forward that port, thus the replacement winsock replace the port to 80 (u get the idea). You can also use it for eg, to learn about data and protocols, eg put in the firefox folder, or msn messenger...well i guess i leave the rest of the ideas to you. (* one more thing though, last time i used it was ages ago, before vista came out, so dont ask me for vista version if it doesnt work) Here, download the complete source code with built binaries of the dll. (no support for this of course, its freeware from me) codemagnet.winsock2.zip Have fun!