WINSOCK TRACER -------------- Winsock Tracer is a freeware utility that lets you trace Winsock 2 calls. Winsock Tracer gives you an idea of how applications use Winsock 2. You can trace any application that uses Winsock 2, for example, Netscape, Outlook Express, Napster or your own applications. Winsock Tracer creates a logfile containing information such as function names, arguments and return values. Winsock Tracer is Windows 95/98/ME/NT/2000 compatible. HOW IT WORKS ------------ When an application uses network communication the Winsock 2 dll, ws2_32.dll will load. The application will first try to load it in its directory, if it's not found, it will find it in the system directory. The following diagram shows how telnet.exe loads the ws2_32.dll that resides in the system directory. -------------------------------- | Application | | c:\windows\telnet.exe | -------------------------------- | V -------------------------------- | System Winsock2 dll | | c:\windows\system\ws2_32.dll | -------------------------------- Winsock Tracer installs a dll named ws2_32.dll into the application directory. When an application uses network communication, it will find and load this dll before the system dll. All calls made to the Winsock Tracer dll is logged and forwarded to the system dll. In the following example Winsock Tracer has been installed into the windows directory, and intercepts calls from telnet.exe. -------------------------------- | Traced Application | | c:\windows\telnet.exe | -------------------------------- | V -------------------------------- | Winsock Tracer dll | | c:\windows\ws2_32.dll | -------------------------------- | V -------------------------------- | System Winsock2 dll | | c:\windows\system\ws2_32.dll | -------------------------------- INSTALL ------- Installing the Winsock Tracer is a simple procedure. 1. Choose an application that you'd like to trace. Find the directory where its .exe file is located. This directory is hereafter called the "installation directory". For example, if you'd like to trace Internet Explorer, its .exe file might be located in "C:\Program\Internet Explorer\" which is the installation directory. 2. Double click the winsocktracer.zip file. You should see a number of files in the zip window. (If you don't have a zip extractor, please download Winzip at http://www.winzip.com/). 3. Extract the necessary files from the winsocktracer.zip into the installation directory. The necessary files are: 1. ws2_32.dll, 2. winsocktracerconfig.txt and 3. winsockttraceruninstaller.exe. The installation is now finished. When you start the application in the installation directory it will load the ws2_32.dll instead of the dll with the same name in the system directory. A log will be created when the application uses the winsocktracer dll. Please read the rest of the manual. UNINSTALL --------- Run the winsocktraceruninstaller.exe in the installation directory and follow the instructions. THE CONFIGURATION FILE ---------------------- One of the files in the installation directory is the configuration file. This file is named winsocktracerconfig.txt. You can make changes to the configuration file if you like, but the default configuration will probably do for most users. There are two parameters in the configuration file: SYSTEM_DLL This optional parameter points out the dll that Winsock Tracer calls to carry out the real Winsock functionality. The ws2_32.dll from the system directory is loaded if this parameter is not set. TRACE_ENABLED This parameter tells the Winsock Tracer dll if processes are allowed to use it. If set to 0 no process is allowed to load and call functions in the Winsock Tracer dll. This parameter is set to 0 during uninstall since the Winsock Tracer can only be deleted when no process is using it. The default value of this parameter is 1. EXAMPLES -------- Tracing Internet Explorer 1. Find the Internet Explorer directory. Suppose the IExplorer.exe file is located in "C:\Program\Internet Explorer\". 2. Extract ws2_32.dll, winsocktracerconfig.txt and winsockttraceruninstaller.exe in that directory. 3. Shut down Internet Explorer if it is running. 4. Start Internet Explorer. 5. Surf around to a few sites. 6. A directory called winsocktraces should be created under "C:\Program\Internet Explorer\". The traces will be located in the winsocktraces directory. Tracing Napster [to be done.] THE LOGFILE ----------- A sub directory named "winsocktraces" will be created under the directory of the traced application. In the "winsocktraces" directory the logfiles will be created. The logfile is named applicationname_processid.txt. E.g. Winsock Tracer is installed under c:\windows. Telnet.exe is executed. The logfile c:\windows\winsocktraces\telnet.exe_ff08adbf.txt is then created. The structure of the logfile is enter functionheader (arguments) ThreadID exit functionheader (arguments)=return value ThreadID This is an example from a logfile where the entrance/exit to the connect function was logged enter int connect( SOCKET s, const struct sockaddr FAR * name, int namelen ) (740, 83eb0, 16) Thread ID: 538 exit int connect( SOCKET s, const struct sockaddr FAR * name, int namelen ) (740, 83eb0, 16) = -1 Thread ID: 538 MISCELLANEOUS ------------- ws2_32.dll - Winsock Tracer uses this dll to intercept calls to the system Winsock2 dll. winsocktracerconfig.txt - This is the configuration file for Winsock Tracer. winsocktraceruninstall.exe - This application uninstalls Winsock Tracer. manual.txt - This file. TROUBLE SHOOTING ---------------- Windows 95 Users Winsock Tracer intercepts Winsock2 calls, this library is by default not included with Windows 95. Please download and install Microsoft's Winsock 2 update for Windows 95, download it from here: http://www.microsoft.com/Windows95/downloads/contents/WUAdminTools/S_WUNetworkingTools/W95Sockets2/Default.asp CONTACT INFORMATION ------------------- If you have questions or comments, please contact sureshot@bysoft.se http://sureshot.virtualave.net/