Socket Spy is the utility which permits you to trap a lot of system calls and check behavior of Windows Application, yours or third party. It works only in NT/2000/XP Window environment and does not works under 95/98/ME. By default it set number of breakpoint on selected system functions from wsock32.dll, icmp.dll (iphlpapi.dll), snmpapi.dll, netapi.dll, mpr.dll and kernel32.dll. These default breakpoints are named as soft breakpoint. When debugged application meets soft breakpoint it sends debug event to Socket Spy and Socket Spy proceeds soft breakpoints by dumping information to user terminal (short form) or save it to log files.
Initial Configuration.
As mentioned above Socket Spy is a debugger which proceed breakpoints set on some system functions. Initial versions of Socket Spy worked only with WSock32.dll functions, but later additional functions from other DLLs were included. Besides additional features were developed, such as setting hard breakpoints (where debugged application stops execution) on any system function, view all DLL modules and their functions, read/write operation with debugged process memory, disassembler of debugged binary code and others. If you works with Numega’s Boundschecker, probably you notice that process of execution is slow down. It happens because Boundschecker spends time for breakpoints proceedings. In the same way execution of debugged process under Socket Spy will be slower as usual, but removing unnecessary soft breakpoints from default soft breakpoint list will give you possibility to proceed only functions you need and make execution faster and user terminal dump and log file shorter. It should be done before you select process for debugging. From Options menu select Default Breakpoint List Config and the following modal dialog will open:

Selection of Default Soft Breakpoints

Selecting appropriate DLL from combobox DLL and using “>>” and “<<” buttons you may move highlighted functions from area with or without soft breakpoints. When configuration has been selected, click on OK button. The new configuration of soft breakpoints will be used for debugged process. Later you may save prepared configuration into the file using File->Save Soft BrkPoint Cfg menu and load it later using File->Load Soft BrkPoint Cfg menu. As well using check boxes on Form View you may enable or disable function trapping of whole DLLs.

Process Selection.
Currently everything is ready to selected debugged process. Click on Select Process button or use File Select Process menu and following modal dialog opens

Process Selection Dialog

You may select new process or debug already running process, using check box Select Already Active Process. By the way new process may be run suspended (check Start Suspended check box). When new process was started as suspended hard breakpoint is taking place on starting point of EXE file. Hard breakpoint dialog will be displayed:

Hard Breakpoint Dialog

At the moment of initial breakpoint you may already set additional hard breakpoint, read/write debugged process memory, look for address of any system function in already loaded DLLs (See Options menu: Edit Breakpoints, Read/Write Process Memory, View Modules, Disassemble EXE module).Now you may continue running debugged process and all detail information about socket, ICMP or file I/O operations (depending on your selection) will be accumulated in LOG text file in ASCII and hex formats. Short presentation will be output on user terminal as indicator that process is running. You may investigate LOG file and receive details about opened file, requested URLs, send or received data to remote server or client. Tool menu has several instruments to simplify LOG file proceeding (Attention: Toll “Generate code from Log file” is not implemented). Examples of log files are included into file.

Running Process Info

Other screen short examples

Reading and writing debugged process memory:

View debugged process modules with find export function options:

Found export functions dialog:


For more detail download SS.ZIP file, unzip it and read MANUAL.DOC file.