|
|
|
|
SocketSpy основан на функциях поддрежки написания дебаггеров Win32 API, однако, если тестируемый процесс желает знать о наличии дебаггера, SocketSpy может заблокировать этот запрос. Кроме того утилита дает возможность работать с памятью тестируемого процесса, устанавливать и отменять дополнительные точки останова (breakpoints). Демо версии не позволяет работать с SNMPAPI, ICMP, NETAPI32 и операциями ввода вывода, она бесплатна и может распространяться свободно. Контактная информация. |
Пример лог файла:
Использание тельнета для операции с портом 43 (whois) и сохранением результатов
в файл (host: whois.internic.org,
port: 43, telnet log file: telnet.log)
Breakpoint @ WSAStartup (0x776BA917). Thread ID: 0x000000C8, WinSock
Breakpoint @ gethostbyname (0x776B4BFA). Thread ID: 0x000000C8, WinSock
Param: whois.internic.org
Breakpoint @ CreateFileA (0x77F107ED). Thread ID: 0x000000C8, KERNEL32
Param1: C:\WINNT40\System32\drivers\etc\hosts
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 0012F510 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ socket (0x776B9BF7). Thread ID: 0x000000C8, WinSock
Param1: PF_INET
Param2: SOCK_STREAM
Param3: 0
Breakpoint @ bind (0x776B94C6). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: (Socket=2, Port=0, IP=0.0.0.0)
Param3: 16
Breakpoint @ connect (0x776B9548). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: (Socket=2, Port=43, IP=198.41.0.6)
Param3: 16
Breakpoint @ WSAAsyncSelect (0x776B91CD). Thread ID: 0x000000C8, WinSock
Breakpoint @ CreateFileW (0x77F1085E). Thread ID: 0x000000C8, KERNEL32
Param1: C:\WINNT40\System32\shell32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CreateFileW (0x77F1085E). Thread ID: 0x000000C8, KERNEL32
Param1: C:\WINNT40\system32\SHELL32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CreateFileW (0x77F1085E). Thread ID: 0x000000C8, KERNEL32
Param1: C:\WINNT40\Explorer.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ NetpGetComputerName (0x7780115F). Thread ID: 0x000000C8, NETAPI
Breakpoint @ NetApiBufferAllocate (0x778011A6). Thread ID: 0x000000C8, NETAPI
Param1: 32 (size in bytes)
Param2: 0x0012DB38 (pointer to buffer)
Breakpoint @ NetShareEnum (0x778030A9). Thread ID: 0x000000C8, NETAPI
Breakpoint @ NetpNtStatusToApiStatus (0x77801012). Thread ID: 0x000000C8, NETAPI
Breakpoint @ NetpNtStatusToApiStatus (0x77801012). Thread ID: 0x000000C8, NETAPI
Breakpoint @ CreateFileW (0x77F1085E). Thread ID: 0x000000C8, KERNEL32
Param1: C:\WINNT40\system32\SHELL32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CreateFileW (0x77F1085E). Thread ID: 0x000000C8, KERNEL32
Param1: E:\PROJECTS\SocketSpy\Release\telnet.log
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CreateFileA (0x77F107ED). Thread ID: 0x000000C8, KERNEL32
Param1: E:\PROJECTS\SocketSpy\Release\telnet.log
Param2: GENERIC_WRITE
Param3: FILE_SHARE_READ
Param4: 00000000 (lpSecurityAttributes)
Param5: CREATE_ALWAYS
Param6: 00000000 (Flags)
Param7: 00000000 (Template)
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 64
Param3: 1
Param4: 0 (flags)
64 d
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6F
Param3: 1
Param4: 0 (flags)
6F o
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6D
Param3: 1
Param4: 0 (flags)
6D m
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 61
Param3: 1
Param4: 0 (flags)
61 a
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 69
Param3: 1
Param4: 0 (flags)
69 i
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6E
Param3: 1
Param4: 0 (flags)
6E n
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 20
Param3: 1
Param4: 0 (flags)
20
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6D
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6F
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 73
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 61
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 69
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 64
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 2E
Param3: 1
Param4: 0 (flags)
2E .
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 63
Param3: 1
Param4: 0 (flags)
6E n
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6F
Param3: 1
Param4: 0 (flags)
65 e
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6D
Param3: 1
Param4: 0 (flags)
74 t
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 0D 0A
Param3: 2
Param4: 0 (flags)
0D 0A ..
Breakpoint @ recv (0x776B7B1B). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 0x00149458
Param3: 4096
Param4: 0 (flags)
Breakpoint after recv (0x02541F2A). Thread ID: 0x000000C8
Bytes received: 601
0A 57 68 6F 69 73 20 53 65 72 76 65 72 20 56 65 .Whois Server Ve
72 73 69 6F 6E 20 31 2E 33 0A 0A 44 6F 6D 61 69 rsion 1.3..Domai
6E 20 6E 61 6D 65 73 20 69 6E 20 74 68 65 20 2E n names in the .
63 6F 6D 2C 20 2E 6E 65 74 2C 20 61 6E 64 20 2E com, .net, and .
6F 72 67 20 64 6F 6D 61 69 6E 73 20 63 61 6E 20 org domains can
6E 6F 77 20 62 65 20 72 65 67 69 73 74 65 72 65 now be registere
64 0A 77 69 74 68 20 6D 61 6E 79 20 64 69 66 66 d.with many diff
65 72 65 6E 74 20 63 6F 6D 70 65 74 69 6E 67 20 erent competing
72 65 67 69 73 74 72 61 72 73 2E 20 47 6F 20 74 registrars. Go t
6F 20 68 74 74 70 3A 2F 2F 77 77 77 2E 69 6E 74 o http://www.int
65 72 6E 69 63 2E 6E 65 74 0A 66 6F 72 20 64 65 ernic.net.for de
74 61 69 6C 65 64 20 69 6E 66 6F 72 6D 61 74 69 tailed informati
6F 6E 2E 0A 0A 20 20 20 44 6F 6D 61 69 6E 20 4E on... Domain N
61 6D 65 3A 20 58 58 58 58 58 58 2E 4E 45 54 0A ame: XXXXXX.NET.
20 20 20 52 65 67 69 73 74 72 61 72 3A 20 4E 45 Registrar: NE
54 57 4F 52 4B 20 53 4F 4C 55 54 49 4F 4E 53 2C TWORK SOLUTIONS,
20 49 4E 43 2E 0A 20 20 20 57 68 6F 69 73 20 53 INC.. Whois S
65 72 76 65 72 3A 20 77 68 6F 69 73 2E 6E 65 74 erver: whois.net
77 6F 72 6B 73 6F 6C 75 74 69 6F 6E 73 2E 63 6F worksolutions.co
6D 0A 20 20 20 52 65 66 65 72 72 61 6C 20 55 52 m. Referral UR
4C 3A 20 68 74 74 70 3A 2F 2F 77 77 77 2E 6E 65 L: http://www.ne
74 77 6F 72 6B 73 6F 6C 75 74 69 6F 6E 73 2E 63 tworksolutions.c
6F 6D 0A 20 20 20 4E 61 6D 65 20 53 65 72 76 65 om. Name Serve
72 3A 20 4E 53 32 2E 58 58 58 58 58 58 2E 4E 45 r: NS2.XXXXXX.NE
54 0A 20 20 20 4E 61 6D 65 20 53 65 72 76 65 72 T. Name Server
3A 20 4E 53 31 2E 4D 4F 53 41 49 44 2E 43 4F 4D : NS1.XXXXXX.NET
0A 20 20 20 55 70 64 61 74 65 64 20 44 61 74 65 . Updated Date
3A 20 31 39 2D 6A 61 6E 2D 32 30 30 32 0A 0A 0A : 19-jan-2002...
3E 3E 3E 20 4C 61 73 74 20 75 70 64 61 74 65 20 >>> Last update
6F 66 20 77 68 6F 69 73 20 64 61 74 61 62 61 73 of whois databas
65 3A 20 53 75 6E 2C 20 37 20 4A 75 6C 20 32 30 e: Sun, 7 Jul 20
30 32 20 31 36 3A 34 38 3A 34 34 20 45 44 54 20 02 16:48:44 EDT
3C 3C 3C 0A 0A 54 68 65 20 52 65 67 69 73 74 72 <<<..The Registr
79 20 64 61 74 61 62 61 73 65 20 63 6F 6E 74 61 y database conta
69 6E 73 20 4F 4E 4C 59 20 2E 43 4F 4D 2C 20 2E ins ONLY .COM, .
4E 45 54 2C 20 2E 4F 52 47 2C 20 2E 45 44 55 20 NET, .ORG, .EDU
64 6F 6D 61 69 6E 73 20 61 6E 64 0A 52 65 67 69 domains and.Regi
73 74 72 61 72 73 2E 0A 0A strars...
Breakpoint @ closesocket (0x776BA02B). Thread ID: 0x000000C8, WinSock
Param: 96 (socket)