SocketSpy has several options, which may be useful not only for socket trapping but as well for other hacking purposes. All these features are collected under the Option menu.


 

It is possible to configure default list of trapping functions presented in initial form view (left list). Trapped functions are marked with asterisk symbols. If you remove all unnecessary functions from Soft Breakpoint list you log file will not be so long and execution of debugged process will be faster. New configuration may be save to the file and loaded later.

 
 

SocketSpy permints to set hard breakpoint to stop execution of debugged process and watch register, memory and stack. Soft breakpoints may be assigned as hard ones as well. Besides it is possible to set breakpoints on any system function, for example from KERNEL32.DLL or USER32.DLL and when this function was called set breakpoint on return address to watch result. See below Modules options, which explains how to find any function start address. When hard breakpoint happens the following not modal dialog will appear.

 
 

Modules option presents all currently loaded modules of debugged process. Doulbe click on any selected line with DLL name and dialog with function names and addresses will be opened. This dialog gives you possibility to find function address and ordinal.





 




 
 

Memory options permits to read/write/find (binary and ASCII sequences) operations with memory of debugged process.