Toolkit for Hooking WinSock API calls

Due to the popularity of the WinTECH Software Socket Spy Applications, we have received so many requests for source code examples, that we have put together the following toolkit for developers. For anyone contemplating the design of a Windows application which would monitor and perhaps change data passed in to and out of a network application, the source code contained therein will cut days and possibly weeks off your development schedule. While the techniques used in the Adapt-a-Spy toolkit are not difficult to understand, they do demonstrate several seldom-used features of the operating system which would require a significant investment in time to figure out otherwise. For most programmers, a couple of lines of working code is more valuable than half a CD of Microsoft documentation.

The Adapt-a-Spy toolkit has been proven to work with Windows 95, 98, NT, and Windows 2000. It demonstrates two different techniques for injecting a dll into the process space of a third-party application without violating any Win32 security constraints. All code necessary to set the hooks on each WinSock function is provided for both the WinSock 1.1 and WinSock 2.0 API. Shell routines are provided for each WinSock function which gives you complete control over all parameters passed into and out of the target application. All you have to do is include your custom logic in the function of choice, to access and possibly change data as it's passed back and forth between the application and the WinSock DLL. (161K)

The above zip file contains an executable/dll combination which demonstrates the capabilities of the Adapt-a-Spy toolkit. As mentioned previously, the toolkit supports two different techniques for injecting the hooks into a WinSock application. The first involves use of the Win32 Debugger API and requires that the target application be launched from the SpyWin application. This technique is generally considered to be the most non-intrusive since only the specified target process is effected, but since the WinSock hooks are only placed on the process being "debugged", this technique is not a solution for designs which are required to run transparently, or for those applications such as Internet Explorer which use COM objects to communicate with the WinSock DLL.

The second hooking technique used by the Adapt-a-Spy toolkit is a more universal solution for monitoring virtually all processes which interact with the WinSock DLL. In the SpyWin example contained in the above zip file, a menu option labeled "Desktop Hook, Enable" will initiate the ability to inject the WinSock function hooks on all running processes. If this feature is enabled, the example display window should log the WinSock API functions for any active Windows process whether started before or after the SpyWin itself.

The"Adapt-a-Spy" Toolkit, consisting of the source code for the above application, is now available for the very modest price of:


The toolkit contains all source code necessary to inject the hooking dll into another Windows process using either technique described above. The hooking dll is furnished complete with function shell routines for each WinSock routine making it easy to add custom logic to intercept and modify the data parameters. The project files were initially generated using MSDEV 4.2 but have been verified to work using either MSDEV 5.0 or MSDEV 6.0.

A non-disclosure agreement is required.

Contact for details.

Last Updated: July 15, 1999
Copyright © 1995-99, WinTECH Software
Return to WinTECH Home Page.