locked
Is there any way to know which winsock APIs are called by an application ? RRS feed

  • Question

  • Hi with an inspection callout driver is it possible to know which winsock APIs are called by an application? 
    Sunday, May 25, 2014 5:54 PM

Answers

  • Hi

    As far as I know in WFP you can get callbacks only for the events/callouts you register for. 

    So in your particular case you could register for the particular callouts and filter on the basis of APPID, such that you could filter  at ALE_CONNECT_REDIRECT{*} , ALE_BIND_REDIRECT{*},TRANSPORT_OUTBOUND for connect,bind & send winsock APIs respectively. 

    Regards

    Umar Yaqoob

    • Marked as answer by payam.sh Saturday, May 31, 2014 5:03 PM
    Monday, May 26, 2014 6:13 AM