|
|
Copyright (c) 2007-08 by Marcin "MiniQ" Kielesinski
BrainWasher is based on a source code of AmiGG (c) 2003-04 by Piotr Wegnerowski,
(c) 2004-08 by Marcin "MiniQ" Kielesinski.
Site design by alpine |
|
|
|
|
Button rotation:
|
|
|
 |
NetworkSnoop - What is it? |
|
 NetworkSnoop is a transparent patch, similar to SnoopDos, but dedicated to
tracking bsdsocket.library calls. It's rather not for regular user - I mean
it's not used to enchance TCP/IP stack or something like this. It's for
developers using bsdsocket.library in their programmes. They can, thanks to
NetworkSnoop, display contents of recv(), send() functions buffers,
structures of system structures used by bsdsocket.library, check if a function
receives proper (or what kind of) parameters etc.
The programme can also monitor "uncertain" software - suspected of sending
spam, unwanted information to unknown addresses etc. |
|
|
|
|
|
NetworkSnoop - How does it work and what can I do with it? |
|
| The programme patches, as mentioned above, functions of
bsdsocket.library and exec.library (OldOpenLibrary(), OpenLibrary(),
CloseLibrary()). Since then all calls of basic API of bsdsocket.library ([jump table] is
monitored in offset range -30 to -300) are being caught. Each process using
bsdsocket.library has to open it for itself - the library base is linked to
the process and can be shared with the others. Thus it is impossible to single
patch and monitor bsdsocket.library calls, as it is in case of all the others
AmigaOS libraries. The solution is dynamic patching of every single bsdsocket.library
base created with exec.library/OpenLibrary() call made by a process going to
use library. It means NetworkSnoop has to be run BEFORE running the programme
which will be traced.
NetworkSnoop allows to monitor functions calls and parameters (upper list).
The list in a bottom displays contests of functions structures or buffers with
more complex parameters. The second tab allows to switch patches on/off,
select a process to trace (by default it monitors all functions dealing with
bsdsocket.library), turn recv()/send() buffers saving on/off (to NetworkSnoop
or process directory). The programme can, of course, log selected session to
textfile. All changes are fast and in real-time, including saving preferences. |
|
|
|
|
 |
NetworkSnoop - Requirements |
|
| The programme works smoothly on AmigaOS 3.x, 4.x and MorphOS. Native versions
for AmigaOS 4.x, MorphOS and AROS will be ready soon.
NetworkSnoop needs, beside Amiga-family operating system, the following
components:
- any TCP/IP stack compatibile with bsdsocket.library (in facts it means all,
including emulated library in WinUAE),
- MUI 3.x or better,
- NList MUI class,
- any programme (using bsdsocket.library) to monitor.
It can be necessary to increase a stack for a traced programme to avoid
consequences of memory needs caused by a patch. |
|
|
|
|
|
