How can application recv data with WSA_IO_PENDING?
Question
I'm making a sniffer using LSP/SPI for specified application. But I cant understand how does this application work with network.
There are no "connect" or WSAConnect calls. I intercept WSPRecv, WSPSend, WSPCloseSocket, but no WSPConnect.
Another strange thing - WSPRecv always returns WSA_IO_PENDING, but hEvent in lpOverlapped is null, lpCompletionRoutine is null too. And no calls to WSPGetOverlappedResult (WSAGetOverlappedResult, GetOverlappedResult) and GetQueuedCompletionStatus (GetQueuedCompletionStatusEx). I hooked all this functions, but no calls at all! How does this application recv data?
Can you help me? How does it work? I have missed something?
1 answers
solution1
0 2014-05-06 12:49:11
A parent process listens for connections. Once a connection is established the parent process launches a new child process to deal with the connection. The child process inherits the handle of the connected socket. The child process communicates over the socket and eventually closes the socket and exits.
If you look at the child process in isolation you will see sends, receives and a final close but no initial connection, just as you describe.
This is a more common model on UNIX but it is sometimes used on Windows.
As for the strange overlapped behaviour, this may be what you see if you look at the internals of a non-blocking socket. Non-blocking sockets are implemented on asynchronous sockets, but I don't know the details.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.