H
H
Hint2014-05-06 14:07:59
Computer networks
Hint, 2014-05-06 14:07:59

What's with the weird way of networking (recv and WSA_IO_PENDING)?

I am writing a sniffer for a specific program using LSP/SPI. The problem is that this application works very strangely with the network, I have not seen this before. I've been digging for a few days now, but I can't think of anything.
My LSP/SPI provider handles WSPConnect, WSPSend, WSPRecv and WSPCloseSocket calls.
The first oddity is that I don't see WSPConnect calls. Data is being sent, received, sockets are closed, but there is no WSPConnect call. I put separate hooks on connect and WSAConnect, but they never worked.
The second oddity is that WSPRecv always returns a WSA_IO_PENDING error, but I can't figure out how the application ends up reading the received data. lpOverlapped is specified but hEvent is null. lpCompletionRoutine is not passed. There are no calls to GetOverlappedResult, WSAGetOverlappedResult, WSPGetOverlappedResult, GetQueuedCompletionStatus, and GetQueuedCompletionStatusEx. I set hooks - not a single call (the hooks are 100% working). How can this even be? Maybe there is some other way to find out about the completion of the operation, which I do not know about?
Please help me understand how this application works with the network. My experience, unfortunately, was not enough.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Andrew, 2014-05-06
@OLS

Yes, you can "put a socket" on an asynchronous (non-blocking) wait and then check its status from time to time with the select function. It is passed lists of sockets that you are interested in as input parameters, and it returns those that have changed.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question