Attention: this software is working only under WinNT/2000/XP OS
Hardware requirements Pentium 100 MHz, 32 MB RAM or better.
***  Contents of ZIP file. ***
1. ss.exe - executable SocketSpy file. No installation
required. SocketSpy does not change Window registry.
2. LOG files are examples of log files
3. EXAMPLE.CFG - custom list of trapping functions
4. readme files in English and Russian (RUSSIAN.WIN
   RUSSIAN.KOI,RUSSIAN.UNI). Russian versions of
   readme files are not complete as English one.

*** Short Details of Logging I/O operation****
1. After running select trap configuration
using check boxes. Only functions of selected DLL of will be
trapped. These check boxes are located on the top of
frame view window:
    "Trap WinSock" check box
    "Trap SNMPAP" check box
    and etc
"Trap WinSock" check box is used not only for trapping Winsock
DLL functions and as well for trapping MPR DLL functions.
All other check boxes controll only 1 DLL.

In demo version only WinSock check box is enable and
may be controlled.
2. Then specify LOG file: File menu->Open Log File
   Log file accumulates all I/O information from 
   WinSock DLL or File I/O information from kernel32.dll.
   In addition log file collect sequence of trapped function
   calls. Log file is not necessary if you do not need
   log information and use SockedSpy for hacking purposes.
3. After LOG file selection Logging check box
will be enabled. By checking this box you may
control output to specified log file
(when box is checked output is taken place).
   Only Log file accepts detail log information.
4. Select Process button is used for selection of
current or new process for debugging.
5. Sometime debugged process is using protection against 
debugger. Check box Disable IsDebuggerPresent before
process selection to avoid this protection.

*** Instruction ***
1. If you want to log result in to log file go to
File menu->Open Log File and specify new or old log file.
2. Log process starts only when Logging check box is checked
(if no log file selected this check box is disabled).
3. If you want to TRAP functions of different DLL check appropriate
check boxes, for example (Trap WinSock or File I/O)
4. Press on "Select Process" button, Select Process dialog will be
opened. Specify executable of new process or use already started process
from list box (use Select Already Active Process).
5. When process has been selected calls of all trapped function would be
presented in monitor and logged into log file if file has been specified and
Logging check box has been checked. Only log file collects detail information
of I/O operations. 
6. You may Suspend or Terminate process or Resume suspended process.
7. Using Options menu you have possibility to read/write from/into process
memory, set or remove breakpoint (make breakpoint hard - when process 
stop execution and present detail information into breakpoint dialog).
By default breakpoints are soft.

*** Useful Tip ***
Because SocketSpy works as debugger and is using the same
mechanism as NuMega's Boundschecker, it takes some time to
proceed every breakpoint. It is quite possible that only 
several functions should be trapped, for example:
    send, recv, sendto and recvfrom functions 
    to log WinSock I/O flow.
It is possible to remove all unnecessary function from
list of trapping: Option menu->Default Breakpoint Config
New created list of trapped function may be saved as
Trapping Config file: File menu->Save Soft BrkPoint Config
(saving is enable only in full version).
As well you may load Trapping Config, created in previous
session of SocketSpy (File menu->Save Soft BrkPoint Config).
In demo version you may load EXAMPLE.CFG file, which has 
limited trapping list, only the following functions of WinSock32
are in the trapping list:
accept, bind, closesocket, connect, getpeername,
listen, recv, recvfrom, send, sendto, shutdown,
socket, gethostbyaddr, gethostbyname, getprotobyname,
getprotobynumber, getservbyname, getservbyport,
gethostname, getnetbyname
Default trapping list of WinSock32 contains more functions
than list from EXAMPLE.CFG, therefore execution of SocketSpy
WinSock32 trapping will be faster after loading of EXAMPLE.CFG.
Configuration of Trapping List is enable ONLY before you select
debugged process.
Functions which have soft breakpont are marked with "*" in the
in the "List of default breakpoints" window.

*** Log File proceeding ***
Because Log files with trapping and I/O information
contains a lof of data, you have a few options to
proceed them automatically. All of these options are
located in Tools menu and only 2 of them are implemented:
   You may extract list of all URL requests send to
   servers by HTTP clients, for example IExplorer
   (Tools menu->Extract From Log File->URLs).
   You may remove (filtering) from log file selected
   unnecessary information and save filtered log file
   again (Tools menu->Log File filtering).

*** SocketSpy Hacking Options ***
SocketSpy has a lot of hacking options which may be 
utilized without logging trapping information.
All of them are located in Options menu and are enabled
when debugged process is selected. 
You may set/remove hard breakpoint in any address or
function (Edit Breakpoints, in demo version you may
only see Hard Breakpoint list, without editing).
When hard breakpoint takes place SocketSpy interrupts
execution of debugged process and present Breakpoint
dialog.
It is possible to read from and write to debugged
process memory (Read/Write Process memory).
As well it is possible to see all process DLL and
find function in DLL list by name (View Modules menu).
For example, you are looking for "CreateWindow" function,
open Module dialog (Options->View Modules menu), type in 
"Find Function by Name" edit box "createwindow" and
click on "Find" button. All functions are containing 
substring "createwindow" (case in not important) will
be presented and you may set hard breakpoint on all or some
of them (demo version supports this operation as well).
*** SocketSpy Licence ***
1 end user not commercial or academic licence US$19.99   
1 end user commercial license or 5 end user academic licence US$29.99   
5 end user commercial licence or 10 end user academic licence US$49.99   
Unlimited end user licence US$99.99   
Unlimited end user licence with source code US$999.99 
                            



For more question and support please write:
antispamcop@narod.ru
or
visit: http://members.rogers.com/socket
