Tag Archives: Winsock LSP

LSP programming tutorial

Leave a reply

When I first started to learn LSP it was about nine years ago when Winsock LSP was an obscured hard to learn technology, but today there are more resources available, if it’s in Microsoft web sites, other people web site, or Komodia’s web site.

If someone would approach me today and ask me for a recommendations on where to start to learn LSP, my first question would be:  “why?” usually people want to learn LSP to develop some sort of product or for fun, if it’s for fun then I recommend to go ahead and learn it using the resources on Komodia’s site, but if it’s to develop a commercial application I’m against it because what looks easy to do with LSP will be a loosing deal on the long run.

The reason I’m saying this is because I know that Komodia’s products are developed for 3 years now full time and I’m (Barak Weichselbaum) a world’s expert in the field of LSPs and we still get bug reports for the things we could never foresee upfront, so for someone to start from scratch (expert or not) may appear to have lower cost but in reality they will have very high TCO.

Barak

Intercepting DNS queries LSP

Leave a reply

It is possible to intercept DNS queries, usually it is done for anonymizers for two reasons:

  1. Even if the session is anonymized the DNS query reveals the destination.
  2. Some countries have their DNS servers censored.

Because of these two reasons when you intercept the DNS you are able to use the domain name via a proxy you tunnel the data to (still assuming we are writing an anonymizer).

What are the ways to do it:

  • Winsock LSP or any other network interception ability like TDI, WFP, NDIS.
  • Use NSP (it’s very rare)
  • Hooking, detours.

Each method has it’s advantage and disadvantage and making the wrong choice can later means starting all over, for example, what works perfect on 32bit may not work at all under 64bit or even worse can’t work on 64bit, or it may not be compatible with all current OS.

We at Komodia’s has an optional module for: “Intercepting DNS queries LSP” which works on Windows 2000 and up to 7 and 2008 including all 64 bit flavors.

Barak

Winsock sample lsp

Leave a reply

Microsoft is giving their Winsock LSP sample back from 1995 when Winsock LSP was first used with Windows 95, up until 2005 or so the quality of their default sample was lacking and much work needed to be done to make it work without any issues.

At our web site you can download Winsock sample lsp which is basically a repacked MS sample, we took the XP sample and put it inside a VS6 project which makes it easier to learn Winsock LSP, but we didn’t include all the modifications for our LSP which is so far ahead from the default sample in terms of features.

Barak

Winsock lsp ssl trace

Leave a reply

Winsock LSP and SSL is a complex and simple issue 🙂 basically the Winsock LSP sees the SSL session encrypted and can’t see the decrypted content of the session. It’s possible to decrypt SSL sessions, but that’s a topic for another post.

Winsock LSP can be used to trace SSL sessions to their root, you can easily get the following information about a SSL session by using LSP:

  • Originating application.
  • Source Address/Port.
  • Destination address/Port.
  • Certificate.

Barak