Is thit true that all browsers on windows OS work thru winsock? thanks
I think that all the browsers use actually Winsock2. It has several extensions over Winsock, most are related to the support of overlapped (asynchronous) I/O on sockets.
Specifically MS Internet Explorer uses a higher-level library called WinINet. Which in turn of course uses Winsock2.
I don't know for a fact that they all do (what does "all" mean, anyway?) But what else would they use? Winsock is the Windows Sockets API, through which access to network cards is mediated.
Related
There are a few programs like Proxifier that can force an exe to use a proxy. There are a few others, too. But the sites all look a bit shady. I don't even trust Proxifier tbh... So I'd like to know how these programs work. How do they do it? Is there a WinAPI function that can be used to do that? Or do you have to actually inject code into the processes?
I was only able to find functions to change the global proxy of windows. But some programs don't care what the global proxy says, they always try to connect directly, even if it's not possible...
Proxifier is based on LSP (layered service provider), but personally I never liked this technology because of often stability issues. However, besides LSP there are other possible approaches suitable to achieve the same functionality, you can find a short coverage of network filtering methods (including LSP) here: https://www.ntkernel.com/ndis-hooking-drivers-and-legacy-windows-systems/, however the document is a little bit out-of-date, I have written it in times of early Windows XP dawn and it does not cover WFP (Windows Filtering Platform), which replaced TDI, and NDIS Lightweight Filter, which replaced NDIS Intermediate and NDIS-hooking drivers. Both technologies were introduced by Windows Vista along with NDIS 6.0.
I think Wininet.dll is the canonical method for accessing HTTP from user mode programs on Windows. (The documentation for Windows Networking and Internet support is here. I didn't want to go through all of the doc, but I'm pretty sure Wininet.dll is the right one)
One method for doing a per process proxy, is to write a DLL that acts like Wininet.dll (and sits on top of the Windows' Wininet.dll). Your Wininet would have some sort of mechanism (registry, config file, etc.) to determine whether a particular process is to be proxied or not. If process isn't proxied then all calls go through to original Wininet, but if process is proxied then your Wininet does the redirection.
Another, somewhat similar, injection point is at the winsock layer (ws2_32.dll). (Back in the Windows 3.1, Win95 era, it was fairly common to replace winsock.dll (ws2_32 predecessor) by vendors of TCP/IP stacks.) Here's a case where the same concept is used to capture traffic at winsock layer. The article at the link has a nice diagram that illustrates the concept as well as implementation details of replacing ws2_32.dll.
The modern way to do this is to use Windows Filtering Platform.
https://en.wikipedia.org/wiki/Windows_Filtering_Platform
https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page
Windows Filtering Platform (WFP) is a set of API and system services
that provide a platform for creating network filtering applications.
The WFP API allows developers to write code that interacts with the
packet processing that takes place at several layers in the networking
stack of the operating system. Network data can be filtered and also
modified before it reaches its destination.
In Windows 8/8.1 it's now possible to enable/disable Bluetooth via the OS itself (see image below). This is awesome because it's device/driver-agnostic.
On Android, this is possible via BluetoothAdapter.enable() and BluetoothAdapter.disable(), but I haven't been able to find anything to do this on Windows (even though it seems like it's definitely possible).
So I've tried using:
BluetoothEnableIncomingConnections() - However, this only prevents new incoming connections. It doesn't disable existing ones.
devcon.exe - The problem with this method is that A. it is a non-redistributable binary B. it requires that you know he device ID ahead of time (so it's not device/driver-agnostic). Also, while it's not a dealbreaker, it'd be nice to not require elevation.
UI Automation - Simply launching the PC Settings app and toggling the switch with keyboard events is easy, but it's super ugly, both in terms of proper coding practices and in terms of user experience. That being said, this is the only way I've found to achieve the behavior I'm looking for so far.
I'm writing a native Win32 app in C++, so I'm not constrained to any Windows Store app requirements, although, it would be great if there was an approach that didn't require elevation.
TL;DR
Are there any APIs, WMI interfaces, or anything else available to achieve functionally equivalent results to flipping the Bluetooth toggle switch? If not, are there any alternative methods which yield similar results?
In win8.1 you should be able to call BluetoothEnableRadio to enable/disable the local radio.
Basically the manufacturers should include a method to accomplish this so you don't have to load a dll.
"Beginning with Windows 8.1 vendors are no longer required to implement radio on/off capability (for Bluetooth 4.0 radios) in a software DLL as described in this topic, because the operating system now handles this functionality. Windows 8.1 will ignore any such DLL, even if present."
check out this link which talks about it:
http://msdn.microsoft.com/en-us/library/windows/hardware/hh450832%28v=vs.85%29.aspx
I'm reading <<Understanding Linux Network internals>>,but not sure how much of it will also apply to windows?
I think you will find that they are very similar as both are based on the standard Berkley sockets API. Assuming you are programming in C here, you'll see the same sorts of functions with similar usage in both windows and unix (listen, accept, bind, etc).
There are of course many windows-specific socket functions though, mostly for things like async IO. Here's a list of the Windows socket functions so you can have a look for yourself.
on windows, is there any other option when programming network communication then using Winsock? There are many socket libraries for c++, are they all just winsock based?
You can consider using boost::asio. Boost is really great and well designed. Many parts of it have come already into C++0x. You will need to statically link to a lib or dll (it is not a header only template library)
Winsock are the sockets for Windows taken over from BSD (with actually exactly the same API excepting for closesocket vs close and the initialization/termination of the subsystem). Not the Win API itself has a more modern API the WSAxxx functions. C++ is socket unaware until now that means in order to do networking you MUST use the OS API, thus Winsock. There is no other low level API.
If you are trying to monitor traffic why don't you use WinPCAP?
There are other ways to program network communication, which don't use Winsock: for example, using the network file system (shared files), or using named pipes.
Software can also bypass Winsock (which is a Windows user-mode DLL) even for TCP/IP traffic, and instead interface directly with the kernel-mode drivers.
I am porting a communications library from Linux to Windows. I know what my approach is for the most part. The library uses all raw ethernet level frames for all the communications.
The library I am porting from makes use of the PF_PACKET family and the struct sockaddr_ll. After browsing through the MSDN winsock site, I haven't found an equivalent family/struct. What should my approach be here?
I have a few ideas, but I am not sure if they are good ideas
I could use PF_UNSPEC, for unspecified.
I could just pass the number PF_PACKET represents (it's an unsigned short)
I could also just make my own sockadddr_ll struct in Windows.
None of those ideas seem good to me, they just seem like hacks that aren't really likely to work.
If anyone has any suggestions, I would appreciate it.
I assume you're referring to Raw Sockets (where you have to write the network layer, transport layer, and application layer information). New Windows versions (XP SP2 and up) have very limited support for raw sockets with many restrictions.
More info (scroll down to "Limitations on Raw Sockets")
The solution, I believe, is to use WinPcap, which allows you to send raw packets on those systems.