-
Notifications
You must be signed in to change notification settings - Fork 7
/
wsock_trace
381 lines (330 loc) · 14.9 KB
/
wsock_trace
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
#
# WSock_trace config file.
#
# When wsock_trace.dll starts, it will try to open and read the
# 'Wsock_trace' file from these places in this order:
# - The file pointed to by %WSOCK_TRACE%.
# - The current directory.
# - Then finally the '%APPDATA' directory.
#
# The keywords here are not case sensitive.
# All values (also not case-sensitive) can contain an environment
# variable (at most one).
# E.g. 'trace_level = %WSOCK_TRACE_LEVEL%'.
#
[core]
trace_level = 1 # The level of trace to give; higher value gives more details
trace_indent = 2 # The number of spaces to indent e.g. ' * test.c(45)'.
trace_caller = 1 ; ditto comment
trace_report = 1 # print a final trace report at program exit.
# trace_max_len = 100 # wrap lines at column 100 when printing to file or when stdout is redirected.
# # When printing to the console, we wrap and indent text according to screen width.
trace_binmode = 1 # Write output-file in binary mode.
# trace_file = %TEMP%\wstrace.txt # file to trace to. If left unused, print to 'stdout'.
# Use "stderr" for stderr.
# Use "$ODS" to print using 'OutputDebugString()' and
# use dbgview to see the traces (no colours).
trace_file_commit = 0 # Commit a 'trace_file' directly to disk. Effective for a MSVC version only.
trace_time = relative # Print timestamps at each trace-line. One of these:
# "absolute" for current-time.
# "relative" for msec (or usec) since program started.
# "delta" for msec (or usec) since previous trace-line.
# "none" for no timestamps
trace_time_usec = 0 # Use micro-second precision if "trace_time = relative" or "trace_time = delta"
dump_modules = 0 # Dump information on all process modules.
pdb_report = 0 # Report PDB-symbols information found in all modules. This takes time!
pdb_symsrv = 0 # Call 'SymSrvGetFileIndexInfo()' on each module when 'dump_modules = 1'.
use_sema = 0
no_buffering = 0
no_inv_handler = 0 # Do not install am 'invalid parameter handler'.
#
# For tracing of overlapped transfers in some WSA* functions:
# If 'trace_overlap >= 1' and 'trace_level >= trace_overlap'
# the overlapped operation will be traced.
#
trace_overlap = 2
#
# Hook and trace Winsock extensions functions.
# The call 'WSAIoctl (s, SIO_GET_EXTENSION_FUNCTION_POINTER, ...)' is the interface
# to these extension functions. If 'hook_extensions = 1', a hook-function for each
# Winsock extension is set. Thus allowing a trace of these.
# Ref: wsock_hooks.c for details.
#
hook_extensions = 0
#
# The standard location of the 'hosts' file. Change to suite.
# Up to 3 hosts files are supported.
#
hosts_file = %WINDIR%\system32\drivers\etc\hosts
#
# Support for up to 3 'service' files.
# Currently only on WireShark format.
#
# services_file = %WIRESHARK_DIR%\services
# services_file = %WINDIR%\system32\drivers\etc\services
#
# For testing too fast programs:
# delay all receive, transmit, select() and WSAPoll() calls the
# specified number of milli-seconds.
#
# Note: The delay happens even if 'trace_level = 0'.
#
recv_delay = 0 # For recv(), recvfrom(), WSARecv(), WSARecvEx(), WSARecvFrom() and WSARecvDisconnect()
send_delay = 0 # For send(), sendto(), WSASend() and WSASendTo()
select_delay = 0 # For select()
poll_delay = 0 # For WSAPoll()
pcap_enable = 0
pcap_dump = %TEMP%\wstrace.pcap
callee_level = 1 # How many stack-frames to unwind and show for callers?
cpp_demangle = 1
short_errors = 1
use_full_path = 1 # Report with full file-names in traces. Otherwise, report file-names
# relative to the path of the current-working-directory.
use_short_path = 0 # Report with short file-names always.
use_toolhlp32 = 1 # If 0, use PsApi.dll functions instead
use_ole32 = 0 # Decode and print GUIDs using internal functions
start_new_line = 0 # Always start tracing on column 1.
extra_new_line = 0 # Add an extra newline after each traced function.
show_caller = 0 # Internal: show file/line where TRACE() was called.
show_tid = 0 # show the thread-id in start of WSTRACE().
compact = 0 # Compact or detailed dump (not yet).
dump_select = 1 # Dump the 'fd_set's in select(). Do it before and after select() modifies them.
dump_hostent = 1 # Dump the 'hostent' structure returned in gethostbyname() and gethostbyaddr().
dump_protoent = 1 # Dump the 'protoent' structure returned in getprotobynumber() and getprotobyname().
dump_servent = 1 # Dump the 'servent' structure returned in getservbyport() and getservbyname().
dump_nameinfo = 1 # Dump the data returned from getnameinfo().
dump_addrinfo = 1 # Dump the data returned from getaddrinfo() and GetAddrInfoW().
dump_wsaprotocol_info = 1 # Dump the WSAPROTOCOL_INFO[A|W] structure in e.g. WSASocketA() and WSADuplicateSocketA().
dump_wsanetwork_events = 1 # Dump the WSAEVENT array from WSAEnumNetworkEvents().
dump_namespace_providers = 1 # Dump WSAEnumNameSpaceProviders() and WSAEnumNameSpaceProvidersEx() information.
#
# For tracing the TCP-information prior to a 'closesocket()'.
# Shows some statistics and internals for a TCP-socket:
# TCP_INFO: State: ESTABLISHED
# Mss: 65495
# ConnectionTimeMs: 474
# TimestampsEnabled: 0
# RttUs: 419
#
# Requires Windows 10, version 1703 or newer
#
dump_tcpinfo = 0
#
# For printing the ICMP info of an ICMP error on a failed connect() call.
# The setsockopt (sock, IPPROTO_TCP, TCP_FAIL_CONNECT_ON_ICMP_ERROR, ..)' must have been set.
#
dump_icmp_info = 0
dump_data = 1 # Dump data in recv(), recvfrom(), send() and sendto().
max_data = 5000 # but not more than 'max_data'.
max_displacement = 100 # maximum distance for a public symbol to accept in SymGetLineFromAddr64()
max_fd_sets = 500 # Max number of 'fd_set' (i.e. sockets) to print in and out of 'select()'
msvc_only = 0 # Trace only MSVC programs using the wsock_trace.dll
mingw_only = 0 # Trace only MinGW programs using the wsock_trace_mw.dll
cygwin_only = 0 # Trace only Cygwin programs using the wsock_trace_cyg.dll
color_time = bright red # Color of time-stamp. E.g. '* 125.654 msec:'
color_file = bright white # Color of file/line. E.g.: ' sendf.c(319)'
color_func = bright cyan # Color of 1st traced line. E.g.: '(Curl_recv_plain+37):'
color_trace = bright yellow # Color of traced function. E.g.: 'recv (1492, 0x00B74604, 16384, 0) --> 11533 bytes.'
color_data = bright green # Color of extra traced stuff.
nice_numbers = 0 # Print a number in some traces like '2147483647' as '2,147,483,647'.
#
# Test programs with a failing 'WSAStartup()'.
# The value should one of these error-codes:
# 10091 == WSASYSNOTREADY
# 10092 == WSAVERNOTSUPPORTED
# 10036 == WSAEINPROGRESS
# 10067 == WSAEPROCLIM
# 10014 == WSAEFAULT
# 11003 == WSANO_RECOVERY (MSDN does not document this as possible, but it can)
#
fail_WSAStartup = 0
#
# Don't trace these functions:
#
exclude = htons
exclude = htonl
exclude = ntohs
exclude = ntohl
exclude = inet_addr
#
# Or don't trace these functions in these programs:
#
# exclude = libcurl.dll!select
# exclude = f:\mingw32\src\inet\src\curl.exe!inet_addr
# exclude = wget!WSAStartup
#
# Use WinHTTP.dll to download the below files.
# If 0, use WinInet.dll instead.
# Subject for removal; always use WinInet.dll and ignore this setting.
#
use_winhttp = 0
#
# Experimental:
# Lua-scripts for init and exit.
#
[lua]
enable = 1 # Indepenent of a 'trace_level = 0' in the [core] section.
trace_level = 1 # The level for LUA_TRACE().
profile = 0 # Experimental; allow a Lua-script to load "jit.profile".
#
# The colors used in LUA_TRACE() and LUA_WARNING():
#
color_head = bright magenta # color of the start. E.g. "wsock_trace_lua.c(238):"
color_body = bright white # color of the body. E.g. "func_sig: 'WSACleanup()'"
lua_init = %APPDATA%\wsock_trace_init.lua
lua_exit = %APPDATA%\wsock_trace_exit.lua
#
# GeoIP settings.
#
[geoip]
enable = 1
max_days = 10 # max allowed days old before forcing an update
show_position = 0 # Show latitude/longitude for IP-position (if available).
show_map_url = 0 # Show Google Maps URL for IP-position (if available).
openstreetmap = 1 # Use OpenStreeMap URL instead.
map_zoom = 10 # With zoom-level in the URL:
# https://www.google.com/maps/@59.91273,10.74609,10z
# | | |
# | | |___ map_zoom
# | |____________ longitude
# |_____________________ latitude
#
# Or if above 'openstreetmap = 1':
# https://www.openstreetmap.org/#map=10/59.91273/10.74609
#
ip4_file = %APPDATA%\GeoIP.csv
ip6_file = %APPDATA%\GeoIP6.csv
ip4_url = https://gitweb.torproject.org/tor.git/plain/src/config/geoip
ip6_url = https://gitweb.torproject.org/tor.git/plain/src/config/geoip6
#
# The address of (a local) proxy-host to fetch the above URLs from.
# If not set, retrieve directly.
#
proxy =
#
# IP2Location settings.
#
# To enable retrieving locations for both IPv4 and IPv6 addresses, download
# and use a file named like IP2LOCATION-LITE-DBx.IPV6.BIN.
# This files contains both IPv4 and IPv6 records.
#
# Ref. https://github.com/chrislim2888/IP2Location-C-Library
# http://lite.ip2location.com
# https://lite.ip2location.com/database-download -- download URL for this .BIN file
#
# The above 'show_position' and 'show_map_url' depends on an up-to-date
# version of this file.
#
ip2location_bin_file = %APPDATA%\IP2LOCATION-LITE-DB11.IPV6.BIN
#
# ASN (Autonomous System Number) settings:
#
[asn]
enable = 1 # Show ASN info for addresses in traced functions
#
# The IP2Location ASN .csv files.
#
# asn_csv_file = %APPDATA%\IP2LOCATION-LITE-ASN.CSV # This is for IPv4 addresses only.
# asn_csv_file = %APPDATA%\IP2LOCATION-LITE-ASN.IPV6.CSV # This is for IPv6 addresses only.
#
# The above file are huge which takes time to load and parse.
# Uncomment the above lines only if you need this feature.
#
# TODO:
# asn_csv_url =
#
# The IPFire binary database required for showing AS number and AS names:
#
asn_bin_file = %APPDATA%\IPFire-database.db
#
# The URL of the latest version of the above .db-file.
# This URL is only used to check for the latest version (in ASN_check_database()).
#
asn_bin_url = https://location.ipfire.org/databases/1/location.db.xz
#
# Use the built-in LZMA decompressor for the 'location.db.xz' file.
#
# If 'xz_decompress = 0', it can be downloaded manually and extracted
# using the 'xz' (or '7z') programs instead. Like:
#
# c:\temp> wget https://location.ipfire.org/databases/1/location.db.xz
# c:\temp> xz -d location.db.xz (or '7z x location.db.xz')
# c:\temp> move /Y location.db %APPDATA%\IPFire-database.db
#
# Or when 'xz_decompress = 1', use 'c:\> ws_tool asn -u'
#
xz_decompress = 1
#
# When 'xz_decompress = 1', the maximum allowed days old before
# forcing an update of 'location.db.xz'. An update will do the same as
# the above 'wget', 'xz' and 'move' commands.
#
max_days = 10
#
# IANA (Internet Assigned Numbers Authority) settings:
#
[iana]
enable = 0 # Show IANA info for addresses in traced functions
ip4_file = %APPDATA%\IPv4-address-space.csv # The IANA 'IPv4 Address Space Registry' .csv file
ip6_file = %APPDATA%\IPv6-unicast-address-assignments.csv # The IANA 'IPv6 Global Unicast Address Assignments' .csv file
#
# Note: there are no 'ip4_url' and 'ip6_url' for the above files
# (similar to 'DNSBL::drop_url') since the above files gets updated very seldom.
#
#
# IDNA (Internationalizing Domain Names in Applications) settings:
#
[idna]
enable = 1
use_winidn = 0
codepage = 0
fix_getaddrinfo = 0
#
# DNSBL (Domain Name System Black Lists) settings:
#
[DNSBL]
enable = 0
max_days = 10 # max allowed age (in days) for an update check (not automatic).
drop_file = %APPDATA%\drop.txt
edrop_file = %APPDATA%\edrop.txt
dropv6_file = %APPDATA%\dropv6.txt
drop_url = http://www.spamhaus.org/drop/drop.txt
edrop_url = http://www.spamhaus.org/drop/edrop.txt
dropv6_url = http://www.spamhaus.org/drop/dropv6.txt
#
# Settings for Windows' "Internet Connection Firewall" (ICF)
# event handling.
#
[firewall]
enable = 0 # Enable tracing of firewall events
show_ipv4 = 1 # Show IPv4 events?
show_ipv6 = 0 # Show IPv6 events?
show_all = 0 # Show events for other programs besides "our" program?
api_level = 3 # Which API level to use in 'fw_monitor_subscribe()'.
#
# For firewall_test.exe only.
# Show statistics on the Console title bar.
#
console_title = 1
#
# Don't report event for these programs:
#
exclude = svchost.exe, System
#
# Don't report event for these source / destination addresses:
#
exclude = 239.255.255.250 # SSDP protocol from svchost.exe
exclude = 224.0.0.251 # IGMP protocol from System
exclude = 224.0.0.252 # IGMP protocol from System
#
# Enable a beeping sound for a firewall event.
# This requires '[firewall:enable = 1]'.
#
# Format is frequency, period; "Hertz, milli-seconds".
# Frequeny is bounded range 0 - 10000.
# Period is bounded in range 0 - 1000.
#
sound.enable = 1
sound.beep.event_drop = 1000, 40
sound.beep.event_allow = 800, 20
sound.beep.event_DNSBL = 1200, 50