Socket Spy is a versatile software designed to capture Winsock, SNMPAPI, ICMP calls, and network TCP/UDP traffic of both new and active processes.
Aside from capturing network traffic, SocketSpy can also show File I/O operations (KERNEL32.DLL) and Windows Registry (ADVAPI.DLL) operations of tested processes. This means that you can capture all network and/or file input/output traffic of programs such as IExplore and Outlook Express. The utility is flexible and allows you to capture only file I/O, network I/O, Windows Registry access separately.
SocketSpy can be used for several purposes such as trojan and virus finding, high-level network protocols study or software reverse engineering. In summary, the results of tests are presented in the form of Rich Edit text in the output window, and the full information can be saved as a log file.
Based on Win32 Debug functions, SocketSpy can also block requests from tested processes that attempt to know if a debugger is present. The tested process will receive an answer of "No". SocketSpy also offers several other features such as reading and writing to tested process memory, finding binary sequences in memory of tested process, setting additional break points on the system function, and making a disassembler of executable code or specific system functions.
Version 4.28: N/A