0

I would like to create a software 'scanner' that finds in executable code (e.g. not source code) such as machine code, java jars, etc where sockets are opened.

Does such a thing exist? If not, is there a means to find how the library is linked and the function calls made?

Windows is preferred for now, but Linux would be interesting as well.

Context: I am looking to statically analyze legacy software in order to understand impacts of moving to IPv6 only.

I did some notional searches. Nothing obvious showed up.

I thought I would ask before I go down the rabbit hole. Any intel or advice is appreciated.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
MB REYNOLDS
  • 1
  • Sockets on Windows are *typically* created using the `socket()` function in `Ws2_32.dll`, and connections are opened using the `connect()` and `accept()` functions. You can scan an executable's PE header to see if it imports those functions, and then scan the executable's code looking for references to those functions. You might also have to hook the `GetProcAddress()` function in `kernel32.dll` too, in case the functions are imported dynamically instead of statically. Also, `Ws2_32.dll` has other extended functions, like `WSASocket()`, `WSAConnect()`, `WSAConnectBy...()`, `WSAAccept()`, etc – Remy Lebeau May 30 '23 at 19:34

0 Answers0