It has always bothered me that I have to have administrator privelages to use WSAIoctl() given SIO_RCVALL to sniff all inbound/outbound packets. Is there any alternative to sniff without using this function? Thanks.
You could try hooking up these APIs
[*]send
[*]sendto
[*]recv
[*]recvfrom
[*]WSASend
[*]WSASendTo (not sure)
[*]WSARecv
[*]WSARecvFrom (not sure)
I don't think you'll be able to do that without administrator privileges, either :P When you think about it, there's nothing illogical about that requirement. Imagine what would happen if people visiting a school library could install a program that sniffs packets going to and fro when other users log on to the machine.
I don't quite understand why you need to sniff packets on a machine that isn't owned by the user of the program, though. If there are ways to do that, they are most likely the consequence of programming errors, and they may not be consistent across operating system versions.
I don't quite understand why you need to sniff packets on a machine that isn't owned by the user of the program, though. If there are ways to do that, they are most likely the consequence of programming errors, and they may not be consistent across operating system versions.
Hooking winsock won't give you the same as raw sockets... and as Sephiroth says, there's a reason admin access is required. If you don't like this, and have a legitimate need for non-admin raw sockets, install a system service that allows apps from other users to register with it and let it handle the raw I/O.
I don't think you'll be able to do that without administrator privileges, either :P When you think about it, there's nothing illogical about that requirement.
Under most circumstances you're right, but my friends dorm has computers supplied by the school in each room and none of them have admin for some reason. Since he's pursuing a CS major, it seems a little nonsensical to be restricted this much. :?
Thanks for the info.
Okay, then maybe he could ask the dude in charge of the computers to set him up, or if he can't be bothered, your friend could just reinstall Windows.