Introduction

In the past, Linux was not only the operating system of choice, but it was almost the only operating system hackers would use. At one time, almost all exploit scripts were written on the Linux platform and could only be compiled by the Linux system. However, the Microsoft win32 system has become more prevalent in enterprise environments and has achieved nearly equal footing with Linux in the market of exploit scripts. To write or defend against exploit scripts on the win32 system, one must have a strong understanding of the WinSock 1 application program interface (API) and, more importantly, the WinSock 2 API.

The WinSock 1 and WinSock 2 APIs are used to make network connections. WinSock 2 uses ws2_32.dll to communicate to the Winsock or to a Service Provider Interface (SPI), which is used by the actual hardware appliance. Because programmers communicate solely with the Winsock 2 API, they do not need to be concerned with the hardware. The goal of the Winsock API is to give the programmer maximum control over what is being sent to and from the appliance, without having to know what the appliance is. Appliance vendors must conform to the Windows SPI in such a way that both new and old programs are able to function with almost any hardware.

The vast majority of Windows programs that incorporate socket programming in some fashion do so with either Winsock or the newer Winsock 2 API. Winsock 2 is a rather large upgrade with considerably...