INTRODUCTION This code sample illustrates a Winsock 2 layered service provider (LSP). An LSP is a method of inserting a layer between the Winsock 2 API and applications. This is achieved by creating a DLL which implements the entire set of Winsock provider functions. These functions begin with the three letters WSP. You can consult the Platform SDK documentation for the specifics on these functions. LAYERED SERVICE PROVIDERS There are two types of LSPs. The first type is known as a base provider. A base provider exposes access to a protocol (such as TCP/IP). Not only does it require a user mode DLL which implements the WSP functions but it also requires a kernel mode component which communicates with the underlying protocol driver (usually via the TDI interface - consult the DDK for TDI information). The other type of LSP is the type we mentioned in the first paragraph. It is a layer that lies above a base provider which is what this sample is. You can install this LSP above any installed base provider. Microsoft operating systems ship with a variety of base providers such as 'MSAFD Tcpip [TCP/IP]' (the TCP/IP provider). You can even install this LSP over other installed LSPs. INSTALLING THE LSP When you build the sample from the Samples\NetDS\WinSock\LSP folder, three files are generated. Instlsp.exe, ifslsp.dll and nonifslsp.dll. The first file is the installation program for installing the LSP into the Winsock catalog. The ifslsp.dll is an IFS LSP (LSP that creates sockets as installable file system (IFS) handles). The nonifslsp.dll is a NON-IFS LSP. The DLLs should be copied to %SYSTEMROOT%\System32 before installation. You need to determine which providers you want to install the LSP over before beginning. To get a list of the installed providers, execute the following command: C:\>instlsp.exe -p 1001 - MSAFD ATM AAL5 1002 - MSAFD Tcpip [TCP/IP] 1003 - MSAFD Tcpip [UDP/IP] 1004 - MSAFD Tcpip [RAW/IP] 1005 - RSVP UDP Service Provider 1006 - RSVP TCP Service Provider 1007 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{74427F6E-EAED-4823-A03A-3759EBBB760B}] SEQPACKET 0 1008 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{74427F6E-EAED-4823-A03A-3759EBBB760B}] DATAGRAM 0 1009 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{E62BE309-3888-44C2-9A27-D981A3EB7EF5}] SEQPACKET 1 1010 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{E62BE309-3888-44C2-9A27-D981A3EB7EF5}] DATAGRAM 1 1011 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4BCF3EF-6D3E-46D0-93EF-6EBAF4E7F4FD}] SEQPACKET 2 1012 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4BCF3EF-6D3E-46D0-93EF-6EBAF4E7F4FD}] DATAGRAM 2 1013 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B4CCD46-9338-45DE-954C-3A379C17574A}] SEQPACKET 3 1014 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B4CCD46-9338-45DE-954C-3A379C17574A}] DATAGRAM 3 1015 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{F16E07AD-74F0-44E9-9731-DB72B9C4DD25}] SEQPACKET 4 1016 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{F16E07AD-74F0-44E9-9731-DB72B9C4DD25}] DATAGRAM 4 1017 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{14A9C4D0-76AC-4E14-BC60-C8DE25746F94}] SEQPACKET 5 1018 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{14A9C4D0-76AC-4E14-BC60-C8DE25746F94}] DATAGRAM 5 This prints the current Winsock catalog. The first number is the catalog ID followed by the string name of the corresponding Winsock provider. This particular machine is Windows 2000 with TCP/IP, TCP/IP QOS, NetBIOS, and ATM providers. You will need the catalog IDs of the layers you wish to install the LSP over. Note that if you should install the LSP over all the providers for a given protocol family. That is if you want to install over the TCP provider you should also install over the UDP and RAW providers (and probably the QOS providers as well). This is because there are certain applications (like Internet Explorer) which call the function select with SOCKET handles from different providers (UDP and TCP) which will fail if you're layered over only one of the these two providers. Once you've determined which providers you want to install over, you need to perform the installation of the LSP into the Winsock catalog with the -i option. You'll also need to specify a '-o ID' for each catalog entry you want to layer over as well as the qualified path to the LSP DLL with '-d <DllPath>'. For example, to layer over all the TCP/IP providers (except QOS) you would execute the following command: C:\>instlsp.exe -i -o 1002 -o 1003 -o 1004 -n "Foobar" -d c:\windows\system32\nonifslsp.dll LSP name is 'Foobar' Installing layer: Foobar over [MSAFD Tcpip [TCP/IP]] Installing layer: Foobar over [MSAFD Tcpip [UDP/IP]] Installing layer: Foobar over [MSAFD Tcpip [RAW/IP]] The '-n Name' option specifies the name of our LSP. You can verify the LSP installation by calling 'instlsp.exe -p'. C:\>instlsp -p 1042 - Foobar over [MSAFD Tcpip [TCP/IP]] 1043 - Foobar over [MSAFD Tcpip [UDP/IP]] 1044 - Foobar over [MSAFD Tcpip [RAW/IP]] 1001 - MSAFD ATM AAL5 1002 - MSAFD Tcpip [TCP/IP] 1003 - MSAFD Tcpip [UDP/IP] 1004 - MSAFD Tcpip [RAW/IP] 1005 - RSVP UDP Service Provider 1006 - RSVP TCP Service Provider 1007 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{74427F6E-EAED-4823-A03A-3759EBBB760B}] SEQPACKET 0 1008 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{74427F6E-EAED-4823-A03A-3759EBBB760B}] DATAGRAM 0 1009 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{E62BE309-3888-44C2-9A27-D981A3EB7EF5}] SEQPACKET 1 1010 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{E62BE309-3888-44C2-9A27-D981A3EB7EF5}] DATAGRAM 1 1011 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4BCF3EF-6D3E-46D0-93EF-6EBAF4E7F4FD}] SEQPACKET 2 1012 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4BCF3EF-6D3E-46D0-93EF-6EBAF4E7F4FD}] DATAGRAM 2 1013 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B4CCD46-9338-45DE-954C-3A379C17574A}] SEQPACKET 3 1014 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B4CCD46-9338-45DE-954C-3A379C17574A}] DATAGRAM 3 1015 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{F16E07AD-74F0-44E9-9731-DB72B9C4DD25}] SEQPACKET 4 1016 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{F16E07AD-74F0-44E9-9731-DB72B9C4DD25}] DATAGRAM 4 1017 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{14A9C4D0-76AC-4E14-BC60-C8DE25746F94}] SEQPACKET 5 1018 - MSAFD NetBIOS [\Device\NetBT_Tcpip_{14A9C4D0-76AC-4E14-BC60-C8DE25746F94}] DATAGRAM 5 1041 - Foobar You'll notice that for each provider that we're layering over there is a new provider for our LSP (in this example, those entries with IDs 1042, 1042, and 1042). Additionally there is an extra entry entitled just "Foobar". This is the hidden (or dummy) entry for our LSP. It is required because before we can insert our LSP into another protocol's chain we must have a catalog ID and you don't get a catalog ID until you install a provider. So you install a dummy provider first to obtain a valid catalog ID which you then use in the protocol chains for the actual layered providers you install. As a shortcut, if you wish to install the LSP over every currently installed provider, specify -a instead of the individual '-o ID' flag, as in: C:\>instlsp -i -a -n "Foobar" -d c:\windows\system32\nonifslsp.dll INSTALLING THE IFS PROVIDER To install LSP as an IFS provider, run the installer and specify the '-h' switch (should be first parameter to instlsp.exe) as well as the qualified path to ifslsp.dll, as in: c:\>instlsp -h -i -o 1002 -o 1003 -o 1004 -n "IFSLSP" -d c:\windows\system32\ifslsp.dll INSTALLING AN LSP ON VISTA+ Since installing an LSP requires Administrator privileges and Vista introduces the notion of User Account Protection (UAP), installing an LSP on Vista requires a little extra work. A manifest (instlsp.exe.manifest) has been added to the installer code which directs Windows to prompt the non elevated user whether the application should be allowed to execute. If invoked from an elevated process, no prompt is given. For more information on UAP see: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/AccProtVista.asp Additionally, a new LSP install API has been added to Vista - WSCInstallProviderAndChains. This function performs all the necessary steps to install an LSP in one call. It also determines which entries need to be installed over based upon the providers supplied. That is if you tell instlsp.exe to install only over the TCP/IPv4 entry, it will also install over UDP/IPv4 and RAW/IPv4 since without those entries, IE (and other apps) would not operate correctly. INSTALLING AN LSP ON A 64-BIT OS When installing an LSP on a 64-bit OS, both a 64-bit and 32-bit LSP DLL are needed in order for 64-bit and 32-bit applications to access the LSPs functionality. Normally the 64-bit DLL is located in %SYSTEMROOT%\system32 and the 32-bit DLL is in %SYSTEMROOT%\SysWow64. The OS then automagically substitutes the correct location when applications load the DLL. However, if your application prefers to install its DLL under its own directory (which it should), there is not automagic redirection to the 32-bit DLL. Instead when installing your LSP, use the -d32 flag to specify the full path and filename to the 32-bit DLL. If this parameter is not specified, it is assumed that you are installing to the %SYSTEMROO%\System32 directory. REMOVING THE LSP Removing the sample LSP is the simplest step. Just make the following call: C:\>instlsp.exe -r 1041 This will remove the dummy entry as well as each layered entry. Note that with this sample, you cannot install the LSP more than once (that is you can't install the LSP over the IP providers and then try to install it over the newly created LSP entries). This is because the LSP sample uses a GUID to uniquely identify itself. If you attempt to install it twice, Winsock 2 catches the fact that a provider already exists with the given GUID and the installation will fail. You can however create a second instance of the DLL by changing the GUID and a few other resources. See lspguid.cpp and/or instlsp.cpp for more information. In the event that the Winsock catalog becomes so screwed up, you can remove all layered entries with the following call: C:\>instlsp.exe -f WINDOWS 9x AND WINDOWS ME INFORMATION For security reasons, the LSP's DLL location is fully pathed to %SYSTEMROOT%\system32 where it is installed. Additionally, the installer loads ws2_32.dll to determine whether WSCUpdateProvider is available. Both calls will fully path the DLL location which breaks under Windows 9x and ME. Please look at lspguid.cpp for information on compiling the sample for use under non NT based versions of Windows. FURTHER INFORMATION For additional information on layered service providers consult the Platform SDK documentation or the book "Network Programming for Microsoft Windows, Second Edition" by Anthony Jones and Jim Ohlund (ISBN 0735615799).
chenbaiyu0414/lsp
lsp example from windows sdk 7.1 (Microsoft SDKs\Windows\v7.1\Samples\netds\winsock\lsp), modified for VS2017
C++