Читаем Windows® Internals, Sixth Edition, Part 1 полностью

The Network Shell (Netsh.exe) utility included with Windows is able to show the registered Winsock transport and namespace providers by using the netsh winsock show catalog command. For example, if there are two TCP/IP transport service providers, the first one listed is the default provider for Winsock applications using the TCP/IP protocol. Here’s sample output from Netsh showing the registered transport service providers:C:\Users\Toby>netsh winsock show catalog Winsock Catalog Provider Entry ------------------------------------------------------ Entry Type: Base Service Provider Description: MSAFD Tcpip [TCP/IP] Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Provider Path: %SystemRoot%\system32\mswsock.dll Catalog Entry ID: 1001 Version: 2 Address Family: 2 Max Address Length: 16 Min Address Length: 16 Socket Type: 1 Protocol: 6 Service Flags: 0x20066 Protocol Chain Length: 1 Winsock Catalog Provider Entry ------------------------------------------------------ Entry Type: Base Service Provider Description: MSAFD Tcpip [UDP/IP] Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Provider Path: %SystemRoot%\system32\mswsock.dll Catalog Entry ID: 1002 Version: 2 Address Family: 2 Max Address Length: 16 Min Address Length: 16 Socket Type: 2 Protocol: 17 Service Flags: 0x20609 Protocol Chain Length: 1 Winsock Catalog Provider Entry ------------------------------------------------------ Entry Type: Base Service Provider Description: MSAFD Tcpip [RAW/IP] Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Provider Path: %SystemRoot%\system32\mswsock.dll Catalog Entry ID: 1003 Version: 2 Address Family: 2 Max Address Length: 16 Min Address Length: 16 Socket Type: 3 Protocol: 0 Service Flags: 0x20609 Protocol Chain Length: 1 . . . Name Space Provider Entry ------------------------------------------------------ Description: Network Location Awareness Legacy (NLAv1) Namespace Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Name Space: 15 Active: 1 Version: 0 Name Space Provider Entry ------------------------------------------------------ Description: E-mail Naming Shim Provider Provider ID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Name Space: 37 Active: 1 Version: 0 Name Space Provider Entry ------------------------------------------------------ Description: PNRP Cloud Namespace Provider Provider ID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Name Space: 39 Active: 1 Version: 0 . . .

You can also use the Autoruns utility from Windows Sysinternals (www.microsoft.com/technet/sysinternals) to view namespace and transport providers, as well as to disable or delete those that might be causing problems or unwanted behavior on the system.

Winsock Implementation

Winsock’s implementation is shown in Figure 7-4. Its application interface consists of an API DLL, Ws2_32.dll (%SystemRoot%\System32\Ws2_32.dll), which provides applications access to Winsock functions. Ws2_32.dll calls on the services of namespace and transport service providers to carry out name and message operations. The Mswsock.dll (%SystemRoot%\System32\mswsock.dll) library acts as a transport service provider for the protocols supported by Microsoft and uses Winsock Helper libraries that are protocol specific to communicate with kernel-mode protocol drivers. For example, Wshtcpip.dll (%SystemRoot%\System32\wshtcpip.dll) is the TCP/IP helper. Mswsock.dll implements the Microsoft Winsock extension functions, such as TransmitFile, AcceptEx, and WSARecvEx.

Windows ships with helper DLLs for TCP/IPv4, TCPv6, Bluetooth, NetBIOS, IrDA (Infrared Data Association), and PGM (Pragmatic General Multicast). It also includes namespace service providers for DNS (TCP/IP), Active Directory (NTDS), NLA (Network Location Awareness), PNRP (Peer Name Resolution Protocol), and Bluetooth.