Winsock monitor command line tool

We require a command line executable and injectable DLL to monitors a specified process' winsock activity and log it to a file. Executable: [login to view URL] -dll=[path to DLL] -log=[path to output log] -cmd=[path to executable] [command line arguments] * Launches executable specified by cmd argument with the command line arguments specified. * Injects dll into the process * Informs DLL of the location of the log file (via IPC, registry, other other mechanism) [login to view URL] This DLL is injected into the process. It monitors winsock activity and logs this (and some other information) to the log. It also records the process name, SHA256 checksum and file info during process start. It also records when the process ends. Tracks name lookups ## Deliverables The log file content/format is critical to delivery, and an example has been included below: (MSN Live/Messenger has been used as example data) [start] PID: 2345 Time: (process start time here, in UTC time) Image: [login to view URL] Path: C:\Program Files\Windows Live\Messenger File Description: Windows Live Messenger File Version: 14.0.8117.416 Product Name: Windows Live Messenger Size: 3872080 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 [function] Name: gethostbyname Thread ID: 0 Time: (utc time) Hostname: [login to view URL] IP Address: [login to view URL], [login to view URL] (may be one or more than one result) [function] Name: Send Thread ID: 455 Time: (time in UTC) Socket ID: 4678 Local: [login to view URL] [localhost]. (IP is assumed always to be [login to view URL] unless can be otherwise determined) Remote: [login to view URL] [[login to view URL]](remote IP and port, and last resolved hostname) Size: (length of data in bytes) Data: 00 BB FF CC 2A 00 41 (show entire buffer as space delimited hex). [end] Time: (process end time, in UTC time) Many functions require host name/ip data to be logged. This may not directly be available and may need be inferred from the available socket information. Therefore all host name resolution functions and connects/disconnects should be tracked and logged to ensure this information is available when needed. The following winsock functions should be tracked. Each should have a UTC timestamp, the name of the function, and the thread ID. Some require additional information to be logged: Any functions not shown below should return only the basic information required above. This includes functions listed as obsolete (eg GetAddrInfo) Async functions must, of course, be logged on the callback wherever the log requires that result data is saved. * AcceptEx, ConnectEx Include the following items in the log: Socket ID, Local Port, Remote IP address/host/port. Data Length ("size") if data was transmitted Hex reprentation of the entire contents of the buffer if data was transmitted * Accept, Bind, listen, CloseSocket, Connect, DisconnectExm, WSAAccept, Include the following items in the log: Socket ID Local Port, Remote IP address/host/port, wherever obtainable (from socket or from tracking connects/[login to view URL]). * WSAConnectByList Include the following items in the log: Socket ID Local Port, Remote IP address/host/port, wherever obtainable (from socket or from tracking connects/[login to view URL]). Should include connection info for each item in the list (Named 'Remote1' 'Remote2' etc) * getaddrinfo, GetAddrInfoW Include the following items in the log: Requested hostname, resolved IP address(es). * GetAddrInfoEx, SetAddrInfoEx, WSAAsyncGetHostByName Include the following items in the log: Requested hostname, servicename/port, namespace (as a string reprentation of the constant rather than the constant itself), resolved IP address. * recv, send, recvfrom, sendto, TransmitPackets, * WSARecv, WSARecvEx, WSARecvDisconnect, WSARecvFrom, WSARecvMsg, * WSASend, WSASendDisconnect, WSASendMsg, WSASendTo Include the following items in the log: Socket ID, Local Port, Remote IP address/host/port. Data Length ("size") if data was transmitted Hex reprentation of the entire contents of the buffer * TransmitFile, Include the following items in the log: Filespec/name and checksum. Socket ID, Local Port, Remote IP address/host/port. Number of bytes to send Number of bytes to write (Data itself is not recorded) * WSAConnect Include the following items in the log: Socket ID, Local Port, Remote IP address/host/port. Data Length ("size") if data was transmitted Hex reprentation of the entire contents of the buffer if data was transmitted Data Length ("size") if data was received Hex reprentation of the entire contents of the buffer if data was received We will use this MSDN article as our reference: [login to view URL]%28v=VS.85%[login to view URL] Testing: The applicaiton will be tested against MSN Live/Messenger, Internet Explorer 8, and Google Chrome 12. Wireshark trace logs will be compared to the logs generated here to determine if the messages and data are as expected. Windows Internals' process monitor logs will also be compared to the logs generated here to determine accuract of API call logging. The project will be considered acceptable if there is a 90% correlation of tests and logs averaged across all three products. * * *This broadcast message was sent to all bidders on Thursday Jul 28, 2011 1:07:37 PM: I have a lot of well-qualified looking reasonable bids to decide between. To help me pick the winner, please provide some additional information. I have other projects that depend on this one, so please provide your typical hourly rate (these are fixed projects, but it helps me estimate) and whether you are full time freelance or part time. I'll assume anyone who doesn't respond isn't likely to provide as much communication as the ongoing projects will need.