The following properties are available for the Net verification layer. To set the properties, select the Networking provider in the Application Verifier user interface, and open the Property Window.

The FragmentsEnabled property enables functionality in the Networking verifier provider to facilitate testing and verification of an application parsing TCP streams off of a network. Once enabled, all calls to Winsock to receive data will only receive up to FragmentSize bytes unless the application specifically requires the entire buffer filled before returning (controlled by the MSG_WAITALL flag). Since neither the TCP protocol nor Winsock provide any guarantees about the number of bytes possibly returned into a buffer, enabling this check will facilitate verifying that the code parsing the stream of data off of the network does so correctly, independently of the number of bytes received per call to Winsock. Issues in stream parsers have been a source of high-profile bugs, and these properties are provided to ease verification of correctness, as this is particularly difficult to test. Note: This does not change the data returned � it only slows it down at a specific rate: the application should behave exactly same fashion with this enabled or disabled.

The following command line enables the fragmentation of all incoming TCP streams to all TCP IPv4 and IPv6 sockets created in myApp.exe and all binaries loaded by myApp.exe.

�	Copy Code
appverif -enable Networking -for myApp.exe -with Networking.FragmentsEnabled=True Networking.FragmentSize=10

!avrf -net -socket count displays open and closed socket handle count

!avrf -net -socket dump [-v] [HANDLE] displays socket handle(s), verbosely or not.

!avrf -net -wsastacks displays the current WSA init count and chronological list of stack traces for WSAStartup/WSACleanup.

!avrf -net -wsastacks count displays the current WSA init count.

!avrf -net -socket count

This command will give the overall number of socket handles that are being tracked, both opened and closed. Note that these are tracked in a circular queue, so there is a ceiling to the total being tracked. Sockets are added to the opened list when one of the Winsock APIs which allocates a socket handle is called. For example, socket(), WSASocket(), accept(). Sockets are moved from the opened list to the closed list when the closesocket() function is called on that socket handle.

!avrf -net -socket dump [-v] [HANDLE]

This command will enumerate the socket handles. "-socket dump" will list all tracked opened and closed socket handles by their SOCKET values. The optional -v flag will additionally print the open or close call stack immediately after printing each SOCKET value. The optional HANDLE field will list only the specified SOCKET handle and its open or close call stack.

Here are example of the various -socket usage options:

�

Copy Code

0:008> !avrf -net -socket count Number of open socket handles = 16 Number of closed socket handles = 12 0:008> !avrf -net -socket dump CLOSED SOCKET HANDLE - 0x47c CLOSED SOCKET HANDLE - 0x2cc CLOSED SOCKET HANDLE - 0x8c4 CLOSED SOCKET HANDLE - 0x6bc CLOSED SOCKET HANDLE - 0x44c CLOSED SOCKET HANDLE - 0x578 CLOSED SOCKET HANDLE - 0x6f4 CLOSED SOCKET HANDLE - 0x5b4 CLOSED SOCKET HANDLE - 0x4d8 CLOSED SOCKET HANDLE - 0x3cc CLOSED SOCKET HANDLE - 0x4fc CLOSED SOCKET HANDLE - 0x4e0 OPEN SOCKET HANDLE - 0xfd4 OPEN SOCKET HANDLE - 0x7d8 OPEN SOCKET HANDLE - 0xf8c OPEN SOCKET HANDLE - 0xf88 OPEN SOCKET HANDLE - 0xae0 OPEN SOCKET HANDLE - 0xe58 OPEN SOCKET HANDLE - 0xdfc OPEN SOCKET HANDLE - 0xcf8 OPEN SOCKET HANDLE - 0xa18 OPEN SOCKET HANDLE - 0x7a0 OPEN SOCKET HANDLE - 0x7b0 OPEN SOCKET HANDLE - 0x534 OPEN SOCKET HANDLE - 0xcdc OPEN SOCKET HANDLE - 0x1f0 OPEN SOCKET HANDLE - 0x444 OPEN SOCKET HANDLE - 0x8bc 0:008> !avrf -net -socket dump -v 0x47c The socket handle is closed vfNet!VfHookclosesocket WININET!ICSocket::_UnSafeCloseSocket WININET!ICSocket::Dereference WININET!CFsm_GetConnection::RunSM WININET!CFsm::Run WININET!DoFsm WININET!HTTP_REQUEST_HANDLE_OBJECT::OpenConnection_Fsm WININET!CFsm_OpenConnection::RunSM WININET!CFsm::Run WININET!DoFsm WININET!HTTP_REQUEST_HANDLE_OBJECT::OpenConnection WININET!HTTP_REQUEST_HANDLE_OBJECT::MakeConnection_Fsm WININET!CFsm_MakeConnection::RunSM WININET!CFsm::Run WININET!DoFsm WININET!HTTP_REQUEST_HANDLE_OBJECT::SendRequest_Fsm WININET!CFsm_SendRequest::RunSM WININET!CFsm::Run WININET!DoFsm WININET!HTTP_REQUEST_HANDLE_OBJECT::HttpSendRequest_Start WININET!CFsm_HttpSendRequest::RunSM WININET!CFsm::Run WININET!CFsm::RunWorkItem SHLWAPI!ExecuteWorkItemThreadProc vfbasics!AVrfpRtlWorkerCallback ntdll!RtlpTpWorkCallback ntdll!TppWorkerThread kernel32!BaseThreadInitThunk ntdll!__RtlUserThreadStart ntdll!_RtlUserThreadStart

!avrf -net -wsastacks [count]

[background] Winsock requires application developers to call the WSAStartup() at least once before making any Winsock calls. This is tracked by Winsock process-wide. The initial reference count instructs a Winsock library (ws2_32.dll) to initialize and load the Winsock catalog and providers. Further calls to WSAStartup increments that reference count. Winsock also requires application developers to call WSACleanup() when they have 'finished'calling into Winsock. The calls to WSACleanup must be paired correctly with a prior call to WSAStartup(). The call to WSACleanup() decrements the process-wide reference count. When the reference count falls to zero, Winsock releases its resources and unloads the Winsock catalog and providers.

This command will give the overall reference count value of the current "WSAStartup" initialization routine and lists the call stacks to calls to WSAStartup and WSACleanup made within the process. Note that this is maintained within a fixed circular queue, so it is not guaranteed to be complete - only the N most recent calls.

Here are example of the various -wsastacks usage options:

�

Copy Code

0:008> !avrf -net -wsastacks count Current WSARefCount: 1 (WSAStartup call count minus WSACleanup call count for the target process) 0:008> !avrf -net -wsastacks Current WSARefCount: 1 (WSAStartup call count minus WSACleanup call count for the target process) THREAD ID: 0xe4c called WSAStartup vfNet!WSAInitStacks<NetAllocatorViaPrivateHeap>::AddWSAStackTrace vfNet!VfHookWSAStartup WININET!LoadWinsock WININET!GlobalDataInitialize WININET!InternetSetOptionA WININET!InternetSetOptionW IEFRAME!LCIEUpdateSessionStartTime IEFRAME!LCIETab_ThreadProc iertutil!_IsoThreadProc vfbasics!AVrfpStandardThreadFunction kernel32!BaseThreadInitThunk ntdll!__RtlUserThreadStart ntdll!_RtlUserThreadStart