mswsock.dll!WSPStartup +0x102b

'mswsock.dll - Microsoft Windows Sockets 2.0 Service Provider' tutorial was cited in a forum post in 2008.

The mswsock.dll - Microsoft Windows Sockets 2.0 Service Provider tutorial was cited in a forum post in 2008.

Subject: mswsock.dll!WSPStartup+0x102b
Date: November 27, 2008
Author: jialg
>I would like to know if anyone knows that why my Windows Application
>is running an Extra Thread (ThreadCount = MyThread'sCount + 1).
>I think that (Extranious) thread was initiated by mswsock.dll 
>executable. But I didn't use this executable for any perticular
>reason. This thread has start address as it is in Subject
>line(mswsock.dll!WSPStartup+0x102b). It can be seen through

It may not easy to figure out the creator of that extra thread
(possibly we need to set breakpoints on CreateThread APIs and trace
who creates the threads), however, mswsock.dll!WSPStartup reminds me
of a technique related to Winsock 2 LSP and spyware Trojans. I'd like
to first make some guesses of the reason for the extra thread, then I
will provide the test steps that can help us narrow down the problem.

My Guesses of the Reason

Guess 1.

mswsock.dll is the DLL that implements the Winsock 2 SPI (Service
Provider Interface) as the Basic Server Provider in the Winsock 2 SPI
ws-Socket.html). Is it possible that some antivirus software or
firewall program injects its DLL into your process to trace the app's
network behaviors and creates that extra thread?

To verify this guess, you may look at the list of DLLs loaded by your
app in Process Explorer -> View menu -> Low Pane View -> DLLs. Are
there any DLLs belonging to your Antivirus software or firewall?
Looking at the complete call-stack of the extra thread may also help.
You can view the call-stack in Process Explorer by double-clicking the
process -> turn to the Threads tab -> double-clicking the extra
thread. Is there any abnormal module name in the call-stack?

Another possibility is some spyware Trojans.
l. The above verification method can also be applied to this
possibility. However, spyware trojans may use the same module name as
Microsoft's modules, thus, we need to pay more attention to the path
of the modules.

Table of Contents

 About This Book

 Reference Citations in 2017

 Reference Citations in 2016

 Reference Citations in 2015

 Reference Citations in 2014

 Reference Citations in 2013

 Reference Citations in 2012

 Reference Citations in 2011

 Reference Citations in 2010

 Reference Citations in 2009

Reference Citations in 2008

 QaTraq Pro API

 Service Oriented Computing for Dynamic Virtual Learning Environments

 Inverted ?

 Migrating files to new computer

mswsock.dll!WSPStartup +0x102b

 MSSQL binary data

 Correct Character Encoding

 Put icons on bookmarks sidebar folders

 Blob Storage via REST from Java?

 java.lang.OutOfMemoryError: unable to create new native thread

 Obróbka filmów VOB

 ASP Search Function

 SSLHandshakeException unable to find valid certification...

 Using response.setContentType to switch HTML to Word

 Automatic Creation of Different Types of Test Subjects

 ISM 6121 Information Systems Implementation


 Time out bei Aufruf von WebService (php-Script)

 Store and retrieve Chinese characters using Coldfusion MX7 and MySQL5.0

 converting VCD player to DVD player


 αρχειο .pl

 Using ASP.Net c# To add/edit/delete data (ms access)

 regarding JDBC

 A UML/SPT Model Analysis Methodology

 Creation d'un nouvel utilisateur sous SQL Server 2000

 No Suitable Driver connecting jdk1.5 with javaDB derby

 Page in Chinese

 Acessar MSAccess com Hibernate

 SiLu – Riktlinjer för spelmotor

 [WebService] come fare?

 JDBC help needed; java.lang.NoClassDefFoundError

 CSV export of tickets has wrong encoding

 MapGuide Manual - Active selections

 Reference Citations in 2007

 Reference Citations in 2006

 Reference Citations in 2005

 Reference Citations in 2004

 Reference Citations in 2003

 PDF Printing Version