Uninformed: Informative Information for the Uninformed

Vol 4» 2006.Jun


The Solution

If one is stuck in the unfortunate position of being forced to support software running under McAfee Internet Security Suite 2006, one potential solution to this problem is to manually serialize all calls to select (and other functions that create or destroy sockets, such as socket and the WSASocket family of functions). This approach has worked in practice, and is perhaps the least invasive solution to the flawed LSP.

An alternative solution is to bypass the LSP entirely and instead call directly to the kernel sockets driver (AFD.sys). However, this entails determining the actual handle associated with a socket (the handle returned by the McAfee LSP is in fact not the underlying socket handle), as well as relying on the as of yet officially undocumented AFD IOCTL interface.

From McAfee's perspective, the solution is fairly simple: correctly serialize access to internal data structures from function calls that are made from multiple threads concurrently.