Monitoring API calls

views:

234

answers:

+1 Q:

Monitoring API calls

I am doing some reverse engineering and want to know which APIs are called from the executable. I am mostly interested in the APIs called on a particular Windows system DLL.

I guess one way to do that is to get all APIs exposed from the DLL using dumpbin and put breakpoints on all those from Windbg.

Any other approach? This seems like lot of time if I need to monitor many system DLLs.

BTW, I am working on Windows XP and want to monitor one executable which calls some Windows system DLL functions.

I think you can use dependancy walker

Ahmed Said 2009-06-07 12:10:20

dependency walker list dependencies statically.

Alien01 2009-06-07 12:12:57

the latest version does dynamic profiling of DLL loading at run-time

anon 2009-06-07 12:19:47

This CodeProject article dealing with API hooking may be helpful to you.

There are also tools available, like APISpy32 or SpyStudio.

mghie 2009-06-07 12:14:06

+1 A:

You can find a few tools here: http://stackoverflow.com/questions/299261/hook-processes

eran 2009-06-07 12:29:42

+1 Check out the traceapi sample in the Microsoft Research Detours project.

Paul Arnold 2009-10-08 15:43:08

Use the Win32 Kernel Hooking apis, exported by ordinal since NT4
codeproject 'article' is completely obsolete...

2009-06-08 10:10:50

I just had a look at your other answers, and what I see inspires complete confidence indeed.

mghie 2009-06-12 10:55:52

Vulcan Eager 2009-06-09 05:28:22

http://www.autodebug.com

The best api monitor tool (Auto Debug Profressional) can help you to do this. It can monitor all api calls.

2009-09-07 08:10:45

ansaurus

tags:

views:

answers:

Monitoring API calls

related questions