API Monitoring on a specific process
Question
Just like to monitor some windows api functions in my process named "myprocess.exe".
I Know wide system hooks (Global hooks) can do such thing but I would like to setup it on a specific process only .
Any sample code in C/C++/Python would be helpful, also there are tutorials that can help me it would be nice to share it here with me.
2 answers
solution1
0 2012-04-09 14:10:46
Take a look at "Detours" from Microsoft Research. Also, you can do this with a debugger by setting a breakpoint on the api functions of interest, dumping the arguments, running to the return address, and then dumping the return value. This has the drawback of being a more manual process. Finally, windbg (from the "Debugging Tools for Windows" package) has the wt command which will trace function calls to any depth you specify.
solution2
0 2012-04-11 11:03:18
http://easyhook.codeplex.com/ has a simple C++ API and C# (.NET) API. supports 64bit.
If you just want to monitor for research you can use winapioverride32 (http://jacquelin.potier.free.fr/winapioverride32/). It provides API monitoring and it is open source!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.