Reputation: 53
Intercept function calls made to a DLL by an Application
The scenario is the following:
Lets say I have this application "App" that depends on this Library "library.dll". I would like to know the function calls "App" does while its running. Assume I don't have access to the source code of "App" or "library.dll", but I know the name and arguments of every function that exists is "library.dll". Is there any way I can somehow find out which of the functions from "library.dll" are being called by "App"?
I saw a similar questions in stackoverflow: How to intercept dll method calls?
An answer my Mr. Ates Goral intrigued me, he mention writting a wrapperDLL that forwards function calls to the real DLL. I was hoping someone could provide me with some insight as to how this could be accomplished or point me to a place where were I could get information in the matter.
The two parts I am most interested in is having my application load my .dll and how to actually forward the function to the original "library.dll"
Thank You
Upvotes: 4
Views: 3748
Answers (1)
Reputation: 65254
The wrapper DLL works perfect - here is how it works:
Let's assume, the library.dll exports int somefunct(int i, void* o) - you now create your own DLL, with something like
#include <windows.h>
//Declare this for every function prototype
typedef int (*int_f_int_pvoid)(int,void*);
//Declare this for every function
int_f_int_pvoid lib_somefunct
//this snipplet goes into dllmain
...
HINSTANCE hlibdll = LoadLibrary("X:\PATH\TO\renamed_library.dll");
//For every function
lib_somefunct=(int_f_int_pvoid)GetProcAddress(hlibdll,"somefunct");
...
//Again for every function
int somefunct(int i, void* o)
{
//Log the function call and parameters
//...
//Call library.dll
int result=lib_somefunct(i, o);
//Log the result
//...
return result;
}
Export your functions, name the resulting DLL library.dll after renaming the original to renamed_library.dll
Now the target EXE will load (your) library.dll, which in turn will load the (original, but renamed) renamed_library.dll - and whenever the target program calls a function, it will run through your loggin code.
Caveat: Your traget EXE might be multithreaded, so be prepared to have a thread-safe logging mechanism.
I have successfully used this method to debug a strange MAPI issue.
Upvotes: 10
Related Questions
- How to intercept dll method calls?
- Calling a function in an injected DLL?
- Calling functions in a DLL loaded by another process
- Sniffing function calling between application executable file and 3d party library
- How to intercept C library calls in windows?
- Modify dll function call in compiled exe
- How to intercept/overwrite function calls in a .net executable?
- C++ DLL calling a function implemented in the consuming application
- Hooking windows API functions to intercept dll loading (Windows only)
- How to listen to dll function calls