Reputation: 7210
How to intercept C library calls in windows?
I have a devilish-gui.exe, a devilish.dll and a devilish.h from a C codebase that has been lost.
devilish-gui is still used from the customer and it uses devilish.dll
devilish.h is poorly documented in a 30-pages pdf: it exposes a few C functions that behave in very different ways according to the values in the structs provided as arguments.
Now, I have to use devilish.dll to write a new devilish-webservice. No, I can't rewrite it.
The documentation is almost useless, but since I have devilish-gui.exe I'd like to write a different implementation of the devilish.h so that it log function's call and arguments in a file, and than calls the original dll function. Something similar to what ltrace does on linux, but specialized for this weird library.
How can I write such "intercepting" dll on windows and inject it between devilish.dll and devilish-gui.exe?
Upvotes: 2
Views: 1709
Answers (1)
Reputation: 13932
A couple of possibilities:
- Use Detours.
- If you put your implementation of
devilish.dllin the same directory asdevilish-gui.exe, and move the real implementation ofdevilish.dllinto a subdirectory, Windows will load your implementation instead of the real one. Your implementation can then forward to the real one. I'm assuming thatdevilish-guiisn't hardened against search path attacks. - Another approach would be to use IntelliTrace to collect a trace log of all the calls into
devilish.dll.
Upvotes: 3
Related Questions
- How to intercept dll method calls?
- How to trace dynamically loaded library calls with ltrace
- How to identify what calls are made to a DLL?
- How to see which function a dll (c) exe calls?
- Library for logging Call Stack at runtime (Windows/Linux)
- Sniffing function calling between application executable file and 3d party library
- Log DLLs loaded by a process
- Intercept function calls made to a DLL by an Application
- What is the easiest way of intercepting library calls in Windows?
- How to listen to dll function calls