CODEWITHSUNDEEP
c#pythonwindowshooktrace
Ronyis
Ronyis

Reputation: 1953

Tracing Windows API calls over all processes

I am trying to write an application that will make statics over the usage of certain functions and DLLs of Windows API over all the running processes (as well as ones that are created after my application has started).

After searching the internet I have found several tools that may help - such as WinAPIOverride, EasyHook and ProcMon, which use different kind of hooks. Unfortunately, it seems for me that they are not able to make exactly what I need: WinAPIOverride, EasyHook can hook only certain processes that one should choose, and ProcMon doesn't have an interface that I can use to trace calls of API that I need.

I also wonder if this kind of hooking could interface with a Python code, or at least C# environment.

I would like to hear some suggestions for how this could be done.

Upvotes: 3

Views: 4334

Answers (1)

Jeremy Thompson
Jeremy Thompson

Reputation: 65554

This article may not be the holy grail for what you're trying to do but certainly will get you further in your quest:

http://www.codeproject.com/Articles/2082/API-hooking-revealed

I'm not 100% sure that is the article I was thinking of for tapping into ProcMon.. After further research I'm pretty sure it was EasyHook I was thinking about: http://www.codeproject.com/Articles/27637/EasyHook-The-reinvention-of-Windows-API-hooking

Also ETW might be another avenue to investigate: http://www.codeproject.com/Articles/570690/Application-Analysis-with-Event-Tracing-for-Window

Upvotes: 2

Related Questions