hook dll calls

PeterBotes · **Joined:** Tue Nov 15, 2011 2:12 pm **Posts:** 63

Hi,

I have a undocumented DLL I want to learn what the function do, I have a list of exported function names but I want to understand what is passed to these functions in more detail.

So my questions is, what is the best way to hook these functions as they are called from another program?

My thoughts are:

1) Create a new DLL in purebasic with same name as original DLL including dummy functions, these dummy functions analyse / log passed parameters then call original function in DLL I have renamed and loaded .

2) Alter export table to jmp to unused space at end of DLL here there will be code to somehow log the called function then jmp/call to a memory resident purebasic app then analyse / log passed parameters before returning and jumping to original code.

Or any other better solutions you can suggest?

Thanks

Pete

Thorium · **Joined:** Sat Aug 15, 2009 6:59 pm **Posts:** 1024

Just use a assembler level debugger. I recomment OllyDbg. It will show you the stack and if a parameter references a string and stuff like that. For analysing thats by far the best way.

PeterBotes · **Joined:** Tue Nov 15, 2011 2:12 pm **Posts:** 63

Thanks Thorium but I wanted to log what the app is running over a day or so so debugging is out of the question, also other hardware is involved that will fail is the debugger breaks out, it needs to be a "in memory logging" type app.

Anyone?

Pete.

Ramihyn_ · **Joined:** Fri Feb 24, 2006 9:40 am **Posts:** 290

Use OllyDbg or IDA to find the parameters of each call in the DLL, then use API Monitor with a custom description of your DLL to record the DLL use.

This assumes that we talk about an unmanaged DLL.

PureBasic Forum

hook dll calls

Who is online