Sunday, April 17, 2011

Hook processes

Does anyone know tools like SpyStudio to hook processes? The features I would like to have are:

  • log function calls on other processes
  • GUI
  • scriptable
  • opensource

I already looked at some tools like:

but none really fully satisfies me.

From stackoverflow
  • It likely uses the debugging API and places debug hooks at key points in the application to to trap events. You may even be able to do what you want using ollydbg.

    EDIT: I just looked at the site and saw the demonstration videos and I would say that they almost certainly do this through the debugging API. They likely place breakpoints in the target at the desired function entry points. When a trap event fires, it looks like they use an RPC call to notify the user of their API and allow them to look at what happened and potentially modify some things. Sending back what to do next also in an RPC call. A nice design, but just a glorified debugger.

  • It's not Open Source, but other than that OllyDbg might be what you are looking for. Other useful tools and information can be found on www.openrce.org.

    Jazz : I already knew OllyDbg, but never really used it, and never though I could do this with.
  • You can look at Detours library from Microsoft Research. Its a generic API Hooking library.

    Jazz : I already looked at Detours, but it lacks a GUI.
  • You can use Deviare from the same company that've developed SpyStudio. It lets you hook COM Interfaces. SpyStudio uses this API to monitor functions. It has a database of types that lets you get/set parameter values of any type.

  • WinAPIOverride32

    The primary usage of WinAPIOverride32 is monitoring/logging function calls of other process. It also has plug-in framework, so you could write your own hook handler. And it is open source (GPL).

    Jazz : Never heard about it. Seems great. I'll try it as soon as I can!
  • http://www.autodebug.com

    The best api monitor tool (Auto Debug Profressional) can help you to do this. It can monitor all api calls.

0 comments:

Post a Comment