44

In short: I want to monitor selected calls from an application to a DLL.

We have an old VB6 application for which we lost the source code (the company wasn't using source control back then..). This application uses a 3rd party DLL.

I want to use this DLL in a new C++ application. Unfortunately the DLL API is only partially documented, so I don't know how to call some functions. I do have the functions signature.

Since the VB6 application uses this DLL, I want to see how it calls several functions. So far I've tried or looked at -

  1. APIHijack - requires me to write C++ code for each function. Since I only need to log the values, it seems like an overkill.
  2. EasyHook - same as 1, but allows writing in the code in .NET language.
  3. OllyDbg with uHooker - I still have to write code for each function, this time in Python. Also, I have to do many conversions in Python using the struct module, since most functions pass values using pointers.

Since I only need to log functions parameters I want a simple solution. Is there any automated tool, for which I could tell which functions to monitor and their signature, and then get a detailed log file?

kshahar
  • 10,423
  • 9
  • 49
  • 73

4 Answers4

31

A "static" solution (in the sense it can capture a stack trace on demand) would be Process Monitor.

Process Monitor

A more dynamic solution would be ApiMonitor, but it may be too old to be compatible with the applications to monitor. Worth a try though.

http://www.rohitab.com/gallery/api-monitor-2-0/main-window.png

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • 4
    Seems like it's only monitoring Windows API functions. I need to monitor a non-Windows API DLL. Am I missing something? – kshahar Nov 22 '08 at 12:28
  • Nope, indeed. Even Process Monitor will display your DLL stack, but with "Unknown" for the method. – VonC Nov 22 '08 at 12:45
13

Some more Google searching found what I was looking for: WinAPIOverride32. It allows writing text files such as:

CustomApi.dll|void NameOfFunction(long param1, double& param2);

Later on, these files can be used inside the program to log all calls to NameOfFunction. Now I just need to figure out how to log arrays and structs parameters.

kshahar
  • 10,423
  • 9
  • 49
  • 73
  • 2
    Bah. For me it's not so easy. I'm trying to _find_ the function that Outlook is calling, but I have no idea what function it's calling :/ – Mooing Duck Apr 04 '15 at 00:20
  • I tried downloading WinAPIOverride32 (Jan 2021). Windows 10 identified it as virusy. Also, identified by Chocolatey scan as containing viruses. Probably, most of its code has been used in some viruses here or there, so that's why it's flagged. Not quite sure if I'll try it yet. The older version of the source code is available if you want to try compiling your own version. – RexBarker Jan 14 '21 at 09:12
2

Visual Studio Addin Runtime Flow here:

Runtime Flow in real time monitors and logs function calls and function parameters in your running .NET application and shows a stack trace tree. No instrumentation or source code required for monitoring.

codeDom
  • 1,623
  • 18
  • 54
0

If you just want to see the function interfaces of the DLL, you could try "Dependecies" (https://lucasg.github.io/Dependencies/). This is a nice remake of the DependencyWalker in as OpenSource.

This only allows you to see the dependencies of the DLL, with the corresponding function names (however, not the calling structure). Unfortunately, I don't believe it will tell you which specific functions in a DLL are being used by the calling DLL/EXE.

RexBarker
  • 1,456
  • 16
  • 14