问题
I am doing some reverse engineering and want to know which APIs are called from the executable. I am mostly interested in the APIs called on a particular Windows system DLL.
I guess one way to do that is to get all APIs exposed from the DLL using dumpbin and put breakpoints on all those from Windbg.
Any other approach? This seems like lot of time if I need to monitor many system DLLs.
BTW, I am working on Windows XP and want to monitor one executable which calls some Windows system DLL functions.
回答1:
http://www.rohitab.com/apimonitor/
API Monitor does exactly what you're looking for. However, there are too many API calls listed and it becomes very difficult to analyse.
Here's a downloadable screenshot.
回答2:
I think you can use dependancy walker
回答3:
Use the Win32 Kernel Hooking apis, exported by ordinal since NT4
codeproject 'article' is completely obsolete...
回答4:
This CodeProject article dealing with API hooking may be helpful to you.
There are also tools available, like APISpy32 or SpyStudio.
来源:https://stackoverflow.com/questions/961779/monitoring-api-calls