i trying write application make statics on usage of functions , dlls of windows api on all running processes (as ones created after application has started).
after searching internet have found several tools may - such winapioverride, easyhook , procmon, use different kind of hooks. unfortunately, seems me not able make need: winapioverride, easyhook can hook processes 1 should choose, , procmon doesn't have interface can use trace calls of api need.
i wonder if kind of hooking interface python code, or @ least c# environment.
i hear suggestions how done.
this article may not holy grail you're trying further in quest:
http://www.codeproject.com/articles/2082/api-hooking-revealed
i'm not 100% sure article thinking of tapping procmon.. after further research i'm pretty sure easyhook thinking about: http://www.codeproject.com/articles/27637/easyhook-the-reinvention-of-windows-api-hooking
also etw might avenue investigate: http://www.codeproject.com/articles/570690/application-analysis-with-event-tracing-for-window
Comments
Post a Comment