如何查看文件试图调用的API？ [英] How to view what APIs a file tries to call ?

问题描述

有没有办法查看文件尝试在脱机模式下访问的Windows API。我的意思是不是在执行文件的时候，通过分析文件就像反编译一样。



我用Google搜索了足够的东西，但是我找不到我在做什么寻找。 WinAPIoverride32和sandboxie等他们不为我做这个工作。

Is there any way to view to what Windows APIs a file tries to access in offline mode. I mean not when the file is being executed, by analyzing the file like decompiling it.

I googled enough, but I couldn''t find what I''m looking for. WinAPIoverride32 and sandboxie, etc they don''t do the job for me.

推荐答案

是的你可以使用名为的工具取决于现在似乎生活在 www.dependencywalker.com/ [ ^ ]虽然那不是我最后发现的地方所以要谨慎。

它会告诉你程序或DLL静态链接到什么API但当然不是通过调用 LoadLibrary 和 GetProcAddress 来使用它。我使用它来检查我自己的DLL上的接口，看看那些不应该被导出的东西或我没有发现的依赖。

Yes you can use a tool called depends which seems to now live at www.dependencywalker.com/[^] although that''s not where I found it last so have some caution.
It will tell you what API the program or DLL is statically linked to but not of course about anything it uses by calling LoadLibrary and GetProcAddress. I use it a lot to inspect the interfaces on my own DLLs for things that shouldn''t be getting exported or dependencies I hadn''t spotted creeping in.

这篇关于如何查看文件试图调用的API？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！