监控API调用 [英] Monitoring API calls

问题描述

我正在做一些逆向工程，并想知道从可执行文件中调用哪些API。我主要感兴趣的是在特定Windows系统DLL上调用的API。

我想有一种方法是使用dumpbin将所有的API暴露在DLL中所有来自Windbg的断点。

任何其他方法？如果我需要监视许多系统DLL，这似乎是很多时间。

BTW，我在Windows XP上工作，想要监视一个可执行文件，它调用一些Windows系统DLL功能。

解决方案

http://www.rohitab.com/apimonitor/

API监视器完全符合您的要求。但是，列出了太多的API调用，并且很难分析。

这是一个可下载的截图。

I am doing some reverse engineering and want to know which APIs are called from the executable. I am mostly interested in the APIs called on a particular Windows system DLL.

I guess one way to do that is to get all APIs exposed from the DLL using dumpbin and put breakpoints on all those from Windbg.

Any other approach? This seems like lot of time if I need to monitor many system DLLs.

BTW, I am working on Windows XP and want to monitor one executable which calls some Windows system DLL functions.

解决方案

http://www.rohitab.com/apimonitor/

API Monitor does exactly what you're looking for. However, there are too many API calls listed and it becomes very difficult to analyse.

Here's a downloadable screenshot.

这篇关于监控API调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！