Hi Coders,
I want to monitor specific Windows APIs on external applications, using API hooking.
I'd like to write in a text file ([login to view URL]) all Windows functions that I'd like to hook. For example, the file could
contain:
---
Kernel32!CreateFileA(str, int, none, none, none, none, none)
User32!MessageBoxA(none, str, str, none)
---
So, you can create a DLL that will be injected in a new process to launch (via CreateProcess) and hook those APIs by writing a direct jump on the start of that API to our DLL hook. You can use external tools like Elicz Apihooking or your own code to do the API hooking.
Once that it's hooked, the application will start normally.
What I want is that your DLL will hook the functions in [login to view URL] and will create a log with the "caller module name" and also a description of all parameters that we are specifying for each function. That is, in the above example:
Kernel32!CreateFileA(str, int, none, none, none, none, none)
That means that CreateFileA takes 7 parameters and I'd like to log as string (str) the first parameter and also log the value (int) of the second parameter. The rest of arguments (none) are not logged.
For example, an example of log for the above example (supose that "[login to view URL]" calls CreateFileA) would be:
[login to view URL] --> CreateFileA("C:\test\[login to view URL]", 0x112233, none, none, none, none, none)
Requirements:
1) The application is a command line application. Where we pass as parameter the process to launch, the file which contains all the hooks to log ([login to view URL]) and the output log file name.
2) The solution will be coded in C/C++ using Visual Studio
3) The solution will work for either x32 applications and x64 applications
4) The solution will work with UNICODE strings in case that the string to log contain UNICODE chars (from a path name, etc)
If you have any questions, just drop me a line.
Best Regards,