5

I am doing some reverse engineering and want to know which APIs are called from the executable. I am mostly interested in the APIs called on a particular Windows system DLL.

I guess one way to do that is to get all APIs exposed from the DLL using dumpbin and put breakpoints on all those from Windbg.

Any other approach? This seems like lot of time if I need to monitor many system DLLs.

BTW, I am working on Windows XP and want to monitor one executable which calls some Windows system DLL functions.

anand
  • 11,071
  • 28
  • 101
  • 159

4 Answers4

7

http://www.rohitab.com/apimonitor/

API Monitor does exactly what you're looking for. However, there are too many API calls listed and it becomes very difficult to analyse.

Here's a downloadable screenshot.

RolfBly
  • 3,612
  • 5
  • 32
  • 46
Agnel Kurian
  • 57,975
  • 43
  • 146
  • 217
0

I think you can use dependancy walker

Ahmed
  • 7,148
  • 12
  • 57
  • 96
0

Use the Win32 Kernel Hooking apis, exported by ordinal since NT4
codeproject 'article' is completely obsolete...

  • I just had a look at your other answers, and what I see inspires complete confidence indeed. – mghie Jun 12 '09 at 10:55
-1

This CodeProject article dealing with API hooking may be helpful to you.

There are also tools available, like APISpy32 or SpyStudio.

mghie
  • 32,028
  • 6
  • 87
  • 129