Track Windows API calls across all processes

Question

Track Windows API calls across all processes

I am trying to write an application that will do statistics on the use of certain Windows API functions and DLLs across all running processes (as well as those that are created after starting my application).

After searching the internet, I found several tools that might help - for example WinAPIOverride

, EasyHook

and ProcMon

that use different types of interceptors. Unfortunately, it seems to me that they were not able to do exactly what I need: WinAPIOverride

, EasyHook

can only connect certain processes that need to choose and ProcMon

has no interface, which I can use to monitor API calls that I need.

I am also wondering if this type of connection can interoperate with Python code or at least C # environment.

I would like to hear some suggestions on how this can be done.

+3

python c # windows tracing hook

user1510543 11 jul. 15 at 12:03

source to share

1 answer

Jeremy Thompson · Answer 1 · 2015-07-11T12:18:08+0000

This article may not be the holy grail for what you are trying to do, but of course continue on your search:

http://www.codeproject.com/Articles/2082/API-hooking-revealed

I'm not 100% sure if this is the article I was thinking about to listen to ProcMon. After further research, I'm pretty sure this was the EasyHook I was thinking about: http://www.codeproject.com/Articles/27637/EasyHook-The-reinvention-of-Windows-API-hooking

Also ETW can be another way to research: http://www.codeproject.com/Articles/570690/Application-Analysis-with-Event-Tracing-for-Window

Track Windows API calls across all processes

More articles: