Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Intercept function calls made to a DLL by an Application

Tags:

c++

function

dll

The scenario is the following:

Lets say I have this application "App" that depends on this Library "library.dll". I would like to know the function calls "App" does while its running. Assume I don't have access to the source code of "App" or "library.dll", but I know the name and arguments of every function that exists is "library.dll". Is there any way I can somehow find out which of the functions from "library.dll" are being called by "App"?

I saw a similar questions in stackoverflow: How to intercept dll method calls?

An answer my Mr. Ates Goral intrigued me, he mention writting a wrapperDLL that forwards function calls to the real DLL. I was hoping someone could provide me with some insight as to how this could be accomplished or point me to a place where were I could get information in the matter.

The two parts I am most interested in is having my application load my .dll and how to actually forward the function to the original "library.dll"

Thank You

like image 884
Arnulfo Arroyo Avatar asked Oct 19 '25 23:10

Arnulfo Arroyo

1 Answers

The wrapper DLL works perfect - here is how it works:

Let's assume, the library.dll exports int somefunct(int i, void* o) - you now create your own DLL, with something like

#include <windows.h>

//Declare this for every function prototype
typedef int (*int_f_int_pvoid)(int,void*);

//Declare this for every function
int_f_int_pvoid lib_somefunct


//this snipplet goes into dllmain
...
HINSTANCE hlibdll = LoadLibrary("X:\PATH\TO\renamed_library.dll");
//For every function
lib_somefunct=(int_f_int_pvoid)GetProcAddress(hlibdll,"somefunct");
...


//Again for every function    
int somefunct(int i, void* o)
{
    //Log the function call and parameters
    //...

    //Call library.dll
    int result=lib_somefunct(i, o);


    //Log the result 
    //...

    return result;
}

Export your functions, name the resulting DLL library.dll after renaming the original to renamed_library.dll

Now the target EXE will load (your) library.dll, which in turn will load the (original, but renamed) renamed_library.dll - and whenever the target program calls a function, it will run through your loggin code.

Caveat: Your traget EXE might be multithreaded, so be prepared to have a thread-safe logging mechanism.

I have successfully used this method to debug a strange MAPI issue.

like image 140
Eugen Rieck Avatar answered Oct 22 '25 12:10

Eugen Rieck
Sign in to Comment

Related questions

Why is the KeyEqual of std::unordered_map not used by its operator==?
C++23: How to erase a subrange from vector
Measuring the tradeoff of loop unrolling
C++ return reference variable in prefix overloading

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!