intercepting DLL

I want my program  execute and application and
then intercept all DLL calls it sends/receives.

How can I do that?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

you probably (realisically) can't.

The only way I can see to do it would be to modify the EXE's  import jump table.  You would have to change each entry to point to a procedure of yours that does the monitoring and then jumps to the original procedure.  The jump table is read only, however, you can get arround it somehow.  (I know this because debugers get arround it somehow.)
nope, neitod, you can.

Matt Pietrek wrote an article a long while back in the Microsoft Systems Journal about a program called APISPY32 that intercepts API calls. It's somewhere in the back issues of MSJ on MSDN, but I think it's in the 1995 issues.

Tommy HuiEngineerCommented:
The answer is yes and no.

If you are doing this in Win16, you can find out where the DLL is located using LoadLibrary() and for each exported function, overwrite the first 5 bytes of the function to a JMP xxxx where xxxx is your DLL's function, and this will work for every application because this is how Win16 works.

However, if you want this behavior in Win32, you basically can't. You can do it for a single application because you can write a debugger (as nietod suggested). This is basically what Matt's article is about. However, this may or may not be the behavior you're interested in.

If you really want to do this for every single application, you can write a replacement DLL and rename the OS's DLL and make sure your DLL has the same name. Then internally, you can use LoadLibrary to load the renamed OS's DLL and call that through GetProcAddress(). This is clunky and almost always require a reboot because there may already be an application using that DLL to begin with.

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

jct052097Author Commented:
I wanted to say DDE, not DLL.
I have two programs that communicate each other
by DDE (I think; is there any other way?).

And I would like to monitor them, and
if possible, change the info.

Tommy HuiEngineerCommented:
Then that's easy. When you use DdeInitialize(), you can use the APPCLASS_MONITOR flag to specify that you want to monitor all DDE messages.

That explains your weird terminology.  I though sending/receiving calls was a little unusual.
jct052097Author Commented:

 Please, can you explain me it a little more?
I never have programmed DDE applications.

Just tell me how to start or give a simple example.
I'll grade you.

Tommy HuiEngineerCommented:
You should then get a book on DDE programming. Basically you register a callback function with DDE that it should receive messages much like a WndProc. You should take a look at the online help for DdeInitialize() and use the APPCLASS_MONITOR flag.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.