?
Solved

intercepting DLL

Posted on 1998-01-29
8
Medium Priority
?
316 Views
Last Modified: 2013-12-03
I want my program  execute and application and
then intercept all DLL calls it sends/receives.

How can I do that?
0
Comment
Question by:jct052097
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 22

Expert Comment

by:nietod
ID: 1410620
you probably (realisically) can't.

The only way I can see to do it would be to modify the EXE's  import jump table.  You would have to change each entry to point to a procedure of yours that does the monitoring and then jumps to the original procedure.  The jump table is read only, however, you can get arround it somehow.  (I know this because debugers get arround it somehow.)
0
 
LVL 2

Expert Comment

by:anichini
ID: 1410621
nope, neitod, you can.

Matt Pietrek wrote an article a long while back in the Microsoft Systems Journal about a program called APISPY32 that intercepts API calls. It's somewhere in the back issues of MSJ on MSDN, but I think it's in the 1995 issues.

0
 
LVL 15

Expert Comment

by:Tommy Hui
ID: 1410622
The answer is yes and no.

If you are doing this in Win16, you can find out where the DLL is located using LoadLibrary() and for each exported function, overwrite the first 5 bytes of the function to a JMP xxxx where xxxx is your DLL's function, and this will work for every application because this is how Win16 works.

However, if you want this behavior in Win32, you basically can't. You can do it for a single application because you can write a debugger (as nietod suggested). This is basically what Matt's article is about. However, this may or may not be the behavior you're interested in.

If you really want to do this for every single application, you can write a replacement DLL and rename the OS's DLL and make sure your DLL has the same name. Then internally, you can use LoadLibrary to load the renamed OS's DLL and call that through GetProcAddress(). This is clunky and almost always require a reboot because there may already be an application using that DLL to begin with.

0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 1

Author Comment

by:jct052097
ID: 1410623
sorry!!!
I wanted to say DDE, not DLL.
I have two programs that communicate each other
by DDE (I think; is there any other way?).

And I would like to monitor them, and
if possible, change the info.



0
 
LVL 15

Expert Comment

by:Tommy Hui
ID: 1410624
Then that's easy. When you use DdeInitialize(), you can use the APPCLASS_MONITOR flag to specify that you want to monitor all DDE messages.


0
 
LVL 22

Expert Comment

by:nietod
ID: 1410625
That explains your weird terminology.  I though sending/receiving calls was a little unusual.
0
 
LVL 1

Author Comment

by:jct052097
ID: 1410626
thui,

 Please, can you explain me it a little more?
I never have programmed DDE applications.

Just tell me how to start or give a simple example.
I'll grade you.

0
 
LVL 15

Accepted Solution

by:
Tommy Hui earned 200 total points
ID: 1410627
You should then get a book on DDE programming. Basically you register a callback function with DDE that it should receive messages much like a WndProc. You should take a look at the online help for DdeInitialize() and use the APPCLASS_MONITOR flag.


0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question