0

I have to spy on a C++ DLL. I would like to insert trace calls inside the assembly code, e.g modifying the code to put a small code that would trace some variable into a text file. I do not have access to the runtime of the machine where the dll is used, I only can access the storage, so I cannot spy dynamically using IDA debug, I must put some files with spy code inside and then start the machine, run it then shutdown the machine and get back the trace files eventually created in the storage.

Is there some way to automate that spy code insertion using IDA Pro for example or a similar tool. I have decompiled the Dll using Hex-Ray and, yes I could modify the C source code and plant the functions there but unfortunately Hex-Ray cannot reverse all the code , only like 90%, and then I cannot use that way.

CloudyMarble
  • 36,908
  • 70
  • 97
  • 130

1 Answers1

0

Seeing as this a dll, you can use the wrapgen IDA plugin to create a wrapper DLL that calls the original and insert whatever tracking and tracing code you need.

In more advanced cases you can use the wrapper dll to dynamically patch the original dll if you need to monitor function local variables.

Necrolis
  • 25,836
  • 3
  • 63
  • 101
  • I have the spy dll already but that does not work . The software has a file protection system that prevent using that sort of interception/ proxy Dll. I think I could maybe slightly insert some tracing code directly inside the disassembly code and that would work. –  Feb 07 '13 at 20:14