Detours 3.0: Hook all exports in a dll

Asked Aug 16 '16 at 18:46

Active Aug 16 '16 at 18:46

Viewed 248 times

I'm currently having issues figuring out what calls an application is making, and was thinking of implementing a way to hook all of the exports inside of a dll, for example user32.dll, instead of having to hook them one by one in hopes of hooking the correct export that an application is calling. I would be using this code for debugging purposes so then I can add the exports that are getting called to my main code.

I was thinking of implementing this by:

Using Visual Studio's dumpbin and calling /EXPORTS from it to get all of the exports names inside of a dll.
Parsing winuser.h to find the functions from the export names that I obtained earlier from Step 1 and then saving their parameters.
Hooking every export from Step 1 with their corresponding parameter from Step 2.

My question is if this is a good way to go about this, or if this method will work at all?

asked Aug 16 '16 at 18:46

Bcmonks

1

Win32 API spy tools already exist, such as [API Monitor](http://www.rohitab.com/apimonitor). – Remy Lebeau Aug 16 '16 at 19:51
@RemyLebeau You sir, are a god among men. You have saved me countless hours, if not days, of work. – Bcmonks Aug 16 '16 at 21:38

Detours 3.0: Hook all exports in a dll

0 Answers0