0

Fiddler captures HTTP requests and responses so that you can examine them and debug them. What tools are out there that deliver a similar sort of functionality but for OS-internal requests and responses? Specifically I'm looking for a program that captures Windows-internal calls -- and if none exist, this would be a good opportunity to understand what I don't understand about how the Windows OS works.

For example, Fiddler has a button that says "View in Notepad" which lets you examine a response in Notepad. I want to know what command is executed here in the background that in fact opens up Notepad with the response text in it. I am guessing it should look something like notepad | $text.

miara
  • 847
  • 1
  • 6
  • 12
  • 2
    [Process Monitor](https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) is probably the closest to what you're asking for. – Luke Dec 19 '18 at 01:05

1 Answers1

1

In Windows, there is a message loop

Some links about it

https://learn.microsoft.com/en-us/windows/desktop/winmsg/using-messages-and-message-queues

http://www.fmsinc.com/free/NewTips/NET/NETtip54.asp

https://www.codeproject.com/Articles/33459/%2FArticles%2F33459%2FSpying-Window-Messages-from-the-Inside

A message loop will catch any command, but it works only for your thread. When you write a minimal Windows program in C++ like in the first link, you set up a window and a message loop and catch whatever WM_command is intended for your window.

Other messages that go around inside Windows, intended for other processes can be hooked when you run with admin permissions. This may give you some snippets,

Filtering Windows Messages in a Hook Filter Function

Hope this will help to roll your own hooks. I have no idea if free software exists that does this.

Goodies
  • 1,951
  • 21
  • 26