Win32API Tracer Application
TNPLibrary aims at creating an OpenSource Tracing & Patching application that lets you trace any Win32API method from a target process with the ability to patch it at runtime dynamically.
Currently Tracing part is complete and a working version of Tracer is available for Download from SourceForge
Currently offers the ability to:
- Pause/Resume the capture
- Select different functions to trace
- Save the capture logs
Currently has the ability to trace:
- Process/Thread creation/termination
- Registry Key Creation/Deletion
- Socket connection/bind/accept
- CreateFile/CreateWindow/CreateDialog
- more...
Tracer.exe Usage Instructions:
- After downloading the zip file from the above link, Start the "Tracer.exe" application from the "DynamicLinked" or "StaticLinked" directory.
- Enter the command line arguments for the target application
- Click on "Start" button.
This should display a window listing the API calls made by the target application.
The File|Save option can be used to save the log entries.
How to Select different functions to Trace?
The set of functions traced by the Tracer.exe are present in the "FuncXml.xml"
file that resides in the same directory as Tracer.exe. If you would like to
select different set of functions to trace, then you can modify the FuncXml.xml
and the next time when Tracer.exe starts it will use the modified set. You can
modify the FuncXml.xml file using the "EditTraceOptions.exe" application.
Usage Instructions for the "EditTraceOptions.exe" are:
- Start the "EditTraceOptions.exe"
- Click on the "Load" button on the lower right corner of the form. When the
file dialog appears, select the "FuncXml.xml" (from the Tracer.exe's directory)
- Once the file is loaded, currently traced functions are check-marked in
left-side tree. Modify the check box selections as you like.
- Once the required functions are selected, click on the "Save" button on
the lower right corner of the form. When the dialog appears, overwrite the
previous "FuncXml.xml" file.
Once the modified "FuncXml.xml" is saved, it will be used automatically the next
time "Tracer.exe" is used.
Complete development source code can be downloaded from the SVN repository of sourceforge project page
By
P.Gopalakrishna
Homepage Other Articles