Click here to Skip to main content
15,867,141 members
Please Sign up or sign in to vote.
5.00/5 (2 votes)
See more:
Hello.. I am interested to know how its possible to output the api calls of a windows executable to a textbox or win forms control.

here is a bit of output from a sandbox analyzer which is the type of output I am looking for

VB
Executing: C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
VirtualAllocEx(C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe, MEM_COMMIT MEM_RESERVE MEM_TOP_DOWN, PAGE_READWRITE, RegionSize=0x000C2000) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(AVICAP32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(WINMM.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(VERSION.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(MSVFW32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(SHELL32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(SHLWAPI.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(COMCTL32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(WINSPOOL.DRV) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(COMDLG32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(WS2_32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(NSI.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(MSWSOCK.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(MSIMG32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(MPR.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(NETAPI32.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(netutils.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(srvcli.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(wkscli.dll) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(BROWCLI.DLL) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(SCHEDCLI.DLL) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]
LoadLibrary(SAMCLI.DLL) [c:\program files (x86)\teamviewer\version8\teamviewer.exe]


I know my question is a bit vague but I am wanting to learn how to achieve this output in vb.net


thank you in advance..
Posted
Comments
Sergey Alexandrovich Kryukov 12-Apr-13 12:33pm    
Well, very interesting question. :-) My 5 for this post.
—SA
Dale 2012 12-Apr-13 12:41pm    
Is there a way to hook the windows messaging service to output the API calls of a executable to a textbox or am I off course?

1 solution

Take a look at
Microsoft Research: Detours[^]
You could intercept the API calls of interest and add code to put the log output to your TextBox or however you want to log them.
We used this for injecting/testing specific failures to the calls in addition to logging the call with it's arguments.
 
Share this answer
 
Comments
Dale 2012 13-Apr-13 10:00am    
How were you able to intercept the API calls?... this was my original question and then output it to a textbox?... is there not some way pragmatically to accomplish this?
Steve44 13-Apr-13 17:04pm    
In our case we identified a DLL the app was loading and we replaced it with a modified version that was using Detours to inject the API interceptions. Then we used shared memory to configure the failures we wanted to force and were logging to a different memory buffer.
An external app was reading a database to configure the failure injections and reading the logging buffer, putting the results back into the database. In your case you could have this external app just populate the TextBox with the contents of the log buffer.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900