How to show all the related API's of the DLL's of the running processes?

Question

0.00/5 (No votes)

See more:

I want to create a system similar to Api Monitoring. I showed all the running processes, modules and threads of the running processes to the user.The user would be enable to select the running process and the monitoring of that process is started which shows the list of all the API's related to the modules of running processes. Now' i am stuck on a point that how i will show the list of API's that is being used in the running process. Can anybody tell me the right way to do this.

Any link to related web page will be appreciated. Thanks in advance.

What I have tried:

I have done showing the Dll's and threads of running processes.What i want is to show the API's of the DLL's used in the running processes.

Posted 21-Jun-18 6:35am

Member 13881816

Updated 21-Jun-18 23:02pm

Richard MacCutchan

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2018-06-21T21:30:00

Solution 1

See dll file structure - Google Search[^]

Posted 21-Jun-18 21:30pm

Richard MacCutchan

Jochen Arndt · Accepted Answer · 2018-06-21T23:03:00

Solution 2

You have to process the IMAGE_IMPORT_DESCRIPTORs of the PE Format (Windows)[^].

Note that this (and probably also your actual code detecting the used DLLs) will not work for DLLs loaded with late binding (using LoadLibrary() and GetProcAddress()) and DLLs linked statically.

Posted 21-Jun-18 23:03pm

Jochen Arndt

Comments

Member 13881816 22-Jun-18 9:57am

I am using load library function also.
So what i have to done for this if late binding is done ??

Jochen Arndt 22-Jun-18 10:27am

If you know that a specific DLL is used, you can get the exported symbols from that DLL and search for them in the EXE file. Because they are NULL terminated ASCII strings, this should not give not too much false positives; especially with Unicode applications which contain mainly Unicode string literals.

One option to identify such DLLs is enumerating the DLL files in the directory of the executable and exclude those which has been found in the import table.

You can also search the EXE for DLL names which might be arguments for LoadLibrary(). But this will probably only work when the programmer has used the ".dll" extension. But when LoadLibrary() is called with a file name without extension, ".dll" is appended by default so that many programmers don't include the extension.

Member 13881816 22-Jun-18 16:29pm

It would be more helpful for me if all this one is describe through coding because i found myself stuck especially in this concept.

Jochen Arndt 22-Jun-18 18:14pm

Which concept?

Code for parsing PE headers would be too much for "Quick Answers". But existing code and articles can be found in the web.

Similar for geting the exported symbols from a DLL.

Loading an EXE file into memory and searching for strings is a quite simple task.