Comments on: Tracing API calls on Windows https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/ Anything I found worthy to write down. Thu, 26 Mar 2026 13:15:15 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Muhammad Tayyab Sheikh https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/comment-page-1/#comment-1432 Muhammad Tayyab Sheikh Wed, 10 Jul 2019 18:58:47 +0000 https://billauer.se/blog/?p=596#comment-1432 Here is an opensource alternative provided by Microsoft itself.... Mirosoft Detours ( https://github.com/microsoft/detours ) IT is distributed in Source-code form.You have to compile it yourself. Here is an opensource alternative provided by Microsoft itself…. Mirosoft Detours ( https://github.com/microsoft/detours ) IT is distributed in Source-code form.You have to compile it yourself.

]]> By: ironboykabeesh https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/comment-page-1/#comment-1320 ironboykabeesh Thu, 15 Mar 2018 07:48:46 +0000 https://billauer.se/blog/?p=596#comment-1320 hay i tried this now. wow 8yrs ago None of them usefull for me because i want to hook local func calls these sotwars can only list external calls (api ) i will make softwear for hooking local calls soon. utilising debugger api is os dependent. with root permission reading process memmory is platform depended how these softwears works .i think they are using win32 debugger api. but anti debugging tecniques will defend them well. debugger must make himself transperant hay
i tried this now.
wow 8yrs ago
None of them usefull for me because
i want to hook local func calls
these sotwars can only list external calls (api )

i will make softwear for hooking local calls soon.
utilising debugger api is os dependent.
with root permission reading process memmory is platform depended
how these softwears works .i think they are using win32 debugger api.
but anti debugging tecniques will defend them well.
debugger must make himself transperant

]]> By: Sebastian Wain https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/comment-page-1/#comment-897 Sebastian Wain Fri, 18 Oct 2013 16:13:15 +0000 https://billauer.se/blog/?p=596#comment-897 Hi Eli, Nektra's co-founder (SpyStudio) here. Indeed SpyStudio has been improved a lot since 2010 and it's used by companies such as VMWare and Symantec. If you want to hook more functions you can use our hook engine Deviare that is the foundation for SpyStudio. Deviare includes a console code where you can hook every function you like or add new ones. With Deviare you can even hook functions that are available only in PDBs. For example, you can take a look at this article, with code, where we intercept Microsoft SQL Server: http://blog.nektra.com/main/2013/06/26/sql-server-interception-and-sql-injection-attacks-prevention/ Hi Eli, Nektra’s co-founder (SpyStudio) here.

Indeed SpyStudio has been improved a lot since 2010 and it’s used by companies such as VMWare and Symantec. If you want to hook more functions you can use our hook engine Deviare that is the foundation for SpyStudio. Deviare includes a console code where you can hook every function you like or add new ones.

With Deviare you can even hook functions that are available only in PDBs. For example, you can take a look at this article, with code, where we intercept Microsoft SQL Server: http://blog.nektra.com/main/2013/06/26/sql-server-interception-and-sql-injection-attacks-prevention/

]]> By: Dennis Yurichev https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/comment-page-1/#comment-444 Dennis Yurichev Tue, 13 Jul 2010 16:06:19 +0000 https://billauer.se/blog/?p=596#comment-444 strace.exe in cygwin? strace.exe in cygwin?

]]> By: Rohitab Batra https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/comment-page-1/#comment-443 Rohitab Batra Tue, 13 Jul 2010 15:18:05 +0000 https://billauer.se/blog/?p=596#comment-443 API Monitor has been completely rewritten and has tons of new features including 64-bit support, approx 10,000 API definitions, API call tree, monitoring of NT services, custom DLL monitoring. See a list of complete features and screenshots at http://www.rohitab.com/apimonitor/ API Monitor has been completely rewritten and has tons of new features including 64-bit support, approx 10,000 API definitions, API call tree, monitoring of NT services, custom DLL monitoring. See a list of complete features and screenshots at http://www.rohitab.com/apimonitor/

]]> By: Mangling win32 executables with a hex editor https://billauer.se/blog/2010/07/strace-ltrace-win32-api-dll/comment-page-1/#comment-442 Mangling win32 executables with a hex editor Fri, 09 Jul 2010 10:13:17 +0000 https://billauer.se/blog/?p=596#comment-442 [...] Tracing API calls on Windows [...] [...] Tracing API calls on Windows [...]

]]>