- Forum
- Windows Programming
- Listening thread and getting address or
Listening thread and getting address or name of called functions to external dll
I'm wondering if something like that is even possible but lets imagine
I could get a program's thread, listen it somehow and when the thread calls any
function to external dll, I would receive the functions name or at least its address or something so I could somehow identify function and where it went. Perhaps if possible then even get the params what were sent with the function.
( if possible including c++ standard functions like fread, cout etc.. )
Thank you!
I could get a program's thread, listen it somehow and when the thread calls any
function to external dll, I would receive the functions name or at least its address or something so I could somehow identify function and where it went. Perhaps if possible then even get the params what were sent with the function.
( if possible including c++ standard functions like fread, cout etc.. )
Thank you!
Last edited on
Yes, something like that is possible.
You can't just "listen" for the thread to make a call to a DLL, but you can intercept calls to specific functions. This is known as "hooking", and you can hook as many functions as you like. Obviously any functions you don't hook you will not get any notifications for. It's also possible to decode and even modify parameters to the function, if you know the calling convention.
This technique works with standard functions such as fread(), malloc(), etc.
Functions such as operator<<() overloads are a different story, though, because the compiler is capable of inlining such calls. It's entirely possible for code such as
Google "hooking engine" for more information.
You can't just "listen" for the thread to make a call to a DLL, but you can intercept calls to specific functions. This is known as "hooking", and you can hook as many functions as you like. Obviously any functions you don't hook you will not get any notifications for. It's also possible to decode and even modify parameters to the function, if you know the calling convention.
This technique works with standard functions such as fread(), malloc(), etc.
Functions such as operator<<() overloads are a different story, though, because the compiler is capable of inlining such calls. It's entirely possible for code such as
stream << "string" to generate no calls at all.Google "hooking engine" for more information.
Last edited on
Topic archived. No new replies allowed.