Way to monitor API calls of an XP process?

I'm trying to figure out some stuff, and I may need to listen into one program to determine what kinds of calls it is making to a specific DLL and/or groups of DLLs. Anyone know a freeware program good for that?

 

Check for API intercept and hooking on Google. I don't know of any freeware, but it's a starting point

 

Microsoft's Process Explorer for Windows v10.21 might be what you're looking for. Lemme know if that works.

~ Brett

 

Holy crap...that might do the trick. I'll have to look.

Basically, I'm trying to reverse engineer some code and figure out what DLLs it is using, and if any of those DLLs are XP system files. I'm grasping at straws for this project...

EDIT: Is there a way to get this program to scan the .EXE without having to run it? You know, like find the calls without the program running? This software requires some USB hardware I don't think my company has... Or maybe is there a program that can scan a DLL file and at least give me some useful information about what is in it?

 

Hex edit the sucker Search for strings in the executable that contain ".dll", see what pops up.

 

I like that idea...I'll try it.

Yes, I know this sounds like hacking...its more like reverse engineering in this case though. Any hackers in the group?

 

Why do you think I suggested hex editing it? I may not be doing much programming lately, but I know a thing or three

 

You can use a debugger like OllyDbg to find out what you're looking for. If you want to learn how to use it, watch Lena's extensive video tutorials and read these forums:

Code:

http://www.tuts4you.com/download.php?list.17
http://www.tuts4you.com/forum/index.php
http://arteam.accessroot.com
http://www.woodmann.com/forum/index.php

 

Sounds like what Dependency Walker does, it lists all the DLL imports from an EXE/DLL. It comes with Platform SDK, search for depends.exe. EDIT: OK you can download it here, http://www.dependencywalker.com/
Newer versions of it lets you (sort of) debug the application so that any dynamically loaded DLLs (and dynamically imported functions) are also shown.