How could i capture/record all local functions call for an EXE file?The API monitor tools capture the windows API functions call, i want to capture the local function call for example when user click a certain button.
Regards,
Capture Portable Executable (PE) EXE internal function call
339 Views Asked by JemoGlemo At
1
There are 1 best solutions below
Related Questions in WINDOWS
- how to play a sounds in c# forms?
- Echo behaviour of Microsoft Windows Telnet Client
- Getting error while running spark-shell on my system; pyspark is running fine
- DirectX 9 With No SDK Installed - How To Translate a D3DMATRIX?
- Gradle 8.7 cannot find installed JDK 22 in IntelliJ
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Cannot load modules/mod_dav_svn.so into server
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
- 32-bit applications do not display some files in Windows 10
- 'bun' is not recognized as an internal or external command
- mkssecreenshotmgr taking a screenshot
- Next js installation in windows 7 os
- Can't resize a partition using Mini Tool?
- Is there any way to set a printer as default according with Active Directory Policy Security Group and PC hostname?
- Electron Printing not working on Windows (Works on Mac)
Related Questions in DEBUGGING
- How to pass the value of a function of one class to a function of another with the @property decorator
- Visual Studio C++, breakpoints not stopping debugging DLL (GODOT GDExtention)
- Playwright JS: Getting an error when debugging using line numbers
- C++ skips line when promting for user to enter name of person being added to a string array
- Xcode: Can't Attach to process
- unity navmeshsurface prefab not found or whatever
- It seems to be a bug about "base::trace()" or "methods:::.TraceWithMethods()"?
- How to check reference counting issues when doing direct manipulations of CPython objects?
- How to scroll to the bottom of console window in PyCharm2019 automatically?
- need help debugging prolog
- Is there a way to deactivate (but not delete) conditional breakpoints when debugging?
- How can i debug a python exe which is created by using pyinstaller?
- Increment or Decrement volume programmatically on Xiaomi device adjusts it by 10 steps instead of one step
- Checking request JSON with image data
- Why cannot I set font of `xlabel` in `plotmf` in MATLAB?
Related Questions in PORTABLE-EXECUTABLE
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- How to protect MSI installer digital signature from tampering
- How can I extract raw bytes of DOS stub using python's pefile library?
- How can I decompile an exe protected by a PE packer?
- Spurious trampoline when calling function from DLL
- Trying to convert MASM into C equivalent, but getting different result
- Parse PE File with C in Windows
- PE Loader with Relocation
- How do file pointers point to the of data on the disk?
- Software copyright infringement
- Getting the forwarded function name
- parsing a PE file to find the export table address using CFF explorer and msdn doc
- Extract/parse resources from Portable Executable (PE) file
- A “universal” binary?
- Relocation Table and IDA
Related Questions in APIMONITOR
- Is there an API monitoring tool with access token renewal mechanism?
- SoapUI Webservice Testing: Can we test an API connection through SoapUI without running the API?
- Use rohitab API monitor to monitor Windows service startup
- How to activate / enable the process notification feature in API Monitor?
- Segger Jlink flash download mechanism
- Hooking into Win32 printing API from C# using EasyHook
- Change Ease of Access Settings via Windows API: SystemParametersInfo
- Checking for open files in a given directory tree
- Identify Cause of NULL_CLASS_PTR_READ_c0000005 on combase!CStdMarshal::UnmarshalIPID in PowerBuilder 10 App
- How to know which Windows Process has started / stopped which service
- Why GetCaretPos returns different from GetTextExtentPoint32 for a remote edit
- API Monitor Type Definitions (XML) to C++ Code
- Hook to a D3D11 process without Present and grab Texture2D
- IGlobalInterfaceTable::RegisterInterfaceInGlobal returns zero cookie
- Deviare2 hook WriteFile API twice for only one write
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
API monitors work because it's easy to tell when CPU control passes out of the process and into the OS. What you're asking for is to monitor when the CPU instruction pointer moves from place to place inside the same process memory space. The tool that does this is called a debugger. Examples of debuggers on Windows include Visual Studio, WinDbg, or NTSD.
In increasing order of difficulty, you can:
1) Add the telemetry you want to the source code and recompile the executable.
2) If you have build symbols (usually a PDB file), connect a debugger and set breakpoints/tracepoints on the functions you are interested in.
3) If you have no source, then the task is effectively the same as #2, but much more difficult. You still hook up a debugger, but now you will have trace the program yourself to figure out which memory addresses correspond to the functions you want, then set breakpoints.