Home/ Questions/Q 7995737
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T14:30:36+00:00

The scenario is the following: Lets say I have this application App that depends

  • 0

The scenario is the following:

Lets say I have this application “App” that depends on this Library “library.dll”. I would like to know the function calls “App” does while its running. Assume I don’t have access to the source code of “App” or “library.dll”, but I know the name and arguments of every function that exists is “library.dll”. Is there any way I can somehow find out which of the functions from “library.dll” are being called by “App”?

I saw a similar questions in stackoverflow: How to intercept dll method calls?

An answer my Mr. Ates Goral intrigued me, he mention writting a wrapperDLL that forwards function calls to the real DLL. I was hoping someone could provide me with some insight as to how this could be accomplished or point me to a place where were I could get information in the matter.

The two parts I am most interested in is having my application load my .dll and how to actually forward the function to the original “library.dll”

Thank You

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The wrapper DLL works perfect – here is how it works:

    Let’s assume, the library.dll exports int somefunct(int i, void* o) – you now create your own DLL, with something like

    #include <windows.h>

//Declare this for every function prototype
typedef int (*int_f_int_pvoid)(int,void*);

//Declare this for every function
int_f_int_pvoid lib_somefunct


//this snipplet goes into dllmain
...
HINSTANCE hlibdll = LoadLibrary("X:\PATH\TO\renamed_library.dll");
//For every function
lib_somefunct=(int_f_int_pvoid)GetProcAddress(hlibdll,"somefunct");
...


//Again for every function    
int somefunct(int i, void* o)
{
    //Log the function call and parameters
    //...

    //Call library.dll
    int result=lib_somefunct(i, o);


    //Log the result 
    //...

    return result;
}

    Export your functions, name the resulting DLL library.dll after renaming the original to renamed_library.dll

    Now the target EXE will load (your) library.dll, which in turn will load the (original, but renamed) renamed_library.dll – and whenever the target program calls a function, it will run through your loggin code.

    Caveat: Your traget EXE might be multithreaded, so be prepared to have a thread-safe logging mechanism.

    I have successfully used this method to debug a strange MAPI issue.

    • 0