| Author |
System Call Interception
|
|
| CuriousCat 2005-02-13, 8:56 pm |
| Is there a documented way by which system call interception can be
performed on the Windows platform?
Any pointers/suggestions would be most helpful.
-CC
| |
| clyclopedic 2005-02-13, 8:56 pm |
| Detours http://research.microsoft.com/sn/detours/
Also, get 'debugging tools for windows' and check out logger.exe in the
'other tools' section of the help file.
"CuriousCat" <curious_cat@nospam.org> wrote in message
news:cuoi3d$qje$1@prometheus.acsu.buffalo.edu...
> Is there a documented way by which system call interception can be
> performed on the Windows platform?
>
> Any pointers/suggestions would be most helpful.
>
> -CC
| |
| Sten Westerback 2005-02-18, 3:56 pm |
|
"CuriousCat" <curious_cat@nospam.org> wrote in message
news:cuoi3d$qje$1@prometheus.acsu.buffalo.edu...
> Is there a documented way by which system call interception can be
> performed on the Windows platform?
Interpretion in what way? System API's are called using a ring switching
interrupt just like in other OS's. The functions doing that is in NTDLL.DLL.
Or do you talk about calling conventions inside WIN32 API?
Or something completely else? :)
> Any pointers/suggestions would be most helpful.
http://msdn.microsoft.com/ and especially
http://msdn.microsoft.com/library/ describes most such details
and if it doesn't then there are many books to borrow from public
library or buy...
- Sten
|
|
|
|