abiola Posted February 10, 2005 Posted February 10, 2005 Hi all, is there a way of reading user application ( IE) messages that go to ntoskrnl or ntdll i. I know each application calls its own instance of dll, but can i map a particular application an read all its systen calls to ntddl or ntoskrnl. If this is possible were can i get info on it.I think VC++ mfc messaging mapping can do it???? thanks in advance.
Br4tt3 Posted February 18, 2005 Posted February 18, 2005 Dunno.. this is a wild shot but should u not be able to do that with a kernel debugger utility? havent tried it thoguh...
Gurgelmeyer Posted February 21, 2005 Posted February 21, 2005 Are we talking messages or API entry points here? If you are a hardcore programmer try looking up the SetWindowsHookEx() function on MSDN. Or write a service that hooks into the NT image loader. Complicated stuff really
Gurgelmeyer Posted February 21, 2005 Posted February 21, 2005 PS - If you just need the static dependencies, you'll need the Dependendy Walker. That's not complicated to use, and requires no expert skills
Gurgelmeyer Posted February 21, 2005 Posted February 21, 2005 Yet another hint: check sysinternals.com and/or winternals.com - they provide some very handy tools for free. B)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now