I want to enumerate all apis called in a program. I can map file to memory then search for apis. How to search for strings in open file? Or is this a dumb way to find apis? Also is there any way besides reading the file extension to find if file is exe, txt, bmp, gif etc? Any ideas on this or links where I can learn more is much appreciated. thanx
Posted on 2001-04-11 15:34:00 by czDrillard
About the APIs: do you just want to enumerate all the apis used by a program or actually trace them when the program is running? For both ways, learn something about the PE format (there are some tutorials about it at Iczelion's site and full docs at wotsit. Find the import table, all APIs used are listed there. For the file types: most file types have some characteristic bytes set in the file format. GIF for example has 'GIF89a" or "GIF87a" (the version number) as it's first bytes, an EXE file should have a valid dos header (and PE for win32 files), bitmaps start with "BM" and some values in the file are structure sizes which have fixed sizes. So if you know some bytes that are always the same in a certain file type, you can check for a file type without the extension. Thomas
Posted on 2001-04-11 16:36:00 by Thomas
thanx Thomas. those are great links! I've had Iczelion's PE tutorials for some time but I avoided doing anything other than glancing through them. Now's the time to give them some serious study. The 'wotsit' link is also very useful.
Posted on 2001-04-12 00:58:00 by czDrillard