мож в помощь обновление

WinAPIOverride32 Version 2.0.0.0 April 11 2006
- Can hook multiple processes in same interface
- Can hook all created processes (filters can be defined)
- Better process hooking at startup handling
- Unicode conversion
- New InNoRet hooking type: it allows to send log to WinApioverride before the function is called, so even function crash we get logs
- Monitoring files parsing improved: now you can let the return type of the function; parameter keywords const, struct, far, in, out, inout are ignored; pointer detection troubles solved (char *psz type will now be recognize as char*)
- Some memory leaks removed
- The injected library is staticaly linked only with kernel32 (user32.dll will be loaded only on errors). So hooking can be done sooner

jacquelin.potier.free.fr/winapioverride32/

| Сообщение посчитали полезным:

WinAPIOverride32 v3.0
News: December 9 2006
- New hooking algorithms (hook in 5 opcodes, asm registers integrity)
- Parameter filters
- Function return filters
- Optionnal break before or after the function call
- Can hook asm functions with args passed through registers
- Failure code support
- More types supported (including floating return)
- Monitoring files generation
- Call Comparison
- Search through results
- Remote Call Interface
- Statistics
- Export to CVS and HTML added

jacquelin.potier.free.fr/winapioverride32/
jacquelin.potier.free.fr/exe/winapioverride32_bin.zip Unicode 2.72 Mb
jacquelin.potier.free.fr/exe/winapioverride32_bin_ansi.zip 2.71 Mb
jacquelin.potier.free.fr/src/winapioverride32_src.zip 749 Kb

| Сообщение посчитали полезным:

Version 3.1 April 2 2007
WinAPIOverride :
- Zombie length size disassembler added for more automatically powerful hooks
- Callstack and call stack parameters retrieval for all functions calls (option)
- Callstack post call analysis to easely hilight subfunctions
- Size of a parameter can be defined according to another parameter value : by the way for ReadFile we can use
kernel32.dll|BOOL ReadFile( HANDLE hFile, LPVOID lpBuffer:PointedDataSize=Arg4, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)|Out
- Datation changed from milliseconds to microseconds
- Multithreaded remote calls : you don't need to wait the end of the first one to do another one.
- New saving files format .xml.zip (a zip file containing an .xml) to earn space on hard drive. Of course, the old file format is still supported.
- Dll ordinal only fully supported (at least)
- Support UNICODE_STRING and ANSI_STRING as their full struct not only the string content like in older versions
- Monitoring file debug mode added
- New hooking tutorial added
Monitoring File Builder :
- New interface and more functionnalities, Lot's of bug correction in PE parsing
Dumper :
- Kernel mode added
...
Binaries & Doc :
WinAPIOverride32 (Unicode) 3.25 Mb
jacquelin.potier.free.fr/exe/winapioverride32_bin.zip
WinAPIOverride32 (Ansi) 3.24 Mb
jacquelin.potier.free.fr/exe/winapioverride32_bin_ansi.zip
Sources : Version 3.1.1 956 Kb
jacquelin.potier.free.fr/src/winapioverride32_src.zip

| Сообщение посчитали полезным:

Version 3.1.3 May 09 2007
- Option "Break Dialog don't break ApiOverride threads" added with it's command line equivalent "DontBreakAPIOverrideThreads"
- Bug correction for wait cursor (introduced in 3.1.2 version)
- Bug correction for errors that can appear after log removal.

_http://jacquelin.potier.free.fr/winapioverride32/

| Сообщение посчитали полезным:

v4.0.1 11 Jan 2008
jacquelin.potier.free.fr/winapioverride32/

Ну и до кучи enfull.com/english/Programming/{60BC8663-E44A-49C5-9047-5CDEBA18DF45}.htm

| Сообщение посчитали полезным: