Real Software Forums
http://forums.realsoftware.com/

Listen to a program's system calls?
http://forums.realsoftware.com/viewtopic.php?f=6&t=40723
Page 1 of 1

Author:  lukus001 [ Sat Sep 17, 2011 3:56 pm ]
Post subject:  Listen to a program's system calls?

Hi all,

I'm trying to write an application that will listen into another program's system calls; specifically the command line arguments used to launch a program. The reason for this is to restore the program after a crash using the correct parameters. This is a 3rd party program not made by me so is not something I can change in the "main app"

While searching through window's API there doesn't seem to be any clear /easy method applicable to Real Studio. I've been able to find 3 potential methods but I'm not too sure if they can be implemented through RS...

  • ETW: enable logging of kernel events and then processing the log. Not very simple and would log entire system events
  • WMI: Can get a trace for a specific application, though requires use of Active X or C++ API which all seem to suggest not being able to use RS alone... I know RS does have ActiveX elements but activeX is not something i've used before to not help the issue ^^
  • Hooking: Requires you make your own DLL and RS doesn't create DLLs? :(

Don't know if anyone knows of any windows API that would allow me to do this? or would know which one out of the above 3 is the best route to go down?

The only other route I can think of going is to swap the exe's with mine and then using mine ot launch the real application but im not sure how that would affect the program with it's structure directories and set naming conventions...

I'm also looking at the 'process' features and looks like you can point it to a running process and grab the command line it was given directly but im not too sure :/

Any push in the right direction would greatly help

Thanks in advance :3

Author:  charonn0 [ Sat Sep 17, 2011 6:55 pm ]
Post subject:  Re: Listen to a program's system calls?

I was able to spy on other processes command lines using WMI through MonkeyBread's Win plugin:


Function getCmdLine(procName As String) As String
If WMIobj = Nil Then WMIobj = New WindowsWMIMBS
if WMIobj.ConnectServer("root\cimv2") then
if WMIobj.query("WQL","select CommandLine from Win32_Process where Name='" + procName + "'") then
if WMIobj.NextItem then
Return WMIobj.GetPropertyString("CommandLine") // string
else
Return ""
end if
else
Return ""
end if
else
Return ""
end if

End Function

Author:  charonn0 [ Sat Sep 17, 2011 6:59 pm ]
Post subject:  Re: Listen to a program's system calls?

You can also use WMIC and a Shell Object:
Dim sh As New Shell
sh.Execute("WMIC PROCESS WHERE Name="Explorer.exe" get Commandline")

Author:  lukus001 [ Sun Sep 18, 2011 6:13 pm ]
Post subject:  Re: Listen to a program's system calls?

Hi charonn0,

Thanks for the reply, I'll have a look into those! many thanks.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/