deroko
September 15th, 2008, 13:12
http://forums.accessroot.com/?showtopic=7513
read above topic to know how this idea was born
well actually this idea was in my mind for almost two years, but never found it useful to fully develop working code, but after reading this topic, and comments at posted link, I've decided to give it a go status.
In short : at above link, you will find link to the other site which has statistic of used functions in common files. On other hand, many are missed due to GetProcAddress, and not to mention many being missed due to custom GetProcAddress. So how to spy custom GetProcAddress!?!? well read the code and you will see.
This could be useful for protection profiling, and there are some other ways which I would use to deal with this, but for now, it seems ok, just so you get the basic idea. code is really messy, as I hate writing ring3 debuggers...
full code and sample binary:
http://deroko.phearless.org/export_log.rar
read above topic to know how this idea was born
well actually this idea was in my mind for almost two years, but never found it useful to fully develop working code, but after reading this topic, and comments at posted link, I've decided to give it a go status. In short : at above link, you will find link to the other site which has statistic of used functions in common files. On other hand, many are missed due to GetProcAddress, and not to mention many being missed due to custom GetProcAddress. So how to spy custom GetProcAddress!?!? well read the code and you will see.
This could be useful for protection profiling, and there are some other ways which I would use to deal with this, but for now, it seems ok, just so you get the basic idea. code is really messy, as I hate writing ring3 debuggers...
full code and sample binary:
http://deroko.phearless.org/export_log.rar
