Contents of the WINCAPFN.TXT file
Title: INF: How to Transparently Intercept Procedure Calls in Windows
Document Number: Q11623 Publ Date: 8-MAR-1993
Product Name: Microsoft Windows Software Development Kit
Product Version: 2.00 3.00
Operating System: WINDOWS
A technique for aliasing procedure names in Windows allows procedure
calls to be transparently intercepted. You can use this technique to
monitor activities such as checking arguments for validity.
To intercept procedure calls transparently, first build a Windows
executable code library that resembles the following:
HANDLE MyGlobalAlloc( flags, size )
/* Perform any type of monitoring necessary here.
if ( !size )
return RealGlobalAlloc( flags, size );
HANDLE FAR PASCAL main( argc, argv )
Next write the definitions file for the library above as follows:
DESCRIPTION "Procedure call interception library."
DATA SINGLE MOVEABLE
CODE MOVEABLE DISCARDABLE
You can obtain the ordinal numbers for the KERNEL routines (or for any
other routine) by using the LIB.EXE program to list the contents of
SLIBW or MLIBW.
Build a dynamic link library (DLL) by running IMPLIB BOO.DEF as
IMPLIB BOO.DEF BOO.LIB
Build the library executable by using the following table:
link4 boo,,,mlibw mlibc,boo.def;
Next dynamically link to BOO.EXE by linking to BOO.LIB as follows:
link4 car,,,boo mlibw mlibc,car.def;
Any calls to GlobalAlloc are routed to MyGlobalAlloc first because of
the name aliasing. This technique is very powerful and can be used to
implement any type of monitoring function. In the case of GlobalAlloc,
the monitoring is transparent in the sense that it is not necessary to
recompile the application to remove error checking; simply link to
MLIBW.LIB instead of to BOO.LIB MLIBW.LIB.
Additional reference words: 2.00 3.00
COPYRIGHT Microsoft Corporation, 1992.