iDefense API logger (updated version)

While analysing some Malware I was introduced to SysAnalyzer [http://labs.idefense.com/software/malcode.php]. SysAnalyzer comes with many programs one of which was of immediate interest, the api_logger. This program can be run on its own, and provides the basic API calls made by a program [http://labs.idefense.com/files/labs/releases/previews/SysAnalyzer/ApiLogger.html]. One of the problems though is that the items are displayed in list boxes and can not be saved to a file.

I was very fortunate in that the application comes with the source code and a GNU GPL licence. So with some additions to the GUI and code I added a save to file functionality and tided up a bit the GUI layout (e.g. ‘resume logging’ was illegible once clicked on).

Original SysAnalyzer :
http://labs.idefense.com/software/malcode.php

Modified api_logger:

   modified source (with binary) zip : http://www.comp.glam.ac.uk/staff/kxynos/api_log/injector.zip

   modified api_logger binary (includes original api_log.dll) : http://www.comp.glam.ac.uk/staff/kxynos/api_log/api_log.zip
   
   spSubclass.dll (required Ref. dll for VB Project) : http://www.comp.glam.ac.uk/staff/kxynos/api_log/spSubclass.zip
   or
   spSubclass @ http://sandsprite.com/products.html

Static link to this information: http://www.comp.glam.ac.uk/staff/kxynos/api_log.html

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *