While analysing some Malware I was introduced to SysAnalyzer [http://labs.idefense.com/software/malcode.php]. SysAnalyzer comes with many programs one of which was of immediate interest, the api_logger. This program can be run on its own, and provides the basic API calls made by a program [http://labs.idefense.com/files/labs/releases/previews/SysAnalyzer/ApiLogger.html]. One of the problems though is that the items are displayed in list boxes and can not be saved to a file.
I was very fortunate in that the application comes with the source code and a GNU GPL licence. So with some additions to the GUI and code I added a save to file functionality and tided up a bit the GUI layout (e.g. ‘resume logging’ was illegible once clicked on).
Original SysAnalyzer :
modified source (with binary) zip : http://www.comp.glam.ac.uk/staff/kxynos/api_log/injector.zip
modified api_logger binary (includes original api_log.dll) : http://www.comp.glam.ac.uk/staff/kxynos/api_log/api_log.zip
spSubclass.dll (required Ref. dll for VB Project) : http://www.comp.glam.ac.uk/staff/kxynos/api_log/spSubclass.zip
spSubclass @ http://sandsprite.com/products.html
Static link to this information: http://www.comp.glam.ac.uk/staff/kxynos/api_log.html