API Logger v1.6 (C)2004-2011 black_ninja Wed Feb 23 13:24:39 2011 QPC Frequency=2666410000 tics/sec Functions ready to hook: 1283 Total function in DB : 1283 ERROR: Function FindVolumeMountPointClose already hooked. Hooker function: FindCloseChangeNotification ERROR: Can't set hook to FreeEnvironmentStringsW : Function len less than 5 bytes ERROR: Can't set hook to FreeResource : Function len less than 5 bytes ERROR: Function LocalCompact already hooked. Hooker function: GlobalCompact ERROR: Function SetHandleCount already hooked. Hooker function: LockResource ERROR: Function _lread already hooked. Hooker function: _hread ERROR: Function _lwrite already hooked. Hooker function: _hwrite ERROR: Function DestroyIcon already hooked. Hooker function: DestroyCursor ERROR: Function LoadMenuIndirectW already hooked. Hooker function: LoadMenuIndirectA ERROR: Function RegisterWindowMessageA already hooked. Hooker function: RegisterClipboardFormatA ERROR: Function RegisterWindowMessageW already hooked. Hooker function: RegisterClipboardFormatW ERROR: Can't set hook to SetDebugErrorLevel : Function len less than 5 bytes ERROR: Can't set hook to SetMessageQueue : Function len less than 5 bytes ERROR: Function SetUserObjectInformationW already hooked. Hooker function: SetUserObjectInformationA ERROR: Can't set hook to WINNLSGetIMEHotkey : Function len less than 5 bytes LOG START 13:24:39:038:539 hello.exe 004011FF 0794 GetVersionExA(0012FEF8) ret: 00000001 [14] [37648] 13:24:39:038:547 kernel32.dll 7C812BB2 0794 GetVersionExW(0012FDCC) ret: 00000001 [3] [10416] 13:24:39:038:881 hello.exe 0040124C 0794 GetModuleHandleA(00000000) ret: 00400000 [2] [7120] 13:24:39:038:909 hello.exe 00402A43 0794 GetStartupInfoA(0012FEB0) ret: 0012FEB0 [4] [11768] 13:24:39:038:928 hello.exe 00402B43 0794 GetStdHandle(FFFFFFF6) ret: 00000003 [2] [6200] 13:24:39:038:944 hello.exe 00402B51 0794 GetFileType(00000003) ret: 00000002 [19] [50792] 13:24:39:038:978 hello.exe 00402B43 0794 GetStdHandle(FFFFFFF5) ret: 00000007 [2] [6864] 13:24:39:038:998 hello.exe 00402B51 0794 GetFileType(00000007) ret: 00000002 [7] [21304] 13:24:39:039:017 hello.exe 00402B43 0794 GetStdHandle(FFFFFFF4) ret: 0000000B [1] [4960] 13:24:39:039:029 hello.exe 00402B51 0794 GetFileType(0000000B) ret: 00000002 [32] [87536] 13:24:39:039:072 hello.exe 00402B88 0794 LockResource(00000020) ret: 00000020 [1] [4968] 13:24:39:039:084 hello.exe 004012E9 0794 GetCommandLineA() ret: 00142398 [1] [3704] 13:24:39:039:096 hello.exe 004028E2 0794 GetEnvironmentStringsW() ret: 00010000 [1] [3336] 13:24:39:039:108 hello.exe 0040294C 0794 WideCharToMultiByte(00000000, 00000000, 00010000: "ALLUSERSPROFILE=C:\Documents and Settings\All Users", 000006A7, 00000000, 00000000, 00000000, 00000000) ret: 000006A7 [2] [7640] 13:24:39:039:138 hello.exe 0040296E 0794 WideCharToMultiByte(00000000, 00000000, 00010000: "ALLUSERSPROFILE=C:\Documents and Settings\All Users", 000006A7, 00A50758, 000006A7, 00000000, 00000000) ret: 000006A7 [3] [10584] 13:24:39:039:171 hello.exe 004045D0 0794 GetACP() ret: 000004E3 [1] [3328] 13:24:39:039:181 hello.exe 00404621 0794 GetCPInfo(000004E3, 0012FEB4) ret: 00000001 [2] [6824] 13:24:39:039:196 hello.exe 0040441E 0794 GetCPInfo(000004E3, 0012FE84) ret: 00000001 [1] [4712] 13:24:39:039:212 hello.exe 00405916 0794 GetStringTypeW(00000001, 00408074, 00000001, 0012F940) ret: 00000001 [30] [81192] 13:24:39:039:265 hello.exe 0040598A 0794 MultiByteToWideChar(000004E3, 00000001, 0012FD84, 00000100, 00000000, 00000000) ret: 00000100 [1] [5144] 13:24:39:039:295 hello.exe 00405A08 0794 MultiByteToWideChar(000004E3, 00000001, 0012FD84, 00000100, 0012F724, 00000100) ret: 00000100 [2] [6408] 13:24:39:039:324 hello.exe 00405A1A 0794 GetStringTypeW(00000001, 0012F724, 00000100, 0012F984) ret: 00000001 [5] [15480] 13:24:39:039:357 hello.exe 0040555D 0794 LCMapStringW(00000000, 00000100, 00408074, 00000001, 00000000, 00000000) ret: 00000001 [2] [6840] 13:24:39:039:382 hello.exe 004055F6 0794 MultiByteToWideChar(000004E3, 00000001, 0012FD84, 00000100, 00000000, 00000000) ret: 00000100 [1] [3712] 13:24:39:039:459 hello.exe 00405677 0794 MultiByteToWideChar(000004E3, 00000001, 0012FD84, 00000100, 0012F6E8, 00000100) ret: 00000100 [2] [6504] 13:24:39:039:484 hello.exe 00405691 0794 LCMapStringW(00000000, 00000100, 0012F6E8, 00000100, 00000000, 00000000) ret: 00000100 [1] [4536] 13:24:39:039:507 hello.exe 00405740 0794 LCMapStringW(00000000, 00000100, 0012F6E8, 00000100, 0012F4E8, 00000100) ret: 00000100 [4] [13256] 13:24:39:039:534 hello.exe 00405763 0794 WideCharToMultiByte(000004E3, 00000000, 0012F4E8, 00000100, 0012FC84, 00000100, 00000000, 00000000) ret: 00000100 [3] [10008] 13:24:39:039:564 hello.exe 004055F6 0794 MultiByteToWideChar(000004E3, 00000001, 0012FD84, 00000100, 00000000, 00000000) ret: 00000100 [1] [4056] 13:24:39:039:588 hello.exe 00405677 0794 MultiByteToWideChar(000004E3, 00000001, 0012FD84, 00000100, 0012F6C8, 00000100) ret: 00000100 [1] [5272] 13:24:39:039:611 hello.exe 00405691 0794 LCMapStringW(00000000, 00000200, 0012F6C8, 00000100, 00000000, 00000000) ret: 00000100 [1] [4208] 13:24:39:039:635 hello.exe 00405740 0794 LCMapStringW(00000000, 00000200, 0012F6C8, 00000100, 0012F4C8, 00000100) ret: 00000100 [3] [8264] 13:24:39:039:659 hello.exe 00405763 0794 WideCharToMultiByte(000004E3, 00000000, 0012F4C8, 00000100, 0012FB84, 00000100, 00000000, 00000000) ret: 00000100 [2] [5472] 13:24:39:039:691 hello.exe 00402852 0794 GetModuleFileNameA(00000000, 00409750, 00000104) ret: 00000036 [14] [38312] 13:24:39:039:693 kernel32.dll 7C80B59D 0794 GetModuleFileNameW(00000000, 00141E90, 00000104) ret: 00000036 [11] [30056] 13:24:39:039:750 hello.exe 0040514E 0794 GetSystemTimeAsFileTime(0012FED8: "S@@") ret: 01CBD343 [3] [8240] 13:24:39:039:765 hello.exe 0040515A 0794 GetCurrentProcessId() ret: 00000424 [4] [12496] 13:24:39:039:779 hello.exe 00405162 0794 GetCurrentThreadId() ret: 00000794 [1] [5080] 13:24:39:039:790 hello.exe 0040516A 0794 GetTickCount() ret: 002FCCFF [1] [4008] 13:24:39:039:800 hello.exe 00405176 0794 QueryPerformanceCounter(0012FED0) ret: 00000001 [2] [5952] 13:24:39:039:816 hello.exe 00404F07 0794 WriteFile(00000007, 0012FA84: "Hello World!", 0000001D, 0012FA78, 00000000) ret: 00000001 [47] [127080] 13:24:39:039:818 kernel32.dll 7C81CC71 0794 WriteConsoleA(00000007, 0012FA84: "Hello World!", 0000001D, 0012FA78, 00000000) ret: 00000001 [44] [119968] 13:24:39:039:905 hello.exe 004013B9 0794 CreateFileA(00407474: "CONIN$", C0000000, 00000003, 00000000, 00000003, 00000000, 00000000) ret: 0000000F [25] [67040] 13:24:39:039:907 kernel32.dll 7C801A53 0794 CreateFileW(7FFDFC00: "CONIN$", C0000000, 00000003, 00000000, 00000003, 00000000, 00000000) ret: 0000000F [22] [58984] 13:24:39:039:911 kernel32.dll 7C81108E 0794 lstrcmpiW(7C8110FC: "CONIN$", 7C8110FC: "CONIN$") ret: 00000000 [9] [24152] 13:24:39:039:915 kernel32.dll 7C80AA40 0794 GetThreadLocale() ret: 00000419 [2] [5688] 13:24:39:039:917 kernel32.dll 7C80AA46 0794 CompareStringW(00000419, 00000001, 7C8110FC: "CONIN$", FFFFFFFF, 7C8110FC: "CONIN$", FFFFFFFF) ret: 00000002 [2] [7856] 13:24:39:040:033 hello.exe 00401109 0794 GetConsoleMode(0000000F, 0012FED8) ret: 00000001 [8] [21464] 13:24:39:040:054 hello.exe 00401119 0794 SetConsoleMode(0000000F, 00000000) ret: 00000001 [33] [89880] 13:24:39:040:100 hello.exe 0040115C 0794 ReadConsoleInputA(0000000F, 0012FEC4, 00000001, 0012FEDC) ret: 00000001 [8517] [22711896] 13:24:39:048:642 hello.exe 0040115C 0794 ReadConsoleInputA(0000000F, 0012FEC4, 00000001, 0012FEDC) ret: 00000001 [750535] [2001236536] 13:24:39:799:208 hello.exe 0040116E 0794 SetConsoleMode(0000000F, 000000B7) ret: 00000001 [16] [45280] 13:24:39:799:240 hello.exe 004013EA 0794 CloseHandle(0000000F) ret: 00000001 [37] [99576] 13:24:39:799:289 hello.exe 0040213E 0794 GetModuleHandleA(00407504: "mscoree.dll") ret: 00000000 [12] [33632] 13:24:39:799:293 kernel32.dll 7C80B750 0794 GetModuleHandleW(7FFDFC00: "mscoree.dll") ret: 00000000 [8] [23952] Loaded Modules List 00400000 C:\Projects\apilog16\apilog\intruder\Release\hello.exe 7C900000 C:\WINDOWS\system32\ntdll.dll 7C800000 C:\WINDOWS\system32\kernel32.dll 10000000 C:\Projects\apilog16\apilog\intruder\Release\intruder.dll 7E360000 C:\WINDOWS\system32\USER32.dll 77F10000 C:\WINDOWS\system32\GDI32.dll 76BE0000 C:\WINDOWS\system32\psapi.dll LOG END