My company is looking at implementing a new VPN solution, but require that the connection be maintained programatically by our software. The VPN solution consists of a background service that seems to manage the physical connection and a command line/GUI utilty that initiates the request to connect/disconnect. I am looking for a way to "spy" on the API calls between the front-end utilty and back-end service so that our software can make the same calls to the service. Are there any recommended software solutions or methods to do this?
我的公司正在考虑实施新的VPN解决方案,但要求我们的软件以编程方式维护连接。 VPN解决方案包括一个似乎管理物理连接的后台服务和一个启动连接/断开请求的命令行/ GUI实用程序。我正在寻找一种方法来“窥探”前端实用程序和后端服务之间的API调用,以便我们的软件可以对服务进行相同的调用。有没有推荐的软件解决方案或方法来做到这一点?
4 个解决方案
#1
Typically, communications between a front-end application and back-end service are done through some form of IPC (sockets, named pipes, etc.) or through custom messages sent through the Service Control Manager. You'll probably need to find out which method this solution uses, and work from there - though if it's encrypted communication over a socket, this could be difficult.
通常,前端应用程序和后端服务之间的通信是通过某种形式的IPC(套接字,命名管道等)或通过服务控制管理器发送的自定义消息完成的。您可能需要找出此解决方案使用的方法,并从那里开始工作 - 但如果它是通过套接字进行加密通信,则可能很难。
#2
Like Harper Shelby said, it could be very difficult, but you may start with filemon, which can tell you when certain processes create or write to files, regmon, which can do the same for registry writes and reads, and wireshark to monitor the network traffic. This can get you some data, but even with the data, it may be too difficult to interpret in a manner that would allow you to make the same calls.
就像Harper Shelby所说,这可能非常困难,但你可以从filemon开始,它可以告诉你某些进程何时创建或写入文件,regmon,它可以为注册表写入和读取做同样的事情,以及wireshark来监视网络交通。这可以为您提供一些数据,但即使使用数据,也可能难以以允许您进行相同调用的方式进行解释。
#3
I don't understand why you want to replace the utility, instead of simply running the utility from your application.
我不明白为什么要替换该实用程序,而不是简单地从您的应用程序运行该实用程序。
Anyway, you can run "dumpbin /imports whatevertheutilitynameis.exe" to see the static list of API function names to which the utility is linked; this doesn't show the sequence in which they're called, nor the parameter values.
无论如何,您可以运行“dumpbin / imports whatevertheutilitynameis.exe”来查看该实用程序所链接的API函数名称的静态列表;这不显示调用它们的顺序,也不显示参数值。
You can then use a system debugger (e.g. Winice or whatever its more modern equivalent might be) to set breakpoints on these API, so that you break into the debugger (and can then inspect parameter values) when the utility invokes these APIs.
然后,您可以使用系统调试器(例如Winice或其更现代的等价物)在这些API上设置断点,以便在实用程序调用这些API时进入调试器(然后可以检查参数值)。
#4
You might be able to glean some information using tools such as Spy++ to look at Windows messages. Debugging/tracing tools (Windbg, or etc.) may allow you to see API calls that are in process. The Sysinternals tools can show you system information to some degree of detail of usage.
您可以使用Spy ++等工具收集一些信息来查看Windows消息。调试/跟踪工具(Windbg等)可能允许您查看正在进行的API调用。 Sysinternals工具可以向您显示某种程度的使用细节的系统信息。
Although I would recommend against this for the most part -- is it possible to contact the solution provider and get documentation? One reason for that is fragility -- if a vendor is not expecting users to utilize that aspect of the interface, they are more likely to change it without notice.
虽然我建议大多数情况下不要这样做 - 是否可以联系解决方案提供商并获取文档?其中一个原因是脆弱性 - 如果供应商不期望用户使用界面的这一方面,他们更有可能在没有通知的情况下更改它。
#1
Typically, communications between a front-end application and back-end service are done through some form of IPC (sockets, named pipes, etc.) or through custom messages sent through the Service Control Manager. You'll probably need to find out which method this solution uses, and work from there - though if it's encrypted communication over a socket, this could be difficult.
通常,前端应用程序和后端服务之间的通信是通过某种形式的IPC(套接字,命名管道等)或通过服务控制管理器发送的自定义消息完成的。您可能需要找出此解决方案使用的方法,并从那里开始工作 - 但如果它是通过套接字进行加密通信,则可能很难。
#2
Like Harper Shelby said, it could be very difficult, but you may start with filemon, which can tell you when certain processes create or write to files, regmon, which can do the same for registry writes and reads, and wireshark to monitor the network traffic. This can get you some data, but even with the data, it may be too difficult to interpret in a manner that would allow you to make the same calls.
就像Harper Shelby所说,这可能非常困难,但你可以从filemon开始,它可以告诉你某些进程何时创建或写入文件,regmon,它可以为注册表写入和读取做同样的事情,以及wireshark来监视网络交通。这可以为您提供一些数据,但即使使用数据,也可能难以以允许您进行相同调用的方式进行解释。
#3
I don't understand why you want to replace the utility, instead of simply running the utility from your application.
我不明白为什么要替换该实用程序,而不是简单地从您的应用程序运行该实用程序。
Anyway, you can run "dumpbin /imports whatevertheutilitynameis.exe" to see the static list of API function names to which the utility is linked; this doesn't show the sequence in which they're called, nor the parameter values.
无论如何,您可以运行“dumpbin / imports whatevertheutilitynameis.exe”来查看该实用程序所链接的API函数名称的静态列表;这不显示调用它们的顺序,也不显示参数值。
You can then use a system debugger (e.g. Winice or whatever its more modern equivalent might be) to set breakpoints on these API, so that you break into the debugger (and can then inspect parameter values) when the utility invokes these APIs.
然后,您可以使用系统调试器(例如Winice或其更现代的等价物)在这些API上设置断点,以便在实用程序调用这些API时进入调试器(然后可以检查参数值)。
#4
You might be able to glean some information using tools such as Spy++ to look at Windows messages. Debugging/tracing tools (Windbg, or etc.) may allow you to see API calls that are in process. The Sysinternals tools can show you system information to some degree of detail of usage.
您可以使用Spy ++等工具收集一些信息来查看Windows消息。调试/跟踪工具(Windbg等)可能允许您查看正在进行的API调用。 Sysinternals工具可以向您显示某种程度的使用细节的系统信息。
Although I would recommend against this for the most part -- is it possible to contact the solution provider and get documentation? One reason for that is fragility -- if a vendor is not expecting users to utilize that aspect of the interface, they are more likely to change it without notice.
虽然我建议大多数情况下不要这样做 - 是否可以联系解决方案提供商并获取文档?其中一个原因是脆弱性 - 如果供应商不期望用户使用界面的这一方面,他们更有可能在没有通知的情况下更改它。