Title :
Smiley - an interactive tool for monitoring inter-module function calls
Author :
Goldman, Neil M.
Author_Institution :
Inf. Sci. Inst., Univ. of Southern California, Marina del Rey, CA, USA
Abstract :
Applications running under modern operating systems obtain a significant portion of their functionality from code that is distributed in binary modules that are distinct from the application´s own executable. This functionality is accessed by load- or run-time linkage from the application executable or by interprocess communication. Examples of such functionality include user interface management, file system access, process and thread creation and synchronization, and network communications. In the Windows NT operating system, an application obtains this functionality through calls on functions exported from shared libraries. Smiley is a monitoring program that can selectively log these calls as they are made by any application. It does so without any modification of the persistent executable images of either the application or the libraries. Logs of library calls provide insight into an application´s implementation. By interactively selecting libraries and functions to monitor, an analyst gradually homes in on aspects of an implementation that are relevant to his objectives. Since it requires only the distributed binary form of the application, Smiley can be used as an aid in comprehending the implementation of COTS software
Keywords :
application program interfaces; interactive systems; operating systems (computers); reverse engineering; software libraries; software tools; subroutines; system monitoring; API spy; COTS software implementation; Microsoft Windows NT; Smiley; application executable; application functionality; binary modules; commercial off-the-shelf software; distributed binary form; file system access; inter-module function call monitoring; interactive function selection; interactive library selection; interactive monitoring tool; interprocess communication; library calls; load-time linkage; network communications; operating systems; persistent executable images; process creation; process synchronization; run-time linkage; selective call logging; shared libraries; software comprehension tool; thread creation; thread synchronization; user interface management; Application software; Documentation; File systems; Information analysis; Information security; Monitoring; Operating systems; Read only memory; Reflection; Software tools;
Conference_Titel :
Program Comprehension, 2000. Proceedings. IWPC 2000. 8th International Workshop on
Conference_Location :
Limerick
Print_ISBN :
0-7695-0656-9
DOI :
10.1109/WPC.2000.852485
