What's new in WinAPIOverride 6.9.8
Apr 29, 2024
- WinApiOverride:
- Speed improvment for functions name resolving
- HexControl updated to Helium Hex Editor release v2.6.11
- Bug correction: since v6.9.2, reloading logs file of v6.9.1 or previous versions could fail if logs contain DISPPARAMETERS or VARIANT.
- GUI Bug correction: selected color of listview first row could miss sometimes
New in WinAPIOverride 6.9.7 (Mar 26, 2024)
- WinApiOverride:
- Asynchronous symbols loading : avoid to freeze interface when downloading symbols from microsoft server
- HexControl updated to Helium Hex Editor release v2.6.10
- Bug correction: since v6.9.2, reloading logs file of v6.9.1 or previous versions could fail if logs contain DISPPARAMETERS or VARIANT.
- Specific case if your are impacted by this bug for logs saved with v6.9.1: as v6.9.1 logs can't be distinguish from v6.9.x, you need to change version inside your xml logs files to 6.8, so it can be parsed correctly by v6.9.7 and upper
- Stub Resolver:
- Regression introduced in WinApiOverride v6.9.6 solved
- Dumper:
- Solved Module integrity checking : hide rebasing option regression since WinApiOverride v6.7.1 solved
- Added UserTime and Kernel Time for processes
New in WinAPIOverride 6.9.6 (Mar 4, 2024)
- Faster dll stub resolving
- PE parsing bug solved : In some cases some ordinal only exports could miss
- HexControl updated to Helium Hex Editor release v2.6.9
New in WinAPIOverride 6.9.5 (Feb 6, 2024)
- PE parsing bug solved: Forwarded functions without Hint was not properly detected
- HexControl updated to Helium Hex Editor release v2.6.8
New in WinAPIOverride 6.9.4 (Feb 5, 2024)
- WinApiOverride:
- PE parsing regression introduced in v6.9.3 solved
- HexControl updated to Helium Hex Editor release v2.6.7
New in WinAPIOverride 6.9.3 (Nov 30, 2023)
- Disasm improvements
- PE parsing improvements
- HexControl updated to Helium Hex Editor release v2.6.6
- Minor fixes
New in WinAPIOverride 6.9.2 (Jan 16, 2023)
- Fuzzing : added capability to fuzz c++ objects methods
- Monitoring file builder : solved crash when retrieving data from microsoft documentation
- HexControl updated to Helium Hex Editor release v2.6.1
New in WinAPIOverride 6.8.2 (Sep 3, 2022)
- Hooking of some functions with specific relative instructions crash solved (x64 ony)
- Better handling of exception thrown by monitored function (x64 only)
- Monitoring files (ntdll, kernelbase, kernel32, ...) reworked and updated with addition of win10 new functions
New in WinAPIOverride 6.7.2 (Nov 20, 2020)
- WinApiOverride: VM detection bug solved
New in WinAPIOverride 6.7.1 (Nov 20, 2020)
- WinApiOverride:
- Use of the Helium Hex Editor control to display parameters. This allows post logging structures mapping on buffer parameters.
- This is usefull for functions like DeviceIoControl which have generic lpInBuffer and lpOutBuffer LPVOID parameters.
- For one call you can map buffer to a struct, and for an other call map buffer to another struct
- Disasm parser updated
- Struct parsing bugs solved. Added Bit fields support of "next_field_define_values_file" pragma
- License : Incorrect Virtual Machine detection when Hyper V was enabled solved
- Small bugs solved
- Dumper
- Process integrity checking improvment
- DebugInfoViewer
- Added Raw search
- Monitoring File Builder
- Online Microsoft function definition auto retrival search updated due to google and docs.microsoft changes
- Monitoring wizard : added binaries internal functions detection (x64 only)
- Internal functions start addresses and number of parameters are automatically retrieved to generate the monitoring file specific to the application
New in WinAPIOverride 6.6.6 (Dec 9, 2018)
- WinApiOverride:
- Added option to enable/disable main window logs tooltips
- Monitoring wizard : added search in monitoring files for a function name
- Monitoring wizard : added help button for direct access to monitoring file syntax
- Small bugs solved
- DebugInfoViewer:
- Display equivalent Raw address after RVA and VA successful searchs
- Added search history
- Monitoring File Builder:
- Update to support the new MSDN website for API definition retrieval
New in WinAPIOverride 6.6.5 (Jul 14, 2018)
- Bad rip instruction address resolving at hooking time solved
- Some noisy message boxes removed
- Saving with symbol resolving speed improvment
- Invalid binary signature bug solved
New in WinAPIOverride 6.6.4 (Jun 17, 2018)
- WinApiOverride :
- Added new licenses for usage of WinApiOverride at home inside Virtual Machine
New in WinAPIOverride 6.6.3 (Mar 28, 2018)
- WinApiOverride : still license trouble solved
New in WinAPIOverride 6.6.2 (Mar 26, 2018)
- WinApiOverride : license trouble solved
New in WinAPIOverride 6.6.1 (Mar 13, 2018)
- WinApiOverride:
- Detailed view split in 3 tabs : General, Registers, Call Stack
- Break Dialog reworked for direct parameter editing
- Allow to save and reload call stack information across computers
- Disassembly output improvements
- Structure parsing improvements (#include support, endianess management, new pragma)
- Added configuration file to discard IDispatch interface parsing for some specific IID (COM_IID_BlacklistedForIDispatchParsing.txt)
- x86/x64 Remote Call in specific thread bugs solved
- Small bugs solved
- Some GUI improvments
- Monitoring File Builder : looping not found dll message bug solved
New in WinAPIOverride 6.5.5 (Apr 19, 2017)
- Win 10 Dll Stub Resolving bugs solved : WinApiOverride, Monitoring File Builder, Dumper and Stub Resolver affected
- Dll Stub Resolver : display all OS redirections for an "*" search
- Small GUI bugs solved
New in WinAPIOverride 6.5.4 (Feb 5, 2017)
- Random name generation for injected dll and shared events to avoid detection by malwares
- New parameters conditional logging/breaking keywords added
- Struct parser improved
- Bug correction: Error launching 32 bits application from the 64 bits version (bug in 6.5.3 version only)
New in WinAPIOverride 6.5.3 (Nov 8, 2016)
- Added support for multiple debug symbol servers
- Better symbol server dll registration (symbol loading could fail with previous versions depending on computer configuration)
- Bugs corrections, user interface improvements, monitoring files and default user types updates
New in WinAPIOverride 6.5.2 (Dec 31, 2015)
- Provides function names for jumps and calls in the disassembly windows
- Bugs corrections, user interface improvements, monitoring files and default user types updates
New in WinAPIOverride 6.5.1 (Apr 4, 2015)
- Begin of support for Win 8 and Win 10
- Auto resume and monitoring file/overriding dll auto reloading for application hooked at startup
- pragma packing support for users struct
- Call tree update and live call tree available
- Syntax and threads highlighting
- Copy as Html added
- Bugs corrections in sequences auto detection
- Bugs corrections in log files compare
- Dead lock for command line solved
- Bugs corrections, user interface improvements, monitoring files and default user types updates
New in WinAPIOverride 6.4.1 (May 27, 2014)
- Attach to all new processes : added filters for parent process name
- Monitoring file : added the "|FunctionPointer" option for easier syntax for exported function
- Automatic failure hilight for NTSTATUS and HRESULT return
- Hooked functions first bytes analysis improvement
- Bugs corrections, user interface improvements, monitoring files and default user types updates
- New tool - UserTypesAndDefinesChecker:
- Checks the user types and user defines files stored in "UserTypes" and "UserDefines" diretcories
New in WinAPIOverride 6.4.0 (Dec 4, 2013)
- Attach to all new processes :
- On Vista or higher, csrss can be used instead of driver to spy created processes (drivers are no more required, and so driver signing not required)
- Better virtual machine shared network drive support
- Added threads window to access and act on hooked processes threads (accessible from main window and break dialog)
- Added all call stacks retrieval at once (accessible from main window and break dialog)
- Small bugs resolution, user interface improvements
- Dumper:
- Added all call stacks retrieval at once
New in WinAPIOverride 6.3.1 (Sep 18, 2013)
- New Parameters Options : PointerReference, PointedElementsCount, ProcessorDependent. Thanks to Martin Bonner for ideas
- Break Dialog : Added Stack information
- Global Stats : Added "Cumulated Duration" and "Percent of Total Duration"
- Added Check for update at startup option (enabled by default)
- Added Logs Dequeuing progress
- Added Loading and Saving progress
- Bug correction: Read memory from break dialog solved (6.3.0 regression). Thanks to Sergio Martins and Socrates Filippatos for report.
- Bug correction: Potential font troubles fixed. Thanks to Socrates Filippatos for report.
New in WinAPIOverride 6.2.0 (May 1, 2013)
- New tools to find sequence of API calls:
- Sequences Auto Detection : detect content of loops or content of event/timer callbacks
- Known Sequences Search : search for specific sequence. Can be used for threat detection
- Process to monitor can be created under another user account
- MonitoringFileBuilder is able to create monitoring files from map files (supported map files format : IDA, Borland, Visual)
- Fill free to disassemble with IDA (Hex-Rays) and monitor with WinApiOverride:
- Multiple remote calls allowed in same time : first remote call don't need to be finished you can do another one with another remote call window
- C++ functions unmangling: added support for Borland and Gcc
- Dumper : Owner of process added
- Bug correction : WinApiOverride : parameter log filtering doesn't work for "Out" parameters (regression since 4.1.0 version).
- InputTextDataRetrival.txt monitoring file updated:
- Bug correction : DebugInfosViewer : search by function name failure corrected
New in WinAPIOverride 6.1.1 (Mar 1, 2013)
- Detailed stats for functions : added number of calls per thread / caller, average and standard deviation for duration, easier failure/success recognition
- Timing Chart : function without return spying duration is now guess through callees duration
- New small utility to undecorate CPP functions
- Direct access to COM and .NET hooking options
- Quicker logs deleting
- Bug correction : command line parsing error (Thanks to Antonio Borneo for report) regression since v6.0.0
- Command line size for attached at startup increased from 260 to 2048 chars
New in WinAPIOverride 6.1.0 (Dec 18, 2012)
- Added return pointed data parsing (string, pointer on structs, arrays)
- Return defines support
- New options for return (|ReturnPointedDataSize=, |ReturnDefine=)
- Timing chart wheel mouse zoom
- Allow to hook multiple already started processes at once without driver
- Bug Corrections:
- Detailed stats crash bug correction
- Potential .Net errors after exception solved
- Charts focus bug correction
- Monitoring File Builder bugs correction
- Parameter option :PointedDataSize=Arg1 bug solved
- Call depth error after logs removal for call stack analysis and timing charts solved
New in WinAPIOverride 6.0.0 (Oct 15, 2012)
- x64 Monitoring and overriding for API, COM and .NET.
- x64 Detailed exceptions report for monitored functions.
- x64 Hooked processes interaction.
- x64 Remote call inside hooked processes.
- Timing Charts and Detailed Stats.
- Cross session interaction available for vista and seven (services and other users processes).
- Automatic stack walking on exception, even if stack walking is disabled for other logs.
- Microsoft debug symbols servers can be used for stack walking.
- Fast .Net framework monitoring changed for better stability.
- Support of Borland fastcall calling convention (x86).
- LargeReturn : support of function returning types larger than a single register size.
- Remote call : buffer overrun protection and report.
- Bugs correction.
- New keywords for monitoring file and overriding dll.
- DoNotHookReturn (stack stealth mode hook).
- DontCheckModulesFilters.
- NoStackShadowSpace (x64).
- Monitoring files update (kerne32, user32, ntdll) are available for Windows 7 (x86+x64).
New in WinAPIOverride 6.0 Pre Alpha (Dec 12, 2011)
- Standard features :
- No stack hooking
- Api Exception reports
- COM / .Net support
- Remote API Call
- Advanced struct parsing
- Notice : launch it with Administrator rights !!!
- Please note that:
- No support will be provided for this Pre Alpha version
- All functionalities have not been coded
- All functionalities have not been tested
- Drivers are not signed (you have to sign them by yourself)
- Stack retrieval is not implemented for 64 bit version
- Only basic tests have been done for API, COM and .NET
- Monitoring files haven t been optimized for windows Seven
- 64 bit version has only been tested on Seven
- 64 bit version can hook 32 bit process, but there still troubles for some struct parsing (only those which are internally supported)
New in WinAPIOverride 3.0 (Dec 19, 2006)
- New hooking algorithms (hook in 5 opcodes, asm registers integrity)
- Parameter filters
- Function return filters
- Optionnal break before or after the function call
- Can hook asm functions with args passed through registers
- Failure code support
- More types supported (including floating return)
- Monitoring files generation
- Call Comparison
- Search through results
- Remote Call Interface
- Statistics
- Export to CVS and HTML added