Develop Reference

How to monitor and record Win API calls made by executable files for certain action?

PowerBuilder application has some limitations on how objects are managed in libraries. for example there is no way i can copy user object from one library to another through script.
I am looking for some way to monitor the PowerBuilder application and record sequence of system events performed in library painter. Based on recorded events i want to have a list of win32 API calls that were made for those actions. And in the end reproduce same results with win32 API calls i recorded.
The Purpose is to bypass use of PowerBuilder IDE for library functions.
Please tell me how is that possible?
Ver: PB 12.5 / Win 7, 8.1

You can use ORCA functionality to update the library files from an external application. Look at the PDF file under the SDK\ORCA folder. There is a function PBORCA_LibraryEntryCopy.
It would be helpful if you told us what version of PowerBuilder you are using. Also more detail on why. What is it that you want to accomplish? There could be a simpler method that you didn't think of if we knew exactly what and why.

windbg: Is it possible to embed Windgb engine in my own program?

I'd like to write a debugging/diagnostic tool which can call Windbg functions to examine a dump file, instead of writing a windbg extension. Is this possible and any references?
Thanks a lot.

Rather than WinDbg, you can use the Debugging API which is implemented in dbghelp.dll. It's documented on MSDN. That reference documentation is rather dry, but it should give you an idea of the capabilities of the API. For example, MiniDumpReadDumpStream is the gateway to examining dump files.

In addition to the existing answers, WinDBG is a GUI front end for the DbgEng API. You can use this API to write either WinDBG extensions or other standalone applications. The WinDBG SDK ships with samples of both, an example standalone application can be found in the \sdk\samples\dumpstk subdirectory of your WinDBG install.
For more information, I wrote an article about DbgEng to write extensions here:
http://www.osronline.com/custom.cfm?name=articlePrint.cfm&id=559
Most of that will also apply for how you write a standalone application as it mostly focuses on the programming pattern of the DbgEng interface.

here are some links that use dbgeng interfaces to make standalone executables.
a short summary of the process is to
call DebugCreate() to create a client
call QueryInterFace()
and call one of its methods
http://www.woodmann.com/forum/entry.php?252-Dbgeng-based-handles-(PART-2-)
http://www.woodmann.com/forum/entry.php?246-A-Simple-Dbgeng-Based-User-Mode-Debugger
http://www.woodmann.com/forum/entry.php?248-DbgEng-Based-Debugger-(PART2)
http://www.woodmann.com/forum/entry.php?249-DbgEng-Based-Debugger-(PART2-Contd-)
http://www.woodmann.com/forum/entry.php?250-DbgEng-based-Kernel-Debugger
http://www.woodmann.com/forum/entry.php?251-Dbgeng-based-Handles

You could make commands using powershell or to the command line version of WinDbg which is cdb and then parse the output from cdb which you interpret.
This would be similar notion to piping the output from cdb to your app.
There is post about using powershell in this manner: http://rkeithhill.wordpress.com/2006/08/14/minidump-crash-analysis-with-powershell/
It should be straightforward to pump commands to cdb and interpret the output for specific commands.

Python integrated with dbgeng:
pykd.codeplex.com
This project may be use as a demo for such integration

Adding a DLL file as reference in C#.NET project

I am currently working on a project to perform disk defragmentation in Microsoft Windows environment. For that I want to use the in-built functions of the Windows defragmentation utility. I read somewhere that Windows uses "dfrgres.dll" file to perform defragmentation. So, I want to add "dfrgres.dll" file as a reference in my project. But I am not able to do so. This is the error message which I am getting when I try to add the specified DLL into my project:
"A reference to '...\dfrgres.dll' could not be added. Please make sure that the file is accessible, and that it is a valid assembly or COM component"
Please tell me where the problem is...or is there any other way to do it...??? Are there any other open source resources available over the internet for defragmentation...???
Regards,
Mr. Elusive

There is no dedicated DLL or COM server to perform defrag, the low-level interface uses IOCTL codes to talk to the device driver. Briefly described here.
There's a Microsoft employee blog post that proposes a C# interface. No idea if it still works on later versions of Windows.

Help needed for DIA SDK & DbgEng

Are DIA SDK & DbgEng (Not the DbgHelp) both COM based API and based on DbgHelp?
If so, how can I call DbgEng API from a C# application. I can import the DIA library to C# project using idl file (tlibimp for generated tlib file), but DbgEng doesn't have any IDL file.
I have seen an incomplete wrapper for DbgEng
which manually wraps the API using Managed C++, but that misses many of the functions.
Can I import DbgEng.DLL in C# automatically without writing any managed wrapper?
Secondly, does DIA SDK allows a process to be attached and memory to be investigated (and possibly evaluate an expression), like DbgEng or it is just to get the symbols from the pdb file? So far only example I got is Dia2dump which only parses the pdb file.

DIA SDK is only for symbols not debugging it is totality unrelated to DbgHelp.dll
DbgEng.dll have some COM API but only intrfaces you still need to-do some pinvoking to get those interfaces, its better in your case to wrap what you need with Managed C++ or expose it thru COM using C++.

It is the other way round -- dbghelp is based on DIA.

How to intercept dll method calls?

How to intercept dll method calls?
What are the techniques available for it?
Can it be done only in C/C++?
How to intercept method calls from all running processes to a given dll?
How to intercept method calls from a given processes to a given dll?

There are two standard ways I can think of for doing this
DLL import table hook.
For this you need to parse the PE Header of the DLL, find the import table and write the address of your own function instead of what is already written there. You can save the address of the original function to be able to call it later. The references in the external links of this wikipedia article should give you all the information you need to be able to do this.
Direct modification of the code. Find the actual code of the function you want to hook and modify the first opcodes of it to jump to your own code. you need to save the opcode which were there so they will eventually get executed. This is simpler than it sounds mostly because it was already implement by no less than Microsoft themselves in the form of the Detours library.
This is a really neat thing to do. with just a couple of lines of code you can for instance replace all calls to GetSystemMetrics() from say outlook.exe and watch the wonders that occur.
The advantages of one method are the disadvantages of the other. The first method allows you to add a surgical hook exactly to DLL you want where all other DLLs go by unhooked. The second method allows you the most global kind of hook to intercept all calls do the function.

Provided that you know all the DLL functions in advance, one technique is to write your own wrapper DLL that will forward all function calls to the real DLL. This DLL doesn't have to be written in C/C++. All you need to do is to match the function calling convention of the original DLL.

See Microsoft Detours for a library with a C/C++ API. It's a bit non-trivial to inject it in all other programs without triggering virus scanners/malware detectors. But your own process is fair game.

On Linux, this can be done with the LD_PRELOAD environment variable. Set this variable to point at a shared library that contains a symbol you'd like to override, then launch your app.