Copyright (C) 2005 iDefense, a Verisign Company.
Author: David Zimmer <dzzie@yahoo.com>
iDefense no longer maintains a labs software download page. The original author picked up support and continues maintenance in his spare time. Current source, issues, and releases live at:
SysAnalyzer is licensed under the GNU General Public License, version 2 or (at your option) any later version.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, see gnu.org/licenses/gpl-2.0.html.
Three different hook engines have powered the API logger over its lifetime. The current build uses MinHook, but credit is due to the engines that came before — each carried the project for years.
| Era | Engine | Disassembler |
|---|---|---|
| Original | OllyDbg-based hooker.lib | OllyDbg disasm/asm engines |
| Middle | NTCore Hooking Engine | diStorm |
| Current | MinHook | Hacker Disassembler Engine 32 C |
The current API logger uses the MinHook hook engine for x86 / x64 inline hooking. MinHook is licensed under the 2-clause BSD License, Copyright (C) 2009-2017 Tsuda Kageyu.
The migration from the NTCore Hooking Engine to MinHook was made for x64 stability.
MinHook contributors:
| Contributor | Contribution |
|---|---|
| Tsuda Kageyu <tsuda.kageyu@gmail.com> | Creator, maintainer. |
| Michael Maltsev <leahcimmar@gmail.com> | Added the Queue functions. Numerous bug fixes. |
| Andrey Unis <uniskz@gmail.com> | Rewrote the hook engine in plain C. |
MinHook itself includes portions of the Hacker Disassembler Engine 32 C, Copyright (c) 2008-2009 Vyacheslav Patkov, also under BSD-style terms.
Before the MinHook migration, the API logger was built around a modified version of the open-source x86/x64 NTCore Hooking Engine by Daniel Pistelli <ntcore@gmail.com>.
The NTCore engine in turn used the GPL diStorm x86/x64 disassembler library, written by Gil Dabah, Copyright (C) 2003-2012 Gil Dabah <diStorm at gmail dot com>.
The very first API hooking engine in hooker.lib was built around the GPL OllyDbg assembler and disassembler engines (disasm.h, asmserv.c, assembl.c, disasm.c) by Oleh Yuschuk, Copyright (C) 2001. Those sources remain in the older Malcode Analyst Pack distribution but are no longer used in the current SysAnalyzer build.
Sniff Hit and the original API hooking sources are part of the Malcode Analyst Pack.