I’m facing a programming problem I’m not sure quite how to approach.
I need to inspect an arbitrary process running in Windows. I’d call the task introspection, but I have no access to the source of the process I want to inspect. Ideally, there is some sort of powerful framework for this built into Windows itself, but I’m willing to do a bit of hacking around if it proves necessary.
Yes, this is almost sketchy: I’m trying to partially reverse-engineer some closed-source software to extend its capabilities. On the other hand, it’s not like I’m trying to gain access to someone else’s machine.
I’d be willing to consider a mouse-manipulation and screen-scraping solution–preferably leveraging some open-source OCR project–but I’d prefer to have access closer to the code level.
My problem is that I have no experience in this and I’m not sure where to start. Anyone have any good documentation, or ideas on how I should proceed? Even if there’s a good reference book on the subject, I’d like to know about it.
First question: is this a single .exe, or are there .dll files involved? If there are .dlls, have you tried using Python ctypes to load them and examine their APIs? If the app is well-architected, you may be able to get away without even messing with the .exe.
Second remark: there’s a bunch of debugger functionality in Windows. A debugger can attach to a running process, stop it, step it, inspect its variables and so forth. I’m sure you don’t want to write a whole debugger; I’m equally sure the API is the product of the same kind of minds that brought us .obj-file format: bizarre, obscure & obtuse. But if you’re sufficiently determined, I believe the hooks are there to create from scratch a new “remote” debugger. Some subset of that should allow you to at least understand what the app is doing.
Making it do something new could be another story. Again, your best bet will be if the functionality you want to intercept/extend is launched by a call into a DLL.
Meant to mention: you know that ctypes is bundled with Python 2.5+, yes?
Check out http://www.openspan.com – a visual approach to application integration of running applications (supports win32, web, green screen, Java etc.,)