SpyStudio Tutorials HomeIntroductionSpyStudio lets you trace almost any process you want at almost any moment of its execution, but sometimes you don't need information on all the calls in the life cycle of the process or, for some reason, you can't start or stop the process freely. In this tutorial you will learn how to hook a process which is already running.Tracing a running application step by step1. Select API groups that you want to interceptThe first step is to select the function groups to trace. This is done by checking and unchecking items in the menu bar, under the "Monitor" drop-down menu.See SpyStudio Group Selection for details on function groups. 2. Select running processes to execute and hook them Select the processes that you want to intercept and open the context menu to hook them as seen in the screenshot below. Note: Processes shown in gray are x64 and can be intercepted using SpyStudio x64  4. Tracing SpyStudio intercepts and logs all calls to the functions included in the selected function groups. This information is shown both almost raw in the "Trace" tab and totally interpreted in the other tabs ("Registry", "Files", "Windows", etc). See SpyStudio Interpreting Tracing Output for more information on how to read SpyStudio logs. 5. Stop To stop monitoring all processes, just open the 'Analysis' menu and select 'Stop' as seen below. Also, you can stop monitoring specific processes by selecting them in the processes pane and using the context menu.  |