That small utility i've written while developing own store provider. That is utility is written to investigate Outlook behaviour with MAPI subsystem. It does not have some GUI interface so far but we have what we have. I think some useful log files can do some good :) It's not so stable as I want but it is usable. I noticed that it is rather stable if you run investigated process under VC6 debugger. How to use
- Copy content of archive to c:\hook
- Copy hookstub.dll to %SYSTEM32% directory or to any directory in %PATH%.
- Edit HookTool.ini [Scope] Hook= sets processes names (without .exe extension) to be hooked [MAPI] Functions= determines functions of MAPI subsystem to be hooked. There is some set of functions already but commented out. Each function has it's description in it's own section
- Run HookSrv.exe.
- Start investigated process.
- Look C:\ for log files.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
IMPORTANT
To use this tool under VS.NET Debugger you need to set variable
in HookTool.ini
[Trace]
;...
CreateRemoteThread = No
;...
Without this setting started process will hang
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
There is the possibility to spy MAPI providers without hooktool engine. See the following how to spy without hooktool. Sample uses Exchange provider to demonstrate how to do that. Copy mapispy32.dll and hooktool.ini to the C:\Program Files\Common Files\System\Mapi\1033\. It is for Outlook XP english default installation. Other versions of Outlook can use slightly differ path. Modify mapisvc.ini in this directory: change section [EMS_MDB_private] like this [EMS_MDB_private] 3dfd001e=EMSMDB32.DLL ;PR_PROVIDER_DLL_NAME=EMSMDB.DLL PR_PROVIDER_DLL_NAME=MAPISpy.DLL PR_SERVICE_INSTALL_ID={6485D26A-C2AC-11D1-AD3E-10A0C911C9C0}
PR_RESOURCE_TYPE=MAPI_STORE_PROVIDER PR_RESOURCE_FLAGS=STATUS_PRIMARY_IDENTITYSTATUS_DEFAULT_STORESTATUS_PRIMARY_STORE 66090003=0C000000 660A0003=01000000 34140102=5494A1C0297F101BA58708002B2A2517 PR_DISPLAY_NAME=Private Folders PR_PROVIDER_DISPLAY=Microsoft Exchange Message Store To make it work you need to create new profile because this information is populated while adding provider to the profile. Previously created profiles won't be hooked. After that you can revert changes and you will have only hooked profile. :) That way you can spy only providers and not only Outlook working with these providers. But client spying is impossible. Any way that should do the trick for you.
Download Last Updated 08.08.2008
8 comments:
If you are alone, call this number 800-211-9293. Connect with Real Singles from your local area instantly for only $0.99/min with a $4.99 connection fee. A true Match is only one phone call away 800-211-9293. Meet people with common interests and desires now. Check it out. 800-211-9293
A definite helpful tool for MAPI programmer.
MapiSpy is a really a nice idea and very helpful - if you manage to make it work and it does not crash your spied MAPI application...
Using Hooktool never worked in my tests and using mapispy.dll by editing the mapisvc.ini does not work with Outlook 2003 - luckily this is not the MAPI application I want to spy on.
Lack of stability is the only negative point I can say about MAPISpy. Did you ever think about releasing the source of mapispy? May be the community could help improving the stability...
Actualy soon i will release a new version of this tool.
The stability is much improved.
Outlook becomes unstable because of 'CreateRemoteThread' method.
If i use injecting via main thread it works much better. New version will include some GUI configurator.
Also there will be possibility to make provider hooking (without hooktool) for existing profiles. Plus i added MAPI memory profiler and object profiler (to find leaked objects). Support for Outlook 2007 and Vista added. that is not all features :)
I can't wait for this release, as the current one doesn't seem to work with Outlook2007 here.
Is 'soon' soon Henry ?
Thanks and keep up the good work.
look there
http://mapispy.com/files/mapispy/hook20072007.zip
That is latest version.
There is also
http://mapispy.com/files/mapispy/starter.zip
This small utility starts investigate application with some delay so it can be definitely hooked. It solves some racing problems on very fast computers.
Hi,
I have installed Exchange 2003 on Windows 2000 Advanced Server.
I get the following error:
"NtProcDrv.sys device driver could not locate the entry point PsRemoveCreateThreadNotifyRoutine in driver ntoskrnl.exe"
I'm sure it's an OS compatibility issue.
Can you tell me which OSs I can run this tool on??
Oh and by the way, you've taken great efforts in helping us programmers by writing such a wonderful tool
Thanks,
Koushal
(koushaltk@gmail.com)
Actually it works since Windows XP and Windows 2003 Server
Post a Comment