Pedro's APILogger V2

Applications executing on the XBOX make frequent calls into the XBOX kernel in order to accomplish things.  The group of functions that the kernel exports for use by applications is known as the Kernel API (Applications Programming Interface).  An insight into the operation of the application can be gained by observing the calls it makes to the kernel.

When executed, the APILogger utility installs itself into the kernel, and then spawns a child application.  Any calls made by the spawned application to the kernel are then captured and the details logged to a file on the HDD for later examination.

The design approach was to ensure that the XBOX-based component of the APILogger was as compact and lightweight as possible.  This mandated a companion PC-based application, APIReporter, which contains the intelligence and does the processing.

Copy the XBEs from the distribution into E:\APILog.
When executed, APILoggerHDD.xbe, will install the APILogger into memory, and then spawn the subject XBE located at E:\APILog\default.xbe.  Any support files required by the subject default.xbe should also be copied into E:\APILog.
When executed, APILoggerDVD.xbe, will install the APILogger into memory, and then spawn the subject XBE located at D:\default.xbe.

With either APILogger XBE, the captured log data is written to E:\APILog\APILog.d8a.  For efficiency, this is an optimised binary log file format.  Following a run, FTP this file to the PC.  The separate PC-based utility, APIReporter, knows how to interpret the file format, and is used to produce the human readable text reports.

  APIReporter <filename> [offset (in Hex)] [/STRINGS][>APIReport.txt]

APIReporter APILog.d8a >VerboseReport.txt
APIReporter APILog.d8a 0 /STRINGS >StringsReport.txt

A specific fragment of code is required to record the details of each different kernel call.  There is not enough spare space in the kernel for all the specific fragments at one time.  Therefore, compile-time directives are used to configure which kernel calls should be monitored.  This is configured using the source file.  The source file contains two primary sections.  Every kernel function is listed in both sections and is initially commented out.  Uncomment both occurrences of the kernel function name (one in the top section, and one in the bottom section) in order to activate logging for that call.  It is not recommended that more than 8-10 kernel calls be activated at the same time.  Multiple runs can be made if more are required.

After making changes to this file, the source code must be assembled into a new XBE and transferred to the XBOX for execution.

Known issues:
Not intended to work with other kernel patchers (PBL, NKPatcher, etc) - Use with a mod-chip, or softmod that only alters the M$ key.
Doesn't work for all XBEs - some games appear to clobber it in memory.
APIReporter doesn't show its usage message when executed with no arguments.

It's not pretty, but it does provide some useful functionality is you need it.   Use it if you want, ignore it if you wish.

Version 2 of APILogger is built on NKPatcher technology.  NKPatcher was written by rmenhal.

Greets to the X-S crowd - Angerwound, devz3ro, Ndure protagonist, xman954, krayzie, and DaddyJ.