@article{ART003338909},
author={Jun-Seob Kim},
title={Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2026},
volume={31},
number={5},
pages={149-163}
TY - JOUR
AU - Jun-Seob Kim
TI - Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows
JO - Journal of The Korea Society of Computer and Information
PY - 2026
VL - 31
IS - 5
PB - The Korean Society Of Computer And Information
SP - 149
EP - 163
SN - 1598-849X
AB - In this paper, we propose a hardware branch tracing-based framework for identifying external APIs invoked during program execution on Windows. The proposed framework collects branch logs using Intel Last Branch Records (LBR), filters branches directed to external modules in a post-processing stage, and maps their destination addresses to function information of loaded DLLs to identify invoked external APIs. Because this approach is based on branch traces observed during execution, it does not rely only on statically exposed reference information or on predefined API hooking points. Experiments were conducted on four basic scenarios, namely normal-entry calls, dynamic-loading calls, native API direct calls, and internal-function entry calls. Additional experiments were also conducted on dynamic-loading variants with obfuscated API names and detection of debugging or hooking attempts.
The results show that the proposed framework identified external APIs in all scenarios and achieved a 100% identification rate in the four basic scenarios. These findings indicate that the proposed method provides a practical way to identify external APIs while minimizing direct runtime intervention.
KW - External API;API Identification;Hardware Branch Tracing;Intel LBR;Native API;API Hooking
DO -
UR -
ER -
Jun-Seob Kim. (2026). Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows. Journal of The Korea Society of Computer and Information, 31(5), 149-163.
Jun-Seob Kim. 2026, "Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows", Journal of The Korea Society of Computer and Information, vol.31, no.5 pp.149-163.
Jun-Seob Kim "Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows" Journal of The Korea Society of Computer and Information 31.5 pp.149-163 (2026) : 149.
Jun-Seob Kim. Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows. 2026; 31(5), 149-163.
Jun-Seob Kim. "Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows" Journal of The Korea Society of Computer and Information 31, no.5 (2026) : 149-163.
Jun-Seob Kim. Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows. Journal of The Korea Society of Computer and Information, 31(5), 149-163.
Jun-Seob Kim. Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows. Journal of The Korea Society of Computer and Information. 2026; 31(5) 149-163.
Jun-Seob Kim. Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows. 2026; 31(5), 149-163.
Jun-Seob Kim. "Design of a Hardware Branch Tracing-Based Framework for External API Identification on Windows" Journal of The Korea Society of Computer and Information 31, no.5 (2026) : 149-163.
