Windows API挂钩python到msvbvm60.dll（rtcMsgBox）

Question

我想拦截进程的API调用，以了解进程何时调用msvbvm60 dll的API rtcMsgBox。 我已尝试使用此代码但似乎无法正常工作：

from winappdbg import Debug, EventHandler
import sys
import os

class MyEventHandler( EventHandler ):

    # Add the APIs you want to hook
    apiHooks = {

        'msvbvm60.dll' : [( 'rtcMsgBox'  ,   7  ),],'kernel32.dll' : [( 'CreateFileW'  ,   7  ),],
        }

    # The pre_ functions are called upon entering the API

    def pre_CreateFileW(self, event, ra, lpFileName, dwDesiredAccess,
             dwShareMode, lpSecurityAttributes, dwCreationDisposition,
                                dwFlagsAndAttributes, hTemplateFile):

        fname = event.get_process().peek_string(lpFileName, fUnicode=True)
        print "CreateFileW: %s" % (fname)

    # The post_ functions are called upon exiting the API

    def post_CreateFileW(self, event, retval):
        if retval:
            print 'Suceeded (handle value: %x)' % (retval)
        else:
            print 'Failed!'

if __name__ == "__main__":

    if len(sys.argv) < 2 or not os.path.isfile(sys.argv[1]):
        print sys.argv[1]
        print "\nUsage: %s <File to monitor> [arg1, arg2, ...]\n" % sys.argv[0]
        sys.exit()

    # Instance a Debug object, passing it the MyEventHandler instance
    debug = Debug( MyEventHandler() )

    try:
        # Start a new process for debugging
        p = debug.execv(sys.argv[1:], bFollow=True)

        # Wait for the debugged process to finish
        debug.loop()

    # Stop the debugger
    finally:
        debug.stop()

它适用于Kernel32.dll的CreateFileW API，但不适用于msvbvm60.dll的rtcMsgBox。为什么？我做错了什么？

编辑：顺便说一下，我不知道为什么我粘贴的代码分为两段代码。 webapp不能正确解析它，但它只是完全相同的代码片段。 感谢