Best IT Recipes

Systrace for Windows

I am looking for the equivalent of Windows Systrace or at least strace . I know StraceNT , but I wonder if there are any other alternatives out there. In particular, I am looking for a specific method for software for system call policies, although this may occur after the fact, and not actively stop them.

Is there a good way to do it now?

+78
windows strace
Oct 02 '10 at 22:21
source share
9 answers

WinDbg Logger.exe is closest to strace: http://msdn.microsoft.com/en-us/library/windows/hardware/ff552060(v=vs.85).aspx

EDIT: there is also windbg wt: http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/10/12/special-command-tracing-applications-using-wt.aspx

+21
Oct 12
source share

Several variants:

Process monitor

Also see this article about tools built into Windows 7:

Basic OS tools

+37
Aug 02 2018-11-22T00:
source share

Dr. Tool Memory ( http://drmemory.org ) comes with a system call tracking tool called drstrace, which lists all the system calls made by the target application along with its arguments: http://drmemory.org/strace_for_windows.html

For system call policy software, you can use the same basic modules as drstrace: the DynamoRIO tool platform ( http://dynamorio.org ) and the DrSyscall system call monitoring library ( http://drmemory.org/docs/page_drsyscall.html ) They use dynamic binary translation technology, which incurs some overhead (20% -30% in steady state, but much higher when starting new code, for example, launching a large desktop application), which may or may not be suitable for your purposes .

+13
Apr 07 '14 at 13:14
source share

The Monitor API looks very useful for this purpose.

+7
Jan 21 '15 at 17:57
source share

Here is a rather interesting article, I don’t know if it falls into the goal you are looking for, but I think that you can find it leading you in the direction you need.

http://jbremer.org/intercepting-system-calls-on-x86_64-windows/

+5
Jul 26 '13 at 13:44 on
source share

strace can be obtained from Cygwin in the cygwin package. You can download it from Cygwin mirror , for example:

http://mirrors.sonic.net/cygwin/x86_64/release/cygwin/cygwin-2.0.2-1.tar.xz # | | | | # +-----------+----------+ +--+--+ # | | # mirror version

strace is one of the few Cygwin programs that does not rely on the Cygwin DLL, so you just need to copy strace.exe to wherever you want and use it.

+2
Jun 03 '15 at 3:14
source share

There are several tools built around Xperf. It is quite complex, but very powerful - see the quick start guide . There are other useful resources on the Windows Performance Analysis page .

+1
Dec 20 '11 at 9:02
source share

You can use a process monitor written by Mark Russinovich. This is a fantastic application that will allow you to connect to any running process in the system and see all the system calls that this process currently makes.

https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

0
Jan 21 '17 at 16:38
source share

Strace is supported by Git , as Michael Fox mentioned. Maybe useless for complex programs / windows.

0
Aug 22 '19 at 22:10
source share


More articles:


All Articles