Menu
Reading Monitoring certain system calls done by a process in Windows, I'm wondering about a Windows equivalent to the ptrace system call or a programmatical workaround.
337
You can use ETW to trace system calls. When starting the trace, in EVENT_TRACE_PROPERTIES, you can add EVENT_TRACE_FLAG_SYSTEMCALL flag to EnableFlags. This enables SysCallEnter and SysCallLeave events, as described here.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
