Menu
I'm looking for a Windows equivalent of Systrace or at least strace. I'm aware of StraceNT, but wondering if there are any more alternatives out there. Specifically, I'm looking for a specific way to programmatically enforce system call policies, though this can be after the fact rather than actively stopping them.
Is there a good way to do this currently?
794
On Windows, you can use Process Monitor to monitor process activity (I/O and registry). I guess this fits your need if you don't really want to know the system calls. And you can use winapioverride32 to monitor API calls.
Trace Linux Command System Calls You can simply run a command with strace like this, here we are tracing of all system calls made by the df command. $ strace df -h execve("/bin/df", ["df", "-h"], [/* 50 vars */]) = 0 brk(NULL) = 0x136e000 access("/etc/ld.
strace is a diagnostic tool in Linux. It intercepts and records any syscalls made by a command. Additionally, it also records any Linux signal sent to the process.
A few options:
Process Monitor
Also, see this article about tools built into Windows 7:
Core OS Tools
181
WinDbg's Logger.exe is the closest to strace: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/logger-and-logviewer
EDIT: There's also windbg's wt: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/wt--trace-and-watch-data-
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
