Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using logger.exe to sniff system calls

I have an application that uses some serial port and runs some system calls, eg EscapeCommFunction and I want to debug it. Basically I want the closest I can get to strace on linux. I found that the best candidate seems to be logger.exe but I can't figure out how to use it.

I tried calling

logger.exe <application> <arg1> <arg2> <arg3>

And tried all combinations that made sense to me in the dialog that appeared. The result was always the same: The program finished successfully and no output on the Logger window or any log files were created even after I closed logger.

like image 580
fakedrake Avatar asked Dec 01 '15 16:12

fakedrake


2 Answers

I agree to @Alex K. and suggest API Monitor.

Just use the spyglass icon to find the method(s) you want to monitor and add a checkmark on them.

API Monitor for EscapeCommFunction

Then either pick a process from the "Running processes" tab or monitor a new process (API monitor will start it for you).

Note that API monitor exists in 2 versions: x86 and x64 and you should pick the correct bitness for the application you want to monitor.

You can also set a breakpoint on the method, which will trigger an INT3 in the target thread. The "unhandled exception dialog" will pop up and you can choose a debugger (Visual Studio in my case).

API Monitor set breakpoint

Regarding the Chrome request: I was testing with Serial Monitor as the app, enabled developer mode, inspecting demo.html. I figured out the correct process using the crosshair cursor of Process Explorer. Then I created the snippet as suggested by you

chrome.serial.connect("COM1", {
    bitrate: 9200
}, function(i) {
    chrome.serial.setControlSignals(i.connectionId, {
        dtr: false
    }, function() {
        console.log("done");
    });
});

and ran it. This is the result:

Monitor serial port in Chrome

like image 145
Thomas Weller Avatar answered Oct 14 '22 08:10

Thomas Weller


log file is always created in logexts subdir of desktop not alterable

C:\Documents and Settings\Admin\Desktop>DIR /S /B LOGE*
File Not Found 

execute logger

C:\Documents and Settings\Admin\Desktop>LOGGER CALC.EXE 
  1. once logger window is open
  2. select the apis that you require in the left pane and click include radio button
  3. by default nothing is selected and nothing will be logged
  4. the lgv file created will contain nothing to show
  5. you need to select api and include them for logging
  6. you can write your own manifest file for specialised loggging
  7. after your session is over close the logger.exe you will have an lgv file
  8. you can open this lgv file in logviewer.exe using file ->open no command line option

the subdir has been created for the session

C:\Documents and Settings\Admin\Desktop>DIR /S /B LOGE*
C:\Documents and Settings\Admin\Desktop\LogExts

navigation to the subdir and dumping the dir structure

C:\Documents and Settings\Admin\Desktop>CD LogExts

C:\Documents and Settings\Admin\Desktop\LogExts>ls -la
total 32
drwxr-xr-x    4 Admin    Administ        0 Dec  2 10:31 .
drwxr-xr-x    1 Admin    Administ        0 Dec  2 10:31 ..
-rw-r--r--    1 Admin    Administ    64304 Dec  2 10:33 CALC.EXE.lgv <---
-rw-r--r--    1 Admin    Administ        0 Dec  2 10:31 CALC.EXE.txt

opening logviewr to view the lgv file C:\Documents and Settings\Admin\Desktop\LogExts>logviewer

screen shot of apis logged and statistics of the apis logged notice file path in window title
enter image description here

like image 1
blabb Avatar answered Oct 14 '22 07:10

blabb