问题
I'm looking for a Windows equivalent of Systrace or at least strace. I'm aware of StraceNT, but wondering if there are any more alternatives out there. Specifically, I'm looking for a specific way to programmatically enforce system call policies, though this can be after the fact rather than actively stopping them.
Is there a good way to do this currently?
回答1:
WinDbg's Logger.exe is the closest to strace: http://msdn.microsoft.com/en-us/library/windows/hardware/ff552060(v=vs.85).aspx
EDIT: There's also windbg's wt: http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/10/12/special-command-tracing-applications-using-wt.aspx
回答2:
A few options:
Process Monitor
Also, see this article about tools built into Windows 7:
Core OS Tools
回答3:
The Dr. Memory (http://drmemory.org) tool comes with a system call tracing tool called drstrace that lists all system calls made by a target application along with their arguments: http://drmemory.org/strace_for_windows.html
For programmatically enforcing system call policies, you could use the same underlying engines as drstrace: the DynamoRIO tool platform (http://dynamorio.org) and the DrSyscall system call monitoring library (http://drmemory.org/docs/page_drsyscall.html). These use dynamic binary translation technology, which does incur some overhead (20%-30% in steady state, but much higher when running new code such as launching a big desktop app), which may or may not be suitable for your purposes.
回答4:
API Monitor looks very useful for this purpose.
回答5:
Here is a pretty intersting article, I don't know if it hits the target you are looking for but I think you may find it leading you in the direction you want.
http://jbremer.org/intercepting-system-calls-on-x86_64-windows/
回答6:
strace is available from Cygwin in the cygwin package. You can download it from a Cygwin mirror, for example:
http://mirrors.sonic.net/cygwin/x86_64/release/cygwin/cygwin-2.0.2-1.tar.xz
# | | | |
# +-----------+----------+ +--+--+
# | |
# mirror version
strace is one of the few Cygwin programs that does not rely on the Cygwin DLL,
so you should be able to just copy strace.exe to where you want and use it.
回答7:
There are several tools all built around Xperf. It's rather complex but very powerful -- see the quick start guide. There are other useful resources on the Windows Performance Analysis page
回答8:
You can use process monitor written by Mark Russinovich. This is a fantastic little application that will allow you to attach to any running process on the system and see all of the system calls that process is currently making.
https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
回答9:
strace supported By Git,as Michael Fox Mention Maybe not useful for complex/windows software.
来源:https://stackoverflow.com/questions/3847745/systrace-for-windows