|
|
||||||
|
#1
06-16-08, 07:35 PM
|
|
|
|
|
Hi,
I would like to see the tracing log for a certain process i.e. notepad.exe For instance, I would like to see all the function calls from ntdll.dll as I execute notepad.exe so that I can see the calls from ntdll made in notepad.exe application. So I first set the breakpoints for all the ntdll Nt* calls i.e. bm ntdll!Nt* Then, I disabled breakpoints and yet let it log by 'sxn' Finally I entered 'g' but it does not seem to work in the way I expected. Can you advise me how to proceed this task? Thank you. |
|
|
|
#2
06-17-08, 08:45 AM
|
|
|
|
|
On Jun 16, 7:35 pm, YE <Y> wrote:
> Hi, > > I would like to see the tracing log for a certain process i.e. notepad.exe > For instance, I would like to see all the function calls from ntdll.dll as I > execute notepad.exe so that I can see the calls from ntdll made in > notepad.exe application. > > So I first set the breakpoints for all the ntdll Nt* calls i.e. bm ntdll!Nt* > Then, I disabled breakpoints and yet let it log by 'sxn' > Finally I entered 'g' but it does not seem to work in the way I expected. > > Can you advise me how to proceed this task? > Thank you. You could try setting the command string for the breakpoints, to include "g" as the last command. For example: bp ntdll!NtCreateFile "r;kv;g" Alternatively, you could look at the "logexts" debugging extension, this comes preconfigured for many of the win32 calls but can be customised to log the Nt calls you are interested in. Then again there are various tools, some free, that provide specific tracing functionality. I've written a simple one, NtTrace, for Win32 and there is a short (slightly out of date) list of some other similar tools at http://www.howzatt.demon.co.uk/NtTra...ilarTools.html Hope this helps, Roger. |
|
#3
06-17-08, 11:36 AM
|
|
|
|
|
Hi YE!
> I would like to see the tracing log for a certain process i.e. notepad.exe > For instance, I would like to see all the function calls from ntdll.dll as I > execute notepad.exe so that I can see the calls from ntdll made in > notepad.exe application. > > So I first set the breakpoints for all the ntdll Nt* calls i.e. bm ntdll!Nt* > Then, I disabled breakpoints and yet let it log by 'sxn' > Finally I entered 'g' but it does not seem to work in the way I expected. > > Can you advise me how to proceed this task? http://blog.kalmbach-software.de/200...ibility-layer/ |
|
|
| Similar Threads | |
| How can I get debug tracing from deserialization process? I am building a client which accesses a web service (HTTP/SOAP), and I think the response message is somehow not in agreement with my wsdl/ proxy class. I am able to access... |
|
| tracing process and kernel activity My computer crashes every Sunday. I'm running Red Hat 7.3 on it. The only weekly scheduled job is /etc/cron.weekly/makewhatis.cron. It is scheduled to run at 4:22 am. My... |
|
| Tracing a port to a process One of my clients asked me this question, and I cannot come up with an easy answer, so maybe I am missing something rather obvious. How do you determine which process is... |
|
| Tracing program that starts a process in task manager Something is starting up two cmd.exe processes in task manager and I cant find where the calls are coming from. They dont appear to be in any of the boot up files. Does... |
|
|
All times are GMT. The time now is 06:32 PM. | Privacy Policy
|
tracing a process