httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Stoddard" <stodd...@raleigh.ibm.com>
Subject Re: [ANNOUNCE] strace for NT (fwd)
Date Thu, 16 Mar 2000 14:17:55 GMT
Thanks for posting. Looks like a good way to trash a system :-) Still, I
intend to give it a try.

Bill

>
> Cool; this could be a decent debugging tool for the NT port.
>
> Brian
>
> Subject: [ANNOUNCE] strace for NT
>
> Hi,
>
> I've written a debugging/investigation utility for examining the NT
> system calls made by a process. It is meant to be used like the strace
> on linux and other unix OSes.
>
> An example:
>
> [c:\strace] strace notepad
> 1 133 139 NtOpenKey (0x80000000, {24, 0, 0x40, 0, 0,
"\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File
Execution Options\notepad.exe"}, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
> 2 133 139 NtCreateEvent (0x100003, 0x0, 1, 0, ... 8, ) == 0x0
> 3 133 139 NtAllocateVirtualMemory (-1, 1243984, 0, 1244028, 8192, 4, ... )
== 0x0
> 4 133 139 NtAllocateVirtualMemory (-1, 1243980, 0, 1244032, 4096, 4, ... )
== 0x0
> 5 133 139 NtAllocateVirtualMemory (-1, 1243584, 0, 1243644, 4096, 4, ... )
== 0x0
> 6 133 139 NtOpenDirectoryObject (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"},
... 12, ) == 0x0
> 7 133 139 NtOpenSymbolicLinkObject (0x1, {24, 12, 0x40, 0, 0,
"KnownDllPath"}, ... 16, ) == 0x0
> 8 133 139 NtQuerySymbolicLinkObject (16, ... "C:\WINNT\system32", 0x0, )
== 0x0
> .
> .
> .
>
> For more information and download (including source), see
> http://razor.bindview.com/tools/desc/strace_readme.html.
>
>
> Todd
>


Mime
View raw message