Windows 系统 - 开卷题库

小开

A few options:

Also, see this article about tools built into Windows 7:

小开

There are several tools all built around Xperf. It's rather complex but very powerful -- see the quick start guide. There are other useful resources on the Windows Performance Analysis page

小开

最佳答案

WinDbg's Logger.exe is the closest to strace: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/logger-and-logviewer

EDIT: There's also windbg's wt: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/wt--trace-and-watch-data-

小开

Here is a pretty intersting article, I don't know if it hits the target you are looking for but I think you may find it leading you in the direction you want.

http://jbremer.org/intercepting-system-calls-on-x86_64-windows/

小开

The Dr. Memory (http://drmemory.org) tool comes with a system call tracing tool called drstrace that lists all system calls made by a target application along with their arguments: http://drmemory.org/strace_for_windows.html

For programmatically enforcing system call policies, you could use the same underlying engines as drstrace: the DynamoRIO tool platform (http://dynamorio.org) and the DrSyscall system call monitoring library (http://drmemory.org/docs/page_drsyscall.html). These use dynamic binary translation technology, which does incur some overhead (20%-30% in steady state, but much higher when running new code such as launching a big desktop app), which may or may not be suitable for your purposes.

小开

API Monitor looks very useful for this purpose.

小开

strace is available from Cygwin in the cygwin package. You can download it from a Cygwin mirror, for example:

http://mirrors.sonic.net/cygwin/x86_64/release/cygwin/cygwin-2.0.2-1.tar.xz
#      |                      |                              |     |
#      +-----------+----------+                              +--+--+
#                  |                                            |
#               mirror                                       version

strace is one of the few Cygwin programs that does not rely on the Cygwin DLL, so you should be able to just copy strace.exe to where you want and use it.

小开

You can use process monitor written by Mark Russinovich. This is a fantastic little application that will allow you to attach to any running process on the system and see all of the system calls that process is currently making.

https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

小开

strace supported By installation of Windwos Git,as Michael Fox Mention Maybe not useful for complex/windows software.