Windows 中是否有类似 Linux ptrace 系统调用的东西?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/865106/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is there something like the Linux ptrace syscall in Windows?
提问by ivmos
Reading Monitoring certain system calls done by a process in Windows, I'm wondering about a Windows equivalent to the ptracesystem call or a programmatical workaround.
阅读监视 Windows 中的进程完成的某些系统调用,我想知道与ptrace系统调用或编程解决方法等效的 Windows 。
采纳答案by Michael
You can use ETW to trace system calls. When starting the trace, in EVENT_TRACE_PROPERTIES, you can add EVENT_TRACE_FLAG_SYSTEMCALL flag to EnableFlags. This enables SysCallEnter and SysCallLeave events, as described here.
您可以使用 ETW 来跟踪系统调用。启动跟踪时,在 EVENT_TRACE_PROPERTIES 中,您可以将 EVENT_TRACE_FLAG_SYSTEMCALL 标志添加到 EnableFlags。这使得SysCallEnter和SysCallLeave事件,描述在这里。
