Inprise
دوشنبه 17 اسفند 1383, 00:40 صبح
سلام؛
Strace یکی از قدرتمندترین ابزارهای مانیتورینگ روند اجرا است که برنامه نویسان یونیکس سالهاست با اون مانوس هستند . ابزاری بنام Strace fot NT که سعی میکنه همون قابلیتها رو با شمایلی مشابه روی Win32 ارائه کنه ، همراه با سورسش ، "اینجا (http://www.bindview.com/Resources/RAZOR/Files/strace-0.3.zip)" ست . این ابزار برای کسانی که تجربهء کار با Strace یونیکس رو دارن یقینا" گزینهء با ارزشیه .
<span dir=ltr><span dir=ltr>
How do I use it
Take the strace.exe and strace.sys from the distribution (or build them from the sources yourself), and put them together in some directory on your local hard disk. Then, just run, e.g.,
[c:\strace] strace notepad
and you should see something like:
1 133 139 NtOpenKey (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine [...]
2 133 139 NtCreateEvent (0x100003, 0x0, 1, 0, ... 8, ) == 0x0
3 133 139 NtAllocateVirtualMemory (-1, 1243984, 0, 1244028, 8192, 4, ... ) == 0x0
4 133 139 NtAllocateVirtualMemory (-1, 1243980, 0, 1244032, 4096, 4, ... ) == 0x0
5 133 139 NtAllocateVirtualMemory (-1, 1243584, 0, 1243644, 4096, 4, ... ) == 0x0
6 133 139 NtOpenDirectoryObject (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 12, ) == 0x0
7 133 139 NtOpenSymbolicLinkObject (0x1, {24, 12, 0x40, 0, 0, "KnownDllPath"}, ... 16, ) == 0x0
8 133 139 NtQuerySymbolicLinkObject (16, ... "C:\WINNT\system32", 0x0, ) == 0x0
9 133 139 NtClose (16, ... ) == 0x0
.
.
.
The first column is an identity, which lets you match up calls that don't complete immediately (and are broken onto two lines). The second and third columns are the process and thread ids of the thread making the call. Next is the name of the system call, the input parameters, three dots (...), then output parameters, and the return code.
You can also choose to strace a currently running process by specifying its pid, e.g., if you want to see what winlogon.exe does when you hit Ctrl-Alt-Del, find its pid with taskmgr, and then
[c:\strace] strace -p 34
1 34 33 NtUserPeekMessage (1244272, 0, 0, 0, 1, 1244192, ... ) == 0x1
2 34 33 NtUserLockWindowStation (68, ... ) == 0x1
3 34 33 NtUserOpenInputDesktop (0, 0, 33554432, ... ) == 0xd8
4 34 33 NtUserGetObjectInformation (216, 2, 0, 0, 1244100, ... ) == 0x0
5 34 33 NtUserGetObjectInformation (216, 2, 1294320, 16, 1244100, ... ) == 0x1
6 34 33 NtUserSwitchDesktop (84, ...
7 34 33 NtOpenKey (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Hardware\DeviceMap\Video"}, ... 244, ) == 0x0
8 34 33 NtQueryValueKey (244, "\Device\Video0", 1, -203229988, 512, -203229476, ... ) == 0x0
9 34 33 NtOpenKey (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet [...]
10 34 33 NtClose (244, ... ) == 0x0
.
.
.
You can choose to strace all processes, by specifying a pid of 0. Be sure to read the shortcomings section below before doing this. </span></span>موفق باشید
:)
Strace یکی از قدرتمندترین ابزارهای مانیتورینگ روند اجرا است که برنامه نویسان یونیکس سالهاست با اون مانوس هستند . ابزاری بنام Strace fot NT که سعی میکنه همون قابلیتها رو با شمایلی مشابه روی Win32 ارائه کنه ، همراه با سورسش ، "اینجا (http://www.bindview.com/Resources/RAZOR/Files/strace-0.3.zip)" ست . این ابزار برای کسانی که تجربهء کار با Strace یونیکس رو دارن یقینا" گزینهء با ارزشیه .
<span dir=ltr><span dir=ltr>
How do I use it
Take the strace.exe and strace.sys from the distribution (or build them from the sources yourself), and put them together in some directory on your local hard disk. Then, just run, e.g.,
[c:\strace] strace notepad
and you should see something like:
1 133 139 NtOpenKey (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine [...]
2 133 139 NtCreateEvent (0x100003, 0x0, 1, 0, ... 8, ) == 0x0
3 133 139 NtAllocateVirtualMemory (-1, 1243984, 0, 1244028, 8192, 4, ... ) == 0x0
4 133 139 NtAllocateVirtualMemory (-1, 1243980, 0, 1244032, 4096, 4, ... ) == 0x0
5 133 139 NtAllocateVirtualMemory (-1, 1243584, 0, 1243644, 4096, 4, ... ) == 0x0
6 133 139 NtOpenDirectoryObject (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 12, ) == 0x0
7 133 139 NtOpenSymbolicLinkObject (0x1, {24, 12, 0x40, 0, 0, "KnownDllPath"}, ... 16, ) == 0x0
8 133 139 NtQuerySymbolicLinkObject (16, ... "C:\WINNT\system32", 0x0, ) == 0x0
9 133 139 NtClose (16, ... ) == 0x0
.
.
.
The first column is an identity, which lets you match up calls that don't complete immediately (and are broken onto two lines). The second and third columns are the process and thread ids of the thread making the call. Next is the name of the system call, the input parameters, three dots (...), then output parameters, and the return code.
You can also choose to strace a currently running process by specifying its pid, e.g., if you want to see what winlogon.exe does when you hit Ctrl-Alt-Del, find its pid with taskmgr, and then
[c:\strace] strace -p 34
1 34 33 NtUserPeekMessage (1244272, 0, 0, 0, 1, 1244192, ... ) == 0x1
2 34 33 NtUserLockWindowStation (68, ... ) == 0x1
3 34 33 NtUserOpenInputDesktop (0, 0, 33554432, ... ) == 0xd8
4 34 33 NtUserGetObjectInformation (216, 2, 0, 0, 1244100, ... ) == 0x0
5 34 33 NtUserGetObjectInformation (216, 2, 1294320, 16, 1244100, ... ) == 0x1
6 34 33 NtUserSwitchDesktop (84, ...
7 34 33 NtOpenKey (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Hardware\DeviceMap\Video"}, ... 244, ) == 0x0
8 34 33 NtQueryValueKey (244, "\Device\Video0", 1, -203229988, 512, -203229476, ... ) == 0x0
9 34 33 NtOpenKey (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet [...]
10 34 33 NtClose (244, ... ) == 0x0
.
.
.
You can choose to strace all processes, by specifying a pid of 0. Be sure to read the shortcomings section below before doing this. </span></span>موفق باشید
:)