shotgunner / wusstrace Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/wusstrace
License: GNU General Public License v3.0
Automatically exported from code.google.com/p/wusstrace
License: GNU General Public License v3.0
WUSSTrace ========= WUSSTrace is a user-space syscall tracer for Microsoft Windows developed for fine grained syscall tracing: it supports the majority of Windows system calls (except GUI system calls), the majority of argument types, and dumps faithfully all the supported types. WUSSTrace produces easy-to-parse XML traces leveraging the Boost serialization library. Tracing is performed by injecting a shared library in the address space of the traced process and by hooking the stubs KiFastSystemCall and KiIntSystemCall in ntdll.dll. How to compile WUSSTrace ======================== In order to compile WUSSTrace you need: the MinGW compiler and the Boost serialization library. Once your development environment is ready simply run "make". How to use WUSSTrace ==================== To trace the execution of a program you just have to run WUSSTrace and specify on the command line the name of the program to trace. By default WUSSTrace does not dump on disk the system calls intercepted. To do that you have to add the options "-d PATH/PREFIX" to the command line to specify where to store the traces. To find you other valid command line options run WUSSTrace with no arguments. The system calls traces produced are XML documents. WUSSTrace comes with a Python interface, called PyWUSS, that facilitates the analysis of XML traces. Limitations =========== At the moment WUSSTrace only intercepts system calls invoked using KiIntSystemCall. Support for hooking KiFastSystemCall has not been implemented yet only because of time constraint. Consequently, if your machine supports "sysenter" WUSSTrace will not work. To workaround this limitation you can perform your analyses from within VirtualBox, which virtualizes a IA-32 CPU without the support for "sysenter". WUSSTrace has been tested only on Microsoft Windows XP SP2. Copyright ========= WUSSTrace is copyrighted (2010) by Lorenzo Martignoni and Roberto Paleari. It is licensed under GPLv3+ (GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>). For further information about the license please read the file COPYING included in the distribution. Contact information =================== Bug reports, patch submissions, and any other useful contribution are very welcome; just drop an email to: * Lorenzo Martignoni <[email protected]> * Roberto Paleari <[email protected]>
What steps will reproduce the problem?
1. Install mingw-7.1
2. svn check out wusstrace
3. run make
What is the expected output? What do you see instead?
The make command fails with the following compilation errors:
C:\wusstrace-read-only>make
make -C libwst -f Makefile.win32
make[1]: Entering directory `C:/wusstrace-read-only/libwst'
g++ -c -DMINGW -o syscall.o syscall.cc
In file included from syscall.hh:38:0,
from syscall.cc:33:
type_winxp.hh:38:22: error: conflicting declaration 'typedef UNKNOWN_TYPE TIMER_
INFORMATION_CLASS'
c:\mingw\bin\../lib/gcc/i686-pc-mingw32/4.6.0/../../../../include/ddk/winddk.h:9
51:3: error: 'TIMER_INFORMATION_CLASS' has a previous declaration as 'typedef en
um _TIMER_INFORMATION_CLASS TIMER_INFORMATION_CLASS'
type_winxp.hh:39:22: error: conflicting declaration 'typedef UNKNOWN_TYPE TIMER_
INFORMATION_CLASS'
c:\mingw\bin\../lib/gcc/i686-pc-mingw32/4.6.0/../../../../include/ddk/winddk.h:9
51:3: error: 'TIMER_INFORMATION_CLASS' has a previous declaration as 'typedef en
um _TIMER_INFORMATION_CLASS TIMER_INFORMATION_CLASS'
make[1]: *** [syscall.o] Error 1
make[1]: Leaving directory `C:/wusstrace-read-only/libwst'
make: *** [libwst_] Error 2
What version of the product are you using? On what operating system?
Windows XP 32 bit sp2
mingw-7.1 with gcc 4.6.0 and boost 1.46.1
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 11 Aug 2011 at 5:55
I tried to compile wusstrace by using the MinGW environment you are linking to.
I first had errors about printf being undeclared in tls.cc and console.cc, so
#include <stdio.h> should be included in these files.
Now, I see this problem :
C:\Documents and Settings\Administrator\Desktop\wusstrace>make
make -C libwst -f Makefile.win32
make[1]: Entering directory `C:/Documents and Settings/Administrator/Desktop/wus
strace/libwst'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `C:/Documents and Settings/Administrator/Desktop/wuss
trace/libwst'
g++ -c -Wall -O3 -Wfatal-errors -Ilibwst -DMINGW -o wusstrace-dll.o wusstrace-dl
l.cc
In file included from wusstrace-dll.cc:36:0:
common.hh:79:1: warning: 'typedef' was ignored in this declaration
In file included from libwst/serialize.hh:76:0,
from libwst/serialize-xml.hh:26,
from logger.hh:27,
from wusstrace-dll.cc:39:
libwst/blob.hh: In constructor 'boost::serialization::blob::blob(const void*, si
ze_t)':
libwst/blob.hh:91:20: error: invalid conversion from 'const void*' to 'void*'
compilation terminated due to -Wfatal-errors.
make: *** [wusstrace-dll.o] Error 1
Original issue reported on code.google.com by [email protected]
on 21 Jun 2010 at 2:04
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.