Automatically exported from code.google.com/p/wusstrace
License
e-valente/wusstrace
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
Git stats
Files
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
WUSSTrace ========= WUSSTrace is a user-space syscall tracer for Microsoft Windows developed for fine grained syscall tracing: it supports the majority of Windows system calls (except GUI system calls), the majority of argument types, and dumps faithfully all the supported types. WUSSTrace produces easy-to-parse XML traces leveraging the Boost serialization library. Tracing is performed by injecting a shared library in the address space of the traced process and by hooking the stubs KiFastSystemCall and KiIntSystemCall in ntdll.dll. How to compile WUSSTrace ======================== In order to compile WUSSTrace you need: the MinGW compiler and the Boost serialization library. Once your development environment is ready simply run "make". How to use WUSSTrace ==================== To trace the execution of a program you just have to run WUSSTrace and specify on the command line the name of the program to trace. By default WUSSTrace does not dump on disk the system calls intercepted. To do that you have to add the options "-d PATH/PREFIX" to the command line to specify where to store the traces. To find you other valid command line options run WUSSTrace with no arguments. The system calls traces produced are XML documents. WUSSTrace comes with a Python interface, called PyWUSS, that facilitates the analysis of XML traces. Limitations =========== At the moment WUSSTrace only intercepts system calls invoked using KiIntSystemCall. Support for hooking KiFastSystemCall has not been implemented yet only because of time constraint. Consequently, if your machine supports "sysenter" WUSSTrace will not work. To workaround this limitation you can perform your analyses from within VirtualBox, which virtualizes a IA-32 CPU without the support for "sysenter". WUSSTrace has been tested only on Microsoft Windows XP SP2. Copyright ========= WUSSTrace is copyrighted (2010) by Lorenzo Martignoni and Roberto Paleari. It is licensed under GPLv3+ (GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>). For further information about the license please read the file COPYING included in the distribution. Contact information =================== Bug reports, patch submissions, and any other useful contribution are very welcome; just drop an email to: * Lorenzo Martignoni <lorenzo@security.dico.unimi.it> * Roberto Paleari <roberto@security.dico.unimi.it>
About
Automatically exported from code.google.com/p/wusstrace
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published