About This File
This plugin allows to trace all calls to system DLLs in a single thread by setting one-time memory breakpoints.
API trace can be started only if process is paused. Plugin sets break on access on user code. When user code is reached, it removes break on access from user code and sets it on system code, and so on.
Of course, it is possible that user code accesses data in the system area or vice versa. In this case I step over this command and restore breakpoint. Such cases are rare.
This plugin is by no means ideal. It runs only single thread, and there may be problems if program calls ZwContinue(). If DLL unloads, plugin doesn't delete call records. It doesn't check whether one-time breakpoints are already set by user. It doesn't allow to protocol only selected APIs, and so on.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now