| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| assembler.h | 20-Jun-2014 | 13.8K | |
| assembler_unittest.cc | 20-Jun-2014 | 1.8K | |
| assembler_unittest.sh | 20-Jun-2014 | 231 | |
| assembler_unittest.sh.expected | 20-Jun-2014 | 1.7K | |
| dump_syscalls_idarub.rb | 20-Jun-2014 | 937 | |
| logging.h | 20-Jun-2014 | 741 | |
| main.cc | 20-Jun-2014 | 43.3K | |
| Makefile | 20-Jun-2014 | 637 | |
| rdtsc.h | 20-Jun-2014 | 889 | |
| README | 20-Jun-2014 | 1.3K | |
| scripts/ | 20-Jun-2014 | ||
| sidestep/ | 20-Jun-2014 | ||
| stubs.asm | 20-Jun-2014 | 1.5K | |
| sym_resolver.h | 20-Jun-2014 | 5.1K | |
| syscall_map.h | 20-Jun-2014 | 103.3K | |
README
1 Traceline is a Windows utility to intercept, time, and log system calls. This 2 is achieved by injecting code into a target process, along with dynamically 3 generated assembly hook stubs. One of the major goals was to skew performance 4 timings as little as possible. This lead to a design in which the log buffer 5 (which is called the playground) is kept within the process, and the logger 6 routines use atomic instructions to log their events to this buffer. At the 7 end of the processes lifetime, this buffer is pulled out of the process and 8 used to generated JSON output. In addition to hooking system call activity, 9 other hooks of interest have been written, including heap allocation functions. 10 Symbols are supported with a command line flag. This works by capturing the 11 process shutdown, and doing an intrusive symbol attach with dbghelp.dll 12 13 NOTES: 14 - You should copy dbghelp.dll from a windbg installation into this directory. 15 The version shipped with Windows is old, and symbol support won't work. 16 - You will need a bit of cygwin if you want to use the Makefile. Otherwise 17 it is pretty clear how to build the files manually. 18 - The output JSON data will be printed out stdout. It is likely that you 19 will want to pipe the output of this program into a file. 20 21 Dean McNamee <deanm (a] chromium.org> 22
