e-valente / wusstrace Goto Github PK

1.0 0.0 0.0 296 KB

Automatically exported from code.google.com/p/wusstrace

License: GNU General Public License v3.0

Makefile 0.98% C++ 71.24% Python 26.81% Assembly 0.33% XSLT 0.64%

wusstrace's Introduction

WUSSTrace
=========

WUSSTrace is a user-space syscall tracer for Microsoft Windows developed for
fine grained syscall tracing: it supports the majority of Windows system calls
(except GUI system calls), the majority of argument types, and dumps faithfully
all the supported types. WUSSTrace produces easy-to-parse XML traces leveraging
the Boost serialization library. Tracing is performed by injecting a shared
library in the address space of the traced process and by hooking the stubs
KiFastSystemCall and KiIntSystemCall in ntdll.dll.


How to compile WUSSTrace
========================

In order to compile WUSSTrace you need: the MinGW compiler and the Boost
serialization library. Once your development environment is ready simply run
"make".


How to use WUSSTrace
====================

To trace the execution of a program you just have to run WUSSTrace and specify
on the command line the name of the program to trace. By default WUSSTrace does
not dump on disk the system calls intercepted. To do that you have to add the
options "-d PATH/PREFIX" to the command line to specify where to store the
traces. To find you other valid command line options run WUSSTrace with no
arguments.

The system calls traces produced are XML documents. WUSSTrace comes with a
Python interface, called PyWUSS, that facilitates the analysis of XML traces. 


Limitations
===========

At the moment WUSSTrace only intercepts system calls invoked using
KiIntSystemCall. Support for hooking KiFastSystemCall has not been implemented
yet only because of time constraint. Consequently, if your machine supports
"sysenter" WUSSTrace will not work. To workaround this limitation you can
perform your analyses from within VirtualBox, which virtualizes a IA-32 CPU
without the support for "sysenter". 

WUSSTrace has been tested only on Microsoft Windows XP SP2. 


Copyright
=========

WUSSTrace is copyrighted (2010) by Lorenzo Martignoni and Roberto Paleari.

It is licensed under GPLv3+ (GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>). For further information about the license
please read the file COPYING included in the distribution.


Contact information
===================

Bug reports, patch submissions, and any other useful contribution are very
welcome; just drop an email to:

* Lorenzo Martignoni <[email protected]> 
* Roberto Paleari <[email protected]>

wusstrace's People

Stargazers

wusstrace's Issues

wusstrace fails to compile on Windows XP with mingw-7.1

What steps will reproduce the problem?
1.  Install mingw-7.1 
2.  svn check out wusstrace
3.  run make

What is the expected output? What do you see instead?

The make command fails with the following compilation errors:

C:\wusstrace-read-only>make
make -C libwst -f Makefile.win32
make[1]: Entering directory `C:/wusstrace-read-only/libwst'
g++ -c -DMINGW  -o syscall.o syscall.cc
In file included from syscall.hh:38:0,
                 from syscall.cc:33:
type_winxp.hh:38:22: error: conflicting declaration 'typedef UNKNOWN_TYPE TIMER_
INFORMATION_CLASS'
c:\mingw\bin\../lib/gcc/i686-pc-mingw32/4.6.0/../../../../include/ddk/winddk.h:9
51:3: error: 'TIMER_INFORMATION_CLASS' has a previous declaration as 'typedef en
um _TIMER_INFORMATION_CLASS TIMER_INFORMATION_CLASS'
type_winxp.hh:39:22: error: conflicting declaration 'typedef UNKNOWN_TYPE TIMER_
INFORMATION_CLASS'
c:\mingw\bin\../lib/gcc/i686-pc-mingw32/4.6.0/../../../../include/ddk/winddk.h:9
51:3: error: 'TIMER_INFORMATION_CLASS' has a previous declaration as 'typedef en
um _TIMER_INFORMATION_CLASS TIMER_INFORMATION_CLASS'
make[1]: *** [syscall.o] Error 1
make[1]: Leaving directory `C:/wusstrace-read-only/libwst'
make: *** [libwst_] Error 2

What version of the product are you using? On what operating system?

Windows XP 32 bit sp2
mingw-7.1 with gcc 4.6.0 and boost 1.46.1

Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 11 Aug 2011 at 5:55

wusstrace fails to compile on Windows XP

I tried to compile wusstrace by using the MinGW environment you are linking to. 
I first had errors about printf being undeclared in tls.cc and console.cc, so 
#include <stdio.h> should be included in these files.

Now, I see this problem :

C:\Documents and Settings\Administrator\Desktop\wusstrace>make
make -C libwst -f Makefile.win32
make[1]: Entering directory `C:/Documents and Settings/Administrator/Desktop/wus
strace/libwst'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `C:/Documents and Settings/Administrator/Desktop/wuss
trace/libwst'
g++ -c -Wall -O3 -Wfatal-errors -Ilibwst -DMINGW -o wusstrace-dll.o wusstrace-dl
l.cc
In file included from wusstrace-dll.cc:36:0:
common.hh:79:1: warning: 'typedef' was ignored in this declaration
In file included from libwst/serialize.hh:76:0,
                 from libwst/serialize-xml.hh:26,
                 from logger.hh:27,
                 from wusstrace-dll.cc:39:
libwst/blob.hh: In constructor 'boost::serialization::blob::blob(const void*, si
ze_t)':
libwst/blob.hh:91:20: error: invalid conversion from 'const void*' to 'void*'
compilation terminated due to -Wfatal-errors.
make: *** [wusstrace-dll.o] Error 1

Original issue reported on code.google.com by [email protected] on 21 Jun 2010 at 2:04

e-valente / wusstrace Goto Github PK

wusstrace's Introduction

wusstrace's People

Stargazers

wusstrace's Issues

wusstrace fails to compile on Windows XP with mingw-7.1

wusstrace fails to compile on Windows XP

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent