Linux

strace

macOS/FreeBSD

dtruss

Windows

An strace-like program for the Windows ‘native’ API
NtTrace
strace-like, windows
dbglog

strace实现

ptrace PTRACE_SYSCALL

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
dtstrace
CreateProcess CREATE_SUSPENDED
DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS
dr_inject_process_attach--> WaitForDebugEvent

Profile/DTrace-on-Windows/lib/libdtrace/compat/win32/pr_win32.c
pw32_dbgthread --> WaitForDebugEvent

Profile/orbit/src/WindowsUtils/Debugger.cpp
Debugger::DebuggingLoop --> WaitForDebugEvent

Profile/verysleepy/src/profiler/debugger.cpp
Debugger::updateDebugging --> WaitForDebugEvent

NtTrace比dtstrace简单一点 数据可能没有过滤 量比较大
or2::DebugDriver::Loop --> WaitForDebugEvent
https://github.com/rogerorr/NtTrace
NtTrace.exe -stack -out abcdtest.txt test.exe