[Debugging Toolbox] Tracing API calls

  • Article

https://blogs.msdn.com/debuggingtoolbox/archive/2007/04/14/windbg-script-tracing-api-calls.aspx

글 : Roberto Alexis Farah
번역 : 이태화

이것은 매우 간단한 script 입니다만 매우 강력한 script 입니다.

여러분은 application 이 사용하는 api 들을 다른 tool 을 사용하지 않고 Windbg 를 사용해서 보실 수 있습니다. API 에 대한 자세한 내용이 필요 하다면 logViewer 를 사용해서 .lgv 파일을 열어 보시면 됩니다. 역자 : Notepad.exe 를 실행 시키고 WinDbg 를 실행시켜 notepad 에 Attach 한 후 script 를 실행시킨 후 바로 Log 를 보려고 하면 보이지 않더군요 Notepad.exe 를 종료 시키면 Log 를 보실 수 있습니다.

logexts extension 에 대한 설명입니다.

Windows API Logging Extensions  v3.00

Main control:
  !loge [dir]                 Enable logging. Output directory optional.
  !logi [dir]                 Initialize but don't enable logging.
  !logd                       Disable logging.

Output:
  !logo                       List output settings.
  !logo [e|d] [d|t|v]         Enable/disable output:
                                d - Debugger
                                t - Text file
                                v - Verbose log

Categories:
  !logc                       List all categories.
  !logc p #                   List APIs in category #.
  !logc [e|d] *               Enable/disable all categories.
  !logc [e|d] # [#] [#] ...   Enable/disable category #.

Buffer access:
  !logb p                     Print buffer contents to debugger.
  !logb f                     Flush buffer to log files.

Statistics:
  !logs                       Print statistics.

Module inclusion/exclusion:
  !logm                       Display module inclusion/exclusion list.
  !logm [i|x] [DLL] [DLL] ... Specify module inclusion/exclusion list.

 

Source code for API_TRACING.TXT:

$$
$$ =============================================================================
$$ Trace APIs during the Debugging Session. 
$$ Creates a log on Desktop and Windbg window.
$$ To see the more verbose log run logviewer.exe from Debugging Tools for Windows
$$ and open the file that has the .lgv extension.
$$ This file is inside LogExts on your desktop.
$$
$$ Compatibility: Win32, should work on Win64.
$$
$$ Usage: $$>< to run the program.
$$
$$ Roberto Alexis Farah
$$ Blog: https://blogs.msdn.com/debuggingtoolbox/
$$
$$ All my scripts are provided "AS IS" with no warranties, and confer no rights.
$$ =============================================================================
$$
!logexts.loge
!logexts.logc e *
!logexts.logo e v
!logexts.logb p
$$
$$ ====================================
$$ Logging is enabled for this process.
$$ ====================================