Traceline is a Windows utility to intercept, time, and log system calls. This
is achieved by injecting code into a target process, along with dynamically
generated assembly hook stubs. One of the major goals was to skew performance
timings as little as possible. This lead to a design in which the log buffer
(which is called the playground) is kept within the process, and the logger
routines use atomic instructions to log their events to this buffer. At the
end of the processes lifetime, this buffer is pulled out of the process and
used to generated JSON output. In addition to hooking system call activity,
other hooks of interest have been written, including heap allocation functions.
Symbols are supported with a command line flag. This works by capturing the
process shutdown, and doing an intrusive symbol attach with dbghelp.dll
NOTES:
- You should copy dbghelp.dll from a windbg installation into this directory.
The version shipped with Windows is old, and symbol support won't work.
- You will need a bit of cygwin if you want to use the Makefile. Otherwise
it is pretty clear how to build the files manually.
- The output JSON data will be printed out stdout. It is likely that you
will want to pipe the output of this program into a file.
Dean McNamee <deanm@chromium.org>
0f24c7f9ac