6

Reading Monitoring certain system calls done by a process in Windows, I'm wondering about a Windows equivalent to the ptrace system call or a programmatical workaround.

I had an answer in Is there something like the Linux ptrace syscall in Windows?, but it requires a recent Windows version.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
cort
  • 1,088
  • 1
  • 11
  • 20
  • 1
    One thing to note here is that unlike linux, windows syscalls are undocumented and may change between versions. You might be better off setting a breakpoint in a higher level DLL... – bdonlan May 15 '09 at 18:11
  • Well `ptrace` is a very "versatile" function. There are functions for many of ptrace's functionalities in Windows, but there's not one single function that does them all (this is arguably a good thing). What exactly do you aim to do? – Logan Capaldo Jul 06 '09 at 02:55

1 Answers1

2

Process Monitor is a Sysinternals utility for doing that.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
flippy
  • 56
  • 2