6

Reading Monitoring certain system calls done by a process in Windows, I'm wondering about a Windows equivalent to the ptrace system call or a programmatical workaround.

I had an answer in Is there something like the Linux ptrace syscall in Windows?, but it requires a recent Windows version.

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
cort
  • 1,048
  • 1
  • 11
  • 18
  • 1
    One thing to note here is that unlike linux, windows syscalls are undocumented and may change between versions. You might be better off setting a breakpoint in a higher level DLL... – bdonlan May 15 '09 at 18:11
  • Well `ptrace` is a very "versatile" function. There are functions for many of ptrace's functionalities in Windows, but there's not one single function that does them all (this is arguably a good thing). What exactly do you aim to do? – Logan Capaldo Jul 06 '09 at 02:55

1 Answers1

2

Process Monitor is a Sysinternals utility for doing that.

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
flippy
  • 56
  • 2