المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : The VTrace Tool: Building a System Tracer for Windows NT and Windows 2000



C++ Programming
03-29-2009, 02:42 AM
This article describes the techniques used to construct VTrace, a system tracer for Windows NT and Windows 2000. VTrace collects data about processes, threads, messages, disk operations, network operations, and devices. The technique uses a DLL loaded into the address space of every process to intercept Win32 system calls; establishes hook functions for Windows NT kernel system calls; modifies the context switch code in memory to log context switches; and uses device filters to log accesses to devices.

Jacob R. Lorch and Alan Jay Smith

<a href="http://msdn.microsoft.com/magazine/d8d3bac1-5e03-4494-87b5-3302066953d4">MSDN Magazine October 2000