-
Notifications
You must be signed in to change notification settings - Fork 162
Exclusions from tracing
By default, TinyTracer logs all API calls. In some cases, we want to filter out specific functions, or even all functions called from a specific libraries, in order to reduce the noise. We can do it by defining a list of exclusions.
By default, this list is expected to be in install32_64/excluded.txt. The default path can be changed in run_me.bat (Winows) or tiny_runner.sh (Linux), by editing analogous lines:
rem List of functions that will be excluded from logging
set EXCLUDED_FUNC=%PIN_TOOLS_DIR%\excluded.txtIf we want to exclude a full module, we can simply add its name to the list:
[module_name]
In case of more targeted exclusions, that filter out only specific calls from a specific modules, it can be defined in the following way (; is the delimiter):
[module_name];[func_name]
Example:
kernelbase;InitializeCriticalSectionEx
If the function is excluded, the call to it will not be listed in the .tag file. Also, the parameters of the function will not be dumped (even if it was defined in params.txt).
If the full module is excluded, the above will be applied to each and every function that was called from it.
- The tracelog of a demo application, before the exclusions were defined:
7f56c;section: [.text]
7f5a4;CPUID:0
7f602;CPUID:1
7f69d;CPUID:7
82c4c;kernel32.LoadLibraryExW
82ce3;kernel32.GetProcAddress
GetProcAddress:
Arg[0] = ptr 0x00007ff81b340000 -> {MZ\x90\x00\x03\x00\x00\x00}
Arg[1] = ptr 0x00007ff621e5a5d8 -> "InitializeCriticalSectionEx"
82c4c;kernel32.LoadLibraryExW
82ce3;kernel32.GetProcAddress
GetProcAddress:
Arg[0] = ptr 0x00007ff81b340000 -> {MZ\x90\x00\x03\x00\x00\x00}
Arg[1] = ptr 0x00007ff621e5a5a0 -> "FlsAlloc"
82da7;kernelbase.FlsAlloc
[...]
- We exclude function GetProcAddress from tracing.
excluded.txt:
kernel32;GetProcAddress
The tracelog:
7f56c;section: [.text]
7f5a4;CPUID:0
7f602;CPUID:1
7f69d;CPUID:7
82c4c;kernel32.LoadLibraryExW
82c4c;kernel32.LoadLibraryExW
82da7;kernelbase.FlsAlloc
The entries corresponding to the GetProcAddress are now excluded from the tracelog.