Skip to content

Tracing syscalls

Jump to bottom
hasherezade edited this page Apr 11, 2022 · 18 revisions

Tracing syscalls can be enabled in TinyTracer.ini, by setting:

TRACE_SYSCALL=True

Enabling syscall parameters watch

Tracing parameters of selected syscalls can be enabled similarly to tracing parameters of functions.

In order to enable this option, you need to:

  1. Create a list of syscalls that you want to watch, in the following format:
<SYSCALL>;[syscal number];[params_count]

Example:

<SYSCALL>;0x36;4
<SYSCALL>;0x20;2
  1. Append it to the same file that is used to watch parameters of functions, i.e. params.txt.

Tiny Tracer Wiki, by hasherezade

Clone this wiki locally