Trace Win32 API calls in debugger

Sometimes when running a process in WinDbg, we want to know what Win32 API it called and what’s the return value. Besides the wt trace command, WinDbg also provides an extension !logexts which provides commands to turn on/off API tracing, just run !logexts.help for help. It appears the extension uses import address hooking.

Advertisements

Posted on March 13, 2012, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: