README
1Traceline is a Windows utility to intercept, time, and log system calls. This
2is achieved by injecting code into a target process, along with dynamically
3generated assembly hook stubs. One of the major goals was to skew performance
4timings as little as possible. This lead to a design in which the log buffer
5(which is called the playground) is kept within the process, and the logger
6routines use atomic instructions to log their events to this buffer. At the
7end of the processes lifetime, this buffer is pulled out of the process and
8used to generated JSON output. In addition to hooking system call activity,
9other hooks of interest have been written, including heap allocation functions.
10Symbols are supported with a command line flag. This works by capturing the
11process shutdown, and doing an intrusive symbol attach with dbghelp.dll
12
13NOTES:
14 - You should copy dbghelp.dll from a windbg installation into this directory.
15 The version shipped with Windows is old, and symbol support won't work.
16 - You will need a bit of cygwin if you want to use the Makefile. Otherwise
17 it is pretty clear how to build the files manually.
18 - The output JSON data will be printed out stdout. It is likely that you
19 will want to pipe the output of this program into a file.
20
21Dean McNamee <deanm@chromium.org>
22