I am running Windows 7 on which I want to do kernel debugging and I do not want to mess with boot loader. So I've downloaded LiveKd as suggested here and make it run and seems it is working. If I understand correct it is some kind of read only debugging. Here is mentioned that it is very limited and even breakpoint cannot be used. I would like to ask if is possible in this mode to periodically dump all the instructions that are being executed or basically all events which are happening on current OS? I would like to have some system wide strace (Linux users know) and to do some statistical analysis on this. I suppose it depends on more factors like installed debug symbols to begin able resolve addresses etc.
Make windbg or kd attached to local kernel behave like system wide strace
236 Views Asked by Wakan Tanka At
1
There are 1 best solutions below
Related Questions in WINDOWS
- how to play a sounds in c# forms?
- Echo behaviour of Microsoft Windows Telnet Client
- Getting error while running spark-shell on my system; pyspark is running fine
- DirectX 9 With No SDK Installed - How To Translate a D3DMATRIX?
- Gradle 8.7 cannot find installed JDK 22 in IntelliJ
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Cannot load modules/mod_dav_svn.so into server
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
- 32-bit applications do not display some files in Windows 10
- 'bun' is not recognized as an internal or external command
- mkssecreenshotmgr taking a screenshot
- Next js installation in windows 7 os
- Can't resize a partition using Mini Tool?
- Is there any way to set a printer as default according with Active Directory Policy Security Group and PC hostname?
- Electron Printing not working on Windows (Works on Mac)
Related Questions in DEBUGGING
- How to pass the value of a function of one class to a function of another with the @property decorator
- Visual Studio C++, breakpoints not stopping debugging DLL (GODOT GDExtention)
- Playwright JS: Getting an error when debugging using line numbers
- C++ skips line when promting for user to enter name of person being added to a string array
- Xcode: Can't Attach to process
- unity navmeshsurface prefab not found or whatever
- It seems to be a bug about "base::trace()" or "methods:::.TraceWithMethods()"?
- How to check reference counting issues when doing direct manipulations of CPython objects?
- How to scroll to the bottom of console window in PyCharm2019 automatically?
- need help debugging prolog
- Is there a way to deactivate (but not delete) conditional breakpoints when debugging?
- How can i debug a python exe which is created by using pyinstaller?
- Increment or Decrement volume programmatically on Xiaomi device adjusts it by 10 steps instead of one step
- Checking request JSON with image data
- Why cannot I set font of `xlabel` in `plotmf` in MATLAB?
Related Questions in SYSTEM-CALLS
- seccomp_unotify can't catch syscall more than once
- Why do register arg values need to be re-assigned in NASM after an int 0x80 system call?
- How to use mmap iteratively to map data in small chunks from a large file
- I want to use toilet to modify hook_function
- Finding total RAM consumption of process, including swap
- Why is the write system call printing an incorrect number of characters?
- Why is fork() accepted in strace if the actual syscall is clone()?
- Why does sudo kill -15 on sh and docker-compose PIDs not stop Docker containers?
- How to know if a syscall returned an error?
- Why does the assembly after my sys_clone call affect the cloned process?
- Why does mov fail to set dynamic section sizes when used on a function using GCC
- undefined reference to `sys_getprocs' when getting number of processes in Xv6
- Hello World in assembly on x86-64 Windows vs. Linux with int 0x80 system call
- C semaphore and shared memory
- Nginx tries to read config file in one pread() and fails on specific AMI on Amazon
Related Questions in WINDB
- convert .NET System.Int64 to an IP Address
- Make windbg or kd attached to local kernel behave like system wide strace
- How to interpret mwaits output
- C# Winforms: Debug strategies to find cause for System.AccessViolationException
- How to determine GC workstation vs server mode from dump file
- mismatch between sos and clr versions - how to resolve
- WinDBG not able to read symbol path string set with the _NT_SYMBOL_PATH environment variable
- ASP.Net State Service out of memory,no large session found in windbg
- Static objects are pinned and cannot be reallocated by GC?
- Information about object that thread is waiting for
- No matching binary found error
Related Questions in LIVEKD
- In Sysinternals' livekd, how can we find the information associated with a process from its PID?
- LiveKD is not working anymore under Windows 10?
- In Windows, local kernel debugging is disabled by default. Why?
- Make windbg or kd attached to local kernel behave like system wide strace
- Livekd documentation and tutorials
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I'm not sure if debugger is the best tool you can use for tracing live system calls. As you've mentioned LiveKd session is quite limited and you are not allowed to place breakpoints in it (otherwise you would hang your own system). However, you still can create memory dumps using the
.dumpcommand (check windbg help:.hh .dump). Keep in mind though that getting a full dump (/f) of a running system might take a lot of time.Moving back to the subject of your question, by using the "dump approach" you will miss many system calls as you will have only snapshots of a system at given points in time. So if you are looking for something similar to Linux
straceI would recommend checking those tools:There are many other tools which might be used for tracing on Windows, but I would start with the ones I listed above. You may also check a great book on this subject: Inside Windows Debugging. Good luck! :)