Hi, Is it possible to use Wine (or its debugging feature) to display which system calls are made and the order in which the system calls are made? I am trying an experiment involving the use of the order in which system calls are made to help determine if a win32 executable might be malicious. Thanks!
Schadenfroh wrote:> Hi, > > Is it possible to use Wine (or its debugging feature) to display which system calls are made and the order in which the system calls are made? > > I am trying an experiment involving the use of the order in which system calls are made to help determine if a win32 executable might be malicious. > > Thanks!Depends which "system" you are talking about here. If it's win32api calls - you might want to look at this page http://wiki.winehq.org/DebugChannels If you want to know what kernel calls are made on windows - Wine won't help you there.
Yes, Win32. Thanks for the information
On Mon, Mar 31, 2008 at 6:09 AM, Schadenfroh <wineforum-user at winehq.org> wrote:> Is it possible to use Wine (or its debugging feature) to display which system calls are made and the order in which the system calls are made?Yes. You can watch the win32 system (really, function) calls like this: WINEDEBUG=+relay wine foo.exe You can watch the Linux system calls like this: strace -f -o log wine foo.exe