Microsoft Detours如何工作，如何使用它来获取堆栈跟踪? [英] How does Microsoft Detours work and how do I use it to get a stack trace?

问题描述

我是Microsoft Detours的新手.我已经安装了它来跟踪流程调用的系统.我运行从网上获得的以下命令

I am new to Microsoft Detours. I have installed it to trace the system calls a process makes. I run the following commands which I got from the web

syelogd.exe /q C:\Users\xxx\Desktop\log.txt 
withdll.exe /d:traceapi.dll C:\Program Files\Google\Google Talk\googletalk.exe

我得到了日志文件.问题是我不完全了解这里发生了什么.弯路如何运作?如何跟踪系统调用? 我也不知道如何读取log.txt中的输出.这是log.txt中的一行

I get the log file. The problem is I don't fully understand what is happening here. How does detours work? How does it trace the system calls? Also I don't know how to read the output in log.txt. Here is one line in log.txt

20101221060413329 2912 50.60: traceapi: 001 GetCurrentThreadId()

最后，我想获取该过程的堆栈跟踪.我该怎么办?

Finally I want to get the stack trace of the process. How can I get that?

推荐答案

Detours允许您拦截任何函数.它将一个jmp放置在您指定的地址中，以在代码中创建一个蹦床.最后，如果要执行此操作，则调用旧功能. 要使用Detours，必须在要拦截的过程中注入代码.

Detours lets you intercept any function. It places a jmp in the address that you specify creating a trampoline to your code. Finally, you call the old function if you want to do it. To use Detours you have to inject your code in the process you want to intercept.

为简化此过程，您可以使用 Deviare API挂钩负责所有的注入人员，您可以使用支持COM技术的任何编程语言(包括.NET，Delphi，C ++，Python等)中的拦截应用程序. 下载该软件包后，您将在其中找到一些示例.有一个名为DeviareCSharpConsole的控制台，可让您拦截显示完整堆栈跟踪信息的任何进程的任何API.

To simplify this process you can use Deviare API Hook which does all the injection staff and you can use intercept applications from any programming language that supports COM technology, including .NET, Delp C++, Python, etc.. After downloading the package you will find some examples in it. There is a console named DeviareCSharpConsole that let you intercept any API of any process showing full stack trace information.

这是 Deviare API挂钩起作用的方式，但这是什么如果要创建一个挂接到另一个进程的应用程序，则需要做以下事情:

This is the way Deviare API Hook works but is what you need to do if you want to create an application that hooks another process:

应该在目标进程中创建一个代理，以拦截所需的API.要拦截这些API，您可以使用Detours，但是您必须编写该库中未包含的IPC人员的代码.

An agent should be created in the target process to intercept the APIs you want. To intercept these APIs you can use Detours but you have to code IPC staff that is not included in that library.

如果您需要使用 Deviare API Hook 您可以使用 Deviare定制钩子.此功能使您可以拦截API并异步处理已处理的参数.

If you need to write code inside the target process using Deviare API Hook you can use Deviare Custom Hooks. This feature lets you intercept APIs and handle processed parameters asynchronously.

这篇关于Microsoft Detours如何工作，如何使用它来获取堆栈跟踪?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！