Skip to content
/ NtStrace Public

frida-stalker based system call tracer on windows(x64).

License

GPL-3.0 license
6 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DoranekoSystems/NtStrace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.vscode
.vscode
 
 
.prettierrc
.prettierrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
tracer.js
tracer.js
 
 

Repository files navigation

NtStrace

frida-stalker based system call tracer on windows(x64).

[483]NtWaitForWorkViaWorkerFactory
test.exe!0x7ff91fbaf262
[35]NtQueryVirtualMemory
test.exe!0x7ff91fbaf262
[35]NtQueryVirtualMemory
test.exe!0x7ff91fbaf262
[35]NtQueryVirtualMemory
test.exe!0x7ff91fbb06d2
[199]NtCreateThreadEx
[+] Following thread 17876
test.exe!0x7ff91fbb06d2
[7]NtDeviceIoControlFile
[+] Unfollowing thread 17876
test.exe!0x7ff91fbaeee2
[7]NtDeviceIoControlFile
test.exe!0x7ff91fbaeee2
[7]NtDeviceIoControlFile
[+] Unfollowing thread 6344
[+] Unfollowing thread 6124

It can also accurately identify types that cover up system calls, such as the project below.
https://github.com/passthehashbrowns/hiding-your-syscalls

img

Usage

frida -l tracer.js app.exe

License

iostrace

The original software is available at
https://github.com/sh1ma/iostrace.

About

frida-stalker based system call tracer on windows(x64).

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages