Joined: 07 December 2006
Location: United States
Posted: 14 October 2010 at 3:40pm
On a busy system, a process gets an "ENOSOCKET" error message. Using procmon, I thought I could watch the "socket()/connect()" and "closesocket()" calls in enough detail to see a specific socket closed. However, it appears procmon.exe does not log the arguments to these calls or even the socket calls themselves.
On pre-VISTA Windows operating systems interception of "system calls" into the Kernel could be done by patching the Kernel trap tables. VISTA and successors no longer allow this, but procmon.exe was the recommended way to get the information.
Strace.exe worked on XP and before. Strace.exe logged system calls into the Kernel, the arguments of the system calls and the return values. It no longer works. In the 4 years since VISTA appeared, nothing has come along to provide the Strace function that I am aware of. The result is simple debugging questions simply cannot be answered and even Microsoft Premier Support can spend months arguing with the Microsoft customer over who closed a socket (file/mutex/...) or even
whether it was closed.
Is there any chance the full "Strace" capability will ever be offered by Mr. Russinovich's utility set?
|Forum Jump||Forum Permissions
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum