How to register calls to DeviceIoControl program in windows
I need to capture system calls to DeviceIoControl () of an application. On linux strace can be used to parse all ioctl calls. Are there any similar functionality in windows?
The MSDN website recommends Process Monitor for analyzing the actions of executable files in real time. However, "Process Monitor" shows nothing about DeviceIoControl calls.
source to share
Have you tried OSR IRPTracker ?
IrpTracker allows you to track all I / O Request Packets (IRPs) on the system without using any filter drivers or referring to any device objects, leaving the PnP system completely intact. In addition to being able to see the path that the IRP pops from the driver stack and its final exit status, a verbose view is available that allows you to see the entire contents of the static portion of the IRP and an interpreted view of the current and previous stack.
source to share
To grab the DeviceIoControl () function, you can use the API. My company provides Deviare , a high-level interface interception mechanism. You don't need to know much about the connection, which can be used freely (just display the unregistered version dialog box). It includes a console with source code.
source to share
Newly opened Rohitab API Monitor It hasn't been updated in 2 years but it works on my Win7 x64. It has very good API filtering capabilities.
source to share
Dr. Memory ( http://drmemory.org ) comes with a system call tracking tool called drstrace, which lists all the system calls made by the target application, including NtDeviceIoControlFile, along with its arguments: http://drmemory.org/strace_for_windows.html
source to share