coapp-developers team mailing list archive

Thread
Date

CoApp Trace RC1 download

To: "coapp-developers@xxxxxxxxxxxxxxxxxxx" <coapp-developers@xxxxxxxxxxxxxxxxxxx>
From: Garrett Serack <garretts@xxxxxxxxxxxxx>
Date: Wed, 20 Apr 2011 23:56:54 +0000
Accept-language: en-US
Thread-index: Acv/tm2JuUQJmyFOSy2gJgkXu7fD5g==
Thread-topic: CoApp Trace RC1 download

Howdy,

The CoApp trace utility is used to trace a process and all of its children (by recursively injecting itself and detouring CreateProcess ) which logs all the command lines, files accessed (read/written/created/deleted/probed) and dumps it all into an XML file.

It will transparently trace between x64 -> x86 and back without issue. It traces .NET (4.0) binaries as well as native, and even cygwin binaries.

The utility is somewhat unique-it's built using significantly modified detours.  Our modifications actually allow us to create our detour functions in entirely Managed code (example: http://fearthecowboy.com/stuff/tmp-2011-04-19-100924-14.html ) and the hooks are wired up based on attributes on the functions themselves.  The Detours library here is a hybrid Managed C++ library.

You can download the utility here: http://j.mp/hvTuCG  (zip file, no installer yet!)

Feel free to try it out;  I'd love any feedback you may have.

[Description: Description: Description: fearthecowboy]<http://fearthecowboy.com/>

Garrett Serack | Microsoft Open Source Software Developer | Microsoft Corporation
Office:(425)706-7939                                       email/messenger: garretts@xxxxxxxxxxxxx<mailto:garretts@xxxxxxxxxxxxx>
blog: http://fearthecowboy.com<http://fearthecowboy.com/>                                      twitter: @fearthecowboy<http://twitter.com/fearthecowboy>

I don't make the software you use; I make the software you use better on Windows.

Follow ups

Re: CoApp Trace RC1 download
From: Rafael Rivera, 2011-04-21