Using wine to show the System Call Order

Open forum for end-user questions about Wine. Before asking questions, check out the Wiki as a first step.
Forum Rules
Locked
Schadenfroh
Newbie
Newbie
Posts: 2
Joined: Mon Mar 31, 2008 8:02 am

Using wine to show the System Call Order

Post by Schadenfroh »

Hi,

Is it possible to use Wine (or its debugging feature) to display which system calls are made and the order in which the system calls are made? (and hopefully send the data to a text file for parsing / analysis)

I am trying an experiment involving the use of the order in which system calls are made to help determine if a win32 executable might be malicious.

Thanks!
Top
vitamin
Moderator
Moderator
Posts: 6605
Joined: Sat Feb 23, 2008 2:29 pm

Re: Using wine to show the System Call Order

Post by vitamin »

Schadenfroh wrote:Hi,

Is it possible to use Wine (or its debugging feature) to display which system calls are made and the order in which the system calls are made?

I am trying an experiment involving the use of the order in which system calls are made to help determine if a win32 executable might be malicious.

Thanks!
Depends which "system" you are talking about here. If it's win32api calls - you might want to look at this page http://wiki.winehq.org/DebugChannels

If you want to know what kernel calls are made on windows - Wine won't help you there.
Top
Schadenfroh
Newbie
Newbie
Posts: 2
Joined: Mon Mar 31, 2008 8:02 am

Post by Schadenfroh »

Yes, Win32. Thanks for the information
Top
Dan Kegel

Using wine to show the System Call Order

Post by Dan Kegel »

On Mon, Mar 31, 2008 at 6:09 AM, Schadenfroh <[email protected]> wrote:
Is it possible to use Wine (or its debugging feature) to display which system calls are made and the order in which the system calls are made?
Yes. You can watch the win32 system (really, function) calls like this:
WINEDEBUG=+relay wine foo.exe

You can watch the Linux system calls like this:
strace -f -o log wine foo.exe
Top
Locked

Return to “Wine Help”