win7 x64 dtrace

1.下载WINDOW DTRACE 工具   

https://github.com/prash-wghats/DTrace-win32

 

2.系统参数修改

bcdedit/set testsigning on
bcdedit/debug on

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
下改为
"DisablePagingExecutive"=dword:00000001

 

3. 驱动加载

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>cd C:\DTrace\bin\amd64

C:\DTrace\bin\amd64>dtrace_loader -l
Loaded Driver Dtrace
Loaded Driver Profile
Loaded Driver Fasttrap
Loaded Driver Fbt

 

4.测试

 

C:\DTrace\bin\amd64>dtrace -n "pid$target:kernel32::entry{@[probefunc]=count();
" -p 2756
dtrace: description 'pid$target:kernel32::entry' matched 1285 probes


GetConsoleMode 4
WriteFile 4
Sleep 7
FlsGetValue 8
GetLastError 8
SetLastError 8

 

posted @ 2017-03-25 15:32  zengkefu  阅读(292)  评论(0编辑  收藏  举报