Do we need function filter support?

hasherezade / tiny_tracer

A Pin Tool for tracing API calls etc

1.25k stars 138 forks source link

Do we need function filter support? #33

Closed b1tg closed 1 year ago

b1tg commented 1 year ago

Currently Tiny Tracer don't allow to filter what function to log, how do you think about this function?

We may need a seperated config file or put them in params.txt , something like:

Kernel32;LoadLibraryW;1
kernel32;LoadLibraryA;1
# KERNEL32;GetProcAddress <- do not log GetProcAddress 
# CreateEvent* <- pattern match

hasherezade commented 1 year ago

@b1tg - it's a good idea to have such filtering. I will add it soon. (Although I don't think params.txt is a good place to put this list - I will rather do it as a separate file).

hasherezade commented 1 year ago

@b1tg - I added filtering, check it out. Now you can define a list of your excluded functions in excluded.txt No pattern matching for now, only explicit names. Please let me know what do you think.

b1tg commented 1 year ago

Cool, I would test it after I fix my dev enviroment, currently I failed to build the latest master(18807e6b14709c8768110deb5e96f8695a4d893b) , seems win_hdrs_init.bat failed because my windows kit is under D:/

b1tg commented 1 year ago

Windows Kit folder can be located use:

C:\>reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Microsoft SDKs\Windows\v10.0" /v InstallationFolder

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Microsoft SDKs\Windows\v10.0
    InstallationFolder    REG_SZ    D:\Windows Kits\10\

hasherezade commented 1 year ago

@b1tg - my last commit should help: https://github.com/hasherezade/tiny_tracer/commit/137d13148013ee491a38e64d5cb49e8345feb2ee - now I am supplying the path to Windows SDK from Visual Studio. Please let me know if it works for you now.

b1tg commented 1 year ago

This commit fixes my problem, and the filtering feature is working fine for me, very helpful, thanks.

hasherezade commented 1 year ago

Cool, thanks for checking it!